openstack/openstack-ansible-os_nova - openstack-ansible-os_nova - OpenDev: Free Software Needs Free Tools

This variable determines if one of the nova console proxies is
deployed alongside the nova-compute service for ironic. Currently
the only supported values are "disabled" and "serialconsole"
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/860947
Change-Id: I8eae97f9c60956049072de8b04e557671a8cdcfa

This should be nova_management_address which by default is
equivalent to ansible_host, but the use of ansible_host is confusing
when the whole of the rest of os_nova uses nova_managment_address
for the address to bind services to.
Change-Id: Ie34acf0115d8e89e2888952e1c2d3dc03a284aff

At the moment we don't provide any option rather then use memcached
backend. With that we also hardocde list of packages that should be
installed inside virtualenv for selected backend.
Adding bmemcached requirement to oslo_cache.memcache_pool [1] gives us
opportunity to refactor this bit of deployment and allow to be more
flexible in backend selection and requirements installation for it.
[1] https://review.opendev.org/c/openstack/oslo.cache/+/854628
Change-Id: I48e193ef29e56aa8639511c5b5dcddc70f5e1198

Currently Jinja trim_blocks function does remove newline from end of
proxyclient_address which makes port_range option appearing on the same
line.
Change-Id: If33021bd0453be3ca18753777e82da12f470b278
Closes-Bug: #1988337 

This line was introduced by I3046953f3e27157914dbe1fefd78c7eb2ddddcf6
to bring it in line with other OSA roles, but should already be
covered by the distribution_major_version line above.
Change-Id: I21b3972553acf38af205e17aa2d48ed19332bcb0

Without that patch all deployers that did use OVS had to remember to
apply override for their deployments.
Now OSA will enable isolation of vif by default when OVS is used.
Change-Id: I4195153658c867f259226e80cefac0fcac4caac5
Related-Bug: #1734320 

The 'AvailabilityZoneFilter' is deprecated since the 24.0.0 (Xena)
release. The feature is enabled by query_placement_for_availability_zone
config option and is now enabled by default.
Change-Id: I6be16f7621899a45271a70e7c39d76b837d8c5c9

Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I04b22722b32b6dc8b1dc95e18c3fe96ad17e51ac

Keystone role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I3693ee3a9a756161324e3a79464f9650fb7a9f1a

With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I6f3bdb6e63986bb25371f09c6c468dc055fd3050

Centos-9 no longer ships this file so skip adjusting it [1]. The
file should not exist on Centos-9 systems where OSA is used.
If this file is created by a deployer it will potentially
interfere with the operation of libvirt and other configuration
made by openstack-ansible.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2042529
Change-Id: Ieeba7fb803e151a9e6d0adac3d1512aef3785e9a

Currently we're passing non-existant variable into PKI role
when defining whether to regen certificates or not.
This change fixes behaviour.
Change-Id: Ib1c8f820ccfe00923fcbc7aec2457a94629673fe

This is otherwise undefined in functional tests
Change-Id: I5a387566d5bdb9ee4c34976c55f86f31fc65f87e

This uses ssh signed certificates so there is no longer the need
to distribute the nova public key from each compute host to all
other compute hosts.
The legacy scripts and authorized key files are removed as a
migration step.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/825292
Change-Id: I3456bdf7bed66a2675b8a410d4cf6b2174598a22

Change-Id: I68442162529d7ff7f5f23c0520f087f014d62be1

Change-Id: I4bc528e67c097f649c6e49cf39a3452a853560be

When nova don't use rbd images (ie local storage) it still might be good
idea to use direct connection to rbd to get images rather then
connect through HTTP.
Change-Id: I4f2d7cf54e07376c7a25d45093f5d83be5422234

Change-Id: Ib13d07f4f8c8007be47e5a10a9f63f1e93986876

This configuration option has been observed to result in file
descriptor leaks in certain circumstances. A variable is added
here so that it can be easily overridden.
Change-Id: I7de034307da9352e6f5d1f5f175a330fb8c86463
Related-Bug: #1961603 

libvirtd.socket does monitor libvirtd.service and trigger service restart
when it spot that service is down.
However in order to enable tcp and tls sockets, we need libvirt
to be stopped.
Currently race condition can happen, when we stop libvirt, but it's
started by socket before we enable tls one.
To overcome this we stop socket along with service.
Change-Id: Iacc093311036fb8d6559a0e32252579303a639ba

Since all supported distros have libvirt version >= 5.7 there's
no reason to ensure that it is true.
So we remove corresponsive code and simplify logic.
Change-Id: I281829214df8affec7774a45a3ca0405a866b5c0

According to nova doc, secure_proxy_ssl_header has been deprecated and
has no effect [1]. Since these variables are not used for other purpose
we drop them.
[1] https://docs.openstack.org/nova/latest/configuration/config.html#oslo_middleware.secure_proxy_ssl_header
Change-Id: Ibc3ac4f0f3fb038463748f8c1608fa475374cf67

Since api_servers from [glance] secton is deprecated and can be
silently ignored [1], we drop corresponsive OSA variable
[1] https://docs.openstack.org/nova/latest/configuration/config.html#glance.api_servers
Change-Id: I52de65a4629f23fd2c0c3735033a8e2d57a82024

Change-Id: Ic587e1a55b6f15c66e01176dac7b6acdb0abd240

Buster is no longer supported on recent OSA releases so this task
is not required.
Change-Id: I96332980798cb56f725b8bdc9a0514ab40c1a0f9

This task has been added for upgrade purposes only and
can be safely removed.
Change-Id: I9df6503c0e45b2f6b88e64e61048026df325c865

It appears that this tag stopped working recently when switching
from import to include syntax. This patch adds the necessary
'always' tag to ensure the 'nova-key' tag gets carried through.
Change-Id: Iee1dca9221b6968d11be54fc1df03b2f8a6c3f44

Change-Id: I01fdeb2cca9d5315fd486500cc8d6330cb23ce84

Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I046def5a5cc94f680bc0daa3a2a1734f325d8022

Ansible's combine() filter needs recursive=True parameter in order to recursively merge nested hashes.
https: //docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#combining-hashes-dictionaries
Change-Id: I2e84c0370c04336c124e5b6549b638483f107601

Change-Id: I7d09f6f5f5d66ecbe29fd3969d586eb416c98589

This reverts commit ca352be75b.
Change-Id: I19e1cc491e2441ab8d1bd39d383dd2e09a5b7077

Further testing has revealed that cold migration still requires
SSH communication between hypervisors which requires SSH keys to
be distributed between hosts.
Change-Id: Ida18b057d68d4edf7ce6dd2a46ef990f34ad36e3

Change-Id: If4d036794cf8edb14e6b0ed491cf0de78f425b2c

Change-Id: If2279eba00d9a0da23464491167bb496901c47c0