Commit Graph

594 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov 835d2add96 Deprecate and remove heat_deferred_auth_method variable
According to documentation this variable have the only option of using
trusts [1]. Moreover, defenition of variable is deprecated and cause a
deprecation warning in service startup logs.

[1] https://docs.openstack.org/heat/latest/configuration/config-options.html#DEFAULT.deferred_auth_method

Change-Id: I0cc68bd8e5961559391be8c2f5a17330ef4ede2f
2024-01-09 13:10:29 +01:00
Dmitriy Rabotyagov a78b40a491 Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I7e4e8b3be33536545b5b4bcfb4855e8c160bb152
2023-10-25 10:32:46 +00:00
Dmitriy Rabotyagov c1cf354dc4 Fix example playbook linters
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I5fd580242544bd79a2b586d4d4e5a767695a18b4
2023-10-25 12:32:26 +02:00
Zuul ba25bd0875 Merge "Use proper galera port in configuration" 2023-08-14 10:55:26 +00:00
Dmitriy Rabotyagov e33cd3a68d Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.

Change-Id: If10b9591f4a97eaf54cf5bd09865d29ae461d639
2023-07-31 15:09:46 +02:00
Dmitriy Rabotyagov 94e5817391 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I68a3041edf0b0eb891fbe1e40081f779fc40c21d
2023-07-14 15:21:35 +02:00
Damian Dabrowski 0964f87c69 Add TLS support to heat backends
By overriding the variable `heat_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the heat backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ifb904adc61f1461e646c3fce0bd062f526b8e446
2023-04-29 18:37:10 +02:00
Dmitriy Rabotyagov 5061ec247c Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/880028
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/880031
Change-Id: Id9540fe5f7577ebbc222a1ae303b16338a1f071b
2023-04-11 11:11:24 +00:00
OpenStack Release Bot 2b27cfad16 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: I29f9ded69d449b2e12eeacf13a3a4b3c2df7e7c2
2022-12-13 13:14:44 +00:00
Dmitriy Rabotyagov 74cf65fd75 Install git into placement containers
If venv_wheel_build_enable is defined to False, placement will fail to
clone and install repositories due to missing git binary.

Change-Id: If1e3eec0c558d1472da7bc3a4e87825e36ba4fdc
Related-Bug: #1989506
Closes-Bug: #1995536
2022-11-15 13:00:34 +00:00
Erik Berg 211a527a7f Remove redundant vars line
This line snuck in with If9f874305d0470f267bc8bbc74e879ec11860cac
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.

Change-Id: I48b67f163ea5cf5d6fb37a9a8ae5678aa8574fe7
2022-09-14 13:17:57 +02:00
Dmitriy Rabotyagov 1d39c7ab44 Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ib5d15aaf56112a776e2b9abb2396f9ea4f4fe319
2022-06-15 18:23:20 +02:00
Dmitriy Rabotyagov a69fc500fa Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.


Change-Id: I1ca40de0eaeacd389e7b54cbf1b06a26840fb4d0
2022-05-30 16:01:30 +02:00
OpenStack Proposal Bot a498b5f8b6 Updated from OpenStack Ansible Tests
Change-Id: I0afa924f3d21bfbd4f2cd8a5511fbae62c994736
2022-04-04 11:41:17 +00:00
Jonathan Rosser 2cf489900f Cleanup setup.py config
Change-Id: Id05d2c2ca482ad387b964507614951fa5d4b23f6
2022-04-04 09:56:10 +00:00
Jonathan Rosser 42fadbc03f Remove legacy policy.json cleanup handler
Change-Id: Ic78fa04baba562f20a7e2288e0834fb3eb825503
2022-02-02 04:13:11 -05:00
Zuul 81121a5370 Merge "Use common service setup tasks from a collection rather than in-role" 2022-01-13 13:12:19 +00:00
Jonathan Rosser a6d2dc414c Use common service setup tasks from a collection rather than in-role
Change-Id: I53c6d9cc38f5765c88c8eb2606cfe38a17ed8325
2022-01-12 17:50:38 +00:00
Jonathan Rosser 33d6e012db Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: If9f874305d0470f267bc8bbc74e879ec11860cac
2022-01-12 08:33:29 +00:00
OpenStack Proposal Bot 3b716a2bbc Updated from OpenStack Ansible Tests
Change-Id: Id898bb089560426e39211abc1c073ccb84d5671d
2021-12-17 16:46:05 +00:00
OpenStack Proposal Bot 03b5e7c28c Updated from OpenStack Ansible Tests
Change-Id: I3648715d2b95ed8c3ef524941c94d35fe1b81556
2021-12-04 17:40:03 +00:00
Damian Dabrowski 6606eed9bf Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I78301a9d98854ba9f80cf6613e62a363f8327dfc
2021-12-03 11:40:56 +01:00
Dmitriy Rabotyagov 9686b31c82 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: Ie4e45d41b070c5abbc3b80305aeee89470ee739a
2021-11-30 15:17:18 +02:00
Dmitriy Rabotyagov 8921f9d36d Do not install ceilometerclient
ceilometerclient has been deprecated and should not be installed anymore

Related-Bug: #1948683
Change-Id: Id788a2287c3c062322dfbe5210b5f69380f3d55e
2021-10-26 13:40:00 +03:00
Dmitriy Rabotyagov e84f7e496a Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.

Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.

[1] 78f0cf99e5/pymysql/connections.py (L267)

Change-Id: I8e689330b76e72df780be3b2f8af066a5fe96a2a
2021-09-21 14:41:59 +03:00
likui a252d5d3f9 Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Change-Id: I1ee02e6249042310bdcd2b01c3403594c0dd3b3b
2021-07-03 21:17:52 +08:00
Zuul d76dbaff51 Merge "[goal] Deprecate the JSON formatted policy file" 2021-06-23 20:36:37 +00:00
Damian Dabrowski f1e08dab1b Fix _service_users for multi-domain deployments
Deployment can fail if an user with name defined in _service_users exists in more than 1 domain(Multiple matches found for <username>). To avoid these errors we need to explicitly define domain in _service_users

Change-Id: I55c5c8b9806188f246af9f2e89afe4a2d1b38b3c
2021-06-04 12:15:43 +02:00
Zuul a4354f293a Merge "Add variables for rabbitmq ssl configuration" 2021-05-31 14:50:24 +00:00
Dmitriy Rabotyagov d91890cc54 Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.


Change-Id: I604c8114da81ad351e2ee9692e07e4f38c521c4b
2021-05-21 15:52:50 +03:00
Jonathan Rosser a71bc07e67 Add variables for rabbitmq ssl configuration
Change-Id: I42fefe84c912c6043bd80665a267d819347a5229
2021-05-17 10:48:49 +00:00
OpenStack Proposal Bot 24e947ba49 Updated from OpenStack Ansible Tests
Change-Id: Ib9d44f22cca32d501b401ce848493441ee87164b
2021-04-19 09:57:51 +00:00
Dmitriy Rabotyagov 5a8cd45701 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-On: https://review.opendev.org/c/openstack/heat/+/766861
Change-Id: I3d1c51a025f2c94cb02f7e0882472344dcb97fa4
2021-03-24 12:12:10 +00:00
OpenStack Proposal Bot 7ec67e9e2a Updated from OpenStack Ansible Tests
Change-Id: Id3e677801d1d2d406e9920a026e645b9eacc190e
2021-03-22 08:46:57 +00:00
Jonathan Rosser 2dc4709537 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: I70349036d45f44b7d951224fa2d27fe417301d87
2021-03-16 08:04:15 +00:00
OpenStack Proposal Bot 8f0af19ca7 Updated from OpenStack Ansible Tests
Change-Id: I1dcca65351ff968fa8142a694def2261eaf6e5c3
2021-03-12 22:18:59 +00:00
Zuul 5baf39e94b Merge "Remove references to unsupported operating systems" 2021-03-10 17:35:35 +00:00
Jonathan Rosser 22b5051802 Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I1a9fd61f8690621144fc26eec762527d6ffcc33c
2021-03-10 12:16:38 +00:00
Jonathan Rosser ffd42757b7 Switch default virtualenv to python3
Change-Id: I5fe4c8689291d2868628aac7a5eacdc286b9dfbb
2021-03-10 08:52:34 +00:00
Zuul baceb2e03b Merge "Move heat pip packages from constraints to requirements" 2021-01-28 15:38:00 +00:00
Jonathan Rosser 0ae39643ce Move heat pip packages from constraints to requirements
This is necessary to use the new pip resolver

Change-Id: I1c18871b81117654e12b9690a9d112236ba4eeff
2021-01-25 10:04:22 +00:00
dmitriy fa3498e656 [reno] Stop publishing release notes
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.


Change-Id: I83771f521cfd6cd485983259de2d41444b7207b2
2021-01-22 18:25:32 +02:00
Dmitriy Rabotyagov 9dc51b5386 Use global service variables
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.

Change-Id: I73d5e7334c076f4d0dd18b157307aa31cfb541a9
2021-01-08 16:51:18 +02:00
Dmitriy Rabotyagov 7d14b4e76b Reduce number of processes on small systems
Even the most modest 4C/8T system would run with the maximum 16 processes
due to the calculation being VCPU*2.

We devide amount of CPUs to number of threads for hyperthreaded CPUs

Change-Id: Ia0304a9314029b5678a3f730d662be6580b17a77
2020-11-11 14:06:09 +00:00
zhoulinhui 0fb579a11d Replace deprecated UPPER_CONSTRAINTS_FILE variable
Change-Id: Id585bae9c2766a033d7daaa286a435ae69873a04
2020-11-10 13:11:42 +08:00
OpenStack Proposal Bot 1019c1a398 Updated from OpenStack Ansible Tests
Change-Id: I5e84896583ae22d2cf548595446d588590ff4268
2020-10-19 09:20:00 +00:00
Dmitriy Rabotyagov 4b23b72b4a Trigger uwsgi restart
When we were migrating service to uwsgi usage, we clean forgot to
trigger uwsgi restart on service config change.

Change-Id: I9c470d5555e5d2841018be3112c1b82e75e60021
2020-10-08 17:32:55 +03:00
Zuul 5feac77db7 Merge "Updated from OpenStack Ansible Tests" 2020-10-02 17:46:24 +00:00
Jonathan Rosser 22cef2957b Fix linter errors
Change-Id: Ib96a0ec7795b258548ecc3dd1baaa7c3cd35ab3f
2020-10-01 17:23:36 +01:00
OpenStack Proposal Bot 99c960fd53 Updated from OpenStack Ansible Tests
Change-Id: I89d614301bffb4afeec73cdf7e50cc358df5b459
2020-10-01 14:30:18 +00:00