Due to the shortcoming of QManager implementation [1], in case of uWSGI
usage on metal hosts, the flow ends up with having the same
hostname/processname set, making services to fight over same file
under SHM.
In order to avoid this, we prepend the hostname with a service_name.
We can not change processname instead, since it will lead to the fight
between different processes of the same service.
[1] https://bugs.launchpad.net/oslo.messaging/+bug/2065922
Change-Id: Icb9df1114b6fda8509fb12aeac486ca52e370781
<service>-config tags are quite broad and have a long execution
time. Where you only need to modify a service's '.conf' file and
similar it is useful to have a quicker method to do so.
Change-Id: If65b1d0b28f2470d42ec885b450938c0085d2a3d
During last release cycle oslo.messaging has landed [1] series of extremely
useful changes that are designed to implement modern messaging
techniques for rabbitmq quorum queues.
Since these changes are breaking and require queues being re-created,
it makes total sense to align these with migration to quorum queues by default.
[1] https://review.opendev.org/q/topic:%22bug-2031497%22
Change-Id: I5608a853b15abad6ea538e167091af3296af38dd
In order to be able to globally enable notification reporting for all services,
without an need to have ceilometer deployed or bunch of overrides for each
service, we add `oslomsg_notify_enabled` variable that aims to control
behaviour of enabled notifications.
Presence of ceilometer is still respected by default and being referenced.
Potential usecase are various billing panels that do rely on notifications
but do not require presence of Ceilometer.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/914144
Change-Id: I3588572fda1e385ff7c39d5aa68c5aafcb6b89c6
In order to allow definition of policies per service, we need to add variables
to service roles, that will be passed to openstack.osa.mq_setup.
Currently this can be handled by leveraging group_vars and overriding `oslomsg_rpc_policies` as a whole, but it's not obvious and
can be non-trivial for some groups which are co-locating multiple services
or in case of metal deployments.
Change-Id: If86fd8990138a71a452b6f34f5dc1206834553af
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: I2e3f464534bffe9edd9d969c8d6a24adce06c02c
There is no obvious need to have an SSH keypairs for zun and kuryr users
I was not able to find any proof in the project installation guide that
such keypairs were ever needed. Thus, such functionality is removed.
Change-Id: Icdaf2fec944aae95947ff421bf47d88e0cc0505e
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: I7ad481f26903519c5f1d9ab0e075ef56d7e9f091
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I65cbe26804fab48aed3c88ed75bfc7f28d3b5f9e
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ice967ef99da11e6bd5a7dffc0a5e3d377f8598f4
By overriding the variable `zun_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the zun backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I85f90c573007f422b004b41e785bd1c86a21ec92
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I53545ede7b2f129bbbf3518ab517f6f37d78598e
my_ip is leveraged by multiple other options as a default value. So it
makes sense to define it to zun_service_address, which, in turn, is
defaulted to management_address.
Change-Id: Iaa409cde1246b4aacdc0b22cd165f64aa2ca2418
This patch adds variables to easier control location of cluster-store
kv storage, including possibility to use zookeeper instead of etcd.
Change-Id: Ib413178268c4b5ae3ee7df57dcacbefde323819a
At the moment there are no repositories exists for Ubuntu/Debian
to install kata from. The only options are snap or source installation.
To avoid using snap, we're fetching kata release from github and
proceeding with source installation.
With that we also update docker version to existing in the repos,
as otherwise it get's 23.0.0 installed, which fails to startup
due to removal of standalone mode support.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/883194
Change-Id: I3ee976062d9288536270f9b1d80750749174af22
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I4064db86e07892aea3b7a44cbd0f0bfa24011caa
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Id451d06bcc40c94e9ef021dd7e3c1d14703e73cc
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: Ie8f7af4f4028e3447319039fee8b0f82005c7add
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I1b2e3df4d12b6b5d71159d831f6f0a65fb7d2263
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I526486a8644a8d2065a720657603ddff3c6bdaec
This is a temporary workaround and in the long term the kata
support either needs removing or refactoring to use a more recent
deployment method or installation from source.
Change-Id: I60c8de5d7ee0944bab361768c712aad06393a536
This is EOL so we now use centos-8-stream instead
Remove check jobs and gate jobs to merge anything as
the upstream etcd role is broken.
Change-Id: Id93a3efd4b43bb9770a83d6e23e5736935002922
Remove testing on buster as this is no longer a supported OS for
openstack-ansible.
The job causes kernel panics on bullseye so does not generate any
meaningful CI results. Restore testing on bullseye when zun when
this is fixed.
Change-Id: I91f5d67129065b281b3a22281d0eae9ff89786c0
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ib258eeb4989236215d645b21ed25f9d35c3a2a0a