This change aims to merge 2 lists together by leaving only unique policies
by their name. With that, the one provided to the the role during include
will have prescedence over the default one.
Change-Id: If4d51a0ec6c746c35f436bea1be5b5e403bd0586
Policies were always applied to target `all` aspects and
there was no way to have them target only e.g. exchanges.
This can be important though, see [1].
This change enables the use of the apply_to parmeter via the existing
variables while maintaining `all` to be the default.
[1] https://www.rabbitmq.com/docs/parameters#how-policies-work
Change-Id: If09fdaf413ed6f8fd67624ff0edbf617edd126b1
This change permits overriding of the host used to bootstrap the
cluster. This is necessary when the cluster already exists and
a new (or upgraded) host needs to join an existing cluster. This
only works when actions are performed from an existing cluster
member.
This patch additionally resolves an issue where the volume
creation step can fail if the bootstrap host's peer names don't
exactly match those being passed to it (such as when they end with
.openstack.local). A restart of the service fixes this by reading
the correct hostnames back from the peer files.
Change-Id: I7127cb86e81abc982290681d24b8a6554a46f58b
This adds new role that aims to provide a handy structure to manage
openstack resources, like flavors, networks, aggregates, etc. It's aimed
to be re-used not only inside OSA by creating common resources,
but also by operators to automate their routine.
Change-Id: I81a9cd612931b84468343948b315db193acd8923
The provider_networks module returned the network_mappings in a random
order changing with every invocation. This returns the entries sorted
and adds a test to ensure the ordering is consistent between
invocations.
Change-Id: Iaec4534ebd8ff80cf7c7e3a1c8f187dd3990e4bc
During include we're iterating over users, which also exposes user
actual password to stdout and logs.
Change-Id: Icef8c89a1c0daf01cfc1abd53322333ba2f06d92
This is the same code as in common/tasks/os-lxc-container-setup.yml
but can now be called using a FQCN from code in openstack ansible or
any other collection.
Change-Id: I5beb9609366e82fabaec65f98731c501d659d3e7
This was previously common-playbooks/haproxy-service-config.yml
in the openstack-ansible repo which was like that before collections
existed.
Moving this playbook into a collection allows it to be called
by FQCN from any other collection which might be useful when
extending openstack-ansible.
Change-Id: I41e18cbb83bd157cac371ebf311a279991218a83
From time to time it might happen in deployments, that some project
will create a service user in their domains. When this happens and
domain is not supplied for the role_assignment module fails with
multiple users with the same name exist.
However, domain param is used not only for lookups but also for
scoped assignments [1]. When project is not supplied, domain scope
will be assigned. And when domain is not defined, then system scope
will be applied. But since all projects (except keystone) have reverted
their system_scope efforts, we can safely set default for the domain
to workaround potential issues with lookups.
[1] https://docs.ansible.com/ansible/latest/collections/openstack/cloud/role_assignment_module.html#parameter-domain
Change-Id: Ia406d101632806d18495380d8911468ea14bc502
To allow encrypting connections of db_setup tasks, include the
check_hostname option to verify a server host name when an SSL
connection is required.
Change-Id: I6b77c828d251aeee53b83404e7e3131e3f61cbb1
The decorator is used when calling exec_command, which in turn calls
exec_command from the original SSH plugin, which calls _run
that has it's own retry logic.
This patch removes the retry logic from the openstack-ansible
connection plugin and relies on what is present in the original
SSH connection plugin.
Change-Id: I28cd7a8321665d52d123ae14336346d14df82a36
This was done in the constructor and also via get_options,
this patch simplifies the constructor and relies on get_options
to populate these variables.
Change-Id: I3f5896d4f4a6286ad8d587a745f24a4f6dd226f0
This code is only ever called from functions which have already
checked if the target is a container, so the check is duplicate.
Change-Id: If63269719881c04804d6d17f6134cc67ab0bb9a7
The code can be simplified by removing nspawn support that is
not longer used in openstack-ansible.
Change-Id: I88daf27351968d3e66a837fa09ffeac6ed853e8c
The code calls the container check method many times which
generates a lot of log messages, so instead set a flag to indicate a
container and then use the value of the flag.
Change-Id: Ie6297359fd9c8129faf08b9842d297ade99dcade
CI is failing on octavia and telemetry with error like this
https://paste.opendev.org/show/bLIL6EZRZYxoBb7p6qdo/
This patch removes the duplicate code path when the user role
is a string or list and ensures that the role(s) are always
a list when including the setup_roles tasks.
Change-Id: I5ffe04b5f3a199cf2b6cdf5161f12fc1f62cb435
Last test, that tries to delegate to a host that is not part of inventory
requires an SSH access to such host.
Since with latest changes to lxc_hosts repo [1] we do not install
SSH server nor provision SSH keys to containers by default.
As additional profit we now have a functional test of the ssh_keypairs
role.
[1] https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/889945
Change-Id: Ia6b0f4406d0c2244327c2eb9fdee9a53462557c5
Only "Add keystone domain" task does not have a default value for
_service_adminuri_insecure, while in all other places across
the role this is True by default. To align behaviour of tasks, we set
_service_adminuri_insecure to True by default.
Change-Id: I6b7dff5c4277f8745844966645c5eeeea4b7e467
At the moment there is no way to override cloud name for service_setup
which might be useful for usage of the role outside of the OSA setup.
This intorduce `service_cloud_name` variable for this purpose.
Change-Id: I0790e4a29cb9378dac126149554f936d80fe707c
Since latest ansible handlers are not triggered inside the same
handlers flush, which means that triggering mysql restart
the way we did does not work anymore. So instead of
notifying inside handlers, we add listen key to tasks
that are triggered by these newly produced notifications.
This could be due to the bug [1], but ansible-core version that has
backport included still shows inconsistent behaviour
[1] https://github.com/ansible/ansible/issues/80880
Change-Id: I33a590e329cd455c9357d569867247f723d8a64a
Due to the bug [1] in CentOS packaging, systemd-udev is substituted with
systemd-boot-unsigned. So you need to use NVR to properly
install systemd-udev until the bug is fixed.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2183279
Change-Id: I3129b75af1127c62a0bd1cee39586730c5f6589c
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I626739e80fd28e95bb6cf350ab310f1814d61604
At the moment we always do attempt to reset passwords for the
keystone services, which in some cases leads to race conditions in
services. Thus, running a role is not idempotent which we fix by
introducing a `service_update_password` variable. So whenever password
needs to be reseted/updated, the variable should be supplied for that.
Change-Id: I11b1046ea91cef7de0b2f6433baabbb144e07700
Closes-Bug: #2023370
This change enables us to supply list of vhosts that needs to be
created or deleted, rather then support only single vhost creation
We also reduce code duplication by leveraging task includes.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/880031
Change-Id: I76548f45a20db29c1bfd5db332b490b670d973a4
This reverts commit 54cf778a8b.
Reason for revert: This patch ideally should not be needed at all, since originally task was failing already after "Install gluster repo packages" task, but this task was not installing systemd-udev for some reason, while installing glusterfs-server.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879069
Change-Id: I5bd6250a3961ea056f73886484e9ac67a7090aff
We're relying on udev to exists for glusterfs since we're
applying overrides for it as well as attempting to restart.
While systemd-udev seems not being pre-installed in all CentOS
containers anymore, so we should ensure it's installed
before trying to adjust it's unit file.
Change-Id: I7d952b371bdfa41c17eaa4248b8249ca772258bc
Custom linear plugin was added long time ago.
Nowadays it causes issues with loop conditionals.
It's not really needed these times. Everything works fine without it.
I also didn't notice any performance degradation after disabling it on
my AIO.
Closes-Bug: #2007849
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/874482
Change-Id: I607ea3f06dc3cd5d68dcffb291a958664a41baf1