In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.
The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.
Depends-On: https://review.openstack.org/582359
Depends-On: https://review.openstack.org/587376
Change-Id: I68f3a0bf2b7a3a12cbf40d7d6a853d5b4c6dd0f3
This removes warnings in Ansible 2.4+.
The patch also removes the "static:" arguments since they are no
longer used by Ansible.
Change-Id: I1448501507daae92022a803af80839286f3542f2
With addition of pip_install on every node, we don't
need to have pip_install as a meta dependency.
Depends-On: If3412bb888ebb854874bbc43eb76bfcb3e4a7868
Depends-On: I79ff70c438b44753be2a93f004ebbc46de0a963d
Change-Id: I2a59d22cd7d073fbc4af711aa6d9be92a2c07e54
We need to add openstack ansible information in the role
metadata to be able to track role maturity. With it,
we can create a role maturity table and take decisions about
role deprecations.
Change-Id: Iafdf127465e9c5c5bfd60fa6951ef12f76864a22
Add support for the openSUSE Leap distributions. Nothing special is
required for this except for adding the appropriate distro variables
file and also update the zypper cache before package installation.
Moreover, the syslog user belongs to the 'users' group instead of a
dedicated 'syslog' group so we adjust the defaults for openSUSE.
Depends-On: I96c02fb2ee26691f1d7dd449d7205baa231795fe
Change-Id: I86beac2b3e038a0a4a3bf9618218bc1e393bdf08
The update of the apt cache and the package installation
can all be handled in a single task by providing the
package action plugin with the right parameters. This
removes an extra task to optimise execution.
The minimum Ansible version is raised to 2.2 due to a
known bug [1] in Ansible's apt module which does not
update the cache properly if the cache update and the
install are combined in a single task.
[1] https://github.com/ansible/ansible-modules-core/issues/1497
Change-Id: I532d866286d4cb885e1f3696819455cbdc8c0c39
As a part of removing Trusty from OpenStack-Ansible we shall aim to
remove this from all the roles.
Testing has already been removed for Trusty in the integrated build and
all individual repositories on master (Ocata), as such we can now go
ahead and remove the support within the roles.
Change-Id: I89ba35fd15703aba2a05d11d4550690704bdf272
Implements: blueprint trusty-removal
This PR Adds CentOS 7 support for Swift.
The following was required to get CentOS 7 to work:
* Add yum install path + packages
* Variablize rsync service name
* Gather network interface facts prior to setting storage/repl IPs
* Ensure /etc/defaults/rsync is only set for apt installations.
* Ensure the rsyslog service is started and enabled.
Change-Id: Ibaf8bc8d54b55820e8b527b52940c61c05c732d8
Starting in Ansible 2.0, the get_url [1] module provides the
ability for a checksum to be provided to the get_url module
which will be verified against the local destination file
and the task skipped if it matches.
[1] http://docs.ansible.com/ansible/get_url_module.html
This patch implements the use of this functionality.
The ability to ignore a venv download failure is also removed
as this is not necessary or desirable. It is better for the
download to fail and the playbook execution to stop immediately
so that the failure point is exposed.
Change-Id: Ifb78bfae3748ed8c0954e761a624c87884fe48c6
The pip_install and pip_lock_down roles have been merged.
Remove pip_lock_down from the role's meta dependencies and test
requirements.
Change-Id: Id185ce42a77ecf87874655ddf178a3d0fa0ff36a
Debian-specific vars and logic have been moved to tasks
that will execute only on those distributions.
Change-Id: I370621eda9e87bd19532e4e37e46097607bf4166
Implements: blueprint multi-platform-host
The pip_install role is depended on by a lot of other roles, and
therefore sometimes gets processed prior to the pip_lock_down
role resulting in the pip, setuptools and wheels packages being
installed from a source other than the repo server once the repo
server is available. This is not the intended behaviour - the
repo server should always be a the primary source once it's
available.
This patch ensures that the pip_lock_down role is applied before
all the other dependent roles to ensure that the expected
behaviour is followed.
Change-Id: I4cecb48a9ff9015905f3d65b312ebad4efcd9085
Adds a functional/convergence tests for os-swift including keystone,
galera, memcache and rabbit.
Swift testing infrastructure consists of:
1 service container /w keystone, galera, rabbit, memcached.
4 storage hosts (each with 2 disks)
1 proxy container.
This fixes a few issues to ensure the functional tests will run, such as
delegating sysctl net.ipv4.tcp_tw_reuse task to physical host, since we
are running swift storage inside containers for the purposes of this
test, and the containers won't have access to make this change.
Fixes the developer_mode settings which were incorrect.
Change-Id: Ie1dfaf666cbbac9fe78edd0a9218cec790c8c4d2
Closes-Bug: #1553967
This commit adds the ability to install cinder without a repo server.
This pattern is lifted from the os_keystone role and allows us to
further develop functional testing for this role.
Change-Id: I85ba753a946b22ee3e9b9403977501a1804f9d86
Partial-Bug: #1553967
This new role is now providing the ability for a user to pin apt
packages as they see fit. The idea is to allow someone to implement
pinning in a generic way that can be represented as a global variable
or as a hostvar. The new role has been added to all install roles as
a dependency which will allow it to ensure that packages are pinned
everywhere as would be expected.
Change-Id: I354e8515570fa7174366ba57d57aece3c304568e
This commit removes all of the rackspace related logging components.
This change is part 1 of 3 to update all of the logging bits within
the stack such that they're made more generic and community
consumable.
Plays removed:
* rsyslog-install.yml
Roles removed:
* rsyslog_setup
Variable changes:
* The default kibana and elasticsreach variables were removed.
Example config changes:
* The environment map was updated with the removed logging comonents.
Gate changes:
* rsyslog-install has been removed from the gating script as it no longer
serves the same purpose.
* The kibana variable override was removed.
* Kibana entries in `haproxy_config.yml` have been removed.
DocImpact
Implements: blueprint rsyslog-update
Change-Id: Icd25653a29c9936cecc63ba5dc82aeb1cfb7ebd8
This change implements the blueprint to convert all roles and plays into
a more generic setup, following upstream ansible best practices.
Items Changed:
* All tasks have tags.
* All roles use namespaced variables.
* All redundant tasks within a given play and role have been removed.
* All of the repetitive plays have been removed in-favor of a more
simplistic approach. This change duplicates code within the roles but
ensures that the roles only ever run within their own scope.
* All roles have been built using an ansible galaxy syntax.
* The `*requirement.txt` files have been reformatted follow upstream
Openstack practices.
* Dynamically generated inventory is now more organized, this should assist
anyone who may want or need to dive into the JSON blob that is created.
In the inventory a properties field is used for items that customize containers
within the inventory.
* The environment map has been modified to support additional host groups to
enable the seperation of infrastructure pieces. While the old infra_hosts group
will still work this change allows for groups to be divided up into seperate
chunks; eg: deployment of a swift only stack.
* The LXC logic now exists within the plays.
* etc/openstack_deploy/user_variables.yml has all password/token
variables extracted into the separate file
etc/openstack_deploy/user_secrets.yml in order to allow seperate
security settings on that file.
Items Excised:
* All of the roles have had the LXC logic removed from within them which
should allow roles to be consumed outside of the `os-ansible-deployment`
reference architecture.
Note:
* the directory rpc_deployment still exists and is presently pointed at plays
containing a deprecation warning instructing the user to move to the standard
playbooks directory.
* While all of the rackspace specific components and variables have been removed
and or were refactored the repository still relies on an upstream mirror of
Openstack built python files and container images. This upstream mirror is hosted
at rackspace at "http://rpc-repo.rackspace.com" though this is
not locked to and or tied to rackspace specific installations. This repository
contains all of the needed code to create and/or clone your own mirror.
DocImpact
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Closes-Bug: #1403676
Implements: blueprint galaxy-roles
Change-Id: I03df3328b7655f0cc9e43ba83b02623d038d214e