openstacksdk's get_server() [1] calls add_server_interfaces() [2]
which queries OpenStack APIs several times to get all ports and
floating ips attached to a server.
Now we call openstacksdk's compute.find_server() [3] and compute.\
get_server() [4] which result in two API calls, in order to fill
server['addresses'] attribute which we later use to get floating ip
addresses attached to the server.
Do an extra call to compute.get_server() in order to return a pristine
server resource, because openstacksdk's create_server() might call
meta.add_server_interfaces() which alters server attributes such as
server['addresses'] [5].
Fail if options 'auto_ip', 'floating_ips' or 'floating_ip_pools'
are specified but 'wait' is not set to true, because openstacksdk
will add floating ip addresses only if we wait until the server
has been created [6]. This conditional fail will help users to not
shoot their foot.
Marked floating ip support unstable in this module due to various
unresolved issues in openstacksdk's add_ips_to_server() function
such as [9] and [10].
For Zuul CI job ansible-collections-openstack-functional-devstack-\
releases to pass, the minimum required openstacksdk release must be
0.101.0 because [7],[8] are available since that release only.
[1] 3f81d0001d/openstack/cloud/_compute.py (L484)
[2] 3f81d0001d/openstack/cloud/meta.py (L439)
[3] 3f81d0001d/openstack/compute/v2/_proxy.py (L652)
[4] 3f81d0001d/openstack/compute/v2/_proxy.py (L666)
[5] 3f81d0001d/openstack/cloud/_compute.py (L942)
[6] 3f81d0001d/openstack/cloud/_compute.py (L945)
[7] https://review.opendev.org/c/openstack/openstacksdk/+/851976
[8] 0ded7ac398
[9] https://storyboard.openstack.org/#!/story/2010352
[10] https://storyboard.openstack.org/#!/story/2010153
Change-Id: I6a5663433b1b9529f99d5eced22a28c692a1d288
Add a test role to validate module functionality
Replace calls to the sdk cloud layer to use the proxy layer.
Update module parameters to use names matching the sdk. Keep aliases for
old values.
Remove _scrub_results, no longer necessary with proxy layer.
Move check mode outside of main flow to keep the module readable.
Refactor code to handle fields that should be ignored.
Simplify return value from _system_state_change_details.
Inline calls to fetch existing quotas.
Remove metaprogramming calls to cloud layer methods, as the proxy layer
doesn't have the same consistent API.
Remove handling for case where neutron throws exception when unsetting
quotas that aren't set. This is validated in the test role.
Ensure return values are dicts.
Replace exception handler with conditionals which allows us to drop the
dependency on keystoneauth1 library and is much more correct than
catching all exceptions and always printing the same error even on
unrelated exceptions.
Story: 2010099
Task: 45654
Change-Id: I5eda8e476a4e779382e6c63f5982504d5951501d
We require openstacksdk>=0.99.0 for this collection but we do not
specify versions in module requirements. We probably should do so,
but then consistently across all modules and plugins.
Change-Id: If3d8cd1491266e3332f478267fc41771f280b9a8
Currently, our tripleo periodic jobs are failing, while our check jobs
are passing. This is because build-test-packages is not building the
tip of master version of the collections, instead using the version
built in rdo. This patch explicitly adds ansible-collection-openstack to
the change list so it always gets picked up by build-test-packages.
Change-Id: I6938c8373872daed8632429df42d20396980bc76
- Changed get_security_group_rule to find_security_group_rule as
get_security_group_rule throws an exception if the rule is not
found
- Updated docs
- Updated tests
- Renamed ethertype to ether_type to match openstacksdk's attribute
names and added the former as an alias to keep backward compat
- Renamed rule to id to match openstacksdk's attribute names and
added the former as an alias to keep backward compat
Change-Id: Ieb99f875c990e11623c81e482013d0ecb8e61055
Neutron will allow you to update certain properties of the network after
creation. This change modifies the ansible code to perform an update
call if it detects that any updatable properties have been changed. If
you attempt to change a property that cannot be updated, the module will
fail. This gives you confidence that the ansible configuration matches
the state of the network in OpenStack. If we did not fail in this way,
you might think you have updated the network, but in reality those
changes would be silently ignored. Prior to this change, the only way to
update properties of a network was to delete it and then recreate.
Story: 2010024
Task: 45262
Change-Id: I4af2b50f207f349b58c63e0a4e92816ada0847fd
Previously, openstack.cloud.keypair would remove trailing spaces after
reading a public key from a file. The openstack cli tool, python-\
openstackclient, does not do so, i.e. it does not use rstrip to remove
spaces at the end [1]. This breaks idempotency when using openstack
cli tool and our keypair module at the same time.
The rstrip code was introduced to keypair when our modules were still
part of ansible (non-core) in a completely unrelated change [2].
Now, keypair module does no longer alter the public key and instead
uploads it unchanged to OpenStack API.
[1] 7df94c9f82/openstackclient/compute/v2/keypair.py (L103)
[2] 341efbf7ae
Story: 2008574
Task: 41726
Change-Id: Ia09658467d98516ca1ea612e7301629b2f69d2d1
include_vars works on the controller only, use loading facts
to get variables from galaxy.yml
Change-Id: Idf45354650dea93bd8bdbfa9fa2ba52abda93cc0
(cherry picked from commit 39bb4909ee)
Across our modules we use the None values to mark default values for
module attributes. This is in line with openstacksdk's behaviour.
Change-Id: I5920aeeb8eef2ee1c2066a71a273ba52f02305c3
Switch sdk calls to use the proxy layer where sensible.
Ensure that returned resource objects are converted to dicts.
Removes undocumented id return value.
Rename flavorid to id. Keep flavorid as an alias for backward
compatibility.
Rename the test role from nova_flavor to compute_flavor to keep naming
consistent.
Fold tests from compute_flavor_info into the compute_flavor role.
Add additional tests to improve coverage.
Update return docs
Change-Id: I5419d1c02b9b50625beb3bff88c8e4a4f1c14667
routers_info's interfaces_info attribute is not provided by
openstacksdk, it is added to each router resource by the routers_info
module after retrieving the routers list. To get the required data
list_router_interfaces() [1] is being called for each router resource
which then retrieves all ports for each router. This requires extra
api calls which might be useless because we do not know whether the
user actually cares about the ports. For getting ports of a router
we have the openstack.cloud.ports module. So instead of proactively
retrieving the router ports we drop the interfaces_info attribute.
The interfaces_info attribute was introduced because retrieving
interfaces via openstacksdk and openstack.cloud modules was
complex in the past [2]. Nowadays, using openstack.cloud.ports
Ansible and Jinja2 filters retrieving ip addresses of a router
is straight forward. In case someone still needs the old
interfaces_info attribute, one can refer to the module example
to see how it could be reproduced. But in general, retrieving the
router interfaces is much easier as can be seen in the updated
integration tests.
[1] 3f81d0001d/openstack/cloud/_network.py (L1926)
[2] https://review.opendev.org/c/openstack/ansible-collections-openstack/+/703927/6/plugins/modules/os_routers_info.py
Change-Id: I7fbdf11d07c95421d3aee800bfeebb88ea829817
Replace calls to the sdk cloud layer with proxy layer calls where
appropriate.
Ensure module return values are converted into dict.
General refactoring to bring module more in line with collection
conventions.
Expand tests to assert idempotency and presence of return values.
Rename test role to identity_group to match module name.
Change-Id: I06fe28f77431bb151d85c8d9cd924a1634d85d98
Define port's module attribute 'name' as a required attribute because
this parameter is used to find, update and delete ports. Technically,
a name is not required to create a port, but idempotency cannot be
implemented without an identifier to refer to a port. In this
collection we use resource names to find and identify resources. We
do not offer a dedicated id attribute in most modules.
Use port's module attribute 'network' when finding, creating,
updating or deleting ports if the user provided this attribute.
This allows to reduce ambiguity when equal names are used across
different networks.
Added 'description' parameter to port module.
Renamed port's module attributes 'vnic_type' to 'binding_vnic_type'
and 'admin_state_up' to 'is_admin_state_up' to match openstacksdk's
attribute names which are used e.g. in module results. Added aliases
for the old attribute names to keep backward compatibility.
Renamed port_info's module attribute 'port' to 'name' and added
the former as an alias to be consistent with other *_info modules.
Dropped default=None and required=False from argument_spec of port
module because those are the default in Ansible [1][2].
Dropped 'id' field from port module's results to be consistent across
other modules. Use 'port.id' instead.
Sorted argument specs and documentation of the port module and
marked attributes which are not updatable.
Updated RETURN fields documentation for the module results of both
port and port_info modules.
Added integration tests to check the update mechanism of the port
module.
Added assertions for module results to catch future changes in the
openstacksdk and our Ansible modules.
Dropped openstacksdk version check since we require a recent release
anyway.
Fixed indentation in integration tests.
Merged integration tests of port_info module into port module,
because the former does not create any ports and assumes that
ports have been created earlier.
[1] https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_documenting.html
[2] 61af59c808/lib/ansible/module_utils/common/parameters.py (L489)
Signed-off-by: Jakob Meng <code@jakobmeng.de>
Change-Id: Iacca78649f8e01ae95649d8d462f5d0a1740405e
This patch update federation_idp_info to use proxy layer as well as add
the ansible role to test the module
Change-Id: I6b4544cca317f2d5fab4a9612b820872b87585f4
Expanded and fixed module results docs.
Moved ext_ips_spec into the module class because global scope is not
necessary. Renamed it to external_fixed_ips_spec to explain its
purpose.
Sorted argument_spec and attribute docs by attribute name and fixed
indentations. Marked router attributes which cannot be updated.
Mark network attribute as required by enable_snat and
external_fixed_ips attributes. Fixed docstring of network attribute:
Module attribute interfaces does not require the network attribute,
its external_fixed_ips what requires network to be set.
Changed examples from deprecated ip to current ip_address attribute.
Dropped self.fail() calls and let openstacksdk handle missing networks,
subnets.. instead because less code means less code to maintain.
Limited line length to 80 chars to be consistent with other OpenStack
projects. Personally, I prefer a 120 chars limit but consistency is more
important.
Added explanation in code comment why we cannot update a router's name.
Moved upfront cleanup operations in router's integration tests to the
beginning of the role.
Assigned meaningful names to result variables
in router's ci role to easily identify which modules produced the
data.
Added tests for router ids, admin state and interfaces.
Change-Id: Icae77a43479fb4f0bae065d1c5d7942cb0f5fd6b
Refactors the module to be based off OpenstackModule.
Changes sdk calls to use the proxy layer where appropriate. The
inspection itself stays at the cloud layer to support waiting.
Make sure we convert returned resource objects to dict
Adds a barebones role to test the module. This won't run in CI, since
we don't have the ironic plugin configured in devstack.
Changes the return value of the module to be the entire node, instead of
just the properties that resulted from inspection. Return docs were
updated to reflect this.
Update module params to use `name` as the identifier for the node,
aliasing it to the previous supported values of `id` and `uuid`.
Use module kwargs to specify mutually exclusive params.
Stop catching exceptions and instead let them bubble up so ansible
handles them.
Change-Id: I2b07b58c8b068d7f18db9862fcecb4088328ac74
Allow to update server attributes such as its description.
Changed default value of server attribute 'security_groups' from
['default'] to [] because the latter is the default in
python-openstackclient [1] and the former behavior causes issues
with existing servers [2]: Previously, when no 'security_groups'
parameter was given, the server module would change existing
servers to use the default security group, dropping all other
security groups assigned to the server.
Our (undocumented) guideline when writing modules is to only
add or change what has been requested by the user and to stick to
defaults from openstacksdk and python-openstackclient whenever
possible. Since we have to break backward compatibility with the
next release anyway, we take this opportunity to clean up this odd
behavior. Now, when no security groups are given, then security
groups of an existing server will not be touched.
Closes story #2007893 [2].
Note, Nova will create a server in the default security group,
if the security_groups parameter is omitted.
Dropped 'openstack' field from server module's results. This
variable expanded to additional server information which might
be useful for Ansible inventories and was filled from
openstacksdk's get_openstack_vars() function [3]. Variables in
this function can make additional cloud queries to retrieve
additional data, so calling this function can be expensive [4].
Users can use *_info modules to retrieve this data on-demand.
Dropped 'availabity_zone' attribute from generic OpenStackModule
arguments and inserted it into server and volume modules because
it is relevant to those two modules only. This is completes what
was started years ago [5] and is possible now since we have
breaking changes anyway.
Switched attribute name 'userdata' with its alias 'user_data' to
match openstacksdk's attribute names which are used e.g. in module
results. The previous attribute name 'userdata' is now used as an
alias and 'user_data' is used as the attribute name to keep backward
compatibility.
Wait for server to get into 'ACTIVE' state when creating a server
and attribute 'wait' has been set to true.
Sorted argument specs and documentation of the server module and
marked attributes which are not updatable. Changed unstable bash
script example in server module documentation.
Renamed server's module attribute 'delete_fip' to 'delete_ips' to
match openstacksdk and clarify that it includes all floating ip
addresses of the server.
Renamed server_info's module attribute 'server' to 'name' and added
the former as an alias to be consistent with other *_info modules.
Added RETURN fields documentation for the module results of both
server and server_info modules.
Added description and examples of how to use the 'filters' attribute
of the server_info module. Closes story #2007873 [6].
Removed 'openstack_' prefix from module results because the prefix is
not consistently used across modules, is more to type without any
benefit and removal of the prefix allows us to signal to users that
their code for handling module results has to be updated. Many modules
have different return values with openstacksdk >= 0.99.0 because it
consistently uses resource proxies now.
Added assertions for module results to catch future changes in the
openstacksdk and our Ansible modules.
Added integration tests to check the update mechanism of the server
module.
Fixed indentation in integration tests.
Ensure proper creation and deletion of resources such as networks,
subnets and servers in integration tests of server_action module.
Renamed ci/roles/server/defaults/main.yaml to main.yml, removing the
'a' in the file extension to be consistent with other filenames.
Dropped deprecated function openstack_find_nova_addresses() and
incorporated its code directly into the server module because it
is not used anywhere else.
[1] e49ad1795b/openstackclient/compute/v2/server.py (L1070)
[2] https://storyboard.openstack.org/#!/story/2007893
[3] 9e9fc98795/openstack/cloud/_compute.py (L1772)
[4] 9e9fc98795/openstack/cloud/meta.py (L482)
[5] 9bf33e56dd
[6] https://storyboard.openstack.org/#!/story/2007873
Signed-off-by: Jakob Meng <code@jakobmeng.de>
Change-Id: I2f955519a7e8c782b1dab8f94f7a019ed384b81d
- Change sdk calls to use proxies
- Convert return values to
- Update module docs
- Change argspec to more closely match the new sdk (and therefore the
API) without breaking backward compatibility
Change-Id: I0f9bc573fd0c69cab65bd808145d628732bb0830
Bifrost downgrades openstacksdk to a release <0.99.0 [1], which is
incompatible to our master branch of the Ansible OpenStack
collection. By adding openstacksdk to Zuul variable job.required-\
projects [2], Bifrost will install openstacksdk from its master
branch, overwriting any existing (older) openstacksdk releases.
[1] 03ddd02656
[2] https://review.opendev.org/c/openstack/bifrost/+/849563/5/playbooks/test-bifrost.yaml
Change-Id: I46dadc70338bb45d459e8176cc26e67c20c1d4ae
With Ansible OpenStack collection 2.0.0 we break backward
compatibility to older releases, mainly due to breaking changes
coming with openstacksdk >=0.99.0. For example, results will change
for most Ansible modules in this collection.
We take this opportunity to drop the symbolic links with prefix
os_ in plugins/modules and the plugin routing in meta/runtime.yml.
This means users have to call modules of the Ansible OpenStack
collection using their FQCN (Fully Qualified Collection Name) such
as openstack.cloud.server. Short module names such as os_server
will now raise an Ansible error. This also decreases the likelihood
of incompatible Ansible code going undetected.
Symbolic links were introduced to keep our collection backward
compatible to user code which was written for old(er) Ansible releases
which did not have support for collections and where OpenStack modules
where named with a prefix os_ such as os_server which is nowadays
known and stored as openstack.cloud.server.
In Ansible aka ansible-base 2.10, a internal routing table
lib/ansible/config/ansible_builtin_runtime.yml [1] was introduced which
Ansible uses to resolve deprecated module names missing the FQCN (Fully
Qualified Collection Name). Additionally, collections can define their
own plugin routing table in meta/runtime.yml [2] which we did.
In ansible-base 2.10 and ansible-core 2.11 or later, if a user uses a
short module name and the collections keyword is not used, Ansible
will first look in the internal routing table, get an FQCN, and then
looks in the collection for that FQCN. If there is another routing
entry for that new name in that collection's meta/runtime.yml,
Ansible will continue with that redirect. If it does not find another
redirect, Ansible will look for the plugin itself, so it will not
find a redirect in the collection before looking at its internal
redirects. Except if the user uses a FQCN, then it looks directly in
that collection.
Ansible 2.9 and 2.8 do not have any notion of these redirects with a
plugin routing table, backward compatibility with deprecated os_*
module names is solely achieved with symbolic links. Ansible releases
older than 2.11 are EOL [3], so usage of os_* symlinks should reduce
soon.
[1] https://github.com/ansible/ansible/blob/devel/lib/ansible/config/ansible_builtin_runtime.yml
[2] https://github.com/openstack/ansible-collections-openstack/blob/master/meta/runtime.yml
[3] https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html
Change-Id: I28cc05c95419b72552899c926721eb87fb6f0868
Build and install latest RPM for openstacksdk from its master branch
instead of using the (pinned) RPM from RDO. This is necessary because
openstacksdk in RDO is currently pinned to <0.99.0 for all RDO
releases. Variable artg_change_list is used to define what code is
being build from source. The RPM of the Ansible OpenStack collection
does not have build from source because TripleO Quickstart installs
the collection from job.required-projects [1]. The latter shadows the
RPM release which is installed later by TripleO because it has a
higher precedence in ansible.cfg [2][3].
Changed the job hierarchy to other base jobs tripleo-ci-centos-8-\
standalone-build and tripleo-ci-centos-9-standalone-build. This reduces
the number of variables we have to define. It is also cleaner since our
CentOS9 job is no longer based on the CentOS8 job which prevents
issues with job variant collections due to our branched repository.
Added more Ansible modules to files which trigger TripleO jobs,
because Ansible role os_tempest [4] requires those modules and is
called in TripleO jobs. Modules which have been added include:
* openstack.cloud.compute_flavor
* openstack.cloud.image
* openstack.cloud.network
* openstack.cloud.router
* openstack.cloud.subnet
Added tripleo-ci-centos-8-standalone-osa to experimental jobs so that we
can actually run this job on demand easily.
[1] cb1595223b/quickstart.sh (L123)
[2] cb1595223b/ansible.cfg (L19)
[3] cb1595223b/quickstart.sh (L595)
[4] https://opendev.org/openstack/openstack-ansible-os_tempest.git
Change-Id: Ibde318678a3e44fdc297a6f29761eb0c7d77cbc9
Replaced custom code for interface listing with call to openstacksdk.
The original idea was to reduce the number of calls to the OpenStack
API but this kind of optimization is better to be implemented in the
SDK itself [1]. Reimplementing code like this increases our
maintenance burden, does not help other SDK users and increases the
likeliness of bugs. For example, variable allowed_device_owners
introduced a bug, it is not 'network_router_interface_distributed'
but 'network:router_interface_distributed'.
[1] https://review.opendev.org/c/openstack/openstacksdk/+/849967
Change-Id: I9c52de03c53ef29d7cecdf26253c0c00a7cf3689
- Change sdk calls to use proxy objects
- Convert return values to dict before updating
- Adds additional test values
Change-Id: I187a27af4a5b8aa7cd4b60a1a876b5e5e6975144
Updated documentation of return values and added test to verify
return values
Function self.conn.search_security_groups() cannot be used here.
Arguments for filtering such as 'description' would have to be passed
to self.conn.search_security_groups() in its 'filters' argument [1].
The latter is passed to both as query arguments to OpenStack API
and later to _utils._filter_list() [2] for filtering the results.
Some arguments such as 'any_tags' are only used as query arguments
by openstacksdk [3] when querying OpenStack API. They are no valid
attributes in security_group.py [4]. Whenever those non-attribute
arguments are passed to self.conn.search_security_groups(),
_utils._filter_list() [2] would drop all results because no result
would have a matching attributes.
[1] 0898398415/openstack/cloud/_security_group.py (L31)
[2] 0898398415/openstack/cloud/_utils.py (L63)
[3] 0898398415/openstack/common/tag.py (L19)
[4] 0898398415/openstack/network/v2/security_group.py
Change-Id: Ie7fe9d2e973d38751c48e71e6bd55e56a591ac1f
