Due to the shortcoming of QManager implementation [1], in case of uWSGI
usage on metal hosts, the flow ends up with having the same
hostname/processname set, making services to fight over same file
under SHM.
In order to avoid this, we prepend the hostname with a service_name.
We can not change processname instead, since it will lead to the fight
between different processes of the same service.
[1] https://bugs.launchpad.net/oslo.messaging/+bug/2065922
Change-Id: I0c310abd4c2144a068e75aaea665befeee0a5ff6
We don't run functional tests anymore so it's time to clean-up all
related bits.
Integrated tests should be used instead.
Change-Id: If1d799aec0c2d547c30c13496e45a010c5c0caaa
During last release cycle oslo.messaging has landed [1] series of extremely
useful changes that are designed to implement modern messaging
techniques for rabbitmq quorum queues.
Since these changes are breaking and require queues being re-created,
it makes total sense to align these with migration to quorum queues by default.
[1] https://review.opendev.org/q/topic:%22bug-2031497%22
Change-Id: Iffffbf0c567f68f6e3e26fc7fce4dd5e2317d4f3
In order to be able to globally enable notification reporting for all services,
without an need to have ceilometer deployed or bunch of overrides for each
service, we add `oslomsg_notify_enabled` variable that aims to control
behaviour of enabled notifications.
Presence of ceilometer is still respected by default and being referenced.
Potential usecase are various billing panels that do rely on notifications
but do not require presence of Ceilometer.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/914144
Change-Id: I1bffec218f903ea16cbd06e7abf28b8139024df8
In order to allow definition of policies per service, we need to add variables
to service roles, that will be passed to openstack.osa.mq_setup.
Currently this can be handled by leveraging group_vars and overriding `oslomsg_rpc_policies` as a whole, but it's not obvious and
can be non-trivial for some groups which are co-locating multiple services
or in case of metal deployments.
Change-Id: Ifbda391bf0c91a51ecea5e78ba7311e3d64c8ffc
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/919714
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/919702
Change-Id: I02302332819be71346a256a86ae58fed3892279a
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: I245b4d7f526380862fce2d88fbcd7ab1b8ed4053
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I795e7a7423d3efd5168dd8e8d89b3c86aa13c31f
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I9110294e492a501204c8e92448a2f2929781a509
We're dropping Ubuntu Focal support early in 2023.2 release,
so we need to switch all jobs to Jammy before this happens.
Change-Id: I77e88c183c1dcdd03a8537c4a6e68b98f0f7f86b
By overriding the variable `manila_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the manila backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I38b95b73301d2210f64105c20f389c74498a5345
This was introduced when the role was created using os_cinder as
a starting point [1], as has never been used in the manila role.
[1] f9bfb7f0bc
Change-Id: I57df438cd25efd30e0e437470fc34df8fea1317c
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I4eec982a682bfff121f9658c6d4eb3d1db8cb94f
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: Ibbb153da7fd38b2a7df2b13480f647ab95d96d81
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Ib73aca403b1f053944ea269287245ac7c7c651ca
For backends creation we verify that API is reachable. With that on real
deployments we disable container we're running against on haproxy.
This results in task failure. To avoid that we add backends when
share/data services for manila. This is done in separate play when
all API backends should be enabled and functioning properly.
Change-Id: I6dcbae2896668f5fbb6f09bffc94cb6e90699e92
Closes-Bug: #1979209
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ie5ebb4d68ed06cff26462dc55092fda8a9ad2f44
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: Ia04bd0a729100ed3f0bade9185b0703ce903635f
Instead of running manilaclient on manila host, we're delegating
execution to service_setup_host. This reduce
complexity and remove some requirements for manila hosts.
With that we also replace usage of manilaclient
with openstackclient.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/845998
Change-Id: Ie04d9e1690e0f053e86e28e0bf1d6c3aa43774b0
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Ic728c71b6d1f44b903ac0ade0ab2516a6cdc16fb
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I4983e2e13eb3ec29b0417094cf66629ce0f89052
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I94b3f8ba5116cdfb94e9d0dc575bd7edb1d27b3c
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: If245cd3f12a919933d912205dd60f1e02f555f7c
Dmitriy Rabotyagov
OpenStack Release Bot