Fix linters and metadata

With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Change-Id: Id8215882ee528d4c3055479e770c7432616649ba
This commit is contained in:
Dmitriy Rabotyagov 2023-07-17 15:38:00 +02:00
parent 048f9d548e
commit d94e57f17b
9 changed files with 120 additions and 66 deletions

View File

@ -20,7 +20,11 @@ debug: False
# for the service setup. The host must already have # for the service setup. The host must already have
# clouds.yaml properly configured. # clouds.yaml properly configured.
octavia_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}" octavia_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
octavia_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}" octavia_service_setup_host_python_interpreter: >-
{{
openstack_service_setup_host_python_interpreter | default(
(octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
}}
# Set installation method. # Set installation method.
octavia_install_method: "{{ service_install_method | default('source') }}" octavia_install_method: "{{ service_install_method | default('source') }}"
@ -42,7 +46,8 @@ octavia_package_state: "{{ package_state | default('latest') }}"
octavia_git_repo: https://opendev.org/openstack/octavia octavia_git_repo: https://opendev.org/openstack/octavia
octavia_git_install_branch: master octavia_git_install_branch: master
octavia_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}" octavia_upper_constraints_url: >-
{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}
octavia_git_constraints: octavia_git_constraints:
- "--constraint {{ octavia_upper_constraints_url }}" - "--constraint {{ octavia_upper_constraints_url }}"
@ -67,7 +72,11 @@ octavia_cinder_volume_type: "volumes-hdd"
## Database info ## Database info
octavia_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}" octavia_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
octavia_db_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((octavia_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}" octavia_db_setup_python_interpreter: >-
{{
openstack_db_setup_python_interpreter | default(
(octavia_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
}}
octavia_galera_address: "{{ galera_address | default('127.0.0.1') }}" octavia_galera_address: "{{ galera_address | default('127.0.0.1') }}"
octavia_galera_user: octavia octavia_galera_user: octavia
octavia_galera_database: octavia octavia_galera_database: octavia
@ -75,7 +84,7 @@ octavia_galera_persistence_database: octavia_persistence
octavia_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" octavia_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
octavia_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}" octavia_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
octavia_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}" octavia_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}"
octavia_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}" octavia_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}"
octavia_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}" octavia_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}"
octavia_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}" octavia_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}"
octavia_galera_port: "{{ galera_port | default('3306') }}" octavia_galera_port: "{{ galera_port | default('3306') }}"
@ -106,7 +115,8 @@ octavia_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}"
# Notify # Notify
octavia_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}" octavia_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
octavia_oslomsg_notify_setup_host: "{{ (octavia_oslomsg_notify_host_group in groups) | ternary(groups[octavia_oslomsg_notify_host_group][0], 'localhost') }}" octavia_oslomsg_notify_setup_host: >-
{{ (octavia_oslomsg_notify_host_group in groups) | ternary(groups[octavia_oslomsg_notify_host_group][0], 'localhost') }}
octavia_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}" octavia_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
octavia_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}" octavia_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
octavia_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}" octavia_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
@ -279,17 +289,21 @@ octavia_security_group_rule_cidr: "{{ octavia_management_net_subnet_cidr }}"
octavia_ssh_enabled: False octavia_ssh_enabled: False
octavia_ssh_key_name: octavia_key octavia_ssh_key_name: octavia_key
octavia_keypair_setup_host: "{{ openstack_service_setup_host | default('localhost') }}" octavia_keypair_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
octavia_keypair_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((octavia_keypair_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}" octavia_keypair_setup_host_python_interpreter: >-
{{
openstack_service_setup_host_python_interpreter | default((octavia_keypair_setup_host == 'localhost') | ternary(
ansible_playbook_python, ansible_facts['python']['executable']))
}}
# port the agent listens on # port the agent listens on
octavia_agent_port: "9443" octavia_agent_port: "9443"
octavia_health_manager_port: 5555 octavia_health_manager_port: 5555
#Octavia Nova flavor # Octavia Nova flavor
octavia_amp_flavor_name: "m1.amphora" octavia_amp_flavor_name: "m1.amphora"
octavia_amp_ram: 1024 octavia_amp_ram: 1024
octavia_amp_vcpu: 1 octavia_amp_vcpu: 1
octavia_amp_disk: 20 octavia_amp_disk: 20
#octavia_amp_extra_specs: # octavia_amp_extra_specs:
# only increase when it's a really busy system since this is by deployed host, # only increase when it's a really busy system since this is by deployed host,
# e.g. 3 hosts, 5 workers (this param) per host, results in 15 worker total # e.g. 3 hosts, 5 workers (this param) per host, results in 15 worker total
@ -337,7 +351,7 @@ octavia_amp_availability_zone: nova
# dest: "/etc/octavia/templates/macros.cfg.j2" # dest: "/etc/octavia/templates/macros.cfg.j2"
octavia_user_haproxy_templates: {} octavia_user_haproxy_templates: {}
# Path of custom haproxy template file # Path of custom haproxy template file
#octavia_haproxy_amphora_template: /etc/octavia/templates/haproxy.cfg.j2 # octavia_haproxy_amphora_template: /etc/octavia/templates/haproxy.cfg.j2
# Name of the Octavia management network in Neutron # Name of the Octavia management network in Neutron
octavia_neutron_management_network_name: lbaas-mgmt octavia_neutron_management_network_name: lbaas-mgmt
@ -346,7 +360,7 @@ octavia_provider_network_name: lbaas
# Network type # Network type
octavia_provider_network_type: flat octavia_provider_network_type: flat
# Network segmentation ID if vlan, gre... # Network segmentation ID if vlan, gre...
#octavia_provider_segmentation_id: # octavia_provider_segmentation_id:
# Network CIDR # Network CIDR
octavia_management_net_subnet_cidr: 172.29.232.0/22 octavia_management_net_subnet_cidr: 172.29.232.0/22
# Example allocation range: # Example allocation range:
@ -359,13 +373,18 @@ octavia_service_net_setup: True
# This should match net_name from provider_networks structure in openstack_user_config # This should match net_name from provider_networks structure in openstack_user_config
octavia_provider_inventory_net_name: "{{ octavia_provider_network_name }}" octavia_provider_inventory_net_name: "{{ octavia_provider_network_name }}"
# This gets container managment network structure based on octavia_provider_inventory_net_name # This gets container managment network structure based on octavia_provider_inventory_net_name
octavia_provider_network: "{{ provider_networks|map(attribute='network')|selectattr('net_name','defined')|selectattr('net_name', 'equalto', octavia_provider_inventory_net_name)|list|first }}" octavia_provider_network: >-
{{ provider_networks | map(attribute='network') | selectattr('net_name', 'defined') | selectattr(
'net_name', 'equalto', octavia_provider_inventory_net_name) | list | first
}}
# The name of the network address pool # The name of the network address pool
octavia_container_network_name: "{{ octavia_provider_network['ip_from_q'] }}_address" octavia_container_network_name: "{{ octavia_provider_network['ip_from_q'] }}_address"
octavia_hm_group: "octavia-health-manager" octavia_hm_group: "octavia-health-manager"
# Note: We use some heuristics here but if you do anything special make sure to use the # Note: We use some heuristics here but if you do anything special make sure to use the
# ip addresses on the right network. This will use the container networking to figure out the ip # ip addresses on the right network. This will use the container networking to figure out the ip
octavia_hm_hosts: "{% for host in groups[octavia_hm_group] %}{{ hostvars[host]['container_networks'][octavia_container_network_name]['address'] }}{% if not loop.last %},{% endif %}{% endfor %}" octavia_hm_hosts: >-
{% for host in groups[octavia_hm_group] %}{{ hostvars[host]['container_networks'][octavia_container_network_name]['address'] }}{%
if not loop.last %},{% endif %}{% endfor %}
# Set this to the right container port aka the eth you connect to the octavia # Set this to the right container port aka the eth you connect to the octavia
# management network # management network
octavia_container_interface: "{{ octavia_provider_network.container_interface }}" octavia_container_interface: "{{ octavia_provider_network.container_interface }}"
@ -382,7 +401,7 @@ octavia_iptables_rules:
- # Allow existing connections: - # Allow existing connections:
chain: INPUT chain: INPUT
in_interface: "{{ octavia_container_interface }}" in_interface: "{{ octavia_container_interface }}"
ctstate: RELATED,ESTABLISHED ctstate: RELATED,ESTABLISHED
jump: ACCEPT jump: ACCEPT
- # Allow heartbeat: - # Allow heartbeat:
chain: INPUT chain: INPUT
@ -406,7 +425,7 @@ octavia_iptables_rules:
- # Allow existing connections - # Allow existing connections
chain: INPUT chain: INPUT
in_interface: "{{ octavia_container_interface }}" in_interface: "{{ octavia_container_interface }}"
ctstate: RELATED,ESTABLISHED ctstate: RELATED,ESTABLISHED
jump: ACCEPT jump: ACCEPT
ip_version: ipv6 ip_version: ipv6
- # Allow heartbeat - # Allow heartbeat
@ -429,7 +448,8 @@ octavia_iptables_rules:
# uWSGI Settings # uWSGI Settings
octavia_wsgi_processes_max: 16 octavia_wsgi_processes_max: 16
octavia_wsgi_processes: "{{ [[(ansible_facts['processor_vcpus']//ansible_facts['processor_threads_per_core'])|default(1), 1] | max * 2, octavia_wsgi_processes_max] | min }}" octavia_wsgi_processes: >-
{{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, octavia_wsgi_processes_max] | min }}
octavia_wsgi_threads: 1 octavia_wsgi_threads: 1
octavia_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}" octavia_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
octavia_uwsgi_tls: octavia_uwsgi_tls:
@ -578,27 +598,27 @@ octavia_cert_install_certificates:
condition: "{{ octavia_generate_certs | bool }}" condition: "{{ octavia_generate_certs | bool }}"
# Custom client CA # Custom client CA
#octavia_client_ca: "{{ octavia_cert_dir }}/ca_01.pem" # octavia_client_ca: "{{ octavia_cert_dir }}/ca_01.pem"
## Custom client certs ## Custom client certs
#octavia_client_cert: "{{ octavia_cert_dir }}/client.pem" # octavia_client_cert: "{{ octavia_cert_dir }}/client.pem"
#octavia_client_key: "{{ octavia_cert_dir }}/client.key.pem" # octavia_client_key: "{{ octavia_cert_dir }}/client.key.pem"
## server ## server
#octavia_server_ca: "{{ octavia_ca_certificate }}" # octavia_server_ca: "{{ octavia_ca_certificate }}"
## ca certs ## ca certs
#octavia_ca_private_key: "{{ octavia_cert_dir }}/private/cakey.pem" # octavia_ca_private_key: "{{ octavia_cert_dir }}/private/cakey.pem"
octavia_ca_private_key_passphrase: "{{ octavia_cert_client_password }}" octavia_ca_private_key_passphrase: "{{ octavia_cert_client_password }}"
#octavia_ca_certificate: "{{ octavia_cert_dir }}/ca_server_01.pem" # octavia_ca_certificate: "{{ octavia_cert_dir }}/ca_server_01.pem"
# Quotas for the Octavia user - assuming active/passive topology # Quotas for the Octavia user - assuming active/passive topology
octavia_num_instances: 10000 # 5000 LB in active/passive octavia_num_instances: 10000 # 5000 LB in active/passive
octavia_ram: "{{ (octavia_num_instances|int)*1024 }}" octavia_ram: "{{ (octavia_num_instances | int) * 1024 }}"
octavia_num_server_groups: "{{ ((octavia_num_instances|int)*0.5)|int|abs }}" octavia_num_server_groups: "{{ ((octavia_num_instances | int) * 0.5) | int | abs }}"
octavia_num_server_group_members: 50 octavia_num_server_group_members: 50
octavia_num_cores: "{{ octavia_num_instances }}" octavia_num_cores: "{{ octavia_num_instances }}"
octavia_num_secgroups: "{{ (octavia_num_instances|int)*1.5|int|abs }}" # average 3 listener per lb octavia_num_secgroups: "{{ (octavia_num_instances | int) * 1.5 | int | abs }}" # average 3 listener per lb
octavia_num_ports: "{{ (octavia_num_instances|int)*10 }}" # at least instances * 10 octavia_num_ports: "{{ (octavia_num_instances | int) * 10 }}" # at least instances * 10
octavia_num_security_group_rules: "{{ (octavia_num_secgroups|int)*100 }}" octavia_num_security_group_rules: "{{ (octavia_num_secgroups | int) * 100 }}"
## Tunable overrides ## Tunable overrides
octavia_octavia_conf_overrides: {} octavia_octavia_conf_overrides: {}
@ -623,5 +643,5 @@ octavia_api_ssl_cert: /etc/octavia/certs/octavia-api.pem
octavia_api_ssl_key: /etc/octavia/certs/octavia-api.key octavia_api_ssl_key: /etc/octavia/certs/octavia-api.key
# Define user-provided SSL certificates # Define user-provided SSL certificates
#octavia_api_user_ssl_cert: <path to cert on ansible deployment host> # octavia_api_user_ssl_cert: <path to cert on ansible deployment host>
#octavia_api_user_ssl_key: <path to cert on ansible deployment host> # octavia_api_user_ssl_key: <path to cert on ansible deployment host>

View File

@ -18,16 +18,21 @@ galaxy_info:
description: Installation and setup of octavia description: Installation and setup of octavia
company: Rackspace company: Rackspace
license: Apache2 license: Apache2
min_ansible_version: 2.2 role_name: os_octavia
namespace: openstack
min_ansible_version: "2.10"
platforms: platforms:
- name: Debian - name: Debian
versions: versions:
- buster - bullseye
- name: Ubuntu - name: Ubuntu
versions: versions:
- bionic
- focal - focal
categories: - jammy
- name: EL
versions:
- "9"
galaxy_tags:
- cloud - cloud
- development - development
- octavia - octavia

View File

@ -51,7 +51,8 @@
tags: tags:
- always - always
- include_role: - name: Including osa.db_setup role
include_role:
name: openstack.osa.db_setup name: openstack.osa.db_setup
apply: apply:
tags: tags:
@ -77,7 +78,8 @@
tags: tags:
- always - always
- include_role: - name: Including osa.mq_setup role
include_role:
name: openstack.osa.mq_setup name: openstack.osa.mq_setup
apply: apply:
tags: tags:
@ -104,7 +106,8 @@
tags: tags:
- always - always
- import_tasks: octavia_pre_install.yml - name: Importing octavia_pre_install tasks
import_tasks: octavia_pre_install.yml
tags: tags:
- octavia-install - octavia-install
@ -135,6 +138,9 @@
src: /etc/octavia/certs/ src: /etc/octavia/certs/
dest: /etc/octavia/certs/client.pem dest: /etc/octavia/certs/client.pem
regexp: '(client\.pem\.crt|client\.pem\.key)$' regexp: '(client\.pem\.crt|client\.pem\.key)$'
owner: "{{ octavia_system_user_name }}"
group: "{{ octavia_system_group_name }}"
mode: "0640"
notify: notify:
- Restart octavia services - Restart octavia services
- Restart uwsgi services - Restart uwsgi services
@ -145,7 +151,8 @@
- octavia-install - octavia-install
- import_tasks: octavia_install.yml - name: Importing octavia_install tasks
import_tasks: octavia_install.yml
tags: tags:
- octavia-install - octavia-install
@ -169,16 +176,17 @@
systemd_tempd_prefix: openstack systemd_tempd_prefix: openstack
systemd_slice_name: "{{ octavia_system_slice_name }}" systemd_slice_name: "{{ octavia_system_slice_name }}"
systemd_lock_dir: "{{ octavia_lock_dir }}" systemd_lock_dir: "{{ octavia_lock_dir }}"
systemd_CPUAccounting: true systemd_service_cpu_accounting: true
systemd_BlockIOAccounting: true systemd_service_block_io_accounting: true
systemd_MemoryAccounting: true systemd_service_memory_accounting: true
systemd_TasksAccounting: true systemd_service_tasks_accounting: true
systemd_services: "{{ filtered_octavia_services }}" systemd_services: "{{ filtered_octavia_services }}"
tags: tags:
- octavia-config - octavia-config
- systemd-service - systemd-service
- include_role: - name: Including osa.service_setup role
include_role:
name: openstack.osa.service_setup name: openstack.osa.service_setup
apply: apply:
tags: tags:
@ -218,7 +226,8 @@
tags: tags:
- always - always
- include_tasks: octavia_mgmt_network.yml - name: Including octavia_mgmt_network tasks
include_tasks: octavia_mgmt_network.yml
args: args:
apply: apply:
tags: tags:
@ -231,13 +240,15 @@
tags: tags:
- always - always
- import_tasks: octavia_security_group.yml - name: Importing octavia_security_group tasks
import_tasks: octavia_security_group.yml
when: when:
- _octavia_is_first_play_host - _octavia_is_first_play_host
tags: tags:
- octavia-install - octavia-install
- include_tasks: octavia_keypair.yml - name: Including octavia_keypair tasks
include_tasks: octavia_keypair.yml
args: args:
apply: apply:
tags: tags:
@ -247,7 +258,8 @@
tags: tags:
- always - always
- include_tasks: octavia_flavor_create.yml - name: Importing octavia_flavor_create tasks
include_tasks: octavia_flavor_create.yml
args: args:
apply: apply:
tags: tags:
@ -259,24 +271,28 @@
tags: tags:
- always - always
- import_tasks: octavia_post_install.yml - name: Importing octavia_post_install tasks
import_tasks: octavia_post_install.yml
tags: tags:
- octavia-install - octavia-install
- octavia-config - octavia-config
- import_tasks: octavia_db_sync.yml - name: Importing octavia_db_sync tasks
import_tasks: octavia_db_sync.yml
when: when:
- _octavia_is_first_play_host - _octavia_is_first_play_host
tags: tags:
- octavia-install - octavia-install
- import_tasks: octavia_policy.yml - name: Importing octavia_policy tasks
import_tasks: octavia_policy.yml
tags: tags:
- octavia-install - octavia-install
- octavia-config - octavia-config
- octavia-policy-override - octavia-policy-override
- include_tasks: octavia_amp_image.yml - name: Including octavia_amp_image tasks
include_tasks: octavia_amp_image.yml
args: args:
apply: apply:
tags: tags:

View File

@ -34,6 +34,7 @@
get_url: get_url:
url: "{{ octavia_artefact_url }}" url: "{{ octavia_artefact_url }}"
dest: "{{ octavia_amp_image_path }}" dest: "{{ octavia_amp_image_path }}"
mode: "0644"
retries: 10 retries: 10
delay: 10 delay: 10
register: octavia_download_result register: octavia_download_result
@ -74,6 +75,7 @@
--private --private
--project {{ octavia_service_project_name }} --project {{ octavia_service_project_name }}
amphora-x64-haproxy amphora-x64-haproxy
changed_when: false
- name: Delete old image from glance - name: Delete old image from glance
openstack.cloud.image: openstack.cloud.image:

View File

@ -6,6 +6,7 @@
section: "octavia" section: "octavia"
option: "install_method" option: "install_method"
value: "{{ octavia_install_method }}" value: "{{ octavia_install_method }}"
mode: "0644"
- name: Refresh local facts to ensure the octavia section is present - name: Refresh local facts to ensure the octavia section is present
setup: setup:
@ -33,8 +34,11 @@
venv_install_destination_path: "{{ octavia_bin | dirname }}" venv_install_destination_path: "{{ octavia_bin | dirname }}"
venv_install_distro_package_list: "{{ octavia_distro_packages }}" venv_install_distro_package_list: "{{ octavia_distro_packages }}"
venv_pip_install_args: "{{ octavia_pip_install_args }}" venv_pip_install_args: "{{ octavia_pip_install_args }}"
venv_pip_packages: "{{ octavia_pip_packages | union(octavia_user_pip_packages) + venv_pip_packages: >-
(octavia_oslomsg_amqp1_enabled | bool) | ternary(octavia_optional_oslomsg_amqp1_pip_packages, []) }}" {{
octavia_pip_packages | union(octavia_user_pip_packages) +
(octavia_oslomsg_amqp1_enabled | bool) | ternary(octavia_optional_oslomsg_amqp1_pip_packages, [])
}}
venv_facts_when_changed: venv_facts_when_changed:
- section: "octavia" - section: "octavia"
option: "venv_tag" option: "venv_tag"

View File

@ -35,6 +35,7 @@
copy: copy:
content: "{{ _octavia_keypair['keypair']['private_key'] }}" content: "{{ _octavia_keypair['keypair']['private_key'] }}"
dest: "{{ lookup('env', 'HOME') }}/.ssh/{{ octavia_ssh_key_name }}" dest: "{{ lookup('env', 'HOME') }}/.ssh/{{ octavia_ssh_key_name }}"
mode: "0600"
delegate_to: localhost delegate_to: localhost
when: when:
- _octavia_keypair is changed - _octavia_keypair is changed

View File

@ -15,7 +15,7 @@
# iptables module doesn't see empty string as a null value so this is the only # iptables module doesn't see empty string as a null value so this is the only
# way to get a configurable rule definition in right now # way to get a configurable rule definition in right now
- name: iptables rules - name: IPtables rules
iptables: "{{ item }}" iptables: "{{ item }}"
with_items: "{{ octavia_iptables_rules }}" with_items: "{{ octavia_iptables_rules }}"
when: octavia_ip_tables_fw | bool when: octavia_ip_tables_fw | bool
@ -23,13 +23,15 @@
# This is totally odd: If you run the commands via run-parts (as the script # This is totally odd: If you run the commands via run-parts (as the script
# in the distro does) they return 1; but do their job. If you run them # in the distro does) they return 1; but do their job. If you run them
# directly they work. Ignoring errors for now -- # directly they work. Ignoring errors for now --
- name: save iptables rules (Debian/Ubuntu) - name: Save iptables rules (Debian/Ubuntu)
command: netfilter-persistent save command: netfilter-persistent save
changed_when: false
failed_when: false failed_when: false
when: ansible_facts['os_family'] == 'Debian' when: ansible_facts['os_family'] == 'Debian'
- name: save iptables rules (CentOS) - name: Save iptables rules (CentOS)
shell: iptables-save > /etc/sysconfig/iptables shell: iptables-save > /etc/sysconfig/iptables
changed_when: false
when: when:
- ansible_facts['distribution'] == 'CentOS' - ansible_facts['distribution'] == 'CentOS'

View File

@ -33,9 +33,9 @@
file: file:
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
owner: "{{ item.owner|default(octavia_system_user_name) }}" owner: "{{ item.owner | default(octavia_system_user_name) }}"
group: "{{ item.group|default(octavia_system_group_name) }}" group: "{{ item.group | default(octavia_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}" mode: "{{ item.mode | default('0755') }}"
with_items: with_items:
- { path: "/openstack", owner: "root", group: "root" } - { path: "/openstack", owner: "root", group: "root" }
- { path: "/openstack/venvs", owner: "root", group: "root" } - { path: "/openstack/venvs", owner: "root", group: "root" }

View File

@ -13,7 +13,11 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
_octavia_is_first_play_host: "{{ (octavia_services['octavia-api']['group'] in group_names and inventory_hostname == (groups[octavia_services['octavia-api']['group']] | intersect(ansible_play_hosts)) | first) | bool }}" _octavia_is_first_play_host: >-
{{
(octavia_services['octavia-api']['group'] in group_names and
inventory_hostname == (groups[octavia_services['octavia-api']['group']] | intersect(ansible_play_hosts)) | first) | bool
}}
# #
# Compile a list of the services on a host based on whether # Compile a list of the services on a host based on whether
@ -65,14 +69,14 @@ uwsgi_octavia_services: |-
{{ services }} {{ services }}
_octavia_legacy_policies: _octavia_legacy_policies:
"context_is_admin": "role:admin or role:load-balancer_admin" "context_is_admin": "role:admin or role:load-balancer_admin"
"admin_or_owner": "is_admin:True or project_id:%(project_id)s" "admin_or_owner": "is_admin:True or project_id:%(project_id)s"
"load-balancer:read": "rule:admin_or_owner" "load-balancer:read": "rule:admin_or_owner"
"load-balancer:read-global": "is_admin:True" "load-balancer:read-global": "is_admin:True"
"load-balancer:write": "rule:admin_or_owner" "load-balancer:write": "rule:admin_or_owner"
"load-balancer:read-quota": "rule:admin_or_owner" "load-balancer:read-quota": "rule:admin_or_owner"
"load-balancer:read-quota-global": "is_admin:True" "load-balancer:read-quota-global": "is_admin:True"
"load-balancer:write-quota": "is_admin:True" "load-balancer:write-quota": "is_admin:True"
_octavia_jobboard_driver_map: _octavia_jobboard_driver_map:
zookeeper: zookeeper_taskflow_driver zookeeper: zookeeper_taskflow_driver