Merge "Split out cron to a separate role"

ansible/roles/common/defaults/main.yml

@@ -12,32 +12,18 @@ common_services:
     privileged: True
     volumes: "{{ kolla_toolbox_default_volumes + kolla_toolbox_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}"
     dimensions: "{{ kolla_toolbox_dimensions }}"
-  cron:
-    container_name: cron
-    group: cron
-    enabled: True
-    image: "{{ cron_image_full }}"
-    environment:
-      KOLLA_LOGROTATE_SCHEDULE: "{{ cron_logrotate_schedule }}"
-    volumes: "{{ cron_default_volumes + cron_extra_volumes }}"
-    dimensions: "{{ cron_dimensions }}"
 
 ####################
 # Docker
 ####################
 common_tag: "{{ openstack_tag }}"
 
-cron_dimensions: "{{ default_container_dimensions }}"
 kolla_toolbox_dimensions: "{{ default_container_dimensions }}"
 
 kolla_toolbox_image: "{{ docker_image_url }}kolla-toolbox"
 kolla_toolbox_tag: "{{ common_tag }}"
 kolla_toolbox_image_full: "{{ kolla_toolbox_image }}:{{ kolla_toolbox_tag }}"
 
-cron_image: "{{ docker_image_url }}cron"
-cron_tag: "{{ common_tag }}"
-cron_image_full: "{{ cron_image }}:{{ cron_tag }}"
-
 kolla_toolbox_default_volumes:
   - "{{ node_config_directory }}/kolla-toolbox/:{{ container_config_directory }}/:ro"
   - "/etc/localtime:/etc/localtime:ro"
@@ -45,19 +31,7 @@ kolla_toolbox_default_volumes:
   - "/dev/:/dev/"
   - "/run/:/run/{{ ':shared' if kolla_container_engine == 'docker' else '' }}"   # see: https://github.com/containers/podman/issues/16305
   - "kolla_logs:/var/log/kolla/"
-cron_default_volumes:
-  - "{{ node_config_directory }}/cron/:{{ container_config_directory }}/:ro"
-  - "/etc/localtime:/etc/localtime:ro"
-  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
-  - "kolla_logs:/var/log/kolla/"
 kolla_toolbox_extra_volumes: "{{ default_extra_volumes }}"
-cron_extra_volumes: "{{ default_extra_volumes }}"
-
-cron_logrotate_log_maxsize: "100M"
-cron_logrotate_log_minsize: "30M"
-cron_logrotate_rotation_interval: "weekly"
-cron_logrotate_rotation_count: 6
-cron_logrotate_schedule: "daily"
 
 ###################
 # Copy certificates

ansible/roles/common/handlers/main.yml

@@ -20,17 +20,3 @@
   become: true
   command: "{{ kolla_container_engine }} exec -t {{ common_services['kolla-toolbox']['container_name'] }} ansible --version"
   changed_when: false
-
-- name: Restart cron container
-  vars:
-    service_name: "cron"
-    service: "{{ common_services[service_name] }}"
-  become: true
-  kolla_container:
-    action: "recreate_or_restart_container"
-    common_options: "{{ docker_common_options }}"
-    name: "{{ service.container_name }}"
-    image: "{{ service.image }}"
-    volumes: "{{ service.volumes }}"
-    environment: "{{ service.environment }}"
-    dimensions: "{{ service.dimensions }}"

ansible/roles/common/tasks/config.yml

@@ -11,10 +11,7 @@
     mode: "0770"
   become: true
   with_subelements:
-    - - service_name: "cron"
-        paths:
-          - "cron"
-      - service_name: "kolla-toolbox"
+    - - service_name: "kolla-toolbox"
         paths:
           - "kolla-toolbox"
     - paths
@@ -50,72 +47,6 @@
   become: true
   with_dict: "{{ common_services | select_services_enabled_and_mapped_to_host }}"
 
-- name: Copying over cron logrotate config file
-  vars:
-    cron_logrotate_enabled_services: >-
-      {{ cron_logrotate_services |
-         selectattr('enabled') |
-         map(attribute='name') |
-         list }}
-    cron_logrotate_services:
-      - { name: "ansible", enabled: "yes" }
-      - { name: "aodh", enabled: "{{ enable_aodh | bool }}" }
-      - { name: "barbican", enabled: "{{ enable_barbican | bool }}" }
-      - { name: "blazar", enabled: "{{ enable_blazar | bool }}" }
-      - { name: "ceilometer", enabled: "{{ enable_ceilometer | bool }}" }
-      - { name: "cinder", enabled: "{{ enable_cinder | bool }}" }
-      - { name: "cloudkitty", enabled: "{{ enable_cloudkitty | bool }}" }
-      - { name: "collectd", enabled: "{{ enable_collectd | bool }}" }
-      - { name: "cyborg", enabled: "{{ enable_cyborg | bool }}" }
-      - { name: "designate", enabled: "{{ enable_designate | bool }}" }
-      - { name: "etcd", enabled: "{{ enable_etcd | bool }}" }
-      - { name: "fluentd", enabled: "{{ enable_fluentd | bool }}" }
-      - { name: "glance", enabled: "{{ enable_glance | bool }}" }
-      - { name: "glance-tls-proxy", enabled: "{{ glance_enable_tls_backend | bool }}" }
-      - { name: "gnocchi", enabled: "{{ enable_gnocchi | bool }}" }
-      - { name: "grafana", enabled: "{{ enable_grafana | bool }}" }
-      - { name: "hacluster", enabled: "{{ enable_hacluster | bool }}" }
-      - { name: "haproxy", enabled: "{{ enable_haproxy | bool }}" }
-      - { name: "heat", enabled: "{{ enable_heat | bool }}" }
-      - { name: "horizon", enabled: "{{ enable_horizon | bool }}" }
-      - { name: "influxdb", enabled: "{{ enable_influxdb | bool }}" }
-      - { name: "ironic", enabled: "{{ enable_ironic | bool }}" }
-      - { name: "keystone", enabled: "{{ enable_keystone | bool }}" }
-      - { name: "kuryr", enabled: "{{ enable_kuryr | bool }}" }
-      - { name: "magnum", enabled: "{{ enable_magnum | bool }}" }
-      - { name: "manila", enabled: "{{ enable_manila | bool }}" }
-      - { name: "mariadb", enabled: "{{ enable_mariadb | bool }}" }
-      - { name: "masakari", enabled: "{{ enable_masakari | bool }}" }
-      - { name: "mistral", enabled: "{{ enable_mistral | bool }}" }
-      - { name: "neutron", enabled: "{{ enable_neutron | bool }}" }
-      - { name: "nova", enabled: "{{ enable_nova | bool }}" }
-      - { name: "nova-libvirt", enabled: "{{ enable_nova | bool and enable_nova_libvirt_container | bool }}" }
-      - { name: "octavia", enabled: "{{ enable_octavia | bool }}" }
-      - { name: "opensearch", enabled: "{{ enable_opensearch | bool or enable_opensearch_dashboards | bool }}" }
-      - { name: "openvswitch", enabled: "{{ enable_openvswitch | bool }}" }
-      - { name: "placement", enabled: "{{ enable_placement | bool }}" }
-      - { name: "prometheus", enabled: "{{ enable_prometheus | bool }}" }
-      - { name: "proxysql", enabled: "{{ enable_proxysql | bool }}" }
-      - { name: "rabbitmq", enabled: "{{ enable_rabbitmq | bool }}" }
-      - { name: "redis", enabled: "{{ enable_redis | bool }}" }
-      - { name: "skyline", enabled: "{{ enable_skyline | bool }}" }
-      - { name: "tacker", enabled: "{{ enable_tacker | bool }}" }
-      - { name: "trove", enabled: "{{ enable_trove | bool }}" }
-      - { name: "venus", enabled: "{{ enable_venus | bool }}" }
-      - { name: "watcher", enabled: "{{ enable_watcher | bool }}" }
-      - { name: "zun", enabled: "{{ enable_zun | bool }}" }
-  template:
-    src: "{{ item }}"
-    dest: "{{ node_config_directory }}/cron/logrotate.conf"
-    mode: "0660"
-  become: true
-  when:
-    - common_services.cron | service_enabled_and_mapped_to_host
-  with_first_found:
-    - "{{ node_custom_config }}/cron/{{ inventory_hostname }}/cron-logrotate-global.conf"
-    - "{{ node_custom_config }}/cron/cron-logrotate-global.conf"
-    - "cron-logrotate-global.conf.j2"
-
 - name: Ensure RabbitMQ Erlang cookie exists
   become: true
   template:

ansible/roles/cron/defaults/main.yml

@@ -0,0 +1,38 @@
+---
+cron_services:
+  cron:
+    container_name: cron
+    group: cron
+    enabled: True
+    image: "{{ cron_image_full }}"
+    environment:
+      KOLLA_LOGROTATE_SCHEDULE: "{{ cron_logrotate_schedule }}"
+    volumes: "{{ cron_default_volumes + cron_extra_volumes }}"
+    dimensions: "{{ cron_dimensions }}"
+
+####################
+# Docker
+####################
+cron_dimensions: "{{ default_container_dimensions }}"
+
+cron_image: "{{ docker_image_url }}cron"
+cron_tag: "{{ openstack_tag }}"
+cron_image_full: "{{ cron_image }}:{{ cron_tag }}"
+
+cron_default_volumes:
+  - "{{ node_config_directory }}/cron/:{{ container_config_directory }}/:ro"
+  - "/etc/localtime:/etc/localtime:ro"
+  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
+  - "kolla_logs:/var/log/kolla/"
+cron_extra_volumes: "{{ default_extra_volumes }}"
+
+cron_logrotate_log_maxsize: "100M"
+cron_logrotate_log_minsize: "30M"
+cron_logrotate_rotation_interval: "weekly"
+cron_logrotate_rotation_count: 6
+cron_logrotate_schedule: "daily"
+
+###################
+# Copy certificates
+###################
+cron_copy_certs: "{{ kolla_copy_ca_into_containers | bool }}"

ansible/roles/cron/handlers/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Restart cron container
+  vars:
+    service_name: "cron"
+    service: "{{ cron_services[service_name] }}"
+  become: true
+  kolla_container:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+    environment: "{{ service.environment }}"
+    dimensions: "{{ service.dimensions }}"

ansible/roles/cron/tasks/bootstrap.yml

@@ -0,0 +1 @@
+---

ansible/roles/cron/tasks/check-containers.yml

@@ -0,0 +1,3 @@
+---
+- import_role:
+    name: service-check-containers

ansible/roles/cron/tasks/check.yml

@@ -0,0 +1,4 @@
+---
+- name: Checking Cron containers
+  import_role:
+    role: service-check

ansible/roles/cron/tasks/config.yml

@@ -0,0 +1,101 @@
+---
+- name: Ensuring config directories exist
+  vars:
+    service_name: "{{ 'cron' }}"
+    service: "{{ cron_services[service_name] }}"
+  file:
+    path: "{{ node_config_directory }}/{{ service_name }}"
+    state: "directory"
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"
+    mode: "0770"
+  become: true
+  when: service | service_enabled_and_mapped_to_host
+
+- include_tasks: copy-certs.yml
+  when:
+    - cron_copy_certs | bool
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item.key }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
+    mode: "0660"
+  become: true
+  with_dict: "{{ cron_services | select_services_enabled_and_mapped_to_host }}"
+
+- name: Copying over cron logrotate config file
+  vars:
+    cron_logrotate_enabled_services: >-
+      {{ cron_logrotate_services |
+         selectattr('enabled') |
+         map(attribute='name') |
+         list }}
+    cron_logrotate_services:
+      - { name: "ansible", enabled: "yes" }
+      - { name: "aodh", enabled: "{{ enable_aodh | bool }}" }
+      - { name: "barbican", enabled: "{{ enable_barbican | bool }}" }
+      - { name: "blazar", enabled: "{{ enable_blazar | bool }}" }
+      - { name: "ceilometer", enabled: "{{ enable_ceilometer | bool }}" }
+      - { name: "cinder", enabled: "{{ enable_cinder | bool }}" }
+      - { name: "cloudkitty", enabled: "{{ enable_cloudkitty | bool }}" }
+      - { name: "collectd", enabled: "{{ enable_collectd | bool }}" }
+      - { name: "cyborg", enabled: "{{ enable_cyborg | bool }}" }
+      - { name: "designate", enabled: "{{ enable_designate | bool }}" }
+      - { name: "etcd", enabled: "{{ enable_etcd | bool }}" }
+      - { name: "fluentd", enabled: "{{ enable_fluentd | bool }}" }
+      - { name: "glance", enabled: "{{ enable_glance | bool }}" }
+      - { name: "glance-tls-proxy", enabled: "{{ glance_enable_tls_backend | bool }}" }
+      - { name: "gnocchi", enabled: "{{ enable_gnocchi | bool }}" }
+      - { name: "grafana", enabled: "{{ enable_grafana | bool }}" }
+      - { name: "hacluster", enabled: "{{ enable_hacluster | bool }}" }
+      - { name: "haproxy", enabled: "{{ enable_haproxy | bool }}" }
+      - { name: "heat", enabled: "{{ enable_heat | bool }}" }
+      - { name: "horizon", enabled: "{{ enable_horizon | bool }}" }
+      - { name: "influxdb", enabled: "{{ enable_influxdb | bool }}" }
+      - { name: "ironic", enabled: "{{ enable_ironic | bool }}" }
+      - { name: "keystone", enabled: "{{ enable_keystone | bool }}" }
+      - { name: "kuryr", enabled: "{{ enable_kuryr | bool }}" }
+      - { name: "magnum", enabled: "{{ enable_magnum | bool }}" }
+      - { name: "manila", enabled: "{{ enable_manila | bool }}" }
+      - { name: "mariadb", enabled: "{{ enable_mariadb | bool }}" }
+      - { name: "masakari", enabled: "{{ enable_masakari | bool }}" }
+      - { name: "mistral", enabled: "{{ enable_mistral | bool }}" }
+      - { name: "neutron", enabled: "{{ enable_neutron | bool }}" }
+      - { name: "nova", enabled: "{{ enable_nova | bool }}" }
+      - { name: "nova-libvirt", enabled: "{{ enable_nova | bool and enable_nova_libvirt_container | bool }}" }
+      - { name: "octavia", enabled: "{{ enable_octavia | bool }}" }
+      - { name: "opensearch", enabled: "{{ enable_opensearch | bool or enable_opensearch_dashboards | bool }}" }
+      - { name: "openvswitch", enabled: "{{ enable_openvswitch | bool }}" }
+      - { name: "placement", enabled: "{{ enable_placement | bool }}" }
+      - { name: "prometheus", enabled: "{{ enable_prometheus | bool }}" }
+      - { name: "proxysql", enabled: "{{ enable_proxysql | bool }}" }
+      - { name: "rabbitmq", enabled: "{{ enable_rabbitmq | bool }}" }
+      - { name: "redis", enabled: "{{ enable_redis | bool }}" }
+      - { name: "skyline", enabled: "{{ enable_skyline | bool }}" }
+      - { name: "tacker", enabled: "{{ enable_tacker | bool }}" }
+      - { name: "trove", enabled: "{{ enable_trove | bool }}" }
+      - { name: "venus", enabled: "{{ enable_venus | bool }}" }
+      - { name: "watcher", enabled: "{{ enable_watcher | bool }}" }
+      - { name: "zun", enabled: "{{ enable_zun | bool }}" }
+  template:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/cron/logrotate.conf"
+    mode: "0660"
+  become: true
+  when:
+    - cron_services.cron | service_enabled_and_mapped_to_host
+  with_first_found:
+    - "{{ node_custom_config }}/cron/{{ inventory_hostname }}/cron-logrotate-global.conf"
+    - "{{ node_custom_config }}/cron/cron-logrotate-global.conf"
+    - "cron-logrotate-global.conf.j2"
+
+- name: Ensuring config directories have correct owner and permission
+  become: true
+  file:
+    path: "{{ node_config_directory }}/{{ item.key }}"
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"
+    mode: "0770"
+  ignore_errors: "{{ ansible_check_mode }}"
+  with_dict: "{{ cron_services | select_services_enabled_and_mapped_to_host }}"

ansible/roles/cron/tasks/config_validate.yml

@@ -0,0 +1 @@
+---

ansible/roles/cron/tasks/copy-certs.yml

@@ -0,0 +1,6 @@
+---
+- name: "Copy certificates and keys for {{ project_name }}"
+  import_role:
+    role: service-cert-copy
+  vars:
+    project_services: "{{ cron_services }}"

ansible/roles/cron/tasks/deploy-containers.yml

@@ -0,0 +1,2 @@
+---
+- import_tasks: check-containers.yml

ansible/roles/cron/tasks/deploy.yml

@@ -0,0 +1,9 @@
+---
+- import_tasks: config.yml
+
+- import_tasks: check-containers.yml
+
+- import_tasks: bootstrap.yml
+
+- name: Flush handlers
+  meta: flush_handlers

ansible/roles/cron/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: "{{ kolla_action }}.yml"

ansible/roles/cron/tasks/precheck.yml

@@ -0,0 +1,6 @@
+---
+- import_role:
+    name: service-precheck
+  vars:
+    service_precheck_services: "{{ cron_services }}"
+    service_name: "{{ project_name }}"

ansible/roles/cron/tasks/pull.yml

@@ -0,0 +1,3 @@
+---
+- import_role:
+    role: service-images-pull

ansible/roles/cron/tasks/reconfigure.yml

@@ -0,0 +1,2 @@
+---
+- import_tasks: deploy.yml

ansible/roles/cron/tasks/stop.yml

@@ -0,0 +1,6 @@
+---
+- import_role:
+    name: service-stop
+  vars:
+    project_services: "{{ cron_services }}"
+    service_name: "{{ project_name }}"

ansible/roles/cron/tasks/upgrade.yml

@@ -0,0 +1,7 @@
+---
+- import_tasks: config.yml
+
+- import_tasks: check-containers.yml
+
+- name: Flush handlers
+  meta: flush_handlers

ansible/roles/cron/vars/main.yml

@@ -0,0 +1,2 @@
+---
+project_name: "cron"

ansible/site.yml

@@ -87,7 +87,6 @@
 - name: Apply role common
   gather_facts: false
   hosts:
-    - cron
     - kolla-logs
     - kolla-toolbox
   serial: '{{ kolla_serial|default("0") }}'
@@ -100,6 +99,20 @@
   roles:
     - role: common
 
+- name: Apply role cron
+  gather_facts: false
+  hosts:
+    - cron
+  serial: '{{ kolla_serial|default("0") }}'
+  max_fail_percentage: >-
+    {{ cron_max_fail_percentage |
+       default(kolla_max_fail_percentage) |
+       default(100) }}
+  tags:
+    - cron
+  roles:
+    - role: cron
+
 - name: Apply role fluentd
   gather_facts: false
   hosts:

doc/source/contributor/adding-a-new-service.rst

@@ -42,10 +42,10 @@ which Kolla uses throughout and which should be followed.
 * Log rotation
 
   - For OpenStack services there should be a ``cron-logrotate-PROJECT.conf.j2``
-    template file in ``ansible/roles/common/templates`` with the following
+    template file in ``ansible/roles/cron/templates`` with the following
     content:
 
-    .. path ansible/roles/common/templates/cron-logrotate-PROJECT.conf.j2
+    .. path ansible/roles/cron/templates/cron-logrotate-PROJECT.conf.j2
     .. code-block:: console
 
        "/var/log/kolla/PROJECT/*.log"
@@ -53,7 +53,7 @@ which Kolla uses throughout and which should be followed.
        }
 
   - For OpenStack services there should be an entry in the ``services`` list
-    in the ``cron.json.j2`` template file in ``ansible/roles/common/templates``.
+    in the ``cron.json.j2`` template file in ``ansible/roles/cron/templates``.
 
 * Log delivery
 

releasenotes/notes/cron-break-out-role-fa72289cc100ef53.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    A ``cron`` Ansible role has been created and its deployment is not part
+    of the ``common`` role anymore.