Certain branches of the openstacksdk are explicitly converting
`Resource` objects to munch objects to add additional virtual
properties. This means that the module may receive `Resource` or a
`Munch` object. Add a small check.
Change-Id: I413877128d1e2b68d7f39420d19e2560d3d9a99e
When we delete server wait for it to completely disappear from the
results (Nova returns it for some time with the 'DELETED' state). Since
tests (and actually also users) not able to really cope with this wait
for server to be gone completely.
Change-Id: Ie2dde98ae47dd7108d554495d5025df175647d5c
In Neutron external network can be marked as 'default' and such network
will be used in the auto allocate network functionality [1].
This patch adds support for creation of such default network by the
ansible openstack module.
[1] https://docs.openstack.org/neutron/latest/admin/config-auto-allocation.html
Change-Id: I1aeb91f8142cdc506c3343871e95dcad13f44da0
Specifying CIDR during creation of subnet from subnet pool is a valid
operation. Moreover, in case of use of a subnet pool with multiple
subnets, cidr is a mandatory paramter for creating subnet.
Following code should be valid:
- name: Create subnet
openstack.cloud.subnet:
name: "subnet_name"
network: "some_network"
gateway_ip: "192.168.0.1"
allocation_pool_start: "192.168.0.2"
allocation_pool_end: "192.168.0.254"
cidr: "192.168.0.0/24"
ip_version: 4
subnet_pool: "192.168.0.0/24"
This scenario is added as a subnet-pool.yaml test in the test role.
Change-Id: I1163ba34ac3079f76dd0b7477a80a2135985a650
Since setuptools release (61.0.0) ansible-collection-openstack's
package build command (python3 setup.py sdist bdist_wheel) is
finding multiple top-level packages in a flat-layout automatically.
This issue is mentioned in setuptools bug 3197 [1], and the suggested
workaround is to disable auto-discovery by adding 'py_modules=[]' in
setup.py.
[1] https://github.com/pypa/setuptools/issues/3197
Change-Id: I4aef1fd59375c4a3bc9e362e7949fa153e4cbcb0
Creating a port with a binding profile now requires a user with the
service role. This fixes CI by removing the tasks which create a port
with a binding profile. The new policy implies that only other openstack
services should be doing this. The capability can remain in the module,
but it is unlikely to be used unless with a custom or deprecated policy.
Change-Id: I89306d35670503d2fc8e76c030d88f64c20eca08
If a router is created in a specific project, the router module
tried to find its external network in the same project. This would fail
with 'No Network found for <network>' if the external network is in a
different project. This behaviour has changed, most likely in [1] when
the project scoping was added to the find_network function call.
This change modifies the network query to first check the project, then
fall back to a global search if the network is not found. This ensures
that if there are multiple networks with the name we will choose one in
the project first, while allowing use of a network in a different
project.
A regression test has been added to cover this case.
[1] 3fdbd56a58
Closes-Bug: #2049658
Change-Id: Iddc0c63a2ce3c500d7be2f8802f718a22f2895ae
The linters-devel job fails with:
ansible-test sanity: error: argument --skip-test: invalid choice:
'metaclass-boilerplate' (choose from 'action-plugin-docs', ...)
The functional test fails with:
The conditional check 'info1.volumes | selectattr("id", "equalto", "{{
info.volumes.0.id }}") | list | length == 1' failed. The error was:
Conditional is marked as unsafe, and cannot be evaluated.
This is due to a change in Ansible 2.17 preventing embedded templates
from referencing unsafe data [1].
[1] https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_9.html#playbook
Change-Id: I2f8411cac1403568afb13c2b96ba452c4c81f126
Changes to the port_security_enabled parameter are not applied due to
mismatching key names.
In the port module, the input parameter is called `port_security_enabled`,
while the OpenStackSDK is using a field called `is_port_security_enabled`.
When updating an existing port, the port module is comparing the dictionary
keys of the Ansible module parameters with those of the port object
returned by the OpenStackSDK.
Since these keys different, they will not match and changes to
port security are not applied.
Story: 2010687
Task: 47789
Change-Id: I838e9d6ebf1a281269add91724eac240abe35fd4
Current logic assumes that external_fixed_ips should be always defined,
otherwise `req_fip_map` is an empty sequence, which makes _needs_update
to return True.
With that not having external_fixed_ips is a vaild case whenever
deployment does not have shared public network. This usually
the case when public network is not passed to computes and public
network is used only for routers and floating IPs.
Patch changes logic by addind a `is not None` support to only compare
external_fip configration when user explicitly passed something (passing
an empty dict is equal to requesting "empty" configuration).
Co-Authored-by: Artem Goncharov
Change-Id: Id0f69fe4c985c4c38b493577250cad4e589b9d24
At the moment `subnet` is an alias of `subnet_id`. The way, how aliases
work in ansible modules, is that ansible does add intended key to param
in case alias is used. When riginal key is used, aliases are not
populated.
Right now in case user define `subnet_id` instead of its alias `subnet`
module will fail with KeyError.
Change-Id: I5ce547352097ea821be4c9bbc18147575986c740
New module to manipulate volume type encryption. Including simple CI
task to verify functionality.
Change-Id: I7380a5d258c3df1f9bd512aa4295868294391e31
Added 2 new modules to manipulate volume types in OpenStack
* volume_type is used to create, delete and modify volume type
* volume_type_info is used to show volume_type details, including
encryption information
ci tests extended with additional role to test basic module behaviour
It is currently impossible to update is_public volume type attribute
as it is being changed to "os-volume-type-access:is_public" which is not
expected by api. Which expects just "is_public"
https://docs.openstack.org/api-ref/block-storage/v3/?expanded=update-a-volume-type-detail#update-a-volume-type
Which results in "'os-volume-type-access:is_public' was unexpected"
reply. I guess the change is required by openstacksdk or on the API side
Change-Id: Idc26a5240b5f3314c8384c7326d8a82dcc8c6171
Right now linters test fail due to a trivial issue in mock loader.
This aims to fix CI for the repo.
Change-Id: Ib58e70d3a54b75ca4cb9ad86b761db1ded157143
At the moment we generate a set as a filter for image checksums which
lead to AttributeError in SDK:
'set' object has no attribute 'keys'
With that we ensure that supllying checksum does not cause
module crash.
Change-Id: I490f51950592f62c9ad81806593340779bf6dbdb
Before this fix the current implementation in combination with the most
recent openstacksdk (1.2.0) resulted in a list containing the default
values and another list inside this list containing the value of
clouds_yaml_path. The clouds_yaml_path value gets now added directly to
the list only if it was set.
Change-Id: I3c3b6f59393928d098e9b80c55b87fc6ee1e9912
Security group rules in module openstack.cloud.security_group
are changed/updated only when option 'security_group_rules' was
defined explicitly. This follows our policy of "apply no change"
when module options in our Ansible modules have not been set.
Story: 2010691
Task: 47795
Change-Id: I4a0cda46cb160b5321913b63ff1123d8b8a19705
In order to execute addTenantAccess or removeTenantAccess
a flavor should have have is_public set to false, which means it must
be private.
Change-Id: Iea1c4e7167b7134a4f70a4fb44fc0a8676265419
The description option of security group rules will now be used properly
when creating new rules.
Security group rules have to be deleted first before new ones get
created, because if one changes one rule attribute such as its
description, then the old rule must be deleted before recreating it,
as rules cannot be updated.
Story: 2010605
Task: 47486
Change-Id: I75b900e6675f7ec33532089738a6c2bfc10a898b
Story: #2010527
Task: #47136
Sort records in recordset so it can be compared to existing ones
and not to trigger update in case of a different order.
Change-Id: Ib5d2af56616532174c29ec2be86827ccd0a17940
YAML output of ansible-inventory does not guarantee which group will
actually populate hosts with all their host vars.
Change-Id: Ia7d46898b8e91bafff05873be2b3c92bc85d83d2
This removes the old inventory script only. For a proper replacement,
please use inventory plugin openstack.cloud.openstack.
Change-Id: Ib677862c049b70f39630d56a147bd5537b12fb2b
