When upgrading from 2023.1 to 2023.2 in a HA environment,
the Designate pool update command failed as it ran using
an upgraded client, but made RPC calls against instances
which had not been upgraded yet.
This commit moves the pool update to the last play host
in order to ensure that in an upgrade situation, all
virtualenvs have been upgraded first to ensure no client/
server version conflicts.
Change-Id: I93af581696de0913710592f9033545b87547b78a
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/899386
Change-Id: I8c418906b75edb633948f2c074170454a8f3e2d0
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I8c21f0f61537c74813a5e29e2e370dc8c50df61f
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I6ca96cd72600e59c2e6616880d7cd9155a26c5bb
By overriding the variable `designate_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the designate backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id5c18a7305c744a2b0252f62debb1b5654e4abd7
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I3dcb02cfd8c5057411488dfefdd0b5381231a972
With ansible-collection version 2.0 return of project_info module
has changed. We need to adopt usage of module return to the new format.
Change-Id: I90c80baef9ec57b08cb586c2b884aac852a74419
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I5b307b7a93025c373e5c92ebe64cf94f3bb14c7f
Right now when designate is being installed for the first time, role
tries to run pool update before database is being populated. That
happens due to flushing handlers early as db sync requires service
to run with relevant config. This regression has been implemented
with [1].
To resolve it we move copy of pools.yaml after handlers are flushed
first time and after db sync process.
We also move service_setup before first flush as otherwise service
won't be able to start properly anyway.
There's no need to copy pools.yaml to each designate container and run
pool update multiple times - it's enough to do that once.
[1] 87eb5d46cd
Change-Id: I3b3aaf48f990e229ba5ca3ec5127780fa70228d0
This line snuck in with I299aa04729790d0c194032a36c7b50a3306990c1
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I420c2e5620c607168402a88eee7192e69f5fdf97
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7eafa6b989a2fd726369b3959b5e6ba024b82274
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Ib834fe1c19784db978fe87495e5736dafe6c4e99
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I299aa04729790d0c194032a36c7b50a3306990c1
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I28c64b44eadfd726e07cb7159e5d3d94fde106ed
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I276113c0a46dcb6766237189c661644b69453a7a
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: Ic5b072d983c6d553d996a0a3bd708eec4c2137e5
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I585622c62567ee4a36dcf3ebddc511853c3d6b7b
Move designate-mange pool update command to handlers
since we need to run it only when pools.yaml is changed.
We also don't need to restart designate service, when pools.yaml is
updated.
Change-Id: I7f3d6bd777ce5a6e0f3372f0f6e29cb5499d5419
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I96a9757621eab69e7bc16a2e31ab28d0eb8a23be
os_ prefixed module names are deprecated for a while and will be removed
Current usage generates a warning for users.
Change-Id: I22af42d7668615cd4f76366abdc3972da4846a6d
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.
Change-Id: I5fb104e1ba18d8dd1349600b006be73f2e0f32fa
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: If3627990a028b4c28c85609f5bf1341b836b0ccd