Commit Graph

224 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov e164cd56d8 Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Change-Id: I2e3f464534bffe9edd9d969c8d6a24adce06c02c
2023-10-20 14:17:25 +02:00
Dmitriy Rabotyagov 3125263df0 Stop generating ssh keypair for zun and kuryr user
There is no obvious need to have an SSH keypairs for zun and kuryr users
I was not able to find any proof in the project installation guide that
such keypairs were ever needed. Thus, such functionality is removed.

Change-Id: Icdaf2fec944aae95947ff421bf47d88e0cc0505e
2023-10-14 08:48:05 +00:00
Dmitriy Rabotyagov 3f5e776ee2 Fix indent in example playbook
This patch aims to fix linters job

Change-Id: Ia25e686e49a4e18db44be7b1add3d1e6869b5e6c
2023-10-14 10:47:41 +02:00
Dmitriy Rabotyagov f9fffa27a4 Define constraints file for docs and renos
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.

The patch will ensure that constraints are used an we should not face
simmilar issue again.

TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.

Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.


Change-Id: I7ad481f26903519c5f1d9ab0e075ef56d7e9f091
2023-08-17 16:32:27 +02:00
Zuul e86a5a16eb Merge "Fix linters and metadata" 2023-08-14 11:02:33 +00:00
Dmitriy Rabotyagov 60d9d8b306 Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.

Change-Id: I65cbe26804fab48aed3c88ed75bfc7f28d3b5f9e
2023-07-31 15:45:51 +02:00
Dmitriy Rabotyagov dddc665165 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ice967ef99da11e6bd5a7dffc0a5e3d377f8598f4
2023-07-14 21:30:29 +02:00
Dmitriy Rabotyagov a0b2ef25cd Switch jobs to Jammy
We're dropping Ubuntu Focal support early in 2023.2 release,
so we need to switch all jobs to Jammy before this happens.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/884361
Change-Id: I0ced7aac105e5116ac97ad80578cca35331f417c
2023-05-25 13:40:15 +02:00
Zuul 7a63351303 Merge "Add TLS support to zun backends" 2023-05-21 22:04:52 +00:00
Zuul 5929407213 Merge "Add my_ip to the zun config" 2023-05-20 10:40:47 +00:00
Zuul 6fa05cc723 Merge "Allow to customize location of kv storage" 2023-05-20 10:40:46 +00:00
Damian Dabrowski aaf4b3f201 Add TLS support to zun backends
By overriding the variable `zun_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the zun backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I85f90c573007f422b004b41e785bd1c86a21ec92
2023-05-19 09:06:00 +00:00
Dmitriy Rabotyagov 330b91efec Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: I53545ede7b2f129bbbf3518ab517f6f37d78598e
2023-05-19 09:05:51 +00:00
Dmitriy Rabotyagov 3e6078f67c Add my_ip to the zun config
my_ip is leveraged by multiple other options as a default value. So it
makes sense to define it to zun_service_address, which, in turn, is
defaulted to management_address.

Change-Id: Iaa409cde1246b4aacdc0b22cd165f64aa2ca2418
2023-05-19 09:05:40 +00:00
Dmitriy Rabotyagov bbea608c37 Allow to customize location of kv storage
This patch adds variables to easier control location of cluster-store
kv storage, including possibility to use zookeeper instead of etcd.

Change-Id: Ib413178268c4b5ae3ee7df57dcacbefde323819a
2023-05-19 11:05:18 +02:00
Dmitriy Rabotyagov 51e347dcb9 Install kata containers from source
At the moment there are no repositories exists for Ubuntu/Debian
to install kata from. The only options are snap or source installation.

To avoid using snap, we're fetching kata release from github and
proceeding with source installation.

With that we also update docker version to existing in the repos,
as otherwise it get's 23.0.0 installed, which fails to startup
due to removal of standalone mode support.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/883194
Change-Id: I3ee976062d9288536270f9b1d80750749174af22
2023-05-19 09:01:00 +00:00
OpenStack Release Bot bdbddd26cc Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: I4064db86e07892aea3b7a44cbd0f0bfa24011caa
2022-12-13 13:22:16 +00:00
Dmitriy Rabotyagov 53ad680494 Move etcd installation to playbook
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/847362
Change-Id: Ifb111105b63515449c07ffcd27b72bb9eceab83d
2022-06-23 17:34:19 +02:00
Zuul 0d971e9837 Merge "Support service tokens" 2022-06-17 10:44:23 +00:00
Dmitriy Rabotyagov 04b99a0f81 Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.

Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Id451d06bcc40c94e9ef021dd7e3c1d14703e73cc
2022-06-16 19:24:26 +00:00
Dmitriy Rabotyagov 9a39e22b0f Remove mention of haproxy-endpoints role
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.

Change-Id: Ie8f7af4f4028e3447319039fee8b0f82005c7add
2022-06-14 20:06:38 +02:00
Dmitriy Rabotyagov 9825b2cfe9 Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.


Change-Id: I1b2e3df4d12b6b5d71159d831f6f0a65fb7d2263
2022-05-30 16:01:44 +02:00
Marc Gariepy c7cb1b149e Cleanup setup.py config
Change-Id: I61f0295e488b560c6cbbac2958a231d148b7ef30
2022-03-31 10:41:05 -04:00
Zuul 57fa739b90 Merge "Update Zun api-paste" 2022-02-25 19:20:47 +00:00
Zuul 253f385a38 Merge "Use common service setup tasks from a collection rather than in-role" 2022-02-21 13:06:00 +00:00
Dmitriy Rabotyagov 4bf971f33d Update Zun api-paste
This also removes  CPUFilter from Zun filters as this filtering should be
done by Placement.

Change-Id: I3e463f7442ea6b17d73429e7e4dff2fb71217a30
2022-02-03 17:28:00 +00:00
Jonathan Rosser f329b2a7eb Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.

This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.

Change-Id: I526486a8644a8d2065a720657603ddff3c6bdaec
2022-02-03 17:27:47 +00:00
Jonathan Rosser b0f47ab726 Use common service setup tasks from a collection rather than in-role
Change-Id: Ide03555f73310f30bfb481addff528cd38f19736
2022-02-01 19:19:30 +00:00
Jonathan Rosser eedfc7afa9 Restore CI jobs
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/826881
Change-Id: I7a2d6bc1b3716f5feab3b6dfdfdf583e4b83cd10
2022-02-01 15:29:20 +00:00
Andrew Bonney 2a05044f74 kata: fix link to now removed mirror location
This is a temporary workaround and in the long term the kata
support either needs removing or refactoring to use a more recent
deployment method or installation from source.

Change-Id: I60c8de5d7ee0944bab361768c712aad06393a536
2022-02-01 07:58:40 +00:00
Zuul a246e6cf13 Merge "Enable recursion in combine() filter" 2022-01-26 20:25:15 +00:00
Jonathan Rosser 81c24da822 Remove testing on Centos-8
This is EOL so we now use centos-8-stream instead

Remove check jobs and gate jobs to merge anything as
the upstream etcd role is broken.

Change-Id: Id93a3efd4b43bb9770a83d6e23e5736935002922
2022-01-12 16:57:59 +00:00
Damian Dabrowski 996dce8a8c Enable recursion in combine() filter
Ansible's combine() filter needs recursive=True parameter in order to recursively merge nested hashes.

https: //docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#combining-hashes-dictionaries

Change-Id: Ie081e4e9bdf84e0f3c1f0116fcd6c76e47573895
2022-01-11 19:18:58 +01:00
Jonathan Rosser 6b1c3f831a Remove support for Ubuntu Bionic
Change-Id: Ib13ee61f9f61bf56eaa71dfe41bd7cbf8c28675d
2021-12-08 07:17:06 +00:00
Jonathan Rosser 00dcec6420 Remove testing on debian
Remove testing on buster as this is no longer a supported OS for
openstack-ansible.

The job causes kernel panics on bullseye so does not generate any
meaningful CI results. Restore testing on bullseye when zun when
this is fixed.

Change-Id: I91f5d67129065b281b3a22281d0eae9ff89786c0
2021-12-08 07:16:47 +00:00
OpenStack Proposal Bot 132afb8670 Updated from OpenStack Ansible Tests
Change-Id: Ife0214e2da129c5f3b2ffb3475bb0d91a7fcf3c5
2021-12-04 17:42:06 +00:00
Damian Dabrowski 954c0a96d0 Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ib258eeb4989236215d645b21ed25f9d35c3a2a0a
2021-12-03 13:47:46 +00:00
Zuul 34b01f7c6d Merge "Refactor definition of lock path" 2021-12-02 22:59:49 +00:00
Dmitriy Rabotyagov ae6f549766 Refactor definition of lock path
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819300
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/819298
Change-Id: I0fb662cc3fe241bf3934306b7ee8a3c8fdbcf747
2021-12-02 10:10:56 +00:00
Dmitriy Rabotyagov e72c788d94 Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.

Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.

[1] 78f0cf99e5/pymysql/connections.py (L267)

Change-Id: I8b7b266d2a0633b40d38581e734ad00714b89885
2021-12-02 08:07:37 +00:00
Dmitriy Rabotyagov 019bea7ce8 Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814



Change-Id: Iaf7027616c1c99121b07fb26fe9261e546d084df
2021-12-01 18:16:06 +00:00
Andrew Bonney eb78628c36 kata: disable installation on debian bullseye
Kata packages for debian 11 are not currently available without
involving Snap or source builds. As Kata is not essential to run
Zun, installation is disabled, but deployments could install it
themselves before switching 'zun_kata_enabled' back to True.

Bullseye CI is disabled temporarily as kernel panics are
encountered during tempest tests. This wastes a significant
amount of CI time.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/819304

Change-Id: I90fc8304dc7c398fdfccba31173c86f0cbf0ea7e
2021-11-30 17:07:03 +00:00
likui 46162be8e4 Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Change-Id: I641fc11045b02451c3d6d46f058eba7beef68da4
2021-07-03 21:33:55 +08:00
Zuul f51699d0e7 Merge "Add variables for rabbitmq ssl configuration" 2021-05-26 11:55:55 +00:00
Dmitriy Rabotyagov 930f3ad014 Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.

Change-Id: I97294abdb29266a0989b3399d5c25b32dbc39112
2021-05-23 09:31:19 +03:00
Jonathan Rosser 796e49fa5b Add variables for rabbitmq ssl configuration
Change-Id: Ib261b39367603d386fe8416c407bfb7770afa844
2021-05-18 12:55:19 +00:00
Jonathan Rosser 599e30daaa Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654

Change-Id: Ie427a6343fd888c9a1dd5c37a6285d33cd008b3e
2021-05-05 11:57:35 +01:00
Zuul f1c847b1df Merge "Allow to override zun policy files" 2021-04-21 23:16:35 +00:00
Zuul f62fef7afb Merge "Fix oslo_messaging topic condition" 2021-04-21 23:02:28 +00:00
Zuul 77b0d49ba1 Merge "Fix u-c filter regex" 2021-04-21 17:50:54 +00:00