With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I74cefdfa885fa26dd7199fd0798527f511bf329d
By overriding the variable `repo_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the repo_server backend.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I5c5d3dd5689ac122781303ad21dacc8a1fa746eb
If a repo container and its data are deleted and recreated then it is
not currently possible for a loadbalancer healthcheck to differentiate
between an empty repo server and a correctly synchronised one.
This patch creates a file 'repo-sync-complete' as part of the process
of synchronising repo contents from master repo servers to slaves. The
presence of this file on the slave can then be used as the loadbalancer
healthcheck to ensure that repo contents are only served once sync has
completed.
In addition, this patch ensures that synchronisation occurs from the
master to a reprovisioned slave by triggering a master repo server lsyncd
restart handler during the initial setup of the slave repo server.
Currently, a freshly provisioned repo server will remain empty
for an indeterminate amount of time, this patch forces a complete re-sync
to occur.
Change-Id: I6913341674dbde5524c2270e824bda4544211eca
The apt-cache was removed a long time ago and these tasks should
already have been removed in the Train release. Remove them now.
There is no change for existing deployments as these tasks are no
longer required as the apt-cache component of the repo server is already
retired.
Change-Id: I42785ee153955eb6e72bef01c26791ae8eec2087
Caching git repositories has been deprecated in Queens, so it's high time
we removed this functionality.
This shouldn't influece OSA deployments in any way.
Change-Id: I35829aa35489f06dbb3b65f522f0a08318eccbfa
It is no longer needed because of how we are using python_venv_build
at the moment, so let's remove it.
Depends-On: https://review.openstack.org/648477
Change-Id: I56531388fb49a8c3d098fd762392299742b0e120
The repo container's package cache causes quite a bit of confusion
given that it's a 'hidden' feature which catches deployers off-guard
when they already have their own cache configured. This is really
the kind of service which people should manage outside of OSA. It
also makes no sense if the deployer is using their own local mirror
which is a fairly common practise. Adding to that, it seems that it
is broken in bionic, causing massive delays in package installs.
Finally, it also adds to quite a bit of complexity due to the fact
that it's in a container - so in the playbooks prior to the container's
existence we have to detect whether it's there and add/remove the config
accordingly.
Let's just remove it and let deployers managing their own caching
infrastructure if they want it.
Change-Id: I829b9cfa16fbd1f9f4d33b5943f1e46623e1b157
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: Ib73373d8801c9eedd7c6e92b994a2fba0349ed90
This patch implements nginx as a reverse proxy for python
packages. The initial query will be to a local deployment
of pypiserver in order to serve any locally built packages,
but if the package is not available locally it will retry
the query against pypi and cache the response.
Depends-On: Id20a43fed833d53ca0f147f517deafba6587352d
Change-Id: Ic4fd64f4dc82121a65088f3d7f4ae53f373df608
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Retries and daemon reloads are added to all the handlers
and the ordering of each task is set out according to
the same pattern as they keystone role.
Change-Id: Icc250e811fb89024f3f3c2f9520d1a6c9c21f0d3
The variable repo_auto_rebuild appears to have been
introduced in kilo, but never used.
The 'Init reload' handler is no longer required as
all services are now managed via systemd and the
service module.
The 'reload ssh' handler is also unused.
Change-Id: I1078ff7d2bd1acd0d1cea90fb90bc632386f0daf
In I62321a7b62dabca469eb072ddbf4e8f250ce0fb3, git daemon was added to
support hosting git repos from the repo server over the git protocol.
When the integrated build transitions to using it, fastcgi and all
related configuration can be removed.
Depends-On: I09bc504490d4b5114895f7f646fc8254748a7f41
Change-Id: I7ec8277d3883d1f8891de6ae2b0881fe026a34c8
This change implements package caching on the repo server.
To take advantage of this a deploy will need to do nothing more
than setup an apt-proxy configuration file. This will speed up
package delivery while also providing ha capabilities within the
environment.
Change-Id: I78b2fba6a1f294751bd7098513060015cb41300c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Separate files have been created for vars and tasks related to a
specific package manager.
The 'repo_apt_packages' variable has been deprecated and renamed to
the more generalized 'repo_server_packages' to better describe its
purpose and to simplify reuse of existing install tasks between multiple
distros.
git daemon is configured to host git repositories from the repo servers
using the git protocol.
Currently, openstack-ansible uses git over http to access repositories
on servers created by this role.
fcgiwrap and its configuration within nginx should be removed in a
follow-up patch after openstack-ansible has been updated to use the git
protocol.
Change-Id: I62321a7b62dabca469eb072ddbf4e8f250ce0fb3