- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Id7b0c26409a0d1b33a679201655a4dd08bacc57a
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: I2d0b500f002e457abcb1d5fe96bf554f96e5700e
This patch moves aodh-api from usage of apache with mod_wsgi
to uWSGI role, which means unification across another roles and
reduced maintenance costs
During migration period tasks that ensures apache won't listen
on panko_service_port are present, but they are supposed to be removed
after train release.
Depends-On: https://review.opendev.org/678025/
Change-Id: I9377d46b4b79f79dbf448b23c67ff21b80714b6c
The systemd journal would normally be populated with the standard out of
a service however with the use of uwsgi this is not actually happening
resulting in us only capturing the logs from the uwsgi process instead
of the service itself. This change implements journal logging in the
service config, which is part of OSLO logging.
OSLO logging docs found here: <https://docs.openstack.org/oslo.log/3.28.1/journal.html>
Change-Id: I7bd5419e7f02593a16614746a974b5f8ab3aa504
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This introduces oslo.messaging variables that define the RPC and
Notify transports for the OpenStack services. These parameters
replace the rabbitmq values and are used to generate the messaging
transport_url for the service. The association of the messaging
backend server to the oslo.messaging services will then be
transparent to the aodh service.
This patch:
* Add oslo.messaging variables for RPC and Notify to defaults
* Update transport_url generation (add for notifications)
* Add oslo.messaging to tests inventory
* Update tests
* Add release note
* Update README and example
Depends-On: If4326a6848d2d32af284fdbb94798eb0b03734d5
Depends-On: I2b09145b60116c029fc85477399c24f94974b61d
Change-Id: I356e7256f5e8090f35dce8a02fd633638fd659fa
Distributions provide packages for the OpenStack services so we add
support for using these instead of the pip ones.
Change-Id: If6daa1bb784df46e83bbc118981240eb59a1409d
Implements: blueprint openstack-distribution-packages
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Ie37fb7df4837c53427975b1bb69769e6b87a1c20
Implements: blueprint deprecate-auth-uri-option
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed.
Change-Id: I47287ce0deb45538894bd99e57c291c3ae7fa084
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch standardizes the package installation to pass a list rather
than "with_items".
Additionally, we can utilize a filtered_services list to ensure we only
attempt tasks against the relevant hosts rather than running through
tasks that would be skipped.
Change-Id: I2c5ad3c2773b890bf6689b8ff87871a4af2021a8
previous configuration was v2 api.
that no longer works.This patch will fix it.
Closes-Bug:#1724462
Change-Id: Ib9966a9a6875e2a8417342b387c573a7ec37942d
We need to ensure that /var/www/cgi-bin/ has proper user control since
different distributions place cgi-bin in different directories and as
such the default ones may not apply for aodh. For example, openSUSE
places it in /srv/www/cgi-bin and as such accessing the aodh resources
results to 403 HTTP errors.
Change-Id: Ia3889d0e4e0220b481fa94c8b0b151b6d727e1b1
Option "rabbit_use_ssl" from group "oslo_messaging_rabbit" is deprecated.
Use option "ssl" from group "oslo_messaging_rabbit".
Change-Id: I8da2c349ec50584a05448bad8856b7a9ccc44014
Implements: blueprint deprecate-rabbit-use-ssl
The systemd unit 'TimeoutSec' value which controls the time
between sending a SIGTERM signal and a SIGKILL signal when
stopping or restarting the service has been reduced from 300
seconds to 120 seconds. This provides 2 minutes for long-lived
sessions to drain while preventing new ones from starting
before a restart or a stop.
The 'RestartSec' value which controls the time between the
service stop and start when restarting has been reduced from
150 seconds to 2 seconds to make the restart happen faster.
These values can be adjusted by using the *_init_config_overrides
variables which use the config_template task to change template
defaults.
Change-Id: I4faf2732affc47cac39a2c499f7c2ee207ec62aa
This creates a specific slice which all OpenStack services will operate
from. By creating an independent slice these components will be governed
away from the system slice allowing us to better optimise resource
consumption.
See the following for more information on slices:
* https://www.freedesktop.org/software/systemd/man/systemd.slice.html
See for following for more information on resource controls:
* https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
Tools like ``systemd-cgtop`` and ``systemd-cgls`` will now give us
insight into specific processes, process groups, and resouce consumption
in ways that we've not had access to before. To enable some of this reporting
the accounting options have been added to the [Service] section of the unit
file.
Change-Id: I2b5c6189a6eabbdb7854dcee97edf47ef03f8757
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Change the 'aodh_service_names' from a list to a dictionary mapping
of services, groups that install those services. This brings the
method into line with that used in the os_neutron role in order to
implement a more standardised method.
The init tasks have been updated to run once and loop through this
mapping rather than being included multiple times and re-run against
each host. This may potentially reduce role run times.
Currently the reload of upstart/systemd scripts may not happen if
only one script changes as the task uses a loop with only one result
register. This patch implements handlers to reload upstart/systemd
scripts to ensure that this happens when any one of the scripts
change.
The handler to reload the services now only tries to restart the
service if the host is in the group for the service according to the
service group mapping. This allows us to ensure that handler
failures are no longer ignored and that no execution time is wasted
trying to restart services which do not exist on the host.
Finally:
- Common variables shared by each service's template files have
been updated to use the service namespaced variables.
- Unused handlers have been removed.
- Unused variables have been removed.
Change-Id: I729ae43faba2ebb04d8fda85c3f51b2136853ef9
OSLO logging currently defaults the 'use_stderr' option to True
which results duplicate logs in service daemon logs for both
upstart and systemd. To correct this issue the use_stderr
option has been set to false.
Change-Id: I24995cfe7359345468f86d00e1c188f78508a4e2
Closes-Bug: 1588051
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The use_rabbit_ssl query parameter is not respected by
oslo.messaging's rabbit driver, only the pika driver
supports configuration using query parameters at present.
Change-Id: Ib23c8829468bbb4ddae67e08a092240f54a6c729
Implements: blueprint multi-rabbitmq-clusters
Addresses the following deprecation warnings:
* Option "rpc_backend" from group "DEFAULT" is deprecated for removal
* Option "os_endpoint_type" from group "service_credentials" is deprecated.
Use option "interface" from group "service_credentials".
* Option "os_region_name" from group "service_credentials" is deprecated.
Use option "region-name" from group "service_credentials".
Change-Id: I772209ed71bacd45e89e8bab623207e9db22e6e8
Update the configured transport_urls to only include a comma
between urls and re-add rabbit configuration information to the
oslo_messaging_rabbit block.
Change-Id: Ie0765e04e3d4d6d89d5d32c1b2a3b5ed28539c57
If multiple regions exist, keystone_authtoken should contain region_name.
This prevents the service from authenticating across regions.
Change-Id: I35771c73954fb8962bbcc7ae8963900b68ea5e5c
All rabbitmq connection vars are now namespaced. Namespace support
was previously inconsistent which limited deployer override options.
Deprecated configuration using oslo_messaging_rabbit has been replaced
with transport_url based configuration
Change-Id: Ic1eb3bb6346ebdaa0d3bc19a879946c527239dfb
Implements: blueprint multi-rabbitmq-clusters
aodh upstream change Iefd6f4d9f76c69ed9b49483e1feda0b7dbe2cb81
moves from Werkzeug to WSGI so we should follow suit
Without this change, the aodh-api service fails to start at all.
Apache vhost config based on https://github.com/openstack/aodh/blob/master/etc/apache2/aodh
Change-Id: I2fb1eb984949a4457ae313cffec872a0bb425eab
Remove all tasks and variables related to toggling between installation
of aodh inside or outside of a Python virtual environment.
Installing within a venv is now the only supported deployment.
Additionally, a few changes have been made to make the creation of the
venv more resistant to interruptions during a run of the role.
* unarchiving a pre-built venv will now also occur when the venv
directory is created, not only after being downloaded
* virtualenv-tools is run against both pre-built and non pre-built venvs
to account for interruptions during or prior to unarchiving
Change-Id: Icf788b07738bf03708c05929bb82c7b51605ccca
Implements: blueprint only-install-venvs
This change updates the aodh role to support Ubuntu 14.04 with
upstart init and 16.04 with a systemd init.
Some tags for tasks are updated to conform to convention as well.
Change-Id: Ice81e049475b31559c861c0d20bcd26867da321c
Implements: blueprint support-ubuntu-1604
This updates the repository SHA's to use stable/mitaka where
available and updated SHA's where not.
It also updates all paste, policy and rootwrap configurations
to match the current contents found in stable/mitaka.
Change-Id: If8ad940eb23a08b5c29bed7e15d792c529d55189
Specific changes are based on the aodh-api log noting:
* Option "auth_plugin" from group "keystone_authtoken" is deprecated. Use
option "auth_type" from group "keystone_authtoken".
* Option "username" from group "keystone_authtoken" is deprecated. Use option
"user-name" from group "keystone_authtoken".
Change-Id: I295ed77d88daa1b4844eb8efde628fecdad94c03
This fix configures the auth_url parameter to use keystone_service_adminurl
over the existing keystone_service_adminuri parameter which actually leads
to a incomplete URL lacking the API version like /v3/tokens
Change-Id: If40962423f72259b8d7a6203890d6923be02c273
Related-Bug: #1552394
This patch does the following:
- updates the Master SHAs for new development work.
- includes updates to policy, paste and rootwrap files as required
- moves the Aodh repository to openstack_services as it now has
implemented a stable branch
- Updated the keystone-wsgi file as it was still running the code from
liberty
- add 2 package requirements to keystone which must be present for the
new wsgi file.
- updates tempest.conf.j2 to replace ssh_auth_method with auth_method,
and change auth_method to 'keypair' (configured is no longer an
a valid option)
Change-Id: I933c24c03518865d9d40519dafb2ba46769a5453
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch updates the sources-branch-updater convenience script to
make it also check for additional updates relating to policy.json,
paste.ini, rootwrap.conf, rootwrap filters, etc.
This ensures that the SHA updates are more complete and the updates
require less effort to do.
In addition to the script update there are some changes to other
file names and locations in order to facilitate the file's ability
to do everything correctly. The changes enforce a specific convention
for the names and locations of files it manages.
Change-Id: I99899e61e0527639abc8b3bae0296a891607a31d
This change enables encryption between OpenStack services and RabbitMQ by
default.
Closes-bug: 1509086
Change-Id: Ic95a556e001f66df935ea7db613b497b47062851
This commit conditionally allows the os_aodh role to
install build and deploy within a venv. This is the new
default behavior of the role however the functionality
can be disabled.
Change-Id: I9f9e09b2a68e843da1d92a782cd29fc563379a6d
Implements: blueprint enable-venv-support-within-the-roles
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The alarming function of Telemetry has been seperated out
by design. This patchset creates new containers for these
alarming services and deploys them accordingly.
See:
http://lists.openstack.org/pipermail/openstack-dev/2015-September/073897.html
DocImpact
UpgradeImpact
Implements: blueprint liberty-release
Change-Id: I25294a25afa76d4d8bddad0a51c48485f33a6d20
Dmitriy Rabotyagov