Commit Graph

26 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov c0783fcdf5 Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Change-Id: I4781a0c23274b145970b3269e517c2a62497acc4
2023-10-20 12:34:55 +00:00
Dmitriy Rabotyagov d94e57f17b Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Change-Id: Id8215882ee528d4c3055479e770c7432616649ba
2023-07-17 15:38:00 +02:00
Dmitriy Rabotyagov 8499e1713e Switch default provider to amphorav2
Amphorav1 has been deprecated and is removed early at the
beginning of the 2023.2 cycle. With that Antelope is perfect time for
switching the default.

[1] 6c0515c988

Change-Id: I133f20a6d971832138708101e6a8380d23e75cf2
2023-04-24 16:16:20 +02:00
Dmitriy Rabotyagov c672dc1848 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I4a3346c90825a4bf0b416943286696fa529f526d
2023-04-14 19:26:26 +00:00
Dmitriy Rabotyagov aeb1dbf1dd Add coordination to octavia
This also enables usage of amphorav2 when coordination is
available.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/867049
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/867052
Change-Id: I1234d36c58da3f6754cda1951ee4cc49f979ae0c
2022-12-08 20:47:00 +00:00
Dmitriy Rabotyagov ebac6ccb5e Fix distro support option for Octavia
Distro instalaltion has been broken for a while and CI disabled for it.
With this commit we're fixing path and returning back
CI testing of it.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/837845
Change-Id: Ia715e0506e45ead6ed8ecffac3fbd70e9849da13
2022-05-11 07:49:39 +00:00
Dmitriy Rabotyagov e7b394dd58 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/787199
Change-Id: Idd28e5df99bfcf51bad2b785be41221eb0fe5142
2021-04-20 13:37:42 +00:00
Jonathan Rosser 02051cb53a Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I4153df38980650c726cc1a79320b22e1e07605cf
2021-03-10 12:16:39 +00:00
Dmitriy Rabotyagov aef1b1723a Define condition for the first play host one time
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.

Change-Id: Icf411ab2df0f6e937ce056b085fee97b89fe8361
2020-12-04 13:43:59 +00:00
root 9c108039ff Add centos-8 support
Reverting systemd-devel

Change-Id: I1f11ba98140b0fef396dcb1d8af4609e35f79104
2020-07-07 00:49:31 -04:00
Dmitriy Rabotyagov 333e6f1fc7 Start using uWSGI role
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.

Change-Id: Iaeb10f2e3018f8b19d47d5a557e6fc7beb0fb9cf
2019-09-05 15:26:52 +03:00
Dmitriy Rabotyagov 56ee4fe928 Convert dynamic includes to static imports
When task/role files are included using include_tasks, tags are not
passed to the included tasks. As a result, tags like swift-config
do not have the intended effect. This patch changes include_tasks
to import_tasks for all cases where dynamic vars or loops are not used
so that tags are properly handled.

Reference -
https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse.html
https://bugs.launchpad.net/openstack-ansible/+bug/1815043

Change-Id: I447c0096708c50c2a3b003af84ca7af4dd72c5f5
2019-08-07 19:27:25 +03:00
Dmitriy Rabotyagov 048a43bd81 Use systemd-journald instead of log files
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.

Depends-On: https://review.opendev.org/670824/
Change-Id: I8cfdd46a57a91ef3b1879bf85b03cced74234451
2019-07-17 00:18:58 +03:00
Jean-Philippe Evrard 9326307c88 Add openSUSE support
Change-Id: If43b8749fba60b9995adc601c23fb167a41cd129
2019-07-10 11:26:39 +00:00
Vadim Kuznetsov 6aa925e792 Add support for using distribution packages for OpenStack services
Distributions provide packages for the OpenStack services so we add
support for using these instead of the pip ones.

Change-Id: I7eb1cbe2c80ee889d2ae08dcfed6a19cc1bd3415
Depends-On: Ide70b5d8f67d8c8a87e3f16671f0f7fb72338b89
Depends-On: I8de48eb1fb4c8d321098ca54b9e21270edc7ac87
Depends-On: Ia5fda5d417b79189d048c8891b84d57331df1404
Implements: blueprint openstack-distribution-packages
2019-06-28 07:11:21 +00:00
Guilherme Steinmüller 48ab3f8bae debian: add support
This patch adds the Debian jobs for this role to make sure
it's always passing as well as updates the meta to reflect
it's support of Debian accordingly.

Depends-On: I9a92b73c419a0dc1cca40dacfef75de61a61db94
Change-Id: Idb2ec1248f22a039a723f513ce5cb88208a5fc4c
2019-04-09 17:02:26 +00:00
Mohammed Naser 376ddeb48f Convert role to use a common systemd service role
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This changet  removes a
lot of code duplication across all roles all without sacrificing features
or functionality. The intention of this change is to ensure uniformity and
reduce the maintenance burden on the community when sweeping changes are
needed. The exterior role is built to be OSA compatible and may be pulled
into tree should we deem it necessary.

In addition, it re-orders some tasks for consistency with other roles.

Change-Id: I124873a6ab96aa95f886ce146d28e7340c90d40d
2018-10-25 09:03:55 +00:00
Jesse Pretorius 14d5186079 Remove octavia_requires_pip_packages
In order to reduce the packages required to pip install on to the hosts,
we use service delegation to octavia_service_setup_host so that instead
of installing software on the target host, and putting credentials on
every target host, we isolate the software and credentials to a single
host.

In this patch we finally remove octavia_requires_pip_packages as it is
no longer required given that all services use delegation to the
octavia_service_setup_host now. We also remove the task which used to
install them.

We also remove the meta dependency on the openstack_openrc role because
the target host does not require openrc/clouds.yaml any more.

We remove the variable 'octavia_ansible_endpoint_type' as it is no longer
used.

We finally remove the python-pip package from the distro packages, as
with these changes, pip is no longer required on the host - everything
installed by pip is isolated into a venv.

Change-Id: If3f65fdb8a59a3c41cb8c2f0dee6b2e5a71f05c7
2018-08-19 18:18:47 +01:00
Jesse Pretorius bd9f0c0723 Clean up tests a bit
1. Remove tests/test-configure-octavia.yml because the 'shade' package
   does not need to be installed again - this is already done by the
   role test preparation.

2. Remove the key generation as the keys are already generated in the
   common tests playbook 'test-prepare-keys.yml'.

3. Add some spacing between tasks to make it more readable.

4. Implement the extra packages needed in test-requirements.txt instead
   of trying to use a task to install them, because doing it in Ansible
   makes understanding the venv in relation to the inventory complicated..

5. Move the vars_files argument to the top of the play to make it easier
   to find and more uniform with other plays in OSA.

6. Switch from using octavia_ansible_endpoint_type to a hard-coded
   endpoint, then remove the octavia_ansible_endpoint_type var.

7. Switch from using the 'endpoint_type' argument for the openstack
   modules to using the more modern 'interface' argument.

8. Remove the 'run_once' argument on the 'Upload key to nova' task
   because only localhost is targeted, so the argument is moot.

9. Remove the 'Set VIP fact' task in favor of just using the 'vip_output'
   register in the 'Test the Listener' task. Setting a fact is pointless.

10. To help the existing patches pass, we add python-pip to the distro
    packages. This will be reverted later once the required changes
    to remove this requirement have merged.

Depends-On: https://review.openstack.org/589248
Change-Id: I46962090f7baf4227e838e125fd318245f2bcb85
2018-08-19 18:16:30 +01:00
Jesse Pretorius b6d495c9c9 Move MQ vhost/user creation into role
There is no record for why we implement the MQ vhost/user creation
outside of the role in the playbook, when we could do it inside the
role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement two new variables:
- octavia_oslomsg_rpc_setup_host
- octavia_oslomsg_notify_setup_host

These are used in the role to allow delegation of the MQ vhost/user
setup for each type to any host, but they default to using the first
member of the applicable oslomsg host group.

We also adjust some of the defaults to automatically inherit existing
vars set in group_vars form the integrated build so that we do not
need to do the wiring in the integrated build's group vars. We still
default them in the role too for independent role usage.

Finally, we remove the test mq setup tasks and clean up any unused
or unnecessary variables configured in tests.

We also rename the ubuntu-16.04.yml file to ubuntu.yml to cover both
xenial and bionic. This has become necessary because the
'Gather variables for each operating system' task in the galera_client
role is picking up this role's vars file instead of its own.

Change-Id: If7e3712dd70eb083b5dffc98e0c981ec4f513533
2018-08-01 18:56:29 +01:00
German Eichberger bdaf5c9d9a Adding git to the packages to be installed
The latest build error indicaes that the git command is missing
(see http://logs.openstack.org/67/514767/3/check/openstack-ansible-functional-ubuntu-xenial/b7dca12/job-output.txt.gz#_2017-10-26_19_48_56_859442)
This adds it to the Octiavia container.

Change-Id: I6490979d208938634373c08d164461e9d5d1150a
2017-10-27 10:40:43 -07:00
German Eichberger 205fcc83a6 Fixes failing functional test
The functional tests don't work because the octavia-api uwsgi server
fails because libxml2 is not installed [1]. This should fix that.

[1] http://logs.openstack.org/40/484440/9/check/gate-openstack-ansible-os_octavia-ansible-func-ubuntu-xenial/f8835f2/logs/openstack/octavia1/syslog.txt.gz

Change-Id: If07a64e062daf6cc5e10864913d742075be02d36
2017-08-14 08:50:45 -07:00
Kevin Carter a51775e99f Ensure the components are isolated from the system
This creates a specific slice which all OpenStack services will operate
from. By creating an independent slice these components will be governed
away from the system slice allowing us to better optimise resource
consumption.

See the following for more information on slices:

* https://www.freedesktop.org/software/systemd/man/systemd.slice.html

See for following for more information on resource controls:

* https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html

Tools like ``systemd-cgtop`` and ``systemd-cgls`` will now give us
insight into specific processes, process groups, and resouce consumption
in ways that we've not had access to before. To enable some of this reporting
the accounting options have been added to the [Service] section of the unit
file.

Change-Id: Ib19624a57063fba8f63eed5308639be224751fed
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2017-04-27 13:06:22 +00:00
Major Hayden d2a9aac1fd Add iptables-services package
The `iptables-services` package is required on CentOS to use the
`service iptables save` command.

Change-Id: I2001cd8bfebebac652cd8138a1a8386c9aa5f72a
2017-04-10 12:29:57 -05:00
German Eichberger 38e365f945 Adds iptables rules to protect octavia server container
- Adds iptables rules
 - Makes sure that health manager ip is the one
   on the management interface
 - Reworks variables
 - Improves documentation
 - Tests now run with an extra octavia network
 - renamed mgmt network to lbaas-mgmt
 - added ubuntu/centos specific iptables save/restore
   commands/packages

Change-Id: I761ce0d2dce73d018c2ba2022798a3962e44b235
2017-04-07 09:47:13 -04:00
Major Hayden f510d6561c Octavia role hacking
- installs Octavia service in OSA
- adds a test which installs Octavia (but uses noop
  to work around gate limitations)

Co-Authored-By: German Eichberger <German.eichberger@rackspace.com>

Change-Id: Idb419a4ca5daa311d39c90eda5f83412ccf576ad
2017-03-01 12:48:12 -05:00