Bump openstacksdk to >1
This patch also vendors the openstack.cloud.subnet
module due to a problem with `disable_gateway_ip`
not being set for newly created subnets[1].
[1]: https://review.opendev.org/c/openstack/ansible-collections-openstack/+/940927
Change-Id: Ia021a1d7b82823c2e7498fdd66da3e2d5c6a8a79
(cherry picked from commit 8ccabb61cb8aa6a86c653cc47e43a648e8e07268)
diff --git a/roles/designate/vars/main.yml b/roles/designate/vars/main.yml
index e6bfe9b..1bf3970 100644
--- a/roles/designate/vars/main.yml
+++ b/roles/designate/vars/main.yml
@@ -26,7 +26,7 @@
max_pool_size: 5
pool_timeout: 30
service:central:
- managed_resource_tenant_id: "{{ _designate_project_info.openstack_projects[0].id }}"
+ managed_resource_tenant_id: "{{ _designate_project_info.projects[0].id }}"
pools: "{{ designate_pools | to_yaml }}"
pod:
replicas:
diff --git a/roles/glance_image/tasks/main.yml b/roles/glance_image/tasks/main.yml
index 5f56e55..5823680 100644
--- a/roles/glance_image/tasks/main.yml
+++ b/roles/glance_image/tasks/main.yml
@@ -26,7 +26,7 @@
- name: Download image and upload into Glance
run_once: true
- when: _image_info.openstack_image == None
+ when: _image_info.images | length == 0
block:
- name: Generate temporary work directory
ansible.builtin.tempfile:
diff --git a/roles/ironic/tasks/network/create.yml b/roles/ironic/tasks/network/create.yml
index 8032983..a459b74 100644
--- a/roles/ironic/tasks/network/create.yml
+++ b/roles/ironic/tasks/network/create.yml
@@ -25,7 +25,7 @@
- name: Create bare metal network subnet
run_once: true
- openstack.cloud.subnet:
+ vexxhost.atmosphere.subnet:
cloud: atmosphere
# Subnet settings
network_name: "{{ ironic_bare_metal_subnet_name }}"
diff --git a/roles/ironic/tasks/network/lookup.yml b/roles/ironic/tasks/network/lookup.yml
index 8838ac9..95a8f71 100644
--- a/roles/ironic/tasks/network/lookup.yml
+++ b/roles/ironic/tasks/network/lookup.yml
@@ -23,11 +23,11 @@
- name: Assert that we match a single network only
ansible.builtin.assert:
that:
- - ironic_bare_metal_networks_info.openstack_networks | length == 1
- fail_msg: "Expected exactly one network, but found {{ ironic_bare_metal_networks_info.openstack_networks | length }}"
+ - ironic_bare_metal_networks_info.networks | length == 1
+ fail_msg: "Expected exactly one network, but found {{ ironic_bare_metal_networks_info.networks | length }}"
success_msg: "Successfully matched a single network"
run_once: true
- name: Set fact with bare metal network information
ansible.builtin.set_fact:
- ironic_bare_metal_network: "{{ ironic_bare_metal_networks_info.openstack_networks[0] }}"
+ ironic_bare_metal_network: "{{ ironic_bare_metal_networks_info.networks[0] }}"
diff --git a/roles/ironic/vars/main.yml b/roles/ironic/vars/main.yml
index a965b1b..7543920 100644
--- a/roles/ironic/vars/main.yml
+++ b/roles/ironic/vars/main.yml
@@ -49,8 +49,8 @@
default_network_interface: flat
conductor:
clean_step_priority_override: deploy.erase_devices_express:5
- deploy_kernel: "{{ ironic_python_agent_deploy_kernel.openstack_image.id }}"
- deploy_ramdisk: "{{ ironic_python_agent_deploy_ramdisk.openstack_image.id }}"
+ deploy_kernel: "{{ ironic_python_agent_deploy_kernel.images.0.id }}"
+ deploy_ramdisk: "{{ ironic_python_agent_deploy_ramdisk.images.0.id }}"
deploy:
erase_devices_priority: 0
erase_devices_metadata_priority: 0
diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml
index df942ec..44a92a6 100644
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@@ -119,6 +119,7 @@
vexxhost.atmosphere.federation_idp:
name: "{{ item.domain.name }}"
domain_id: "{{ item.domain.id }}"
+ is_enabled: true
remote_ids:
- "{{ item.item | vexxhost.atmosphere.issuer_from_domain }}"
loop: "{{ keystone_domains_result.results }}"
diff --git a/roles/manila/tasks/generate_resources.yml b/roles/manila/tasks/generate_resources.yml
index 9bfa6c8..08c5278 100644
--- a/roles/manila/tasks/generate_resources.yml
+++ b/roles/manila/tasks/generate_resources.yml
@@ -43,7 +43,7 @@
- name: Create generic share driver security group tcp rules
openstack.cloud.security_group_rule:
cloud: atmosphere
- security_group: "{{ _manila_service_security_group.id }}"
+ security_group: "{{ _manila_service_security_group.security_group.id }}"
direction: ingress
ethertype: IPv4
protocol: tcp
@@ -58,7 +58,7 @@
- name: Create generic share driver security group icmp rules
openstack.cloud.security_group_rule:
cloud: atmosphere
- security_group: "{{ _manila_service_security_group.id }}"
+ security_group: "{{ _manila_service_security_group.security_group.id }}"
direction: ingress
ethertype: IPv4
protocol: icmp
diff --git a/roles/manila/vars/main.yml b/roles/manila/vars/main.yml
index ce2175d..3c86604 100644
--- a/roles/manila/vars/main.yml
+++ b/roles/manila/vars/main.yml
@@ -58,7 +58,7 @@
path_to_private_key: /etc/manila/ssh-keys/id_rsa
path_to_public_key: /etc/manila/ssh-keys/id_rsa.pub
service_image_name: "{{ manila_image_name }}"
- service_instance_flavor_id: "{{ _manila_flavor.id }}"
+ service_instance_flavor_id: "{{ _manila_flavor.flavor.id }}"
service_instance_security_group: manila-service-security-group
oslo_messaging_notifications:
driver: noop
diff --git a/roles/neutron/tasks/main.yml b/roles/neutron/tasks/main.yml
index eabe333..23da691 100644
--- a/roles/neutron/tasks/main.yml
+++ b/roles/neutron/tasks/main.yml
@@ -87,7 +87,7 @@
until: _result is not failed
- name: Create subnets
- openstack.cloud.subnet:
+ vexxhost.atmosphere.subnet:
cloud: atmosphere
# Subnet settings
network_name: "{{ item.0.name }}"
diff --git a/roles/octavia/tasks/generate_resources.yml b/roles/octavia/tasks/generate_resources.yml
index 5960aa1..e582be4 100644
--- a/roles/octavia/tasks/generate_resources.yml
+++ b/roles/octavia/tasks/generate_resources.yml
@@ -20,13 +20,13 @@
register: _octavia_management_network
- name: Create management subnet
- openstack.cloud.subnet:
+ vexxhost.atmosphere.subnet:
cloud: atmosphere
# Subnet settings
network_name: "{{ octavia_management_network_name }}"
name: "{{ octavia_management_subnet_name }}"
cidr: "{{ octavia_management_subnet_cidr }}"
- no_gateway_ip: true
+ disable_gateway_ip: true
- name: Create health manager security group
openstack.cloud.security_group:
@@ -37,7 +37,7 @@
- name: Create health manager security group rules
openstack.cloud.security_group_rule:
cloud: atmosphere
- security_group: "{{ _octavia_health_manager_sg.id }}"
+ security_group: "{{ _octavia_health_manager_sg.security_group.id }}"
direction: ingress
ethertype: IPv4
protocol: "{{ item.protocol }}"
@@ -67,7 +67,7 @@
if hostvars[item]['octavia_health_manager_ip'] is defined else omit
}}
security_groups:
- - "{{ _octavia_health_manager_sg.id }}"
+ - "{{ _octavia_health_manager_sg.security_group.id }}"
loop: "{{ groups['controllers'] }}"
loop_control:
index_var: _octavia_health_manager_port_index
@@ -110,10 +110,10 @@
- name: Set controller_ip_port_list
ansible.builtin.set_fact:
- _octavia_controller_ip_port_list: "{{ (_octavia_controller_ip_port_list | d([]) + [item.openstack_ports[0].fixed_ips[0].ip_address + ':5555']) | unique }}"
+ _octavia_controller_ip_port_list: "{{ (_octavia_controller_ip_port_list | d([]) + [item.ports[0].fixed_ips[0].ip_address + ':5555']) | unique }}"
loop: "{{ _octavia_health_manager_ports.results }}"
loop_control:
- label: "{{ item.openstack_ports[0].name }}"
+ label: "{{ item.ports[0].name }}"
- name: Create amphora security group
openstack.cloud.security_group:
@@ -124,13 +124,13 @@
- name: Create amphora security group rules
openstack.cloud.security_group_rule:
cloud: atmosphere
- security_group: "{{ _octavia_amphora_sg.id }}"
+ security_group: "{{ _octavia_amphora_sg.security_group.id }}"
direction: ingress
ethertype: IPv4
protocol: tcp
port_range_min: "{{ item.0 }}"
port_range_max: "{{ item.0 }}"
- remote_ip_prefix: "{{ item.1.openstack_ports[0].fixed_ips[0].ip_address }}/32"
+ remote_ip_prefix: "{{ item.1.ports[0].fixed_ips[0].ip_address }}/32"
with_nested:
- [22, 9443]
- "{{ _octavia_health_manager_ports.results }}"
diff --git a/roles/octavia/vars/main.yml b/roles/octavia/vars/main.yml
index 8423aba..1f78f70 100644
--- a/roles/octavia/vars/main.yml
+++ b/roles/octavia/vars/main.yml
@@ -98,10 +98,10 @@
endpoint_type: internalURL
controller_worker:
amp_boot_network_list: "{{ _octavia_management_network.id }}"
- amp_flavor_id: "{{ _octavia_amphora_flavor.id }}"
- amp_image_owner_id: "{{ _octavia_amphora_image.openstack_image.owner }}"
- amp_secgroup_list: "{{ _octavia_amphora_sg.id }}"
- amp_ssh_key_name: "{{ octavia_amphora_ssh_keypair.key.name }}"
+ amp_flavor_id: "{{ _octavia_amphora_flavor.flavor.id }}"
+ amp_image_owner_id: "{{ _octavia_amphora_image.images.0.owner }}"
+ amp_secgroup_list: "{{ _octavia_amphora_sg.security_group.id }}"
+ amp_ssh_key_name: "{{ octavia_amphora_ssh_keypair.keypair.name }}"
client_ca: /etc/octavia/certs/client/ca.crt
volume_driver: volume_cinder_driver
workers: 4
diff --git a/roles/openstacksdk/defaults/main.yml b/roles/openstacksdk/defaults/main.yml
index 27dc31a..96db768 100644
--- a/roles/openstacksdk/defaults/main.yml
+++ b/roles/openstacksdk/defaults/main.yml
@@ -12,4 +12,4 @@
# License for the specific language governing permissions and limitations
# under the License.
-openstacksdk_version: "0.61.0"
+# openstacksdk_version:
diff --git a/roles/openstacksdk/tasks/main.yml b/roles/openstacksdk/tasks/main.yml
index 1a4c3b4..5f082a1 100644
--- a/roles/openstacksdk/tasks/main.yml
+++ b/roles/openstacksdk/tasks/main.yml
@@ -15,7 +15,7 @@
- name: Install openstacksdk
ansible.builtin.pip:
name: openstacksdk
- version: "{{ openstacksdk_version }}"
+ version: "{{ openstacksdk_version | default(omit) }}"
- name: Create openstack config directory
become: true
diff --git a/roles/rook_ceph_cluster/tasks/main.yml b/roles/rook_ceph_cluster/tasks/main.yml
index 0faf0bb..3145bf5 100644
--- a/roles/rook_ceph_cluster/tasks/main.yml
+++ b/roles/rook_ceph_cluster/tasks/main.yml
@@ -96,13 +96,21 @@
password: "{{ openstack_helm_endpoints.identity.auth.rgw.password }}"
domain: service
+# NOTE(mnaser): https://storyboard.openstack.org/#!/story/2010579
- name: Grant access to "service" project
- openstack.cloud.role_assignment:
- cloud: atmosphere
- domain: service
- user: "{{ openstack_helm_endpoints.identity.auth.rgw.username }}"
- project: service
- role: admin
+ changed_when: false
+ ansible.builtin.shell: |
+ set -o posix
+ source /etc/profile.d/atmosphere.sh
+ openstack role add \
+ --user-domain service \
+ --project service \
+ --user {{ openstack_helm_endpoints.identity.auth.rgw.username }} \
+ admin
+ args:
+ executable: /bin/bash
+ environment:
+ OS_CLOUD: atmosphere
- name: Create OpenStack service
openstack.cloud.catalog_service:
diff --git a/roles/tempest/tasks/main.yml b/roles/tempest/tasks/main.yml
index 833cda7..b433ccc 100644
--- a/roles/tempest/tasks/main.yml
+++ b/roles/tempest/tasks/main.yml
@@ -34,10 +34,10 @@
conf:
tempest:
compute:
- image_ref: "{{ _tempest_test_image.openstack_image.id }}"
+ image_ref: "{{ _tempest_test_image.images.0.id }}"
when:
- tempest_helm_values.conf.tempest.compute.image_ref is not defined
- - _tempest_test_image.openstack_image.id is defined
+ - _tempest_test_image.images | length > 0
- name: Get test flavor object
openstack.cloud.compute_flavor_info:
@@ -53,10 +53,10 @@
conf:
tempest:
compute:
- flavor_ref: "{{ _tempest_test_flavor.openstack_flavors[0].id }}"
+ flavor_ref: "{{ _tempest_test_flavor.flavors[0].id }}"
when:
- tempest_helm_values.conf.tempest.compute.flavor_ref is not defined
- - _tempest_test_flavor.openstack_flavors[0].id is defined
+ - _tempest_test_flavor.flavors[0].id is defined
- name: Get test network object
openstack.cloud.networks_info:
@@ -72,10 +72,10 @@
conf:
tempest:
network:
- public_network_id: "{{ _tempest_test_network.openstack_networks[0].id }}"
+ public_network_id: "{{ _tempest_test_network.networks[0].id }}"
when:
- tempest_helm_values.conf.tempest.network.public_network_id is not defined
- - _tempest_test_network.openstack_networks[0].id is defined
+ - _tempest_test_network.networks[0].id is defined
- name: Deploy Helm chart
failed_when: false