Commit Graph

486 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov e7f7e7d122 Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/899386
Change-Id: I8c418906b75edb633948f2c074170454a8f3e2d0
2023-10-26 16:08:04 +00:00
Dmitriy Rabotyagov 645fcde602 Fix example playbook linters
Change-Id: I11649981895a482cea97c373d2de9ca7df654cd2
2023-10-20 10:47:43 +02:00
Zuul db839d98c7 Merge "Use proper galera port in configuration" 2023-08-14 10:50:04 +00:00
Dmitriy Rabotyagov 58bb1602dc Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.

Change-Id: I8c21f0f61537c74813a5e29e2e370dc8c50df61f
2023-07-31 15:04:49 +02:00
Dmitriy Rabotyagov d41ac57fe4 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I6ca96cd72600e59c2e6616880d7cd9155a26c5bb
2023-07-14 12:56:46 +00:00
Damian Dabrowski 3464966868 Add TLS support to designate backends
By overriding the variable `designate_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the designate backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id5c18a7305c744a2b0252f62debb1b5654e4abd7
2023-04-29 18:36:33 +02:00
Dmitriy Rabotyagov b6d826f675 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I3dcb02cfd8c5057411488dfefdd0b5381231a972
2023-04-10 16:38:06 +00:00
Dmitriy Rabotyagov 94b04bffe1 Adopt project_info fetch to collection 2.0
With ansible-collection version 2.0 return of project_info module
has changed. We need to adopt usage of module return to the new format.

Change-Id: I90c80baef9ec57b08cb586c2b884aac852a74419
2023-04-10 18:28:18 +02:00
OpenStack Release Bot bf12c20c2a Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: I5b307b7a93025c373e5c92ebe64cf94f3bb14c7f
2022-12-13 13:13:40 +00:00
Zuul f4fb4db8e2 Merge "Add coordination support" 2022-12-07 13:58:58 +00:00
Dmitriy Rabotyagov a618a6ddd3 Add coordination support
This patch adds configuration for coordination service when it's
available.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/865449
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/864750
Change-Id: I632439956f17bbac8987c3429634ebac8b1c3d44
2022-11-28 12:46:00 +00:00
Dmitriy Rabotyagov aab80f8524 Fix race condition during designate setup
Right now when designate is being installed for the first time, role
tries to run pool update before database is being populated. That
happens due to flushing handlers early as db sync requires service
to run with relevant config. This regression has been implemented
with [1].

To resolve it we move copy of pools.yaml after handlers are flushed
first time and after db sync process.
We also move service_setup before first flush as otherwise service
won't be able to start properly anyway.

There's no need to copy pools.yaml to each designate container and run
pool update multiple times - it's enough to do that once.

[1] 87eb5d46cd

Change-Id: I3b3aaf48f990e229ba5ca3ec5127780fa70228d0
2022-11-25 18:20:06 +01:00
Erik Berg f5936a486c Remove redundant vars line
This line snuck in with I299aa04729790d0c194032a36c7b50a3306990c1
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.

Change-Id: I420c2e5620c607168402a88eee7192e69f5fdf97
2022-09-14 13:10:52 +02:00
Dmitriy Rabotyagov 50ee7fe8a9 Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7eafa6b989a2fd726369b3959b5e6ba024b82274
2022-06-15 18:19:27 +02:00
Dmitriy Rabotyagov 79b0b8e1ee Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.


Change-Id: Ib834fe1c19784db978fe87495e5736dafe6c4e99
2022-05-30 16:01:25 +02:00
OpenStack Proposal Bot d380691f35 Updated from OpenStack Ansible Tests
Change-Id: I529d30d0e0e80b79a2af8f545e1b62dcb290b1ff
2022-04-04 09:41:44 +00:00
Jonathan Rosser b7de78ba5d Cleanup setup.py config
Change-Id: Ia040ee398a3436f376fec4afb9c8ab7c28a211fb
2022-04-04 10:41:03 +01:00
Zuul 731fb73388 Merge "Refactor use of include_vars" 2022-02-11 21:31:28 +00:00
Jonathan Rosser 4d08168065 Remove legacy policy.json cleanup handler
Change-Id: Ie2bc614e675de22eb7c7829efd638673f285e626
2022-02-02 04:10:31 -05:00
Jonathan Rosser 859de5f930 Use common service setup tasks from a collection rather than in-role
Change-Id: I58a0edd3890ac7ef3d3aaed342bf44cb4a169a35
2022-01-12 18:35:53 +00:00
Jonathan Rosser 2d2b7d7b50 Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: I299aa04729790d0c194032a36c7b50a3306990c1
2022-01-12 08:36:35 +00:00
OpenStack Proposal Bot 4dcdc1cd5b Updated from OpenStack Ansible Tests
Change-Id: Ibb48cf6a698ed7c0be07332d051c8be4d1a856b5
2021-12-17 16:45:50 +00:00
OpenStack Proposal Bot fcf02aaffe Updated from OpenStack Ansible Tests
Change-Id: I16bf8339d4aa79427a4a863bc9bf3b19851210cc
2021-12-04 17:39:53 +00:00
Damian Dabrowski 4667c80b90 Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I28c64b44eadfd726e07cb7159e5d3d94fde106ed
2021-12-03 11:40:46 +01:00
Dmitriy Rabotyagov 4d4366ed16 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: I276113c0a46dcb6766237189c661644b69453a7a
2021-11-30 15:17:16 +02:00
Dmitriy Rabotyagov ada4dcf39b Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.

Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.

[1] 78f0cf99e5/pymysql/connections.py (L267)

Change-Id: Ic5b072d983c6d553d996a0a3bd708eec4c2137e5
2021-09-21 14:28:54 +03:00
likui 87d0be496c Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Change-Id: I8a0558b6f9ad80f144649bc9a8f5041c0595ee02
2021-07-03 21:16:40 +08:00
Dmitriy Rabotyagov 2fa394033b Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.


Change-Id: I585622c62567ee4a36dcf3ebddc511853c3d6b7b
2021-05-21 15:52:31 +03:00
Zuul 000dcfd971 Merge "Add variables for rabbitmq ssl configuration" 2021-05-18 14:26:26 +00:00
Jonathan Rosser 1ae06103e2 Add variables for rabbitmq ssl configuration
Change-Id: Ia2fef44b3ab22b9dfe35dad61d02b1bf8b3e31b5
2021-05-17 09:26:26 +00:00
OpenStack Proposal Bot 0e1b577934 Updated from OpenStack Ansible Tests
Change-Id: I608348fae892b547f7043021c1460642c37e1831
2021-04-19 09:57:32 +00:00
Zuul d0863497de Merge "Generate designate_pool_uuid dynamically" 2021-04-13 14:47:15 +00:00
Zuul e9177110fa Merge "[goal] Deprecate the JSON formatted policy file" 2021-04-06 12:33:11 +00:00
Dmitriy Rabotyagov f51605df76 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I71d9f02360e10fe45d1e956e3a59326e8ba1263a
2021-03-30 16:42:38 +00:00
Dmitriy Rabotyagov 766bcb92b6 Generate designate_pool_uuid dynamically
There is also no pool_id option in service:pool_manager section.
default_pool_id from service:central should be used instead.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/771833
Change-Id: I21a0217d1d3593893d47646d2bacd4da926c5c94
2021-03-25 14:44:18 +00:00
OpenStack Proposal Bot 5c8d8d58be Updated from OpenStack Ansible Tests
Change-Id: I15cba763dd9345cb943535bfb72b87a8d1077d11
2021-03-22 08:46:41 +00:00
Dmitriy Rabotyagov 87eb5d46cd Update pool when pools.yaml is changed
Move designate-mange pool update command to handlers
since we need to run it only when pools.yaml is changed.
We also don't need to restart designate service, when pools.yaml is
updated.

Change-Id: I7f3d6bd777ce5a6e0f3372f0f6e29cb5499d5419
2021-03-19 17:03:34 +00:00
Jonathan Rosser 1b6f3273fb Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: I40b37608f65ec57b26fb10528da63ad54f9a1496
2021-03-16 08:02:26 +00:00
OpenStack Proposal Bot d843d22e11 Updated from OpenStack Ansible Tests
Change-Id: I804060665979ad705f64eb7824a54e2937f5f821
2021-03-12 22:18:34 +00:00
Zuul 6e093c89de Merge "Remove references to unsupported operating systems" 2021-03-10 17:25:54 +00:00
Jonathan Rosser e0afffd98c Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I96a9757621eab69e7bc16a2e31ab28d0eb8a23be
2021-03-10 12:16:38 +00:00
Jonathan Rosser 0897b1b616 Switch default virtualenv to python3
Change-Id: Ie5286f3a59c553ed17f44c4fd5d3cb425b364e3e
2021-03-10 08:49:04 +00:00
Zuul 6f866bdcb3 Merge "[reno] Stop publishing release notes" 2021-03-01 20:37:12 +00:00
Dmitriy Rabotyagov fb3b350f58 Use new openstack.cloud collection names
os_ prefixed module names are deprecated for a while and will be removed
Current usage generates a warning for users.

Change-Id: I22af42d7668615cd4f76366abdc3972da4846a6d
2021-02-16 21:38:37 +02:00
Jonathan Rosser 8b28984a5c Move designate pip packages from constraints to requirements
This is necessary to use the new pip resolver

Change-Id: I432de032214792d4296b51d471c2432e9a8410b4
2021-01-25 09:59:32 +00:00
dmitriy d2f1b890fb [reno] Stop publishing release notes
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.


Change-Id: I5fb104e1ba18d8dd1349600b006be73f2e0f32fa
2021-01-22 18:25:07 +02:00
Dmitriy Rabotyagov a5d177dfc9 Use global service variables
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.

Change-Id: If3627990a028b4c28c85609f5bf1341b836b0ccd
2021-01-08 14:26:37 +00:00
zhoulinhui 2e55321849 Replace deprecated UPPER_CONSTRAINTS_FILE variable
Change-Id: I421a5d5f3201af49854b99cfccb76c2b3080a52f
2020-11-10 13:11:38 +08:00
OpenStack Proposal Bot a84cf43c74 Updated from OpenStack Ansible Tests
Change-Id: Ief96a00267e52d644c6f411c177de72fe085cbbb
2020-10-19 09:19:51 +00:00
Zuul 403e8155cb Merge "Updated from OpenStack Ansible Tests" 2020-10-02 16:31:37 +00:00