Recursive task against /etc/cinder/rootwrap.d set directory permissions
to 0640 as well, which is not really valid. Also it was not idempotent
with dir creation from pre-install step.
Change-Id: Idbd09c78943d954f42f89acce40096c3754024be
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ifb3711157e77d5c917d05e4a384dead2abe72a7c
In order to be able to use tags to run systemd_service role solely,
they must be applied properly when role is included.
Change-Id: I121167e87b7aa68a75af17cbde084de5b1961264
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I5a52c0de14ee3a6215edb64dbc3bd48512d57e2e
Closes-Bug: #2009029
Currently we have bunch of limitations related to the format
of ``glance_nfs_client``. While systemd_mount role is flexible enough
to allow mount cephfs or s3fs, variable format has weird assumptions
that we want to change for better flexability.
Since keys of variable are changing, new name for it was picked to
reflect purpose of the variable better.
Change-Id: Ic0d91a3a873b4253255beac79becf01b4a304695
Systemd mount role now takes care of creating mount destinations
so there is no reason to handle this manually.
In addition to that, if user/group were not provided explicitly to the
ones set for NFS export, role was failing with permission denied
during re-run
Change-Id: Ib158e14c6f296795bb1f6eabdcfc23b80cbcd871
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Id4f43e11bb02733b90f8bdf49e86f7a37656c68f
Glance-registry service has been removed in V cycle with [1]
We do all necessary cleanup to fully remove service deployment.
[1] https://review.opendev.org/738671/
Change-Id: I0b2e2e39040fd0daef04724f94a39f2d11e4d105
Update the ownership of the directory about NFS mount point(s).
This patch could be also stand as an improvement for future use.
Making the filesystem directory configurable, we are able to store
the image in the different directory (or in a new path) under
glance_system_user_home repo, which is able to be configured
dynamically, for instance, via deployment of a scenario.
Change-Id: I7403ac9bd85ea3ed149e13cb57c51039602f6ba1
Signed-off-by: Panagiotis Karalis <pkaralis@intracom-telecom.com>
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Depends-On: https://review.opendev.org/678025/
Change-Id: I6f129940e55130c289d94138171cee54dbd28fc1
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: I12c5a117d9ca508f24a36a477d2d71c36e6c8c96
The variables glance_developer_mode and glance_venv_download
no longer carry any meaning. This review changes glance to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.
We also change include_tasks to import_tasks and include_role
to import_role so that the tags in the python_venv_build role
will work.
Depends-On: https://review.openstack.org/620339
Depends-On: https://review.openstack.org/637240
Depends-On: https://review.openstack.org/637503
Depends-On: https://review.openstack.org/644391
Change-Id: I1e5bd71b164676031fcde9890be43554e67048bf
The private option on include role was never implemented and
will no longer be developed. This change removes the option
so ansible no longer raises a deprecation warning.
Change-Id: I011fba2674dc4c6888ba93c0ea90f4d60e4b7657
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The files and templates we carry are almost always in a state of
maintenance. The upstream services are maintaining these files and
there's really no reason we need to carry duplicate copies of them. This
change removes all of the files we expect to get from the upstream
service. while the focus of this change is to remove configuration file
maintenance burdens it also allows the role to execute faster.
* Source installs have the configuration files within the venv at
"<<VENV_PATH>>/etc/<<SERVICE_NAME>>". The role will now link the
default configuration path to this directory. When the service is
upgraded the link will move to the new venv path.
* Distro installs package all of the required configuration files.
To maintain our current capabilities to override configuration the
role will fetch files from the disk whenever an override is provided and
then push the fetched file back to the target using `config_template`.
Change-Id: I3e7283bf778a9d686f3ae500b289c1fb43b42b92
Signed-off-by: cloudnull <kevin@cloudnull.com>
Glance NFS mounts are owned by `root` and are not writable by `glance`
user. Proposed change sets the `glance_nfs_client.local_path`
directory ownership to
`glance_system_user_name:glance_system_group_name` so that
Glance can write to that.
Change-Id: I226827d4f44da098961b16fd4450104d7a367205
Closes-Bug: 1813300
Related-Bug: 1759552
===
[DEPRECATION WARNING]: Using tests as filters is deprecated.
Instead of using `result|search` use `result is search`. This
feature will be removed in version 2.9.
===
Change-Id: I158a42b82d1818fa4e9296343b1b4ab787e8d89d
During deployment, it is possible that the folder was previously
created by something else (i.e. in this case, the nspawn deployment
tooling).
We already set the permissions for the subfolders but we don't set
it to the root folder which is causing Glance to fail to start
properly.
Change-Id: I91b3529fd1896ecde814801c0297465f1b956871
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: I6749670146cc64cb39b67efb26a9226208828ae7
Using the realpath filter, we can idempotently create/modify
the log directory whether it is a symlink or not. This allows
us to consolidate two tasks into the common directory creation
task.
The extra task to create the images directory can be consolidated
into the same common directory creation task.
We also convert the items list to yaml dictionary format to
match the desired style according to the style guide.
Change-Id: I46e8b7c3be005681efc8a520318e7945c9c9a259
When using glance + NFS the role deploys everything perfectly the first
time however if the role is executed again it will result in failure due
to some base directories being a mount. This change adds a new variable
which will create a list of all NFS mount points. This list is then used
in the required tasks to ensure we're not attempting to recreate
directories that should already exist and are being used as
mount-points.
Change-Id: Id28176833c0b783c20ee1d2ce71fa0654ccf683e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
There are times when a deployer will need to reconfigure parts of
an environment and having a general purpose tag to run said operation
will be important especicially should the deployer be needing to
reconfigure systemd unit files in a downtime event. This change adds
a general purpose systemd tag where include_role and systemd is found
which will assit operators with day2 operational tasks.
Change-Id: Id46c2aa56cd5498d022d29cf102dcbd2014c086d
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The conditionals are currently difficult to follow.
This simplifies them by splitting the fact setting
up and doing a fact refresh after the first one is
set.
Change-Id: I3f74d06ba3b246674e3ea3eb6ee1e5ca6e86a79b
The glance_distro_packages contain packages which are build dependencies
to the 'PIP' ones so we don't need to install them when we are using the
Glance distribution packages. This also renames the '*glance_wsgi_bin'
to '*glance_uwsgi_bin' since it refers to the actual uwsgi package.
Finally, we add the missing 'install_method' conditional when recording
the local facts.
Implements: blueprint openstack-distribution-packages
Change-Id: I063a73ca7d50a0ad0bee57ccc42604802ab08220
Distributions provide packages for the OpenStack services so we add
support for using these instead of the pip ones.
Change-Id: I026a440b6a0fda43b613e30f359b2a23c3c1151f
Depends-On: I5a78e2120e596d36629b4ba978b2b5df76b149b0
Implements: blueprint openstack-distribution-packages
We reinitialize the venv to ensure that the right version of
python is in the venv, but we do not want virtualenv to also
replace pip, setuptools and wheel so we tell it not to. If we
don't do this then virtualenv will install the latest available
version, which is not what we want.
Change-Id: Iefe83a8b6002f423503c11f860a2f85f555a2f0a
Partial-Bug: #1764470
This is causing some trouble with the integrated build. For now,
while we work out the role's build/storage delegation, let's revert
this.
This reverts commit 975675b659, except
for the a-r-r entry which is left in place as it will be needed later.
Change-Id: I111baaf1e3d70c036508cccc31887e0f328a67ce
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed. The exterior role is built to be OSA compatible and may be pulled
into tree should we deem it necessary.
Change-Id: Ie558875fcfbcd92c38d55e2d24087fce90889eaf
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Instead of copying a common set of code between all the roles,
switch to using a common role which checks whether a deploy host
already has the appropriate venv package. If it does not, build
it on the fly and pull it to the deploy host.
Implementing this does away with the requirement to do builds
on the repo container. Once this has been implemented into all
roles then the repo_build role will be retired.
Depends-On: https://review.openstack.org/556840
Change-Id: I57e87406bee5c7d10aa824f18d3142f8f3ac6ab4
When deploying from source, certain distros have their own way of
laying services and deploying them. In this case, Glance uses
eventlet rather than UWSGI when deploying from binary.
This patch moves it into it the specific install file so that
it does not have to be done by binary installs.
Change-Id: If22beb98464b3b41112ffd54a66e8d7603bda2ae
As we are adding binary deployments, it is no longer necessary
for the existance of init_systemd for now. Binary deployments
typically manage and create their own systemd files.
Change-Id: I89ab551c045e7510c347b4991fd69599c66c7995
As we are adding binary deployments, it is no longer necessary
for the existance of pre_install for now. Every install method
will have it's own pre_install inside it's install type tasks
file.
Change-Id: Ia8aadbae6da955912256ebdb97af0fd7a0673a9c
virtualenv-tools has a bug which gets triggered in gates: it can't
change the shebang of a virtualenv python bin/ files if they
were generated with a virtualenv script whose shebang ends with
python2 instead of python.
Because we can't modify virtualenv-tools, we use shell scripts
instead.
Change-Id: I6cc40b4fc473df29c6e3d7844fde6340694d43bb
Partial-Bug: #1741634
Dmitriy Rabotyagov