<service>-config tags are quite broad and have a long execution
time. Where you only need to modify a service's '.conf' file and
similar it is useful to have a quicker method to do so.
Change-Id: I077eaa828c5f80647c5fabd1663436f9f1d1f958
Due to the shortcoming of QManager implementation [1], in case of uWSGI
usage on metal hosts, the flow ends up with having the same
hostname/processname set, making services to fight over same file
under SHM.
In order to avoid this, we prepend the hostname with a service_name.
We can not change processname instead, since it will lead to the fight
between different processes of the same service.
[1] https://bugs.launchpad.net/oslo.messaging/+bug/2065922
Change-Id: I5f7ed7090b0775e64bb9fc261f0c18cccdd4dfb2
During last release cycle oslo.messaging has landed [1] series of extremely
useful changes that are designed to implement modern messaging
techniques for rabbitmq quorum queues.
Since these changes are breaking and require queues being re-created,
it makes total sense to align these with migration to quorum queues by default.
[1] https://review.opendev.org/q/topic:%22bug-2031497%22
Change-Id: If7a239a4af522e8fb8e4ad2f1a17cafb3efaa49b
In order to be able to globally enable notification reporting for all services,
without an need to have ceilometer deployed or bunch of overrides for each
service, we add `oslomsg_notify_enabled` variable that aims to control
behaviour of enabled notifications.
Presence of ceilometer is still respected by default and being referenced.
Potential usecase are various billing panels that do rely on notifications
but do not require presence of Ceilometer.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/914144
Change-Id: Iac58d5d133da0f94241e10bdfd99d02665d68311
In order to allow definition of policies per service, we need to add variables
to service roles, that will be passed to openstack.osa.mq_setup.
Currently this can be handled by leveraging group_vars and overriding `oslomsg_rpc_policies` as a whole, but it's not obvious and
can be non-trivial for some groups which are co-locating multiple services
or in case of metal deployments.
Change-Id: I7411f80830b6bc5d007b26ffdbb37be87c0b521a
Due to bug in masakari upgrade jobs legitimaly fails. While patch [1] to
cover underlying issue was proposed, this blocks us to land anything
until it is merged and backported to 2024.1
With that we set upgrade to NV now to have a progress
[1] https://review.opendev.org/c/openstack/masakari/+/920034
Change-Id: I3d0413c61ed83d1223ddacd6e9682049d254378b
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I49f9a18430f4912fe3e2fda36da6ad2acf6dde35
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: If34f937fe46cc3a2f181324c011fa9c9082d41ad
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I7163d2e68b1f0f97bd31d7734a99f74ed60b1bb5
By overriding the variable `masakari_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the masakari backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I2ea927dbfd7c9164b0f4d5fb793164ce4ad17094
We don't pin packages in masakari role, so dependency on
apt_package_pinning role can be safely removed.
Change-Id: Ife81410d59e8a646aab741bc1a5ef01784bf13b0
Related-Bug: #1979145
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I3f17e680d1bf9e6e34de6b611db2a484eabbded9
This line has been here since the initial commit, but should already
be covered by the distribution_major_version line above.
Change-Id: If4f937f31f11e9b5c235dac6d8119bdc6905257c
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Ib85d59a879972de4f5771335f1772447f39d0219
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: Id5beb6f4b7cafb1841cb2f1cb075cd04d911c456
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I02997d0537ac24bdd261b8bce8f4a2e34e1db74a
This patch fixes an error encounter within the processmonitor. The
libvirt service name has been changed from libvirt-bin (doesn't exist)
to libvirtd. Tested on Ubuntu Server 20.04 (Focal).
Change-Id: I6f909cb0dec22db6b3ab05d2158ac6e0601f9ad3
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: If9bed4699d5a7ab10b6a9779ae6fbde143b747b7
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I933e1edbd4260e2bd61bcceec3ddad8aea85353c
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I0e6ded7eb4642e35ee88f4515aefec6c31f9937e
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Ia712d170740c748002aa44d921ade8750997f8f0
Masakari has added introspectiveinstancemonitor for a while, however it
has not bee implemented in OSA.
Change-Id: I3ae31a3518f5580aadcd9935dda9f1bdabb6ae7e
Definition of the host parameter has been deprecated in favor
of the hostname, which by default set to socket.gethostname().
Since instancemonitor started using hostname param, it should equal
to the names compute has in `compute service list`
To make this change backportable, we explicitly replace parameter to
avoid confusion about missing parameter.
Change-Id: I21c7c8cc90cb10afcc224c7cfb9c8c628e5a308b
We add 2 extra variables, to make corosync port configurable along with
enablement of ipmi checks.
Change-Id: I970bdaad0af79599d8a7c8cf95f89d273eb791de
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: I04790eabe9680a5b2d19a3e721920e5c8f00aa9e
Role default must use openstack bind address when provided, previous
behavior of masakari role was always bind 0.0.0.0
Change-Id: I813edb9ad9d054e1ca32f528b2e702d847cef023
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.
We make a separate task not to restart service when it's not needed.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I8c89b6d193f221faad4db9e1d0b0152f262b823b