This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I9b9de6cdfac8ba3a89b874cd920df8d5b01e81f2
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I7835892960360ddea73ba98ed1cbdc8268d5e71e
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: I6c0e5e73d0c1842432e506eb8fa9e002f3b9a24a
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I9aaf6680c274453a16b6f9879cf488ae2050e71f
By overriding the variable `tacker_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the tacker backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ib5dd3a2494bed81add670e331085294910d7f425
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I4ebae4853fc0bc2840d3ea79546f10a12051bea9
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Id85cca75b829d2f07916278d5385d96301c34cf6
There's a long-standing bug from 2017 that tacker requires scheduler
service to run. However it seemed no real interest to tacker among OSA
users. Nevertheless it's better late then never fixing it.
Change-Id: I70264ef5ffd6ebb851e4d3c4c86c28ea222f7139
Closes-Bug: #1710874
This line snuck in with I854ca5c48f487ed140aafcb79e4ac0cd60b83597
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Iae73c52c2c29db0952f7d8a5ae35b92088affe5a
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I9fa323e544849f7c24ccd7b860160bb5756ada28
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I6f1f4a56d8f96c70308b630c149ec87f6c45b832
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I854ca5c48f487ed140aafcb79e4ac0cd60b83597
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I36f5315ad27904c817f4349151fca4181180e811
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I196d4b2e26f803afbd917af729be4183884c7eea
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I42d544d80d8fef5be9a68e6ef7090f85d0daa88c
Takcer hasn't been paid any attention for a while and current
configuration is not relevant and contain obvious mistakes.
While patch doesn't aim to fully fix all issues, we at least improve
things by removing obvious mistakes.
Change-Id: Ib8b89fa2664e63245b503780e4fc65d813db0e6f
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I4c18653c53a7d0b26b05a25757721879c0131ff5
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.
We make a separate task not to restart service when it's not needed.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I0606751e4e7707091cd34429deeee01630eb576a
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I68735b995fe1bce23edb8c092f2199fdde137acd
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.
Change-Id: Ieb586ca22e19b84433b8faea1b27fb66c1e7e9f9
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: I1dd906a82e3963d2b4f0497570195885abab0530
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: I5c92722d5e7c49d0a01c7e9dbd0b254b5bea6dc4
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I065c079fb95f299f90b51e22e8aad42fc5dbb618