With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I671cc35a055b35fb249ad3054c45ec65f2b54ab4
This patch reduces memory usage for Cinder Volume and Backup services by
tuning glibc.
The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.
This is the equivalent of the devstack proposed patch from Change-Id
Ic9030d01468b3189350f83b04a8d1d346c489d3c
Related-bug: #1908805
Change-Id: I066ee76fe0cef9443f9e9f1ed3c8062d6c6f8566
We're adding a service that is responsible for executing db purge.
Service will be deployed by default, but left
stopped/disabled. This way we allow deployers to enable/disable
feature by changing value of cinder_purge_deleted.
Otherwise, when variables set to true once, setting them back to false
won't lead to stopping of DB trimming , so timer would need to be
stopped manually.
Change-Id: Ic5ae8c778bff2858fcb31c85d4b910805e452c3f
By overriding the variable `cinder_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the cinder backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ib682499e900071db38cc2fd7c30822d0c33dba38
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I1d0156a2ad829aa730419e1d9dfa1cd49026a6be
Related-Bug: #1948456
Nowadays Cinder does not support v2 api so it makes sense to ensure
that these endpoints or service is not present in catalog.
Change-Id: I62a4ba182cc752a5bc4f6e8c4d2430f7e7aafe54
This configuration option has been observed to result in file
descriptor leaks in certain circumstances. A variable is added
here so that it can be easily overridden.
Related-Bug: #1961603
Change-Id: I8155264b181d6f21728804ef8260979931597427
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ib445e0ddd01d52314e50ca6edd2fa20e5f6ef3eb
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: Ieab4ab2e36e4953961841be334ff16162f7daeb8
management_address is defined in group vars and by default set to
container_address which is valid default
Change-Id: Ib9373ba7d09845ad0fc5c8578db18ffd87e48b20
Related-Bug: #1941068
Cinder v2 API has been deprecated in Pike and it make sense to
disable it's creation by default. Doing this we also will drop catalog
records and service during upgrade
Change-Id: I11986bfe6d2af5e671b7008a71a58538d0576336
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I796d9de164a8b79eff8a615442dd46e7de2353e7
This is necessary to support the new pip resolver.
Depends-On: I9be6bbf4a29a4da2ddf96dc0336bc2a7d8ec9281
Depends-On: I49c75dd11d6c4e8d37fe013b7ffdfd56ff193fcd
Change-Id: I2c4009fbdf524f2d54adf1d4a730604c123f72fd
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: If14b89d4c795ba7e129af6a2f4b4bcbc10208986
Even the most modest 4C/8T system would run with the maximum 16 processes
due to the calculation being VCPU*2.
We devide amount of CPUs to number of threads for hyperthreaded CPUs
Change-Id: I8a8f2ce0b1af980b2c300ffb82894608102aad2e
Cinder api container may not have required binaries and clients in order
to add qos types and volume types. In the meanwhile
cinder_service_setup_host is supposed to have all necessary things for
the successful creation of the resources.
Change-Id: I97b50cfe3140d0a0f77f6e562cb144cb3d36bd12
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I37db6f6f474f2119bb5c29a21b1f6f78a016da83
As deployers may have usecases with several different backends being
served with the same cinder volume,
we should provide an option to easily override default behaviour
Change-Id: Idc9a71d722b7443cf1437c2d95f75c615b6035a4
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: Ic83f6371c5d2bbed6a7d6d2f92a69fd3a2afd0d3
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Depends-On: https://review.opendev.org/678025/
Change-Id: Ieac6d03a436f6b706d7f12e292ffc98171a43246
Removed the reference to netorigin as it will be taken out from openstack-ansible-plugins
Now using ansible 2.4's urlsplit filter as a replacement.
Change-Id: I36ecd276ff1e4c16a7728658e8821bae1615916c
Related-Bug: #1820830
The variables barbican_developer_mode and barbican_venv_download
no longer carry any meaning. This review changes glance to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.
Depends-On: https://review.openstack.org/647813
Change-Id: Ia3c69c1f8a9487481e1275875701cf3d77c2d231
With this variable, users would be able to extend
the list of pip packages in case of needing an
extra pip package.
Currently if we need an extra pip package we need
to override the existing list.
Change-Id: If7637ac750330822e7f5e3cae6a78315bc25031b
The files and templates we carry are almost always in a state of
maintenance. The upstream services are maintaining these files and
there's really no reason we need to carry duplicate copies of them. This
change removes all of the files we expect to get from the upstream
service. while the focus of this change is to remove configuration file
maintenance burdens it also allows the role to execute faster.
* Source installs have the configuration files within the venv at
"<<VENV_PATH>>/etc/<<SERVICE_NAME>>". The role will now link the
default configuration path to this directory. When the service is
upgraded the link will move to the new venv path.
* Distro installs package all of the required configuration files.
To maintain our current capabilities to override configuration the
role will fetch files from the disk whenever an override is provided and
then push the fetched file back to the target using `config_template`.
Change-Id: Ib3447cd5b0bcada4cdf82d9e4a9fe5160299f9c3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
Cinder supposes to see resource_filters.json in
/etc/cinder/resource_filters.json, but role doesn't distribute this file
It implements generalized filters, w/o which non-admins will
experience problems with some operations (i.e in horizon).
Closes-Bug: #1810537
Change-Id: I0f699c9869effc5ccc0d3f79422935975f698134
In order to enable the service setup host python interpreter to
be changed easily, we make it a variable. This will be useful
when someone sets the service setup host to be the utility
container, because we'll be able to set this var by default.
Change-Id: I3e0034739c75ca72bad4b33819e774e5c85977ac