With efforts to create a resources in same, unified way,
we convert tempest role to use openstack_resources
for creating and managing openstack resources, like projects, flavors,
networks, images, etc. This should reduce maintenance costs
in case of futher collection updates and unify approach.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/911377
Change-Id: I658e6218cf59650d0abfa491ebaa6d3c37db2993
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: Ic5b425564e494502722106f94e406dc2ed69dcde
Magnum playbook flushes handlers(that cause service restart) and then
it starts creating magnum resources right away.
In some cases(for ex. magnum tls upgrade job), magnum haproxy endpoint
is down before playbook flushes handlers. It means that after flushing
them, haproxy healthchecks need some time to rise magnum endpoint.
In this case, there is a high chance that playbook will try to connect
to magnum endpoint before haproxy marks it as alive.
To solve this issue, this patch implements an extra task to ensure
that magnum endpoint is reachable before playbook tries to reach it.
This patch also fixing linters issue in an example playbook to resolve
circular dependency.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I36cf9f4b71daa107e27e966ebe25816c7bffa42a
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: Id8c269eeed160709f1f97c8e60b9fba484154bb5
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: Icf0be2ec722383363b2145955bdaa5b02bcae9a2
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I68c3d98de3a0a4444c0c1ea0cc528901613a63bd
By overriding the variable `magnum_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the magnum backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id3413eb53ab2948de61b2e67f85c5a19fc670434
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: Ibf6b05d89cf1d8f113881d64878c58256b865342
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Ie16e753aa20b2ceeba63839f25e89ff13a571b3c
This line came with Idbf1b737a11b0bb2460989b2881395ee87a90429
for the "multi-distro framework", but should since be covered
by the distribution_major_version line above, introduced at
a later date.
Change-Id: Ib4ddea834cc5bbe043a32118d8fff0571ac816bc
As of today we didn't manage amount of magnum-conductors that equal to
amount of CPU on host. So things can go off regarding CPU and memory
consumption. For better control on resources we add variable to control
conductor workers.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/846151
Change-Id: I3eedd74717b3b621b4e0b6ae4a8df4ee6f1eb739
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I7bd4a4623db0913fee84afc237c4bbb520f26c76
The python_venv_build role is responsible for setting up the build
environment for python wheels so this role should not install
python development packages
Change-Id: I13d8d4fa8f1de4822a671971232ac3960edc0759
There's no reason to run service_setup for each magnum container
as it's enough to be done once. So we're including role only
when it's first host in the play.
Change-Id: I8f282d4a284e0de395081251f6622df0c1daeeb3
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I0aa7af76b19d143128113557fec3ab928280faab
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I305c6f4fb0b20e6e916fff7c912e8664733a902e
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: Ib1752953c8afaa4d56d4b0951d8346be4379536f
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: Ib9d0b810bf5aef475021f886dd19348548a7ec9a
We were missing region definition for trust section which resulted in
issues in multiregion deployments
Change-Id: I8a569f47c0f3100f4c49dde01c58b31338ab1182
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I9d536bdb13761bf74708641c73a5041d301684cb
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.
We make a separate task not to restart service when it's not needed.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: Ie246d803b5c4e490af76351a595aedcf2fcff62b
os_ prefixed module names are deprecated for a while and will be removed
Current usage generates a warning for users.
Depends-On: Ic31fd78bb5ad9cd484f44e63ba02db7424a500d5
Change-Id: I0dae6805ac5883f75bed138d652d0dd0bd1594fb