With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I30eff91392dcab1e76c4fee89ead7a6e03838b2d
By overriding the variable `sahara_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the sahara backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I28e2a2ac7a2534f731f1ce8b0c76f6c55e987eb2
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7064765e62d9e1a86fb20232429731840f697a88
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: If7ed1c8281d3e78c5905ccc570456e998d191370
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: I33362163d54a1b54ba4a0cd13764f28fe6485040
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I1564252d2362dbb5858e1d0222c3b344488d389d
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Change-Id: Iaca1e2f680d7281b4d8c0fd47907823a515f4240
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
Change-Id: I45b018381a9958e3df12d1eccd5fafc0fcc45ad0
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: I0f9eeeb5db890ba2119f7e8a5e85b9f6923092d6
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing
features or functionality. The intention of this change is to ensure
uniformity and reduce the maintenance burden on the community when
sweeping changes are needed. The exterior role is built to be OSA
compatible and may be pulled into tree should we deem it necessary.
Change-Id: If8a201dd964ea769c688f78abc2a688782e3be4d
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.
This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.
Depends-On: https://review.opendev.org/668019
Change-Id: Ic8f7f2dc97cb8160bab123a87a2673675cff4c15
The variables sahara_developer_mode and sahara_venv_download
no longer carry any meaning. This review changes sahara to do
the equivalent of what developer_mode was all the time,
meaning that it always builds the venv and never requires
the repo server, but it will use a repo server when available.
As part of this, we move the source build out of its own file
because it's now a single task to include the venv build role.
This is just to make it easier to follow the code.
Change-Id: I74f5fa25b70fbb5c514af3a72b5b6654d5c8e24d
- install also the Sahara plugins. The existing variable sahara_plugin_base
is now used also for the list of installed plugins, in addition to
the list of loaded plugins.
The default set includes now all the available plugins.
- fix the URIs used by role tests. They will eventually go away
in favor of the integrated tests, but they are needed right now.
Change-Id: I5a4066ad9e2cca7bbfeb82bca5b2e65badef2e22
The private option on include role was never implemented and
will no longer be developed. This change removes the option
so ansible no longer raises a deprecation warning.
Change-Id: Ifb39c4b7daf1b781bfd894cd426c9e21451b9390
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
In order to enable the service setup host python interpreter to
be changed easily, we make it a variable. This will be useful
when someone sets the service setup host to be the utility
container, because we'll be able to set this var by default.
Change-Id: I6ff22dd4438df02b4a485ae75e8ea895c0f8f57e
This patch removes the conditional inclusion of the notification
section of the service configuration. This ensures that oslo.messaging
notifications use the correct transport for deployments that have
separate rpc and notify messaging backends. For example, if the
transport_url is not provided in the notification section of the
service configuration, the transport_url specified in the default
section will be used instead.
This patch conditionally selects the notifier driver. The noop
driver will be selected when notification publishing is disabled.
The messagingv2 driver is selected when notification publishing is
enabled.
Change-Id: Ib68aa2669b5d70626ed2777d5601d8914207451d
Closes-Bug: #1794320
Sahara supports unversioned endpoint also for the stable API v1.1,
and this is a requirement in order to use the experimental API v2.
See https://review.openstack.org/#/c/582285/ for more details.
Following the pattern used for other services with unversioned
endpoints, the sahara_service_*uri variables are directly and all
sahara_service_*url can thus be removed.
Closes-Bug: #1782147
Change-Id: I2d4477de6a3ad58fe58152b18e18a9a6dffdafd4
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.
We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.
This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:
1. Replaces 'developer mode' with an equivalent mechanism
that uses the common role and is simpler to understand.
We will also simplify the provisioning of pip install
arguments when doing this.
Depends-On: https://review.openstack.org/598957
Change-Id: Ibd021f211f4608636e27283ca831aac4e3ef4efe
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
The use of 'include_tasks' and a loop of variables creates
a situation where a user is unable to use tags to scope the
inclusion of only the MQ tasks when running the playbooks.
The use-case this is important for is when the rabbitmq
containers are destroyed and rebuilt in order to resolve
an issue with them, and the user wishes to quickly recreate
all the vhosts/users.
Ansible's 'include_tasks' is a dynamic inclusion, and dynamic
inclusions are not included when using tags. The nice thing
about dynamic inclusions is that they completely skip all
tasks when the condition does not apply, cutting down deploy
time. However, given the use-case, we should rather take on
the extra deployment time.
This patch changes the dynamic inclusion to a static one,
adds a 'common-mq' tag to cover all MQ implementations,
and re-implements the 'common-rabbitmq' tag for the tasks
that relate to RabbitMQ specifically.
It also implements conditionals for each task set so that
the rpc/notify tasks can be skipped if a vhost/user is not
required for that purpose (eg: swift does not use RPC, and
most roles will not use notifications by default).
Depends-On: https://review.openstack.org/588191
Change-Id: I077a267824b6142874d052d10227ea055abd6069
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: Ib42bf56d7151f5af957041e4e61b7cf646819565
There is no record for why we implement the MQ vhost/user creation
outside of the role in the playbook, when we could do it inside the
role.
Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.
In this patch we implement two new variables:
- sahara_oslomsg_rpc_setup_host
- sahara_oslomsg_notify_setup_host
These are used in the role to allow delegation of the MQ vhost/user
setup for each type to any host, but they default to using the first
member of the applicable oslomsg host group.
We also adjust some of the defaults to automatically inherit existing
vars set in group_vars form the integrated build so that we do not
need to do the wiring in the integrated build's group vars. We still
default them in the role too for independent role usage.
Change-Id: I72c26ad851beb5a48cd2d841dca67c547a074847
Dmitriy Rabotyagov