With efforts to create a resources in same, unified way,
we convert tempest role to use openstack_resources
for creating and managing openstack resources, like projects, flavors,
networks, images, etc. This should reduce maintenance costs
in case of futher collection updates and unify approach.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/911377
Change-Id: I658e6218cf59650d0abfa491ebaa6d3c37db2993
Magnum playbook flushes handlers(that cause service restart) and then
it starts creating magnum resources right away.
In some cases(for ex. magnum tls upgrade job), magnum haproxy endpoint
is down before playbook flushes handlers. It means that after flushing
them, haproxy healthchecks need some time to rise magnum endpoint.
In this case, there is a high chance that playbook will try to connect
to magnum endpoint before haproxy marks it as alive.
To solve this issue, this patch implements an extra task to ensure
that magnum endpoint is reachable before playbook tries to reach it.
This patch also fixing linters issue in an example playbook to resolve
circular dependency.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I36cf9f4b71daa107e27e966ebe25816c7bffa42a
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I68c3d98de3a0a4444c0c1ea0cc528901613a63bd
By overriding the variable `magnum_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the magnum backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id3413eb53ab2948de61b2e67f85c5a19fc670434
This line came with Idbf1b737a11b0bb2460989b2881395ee87a90429
for the "multi-distro framework", but should since be covered
by the distribution_major_version line above, introduced at
a later date.
Change-Id: Ib4ddea834cc5bbe043a32118d8fff0571ac816bc
There's no reason to run service_setup for each magnum container
as it's enough to be done once. So we're including role only
when it's first host in the play.
Change-Id: I8f282d4a284e0de395081251f6622df0c1daeeb3
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I0aa7af76b19d143128113557fec3ab928280faab
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: Ib1752953c8afaa4d56d4b0951d8346be4379536f
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.
We make a separate task not to restart service when it's not needed.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: Ie246d803b5c4e490af76351a595aedcf2fcff62b
os_ prefixed module names are deprecated for a while and will be removed
Current usage generates a warning for users.
Depends-On: Ic31fd78bb5ad9cd484f44e63ba02db7424a500d5
Change-Id: I0dae6805ac5883f75bed138d652d0dd0bd1594fb
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: I295b6f99422ba81d14a04129939648d0722dd584
These packages should not be directly installed onto the target host
as they are only required at wheel build time.
Change-Id: I2d6358bde5d00700e11ce7eb1fb1724e02f999e4
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: Idd1c6c9ad7f5165b8e12e156ab6398b28c5e799a
Since ansible feature has been implemented and we can reference
openstack domain with it's name but not only id,
we can simplify service creation task.
Change-Id: Ia74faf6b686c6a1f59d9e920aa91b36bd1b27019
In case `keystone-auth-enabled` is true in k8s template, magnum requires
keystone_auth_default_policy file to be present.
At this point we suggest creating corresponding roles by deployers
manually, since it's not enabled by default or used widely.
Change-Id: I77bfd3026e3168d7504ef3dc5214cfe706c525dd
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Depends-On: https://review.opendev.org/747981
Change-Id: Ia60bdb33889a3d0c2e080dab9badbdd777fcdbeb
Creation of cluster templates is pretty routine operation wich
might be easily automated with ansible.
Depends-On: https://review.opendev.org/710245
Change-Id: Ib7f99714502ba94604b8f0bb997c77a768af6d1d
We delegate the post-installation steps to localhost, but we do not
limit to running them once so we download them multiple times :(
Change-Id: I0f0e97ac8ec625f26bf1cf6437457f3733cd5e8c
The os_user module in newer versions of ansible (2.8.5) rejects to
create users where the default project is not existing in the user's
domain. So create the magnum_trustee_domain_admin user with an empty
default project.
For details see: https://github.com/ansible/ansible/pull/59876
Change-Id: I8e005df0de39bf2f4790c06ed1b311ff0caa070a
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Change-Id: I354ff3e81f4f4586aa2d52e1dcd8359c16a9e39a
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
Change-Id: Iec426e8161da2e92f075d87bae3f4a28a05dd2b1
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: I8be07495dd84f085de6d4409f2efd67a8359d82e
Dmitriy Rabotyagov