* Update openstack-ansible-os_glance from branch 'master'
to bf25a670ff4a229d7412e85051577f7829168495
- Add worker_self_reference_url to glance configuration
This is a new requirement for glance in 2024.1
Change-Id: I6b696d4ccba91bcf84d92f29de49f3c6def784ac
* Update openstack-ansible-os_glance from branch 'master'
to e8de2a5f0b2faeb0774e60d5c5c8ff15b1139c02
- Add property protection configuration
Allows to configure property protection according to
https://docs.openstack.org/glance/latest/admin/property-protections.html
Change-Id: I9b4c0985969a4945ce8a1058206376b0347fbb27
* Update openstack-ansible-os_glance from branch 'master'
to f375f499c03d8df2b088d8d76670dd3164ed24d8
- Merge "Enable uWSGI usage for Ceph backends"
- Enable uWSGI usage for Ceph backends
Since upstream bug [1] preventing us to disable uWSGI for Ceph was fixed,
we can remove extra logic of disabling uWSGI usage when Ceph is among
configured storages.
[1] https://review.opendev.org/c/openstack/glance_store/+/885581
Change-Id: Ibcd9df6a547febb8f47b88d0c98277b46faf489c
* Update openstack-ansible-os_glance from branch 'master'
to 2f4344550b315b2d18267da500c8ce6814579e01
- Fix iteration over backends config
Backend config is a dictionary and it's attempted to be iterated as dict,
however it was missing items() call.
Issue has been introduced with the patch [1]
[1] https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/901034
Change-Id: I0a6a96a70f05815871a499935a61af9993186edb
* Update openstack-ansible-os_glance from branch 'master'
to e4acad2bb660d2776bc86e30e7791f9f9adb5c4e
- Fix cinder store configuration
According to configuration guide of using cinder as a storage [1], some
auth data should be provided in storage section.
It also needs show_multiple_locations to be enabled.
[1] https://docs.openstack.org/cinder/latest/admin/volume-backed-image.html
Change-Id: Iacd5b74cbda1fdf48a073dc17b42caa37c2359e5
* Update openstack-ansible-os_glance from branch 'master'
to aa69a6fe5cbe4d7fd1155c7d6a78a4ffe2708e4c
- Make glance_additional_stores work nicely with multi-store
While we assume that glance_additional_stores can be list of mappings
for multistore glance support, bunch of other logic in role still treats
it as simple list and make verifications against it. So in case one
dares to override variable according to our suggestion, they also need
to override bunch of other things.
We change defaults for `glance_available_stores` variable and always
define it as a multistore list of mappings.
Then we introduce a variable `glance_available_store_types` that is a
list of types for each of configured storage.
Logic of how storages are defined in glance config is also changed now.
Storages won't be defined if there's no "default" record for them in
glance_available_stores.
For each new store that deployer wants to provision, they now can pass
`config` key for glance stores, rather then use config overrides.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/901041
Change-Id: I1416e0f6e3ed79abd10f468b52fc712d35a61bd2
* Update openstack-ansible-os_glance from branch 'master'
to ff895d3bad354e5117a7af032c51b104007c3f4e
- Remove glance_cinder_store filters override
At the moment glance_cinder_store.filters is distributed through
glance_store [1] package.
Moreover, for quite some time glance has migrated to using privsep [2]
so internally maintained filters are not up to date anymore.
[1] f3f5bdb45b/etc/glance/rootwrap.d/glance_cinder_store.filters
[2] c369ba013f
Related-Bug: #900930
Change-Id: Ie097a019f058bac123acf14f51253c272c56aca5
* Update openstack-ansible-os_glance from branch 'master'
to c2428ab8da9cc3868b5ae86140a63e4a33e28eca
- Add glance_bin to rootwrap defenition
At the moment rootwrap can not find privsep-helper binary as it's located
in glance bin directory, which is inside the virtual environemnt.
In order to properly use privsep we must define venv bin directory in
allowed exec_dirs of rootwrap.
This also introduces new variable `glance_rootwrap_conf_overrides`
that allows to manage some extra overrides for rootwrap if needed.
Closes-Bug: #2043503
Change-Id: I4ee3fc33fdbeb50fc7b102bf62d6134f83c5925f
* Update openstack-ansible-os_glance from branch 'master'
to 289ce991c420d7114b3a71a95602404e8ad7b0a0
- Use correct default for glance_mount_points
Back in Yoga we've refactored way of mounting remote filesystems
for glance while keeping backwards compatibiltiy [1]
However, there was a copy/paste error made while defining
glance_mount_points with old format of glance_nfs_client.
[1] https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/837550
Change-Id: I755822089bf406f532a718db5b84df553cbc2084
Closes-Bug: #2032771
* Update openstack-ansible-os_glance from branch 'master'
to 2fcec5f55f3748b6caf0fa028cf2fd21264cdd21
- Fix example playbook linters
Change-Id: I6962b83ec44db6d9edd0da6efbb58e1485f812a0
* Update openstack-ansible-os_glance from branch 'master'
to 8e36b597454b48228f7fe920909f8486b8c04bc2
- Split lines to not exceed 160 characters limit
Change-Id: I05029ad2a2a8e351ecc7236cb779a045c3a44403
* Update openstack-ansible-os_glance from branch 'master'
to 946c452af78aee58eb11ba4988e79994d10b739c
- Define constraints file for docs and renos
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: Ic65b9abc930e151f06d69fb9474a813cb504d7ed
* Update openstack-ansible-os_glance from branch 'master'
to cb6987454002505268e298b95b57e4a819ad17db
- Merge "Use proper galera port in configuration"
- Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I6967d3832396f375580039c73510ea4f02002b3b
* Update openstack-ansible-os_glance from branch 'master'
to 2b0da5f56234db118ae72fbda27931befc813430
- Merge "Fix linters and metadata"
- Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Ifb3711157e77d5c917d05e4a384dead2abe72a7c
* Update openstack-ansible-os_glance from branch 'master'
to bf912df1e3df6a98958944954604fbcdc07f9311
- Apply tags to systemd_service include
In order to be able to use tags to run systemd_service role solely,
they must be applied properly when role is included.
Change-Id: I121167e87b7aa68a75af17cbde084de5b1961264
* Update openstack-ansible-os_glance from branch 'master'
to 1f989219b404934164ec0107bd0e10b00ad6628c
- Merge "Add TLS support to glance backends"
- Add TLS support to glance backends
By overriding the variable `glance_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the glance backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I5a0302c2fcc73a869de5633b2332a3b53c99590e
* Update openstack-ansible-os_glance from branch 'master'
to fafd49959e0f2c77dc29b9b35f1ff5a1360b0c0e
- Move _glance_available_stores to defaults
We need to define _glance_available_stores outside glance role to
use it in haproxy service definition.
It's a good idea to make `_glance_available_stores` public by moving it
out of role variables to role defaults beforehand.
Change-Id: Ieb10a0e5c9faf72c6bea4c45f7e216469971a1f3
* Update openstack-ansible-os_glance from branch 'master'
to 3fac9b19856127ad272805c8abe7422ee8b3b6d8
- Merge "Ensure service is restarted on unit file changes"
- Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I5a52c0de14ee3a6215edb64dbc3bd48512d57e2e
Closes-Bug: #2009029
* Update openstack-ansible-os_glance from branch 'master'
to 295533132b6d143fe9d0499545fa0d396a633b49
- Disable uWSGI if ceph is used as a store
At the moment there's an issue with chunking in case uwsgi is used
with ceph backend.
Change-Id: I48feac2ea789782e55bd49196e631cd4df9778ce
Related-Bug: #1916482
* Update openstack-ansible-os_glance from branch 'master'
to 7b88f5a74e1f94d2ae30c391fa87de221704b930
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I0e6b4917786b6b5d2d983db092bc45f635abea2c
* Update openstack-ansible-os_glance from branch 'master'
to dd9bb7aa84c210aa3b72e2e9f9ee0c41ea686832
- Merge "Stop using need_service_restart local fact"
- Stop using need_service_restart local fact
We can reduce complexity of logic on when to restart glance as we
anyway leverage in-role handlers to restart service when needed.
Patch adds also triggering service restart when install_packages
are changed.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/866693
Change-Id: Ieeeb9bc3b8922700e0c70f150cf1af0a75c805ea
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible/+/866126
* Update openstack-ansible-os_glance from branch 'master'
to 5bc252de44343f0fd38782f9be5a89fbdef28f8b
- Add external_lb_vip_address to glance_cors_allowed_origin by default
Since ``horizon_images_upload_mode`` is enabled by default and
``glance_show_multiple_locations`` is disabled by default(turns out
it's not really required), we should add ``external_lb_vip_address`` to
``glance_cors_allowed_origin`` as default.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/862167
Change-Id: I6d13e1e985f8e3bbb97b0af7063b469cb4b2dbca
* Update openstack-ansible-os_glance from branch 'master'
to 504e641ed41c4447c0341f705a0aeb24c4069273
- Merge "Remove redundant vars line"
- Remove redundant vars line
This line was introduced by I65d8e66673f5372fe880680a035842ffcd775ac2
for centos-7 support, and should already be covered by the
distribution_major_version line above.
Change-Id: I8a2a93aa3ecbb01451e940b7e71e5ac5bf48b880
* Update openstack-ansible-os_glance from branch 'master'
to 152abb5f6c680553bfad9bfee739d07d8767aeb3
- Merge "Support service tokens"
- Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: Ib7fd1a80affe0fa8c6b030fdbfdd60693f104cd6
Related-Bug: #1948456
* Update openstack-ansible-os_glance from branch 'master'
to 613e645a203769119162dc26cccc153c9f013a4d
- Remove mention of haproxy-endpoints role
Role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I01225e479e22f3867e811055c8e5e87f644bf46e
* Update openstack-ansible-os_glance from branch 'master'
to c9a9e2f87bcd07849a6037e0e5c5a9078bff89d0
- Fix glance mounts compatability
When default value has any concatenation, it tries to resolve variables
and always contcatenate even when it's not needed.
With that we need to set defaults for the variables that are inside
defaults, otherwise even if default not needed - task would fail on
default being undefined.
Change-Id: I4f445f280a71173f1b72a3b37bd9d54ea5694ac2
* Update openstack-ansible-os_glance from branch 'master'
to 93c73e99b114346bd1e9100a800ca791e50a02c1
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Iefc217495e209c30782c8bd8fb4de54b3e683992
* Update openstack-ansible-os_glance from branch 'master'
to 1d8cb0dbd9472e4bbd82a61bb569626e5b89d205
- Merge "Use systemd_mount native syntax for mounts"
- Use systemd_mount native syntax for mounts
Currently we have bunch of limitations related to the format
of ``glance_nfs_client``. While systemd_mount role is flexible enough
to allow mount cephfs or s3fs, variable format has weird assumptions
that we want to change for better flexability.
Since keys of variable are changing, new name for it was picked to
reflect purpose of the variable better.
Change-Id: Ic0d91a3a873b4253255beac79becf01b4a304695
* Update openstack-ansible-os_glance from branch 'master'
to 51e5f5f2249a598a28e0d74be53e867fe008d1b4
- Merge "Do not deploy api-paste for CentOS distro deployment"
- Do not deploy api-paste for CentOS distro deployment
RDO stopped shipping api-paste file for glance, so we can't provide it
anymore. To avoid maintaining it for this usecase we simply stop
provisioning as well for this path.
Change-Id: I01440a4df4f4a1f7bb96d2bd672812c35963cdb3
* Update openstack-ansible-os_glance from branch 'master'
to 44b443dacb942e1d3477578f930241937e101884
- Allow os_glance to run in check mode
Let role fetch config file regardless of mode. This is safe operation
to run in check mode and shouldn't affect anything.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/837706
Change-Id: I5352028c967685e2b2d666fc4850afe9bf6ffd10
* Update openstack-ansible-os_glance from branch 'master'
to b3a65f317fb239f5e05f761b6c85eccd4d902249
- Merge "Use common service setup tasks from a collection rather than in-role"
- Use common service setup tasks from a collection rather than in-role
Change-Id: Ica9144f21cd675112d07008a387f65f8e468d378
* Update openstack-ansible-os_glance from branch 'master'
to c801091880d80727626e195ce76b8e0582674b36
- Refactor use of include_vars
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: If4b1fe7ec14ffb03be79d29e9d21d9ab829cb4ec
* Update openstack-ansible-os_glance from branch 'master'
to a2694d31479beb57336af2d7880db9722a4be582
- Add boto3 module for s3 backend
This patch adds the boto3 python module, which is a dependency
for the s3 glance backend.
Closes-Bug: #1955683
Change-Id: I5f5a921d8a08d5dfb09e2bca71d49c85115a60aa
* Update openstack-ansible-os_glance from branch 'master'
to 091f33c8da9e355898cd4ffb8e2569481b7d65ab
- Define _glance_available_stores in variables
Glance available stores is usefull outsie of the template as well, so we
move defining variable from Jinja template only to ansible variables.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/822998
Change-Id: I312fdede3c3bffa0c897588d33fcc5d5d6988ccd
* Update openstack-ansible-os_glance from branch 'master'
to 7a91492c6a18eda1bbb21e717f572683ce837520
- Merge "Stop managing NFS mount destinations"
- Stop managing NFS mount destinations
Systemd mount role now takes care of creating mount destinations
so there is no reason to handle this manually.
In addition to that, if user/group were not provided explicitly to the
ones set for NFS export, role was failing with permission denied
during re-run
Change-Id: Ib158e14c6f296795bb1f6eabdcfc23b80cbcd871
* Update openstack-ansible-os_glance from branch 'master'
to ebe439abb44e3759f502649919e5567dedb874ec
- Replace NFS test with integrated one
This also adds ceph integrated test usecase.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/821096
Change-Id: Icf8f2eb3b27033597cb75a6c990b7492706f1d05
* Update openstack-ansible-os_glance from branch 'master'
to 5f599df051c1b3c033a543e19d680b17d533aea6
- Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I4fd6de7ca38d561306e8c868c063b68edeafc68a
* Update openstack-ansible-os_glance from branch 'master'
to 7b719c7ffb3554576aadb0da9b2f655659c86b15
- Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I71ebc2fc4e386f3a1599fe73d49fae185ec9d2ff
* Update openstack-ansible-os_glance from branch 'master'
to afd07792015fa6452eb24b3d9a1d4becc8240922
- Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23
Change-Id: I14ac7495c8eaa420fa0bbe9ffbcec917e4fc425f
* Update openstack-ansible-os_glance from branch 'master'
to d8576660dbccaa19f9862e61f0263d1bbac54889
- Add pki role to local a-r-r
Change-Id: Ie408aee43116feeaf99ad05cebe764bb855a31c2
* Update openstack-ansible-os_glance from branch 'master'
to ac545c353ea85aa7410e09a7155fd07f013da146
- Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I1c457250eab70abcf717f04feb2d26ce34830d79
* Update openstack-ansible-os_glance from branch 'master'
to 96ca09d4ee2089bdceededb3590aaa20cf55b73f
- Merge "[goal] Deprecate the JSON formatted policy file"
- [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I03a29bab6663d1d0ee6130707ea5865ebbd916d5