This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I81216a7eabe6b99d08ab15a62c046108fcb2bfc5
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Id92330b3c709201a74612c8353cefa75778eac0c
At the moment we don't provide any option rather then use memcached
backend. With that we also hardocde list of packages that should be
installed inside virtualenv for selected backend.
Adding bmemcached requirement to oslo_cache.memcache_pool [1] gives us
opportunity to refactor this bit of deployment and allow to be more
flexible in backend selection and requirements installation for it.
[1] https://review.opendev.org/c/openstack/oslo.cache/+/854628
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/858981/4
Change-Id: I2810208301fb31eeeabf31e4b38add7f8aa3e00b
Instead of having own implementation of uwsgi, use common role.
This allows to reduce maintainable code and ease
providing fixes and features to uwsgi deployment code.
Change-Id: I2dc9c749c37e41959da2403fab7512ab17b859e4
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: Iac06d3f02b1c9ee5e3bfbd28043fbb70d8b1d328
The files and templates we carry are almost always in a state of
maintenance. The upstream services are maintaining these files and
there's really no reason we need to carry duplicate copies of them. This
change removes all of the files we expect to get from the upstream
service. while the focus of this change is to remove configuration file
maintenance burdens it also allows the role to execute faster.
* Source installs have the configuration files within the venv at
"<<VENV_PATH>>/etc/<<SERVICE_NAME>>". The role will now link the
default configuration path to this directory. When the service is
upgraded the link will move to the new venv path.
* Distro installs package all of the required configuration files.
To maintain our current capabilities to override configuration the
role will fetch files from the disk whenever an override is provided and
then push the fetched file back to the target using `config_template`.
Change-Id: I93cb6463ca1eb93ab7f4e7a3970a7de829efaf66
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Distributions provide packages for the OpenStack services so we add
support for using these instead of the pip ones.
Depends-On: I5a78e2120e596d36629b4ba978b2b5df76b149b0
Depends-On: Ib64dcbc960df7d369d202ce8cf7bdc29b3ee0e0a
Depends-On: Id9dd2dea146709414ab9ce8d439f1587e6776fd4
Depends-On: I2ba89e25c0010c9a5b515a3d0c9c731b30876e74
Depends-On: I0442b0aa94c3d0882d1118ad0c824d123bd21c88
Change-Id: I26848678dd07a409ef3e159cffb4ba6f0a228ab4
Implements: blueprint openstack-distribution-packages
When deploying the base templates for api-paste, policy files
and other files which are included in the service git source,
we now use the venv files instead of requiring access to a
git source and a complex set of lookups and variable
implementations.
This is simpler and more cross-series, and works from Queens
due to the related bug's patches.
Change-Id: I6a4e2514e66b15b2ae227e62b6dc9ae1a50a4fbd
Related-Bug: #1718356
This patch implements the use of uWSGI exclusively,
always with a web server acting as a reverse proxy.
It removes the option of using uWSGI with Apache
and mod_wsgi.
In the case of Keystone being used in a Federated
Service Provider configuration, it will use Apache
as the web server but for all other environments
it will use Nginx instead.
Change-Id: If6e95fc0d3f7d34780db1aed2b8cedca87499934
In order to optimise the distro package installation
process the list of packages to install is prepared
for the host, then installed by passing the package
task the full list instead of using a loop.
Change-Id: Ia5c8f31470f0f917ee556ca1157b9191da9d0d2c
The current mechanism uses a lookup, causing the
fetch of the default templates to happen via curl
from the deployment node. This causes problems if
the deployment node does not have access to the
repo server web service, which may be the case in
high security environments.
This patch changes the mechanism to only use the
lookup module for the file content that is on the
deployment node, then falls back to using the uri
module to fetch the default content. This ensures
that the deployment node does not have to reach
into the environment for the content.
Also, in https://review.openstack.org/446235 a
new task was added to template the paste/policy
files from the git source but the owner/group/mode
settings were not implemented. This patch
consolidates the two config_template tasks into
one and ensures that the owner/group/mode settings
are properly implemented for all the files.
Change-Id: I47de2e4b1c864035c8b686e96e65722f312b7280
Dmitriy Rabotyagov