With efforts to create a resources in same, unified way,
we convert tempest role to use openstack_resources
for creating and managing openstack resources, like projects, flavors,
networks, images, etc. This should reduce maintenance costs
in case of futher collection updates and unify approach.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/878794
Change-Id: I848ab09f8b6c81681f0ce0b5c0cc53b5653791c5
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Iaab0ad50fd65287094522f77283a0112859d7730
By overriding the variable `trove_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the trove backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I15223354a28f0cc6c203f0cb3a19b9af834d4158
With ansible-collection version 2.0 return of project_info module
has changed. We need to adopt usage of module return to the new format.
Change-Id: Ib4f3ced7f2175e5187f8c16f88fbfbcb3a472d0b
With commit [1] to collection output structure of networks_info module
has been changed. With that we adpot to the new format.
[1] 9272146cf7
Change-Id: Ia0d50b96a4af59352a89c566137d8b0208338b6b
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7b01de89b459b4992ed9531e6c81259af21ba997
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I41a360e6f99ecd0ca5e4c13888bff4f363d8bc33
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I377c7b182861a8c53c3ab43690c2bed0d648f3ae
By default OSA shares `service` project across services. So we should
not override _project_description with services
Change-Id: I0e194c5bf0ae4de1c9dd906c36955b6217d3f601
We haven't payed attention to the trove for a while and we need to
align configuration with current state of the service.
trove-conductor and trove-taskmanager configs are not
loaded by trove services anymore (at least by default), so we merge all
options into trove.conf
Also defaults and deprecated options are dropped from the config.
We implement bunch of new variables to cover missed logic and
some usecases.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784565
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784113
Change-Id: I2ba758de38ed3fee10fe1485aa25621eddbf9046
This migrate trove-api to usage of the uwsgi from native service to
align with other service way of deployment and since that's how service
is tested in devstack.
Change-Id: I83ad3af282942ff9714757e863f393894ac35f45
Allow deployers to manage trove guestimages with trove role. This will
allow us to correctly test role with tempest, since we were not able to
upload images with tags otherwise
Change-Id: If2f550ef09cd01ec5eab485f0d81ecfaf32f924f
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.
We make a separate task not to restart service when it's not needed.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I866fea573429ddcedf1547d9fa8a7caae448eca2
For pretty weird reason, first request to create a network to the neutron
fails with 500 without reasonable stack trace. Re-running request succeeds.
So we adding retries to the task which resolves metnioned issue.
Change-Id: I5b09dc3bc52d98df756cdc60c5e94cd1e7344e9a
os_ prefixed module names are deprecated for a while and will be removed
Current usage generates a warning for users.
Change-Id: Ie473569d866d6d8a9995f73f7cf5472e60589523
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: Ic2fa270a3582db3da01b3c449fbdd8c2d5045062
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Depends-On: https://review.opendev.org/755484
Change-Id: If7f26c8020d4b02ab9e82dcb69a7ba91a3b5d145
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I4f469df19bb371b0d38a6438a05054cd21152abd
These are changed to os_*_info modules which return their data
not as facts but via ansible registered variables.
Change-Id: I5a3b2cbcfadeb88f60d9ce2c94cdd949cd0c14ed
As we don't provide wsgi file for mod_wsgi deployment (despite
having task to do that) and trove package don't contain wsgi application
we should drop apache mod_wsgi part of the setup as it's not functional.
Change-Id: I0a12fad27d3f994d79ead52ac90873a1e1362144
This patch refactors the openstack user/service/endpoints creation to
service_setup.yml which will eventually be managed by
openstack-ansible-tests.
Change-Id: If4896f1711ac655c33b6d4132ffd74085cb0f3b1
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: Ib16362a8becb6666f36e5abdb93c548de2a269da
This patch refactors the database creation to db_setup.yml which
will eventually be managed by openstack-ansible-tests.
This also re-orders the mq_setup to be done earlier so these system
level dependencies are ready before service activation.
Depends-On: https://review.opendev.org/667287
Change-Id: I7c0bd52aab6c704548d969bb6dc8a5dea3eed8c0
Trove is now able to properly use the service catalog [1].
We have another[2] patch that this patch depends-on, which
causes us to have a circular dependency. As the change is minimal,
should be ok to squash them together to be able to fix that role.
The paragraph bellow contains the commit message of the patch that is
being squashed.
The 'Get admin tenant id' task was passing invalid arguments to the
os_project_facts module, and the 'Store admin tenant id' task was not
using the correct variable to retrieve the project id.
[1] https://review.opendev.org/#/c/574254/
[2] https://review.opendev.org/#/c/665458/
Change-Id: I779ba715d20d83b1efe4f07226a5eadd7e0a1870