Commit Graph

570 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov ceca11a27d Adopt for usage openstack_resources role
With efforts to create a resources in same, unified way,
we convert tempest role to use openstack_resources
for creating and managing openstack resources, like projects, flavors,
networks, images, etc. This should reduce maintenance costs
in case of futher collection updates and unify approach.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/911377
Change-Id: I658e6218cf59650d0abfa491ebaa6d3c37db2993
2024-03-05 20:40:12 +00:00
Andrew Bonney 3c476298a8 Add missing magnum octavia client configuration
Omitting this config causes Magnum to use the public endpoint
by default.

Change-Id: I41122f166806b30e07067c539c182f98c6919134
2023-12-14 10:35:07 +00:00
Andrew Bonney be34b1eea6 Add missing libxml2 distro packages
Change-Id: Iece3498eba9ee41f2008500e983cf3355bcd17fb
2023-11-30 10:23:01 +00:00
Zuul a5fb39c879 Merge "Add tag for creating magnum resources" 2023-11-13 21:22:27 +00:00
Dmitriy Rabotyagov 1b7360802f Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: Ic5b425564e494502722106f94e406dc2ed69dcde
2023-11-08 08:48:39 +00:00
Jonathan Rosser 1ec5a2e8c4 Add tag for creating magnum resources
This cannot currently be run without running other parts of the role.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: Ia3c4bb2a0d61a1b741b9b5bc77b62acf8b79f00b
2023-11-08 08:48:33 +00:00
Damian Dabrowski 9709e102df Wait for magnum endpoint before creating cluster templates
Magnum playbook flushes handlers(that cause service restart) and then
it starts creating magnum resources right away.

In some cases(for ex. magnum tls upgrade job), magnum haproxy endpoint
is down before playbook flushes handlers. It means that after flushing
them, haproxy healthchecks need some time to rise magnum endpoint.
In this case, there is a high chance that playbook will try to connect
to magnum endpoint before haproxy marks it as alive.

To solve this issue, this patch implements an extra task to ensure
that magnum endpoint is reachable before playbook tries to reach it.

This patch also fixing linters issue in an example playbook to resolve
circular dependency.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I36cf9f4b71daa107e27e966ebe25816c7bffa42a
2023-11-08 08:48:08 +00:00
Dmitriy Rabotyagov 97afbcce92 Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.

Change-Id: Id8c269eeed160709f1f97c8e60b9fba484154bb5
2023-08-17 14:57:34 +00:00
Dmitriy Rabotyagov 136fb01192 Define constraints file for docs and renos
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.

The patch will ensure that constraints are used an we should not face
simmilar issue again.

TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.

Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.


Change-Id: Icf0be2ec722383363b2145955bdaa5b02bcae9a2
2023-08-17 16:32:21 +02:00
Dmitriy Rabotyagov bfbf0db8fb Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I68c3d98de3a0a4444c0c1ea0cc528901613a63bd
2023-07-14 18:02:08 +02:00
Damian Dabrowski c9fb7e4f46 Add TLS support to magnum backends
By overriding the variable `magnum_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the magnum backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id3413eb53ab2948de61b2e67f85c5a19fc670434
2023-05-16 15:04:39 +00:00
Dmitriy Rabotyagov 2b6859ee2a Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/879963
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/880047
Change-Id: I2327ed957133ad0a918fb1d2e215952b4184c61f
2023-05-16 15:04:29 +00:00
Dmitriy Rabotyagov 3591a729dd Rename floating IP option for coe_cluster_template
With new collection version, this option was renamed.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/881566
Change-Id: I072ef995d14b2301d308ef1af958e28154f882c4
2023-05-12 22:06:06 +00:00
Dmitriy Rabotyagov 50f4db5bac Update tox.ini to work with 4.0
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`


Change-Id: Ibf6b05d89cf1d8f113881d64878c58256b865342
2022-12-27 17:53:21 +01:00
OpenStack Release Bot 2d94315931 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: Ie16e753aa20b2ceeba63839f25e89ff13a571b3c
2022-12-13 13:16:18 +00:00
Erik Berg 751b55d01e Remove redundant vars line
This line came with Idbf1b737a11b0bb2460989b2881395ee87a90429
for the "multi-distro framework", but should since be covered
by the distribution_major_version line above, introduced at
a later date.

Change-Id: Ib4ddea834cc5bbe043a32118d8fff0571ac816bc
2022-09-14 13:29:49 +02:00
Danny Nelhams 719280a83e Fixed dest typo in config_template
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/846145
Change-Id: I986113491800f9432ebcc8ea82b8f4362671c5d2
2022-06-18 07:42:47 +00:00
Dmitriy Rabotyagov 4c4c70a376 Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/846142
Change-Id: Ic77d8645613d265997895b6742b334336ce00ec1
2022-06-17 08:29:33 +00:00
Dmitriy Rabotyagov 5e1780b809 Control amount of conductor workers
As of today we didn't manage amount of magnum-conductors that equal to
amount of CPU on host. So things can go off regarding CPU and memory
consumption. For better control on resources we add variable to control
conductor workers.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/846151
Change-Id: I3eedd74717b3b621b4e0b6ae4a8df4ee6f1eb739
2022-06-17 08:24:58 +00:00
Dmitriy Rabotyagov 1a3615afdf Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.


Change-Id: I7bd4a4623db0913fee84afc237c4bbb520f26c76
2022-05-30 16:01:30 +02:00
OpenStack Proposal Bot ecdf20801d Updated from OpenStack Ansible Tests
Change-Id: I7eae4bd0e5322d11a75683e5008db96cfc36d548
2022-03-31 20:15:05 +00:00
Marc Gariepy d18196b6dd Cleanup setup.py config
Change-Id: Icd1ce8fabb545a011bd234705035ec58602728e9
2022-03-31 10:39:23 -04:00
Jonathan Rosser e8689aa838 Remove legacy policy.json cleanup handler
Change-Id: I93454489ef354329faf1443f0f08cb3eb142a8aa
2022-02-02 04:16:21 -05:00
Jonathan Rosser 847b0c2636 Do not install python development packages
The python_venv_build role is responsible for setting up the build
environment for python wheels so this role should not install
python development packages

Change-Id: I13d8d4fa8f1de4822a671971232ac3960edc0759
2022-02-02 04:16:21 -05:00
Zuul 4f4049170e Merge "Run service_setup only once" 2022-01-14 16:02:26 +00:00
Zuul 8616f479d2 Merge "Use common service setup tasks from a collection rather than in-role" 2022-01-13 13:16:08 +00:00
Dmitriy Rabotyagov 407e3d74b2 Run service_setup only once
There's no reason to run service_setup for each magnum container
as it's enough to be done once. So we're including role only
when it's first host in the play.

Change-Id: I8f282d4a284e0de395081251f6622df0c1daeeb3
2022-01-13 13:10:21 +02:00
Jonathan Rosser 2604f534a8 Use common service setup tasks from a collection rather than in-role
Change-Id: Ie906228e6613d8453835ae8c52c3c4dce1adfae2
2022-01-12 17:53:51 +00:00
Jonathan Rosser b7b1f44a03 Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: I0aa7af76b19d143128113557fec3ab928280faab
2022-01-12 08:29:41 +00:00
OpenStack Proposal Bot aca234f956 Updated from OpenStack Ansible Tests
Change-Id: I452e51956b5b6370cef864147225174c627403bc
2021-12-17 16:46:28 +00:00
OpenStack Proposal Bot 927f7cbb83 Updated from OpenStack Ansible Tests
Change-Id: I47eccbac8b9d88cc0f0c36b489914b0b2fb709d6
2021-12-04 17:40:19 +00:00
Damian Dabrowski 03990bb4a0 Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I305c6f4fb0b20e6e916fff7c912e8664733a902e
2021-12-03 11:41:01 +01:00
Dmitriy Rabotyagov 368580e00d Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: Ib1752953c8afaa4d56d4b0951d8346be4379536f
2021-11-30 15:17:22 +02:00
Dmitriy Rabotyagov fd8337a796 Drop config_template from role
Change-Id: Ic4c062680efe7dbd3a7edb3d34d96d203a55233c
2021-11-23 19:29:00 +02:00
Dmitriy Rabotyagov db5ac1dc35 Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.

Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.

[1] 78f0cf99e5/pymysql/connections.py (L267)

Change-Id: Ib9d0b810bf5aef475021f886dd19348548a7ec9a
2021-09-21 15:38:59 +03:00
Dmitriy Rabotyagov 9f3dfd20b0 Define region for Magnum trust
We were missing region definition for trust section which resulted in
issues in multiregion deployments

Change-Id: I8a569f47c0f3100f4c49dde01c58b31338ab1182
2021-05-28 12:55:04 +03:00
Dmitriy Rabotyagov bbbaaa30db Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.


Change-Id: I9d536bdb13761bf74708641c73a5041d301684cb
2021-05-21 15:52:58 +03:00
Zuul deeba4fb96 Merge "Add variables for rabbitmq ssl configuration" 2021-05-18 14:28:22 +00:00
Jonathan Rosser e5e064e055 Add variables for rabbitmq ssl configuration
Change-Id: I84a8cbf8f1bbfa40fbf107f346c4564905244ecd
2021-05-17 14:56:46 +00:00
Zuul c89938d358 Merge "[goal] Deprecate the JSON formatted policy file" 2021-04-21 11:29:31 +00:00
Dmitriy Rabotyagov af92c6ae79 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: Ie246d803b5c4e490af76351a595aedcf2fcff62b
2021-04-20 16:49:08 +00:00
OpenStack Proposal Bot 97e83a07ca Updated from OpenStack Ansible Tests
Change-Id: I4574b83e344c6b1da735cda07ecbde617152be3c
2021-04-19 09:58:31 +00:00
OpenStack Proposal Bot 0a3480baa8 Updated from OpenStack Ansible Tests
Change-Id: If649bb18809fa035db53c944c3f7b027f9f0a855
2021-03-22 08:47:35 +00:00
Zuul cbb7a67326 Merge "Use ansible_facts[] instead of fact variables" 2021-03-20 01:29:35 +00:00
Zuul 7052a1bb3a Merge "Updated from OpenStack Ansible Tests" 2021-03-19 21:11:44 +00:00
Zuul 8f6d7d0a74 Merge "Use new openstack.cloud collection names" 2021-03-19 21:11:41 +00:00
Zuul fb2b7790b8 Merge "Switch default virtualenv to python3" 2021-03-18 18:35:15 +00:00
Jonathan Rosser f75dc9c797 Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ic7b58cc4e4840d342f48b7c9ec90953d5dce4ab5
2021-03-16 08:05:20 +00:00
OpenStack Proposal Bot 8d04aea88d Updated from OpenStack Ansible Tests
Change-Id: Ic6f0777628ce83b20181c3175a2937422011d982
2021-03-12 22:19:31 +00:00
Dmitriy Rabotyagov 7790c54080 Use new openstack.cloud collection names
os_ prefixed module names are deprecated for a while and will be removed
Current usage generates a warning for users.

Depends-On: Ic31fd78bb5ad9cd484f44e63ba02db7424a500d5
Change-Id: I0dae6805ac5883f75bed138d652d0dd0bd1594fb
2021-03-11 22:30:32 +00:00