Due to the shortcoming of QManager implementation [1], in case of uWSGI
usage on metal hosts, the flow ends up with having the same
hostname/processname set, making services to fight over same file
under SHM.
In order to avoid this, we prepend the hostname with a service_name.
We can not change processname instead, since it will lead to the fight
between different processes of the same service.
[1] https://bugs.launchpad.net/oslo.messaging/+bug/2065922
Change-Id: Idfe3a93727c3ba7f05589d4113233e999c99d398
During last release cycle oslo.messaging has landed [1] series of extremely
useful changes that are designed to implement modern messaging
techniques for rabbitmq quorum queues.
Since these changes are breaking and require queues being re-created,
it makes total sense to align these with migration to quorum queues by default.
[1] https://review.opendev.org/q/topic:%22bug-2031497%22
Change-Id: Id66345774cc9a2e2ffbe268ea8e6c4bd8908ee72
In order to be able to globally enable notification reporting for all services,
without an need to have ceilometer deployed or bunch of overrides for each
service, we add `oslomsg_notify_enabled` variable that aims to control
behaviour of enabled notifications.
Presence of ceilometer is still respected by default and being referenced.
Potential usecase are various billing panels that do rely on notifications
but do not require presence of Ceilometer.
This change also disables RPC communication for Glance since there's
no signs of RPC usage in Glance code. RabbitMQ seems to be used solely
for notifications
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/914144
Change-Id: I854374788ed92efe0164c29414978a1d14b83410
According to configuration guide of using cinder as a storage [1], some
auth data should be provided in storage section.
It also needs show_multiple_locations to be enabled.
[1] https://docs.openstack.org/cinder/latest/admin/volume-backed-image.html
Change-Id: Iacd5b74cbda1fdf48a073dc17b42caa37c2359e5
While we assume that glance_additional_stores can be list of mappings
for multistore glance support, bunch of other logic in role still treats
it as simple list and make verifications against it. So in case one
dares to override variable according to our suggestion, they also need
to override bunch of other things.
We change defaults for `glance_available_stores` variable and always
define it as a multistore list of mappings.
Then we introduce a variable `glance_available_store_types` that is a
list of types for each of configured storage.
Logic of how storages are defined in glance config is also changed now.
Storages won't be defined if there's no "default" record for them in
glance_available_stores.
For each new store that deployer wants to provision, they now can pass
`config` key for glance stores, rather then use config overrides.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/901041
Change-Id: I1416e0f6e3ed79abd10f468b52fc712d35a61bd2
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I6967d3832396f375580039c73510ea4f02002b3b
We need to define _glance_available_stores outside glance role to
use it in haproxy service definition.
It's a good idea to make `_glance_available_stores` public by moving it
out of role variables to role defaults beforehand.
Change-Id: Ieb10a0e5c9faf72c6bea4c45f7e216469971a1f3
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ib7fd1a80affe0fa8c6b030fdbfdd60693f104cd6
Related-Bug: #1948456
Currently we have bunch of limitations related to the format
of ``glance_nfs_client``. While systemd_mount role is flexible enough
to allow mount cephfs or s3fs, variable format has weird assumptions
that we want to change for better flexability.
Since keys of variable are changing, new name for it was picked to
reflect purpose of the variable better.
Change-Id: Ic0d91a3a873b4253255beac79becf01b4a304695
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I4fd6de7ca38d561306e8c868c063b68edeafc68a
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I71ebc2fc4e386f3a1599fe73d49fae185ec9d2ff
Remove deprecated config options that no longer have effect.
We also set cinder_catalog_info to valid default.
Change-Id: Ic24f9a912fc0e7ef73e4e8de4a8440fbf5ddac17
In glance caching doc is stated[1], that some of the variables
should be defined in both glance-api and glance-cache config and should
be exactly the same, otherwise issues might raise.
We also introduce glance_image_cache_stall_time variable to control
cache time reliable across config files
[1] https://docs.openstack.org/glance/train/admin/cache.html#configuration-options-for-the-image-cache
Change-Id: Ic229e71978961546cec5f58a9c963c71e05ffba4
Glance-registry service has been removed in V cycle with [1]
We do all necessary cleanup to fully remove service deployment.
[1] https://review.opendev.org/738671/
Change-Id: I0b2e2e39040fd0daef04724f94a39f2d11e4d105
While running as uwsgi glance has malfunctioning interoperable image
import feature. So we add new variable `glance_use_uwsgi` based on which
glance will be either started via uwsgi or as a regular service.
Also once glance_use_uwsgi is true, enable_image_import will be disabled
Change-Id: Icf572c656c24b646110ce3fd90727205c22eff15
Some variables were deprecated in rocky and marked for removal in Ussuri
We do replace them not to have things broken afterwards.
Change-Id: I75d2e3631b0dfebb72efd946fd61252bb9b766b0
Related-Bug: #1846052
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: I19b74c3bc5119953256d3d8f2a98cb5f23787755
Update the ownership of the directory about NFS mount point(s).
This patch could be also stand as an improvement for future use.
Making the filesystem directory configurable, we are able to store
the image in the different directory (or in a new path) under
glance_system_user_home repo, which is able to be configured
dynamically, for instance, via deployment of a scenario.
Change-Id: I7403ac9bd85ea3ed149e13cb57c51039602f6ba1
Signed-off-by: Panagiotis Karalis <pkaralis@intracom-telecom.com>
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Depends-On: https://review.opendev.org/678025/
Change-Id: I6f129940e55130c289d94138171cee54dbd28fc1
There are a number of missing dependencies in the role when using cinder
store with glance. Specifically rootwrap is required for elevating access
when using os-brick to connect to cinder iscsi/fc volume back end storage.
This patch addresses the following:
- olso.rootwrap is not included in glance_pip_packages
- files/rootwrap.d/glance_cinder_store.filters is missing
- glance user is not added to sudoers
glance_pip_packages updated, missing rootwrap.d and sudoer files now dropped in to
Their required locations by glance_post_install.yml task
Change-Id: I55162bc2bf3cbb8858950e4abcf60a3de9929008
Closes-Bug: #1833725
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: I12c5a117d9ca508f24a36a477d2d71c36e6c8c96
Beginning in the Stein release, Ubuntu distro packages are now using
Python3. This requires additionally installing and using the uwsgi
python3 plugin.
Install the 'python3-glance' package instead of 'glance-api'. glance-api
provides a service config file that conflicts with the one OSA provides.
Change-Id: I24e7a05372b6b1831529c620d3346889d5505f09
The files and templates we carry are almost always in a state of
maintenance. The upstream services are maintaining these files and
there's really no reason we need to carry duplicate copies of them. This
change removes all of the files we expect to get from the upstream
service. while the focus of this change is to remove configuration file
maintenance burdens it also allows the role to execute faster.
* Source installs have the configuration files within the venv at
"<<VENV_PATH>>/etc/<<SERVICE_NAME>>". The role will now link the
default configuration path to this directory. When the service is
upgraded the link will move to the new venv path.
* Distro installs package all of the required configuration files.
To maintain our current capabilities to override configuration the
role will fetch files from the disk whenever an override is provided and
then push the fetched file back to the target using `config_template`.
Change-Id: I3e7283bf778a9d686f3ae500b289c1fb43b42b92
Signed-off-by: cloudnull <kevin@cloudnull.com>
The notification driver setup was resulting in the driver and connection string
on the same line. This is caused by the case statement and how jinja formats
the template when a case statement is present. This change modifies how the
driver string is created using a ternary, which will eliminate the case
statement and render the value of the diver correctly.
Change-Id: If361de5d4112a9e7235972dc7bc5e857c68fef06
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch removes the conditional inclusion of the notification
section of the service configuration. This ensures that oslo.messaging
notifications use the correct transport for deployments that have
separate rpc and notify messaging backends.
This patch conditionally selects the notifier driver for when
ceilometer is enabled.
Change-Id: Ie73bf32a62d0e959e4905de31517b20b83b5c583
The patch introduces a variable `glance_cors_allowed_origin` which
allows a user to configure a specific origin that can do cross
domain requests.
Change-Id: I45f30d2ea7070e62d5d14ad87c872e98af1d7890
The systemd unit files are being converted to use common roles to reduce
code sprawl throughout the playbooks. This change allows us to use a
common systemd_mount role as an include which will give us a consistent
experience when deploying services and setting up their resournces on
OS's that uses systemd.
Closes-Bug: #1774037
Change-Id: I11d083788cd388dab0695878193ab18af1b5038b
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
When the RPC and Notify service are the same, the credentials
must match - otherwise the tasks to create the user/password
will overwrite with each other.
If the two clusters are different, then the matching credentials
and vhost will not be a problem. However, if the deployer really
wishes to make sure they're different, then the vars can be
overridden.
Also, to ensure that the SSL value is consistently set in the
conf file, we apply the bool filter. We also use the 'notify'
SSL setting as the messaging system for Notifications is more
likely to remain rabbitmq in our default deployment with qrouterd
becoming the default for RPC messaging.
Change-Id: If95706a85c68767936e7e9d3618e95f5658f5200
The driver option is necessary as the transport_url query param
override requires a value. Default will be to use the rpc setting.
Change-Id: Ifc3414a7de6343ae4e7784ed9f7822c18211bb6c
This introduces oslo.messaging variables that define the RPC and
Notify transports for the OpenStack services. These parameters
replace the rabbitmq values and are used to generate the messaging
transport_url for the service. The association of the messaging
backend server to the oslo.messaging services will then be
transparent to the glance service.
This patch:
* Add oslo.messaging variables for RPC and Notify to defaults
* Update transport_url generation
* Add oslo.messaging to inventory
* Add release note
Depends-On: If4326a6848d2d32af284fdbb94798eb0b03734d5
Change-Id: Ib647d87df040c77ee3906b1bf58764ca5f3d765d
Distributions provide packages for the OpenStack services so we add
support for using these instead of the pip ones.
Change-Id: I026a440b6a0fda43b613e30f359b2a23c3c1151f
Depends-On: I5a78e2120e596d36629b4ba978b2b5df76b149b0
Implements: blueprint openstack-distribution-packages
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: I5f439e371853921394698bf385b7f1fa012d476e
Implements: blueprint deprecate-auth-uri-option
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed. The exterior role is built to be OSA compatible and may be pulled
into tree should we deem it necessary.
Change-Id: Ie558875fcfbcd92c38d55e2d24087fce90889eaf
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>