Commit Graph

400 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov 3f7085e58a Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I947be8d94b3263ed69311667af693a481765b1c4
2023-10-25 10:25:16 +00:00
Dmitriy Rabotyagov 810e58bd11 Fix linters for example playbook
Change-Id: I1305323f15c704b0ba808d4a2acd74664b6205db
2023-10-25 12:24:49 +02:00
Zuul 779faf7ff2 Merge "Stop reffering _member_ role" 2023-08-21 12:54:49 +00:00
Dmitriy Rabotyagov fd7f9932b1 Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.

Change-Id: I41c2c8a50ff119cad4b8c1fe1e38096cc97f8c12
2023-08-17 14:59:00 +00:00
Dmitriy Rabotyagov f98616ebd6 Define constraints file for docs and renos
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.

The patch will ensure that constraints are used an we should not face
simmilar issue again.

TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.

Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.


Change-Id: I7e1f5009e8fc89036cb8dbf06e558bfb36241de4
2023-08-17 16:32:24 +02:00
Dmitriy Rabotyagov 2843f27804 Stop reffering _member_ role
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.

Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.

Change-Id: Ie43a6edc4ef44b7b92905cf9d59be53edeb1b946
Related-Bug: #2029486
2023-08-15 13:06:58 +02:00
Dmitriy Rabotyagov 1c49c7d2c8 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I30eff91392dcab1e76c4fee89ead7a6e03838b2d
2023-07-14 19:56:42 +02:00
Damian Dabrowski 81a0273a50 Add TLS support to sahara backends
By overriding the variable `sahara_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the sahara backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I28e2a2ac7a2534f731f1ce8b0c76f6c55e987eb2
2023-04-29 18:43:28 +02:00
Dmitriy Rabotyagov 5025cd3ea1 Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/879963
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/880470
Change-Id: I5561693e490700bc572e196e36e8ef0fa4df1ec5
2023-04-14 09:19:23 +00:00
Dmitriy Rabotyagov 6deed3ff81 Update tox.ini to work with 4.0
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`


Change-Id: I88f881ae0396973f60ea892453933a263b685c88
2022-12-27 17:53:25 +01:00
OpenStack Release Bot 9e3428fc4f Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: Ia698a819b4053f72fb4a7e8489a56b9bc260bcdf
2022-12-13 13:20:06 +00:00
Dmitriy Rabotyagov 816e498c5c Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7064765e62d9e1a86fb20232429731840f697a88
2022-06-15 19:20:56 +02:00
Dmitriy Rabotyagov f8ff70e99c Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.


Change-Id: I1aeb896d936a2ae3a6dfc08de6bfa01f2274bff1
2022-05-30 14:39:34 +00:00
Marc Gariepy 2ce1f60bde Use common service setup tasks from a collection rather than in-role
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/842758
Change-Id: I1e637517953ba9a65e987c181464678c81365ec0
2022-05-20 19:02:52 +00:00
OpenStack Proposal Bot b022d4c89b Updated from OpenStack Ansible Tests
Change-Id: I8411c564b9bafd97420529f480471f2d28d91cbe
2022-03-31 20:15:08 +00:00
Marc Gariepy 19041d7365 Cleanup setup.py config
Change-Id: Icb0a8c2005cdfc4d4258695207fc31115e27d5a2
2022-03-31 10:40:39 -04:00
Jonathan Rosser bcf2711ff0 Remove legacy policy.json cleanup handler
Change-Id: If85dd0ec4105c216047bd05b101e98b95a7eb6c1
2022-02-02 04:22:27 -05:00
OpenStack Proposal Bot 774fa30fa1 Updated from OpenStack Ansible Tests
Change-Id: I95adfffb30b02ad1d432ce4d85b6022a1912f7ba
2021-12-17 16:48:04 +00:00
OpenStack Proposal Bot 81d675530b Updated from OpenStack Ansible Tests
Change-Id: Id47719feff8528c0d671022a470d683d29d176ad
2021-12-04 17:41:17 +00:00
Damian Dabrowski 4814dcb140 Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I1745cd91c26bb873a5eac0fa42f651d2ebe7e974
2021-12-03 11:41:39 +01:00
Dmitriy Rabotyagov 54a6645c5a Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: If7ed1c8281d3e78c5905ccc570456e998d191370
2021-11-30 15:17:26 +02:00
Dmitriy Rabotyagov c5f8778469 Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.

Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.

[1] 78f0cf99e5/pymysql/connections.py (L267)

Change-Id: I25b6e2afcf67f34d9b612adca6c0c6968b6308ce
2021-09-21 17:18:07 +03:00
Zuul eefafc3527 Merge "Fix linters" 2021-06-01 01:01:24 +00:00
Dmitriy Rabotyagov 183f5f739d Fix linters
Change-Id: I8d2e355830713b34722d1db5ca89f6d8375510f8
2021-05-27 13:12:59 +00:00
Dmitriy Rabotyagov d07db04ce4 Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.


Change-Id: If8e378dcbbd5a74638665c2dcd317e6df0a0833c
2021-05-21 15:53:41 +03:00
Zuul 3307ddc57c Merge "Add variables for rabbitmq ssl configuration" 2021-05-18 14:22:01 +00:00
Jonathan Rosser 21eb697dc8 Add variables for rabbitmq ssl configuration
Change-Id: I245bee42704e3d81a3f148daa983b43e9e377575
2021-05-17 11:42:20 +00:00
Zuul 92004f42fe Merge "[goal] Deprecate the JSON formatted policy file" 2021-04-20 11:02:22 +00:00
OpenStack Proposal Bot ece2defc0e Updated from OpenStack Ansible Tests
Change-Id: I0a78a8fc1d9e662940636ae4e30250290fbcf250
2021-04-19 09:59:39 +00:00
Dmitriy Rabotyagov 63c3e47a57 [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-On: https://review.opendev.org/c/openstack/sahara/+/768521
Change-Id: I606e1dda74f630242905fdf74ee19eaf66030edf
2021-04-06 13:00:17 +00:00
OpenStack Proposal Bot 336af0fa3b Updated from OpenStack Ansible Tests
Change-Id: I002d14cfc2e1896290518cc65277fcc3d6cff5a2
2021-03-22 08:48:53 +00:00
Jonathan Rosser b8f9f0432f Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: I5f2438f064fe097b990dfdd433cc6fb84cd3b3d3
2021-03-16 08:16:22 +00:00
OpenStack Proposal Bot 52957ea99d Updated from OpenStack Ansible Tests
Change-Id: I6170049b2cc880fe2962036bc565a8b03ecfe4fe
2021-03-12 22:21:03 +00:00
Zuul 8028d63522 Merge "Remove references to unsupported operating systems" 2021-03-10 17:37:19 +00:00
Jonathan Rosser b94a60766e Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I502b70c234ef22271c7d947b6c54b687ecd010d2
2021-03-10 12:16:40 +00:00
Jonathan Rosser 9222e100d1 Switch default virtualenv to python3
Change-Id: I12e0f84137cf7cc89e0707fcc7114fa5ce3b355a
2021-03-10 09:02:21 +00:00
Zuul 966bcd1693 Merge "[reno] Stop publishing release notes" 2021-01-26 18:32:54 +00:00
Jonathan Rosser 0bf0e22652 Move sahara pip packages from constraints to requirements
This is necessary to use the new pip resolver

Change-Id: Ia8422900dd74227e32fbefd37cdf146638c063fb
2021-01-25 10:20:09 +00:00
dmitriy 4597fc8bdd [reno] Stop publishing release notes
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.


Change-Id: Iecb6464941097057cad39e50e3626b9abbe84921
2021-01-22 18:27:34 +02:00
Dmitriy Rabotyagov daef9039b1 Use global service variables
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.

Change-Id: I2b9393b388840c8903ca267b8d5e66536be8d267
2021-01-08 18:47:23 +02:00
Dmitriy Rabotyagov 0f9e762924 Reduce number of processes on small systems
Even the most modest 4C/8T system would run with the maximum 16 processes
due to the calculation being VCPU*2.

We devide amount of CPUs to number of threads for hyperthreaded CPUs

Change-Id: Ie4384375f65d6ec262a3f5b71ab7cd62ed5e210a
2020-11-30 13:59:06 +02:00
zhoulinhui a0eef75d6e Replace deprecated UPPER_CONSTRAINTS_FILE variable
Change-Id: Iab16e17e153c82865a42fd60ed64b911e07c68af
2020-11-10 13:12:03 +08:00
OpenStack Proposal Bot 3a74d75eac Updated from OpenStack Ansible Tests
Change-Id: I3a7e51ddd0a35f4305e0ad73fac6d7eb381f1570
2020-10-19 09:20:52 +00:00
Zuul ca4848eaca Merge "Updated from OpenStack Ansible Tests" 2020-10-02 16:29:40 +00:00
Jonathan Rosser d714c58dc0 Fix linter errors
Change-Id: I80196d4598b2786f65185db759cb8aa0f47e8c56
2020-10-01 16:55:38 +01:00
OpenStack Proposal Bot 616e413561 Updated from OpenStack Ansible Tests
Change-Id: I06b5a6349cb809cf675f7f458dfb98a4c6577998
2020-10-01 14:31:55 +00:00
Zuul 10eaa05382 Merge "Define condition for the first play host one time" 2020-09-28 11:11:05 +00:00
Dmitriy Rabotyagov 602e895307 Define condition for the first play host one time
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.

Change-Id: I33362163d54a1b54ba4a0cd13764f28fe6485040
2020-09-25 18:16:07 +03:00
OpenStack Proposal Bot 38049ab75e Updated from OpenStack Ansible Tests
Change-Id: I676fd019c91d67f31633057d797d1bc58caee284
2020-09-24 16:58:03 +00:00
Dmitriy Rabotyagov 0dcd1ba011 Use the utility host for db setup tasks
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.

Change-Id: I1564252d2362dbb5858e1d0222c3b344488d389d
2020-08-20 19:38:35 +03:00