* Update openstack-ansible-plugins from branch 'master'
to 5b8a1d9be03146ffac8e91e92a044429e9286dbd
- Merge "Add check_hostname option to db_setup tasks"
- Add check_hostname option to db_setup tasks
To allow encrypting connections of db_setup tasks, include the
check_hostname option to verify a server host name when an SSL
connection is required.
Change-Id: I6b77c828d251aeee53b83404e7e3131e3f61cbb1
* Update openstack-ansible-plugins from branch 'master'
to 17e0be0b87217cb6084e7c619d0f7cc598148d0d
- Merge "Add support for the apply_to parameter for policies"
- Add support for the apply_to parameter for policies
Policies were always applied to target `all` aspects and
there was no way to have them target only e.g. exchanges.
This can be important though, see [1].
This change enables the use of the apply_to parmeter via the existing
variables while maintaining `all` to be the default.
[1] https://www.rabbitmq.com/docs/parameters#how-policies-work
Change-Id: If09fdaf413ed6f8fd67624ff0edbf617edd126b1
* Update openstack-ansible-plugins from branch 'master'
to 288224b0c95566adfebd5e63d5100e52b9526959
- Leave only unique policies for __mq_policies
This change aims to merge 2 lists together by leaving only unique policies
by their name. With that, the one provided to the the role during include
will have prescedence over the default one.
Change-Id: If4d51a0ec6c746c35f436bea1be5b5e403bd0586
* Update openstack-ansible-plugins from branch 'master'
to 255f773294be1186f195add46b6afa55b0800902
- Merge "Do not log contents of installed keypairs by default"
- Do not log contents of installed keypairs by default
This could put private key contents into the ansible log which is
undesireable.
Change-Id: Ic8e548b14e9fac26cf3b5a918479fdf8e0b24c6c
* Update openstack-ansible-plugins from branch 'master'
to 0c3185ed1adbbfa2fe0b589be2c602a949354e4b
- Merge "Add override for gluster host used for bootstrap operations"
- Add override for gluster host used for bootstrap operations
This change permits overriding of the host used to bootstrap the
cluster. This is necessary when the cluster already exists and
a new (or upgraded) host needs to join an existing cluster. This
only works when actions are performed from an existing cluster
member.
This patch additionally resolves an issue where the volume
creation step can fail if the bootstrap host's peer names don't
exactly match those being passed to it (such as when they end with
.openstack.local). A restart of the service fixes this by reading
the correct hostnames back from the peer files.
Change-Id: I7127cb86e81abc982290681d24b8a6554a46f58b
* Update openstack-ansible-plugins from branch 'master'
to e42f22d3f5d3d7afd3f9497985639e474c7e2189
- Merge "Add role to do common setup tasks for lxc containers"
- Add role to do common setup tasks for lxc containers
This is the same code as in common/tasks/os-lxc-container-setup.yml
but can now be called using a FQCN from code in openstack ansible or
any other collection.
Change-Id: I5beb9609366e82fabaec65f98731c501d659d3e7
* Update openstack-ansible-plugins from branch 'master'
to 8dff9b48512fa7d6a6cdcab6e8b8ae327c2f3073
- Merge "Add role for provisioning default variables for install methods"
- Add role for provisioning default variables for install methods
Change-Id: I33dba6ecf99d281531739ea55f1352932cbda68a
* Update openstack-ansible-plugins from branch 'master'
to e78b1fa8b8b376f182d05a2250fd7979eae81e64
- Add openstack_resources role skeleton
This adds new role that aims to provide a handy structure to manage
openstack resources, like flavors, networks, aggregates, etc. It's aimed
to be re-used not only inside OSA by creating common resources,
but also by operators to automate their routine.
Change-Id: I81a9cd612931b84468343948b315db193acd8923
* Update openstack-ansible-plugins from branch 'master'
to cccf4c03f134fbdcbe0664610064fcfc73671ad8
- Ensure consistent ordering of network_mappings
The provider_networks module returned the network_mappings in a random
order changing with every invocation. This returns the entries sorted
and adds a test to ensure the ordering is consistent between
invocations.
Change-Id: Iaec4534ebd8ff80cf7c7e3a1c8f187dd3990e4bc
* Update openstack-ansible-plugins from branch 'master'
to d186d9b92122cc9fbfb87850caff17caa5507bda
- Fix building release notes for the project
Change-Id: I73893a14e1c18e17e0ba55bd78bc7ea044b25cf0
* Update openstack-ansible-plugins from branch 'master'
to dcec963fc7a137614a2d84bf6c52044e6a1f0995
- Add no_log to setup_roles inlcude
During include we're iterating over users, which also exposes user
actual password to stdout and logs.
Change-Id: Icef8c89a1c0daf01cfc1abd53322333ba2f06d92
* Update openstack-ansible-plugins from branch 'master'
to af13ea01cd3eb4c688d7d4f9bb83d53a833dbe4b
- Merge "Set the default domain for the role_assignment"
- Set the default domain for the role_assignment
From time to time it might happen in deployments, that some project
will create a service user in their domains. When this happens and
domain is not supplied for the role_assignment module fails with
multiple users with the same name exist.
However, domain param is used not only for lookups but also for
scoped assignments [1]. When project is not supplied, domain scope
will be assigned. And when domain is not defined, then system scope
will be applied. But since all projects (except keystone) have reverted
their system_scope efforts, we can safely set default for the domain
to workaround potential issues with lookups.
[1] https://docs.ansible.com/ansible/latest/collections/openstack/cloud/role_assignment_module.html#parameter-domain
Change-Id: Ia406d101632806d18495380d8911468ea14bc502
* Update openstack-ansible-plugins from branch 'master'
to a62ff6732ce2605aad5fcb4a279fc887b3e10d91
- Add common haproxy playbook from openstack-ansible repo
This was previously common-playbooks/haproxy-service-config.yml
in the openstack-ansible repo which was like that before collections
existed.
Moving this playbook into a collection allows it to be called
by FQCN from any other collection which might be useful when
extending openstack-ansible.
Change-Id: I41e18cbb83bd157cac371ebf311a279991218a83
* Update openstack-ansible-plugins from branch 'master'
to f685bc25b78cbc6900dcea78bcb13fb6ef9953f8
- Merge "Remove retries decorator from ssh plugin"
- Remove retries decorator from ssh plugin
The decorator is used when calling exec_command, which in turn calls
exec_command from the original SSH plugin, which calls _run
that has it's own retry logic.
This patch removes the retry logic from the openstack-ansible
connection plugin and relies on what is present in the original
SSH connection plugin.
Change-Id: I28cd7a8321665d52d123ae14336346d14df82a36
* Update openstack-ansible-plugins from branch 'master'
to 1740eb31ef37f6145453113cb82f5a52b942f454
- Merge "Retrieve container name and physical host via get_options"
- Retrieve container name and physical host via get_options
This was done in the constructor and also via get_options,
this patch simplifies the constructor and relies on get_options
to populate these variables.
Change-Id: I3f5896d4f4a6286ad8d587a745f24a4f6dd226f0
* Update openstack-ansible-plugins from branch 'master'
to 5b30cb70ec8f41b9300a747dd0ea11d0f31fcff7
- Merge "Remove extra container check"
- Remove extra container check
This code is only ever called from functions which have already
checked if the target is a container, so the check is duplicate.
Change-Id: If63269719881c04804d6d17f6134cc67ab0bb9a7
* Update openstack-ansible-plugins from branch 'master'
to 9af8c3b21e76c8ac456cfa336254b514fd4df0c8
- Merge "Cosmetic tidy up of pid lookup function"
- Cosmetic tidy up of pid lookup function
The code flow can be made more obvious in this function
Change-Id: Ie65d7af764485cfa78e7a322817f984a7ee2762c
* Update openstack-ansible-plugins from branch 'master'
to f96cc254eeaa80bb8bfffb78c982537b301837a8
- Merge "Remove nspawn container support"
- Remove nspawn container support
The code can be simplified by removing nspawn support that is
not longer used in openstack-ansible.
Change-Id: I88daf27351968d3e66a837fa09ffeac6ed853e8c
* Update openstack-ansible-plugins from branch 'master'
to 8ff478c8b4d96fe163327757a1d9977713a73c56
- Merge "Calculate if target is a container only once"
- Calculate if target is a container only once
The code calls the container check method many times which
generates a lot of log messages, so instead set a flag to indicate a
container and then use the value of the flag.
Change-Id: Ie6297359fd9c8129faf08b9842d297ade99dcade
* Update openstack-ansible-plugins from branch 'master'
to 1338ed71c443a26fec91bc93058a15aac7f599a0
- Simplfy addition of keystone users to roles
CI is failing on octavia and telemetry with error like this
https://paste.opendev.org/show/bLIL6EZRZYxoBb7p6qdo/
This patch removes the duplicate code path when the user role
is a string or list and ensures that the role(s) are always
a list when including the setup_roles tasks.
Change-Id: I5ffe04b5f3a199cf2b6cdf5161f12fc1f62cb435
* Update openstack-ansible-plugins from branch 'master'
to aa277377acce7cdb8f1ee71dc0711bcbab165673
- Generate SSH certificates for delegation test
Last test, that tries to delegate to a host that is not part of inventory
requires an SSH access to such host.
Since with latest changes to lxc_hosts repo [1] we do not install
SSH server nor provision SSH keys to containers by default.
As additional profit we now have a functional test of the ssh_keypairs
role.
[1] https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/889945
Change-Id: Ia6b0f4406d0c2244327c2eb9fdee9a53462557c5
* Update openstack-ansible-plugins from branch 'master'
to e15d20f003f219f257011144537a8031874a908e
- Replace base64.encodestring with base64.encodebytes
Base64.encodestring has been deprecated since 3.1 and removed
in python 3.9,Replace it with base64.encodebytes from python3.1[1].
[1]https://docs.python.org/3.9/library/base64.html?highlight=deprecated#base64.encodebytes
Change-Id: I159bf1db5e74c5c5e604d4f11660c2a0be916ae0
* Update openstack-ansible-plugins from branch 'master'
to 9f13a58e2b8596ae43b11dd1b112be8522868c90
- Merge "Allow to manage more the one vhost with mq_setup"
- Allow to manage more the one vhost with mq_setup
This change enables us to supply list of vhosts that needs to be
created or deleted, rather then support only single vhost creation
We also reduce code duplication by leveraging task includes.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/880031
Change-Id: I76548f45a20db29c1bfd5db332b490b670d973a4
* Update openstack-ansible-plugins from branch 'master'
to 5c37d1be0342fd9eb61b50c07669053a7d631e90
- Define default value for _service_adminuri_insecure
Only "Add keystone domain" task does not have a default value for
_service_adminuri_insecure, while in all other places across
the role this is True by default. To align behaviour of tasks, we set
_service_adminuri_insecure to True by default.
Change-Id: I6b7dff5c4277f8745844966645c5eeeea4b7e467
* Update openstack-ansible-plugins from branch 'master'
to 0f444233c245a3c2430cff57d8e2d4b3d6b09844
- Merge "Allow to define cloud name for service_setup"
- Allow to define cloud name for service_setup
At the moment there is no way to override cloud name for service_setup
which might be useful for usage of the role outside of the OSA setup.
This intorduce `service_cloud_name` variable for this purpose.
Change-Id: I0790e4a29cb9378dac126149554f936d80fe707c
* Update openstack-ansible-plugins from branch 'master'
to 386645054078a6d252a6f37c36ecc8a0ea3fe640
- Merge "Do not use notify inside handlers"
- Do not use notify inside handlers
Since latest ansible handlers are not triggered inside the same
handlers flush, which means that triggering mysql restart
the way we did does not work anymore. So instead of
notifying inside handlers, we add listen key to tasks
that are triggered by these newly produced notifications.
This could be due to the bug [1], but ansible-core version that has
backport included still shows inconsistent behaviour
[1] https://github.com/ansible/ansible/issues/80880
Change-Id: I33a590e329cd455c9357d569867247f723d8a64a
* Update openstack-ansible-plugins from branch 'master'
to 9e3ba5b61913151d512e6637e5398f91b6bdb153
- Merge "Installing systemd-udev with NVR"
- Installing systemd-udev with NVR
Due to the bug [1] in CentOS packaging, systemd-udev is substituted with
systemd-boot-unsigned. So you need to use NVR to properly
install systemd-udev until the bug is fixed.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2183279
Change-Id: I3129b75af1127c62a0bd1cee39586730c5f6589c
* Update openstack-ansible-plugins from branch 'master'
to 90b16870385e0fbb27f97f996dd6399dc8b62437
- Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I626739e80fd28e95bb6cf350ab310f1814d61604
* Update openstack-ansible-plugins from branch 'master'
to f35126af68e17d76be00f1cb70cd42fab15f2f4e
- Skip updating service password by default
At the moment we always do attempt to reset passwords for the
keystone services, which in some cases leads to race conditions in
services. Thus, running a role is not idempotent which we fix by
introducing a `service_update_password` variable. So whenever password
needs to be reseted/updated, the variable should be supplied for that.
Change-Id: I11b1046ea91cef7de0b2f6433baabbb144e07700
Closes-Bug: #2023370
* Update openstack-ansible-plugins from branch 'master'
to a4357fbb9a43f44bfee72b01db219f080268fbe7
- Workaround failures when project is unset
In cases, when we want to have only domain scope, we set project to
an empty string or null.
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/879963
Change-Id: Iac723a4e748dc1a0c3769934e4ec73019e308aea
* Update openstack-ansible-plugins from branch 'master'
to 71ac235fa39c1781154ec86dd2eb72e209d92f4d
- Revert "Ensure systemd-udev is installed for gluster"
This reverts commit 54cf778a8bf640763d4b0fc57b4eee75cd98cf7c.
Reason for revert: This patch ideally should not be needed at all, since originally task was failing already after "Install gluster repo packages" task, but this task was not installing systemd-udev for some reason, while installing glusterfs-server.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879069
Change-Id: I5bd6250a3961ea056f73886484e9ac67a7090aff
* Update openstack-ansible-plugins from branch 'master'
to 54cf778a8bf640763d4b0fc57b4eee75cd98cf7c
- Ensure systemd-udev is installed for gluster
We're relying on udev to exists for glusterfs since we're
applying overrides for it as well as attempting to restart.
While systemd-udev seems not being pre-installed in all CentOS
containers anymore, so we should ensure it's installed
before trying to adjust it's unit file.
Change-Id: I7d952b371bdfa41c17eaa4248b8249ca772258bc
* Update openstack-ansible-plugins from branch 'master'
to a4628e636975442b9881aff9519fdfdfa83ffdf4
- Do not use openstack.osa.linear strategy plugin
Custom linear plugin was added long time ago.
Nowadays it causes issues with loop conditionals.
It's not really needed these times. Everything works fine without it.
I also didn't notice any performance degradation after disabling it on
my AIO.
Closes-Bug: #2007849
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/874482
Change-Id: I607ea3f06dc3cd5d68dcffb291a958664a41baf1
* Update openstack-ansible-plugins from branch 'master'
to 1dbc2985d39fae7c73c741a95a486d9014aa036b
- Use cryptography backend for openssh_keypair
With default "auto" backend, opensshbin is first pick, which fails
to read a key in case of insecure permissions. This makes task fail
in case private key in topic has mode different from 0600, even if
different mode specified for the module itself [1].
Along with switching backend we also adding mode key to be supported
[1] https://github.com/ansible-collections/community.crypto/issues/564
Change-Id: I9444ef832136783bde1eff5425e4cd369f905a5c
* Update openstack-ansible-plugins from branch 'master'
to 145fd7a1e649df197557bdc3c5cdbf44736e8d1d
- Merge "Fix no_log variable templating in db_setup role."
- Fix no_log variable templating in db_setup role.
This was missing "{{ }}" and does not work without.
Change-Id: Ide631f9d26fab6ed7fc7f94cad07cdceedb81b90
* Update openstack-ansible-plugins from branch 'master'
to b56c614e2714e0382683cc122b9e87ab0e5a6e50
- Merge "Add variable to control no_log in service_setup role"
- Add variable to control no_log in service_setup role
It is often requested by users to be able to see the underlying
cause of an service_setup failure. This patch adds a variable that
can be passed with ansible extra vars to allow the output to be
seen.
Depending on the verbosity level this feature will potentially
display the service credentials as part of the ansible output so
should be used with care.
Change-Id: Ifc7be77059dcc3dc1f9b9fc7422d3f5c5d03fba3
* Update openstack-ansible-plugins from branch 'master'
to 4382648006d3bd418d9b6887c52b60477b8ce727
- Merge "Add variable to control no_log in mq_setup role"
- Add variable to control no_log in mq_setup role
It is often requested by users to be able to see the underlying
cause of an mq_setup failure. This patch adds a variable that
can be passed with ansible extra vars to allow the output to be
seen.
Depending on the verbosity level this feature will potentially
display the mq credentials as part of the ansible output so
should be used with care.
Change-Id: I8160e7e5fb0339456e881f1fd041b57bb5b9fbd5
* Update openstack-ansible-plugins from branch 'master'
to 2193b543201375d6908c2a08b3875c703246ade8
- Merge "Add variable to control no_log in db_setup role"
- Add variable to control no_log in db_setup role
It is often requested by users to be able to see the underlying
cause of a db_setup failure. This patch adds a variable that
can be passed with ansible extra vars to allow the output to be
seen.
Depending on the verbosity level this feature will potentially
display the db credentials as part of the ansible output so
should be used with care.
It is also usually the case that db_setup errors are caused
by underlying networking issues rather than errors directly
related to the database.
Change-Id: Ic519fa14f8bab5c855a4ddabb290cbaf720d9b9f
* Update openstack-ansible-plugins from branch 'master'
to 062f374f806ba03a5eb6b4e420e55f996e0cbeb6
- Merge "Unify vars for glusterfs RHEL variants and remove rocky-8 workaround."
- Unify vars for glusterfs RHEL variants and remove rocky-8 workaround.
Change-Id: I57e99ce8a5f65f982a2719242dd41e74adbd0b37
* Update openstack-ansible-plugins from branch 'master'
to 7f8fe0f3068f81147222040e352b1d205f0e2c9d
- Limit maximum number of threads for parallel git clone
On systems with very large numbers of CPU cores enough threads
will be launched to exhaust the available number of file descriptors.
This patch introduces a maximum number of threads which defaults to
16. This should be sufficient to allow large repositories such as
nova to take a long time to clone, whilst simultaneously cloning
many small repositories in parallel.
Change-Id: I40dac8a1281c482953d508f173361e6f789ec229
* Update openstack-ansible-plugins from branch 'master'
to 2b42bf035970eadbd12c1935d2c9856a9df8551f
- Use hostnamectl command to fetch hostname
In CentOS Stream 9 we don't have /etc/hostname file. At the same time
hostnamectl provides expected output. Thus we switch to more modern
way of fetching hostname that works equally good for all distros.
Change-Id: If5212d5432cc49fb9745f77ebbef9525e2a3b393
* Update openstack-ansible-plugins from branch 'master'
to c6d4f0eac262dc243250ed8360bce317f5d3ab37
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I3ef26e106fa982f200d12fa8d39928b30ba32672
* Update openstack-ansible-plugins from branch 'master'
to f344983a6cb48a369b4c0996b19d9b3254670839
- Merge "Use ansible_facts[] instead of injected fact vars"
- Use ansible_facts[] instead of injected fact vars
Change-Id: Id85f98630a2a462bc081190b73aa62ddb1613c72
* Update openstack-ansible-plugins from branch 'master'
to bc220d5b48cf9e1c6c954cc715049691a55d982f
- Drop shebangs from ansible modules
Shebangs are not required right now, but their usage might get unexpected
behaviour by running module with different python executable then
expected
Change-Id: I9c2c48b4aa82889dbf275a9b33b0863829949327
* Update openstack-ansible-plugins from branch 'master'
to 221d0f7fa7a086aa9efd6c4087ca1071c49bb12c
- Merge "Introduce variables for rocky linux 9 support in gluster"
- Introduce variables for rocky linux 9 support in gluster
Change-Id: Ib8ebb82a64f807c5ee7556f3e955307c7bb86665
* Update openstack-ansible-plugins from branch 'master'
to 27516df40b1ace0e5d8ab34e1991358ec9d4374b
- Merge "Bind logging target via systemd-journal-remote.socket"
- Bind logging target via systemd-journal-remote.socket
Make systemd-journal-remote.socket to listen on target address:port
instead of service
Change-Id: I95768a0da3710d788e65511af7a3450b89a5b552
* Update openstack-ansible-plugins from branch 'master'
to 70e89d48f62251de856425e659c1593637487353
- Use `journald_remote_systemd_prefix` for systemd prefix
Change-Id: If88dfaf3e4e2d49246778043982b216bf8c6e188
* Update openstack-ansible-plugins from branch 'master'
to 13b639728568abc1da32aeaeca92fc0cdaed895d
- Fix gluster play_hosts
If using the last play host we cannot grow the cluster since the
`gluster peer probe` command needs to be executed on a running node.
Change-Id: I9cfbf53a66f9488b6cbd22c880fb7e9dc1752ef6