Commit Graph

96 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov c7b2ad25c9 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ib51c7ec8d83ffe82c98d1c8d3200ce4510775895
2023-07-14 17:11:05 +00:00
Damian Dabrowski ba2e621a93 Add TLS support to cloudkitty backends
By overriding the variable `cloudkitty_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the cloudkitty backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I0566028b4737306954b544d040b52cee1fddaa1f
2023-04-29 18:36:21 +02:00
Dmitriy Rabotyagov 893db780b4 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I5d491104173dc0217fac62618c13e8ac5a57233b
2023-04-10 15:52:49 +02:00
Erik Berg 6b36ba7a80 Remove redundant vars line
This line snuck in with I81413b5ff415ee3d0b5a33189335591146e8f698
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.

Change-Id: I8ec073f36556c5d7da2be7aae23a192266d39a5d
2022-09-14 13:52:20 +02:00
Dmitriy Rabotyagov b6d15a95cb Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Icb1de8c7e0a5196a4df457a5d4a3ca524d4622d0
2022-06-15 19:17:22 +00:00
Zuul 3258ce923f Merge "Use common service setup tasks from a collection rather than in-role" 2022-05-05 14:03:43 +00:00
Jonathan Rosser cbe22b73a2 Use common service setup tasks from a collection rather than in-role
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/839989

Change-Id: I19d8215e653d42698806c645ac4ae7747c4ea35e
2022-04-29 18:49:35 +00:00
Jonathan Rosser 0b92ee6f7d Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Depends-On:  https://review.opendev.org/c/openstack/openstack-ansible/+/839989

Change-Id: I81413b5ff415ee3d0b5a33189335591146e8f698
2022-04-29 18:25:45 +00:00
OpenStack Proposal Bot e03028246d Updated from OpenStack Ansible Tests
Change-Id: I90d66d04f1b91755b4e042bd0bbb999b2ef658ed
2021-12-04 17:39:47 +00:00
Dmitriy Rabotyagov 23a330ef26 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: I895d7342cea3c7c74732138a87d0b1aee61c2345
2021-11-30 15:17:14 +02:00
Jonathan Herlin b67bd60df3 Cloudkitty role cleanup and config updates
The Cloudkitty role has been lacking some attention for a while
causing some of the configuration and examples outdated.

Now that Cloudkitty playbook and dashboard can be installed using
OSA without running any additional playbooks from this repository
i have removed those from here.

Change-Id: I0fe96c318273f0016d93cf043bda74feb11c63f8
2021-06-09 10:03:21 +02:00
Dmitriy Rabotyagov a1f9c741c6 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I5714f88ab0df41adbac52ff65f16f37e69bafb79
2021-05-03 15:36:11 +00:00
OpenStack Proposal Bot 60a670842c Updated from OpenStack Ansible Tests
Change-Id: I57d383d1d0ea1dc9fcc73ec3f8c41725fb24814b
2021-04-19 09:57:23 +00:00
Jonathan Rosser 2b54345586 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ia088d1b4074e3bbcd3054f5be00b39429437750d
2021-03-16 08:01:56 +00:00
OpenStack Proposal Bot 7ac496f43e Updated from OpenStack Ansible Tests
Change-Id: I6a73c0631aaf46835c3d0fce0bf810509a30bb17
2020-10-19 09:19:47 +00:00
Zuul bd7220d8ca Merge "Define condition for the first play host one time" 2020-10-13 07:47:20 +00:00
Dmitriy Rabotyagov 9d89b0fdb0 Define condition for the first play host one time
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.

Change-Id: I904dca21103b91978ab03db1a3c6d3a30d406aa7
2020-10-12 16:20:06 +00:00
OpenStack Proposal Bot 155bca5e47 Updated from OpenStack Ansible Tests
Change-Id: Ia213ba3549bc349c9fc4ccef06f8053c3f6fc73a
2020-10-01 14:29:52 +00:00
Dmitriy Rabotyagov 18ca2f1618 Use the utility host for db setup tasks
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.

Change-Id: Ie8e6b95f531fef9c9fe04d6d8f692d599aa5ff30
2020-08-27 18:09:04 +03:00
OpenStack Proposal Bot b4f5f6d7c3 Updated from OpenStack Ansible Tests
Change-Id: Ib1a1d6147580d76de0f2b26bcda4f6dd0f164947
2020-08-12 11:32:30 +00:00
OpenStack Proposal Bot d980181caa Updated from OpenStack Ansible Tests
Change-Id: Id27739381b1fd95be917892932be8813d2ba3985
2020-06-08 19:54:19 +00:00
Jonathan Rosser 38bfbf5af5 Allow venv python interpreter to be overridden
Change-Id: I1c062a56edf895287e6dec9a093ed924a146464c
2019-09-11 17:46:34 +01:00
Dmitriy Rabotyagov f3285ed7ad Start using uWSGI role
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.

Change-Id: I5b0bcd6a51f237fcd772368f51a406421ffb52f4
2019-09-05 20:31:19 +03:00
OpenStack Proposal Bot b49305b8bd Updated from OpenStack Ansible Tests
Change-Id: Ie1a5b58a12c27da396738aa51fdfb90cd48fe72c
2019-09-04 15:12:57 +00:00
Dmitriy Rabotyagov 9832403d00 Replace include with import
During previous commit include_task was accidentally copy-pasted.

Change-Id: Ib03d9af5f2492564bdc5c16b139d7ef1bcdfe354
2019-08-07 14:15:05 +03:00
Zuul 71604a0de3 Merge "service_setup: refactor service setup to a single file" 2019-08-02 20:00:53 +00:00
Dmitriy Rabotyagov 99de75a151 service_setup: refactor service setup to a single file
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.

Change-Id: I61fe5fe2f13f924a55e477c3496168550b76ba05
2019-08-01 16:58:27 +03:00
Dmitriy Rabotyagov f0e0919221 Add distribution of metrics.yml
As cloudkitty requires metrics.yml to be present in etc directory
to be fully operational, we're distributing this file by default[1]
cloudkitty_metrics_overrides variable added in order to override default

[1] http://logs.openstack.org/30/673530/2/check/openstack-ansible-functional-ubuntu-bionic/c6eee8a/logs/openstack/openstack1/cloudkitty-processor.service.journal.log.txt.gz#_Jul_30_14_44_00

Change-Id: Ie08cfd0d8dc4835712df0b937170b631aebd10c8
2019-07-31 12:38:56 +03:00
OpenStack Proposal Bot e3ea25ea95 Updated from OpenStack Ansible Tests
Change-Id: I9b76d1b6a2ae4b156b3fb84132df8a52e6ba51c5
2019-06-18 18:15:33 +00:00
OpenStack Proposal Bot 9fe530073d Updated from OpenStack Ansible Tests
Change-Id: I02fedc636e19d5bef5ac8e6ce87a757535ae14ef
2019-06-11 22:17:25 +00:00
Guilherme Steinmüller d9e345b8d2 db_setup: refactor database setup to a common file
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.

This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.

Change-Id: I1aa03e1327c7e90fbc30f88f137dda26700a0683
2019-06-03 19:24:51 +00:00
Dmitriy Rabotjagov 87c4c27bb7 Drop private argument for include/import role
Since ansible 2.8 dropped private argument is not supported anymore:
https://github.com/ansible/ansible/issues/45038

Change-Id: Iade01544654937a28a606cf2f8900f6fe1587dcb
2019-05-17 11:52:11 +03:00
OpenStack Proposal Bot bb0b57a273 Updated from OpenStack Ansible Tests
Change-Id: I2ca0c87929dd88a82c1c8ae95fc43190aa1b0d4e
2019-05-09 11:34:22 +00:00
OpenStack Proposal Bot 6b46af5061 Updated from OpenStack Ansible Tests
Change-Id: I94274d4d6e3604c6ebdb7bc8051e88366bf31047
2019-04-17 19:11:26 +00:00
OpenStack Proposal Bot 92a0096e69 Updated from OpenStack Ansible Tests
Change-Id: Ided1e557b8ae2ee815e0c246441fcaf31b3ca3e2
2019-04-17 07:25:13 +00:00
OpenStack Proposal Bot 307516d34a Updated from OpenStack Ansible Tests
Change-Id: I0bfff9f0059a40896d25d0bd1f80f719abe80a7c
2019-04-13 20:21:55 +00:00
OpenStack Proposal Bot 64c0b89453 Updated from OpenStack Ansible Tests
Change-Id: I33932c3dd464ebb6abcfd598b60466a8cfead3bc
2019-04-01 13:18:36 +00:00
Dmitriy Rabotjagov fb6af2f3f0 Update role for new source build process
The variables cloudkitty_developer_mode and cloudkitty_venv_download
no longer carry any meaning. This review changes cloudkitty to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.

As part of this, we move the installation out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.

We also change include_tasks to import_tasks and include_role
to import_role so that the tags in the python_venv_build role
will work.

Change-Id: Ieaec0a12a1ed6ea1f9a98a615fd8c6bff67a9d0c
2019-03-28 15:45:56 +02:00
Jesse Pretorius 12effbdbd3 Enable overriding the service setup host python interpreter
In order to enable the service setup host python interpreter to
be changed easily, we make it a variable. This will be useful
when someone sets the service setup host to be the utility
container, because we'll be able to set this var by default.

Change-Id: I3f6d4ed50fef2bca61f2bfdc158da804ab80b892
2018-11-30 15:39:56 +00:00
Christian Zunker cdfa3b13c9 Configure cloudkitty-api to use uwsgi
Accoring to the cloudkitty docs it is strongly recommended to
install the API server in a WSGI host such as mod_wsgi.

The tasks are a combination of os_cinder steps and the cloudkitty
docs for wsgi:
https://docs.openstack.org/cloudkitty/latest/install/mod_wsgi.html#mod-wsgi

Change-Id: I4173a32f4989f7e23205083738ccd81f7ea6f9f6
Closes-Bug: 1769632
2018-11-20 11:31:48 +01:00
Jesse Pretorius 374b8c2bce Use a common python build/install role
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.
2. Simplifies the installation of optional pip packages.
   Right now it's more complicated than it needs to be due
   to us needing to keep the py_pkgs plugin working in the
   integrated build.

Depends-On: https://review.openstack.org/598957
Change-Id: Ife2f3e96f7a56279f68509259c099bfe20ff19d8
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
2018-09-03 11:59:33 +00:00
OpenStack Proposal Bot b9a9aea2e6 Updated from OpenStack Ansible Tests
Change-Id: I4f28e1832e16f23fb0f283e7bcd50e95d120ef6c
2018-08-20 10:47:47 +00:00
Zuul 2d82c48d84 Merge "Use include_tasks instead of include" 2018-08-18 01:42:04 +00:00
OpenStack Proposal Bot 3a426ceb8b Updated from OpenStack Ansible Tests
Change-Id: If2f0c08eaa97c4efd19b67ea79ef4eb8b424857c
2018-08-15 13:40:28 +00:00
caoyuan 15c0163b1e Use include_tasks instead of include
include is marked as deprecated since ansible 2.4[0]

Switch to include_tasks or import_playbook as necessary

[0] https://docs.ansible.com/ansible/2.4/include_module.html#deprecated

Change-Id: I0297ca2a66b3344cfc20a1adf81b71339174a205
2018-08-15 14:22:20 +08:00
Jesse Pretorius 00097c026b Allow tags to be used for MQ tasks
The use of 'include_tasks' and a loop of variables creates
a situation where a user is unable to use tags to scope the
inclusion of only the MQ tasks when running the playbooks.

The use-case this is important for is when the rabbitmq
containers are destroyed and rebuilt in order to resolve
an issue with them, and the user wishes to quickly recreate
all the vhosts/users.

Ansible's 'include_tasks' is a dynamic inclusion, and dynamic
inclusions are not included when using tags. The nice thing
about dynamic inclusions is that they completely skip all
tasks when the condition does not apply, cutting down deploy
time. However, given the use-case, we should rather take on
the extra deployment time.

This patch changes the dynamic inclusion to a static one,
adds a 'common-mq' tag to cover all MQ implementations,
and re-implements the 'common-rabbitmq' tag for the tasks
that relate to RabbitMQ specifically.

It also implements conditionals for each task set so that
the rpc/notify tasks can be skipped if a vhost/user is not
required for that purpose (eg: swift does not use RPC, and
most roles will not use notifications by default).

Depends-On: https://review.openstack.org/588191
Change-Id: Ied4df931d0464173649c39ac82253c541b195cb1
2018-08-07 12:58:15 +01:00
Kevin Carter b78966cd09
Convert role to use a common systemd service role
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed.

The systemd journal would normally be populated with the standard out of
a service however with the use of uwsgi this is not actually happening
resulting in us only capturing the logs from the uwsgi process instead
of the service itself. This change implements journal logging in the
service config, which is part of OSLO logging.

OSLO logging docs found here: <https://docs.openstack.org/oslo.log/3.28.1/journal.html>

Change-Id: Ieff0119cb09e8971fab5b0393f023010a554edff
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-07-31 14:50:12 -05:00
Jesse Pretorius 19f299854e Move MQ vhost/user creation into role
There is no record for why we implement the MQ vhost/user creation
outside of the role in the playbook, when we could do it inside the
role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement two new variables:
- cloudkitty_oslomsg_rpc_setup_host
- cloudkitty_oslomsg_notify_setup_host

These are used in the role to allow delegation of the MQ vhost/user
setup for each type to any host, but they default to using the first
member of the applicable oslomsg host group.

We also adjust some of the defaults to automatically inherit existing
vars set in group_vars form the integrated build so that we do not
need to do the wiring in the integrated build's group vars. We still
default them in the role too for independent role usage.

Finally, we remove the test mq setup tasks and clean up any unused
or unnecessary variables configured in tests.

Change-Id: Iac217b80df3da79a944185a90ba4c1ff5409945b
2018-07-31 08:31:19 +01:00
Andy Smith cfddca21eb Update to use oslo.messaging service RPC and Notify
This introduces oslo.messaging variables that define the RPC and
Notify transports for the OpenStack services. These parameters replace
the rabbitmq values and are used to generate the messaging
transport_url for the service.

This patch:
* Add oslo.messaging variables for RPC and Notify to defaults
* Update transport_url generation in conf
* Add oslo.messaging to tests inventory and update tests
* Install extra packages for optional drivers
* Add release note

Change-Id: I0612252927f81b3584054f6cd77a2826c5d3fc3b
2018-07-31 08:31:18 +01:00
Jean-Philippe Evrard cad8710a8d Fix usage of "|" for tests
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I77c037ec01e192ec0723050c05e296d4ccbfb79e
2018-07-12 16:54:43 +02:00