The openstack.cloud.port module always fails in check mode due to it
calls PortModule._will_change() with the wrong number of arguments.
Change-Id: I7e8a4473df8bb27d888366b444a54d3f7b1c2fa8
With this change, multiple allocation pool may be specified when creating
a subnet. Allocation pools are defined as a list of dictionaries.
For example:
openstack.cloud.subnet:
name: sub1
network: network1
cidr: 192.168.0.0/24
ip_version: 4
allocation_pools:
- start: 192.168.0.10
end: 192.168.0.50
- start: 192.168.0.100
end: 192.168.0.150
Change-Id: I77a06990de082466dc6265a14c379b8bbaf789e8
Adds target_all_project option to neutron_rbac_policy
module, for specifing all projects as target projects
explicitly.
Change-Id: I1393463a79fc83bcda7aa5642f5d3ed27fb195b5
Add a way to filter which volume service is running on a host or list
which hosts run available volume services.
Closes-Bug: #2010490
Change-Id: Icb17f6019a61d9346472d83ddcd2ad29c340ea05
Glance images can be deactivated ad reactivated with corresponding
API calls. It might be useful for operators to be able to control
these states through ansible modules as well. Instead of introduction
of the new parameter we're adding new state for the image that is
`inactive`.
Change-Id: I0738ff564f81a31690872450a4731340ed6bbeb1
There is an issue with the logic that results in a failure
to create a server when auto_ip is false. This patch tests
for the bool value of auto_ip and the two lists rather that
None.
Closes-Bug: #2049046
Change-Id: I2664c087c4bde83c4033ab3eb9d3e97dafb9e5cb
Signed-off-by: James Denton <james.denton@rackspace.com>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Adds the use_import parameter to enable interop import so
images that need transformation by glance can have it, such as
format conversion.
Closes-Bug: 2084481
Change-Id: I39d1e94ff8ab9f0e0b99c1cef9a814eef0b1f060
SDK does return all keys and values of the template labels as
strings. At the same time user can define some labels as integers or
booleans, which will break comparison of labels and lead to module
failure on consecutive runs.
Change-Id: I7ab624428c8bb06030a2b28888f5cb89bb249f08
This adds a Ansible module for managing a
Neutron trunk and the sub ports associated
with the trunk.
Change-Id: I0e1c6798b6cc30062c881d1f92fdd4d630d31106
A ValueError is raised when running the object_container module with the
`metadata` param against a container with existing metadata.
When the module attempts to enumerate the existing container metadata, a
ValueError exception is raised, because the code is iterating over the
metadata keys, instead of `dict_items`.
Compare to the iteration through another dict `metadata` on the next
line:
new_metadata = dict((k, v) for k, v in metadata.items()
This change adds a call to `items()` on the dictionary.
Note that this is added outside the parentheses so that the behaviour of the
`or` statement is not affected, and that another exception isn't caused
if `container.metadata` is not a dict.
Closes-Bug: #2071934
Change-Id: Ie5e1f275839e38340a75ab18c3b9ec9bc7745d68
When creating a new object from file, a AttributeError is raised.
This is caused because the sdk does not return anything when creating an
object from a file.
With this change, the `_create` function will always return an object.
Closes-Bug: #2061604
Change-Id: I34cefd1bb10c6eef784e37d26122e5ed2c72488d
I suspect that the change to `update_quota_set` in openstacksdk commit
[9145dce64](https://opendev.org/openstack/openstacksdk/commit/9145dcec64)
has caused a regession in the quota module, making it not work correctly
for volume and compute quotas.
This change updates the calls to `update_quota_set` with the new
signatures.
Closes-Bug: #2068568
Change-Id: I604a8ffb08a76c20397f43c0ed3b23ddb11e53eb
Create or delete a Keystone application credential. When the secret
parameter is not set a secret will be generated and returned in the
response. Existing credentials cannot be modified so running this module
against an existing credential will result in it being deleted and
recreated. This needs to be taken into account when the secret is
generated, as the secret will change on each run of the module.
The returned result also includes a usable cloud config which allows
playbooks to easily run openstack tasks using the credential created by
this module.
Change-Id: I0ed86dc8785b0e9d10cc89cd9137a11d02d03945
Certain branches of the openstacksdk are explicitly converting
`Resource` objects to munch objects to add additional virtual
properties. This means that the module may receive `Resource` or a
`Munch` object. Add a small check.
Change-Id: I413877128d1e2b68d7f39420d19e2560d3d9a99e
When we delete server wait for it to completely disappear from the
results (Nova returns it for some time with the 'DELETED' state). Since
tests (and actually also users) not able to really cope with this wait
for server to be gone completely.
Change-Id: Ie2dde98ae47dd7108d554495d5025df175647d5c
In Neutron external network can be marked as 'default' and such network
will be used in the auto allocate network functionality [1].
This patch adds support for creation of such default network by the
ansible openstack module.
[1] https://docs.openstack.org/neutron/latest/admin/config-auto-allocation.html
Change-Id: I1aeb91f8142cdc506c3343871e95dcad13f44da0
Specifying CIDR during creation of subnet from subnet pool is a valid
operation. Moreover, in case of use of a subnet pool with multiple
subnets, cidr is a mandatory paramter for creating subnet.
Following code should be valid:
- name: Create subnet
openstack.cloud.subnet:
name: "subnet_name"
network: "some_network"
gateway_ip: "192.168.0.1"
allocation_pool_start: "192.168.0.2"
allocation_pool_end: "192.168.0.254"
cidr: "192.168.0.0/24"
ip_version: 4
subnet_pool: "192.168.0.0/24"
This scenario is added as a subnet-pool.yaml test in the test role.
Change-Id: I1163ba34ac3079f76dd0b7477a80a2135985a650
If a router is created in a specific project, the router module
tried to find its external network in the same project. This would fail
with 'No Network found for <network>' if the external network is in a
different project. This behaviour has changed, most likely in [1] when
the project scoping was added to the find_network function call.
This change modifies the network query to first check the project, then
fall back to a global search if the network is not found. This ensures
that if there are multiple networks with the name we will choose one in
the project first, while allowing use of a network in a different
project.
A regression test has been added to cover this case.
[1] 3fdbd56a58
Closes-Bug: #2049658
Change-Id: Iddc0c63a2ce3c500d7be2f8802f718a22f2895ae
Changes to the port_security_enabled parameter are not applied due to
mismatching key names.
In the port module, the input parameter is called `port_security_enabled`,
while the OpenStackSDK is using a field called `is_port_security_enabled`.
When updating an existing port, the port module is comparing the dictionary
keys of the Ansible module parameters with those of the port object
returned by the OpenStackSDK.
Since these keys different, they will not match and changes to
port security are not applied.
Story: 2010687
Task: 47789
Change-Id: I838e9d6ebf1a281269add91724eac240abe35fd4
Current logic assumes that external_fixed_ips should be always defined,
otherwise `req_fip_map` is an empty sequence, which makes _needs_update
to return True.
With that not having external_fixed_ips is a vaild case whenever
deployment does not have shared public network. This usually
the case when public network is not passed to computes and public
network is used only for routers and floating IPs.
Patch changes logic by addind a `is not None` support to only compare
external_fip configration when user explicitly passed something (passing
an empty dict is equal to requesting "empty" configuration).
Co-Authored-by: Artem Goncharov
Change-Id: Id0f69fe4c985c4c38b493577250cad4e589b9d24
At the moment `subnet` is an alias of `subnet_id`. The way, how aliases
work in ansible modules, is that ansible does add intended key to param
in case alias is used. When riginal key is used, aliases are not
populated.
Right now in case user define `subnet_id` instead of its alias `subnet`
module will fail with KeyError.
Change-Id: I5ce547352097ea821be4c9bbc18147575986c740
New module to manipulate volume type encryption. Including simple CI
task to verify functionality.
Change-Id: I7380a5d258c3df1f9bd512aa4295868294391e31
Added 2 new modules to manipulate volume types in OpenStack
* volume_type is used to create, delete and modify volume type
* volume_type_info is used to show volume_type details, including
encryption information
ci tests extended with additional role to test basic module behaviour
It is currently impossible to update is_public volume type attribute
as it is being changed to "os-volume-type-access:is_public" which is not
expected by api. Which expects just "is_public"
https://docs.openstack.org/api-ref/block-storage/v3/?expanded=update-a-volume-type-detail#update-a-volume-type
Which results in "'os-volume-type-access:is_public' was unexpected"
reply. I guess the change is required by openstacksdk or on the API side
Change-Id: Idc26a5240b5f3314c8384c7326d8a82dcc8c6171
At the moment we generate a set as a filter for image checksums which
lead to AttributeError in SDK:
'set' object has no attribute 'keys'
With that we ensure that supllying checksum does not cause
module crash.
Change-Id: I490f51950592f62c9ad81806593340779bf6dbdb
Security group rules in module openstack.cloud.security_group
are changed/updated only when option 'security_group_rules' was
defined explicitly. This follows our policy of "apply no change"
when module options in our Ansible modules have not been set.
Story: 2010691
Task: 47795
Change-Id: I4a0cda46cb160b5321913b63ff1123d8b8a19705
In order to execute addTenantAccess or removeTenantAccess
a flavor should have have is_public set to false, which means it must
be private.
Change-Id: Iea1c4e7167b7134a4f70a4fb44fc0a8676265419
The description option of security group rules will now be used properly
when creating new rules.
Security group rules have to be deleted first before new ones get
created, because if one changes one rule attribute such as its
description, then the old rule must be deleted before recreating it,
as rules cannot be updated.
Story: 2010605
Task: 47486
Change-Id: I75b900e6675f7ec33532089738a6c2bfc10a898b
