Allow users to use the custom config mechanism for Keepalived
provided by Kolla Ansible.
Change-Id: I052bd8283944197cd2b13747e7a7c32fbe06c045
Story: 2005211
Task: 29989
Currently nested virtualisation under KVM does not seem to be working in
CI. This breaks the 'bare metal' deployment testing using Tenks, which
lead us to disable it in 749ef8243e9ae855cf8ceb54dc3f88c6c1b2fea0.
This commit forces Tenks to use QEMU for its VMs, allowing us to revert
commit 749ef8243e9ae855cf8ceb54dc3f88c6c1b2fea0..
Change-Id: Id382c218f3b37979341f0d96718a6011a1d9da37
Story: 2005316
Task: 30223
When first added, the bare metal deployment tests using Tenks were
fairly reliable (although not 100%). Recently though, jobs seem to be
failing at this step quite frequently, making it difficult to merge
patches. Looking at the historical zuul jobs, the failure rate per job
seems to be about 1/3:
http://zuul.openstack.org/builds?job_name=kayobe-overcloud-centos. With
two overcloud jobs and check and gate required to pass, the merge
success rate is around 20%.
Let's skip this testing for now, until we can make it more reliable.
Change-Id: Id0a05f8c5d227f8cd9424c7a5b138eddee93f827
Story: 2005316
Task: 30224
When generating or updating the passwords.yml file for kolla-ansible,
kayobe writes out various stages of the process to temporary files
in /tmp, in plain text. One of these files can be left in place if
there are no changes to apply to the file.
This change ensures that we always remove temporary files containing
passwords. We also switch from shutil.copy2 to shutil.copyfile, to
keep the permissions of the destination rather than applying those of
the source, which are typically more open (644 vs 600).
Depends-On: https://review.openstack.org/647858
Change-Id: Icb290fd22dc01567a4297a42f5e4d765e3b57d37
Story: 2005299
Task: 30187
There is an issue with the default YAML loader, which allows arbitrary
code execution, as documented here:
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation.
This can be avoided by using yaml.safe_load. We don't require Python
object serialisation, so safe_load is sufficient.
Change-Id: I09190766066ab56d04b1317a4022782160d60528
Story: 2005253
Task: 30050
In python 3.6, os.path.join does not accept Mock objects, giving the
following error:
TypeError: expected str, bytes or os.PathLike object, not MagicMock
Since the switch to use ubuntu bionic for the base image for jobs,
python 3.6 is the default for python 3.
Change-Id: I79bec585361a54b8303c130a363c62d9a4b7faae
Story: 2004959
Task: 30035
Also updates the release.sh script to support tagging release candidates
and development milestones. Adds zuul configuration to trigger a
Readthedocs webhook for the release notes.
Change-Id: Ia784b34fb0b740998de72599d4921f9303e41cac
We run yamllint with the same configuration in kayobe-config, so we
should catch issues here before they are synchronised.
Change-Id: Ia2de07abc7c58040f99766adb950c477800ea56d
If Ansible fails to look up variable values, Kayobe exits and only
prints this unhelpful message:
Kayobe playbook(s) ansible/dump-config.yml exited 2
With this commit, the output is captured and printed in case of errors.
For example, when using the hashi_vault lookup module without being
authenticated, the output includes:
FAILED! => {"msg": "An unhandled exception occurred while running
the lookup plugin 'hashi_vault'. Error was a <class
'ansible.errors.AnsibleError'>, original message: No Vault Token
specified"}
Change-Id: Ia5e33a940bc9c4207c5ea6753614908e47884f4b
Story: 2004934
Task: 29326
kolla_inspector_* variables are identified by Jinja as empty strings
rather than none, so globals.yml is generated with a syntax error:
ironic_dnsmasq_dhcp_range: ,
^ here
Change-Id: Ic36faaff37333f5af03a130dd97d31b26b7ff97f
This script is used by developers to activate the kayobe virtual
environment and source the configuration's kayobe-env file. A cd to /tmp
is an unexpected outcome of running the script.
To test the location-independent installation, remove the chdir from the
zuul job tasks that execute kayobe commands.
Change-Id: I59194952901fa648382489f48dc7aafb03d3a682
Story: 2004252
Task: 29347
When running one of the `kayobe <seed|seed hypervisor|overcloud> host
configure` commands, in some cases an IP address that is allocated by
the ip-allocation.yml playbook fails to be picked up by the network.yml
playbook, which uses the address 0.0.0.0 instead.
Running ip-allocation.yml separately ensures that the correct IP is used
by network.yml.
Change-Id: I15529398aef5e21049182b0edc11816876331113
Story: 2004800
Task: 28953
Note that in the Stein release of Kolla-Ansible haproxy.cfg was refactored and
this override will no longer work as expected.
Change-Id: Iff5b9f2a33ad2320f62fae7328c097069cb4f416
This avoids a potential circular dependency where the registry is the
source of its own image.
Also fixes up the image building documentation about the default value
of kolla_docker_registry.
Change-Id: Ia30173abf185329098ace621baf0ad1be75c0b74
Story: 2004820
Task: 29345
This adds support for deploying a virtualised control plane via Tenks, using
the Kayobe development scripts tenks-deploy.sh and tenks-teardown.sh.
Change-Id: I752455af9eb44cdb0f9921fd0c876fc2dfb50a5c
This functionality is controlled by the flag ironic_serial_console_autoenable,
which, when enabled, will configure serial consoles for each of the ironic
nodes during the `overcloud post configure` step. This was added to reduce the
number of kayobe commands that are needed to be run for a given deployment.
Change-Id: I7072e518c29387b964e4e25b08b4559f152d5ecf
Story: 2004192
Task: 29325
Kolla-Ansible now supports deploying cAdvisor so we
no longer need this.
Change-Id: I9e37651643c18e06f9143893bb3564ec0e9f2ccd
Story: 2004932
Task: 29321
Kolla-Ansible now supports deploying Prometheus so we
no longer need this.
Story: 2004932
Task: 29320
Change-Id: I9242cf1ec7c19b135d7d7bdb9b803718b719ec58
Currently in the upgrade job we are seeing the OOM killer kick in during
the 'overcloud service configuration save' command. Ansible is quite
inefficient when copying large files around, so excluding the large IPA
images should relieve some memory pressure.
Change-Id: I3a230b0a699154606ca8faa00a85d45ae815c599
Story: 2004704
Task: 28733
This adds the ansible playbooks required by kayobe to the manifest by
using the data_files option in setuptools. When using pip to install
kayobe into a virtualenv, these files will be placed in
<venv>/kayobe/share/.
In an editable install, e.g using `pip install -e .`, data_files are not
installed into the virtualenv. Instead, we must follow the egg-link file
to find out the actual location.
Story: 2004252
Task: 27787
Change-Id: Ibef040eceb547476007f83c0d5dcdb2bc6986d1e
The 'kayobe control host upgrade' command updates the installed Ansible Galaxy
roles based on requirements.yml. Sometimes roles are removed from that file,
but there is currently no way of removing them from the local system.
Normally this causes no problems, but due to the upstream role containing
symlinks with whitespace, we are switching out yatesr.timezone to a
stackhpc.timezone fork. In order to make upgrades work, we need to ensure the
old role is removed. It also makes sense to clean up old roles generally.
This change adds support for removing stale roles during control host upgrade,
currently including the following roles:
stackhpc.os-flavors
stackhpc.os-projects
stackhpc.parted-1.1
yatesr.timezone
Change-Id: I174c7e6f19cbefda56777229a2441bf6469c0982
Story: 2004252
Task: 29166
