Recursive task against /etc/cinder/rootwrap.d set directory permissions
to 0640 as well, which is not really valid. Also it was not idempotent
with dir creation from pre-install step.
Change-Id: Idbd09c78943d954f42f89acce40096c3754024be
During last release cycle oslo.messaging has landed [1] series of extremely
useful changes that are designed to implement modern messaging
techniques for rabbitmq quorum queues.
Since these changes are breaking and require queues being re-created,
it makes total sense to align these with migration to quorum queues by default.
[1] https://review.opendev.org/q/topic:%22bug-2031497%22
Change-Id: Id66345774cc9a2e2ffbe268ea8e6c4bd8908ee72
In order to be able to globally enable notification reporting for all services,
without an need to have ceilometer deployed or bunch of overrides for each
service, we add `oslomsg_notify_enabled` variable that aims to control
behaviour of enabled notifications.
Presence of ceilometer is still respected by default and being referenced.
Potential usecase are various billing panels that do rely on notifications
but do not require presence of Ceilometer.
This change also disables RPC communication for Glance since there's
no signs of RPC usage in Glance code. RabbitMQ seems to be used solely
for notifications
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/914144
Change-Id: I854374788ed92efe0164c29414978a1d14b83410
In order to allow definition of policies per service, we need to add variables
so service roles, that will be passed to openstack.osa.mq_setup.
Currently this can be handled by leveraging group_vars and overriding `oslomsg_rpc_policies` as a whole, but it's not obvious and
can be non-trivial for some groups which are co-locating multiple services
or in case of metal deployments.
Change-Id: Ie427f4c69a7bb3c8460400b0ee88e5d482080786
Since upstream bug [1] preventing us to disable uWSGI for Ceph was fixed,
we can remove extra logic of disabling uWSGI usage when Ceph is among
configured storages.
[1] https://review.opendev.org/c/openstack/glance_store/+/885581
Change-Id: Ibcd9df6a547febb8f47b88d0c98277b46faf489c
According to configuration guide of using cinder as a storage [1], some
auth data should be provided in storage section.
It also needs show_multiple_locations to be enabled.
[1] https://docs.openstack.org/cinder/latest/admin/volume-backed-image.html
Change-Id: Iacd5b74cbda1fdf48a073dc17b42caa37c2359e5
While we assume that glance_additional_stores can be list of mappings
for multistore glance support, bunch of other logic in role still treats
it as simple list and make verifications against it. So in case one
dares to override variable according to our suggestion, they also need
to override bunch of other things.
We change defaults for `glance_available_stores` variable and always
define it as a multistore list of mappings.
Then we introduce a variable `glance_available_store_types` that is a
list of types for each of configured storage.
Logic of how storages are defined in glance config is also changed now.
Storages won't be defined if there's no "default" record for them in
glance_available_stores.
For each new store that deployer wants to provision, they now can pass
`config` key for glance stores, rather then use config overrides.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/901041
Change-Id: I1416e0f6e3ed79abd10f468b52fc712d35a61bd2
At the moment glance_cinder_store.filters is distributed through
glance_store [1] package.
Moreover, for quite some time glance has migrated to using privsep [2]
so internally maintained filters are not up to date anymore.
[1] f3f5bdb45b/etc/glance/rootwrap.d/glance_cinder_store.filters
[2] c369ba013f
Related-Bug: #900930
Change-Id: Ie097a019f058bac123acf14f51253c272c56aca5
At the moment rootwrap can not find privsep-helper binary as it's located
in glance bin directory, which is inside the virtual environemnt.
In order to properly use privsep we must define venv bin directory in
allowed exec_dirs of rootwrap.
This also introduces new variable `glance_rootwrap_conf_overrides`
that allows to manage some extra overrides for rootwrap if needed.
Closes-Bug: #2043503
Change-Id: I4ee3fc33fdbeb50fc7b102bf62d6134f83c5925f
Back in Yoga we've refactored way of mounting remote filesystems
for glance while keeping backwards compatibiltiy [1]
However, there was a copy/paste error made while defining
glance_mount_points with old format of glance_nfs_client.
[1] https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/837550
Change-Id: I755822089bf406f532a718db5b84df553cbc2084
Closes-Bug: #2032771
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: Ic65b9abc930e151f06d69fb9474a813cb504d7ed
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I6967d3832396f375580039c73510ea4f02002b3b
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ifb3711157e77d5c917d05e4a384dead2abe72a7c
In order to be able to use tags to run systemd_service role solely,
they must be applied properly when role is included.
Change-Id: I121167e87b7aa68a75af17cbde084de5b1961264
By overriding the variable `glance_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the glance backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I5a0302c2fcc73a869de5633b2332a3b53c99590e
We need to define _glance_available_stores outside glance role to
use it in haproxy service definition.
It's a good idea to make `_glance_available_stores` public by moving it
out of role variables to role defaults beforehand.
Change-Id: Ieb10a0e5c9faf72c6bea4c45f7e216469971a1f3
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I5a52c0de14ee3a6215edb64dbc3bd48512d57e2e
Closes-Bug: #2009029
At the moment there's an issue with chunking in case uwsgi is used
with ceph backend.
Change-Id: I48feac2ea789782e55bd49196e631cd4df9778ce
Related-Bug: #1916482
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I0e6b4917786b6b5d2d983db092bc45f635abea2c
Since ``horizon_images_upload_mode`` is enabled by default and
``glance_show_multiple_locations`` is disabled by default(turns out
it's not really required), we should add ``external_lb_vip_address`` to
``glance_cors_allowed_origin`` as default.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/862167
Change-Id: I6d13e1e985f8e3bbb97b0af7063b469cb4b2dbca
This line was introduced by I65d8e66673f5372fe880680a035842ffcd775ac2
for centos-7 support, and should already be covered by the
distribution_major_version line above.
Change-Id: I8a2a93aa3ecbb01451e940b7e71e5ac5bf48b880
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I01225e479e22f3867e811055c8e5e87f644bf46e
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ib7fd1a80affe0fa8c6b030fdbfdd60693f104cd6
Related-Bug: #1948456
When default value has any concatenation, it tries to resolve variables
and always contcatenate even when it's not needed.
With that we need to set defaults for the variables that are inside
defaults, otherwise even if default not needed - task would fail on
default being undefined.
Change-Id: I4f445f280a71173f1b72a3b37bd9d54ea5694ac2
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Iefc217495e209c30782c8bd8fb4de54b3e683992