* Update openstack-ansible-os_sahara from branch 'master'
to 3f7085e58a1c89f2f2f7128d5264951bd888dd6b
- Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I947be8d94b3263ed69311667af693a481765b1c4
* Update openstack-ansible-os_sahara from branch 'master'
to 810e58bd11a2dc6872005920838de7c21071d1a1
- Fix linters for example playbook
Change-Id: I1305323f15c704b0ba808d4a2acd74664b6205db
* Update openstack-ansible-os_sahara from branch 'master'
to 779faf7ff2833aa31c76f9a7bf85cc958445878b
- Merge "Stop reffering _member_ role"
- Stop reffering _member_ role
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.
Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.
Change-Id: Ie43a6edc4ef44b7b92905cf9d59be53edeb1b946
Related-Bug: #2029486
* Update openstack-ansible-os_sahara from branch 'master'
to fd7f9932b1644ad275ef5b1085c8821f72ae962d
- Use proper galera port in configuration
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I41c2c8a50ff119cad4b8c1fe1e38096cc97f8c12
* Update openstack-ansible-os_sahara from branch 'master'
to f98616ebd6ecae5f712d8a9471e26b2fb25ee209
- Define constraints file for docs and renos
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: I7e1f5009e8fc89036cb8dbf06e558bfb36241de4
* Update openstack-ansible-os_sahara from branch 'master'
to 1c49c7d2c894000ea9458edc87798c53c21d95c8
- Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I30eff91392dcab1e76c4fee89ead7a6e03838b2d
* Update openstack-ansible-os_sahara from branch 'master'
to 81a0273a50bd285597128fef957cc9865fac72a6
- Add TLS support to sahara backends
By overriding the variable `sahara_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the sahara backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I28e2a2ac7a2534f731f1ce8b0c76f6c55e987eb2
* Update openstack-ansible-os_sahara from branch 'master'
to 5025cd3ea16ef8677255b656fefdaa042150d4b5
- Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/879963
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/880470
Change-Id: I5561693e490700bc572e196e36e8ef0fa4df1ec5
* Update openstack-ansible-os_sahara from branch 'master'
to 6deed3ff81c3dc05df33d84b014449623e14deea
- Update tox.ini to work with 4.0
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: I88f881ae0396973f60ea892453933a263b685c88
* Update openstack-ansible-os_sahara from branch 'master'
to 9e3428fc4ff145f086b533cc8bc665f65702470f
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Ia698a819b4053f72fb4a7e8489a56b9bc260bcdf
* Update openstack-ansible-os_sahara from branch 'master'
to 816e498c5c02cf02a4d0855dea832ac5ed1f9fe6
- Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I7064765e62d9e1a86fb20232429731840f697a88
* Update openstack-ansible-os_sahara from branch 'master'
to f8ff70e99c02bd1df1045f0f794ffc2de6fa2648
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I1aeb896d936a2ae3a6dfc08de6bfa01f2274bff1
* Update openstack-ansible-os_sahara from branch 'master'
to 2ce1f60bde5faee806cba66f4c510cf8841b34b5
- Use common service setup tasks from a collection rather than in-role
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/842758
Change-Id: I1e637517953ba9a65e987c181464678c81365ec0
* Update openstack-ansible-os_sahara from branch 'master'
to 4814dcb1404958d4ce92ecf9fef5eaf1660227a7
- Database connection pooling improvements
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I1745cd91c26bb873a5eac0fa42f651d2ebe7e974
* Update openstack-ansible-os_sahara from branch 'master'
to 54a6645c5ac183515e7e5ffc6702b699f79b1d27
- Use config_template as a collection
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: If7ed1c8281d3e78c5905ccc570456e998d191370
* Update openstack-ansible-os_sahara from branch 'master'
to c5f8778469464f30a97abf7c15ff7abdc27892c2
- Refactor galera_use_ssl behaviour
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I25b6e2afcf67f34d9b612adca6c0c6968b6308ce
* Update openstack-ansible-os_sahara from branch 'master'
to d07db04ce49ef6ec876a20a7e0dc0003d64c49d6
- Replace linters test with integarted one
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: If8e378dcbbd5a74638665c2dcd317e6df0a0833c
* Update openstack-ansible-os_sahara from branch 'master'
to 92004f42fe989ccfac682dbbf47c2a5f440e6aa0
- Merge "[goal] Deprecate the JSON formatted policy file"
- [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.
config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.
We make a separate task not to restart service when it's not needed.
[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Depends-On: https://review.opendev.org/c/openstack/sahara/+/768521
Change-Id: I606e1dda74f630242905fdf74ee19eaf66030edf
* Update openstack-ansible-os_sahara from branch 'master'
to b8f9f0432fbc4023705aed60f4e952fd2162fb70
- Use ansible_facts[] instead of fact variables
See https://github.com/ansible/ansible/issues/73654
Change-Id: I5f2438f064fe097b990dfdd433cc6fb84cd3b3d3
* Update openstack-ansible-os_sahara from branch 'master'
to 8028d6352281c1a50e6b1eb9de68d13713fb7588
- Merge "Remove references to unsupported operating systems"
- Remove references to unsupported operating systems
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I502b70c234ef22271c7d947b6c54b687ecd010d2
* Update openstack-ansible-os_sahara from branch 'master'
to 966bcd16933cb46e1adda2776b1baa858f95c1e6
- Merge "[reno] Stop publishing release notes"
- [reno] Stop publishing release notes
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.
Change-Id: Iecb6464941097057cad39e50e3626b9abbe84921
* Update openstack-ansible-os_sahara from branch 'master'
to 0bf0e226520c16ec18057b113c61901653b5258f
- Move sahara pip packages from constraints to requirements
This is necessary to use the new pip resolver
Change-Id: Ia8422900dd74227e32fbefd37cdf146638c063fb
* Update openstack-ansible-os_sahara from branch 'master'
to daef9039b152b50a69e032425e6c5404268a89d2
- Use global service variables
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: I2b9393b388840c8903ca267b8d5e66536be8d267
* Update openstack-ansible-os_sahara from branch 'master'
to 0f9e76292461a5532f6d43927b71ab9fff692dd5
- Reduce number of processes on small systems
Even the most modest 4C/8T system would run with the maximum 16 processes
due to the calculation being VCPU*2.
We devide amount of CPUs to number of threads for hyperthreaded CPUs
Change-Id: Ie4384375f65d6ec262a3f5b71ab7cd62ed5e210a
* Update openstack-ansible-os_sahara from branch 'master'
- Merge "Define condition for the first play host one time"
- Define condition for the first play host one time
We use the same condition, which defines against what host some "service"
tasks should run against, several times. It's hard to keep it the same
across the role and ansible spending additional resources to evaluate
it each time, so it's simpler and better for the maintenance to set
a boolean variable which will say for all tasks, that we want to run
only against signle host, if they should run or not now.
Change-Id: I33362163d54a1b54ba4a0cd13764f28fe6485040
* Update openstack-ansible-os_sahara from branch 'master'
- Use the utility host for db setup tasks
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I1564252d2362dbb5858e1d0222c3b344488d389d
* Update openstack-ansible-os_sahara from branch 'master'
- Merge "Use newer openstackdocstheme and reno versions"
- Use newer openstackdocstheme and reno versions
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I68076c56e7e5762de2243f25d217fe27cf363c98
* Update openstack-ansible-os_sahara from branch 'master'
- Update master for stable/ussuri
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I7ae02b6cd540d24989a65078e390dc04216c4fb2
Sem-Ver: feature
* Update openstack-ansible-os_sahara from branch 'master'
- Update docstheme for style
New version of openstackdocstheme (Victoria+) respects pygments_style.
Since this repo is using now Victoria (master) requirements but has
not branched for Ussuri yet, it uses the new version.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
Change-Id: I560e2ac0ff41b3497fa80801634520961457bb97