* Update openstack-ansible-os_cinder from branch 'master'
to 7e2cf5283f9cfb3a8a02263a3c0b0bd4d0518a58
- Restart cinder-purge-deleted service only on abnormal exit
Default value of Restart for any service which type is not `oneshot` is
`on-failure`. While this suits most usecases, this leads to unexpected
consequences for cinder-purge-deleted.service.
In case there're some historical inconsistencies in the database which
make impossible to flush deleted volumes from the database
(ie due to prior manual intervention), cinder-manage exists with code 1
which triggers systemd to restart the service and attempt cleanup again.
The troublesome part is the transactional behaviour of the script. With
each run it locks records in it's transaction that is failing and being
reverted in a loops with 2 sec delay, that not only causes unnecessary
load for database itself, but also causes deadlocks during operations
with volumes that are not being re-tryed and fail with 500 return code
in cinder-api.
Changing Restart to `on-abnormal` will leave service in a failed state
and systemd won't attempt to restart it.
Change-Id: Ib091cc11a16fcd31ef351d9ec21d070d25829791
* Update openstack-ansible-os_cinder from branch 'master'
to b9b06052cba70b65d797112c441d244f7efa48aa
- Fix example playbook linters
Change-Id: If0873fd38d40cb2317e644e20f5be5334753d79a
* Update openstack-ansible-os_cinder from branch 'master'
to 79ccde30b45aa3385f253a5fa7057344d2a04fbb
- Split lines to not exceed 160 characters limit
Change-Id: I1e35c59edff17f19916258eee2a8b0a8bc77958f
* Update openstack-ansible-os_cinder from branch 'master'
to 24648387ccc6cde6ccdbc134b539bebb3c6618d6
- Merge "Add quorum queues support for service"
- Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/875399
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/873618
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/873632
Change-Id: I9e1f87fd2c396eb4b48459c3055b43678fae296a
* Update openstack-ansible-os_cinder from branch 'master'
to ae713f9c8c8a1497064f4690d50e91ee379a21d9
- Merge "Use proper galera port in configuration"
- Use proper galera port in configuration
While <servuce>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I6b910817ddc6eab68f815f776faeee432e55012e
* Update openstack-ansible-os_cinder from branch 'master'
to 5f6e86a7da3fead4e50ef5578d0bfd7911aa601a
- Merge "Fix linters and metadata"
- Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I671cc35a055b35fb249ad3054c45ec65f2b54ab4
* Update openstack-ansible-os_cinder from branch 'master'
to 3c014fb2b68db0fbcc4869370f75223f18cbc039
- Reduce memory consumption in Cinder services
This patch reduces memory usage for Cinder Volume and Backup services by
tuning glibc.
The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.
This is the equivalent of the devstack proposed patch from Change-Id
Ic9030d01468b3189350f83b04a8d1d346c489d3c
Related-bug: #1908805
Change-Id: I066ee76fe0cef9443f9e9f1ed3c8062d6c6f8566
* Update openstack-ansible-os_cinder from branch 'master'
to 2820fcc1d6f0b48e9d25a6bdf5f78d629efb1f0c
- Use v3 service type in keystone_authtoken config
The service type in this config section must match the service
type in the service catalog, otherwise limited scope application
credentials will not work with the cinder API [1].
[1] https://docs.openstack.org/keystone/2023.1/user/application_credentials.html#access-rules
Change-Id: I711241af8f7520b97f2b1cafd1406ff705fb78a6
* Update openstack-ansible-os_cinder from branch 'master'
to 1af3003e163e09f917dd124ae874f1bea6fe2c6b
- Define service_user for cinder services
In order to cover OSSA-2023-003, a requirement to define service_user
section for all cinder services has been added by cinder.
Change-Id: I19c2b03c61f714fedb593da8489e50d3fa08d933
* Update openstack-ansible-os_cinder from branch 'master'
to f16036e1f1d8898a528e6ad17a4f7c079cb26beb
- Add way to periodically trim Cinder DB
We're adding a service that is responsible for executing db purge.
Service will be deployed by default, but left
stopped/disabled. This way we allow deployers to enable/disable
feature by changing value of cinder_purge_deleted.
Otherwise, when variables set to true once, setting them back to false
won't lead to stopping of DB trimming , so timer would need to be
stopped manually.
Change-Id: Ic5ae8c778bff2858fcb31c85d4b910805e452c3f
* Update openstack-ansible-os_cinder from branch 'master'
to 1732bff64b1d901a5ccf45340b8bc5c7520b9d44
- Merge "Add TLS support to cinder backends"
- Add TLS support to cinder backends
By overriding the variable `cinder_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the cinder backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Ib682499e900071db38cc2fd7c30822d0c33dba38
* Update openstack-ansible-os_cinder from branch 'master'
to 7e076b39a42371a40b0622b4a59e9e52e34440aa
- Move online data migrations to post-restart step
It's supposed that online migrations are executed once services are
upgraded and restarted after upgrade. Eventually, you can run
online migrations before the next upgrade according to the doc [1]
So we move that to a separate file that is executed after all services
are upgraded and handlers are flushed. Tasks are delegated to API hosts
and we clean up facts for them as well.
[1] https://docs.openstack.org/cinder/latest/admin/upgrades.html#database-upgrades
Change-Id: Ic3ecdddd7dcc2dd617c8606278590c8e59230fdf
* Update openstack-ansible-os_cinder from branch 'master'
to 92aba932b1dcb14b12a21ba9a34c19b71821713b
- Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879671
Change-Id: I8140add1a4e4fdacee89bd29bd2e3c87eff0953a
* Update openstack-ansible-os_cinder from branch 'master'
to 369f01589c6d2a26f03fe5e30f2ff210dd9fb826
- Remove rsync requirement for cinder
We used rsync to synchronize filters from rootwrap.d. However, with
smart-source that is not needed anymore, since /etc/cinder is simply
a symlink to the source directory of rsync. We still need os-brick
rootwrap linkage though.
Change-Id: Ib1571c5be67155b584c412da8336de49bc80d948
* Update openstack-ansible-os_cinder from branch 'master'
to 492e519b9846b4527e1e1275a59e712ecaf0ed70
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Id4cda2eb6ffdb55a80e555b33b1cae9ee4c5f67c
* Update openstack-ansible-os_cinder from branch 'master'
to bfb256d49b2e5f75d6ac727b61b4c4afbc992bdd
- Define local facts separately only for distro
We do define local facts locally using python_venv_build role so no need
to do the same as a separate task for source installs. Though these
facts are still needed for distro path.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/862924
Change-Id: I5e4717a780a20914bba345bc0e0e275d6ee7b81f
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible/+/866126
* Update openstack-ansible-os_cinder from branch 'master'
to dd9051ed365daa7ab080b9debba1e5cec7d4e4ff
- Merge "Replace git-core with git for debian"
- Replace git-core with git for debian
With ansible-core 2.13 it tries to substitude package resolution in apt
module.
However git-core is used in Debian as transitional name, but ansible
tries to select it and provide version, which is not correct behaviour.
But since git-core is not really valid anyway, we just replace it
to workaround ansible's imperfectness.
Change-Id: Ib0a75886baffec27c8a7d38d729623c7b41216eb
* Update openstack-ansible-os_cinder from branch 'master'
to 0d4b99404946d1cbffcd814657d02d9deb9442ac
- Add nfs and ceph jobs to templates
With changing cinder code we potentially can break some backends.
In order to detect this in time we are adding ceph and nfs scenarios.
We also fix lvm backend for use on RedHat.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/859339
Change-Id: Ifceb2b816199339ec7725bd95cc890595eed95d9
* Update openstack-ansible-os_cinder from branch 'master'
to 13bf575d233cdf804ef6c0adecc606941fa62aae
- Remove redundant vars line
This line was introduced by I21f84809c44ac4be0165fadfb8da67bbcbc9b05c
for centos-7 support, and should already be covered by the
distribution_major_version line above.
Change-Id: I5d5f84b84de35763024709212e0673607127e264
* Update openstack-ansible-os_cinder from branch 'master'
to 75d7ae90933eab7260abe521bbcdc45d3cf4e7dc
- Remove oslo_policy section from cinder.conf
policy.json was deprecated.
Remove the oslo_policy configuration which was still using it.
Change-Id: I0215bb17219745ab2c838a1999caf0a7baa4242d
* Update openstack-ansible-os_cinder from branch 'master'
to 5fadeff98bd3012e5e8d3d71841f9488a0c8f433
- Merge "Support service tokens"
- Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I1d0156a2ad829aa730419e1d9dfa1cd49026a6be
Related-Bug: #1948456
* Update openstack-ansible-os_cinder from branch 'master'
to c07280e33901db379627751b632c775ada14b026
- Merge "Forcefully remove Cinder v2 endpoints"
- Forcefully remove Cinder v2 endpoints
Nowadays Cinder does not support v2 api so it makes sense to ensure
that these endpoints or service is not present in catalog.
Change-Id: I62a4ba182cc752a5bc4f6e8c4d2430f7e7aafe54
* Update openstack-ansible-os_cinder from branch 'master'
to f3b2abb8876b5152fbe379b061b43095eb8556e0
- Remove mention of haproxy-endpoints role
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I0c055393ccb1c8d61affc2c1bb6d01f0c329afe9
* Update openstack-ansible-os_cinder from branch 'master'
to 091b2dfa7246eb94c35816778ee1ae2bcbed5b34
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I46594578f4e686d02522477255e99ea157cadec4
* Update openstack-ansible-os_cinder from branch 'master'
to 9c170cf1f5859fef21cee53392ebef36e86d7e42
- Merge "Setup db/mq/service during scheduler run"
- Setup db/mq/service during scheduler run
According to our playbook, role runs against api last, after scheduler,
volume and backup services are already setup.
It makes difference only when cinder-scheduler and cinder-api are
deployed to different targets.
Change-Id: I18f68b5cb9dd60d9cf72850e840d0459e1245b76
* Update openstack-ansible-os_cinder from branch 'master'
to 252010bb8ad051d7a3803d6d1861a1345b5d8eaa
- Merge "Allow to run cinder role in check mode"
- Allow to run cinder role in check mode
Always fetch config files as it's treated as safe operation.
On top of that handle case when there's no local config specified.
Change-Id: I5f5f36da96672679d6801c2a52c58d86657ca612
* Update openstack-ansible-os_cinder from branch 'master'
to 66eb424de5029d92d5bf6cdd3992d9e0c8e2a63a
- Add the ability to disable send_actions option in cinder-volume-usage-audit service.
Change-Id: I351279dab0d90e60573df7db4c80b63320dff787
Closes-Bug: #1968734
* Update openstack-ansible-os_cinder from branch 'master'
to 6efa45e2bdc3d478eead0b8d7b179c2ed49f9841
- Add configuration option for heartbeat_in_pthread
This configuration option has been observed to result in file
descriptor leaks in certain circumstances. A variable is added
here so that it can be easily overridden.
Related-Bug: #1961603
Change-Id: I8155264b181d6f21728804ef8260979931597427
* Update openstack-ansible-os_cinder from branch 'master'
to 9f2bf29db8ef921cfad7857dcb7652436d0d887b
- Merge "Use common service setup tasks from a collection rather than in-role"
- Use common service setup tasks from a collection rather than in-role
Change-Id: I4ffa85e918e515dde2fcae86ff5cf872e65a82c4
* Update openstack-ansible-os_cinder from branch 'master'
to e9531f6241cf1aed385f36f7fc9be7aacf25a185
- Merge "Refactor use of include_vars"
- Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I5c50529b5e73bac6094c203d49a32497c7a388c3
* Update openstack-ansible-os_cinder from branch 'master'
to 210cfc5f8f9296d8edfcbf2e862934996b396e20
- Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: Ib445e0ddd01d52314e50ca6edd2fa20e5f6ef3eb
* Update openstack-ansible-os_cinder from branch 'master'
to 53a3fa06728fb5ac3b324b2595c8850721c4c1e7
- Merge "Use config_template as a collection"
- Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: Id31fde6375ab5ebf90e1f13b11f80d43773e4c54
* Update openstack-ansible-os_cinder from branch 'master'
to a10ca593d70ac39e78d4962c114ba4d7f81ef437
- Merge "setup.cfg: Replace dashes with underscores"
- setup.cfg: Replace dashes with underscores
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: Ic11cb6341023cc807336e82b16f8c80b4be5c3b7
* Update openstack-ansible-os_cinder from branch 'master'
to 206bd0003f5663a91a68c42cf63e148c157f9b52
- Merge "Refactor galera_use_ssl behaviour"
- Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: Ieab4ab2e36e4953961841be334ff16162f7daeb8
* Update openstack-ansible-os_cinder from branch 'master'
to 2cf00fc1349711b6b3a0d16e7cdd26c7378852d4
- Use management_address by default
management_address is defined in group vars and by default set to
container_address which is valid default
Change-Id: Ib9373ba7d09845ad0fc5c8578db18ffd87e48b20
Related-Bug: #1941068
* Update openstack-ansible-os_cinder from branch 'master'
to 4022e8950e5323bf9b5112d54c5c0b24257d7252
- setup.cfg: Replace dashes with underscores
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: Ie59f37d798873da90fb4b2c25699c2f4c62531ba
* Update openstack-ansible-os_cinder from branch 'master'
to 013ee8a35d7486d12a798253f6f0658b1b4534dc
- Merge "Changed minversion in tox to 3.18.0"
- Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 python in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23
Change-Id: I29867734a0f1c9d8f09b839d7055f9875c1bbc7c
* Update openstack-ansible-os_cinder from branch 'master'
to 6d2b8b8de3d17c244725f9a8077e7544c654d303
- Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23
Change-Id: I572854e4b001fbf559718c785f886590df1dd225
* Update openstack-ansible-os_cinder from branch 'master'
to d120669a7d8f14af3ab1ba1ee3b438ac88225358
- Remove obsoleted packages
We drop py27 library as it's deprecated and should not be used anywhere
zlibc is also not maintained for a while and has been removed in
bullseye. But it should not be required by other distros/packages anyway
Change-Id: I5835f538634900d210e236b49fb64271d43e9861
* Update openstack-ansible-os_cinder from branch 'master'
to 71eb6c4c10c23790cc838731b2024f50a0ed4a8b
- Disable Cinder v2 API
Cinder v2 API has been deprecated in Pike and it make sense to
disable it's creation by default. Doing this we also will drop catalog
records and service during upgrade
Change-Id: I11986bfe6d2af5e671b7008a71a58538d0576336
* Update openstack-ansible-os_cinder from branch 'master'
to 9e6ba16bc95d8ca36277e42015bb0d21e27c050a
- Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I16531da2fb45dde15b57dcd1b09ec1e471d1addb