When upgrading from 2023.1 to 2023.2 in a HA environment,
the Designate pool update command failed as it ran using
an upgraded client, but made RPC calls against instances
which had not been upgraded yet.
This commit moves the pool update to the last play host
in order to ensure that in an upgrade situation, all
virtualenvs have been upgraded first to ensure no client/
server version conflicts.
Change-Id: I93af581696de0913710592f9033545b87547b78a
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I6ca96cd72600e59c2e6616880d7cd9155a26c5bb
By overriding the variable `designate_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the designate backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id5c18a7305c744a2b0252f62debb1b5654e4abd7
With ansible-collection version 2.0 return of project_info module
has changed. We need to adopt usage of module return to the new format.
Change-Id: I90c80baef9ec57b08cb586c2b884aac852a74419
Right now when designate is being installed for the first time, role
tries to run pool update before database is being populated. That
happens due to flushing handlers early as db sync requires service
to run with relevant config. This regression has been implemented
with [1].
To resolve it we move copy of pools.yaml after handlers are flushed
first time and after db sync process.
We also move service_setup before first flush as otherwise service
won't be able to start properly anyway.
There's no need to copy pools.yaml to each designate container and run
pool update multiple times - it's enough to do that once.
[1] 87eb5d46cd
Change-Id: I3b3aaf48f990e229ba5ca3ec5127780fa70228d0
This line snuck in with I299aa04729790d0c194032a36c7b50a3306990c1
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I420c2e5620c607168402a88eee7192e69f5fdf97
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7eafa6b989a2fd726369b3959b5e6ba024b82274
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I299aa04729790d0c194032a36c7b50a3306990c1
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I276113c0a46dcb6766237189c661644b69453a7a
Move designate-mange pool update command to handlers
since we need to run it only when pools.yaml is changed.
We also don't need to restart designate service, when pools.yaml is
updated.
Change-Id: I7f3d6bd777ce5a6e0f3372f0f6e29cb5499d5419
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I96a9757621eab69e7bc16a2e31ab28d0eb8a23be
os_ prefixed module names are deprecated for a while and will be removed
Current usage generates a warning for users.
Change-Id: I22af42d7668615cd4f76366abdc3972da4846a6d
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: I63e9f830f086763f3dcb90cd54dbdebcfc679b1c
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: Ia09330b907387f70db5f553f83d5a23a4f7f8a98
referencing ansible_python_interpreter to main.yml file to fix it.
Depends-On: https://review.opendev.org/710849
Change-Id: I196c263c7fb017a1d8386e8e9fb339af70165c51
These are changed to os_*_info modules which return their data
not as facts but via ansible registered variables.
Change-Id: I38a10f8c648c350a709b900a6aabaf446550600e
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
Change-Id: Id9e94865467a9076ee15a9caebcc2cc97847d079
Install the python3-designate package and rely on the OSA provided
service configs instead of installing each of the individual designate
service packages. The 'Mask any conflicting units' task can also be
removed since the installation of unwanted services will no longer be an
issue.
Change-Id: I40a596803df656f5e6f75996660fe9ace685c2ed
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.
This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.
Change-Id: I51d103ef054a5018b5c2e3dd2c1f34cd1a4f9cc2
The variables barbican_developer_mode and barbican_venv_download
no longer carry any meaning. This review changes glance to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.
Change-Id: Ifd7d4d0a314834165141019dbacb82bbc1c4176d
The private option on include role was never implemented and
will no longer be developed. This change removes the option
so ansible no longer raises a deprecation warning.
Change-Id: Idbdf22251060dcd7e9852551a895b928ad415ce6
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
It is possible that the hostname of the system does not match the
one in the inventory which means that the delegate_to or the
comparision to inventory_hostname will fail in the tasks later.
Change-Id: I9ec04c1ceb1036fcf2b830a372d6fb927b3040ac
With changes inside Designate merged about policy-incode, there
is no longer a default policy.json file in the venv, so we
need to change how we implement the file, and should only do
so if there is a config override configured for it.
If there is no policy override configured, but a policy.json
file is present, then it's likely left over from a previous
build. To ensure that we do not carry legacy configuration
files which override the policy-in-code we remove the legacy
file. This is done on restart to ensure that the policy still
applies until the code is updated.
Change-Id: Iea4d2029723529444b93d7deca58824e592d0e0f
This change allow deployer to set project that will be owner of managed
resources like auto-created records and zones.
The owner is specified using project name and defaults to service
tenant.
Depends-On: https://review.openstack.org/628979
Change-Id: I620be82d890aaa547decc59f81f55345f7177900