This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
Change-Id: Ia51971c077cef647c3d4e07d6cbc14b7bac70788
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I707dd7ccaa112cc11c3ee32c3fc8029352c8649a
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I6a5e16a4fc2a81dedc4bc459f13ac7781292f5a8
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ic58f085c8b1250b1db831fa8c74215abd2519704
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: Ia55488a9fcc6b2824276bf824197ae8ea7af0177
This patch introduces 2 new variables that are designed to help deployer
with barbican configuration. They are designed to support multibackend
caonfiguration of the barbican while default behavior should not change.
Change-Id: I3369c4254f3b48f12ed9731f18d980044e6d0b43
Drop out default or misconfigured variables from barbican.conf to
make config file readable.
This should not affect existing deployments since plugin config has to be
overriden anyway.
Depends-On: https://review.opendev.org/759082
Change-Id: I2a0756b851c9e862b2312b47d37b723386d6915c
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: Ibd5decc06f205f5e1de9dbc0d7e9cde5e9435c4e
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed.
The systemd journal would normally be populated with the standard out of
a service however with the use of uwsgi this is not actually happening
resulting in us only capturing the logs from the uwsgi process instead
of the service itself. This change implements journal logging in the
service config, which is part of OSLO logging.
OSLO logging docs found here: <https://docs.openstack.org/oslo.log/3.28.1/journal.html>
Change-Id: Ic5b57a650bd9f5c385ed0a0a3efd1d530a2d7e81
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This introduces oslo.messaging variables that define the RPC and
Notify transports for the OpenStack services. These parameters replace
the rabbitmq values and are used to generate the messaging
transport_url for the service. The association of the messaging
backend server to the oslo.messaging services will then be transparent
to the barbican service.
This patch:
* Add oslo.messaging variables for RPC and Notify to defaults
* Add transport_url generation to conf
* Add oslo.messaging to tests inventory
* Update tets
* Update examples
* Add release note
Change-Id: I0657c88799e06987c6df90edd55fda859faf6035
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Ie4d52a2981bda8c65033a114174cfe39233e4972
Implements: blueprint deprecate-auth-uri-option
When 'barbican_galera_use_ssl' is True, use an encrypted connection to
the database using either a self-signed or user-provided CA certificate.
A new non-voting test has been added to verify that the role remains
functional when enabling SSL features.
Partial-Bug: 1667789
Change-Id: I10c578f32c54138cac87ad42adc0ab38d62da9a6
Depends-On: I95cc994df5118fce7ce588fc0bff979bc283a6f3
To avoid errors with API calls from clients to barbican, update the
host_href setting within barbican.conf to the publicURL of the barbican
service instead of localhost.
A notify has also been added to restart barbican services when
configuration files are changed.
Change-Id: I7460ad294d9b645170f9cce52d2e846ab04b46fa
Barbican's default API pipeline is noauth, a variable to
toggle between noauth and keystone, 'barbican__keystone_auth' has been
added. keystone_authtoken information has been moved to a better home
in barbican.conf.
python-memcached has also been added to the pip package list since it's
a requirement when using keystone authentication with token caching.
Change-Id: I5e731d63f442edf970845f2b821b98ce57176e48
OSLO logging currently defaults the 'use_stderr' option to True
which results duplicate logs in service daemon logs for both
upstart and systemd. To correct this issue the use_stderr
option has been set to false.
Change-Id: I22a5a53420f074b64d290e7d19c29343d8556b97
Closes-Bug: 1588051
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change adds variables and tasks for enabling developer mode to
allow for installing barbican without a repo server, moves the tasks
creating the barbican rabbit virtual host and mysql database from the
role to a playbook, and adds functional convergence test playbooks to
deploy rabbitmq, galera, keystone, and barbican.
The barbican.conf template has been updated to make use of the deployed
rabbit and galera servers and all other templated configuration files
have been updated from the current head of master.
Change-Id: I2716fbe6a5dbad2a3b7ce6e406098e463cf7d943
Dmitriy Rabotyagov