This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I947be8d94b3263ed69311667af693a481765b1c4
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I41c2c8a50ff119cad4b8c1fe1e38096cc97f8c12
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7064765e62d9e1a86fb20232429731840f697a88
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I1745cd91c26bb873a5eac0fa42f651d2ebe7e974
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I25b6e2afcf67f34d9b612adca6c0c6968b6308ce
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: Icfb171b7b5bc33bd6f14378003c6fc9bb597837b
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Change-Id: Iaca1e2f680d7281b4d8c0fd47907823a515f4240
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: I0f9eeeb5db890ba2119f7e8a5e85b9f6923092d6
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing
features or functionality. The intention of this change is to ensure
uniformity and reduce the maintenance burden on the community when
sweeping changes are needed. The exterior role is built to be OSA
compatible and may be pulled into tree should we deem it necessary.
Change-Id: If8a201dd964ea769c688f78abc2a688782e3be4d
The notification driver setup was resulting in the driver and connection string
on the same line. This is caused by the case statement and how jinja formats
the template when a case statement is present. This change modifies how the
driver string is created using a ternary, which will eliminate the case
statement and render the value of the diver correctly.
Change-Id: I3ca44a9d70eadeb1a82d5f8aa35ec417de5503d5
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch removes the conditional inclusion of the notification
section of the service configuration. This ensures that oslo.messaging
notifications use the correct transport for deployments that have
separate rpc and notify messaging backends. For example, if the
transport_url is not provided in the notification section of the
service configuration, the transport_url specified in the default
section will be used instead.
This patch conditionally selects the notifier driver. The noop
driver will be selected when notification publishing is disabled.
The messagingv2 driver is selected when notification publishing is
enabled.
Change-Id: Ib68aa2669b5d70626ed2777d5601d8914207451d
Closes-Bug: #1794320
The driver option is necessary as the transport_url query param
override requires the value. Default will be to use the oslomsg
rpc setting.
Change-Id: I084a297e9d6e72d47731e18a06539fc00576b143
This introduces oslo.messaging variables that define the RPC and
Notify transports for the OpenStack services. These parameters
replace the rabbitmq values and are used to generate the messaging
transport_url for the service. The association of the messaging
backend server to the oslo.messaging services will then be
transparent to the sahara service.
This patch:
* Add oslo.messaging variables for RPC and Notify to defaults
* Update transport_url generation
* Add oslo.messaging to inventory
* Add release note
Depends-On: If4326a6848d2d32af284fdbb94798eb0b03734d5
Depends-On: I2b09145b60116c029fc85477399c24f94974b61d
Change-Id: Ib4153412b91e7d11cc9acdbe5af8a1a4280b44e8
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: Id885b50194f386bc2480b9af89c747476ed8cbe1
Implements: blueprint deprecate-auth-uri-option
The health check requests from haproxy cause uwsgi to write a
lot of useless log lines. This can make it more difficult to find
a problem with a particular service.
This patch adds a route to look for the `osa-haproxy-healthcheck`
user agent string, which haproxy uses when performing health checks.
Any requests with that user agent are not logged.
Closes-Bug: 1742718
Change-Id: I92658731ce93e4d2dbcadb53e80a08f19fe928fe
When 'sahara_galera_use_ssl' is True, use an encrypted connection to
the database using either a self-signed or user-provided CA certificate.
A new non-voting test has been added to verify that the role remains
functional when enabling SSL features.
Change-Id: Ie39024c99cad0932f464707adc43019bc1062317
Partial-Bug: 1667789
Nova network has been fully removed from the OpenStack codebase.
As such, all instances of switches on use_neutron should be removed,
as the functionality will never be meaningful.
Change-Id: I2eb338ba53d51c62c88bbbfd145462030596da74
Depends-On: Ib9d87dd339d637b69fb27315d92228cbc523c8eb
Closes-Bug: #1734615
As part of the Pike goals we are moving api services to run as WSGI
apps. sahara-api service is set up as a wsgi app, and this patch
moves it over.
Since this is just a drop in replacement for the existing eventlet
service, operators an deployers should notice no difference.
Change-Id: Ie4826358d5ee1686ad9ea7fa9eb0441acff565f2
Implements: blueprint goal-deploy-api-in-wsgi
Option "rpc_backend" from group "DEFAULT" is deprecated for removal
(Replaced by [DEFAULT]/transport_url). Its value may be silently
ignored in the future.
Change-Id: I6ff5a9e734d5ba3de12a43e6f57d5a3ce214db5e
Implements: blueprint deprecate-rpc-backend
Option "rabbit_use_ssl" from group "oslo_messaging_rabbit" is deprecated.
Use option "ssl" from group "oslo_messaging_rabbit".
Change-Id: I96907217ba041f28cd1f0df299aa9dbdd6049c8e
Implements: blueprint deprecate-rabbit-use-ssl
The systemd unit 'TimeoutSec' value which controls the time
between sending a SIGTERM signal and a SIGKILL signal when
stopping or restarting the service has been reduced from 300
seconds to 120 seconds. This provides 2 minutes for long-lived
sessions to drain while preventing new ones from starting
before a restart or a stop.
The 'RestartSec' value which controls the time between the
service stop and start when restarting has been reduced from
150 seconds to 2 seconds to make the restart happen faster.
These values can be adjusted by using the *_init_config_overrides
variables which use the config_template task to change template
defaults.
Change-Id: I4c7aa684ab38a49b66e9c1dfd9cbbccceef03990
This creates a specific slice which all OpenStack services will operate
from. By creating an independent slice these components will be governed
away from the system slice allowing us to better optimise resource
consumption.
See the following for more information on slices:
* https://www.freedesktop.org/software/systemd/man/systemd.slice.html
See for following for more information on resource controls:
* https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
Tools like ``systemd-cgtop`` and ``systemd-cgls`` will now give us
insight into specific processes, process groups, and resouce consumption
in ways that we've not had access to before. To enable some of this reporting
the accounting options have been added to the [Service] section of the unit
file.
Change-Id: Ic4edfa39b8ee42d0f6192b986e1c40c9c94488df
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Users can configure the number of worker threads however when it's
not specified the calculated number of workers can get too large on
hosts with a large number of CPUs.
Also removed the comment related to an unused variable
sahara_engine_workers in defaults/main.yml
Change-Id: Idc39c7fc2188332fbaeb771906c0b9a402d17646
- Use dictionary for service group mappings, bringing the
role into line with the method used in other roles;
- Use systemd module instead of shell on the services
restart handlers;
- Use ansible package module to install distro packages;
- Added variables for CentOS. The role should now support
CentOS;
- Removed extras folder.
Change-Id: I5c8430804aacceca01c5821ca2528514033d15f4
OSLO logging currently defaults the 'use_stderr' option to True
which results duplicate logs in service daemon logs for both
upstart and systemd. To correct this issue the use_stderr
option has been set to false.
Change-Id: I100faf83b9ed7060151e3da89a2234e8f14c94f3
Closes-Bug: 1588051
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
All rabbitmq connection vars are now namespaced. Namespace support
was previously inconsistent which limited deployer override options.
Change-Id: Ife9a394be5c21c85353966cf82e69a8ff3a13204
Implements: blueprint multi-rabbitmq-clusters
Remove all tasks and variables related to toggling between installation
of sahara inside or outside of a Python virtual environment.
Installing within a venv is now the only supported deployment.
Additionally, a few changes have been made to make the creation of the
venv more resistant to interruptions during a run of the role.
* unarchiving a pre-built venv will now also occur when the venv
directory is created, not only after being downloaded
* virtualenv-tools is run against both pre-built and non pre-built venvs
to account for interruptions during or prior to unarchiving
Change-Id: I1ca77e5125911a6d6ac0745abd2259ee3ece4612
Implements: blueprint only-install-venvs
This change adds suport for Ubuntu 16.04 with SystemD
while keeping the support for Ubuntu 14.04 with upstart.
Implements: blueprint support-ubuntu-1604
Change-Id: Iffed984d6c2c881cbac31919dc805b6122dd4f3f