Since ansible-core 2.10 it is recommended to use modules via FQCN
In order to align with recommendation, we perform migration
by applying suggestions made by `ansible-lint --fix=fqcn`
Change-Id: I8aeb87463ef50eae78833c9cf070293ea08ce0b7
In order to reduce divergance with ansible-lint rules, we apply
auto-fixing of violations.
In current patch we replace all kind of truthy variables with
`true` or `false` values to align with recommendations along with
alignment of used quotes.
Change-Id: I173a7f009412285c1d15f05b76b4ff24fb2b67ad
With ansible-core 2.16 a breaking changes landed [1] to some filters
making their result returned in arbitrary order. With that, we were
relying on them to always return exactly same ordered lists.
With that we need to ensure that we still have determenistic behaviour
where this is important.
[1] https://github.com/ansible/ansible/issues/82554
Change-Id: Ia1a84f97ac86cfb621cd50958ff8eaf55655596e
<service>-config tags are quite broad and have a long execution
time. Where you only need to modify a service's '.conf' file and
similar it is useful to have a quicker method to do so.
Change-Id: I05034cd14f1a8e136b17d6903ea758b009dbeba1
In order to allow definition of policies per service, we need to add variables
to service roles, that will be passed to openstack.osa.mq_setup.
Currently this can be handled by leveraging group_vars and overriding `oslomsg_rpc_policies` as a whole, but it's not obvious and
can be non-trivial for some groups which are co-locating multiple services
or in case of metal deployments.
Change-Id: I1258e2dc385d8d004091167835e9c14e314cbc2b
Swift stopped including this option in its docs in 2019, and recent
kernels stopped recognizing it as a valid option, leading to mount
failures.
Related-Change: https://review.opendev.org/c/openstack/swift/+/665984
Closes-Bug: #2051764
Change-Id: I4f2ff43ac90023db422633246e89146b377cee74
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Change-Id: Id5f6cabed7ec035845865d6d5facc63590c56d43
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.
Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.
Change-Id: I4d6eacae2041b0a00114dda4e8315d4ec6295319
Related-Bug: #2029486
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I6bbb97cd2f1daac42269a335014eb6cf7f28d24e
By overriding the variable `swift_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the swift backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: Idb7882775a90ada9bb9e1450168916c73bf8ae4b
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I78c9888f7f2b97bd901d9fcce636bc22b6411eb9
ansible_<variable> injection is now disabled by default in
openstack-ansible so the network interface information is now
accessed via ansible_facts['ifname'] rather than
ansible_facts['ansible_ifname'].
This patch also replaces the use of hostvars[inventory_hostname]
with the more correct access via ansible_facts.
Change-Id: Id2c59badb6767d62799ab51504444d935b68b4ce
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: Ic7864bf2150acbeab504d4dce3dd1a920974e5eb
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Ibe537add36546f7b1b8e791943a9f7dd9d26a3db
With ansible-core 2.13 it tries to substitude package resolution in apt
module.
However git-core is used in Debian as transitional name, but ansible
tries to select it and provide version, which is not correct behaviour.
But since git-core is not really valid anyway, we just replace it
to workaround ansible's imperfectness.
Change-Id: Ic931147588dc549eaf41db9ff1c4abda2b8537c5
This line snuck in with Ib586cfc978f1e5fa05f6ce4add8a337eb433f82f
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I78e89768f077b1cf1562b91ae0066620eb226cc7
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: If34e0170ea0e0f7727cfadba982f3c7dae6ae216
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Ifd2b3956ee3f8a7847256d6444cccf674c7d526e
In previous patch [1] I wrongly assumed that there's no reason to have
/etc/swift/ring_build_files/
on all hosts. However, there's another logic in the role, that assumes
having these files and verifying md5sum of them.
As an easy bugfix, we're returning sync to ring_build_files until we
change logic. It's also easily backportable.
[1] https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/765354
Change-Id: If0e686352e08379027508c2939fae00db6ae6cb8
Closes-Bug: #1973045
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: Ib586cfc978f1e5fa05f6ce4add8a337eb433f82f
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: Iff0959a012d1875e01cd72bee3fb75906ef0983a
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: Iebcc755c22b8b34e06be95acd48c3ab9cecf953b
Ceilometer middleware now accepts also project names,
so it's not required to gain project UUID [1].
We also switching gnocchi project name to `service` for all scenarios
as it's already whitelisted by default [2]
[1] e2bf485044
[2] 082dabb1b7/ceilometermiddleware/swift.py (L158)
Closes-Bug: #1879192
Change-Id: I40d3178d1b3bd1234ac34c6fa1d0d2bcb7160720
This reverts commit 3e151d97adbff78be1b146938374a0dced5970e9.
Reason for revert: Upstream bug has been fixed
Change-Id: I5498030487677523ae71ae2f9a13074ab4552204
Related-Bug: #1872553
Closes-Bug: #1921354
