By overriding the variable `cloudkitty_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the cloudkitty backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I0566028b4737306954b544d040b52cee1fddaa1f
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I5d491104173dc0217fac62618c13e8ac5a57233b
Accoring to the cloudkitty docs it is strongly recommended to
install the API server in a WSGI host such as mod_wsgi.
The tasks are a combination of os_cinder steps and the cloudkitty
docs for wsgi:
https://docs.openstack.org/cloudkitty/latest/install/mod_wsgi.html#mod-wsgi
Change-Id: I4173a32f4989f7e23205083738ccd81f7ea6f9f6
Closes-Bug: 1769632
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.
We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.
This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:
1. Replaces 'developer mode' with an equivalent mechanism
that uses the common role and is simpler to understand.
We will also simplify the provisioning of pip install
arguments when doing this.
2. Simplifies the installation of optional pip packages.
Right now it's more complicated than it needs to be due
to us needing to keep the py_pkgs plugin working in the
integrated build.
Depends-On: https://review.openstack.org/598957
Change-Id: Ife2f3e96f7a56279f68509259c099bfe20ff19d8
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed.
The systemd journal would normally be populated with the standard out of
a service however with the use of uwsgi this is not actually happening
resulting in us only capturing the logs from the uwsgi process instead
of the service itself. This change implements journal logging in the
service config, which is part of OSLO logging.
OSLO logging docs found here: <https://docs.openstack.org/oslo.log/3.28.1/journal.html>
Change-Id: Ieff0119cb09e8971fab5b0393f023010a554edff
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: I77c037ec01e192ec0723050c05e296d4ccbfb79e
From Ansible 2.2 onwards, listen can be used for
handlers instead of chaining notifiers. The
handlers are then executed in the sequence
present in the handler file.
Change-Id: I82dcb2fb8e38fcceca224f39fe18710a50e2090f
Due to the debug message plugin the handler restart
messages show at the end of the playbook execution
which is a little confusing. Using debug also
requires setting changed_when to true which is a
little extra bit of code which we do not have to
carry.
Instead we use the command module which is simple,
works and less wordy.
Change-Id: I3562ef542ab4c87cd6bac82d916e5696149c8a6b
When the policy file is copied from the templated
file to the active file, it loses its group/mode
settings. This patch ensures that they are properly
replicated during the copy.
Change-Id: I3fdd5d0122dec93a95c47b1f473b74eba11d6f26
The policy.json file is currently read continually by the
services and is not only read on service start. We therefore
cannot template directly to the file read by the service
(if the service is already running) because the new policies
may not be valid until the service restarts. This is
particularly important during a major upgrade. We therefore
only put the policy file in place after the service restart.
This patch also tidies up the handlers and some of the install
tasks to simplify them and reduce the tasks/code a little.
Change-Id: I8ece1f91db9177f30623f09036e75794d607e17e
We don't support trusty in master anymore, so this makes sures the
support of upstart is phased out.
Whenever possible, we use the systemd module instead, that reduces the
amount of tasks.
Change-Id: I50d377ce6c5e80386954fd551e566c55f57c5a3a
Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
Change the 'cloudkitty_service_names' from a list to a dictionary mapping
of services, groups that install those services. This brings the
method into line with that used in the os_neutron role in order to
implement a more standardised method.
The init tasks have been updated to run once and loop through this
mapping rather than being included multiple times and re-run against
each host. This may potentially reduce role run times.
Currently the reload of upstart/systemd scripts may not happen if
only one script changes as the task uses a loop with only one result
register. This patch implements handlers to reload upstart/systemd
scripts to ensure that this happens when any one of the scripts
change.
The handler to reload the services now only tries to restart the
service if the host is in the group for the service according to the
service group mapping. This allows us to ensure that handler
failures are no longer ignored and that no execution time is wasted
trying to restart services which do not exist on the host.
Finally:
- Common variables shared by each service's template files have
been updated to use the service namespaced variables.
- Unused handlers have been removed.
- Unused variables have been removed.
Change-Id: Ieb96fac62906ac9eb387edb450df0c0ca9c0ccb2
Damian Dabrowski