During last release cycle oslo.messaging has landed [1] series of extremely
useful changes that are designed to implement modern messaging
techniques for rabbitmq quorum queues.
Since these changes are breaking and require queues being re-created,
it makes total sense to align these with migration to quorum queues by default.
[1] https://review.opendev.org/q/topic:%22bug-2031497%22
Change-Id: I10a5d4c14aca341bb4ba9272fc919ec050670c20
In order to be able to globally enable notification reporting for all services,
without an need to have ceilometer deployed or bunch of overrides for each
service, we add `oslomsg_notify_enabled` variable that aims to control
behaviour of enabled notifications.
Presence of ceilometer is still respected by default and being referenced.
Potential usecase are various billing panels that do rely on notifications
but do not require presence of Ceilometer.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/914144
Change-Id: I40e9640cd08e73c4c7fe0635926cc1769ef49d2d
In order to allow definition of policies per service, we need to add variables
to service roles, that will be passed to openstack.osa.mq_setup.
Currently this can be handled by leveraging group_vars and overriding `oslomsg_rpc_policies` as a whole, but it's not obvious and
can be non-trivial for some groups which are co-locating multiple services
or in case of metal deployments.
Change-Id: I727fef51851d4da27180761afff563e3fe41fc75
As of today blazar warns out on startup that using the in-process token
cache is deprecated for quite a while. In order to get rid of this warning
we add memcached configuration for keystone token.
Change-Id: Ibd80231bdb1dfe2e66e69c4538a2129c7f84c92f
In order to be more flexible regarding required plugins, we implement a
new variable that will allow to set a list of enabled filters for blazar.
With that we also enable floatingip plugin that has been added to Blazar
a while ago.
Change-Id: Iaff9284eec3a57a6470afb5e912cad17970baa2f
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
Change-Id: If9a9ee764dd41767aaa1285903eb3c21cc0da40c
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I753c328569e1ee6d69a0ad2168b6493a3c7438f9
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ic97b301d704d3bc19142315a69724c05f3cad875
By overriding the variable `blazar_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the blazar backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ic784cb180ff4cbc81c230b0a3a62015a71ea3f99
This patch adds uWSGI support to os_blazar role. All openstack services
should stay behind uWSGI.
It's also required for upcoming TLS backend feature. Blazar does not
have native TLS support so it needs to be handled by uWSGI.
Change-Id: I65511de4d5014a28f0f91536f9dbaf96fcb8e7a2
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I001ffdb5eedfb8d17edd593dfb1818c5b1bd02df
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Id6725ddfc8f014b0fe85c39d40f67cdbad89e818
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I3a1c2d87a39eaf342411f3b607bc909f924944cb
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Ic60f8576f17e513622c036bd88c9602d82f04c33
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: Ibd7e65b25fca496a6393692c6952c9604430ec92
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ib4a0581c5bbe2b14abcd80f97ac2e36ec0dbf4b1
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I8abcf60dcc8a264c221de89ff01906edf3ce8a39
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I7042118a17d533c472f09bb2098bbc3c01195477
Sync packages instaklled for debian and redhat. We don't need these
packages to be installed to all blazar containers instead of being devel
ones.
Change-Id: I2f49f5c0badb730cafef6b53c9c99db362285dd8
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: Id3033cfd18f074c8665d0c9f580ec4076415c599
We implement `blazar_policy_overrides` variable in order to allow
management of balazar policy files when needed.
Change-Id: I581a9c9659d3d023eb40cf2c6dfc2d01fa0a7464
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I3781543c5f5005d578a4010ac8ff41dbdcc8407a
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.
Change-Id: I8d9b29e345501f7a2475b43144d98169c553e1db
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: Ifb25edf453f04594303d391c4e1dd245f6400c2b