Previously, Kayobe used Kolla Ansible's bootstrap-servers command to
create a user account and Python virtual environment for Kolla Ansible.
In order to do this it used the Kayobe Ansible user and Python
interpreter.
This causes problems for Ansible fact caching, which needs separate
caches for Kayobe and Kolla Ansible, since the different users and
Python interpreters used result in different facts. Bootstrapping
servers with the Kayobe user and interpreter resulted in the Kolla
Ansible fact cache being populated with Kayobe's user and interpreter.
This change disables user creation during Kolla Ansible's
bootstrap-servers command, instead creating the user and virtual
environment in Kayobe prior to running the command. This allows the
bootstrap-servers command to be executed using the normal Kolla Ansible
user and interpreter, which results in the correct facts being gathered.
The downside here is some duplication of code and configuration, but a
nice side effect is that we no longer need to dump configuration in the
CLI for host configure in order to fetch the Ansible user and
interpreter.
Change-Id: I85670be7242bc436f73c689f027670b0938ba031
Story: 2007492
Task: 39444
One way to improve the performance of Ansible is through fact caching.
Rather than gather facts in every play, we can configure Ansible to
cache them in a persistent store. An example Ansible configuration for
doing this is as follows:
[defaults]
gathering = smart
fact_caching = jsonfile
fact_caching_connection = ./facts
fact_caching_timeout = 86400
While this mostly just works, there are a few places where we
unconditionally gather facts using the setup module. This change
modifies these to only gather facts when necessary.
We no longer execute the MichaelRigart.interfaces role using become:
true, since it may gather facts and we do not want it to do so as root.
The role uses become where necessary.
Change-Id: I9984a187fc6c0496ada489bb8eef36e44d695aac
Story: 2007492
Task: 39216
Using become for all Kolla Ansible tasks is not ideal from a security
perspective. It is also incompatible with fact caching, since it causes
facts to be gathered and cached as root, which changes some facts.
This change modifies the default value of kolla_ansible_become to false.
Change-Id: I9ee5c55e59276f70c92e9c698c01123dcf8919a1
Story: 2007492
Task: 39217
Adds support for configuration of DNF repo mirrors for CentOS and EPEL
repositories, as well as custom repositories.
Adds support for DNF automatic, which is a replacement for yum-cron.
Configuration is backwards compatible, falling back to the equivalent
yum variables when DNF variables have not been overridden.
Change-Id: I8bef5e9c8e1c77c25d6077ff690da8f2cde6a643
Story: 2006574
Task: 38922
It leaves certain ceph mentions in globals.yml.j2 as it needs
syncing with kolla-ansible contents anyways
(these are all comments).
Change-Id: I05e9c6223583e9bb5dc0020edc0b56990275093c
Story: 2007295
Task: 38766
CentOS 8 removes interfaces from their bridge during ifdown, and removes
the bridge if there are no interfaces left. When Kayobe bounces veth
links plugged into the bridge, it causes the bridge which has the IP we
are using for SSH to be removed. Use a dummy interface in CI to avoid
this problem.
Kolla-ansible has dropped all CentOS 7 jobs on master now, and prechecks
only allow CentOS 7 hosts. Drop all CentOS 7 jobs. We will have to run
without upgrade jobs in place until Train supports CentOS 8.
Depends-On: https://review.opendev.org/695881
Change-Id: I7c1a885b36445e33d4db1b1c8533db28a644b4a1
Story: 2006574
Task: 38870
Backport: train
OpenStack Ansible modules were broken in Ansible 2.8.9. This affects
kolla-toolbox, and kayobe's ansible install for tasks that interact with
APIs. See https://github.com/ansible/ansible/issues/68042 and
https://bugs.launchpad.net/kolla/+bug/1866181.
This change blacklists ansible 2.8.9 for Kayobe and Kolla Ansible. A
separate change will be made to kolla to blacklist ansible 2.8.9 from
the kolla-toolbox image.
Depends-On: https://review.opendev.org/711485
Change-Id: I535ab240b7ab8f3ab104b49170e4a9ee01fc482b
Story: 2007383
Task: 38959
CentOS 8 does not provide an ntp package. Instead fall back to using the
chrony container provided by Kolla Ansible by default.
Depends-On: https://review.opendev.org/711511
Change-Id: If5230854d7565c8b3c91a46da4795c63edf095e4
Story: 2006574
Task: 38866
We enable ntpd by default, and provide a variable to disable it -
ntp_service_enabled. It is also automatically disabled if the user
enables the chrony container (kolla_enable_chrony).
However, setting ntp_service_enabled to false will cause the host
configure commands to fail due to a bug in the resmo.ntp role. This is
because it tries to configure the ntpd service in systemd, but it will
not exist so the task fails.
This change fixes the issue by skipping the resmo.ntp role if the NTP
service is disabled.
Change-Id: I640873c11ceae5008030dc03984c089a410a0cee
Story: 2007384
Task: 38968
Cleanup requirement and set ignore_basepython_conflict = True
in tox to avoid python version conflict warning which going
to be error in future.
Change-Id: Ia4ce42a20417d69efd50ef563aabd8cffbb7b346
ncclient 0.6.7 has been released and includes a fix [1] for the host key
checking issue that required us to pin to 0.6.2.
Restrict the package to <0.7.0 to avoid potential breakage from new
releases of ncclient.
[1] ead7b64092
Change-Id: Ia665cffb11253f58bbdce7ea9892766c36f7af40
Story: 2006378
Task: 38765
Updates the minimum version of Ansible from 2.6 to 2.8, and the maximum
supported version from 2.8 to 2.9.
CentOS 8 requires Ansible 2.8.
Change-Id: I3f8f7f8d7d37e3cb851965a491ac9c43030869d5
Story: 2006574
Task: 38826
Currently we install python dependencies on the Ansible control host
each time the ip-allocation and console-allocation roles are executed.
This is inefficient, particularly in the case of the ip-allocation role
which is run serially for all hosts. It is also unnecessary since we
have these packages available in the Python environment used to execute
kayobe.
The kolla-ansible role also has an implicit dependency on PyYAML for
managing kolla passwords.
This change uses ansible_playbook_python as the Python interpreter for
the necessary tasks in these roles to avoid installing dependencies on
the system on CentOS 8 and Ubuntu. For CentOS 7 we still need to use the
platform Python, due to needing SELinux bindings.
Change-Id: Ic6a1c69a34241f4fbe617a0b12aec9b1528ba352
Story: 2006574
Task: 38825
Kayobe overcloud introspection data save fails because the dynamic
inventory script siliently breaks causing Ansible to parse it as a
static inventory file. The failure occurs due to OS_TOKEN being set.
This change works around setting OS_TOKEN before running the dynamic
inventory script by setting OS_CLOUD before querying inspector.
Confirmed on Stein and Train, and verified in both environments.
Story: 2007326
Task: 38846
Change-Id: I57fbf91ae3440d3e4e6a64cd7d05151e299c9322
These roles are no longer necessary now that Ansible supports setting
ansible_python_interpreter via a task- or role-scoped variable.
Change-Id: I4121d01dc83ac028350d4d98d3e1158e15fdfd63
Story: 2006574
Task: 38824
Upstream Ansible OpenStack modules now use openstacksdk rather than shade.
Switch local Ansible modules to follow suit. Also switch to use the
stackhpc.os_openstacksdk role from stackhpc.os-shade.
The stackhpc.os-shade role is removed during 'kayobe control host upgrade'.
Change-Id: Id3894c3c36ef99f00ed463de6a3457e11733d6b7
Story: 2007294
Task: 38759
One use case is to use seperate disk for the registry storage. This
can prevent the rootfs from filling up.
Change-Id: I9634ee7f5730e93b8ddd96de04982d638dd4dae2
This pulls in a number of fixes to the iDRAC role which includes
a change to allow the role to work with a recent version of the
python-dracclient library.
Change-Id: I6aa1fcece42f93cf404cf06dc96b2d70b140775e
This reverts commit a93b85ba07113a77a6c0db498a59cef3bca15b94.
The local Python executable for Kolla Ansible is changed to Python 3
because Kolla Ansible master no longer supports Python 2.
Change-Id: I768ce8db9cec1c70d94f271997bbcc64d370403e
The default is still Python 2. This is a necessary prerequisite for using
the master branch of kolla-ansible, which requires Python 3.
Change-Id: Ida5b60b723c8208bb7305c3d669eafdab6dbbe01
Story: 2004959
Task: 38767
Currently Kayobe stderr is logged to the Zuul playbook output. This
change redirects stderr to the ansible log files.
Change-Id: Ia2f25a2e41859159275d418b57ab59bb97f58d6a
In case of failures in kayobe-overcloud-centos, the error message fails
with:
kayobe/dev/functions: line 569: LOGDIR: unbound variable
Example:
https://zuul.opendev.org/t/openstack/build/ce1fadc3ee6d4842a599da57a670cc18
This can be reproduced with:
set -eu
if [[ -n ${LOGDIR} ]]; then
echo "LOGDIR set"
else
echo "else"
fi
Fix the error reporting with assigning an empty string to LOGDIR by
default.
Change-Id: Ieef73950f89e4dfb727ddc59ef2750d9b81f3c58
We wrap doc8 to register the directives we use in our documentation.
Previously the 'app' argument was passed as None, however sphinx has
started to use the argument.
This change uses a mock object since we don't need to use the
application object.
Change-Id: Id9e8d5f6d09f14d294cd493538780456f98c7dbe
The ironic-python-agent coreos images are unsupported and are
anticipated to be removed from the tarballs.openstack.org site.
In advance of this, we need to remove references to these images.
Change-Id: Ifb402418d7962cf507b190e028a59b94ad5d46ac
