openstack/openstack-ansible-os_nova - openstack-ansible-os_nova - OpenDev: Free Software Needs Free Tools

In case arbitrary folder is being used for Nova, more folders needs to
be allowed in apparmor. With that, we don't need to
have any overrides by default, as they all are already
present in default aa-helper profile.
Change-Id: Ib7a03434dae9f838289fbb16bfeb6c640eeccfc2
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>

Change-Id: If975bbbcf318e24b194a77a4e0450768c79cf8cd
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_mount/+/951891
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/951947
Change-Id: I85f622312612723a6960ba0e77520b4b8fa1be1a
Signed-off-by: Dmitriy Rabotyagov <noonedeadpunk@gmail.com>

Change-Id: Ie30910f99962a26ec066c79aaf01c37d45e0a52c
Signed-off-by: Ivan Anfimov <lazekteam@gmail.com>

This removes tox evs which are dependent on a tests repo framework,
which was deprecated.
Change-Id: I57d54c60fad3b37b330196bf3cfd8767c42fcbdc
Co-authored-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Signed-off-by: Ivan Anfimov <lazekteam@gmail.com>

run_tests.sh was part of functional testing framwork which was
deprecated.
Vagrantfile while running integrated tests, does not contain
any supported distro
and effectively unmaintained.
Change-Id: I8ff83305f432110708bc63f67bd69afcc74a1c10
Co-authored-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Signed-off-by: Ivan Anfimov <lazekteam@gmail.com>

Change-Id: I6f1681b3329f4089671a0aed7b89558bd2159455
Signed-off-by: Ivan Anfimov <lazekteam@gmail.com>

xorriso in EL10 no longer contains genisoimage to prepare config_drive
image. mkisofs is already used by devstack on Fedora [1] and
reported to work on SUSE 15 as well
[1] https://opendev.org/openstack/devstack/src/branch/master/lib/nova#L535-L537
Change-Id: Ia36a5225aae501e7ffe556e54b459fe7f8fa97bd
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>

As rootwrap.d is now shipped by nova, we don't need to ensure that
directory exists explicitly.
Related-Bug: #2115295
Change-Id: If4aa8b289dc5664d36fd67991d481f49670a13f9
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>

Drop the os_nova task "Copy nova rootwrap filter config", as it is a leftover from an earlier cleanup where rootwrap.d files were removed from the codebase.
Change-Id: Ia5620952fb50c6cc6a3e47f18f67a1b1cd77992f
Closes-Bug: #2115295 

For purpose of reducing deployed config to destination, we remove
scheduler-related sections for non-scheduler hosts.
Change-Id: I1c6dbc6570d14dc6165155c9d3dc3125a391d1b1

Allocation ratios as well as resource reservation should be defined
per compute. Compute does report it's resources to placement
and registers itself based on this data. Defining parameters also for
scheduler can be confusing and misleading of how these params work.
Same goes for used compute driver and some other compute-related
options which are historically added and managed by the role.
Change-Id: Iae5f5d3cf5853e3866d37e108ca4ea752858fbe4

Libvirt configuration should not be needed outside of the compute hosts,
which shall reduce amount of parameters in nova.conf for
scheduler/api.
Change-Id: Ic74feafa0a9fa26ea8453cacf99cf6a53decf877

nova already removed support for UML (User Mode Linux) and Xen.
Change-Id: I8e9d6f2f0045b5b2a55aaba937f1bde22951b1e0

Currently there is no way to avoid auto-discovery of mdev devices.
The only way to avoid them propagating to nova.conf is through
the config override.
Change-Id: Ie1c40a427599e610278262cfdb55fdcf017d4ede

Change-Id: I75bdecd4a2452b56b19561432e0b77791f111c95

The tags framework has been discontinued for a long time.
https://governance.openstack.org/tc/reference/tags/
https://governance.openstack.org/tc/resolutions/20211224-tags-framework-removal.html
Change-Id: Iff34b4422de9d8a8983ddede15d90e65598219eb

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/942775
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/942783
Change-Id: I833fb0018184a3ae24c4fea23c661b038cdc3f81

The `difference()` filter inputs a list, and takes another list as
parameter, computes a set difference between the two, and returns
the resulting (unordered) list.
This is documented here:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/difference_filter.html
This filter was changed in:
7d3d4572ed
The behaviour changed in ansible-core between 2.15 and 2.16:
```
 ################################################################
 ### Testing ansible-core==2.16
 ################################################################
 PLAY [Test ansible difference filter] ******************************************
 TASK [debug] *******************************************************************
 ok: [localhost] => {
 "msg": "diff with a string: ['one', 'two', 'six'] | difference('two') => ['one', 'six', 'two']"
 }
 TASK [debug] *******************************************************************
 ok: [localhost] => {
 "msg": "diff with a list: ['one', 'two', 'six'] | difference(['two']) => ['one', 'six']"
 }
 PLAY RECAP *********************************************************************
 localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
 ################################################################
 ### Testing ansible-core==2.15
 ################################################################
 PLAY [Test ansible difference filter] ******************************************
 TASK [debug] *******************************************************************
 ok: [localhost] => {
 "msg": "diff with a string: ['one', 'two', 'six'] | difference('two') => ['one', 'six']"
 }
 TASK [debug] *******************************************************************
 ok: [localhost] => {
 "msg": "diff with a list: ['one', 'two', 'six'] | difference(['two']) => ['one', 'six']"
 }
 PLAY RECAP *********************************************************************
 localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
```
The above was generated by using: https://github.com/vincent-legoll/test_ansible_diff
Closes-Bug: #2096936
Change-Id: I7a57c829803fc5baa8b1d3a1805c102f04b8ab2c
Signed-off-by: Vincent Legoll <vincent.legoll@iphc.cnrs.fr>

Since ansible-core 2.10 it is recommended to use modules via FQCN
In order to align with recommendation, we perform migration
by applying suggestions made by `ansible-lint --fix=fqcn`
Change-Id: I335f0f1bcdb5e5564ce3f82f44eec7d8c6ab4e0e

In order to reduce divergance with ansible-lint rules, we apply
auto-fixing of violations.
In current patch we replace all kind of truthy variables with
`true` or `false` values to align with recommendations along with
alignment of used quotes.
Change-Id: Ie1737a7f88d783e39492c704bb6805c89a199553

Support is removed in oslo.messaging so we remove support in
openstack-ansible roles.
Change-Id: I13f77bb8b63b3cc3d198dcbf918a6708f7d9d80e

This change matches an earlier modification to os_neutron
Currently we symlink /etc/<service> to empty directory at pre-stage,
and filling it with config only during post_install. This means,
that policies and rootwrap filters are not working properly until
playbook execution finish. Additionally, we replace sudoers file
with new path in it, which makes current operations impossible for
the service, since rootwrap can not gain sudo privileges.
With this change we move symlinking and rootwrap steps to handlers,
which means that we will do replace configs while service is stopped.
During post_install we place all of the configs inside the venv,
which is versioned at the moment.
This way we minimise downtime of the service while performing upgrades
Closes-Bug: #2056180
Change-Id: I9c8212408c21e09895ee5805011aecb40b689a13

In case compute nodes using non-standard SSH port or some other
hacky connection between each other, deployers might need to
supply extra configuration inside it.
community.general.ssh_config module was not used, as it requires extra
`paramiko` module to be installed on each destination host.
Change-Id: Ic79aa391e729adf61f5653dd3cf72fee1708e2f5

With ansible-core 2.16 a breaking changes landed [1] to some filters
making their result returned in arbitrary order. With that, we were
relying on them to always return exactly same ordered lists.
With that we need to ensure that we still have determenistic behaviour
where this is important.
[1] https://github.com/ansible/ansible/issues/82554
Change-Id: If26ec122b8defaa1dc1a44f8d6cb2510982cfdf7

The qemu-efi package does not exist on Ubuntu Noble, so instead
install the specific package for the host architecture.
Change-Id: Id91cafc9c2f234bd5f18017a99f757f2bd751b35

The default value for heartbeat_in_pthread has been reverted in
oslo.messaging to False [1] and backported back to Yoga.
At the moment this setting brings intermittent issues during live
migrations of instances and some other operations. So makes sense
to align it with default value.
[1] https://review.opendev.org/c/openstack/oslo.messaging/+/852251
Change-Id: I5601726095ff19620de2d87220efad191cf7cb6d

According to the documentation, it is expected to have a multiline data
inside vendor_data.json [1]
[1] https://cloudinit.readthedocs.io/en/latest/reference/datasources/openstack.html#vendor-data
Depends-On: https://review.opendev.org/c/openstack/ansible-config_template/+/924217
Closes-Bug: #2073171
Change-Id: Ifc1239e4ef768e94c44d8d07df7a0b93c73638f9

With update of ansible version having variables in conditions is not
allowed anymore, which results in error like:
`Conditional is marked as unsafe, and cannot be evaluated`
Change-Id: I6e8e0ee1ffc2c154bac0f64f2e797281d7ba966f

Due to the shortcoming of QManager implementation [1], in case of uWSGI
usage on metal hosts, the flow ends up with having the same
hostname/processname set, making services to fight over same file
under SHM.
In order to avoid this, we prepend the hostname with a service_name.
We can not change processname instead, since it will lead to the fight
between different processes of the same service.
[1] https://bugs.launchpad.net/oslo.messaging/+bug/2065922
Change-Id: Ie8c68cad4a89e5fcc43dad53d895d093cb3fe671

<service>-config tags are quite broad and have a long execution
time. Where you only need to modify a service's '.conf' file and
similar it is useful to have a quicker method to do so.
Change-Id: Idf0a0a7033d8f6c4d6efebff456ea3f19ea81185

During last release cycle oslo.messaging has landed [1] series of extremely
useful changes that are designed to implement modern messaging
techniques for rabbitmq quorum queues.
Since these changes are breaking and require queues being re-created,
it makes total sense to align these with migration to quorum queues by default.
Change-Id: Ia5069c9976d07ee3949e637d8eb76a06b380cdec

Update the zed release notes configuration to build from
unmaintained/zed.
Change-Id: Ic2423331f637f6054cc9c138aa6ca48ab3c08d61

In order to be able to globally enable notification reporting for all services,
without an need to have ceilometer deployed or bunch of overrides for each
service, we add `oslomsg_notify_enabled` variable that aims to control
behaviour of enabled notifications.
Presence of ceilometer is still respected by default and being referenced.
Potential usecase are various billing panels that do rely on notifications
but do not require presence of Ceilometer.
Change-Id: Ib5d4f174be922f9b6f5ece35128a604fddb58e59

In order to allow definition of policies per service, we need to add variables
so service roles, that will be passed to openstack.osa.mq_setup.
Currently this can be handled by leveraging group_vars and overriding `oslomsg_rpc_policies` as a whole, but it's not obvious and
can be non-trivial for some groups which are co-locating multiple services
or in case of metal deployments.
Change-Id: I6a4989df2cd53cc50faae120e96aa4480268f42d