With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/891474
Change-Id: I315c7fa58ee07786832d21c13f281968ee3d400a
By overriding the variable `placement_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the placement backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Id84137b624624482939989098f1b04263d62c0fd
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I4e9fff59bbfa9c8a1ae0236d077ac9ee2881c04b
Related-Bug: #1948456
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I77b4e8c70a21eada431c824044c0d1563df70dcc
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: Ie6e82e625808c64d44e603843ec985daf18efca4
We implement `placement_policy_overrides` variable in order to allow
management of placement policy files when needed.
Change-Id: If219ac80ceed2bf455a7de83b848c9d0a66371a4
This is necessary to support the new pip resolver.
Depends-On: I9be6bbf4a29a4da2ddf96dc0336bc2a7d8ec9281
Depends-On: I49c75dd11d6c4e8d37fe013b7ffdfd56ff193fcd
Change-Id: I00b42c61d03c83bfbfec69ad3bd47d940bb449d2
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: I5b8a03d96375d67c8090af182d244495fd0a7f67
Even the most modest 4C/8T system would run with the maximum 16 processes
due to the calculation being VCPU*2.
We devide amount of CPUs to number of threads for hyperthreaded CPUs
Change-Id: I1dbbfc82f24732f8534594ff25aefc03e5c4003c
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: Ic831664bd500b8a3ed22238fef0b19ed56313d72
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: Ibf64fc04bd9b4359de902a92aa39cfc2923c8823
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Depends-On: https://review.opendev.org/678025/
Change-Id: Ied4b59787e9707bc886c7bcba8f4ac50865edcb9
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: Ib24a5c96359c349781c48a5d82d7c64e793b8e43
The variables placement_developer_mode and placement_venv_download
no longer carry any meaning. This review changes placement to
do the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.
Change-Id: Ieac9e2fba7e222d31c29eebf699968455a727758
This patch adds the support for the placement service with
a simple functional test which hits the API (which in turn
hits the database and keystone for authorization).
Depends-On: I878e8c479d8963b339b5e1f6031f649c0f87082f
Change-Id: Iaa11a8cc4d945712b62c3b9c2cb6ad168def34eb