Modifies provisioning and cleaning networks in multi-tenant ironic
environments to be non-shared. Flat networks remain shared.
To apply the change to an existing environment, run 'kayobe overcloud
post configure'.
Change-Id: Ie59f0c729381e5bea112ab7f5d0c738a9488b772
Story: 2006409
Task: 36295
Kayobe uses a number of virtual environments on the remote hosts for
python dependencies such as shade, python-openstackclient, docker, etc.
By default these are stored in /opt/kayobe/venvs/. Typically we do not
provide version restrictions when installing these packages, so over the
course of time they may become stale and incompatible.
This change installs the latest version of packages allowed by OpenStack
upper constraints.
It also adds a new variable, 'pip_upper_constraints_file', to set the
upper constraints file. The existing variable
'kolla_upper_constraints_file' now defaults to the value of
'pip_upper_constraints_file'.
Change-Id: I8d2956f95bbc44b5a9e88e7569372048a62f12f5
Story: 2005923
Task: 34193
Fixes an issue where the admin-openrc.sh and public-openrc.sh files
would not be generated when preparing a new control host environment for
an existing cloud. These files are now generated during 'kayobe control
host bootstrap' if the Kolla Ansible 'passwords.yml' file exists in the
Kayobe configuration.
Change-Id: I47cc95bc4c4198532c8cfd2c105f1c7033e7b932
Story: 2001667
Task: 6713
There is no need to connect controllers nodes to the storage management
network by default. It should only be used by storage nodes.
Change-Id: I6fa7640658fd112aaddbe08c4af01711fb1f7916
Story: 2006273
Task: 35973
When an allocation pool range is not defined by the operator, we should
not include network and broadcast addresses in the list of IP addresses
to give to hosts.
Change-Id: Id6e14286b5eb2b767a515e7edfc56741fb8d2c78
Story: 2006267
Task: 35958
The IPA ramdisk fails to boot on UEFI compute nodes with iPXE. We see
the following error on the console, followed by a kernel panic:
Fix kernel panic-not syncing: VFS: unable to mount root fs on unknown
block(0,0)
The cause is the lack of an initrd=ironic-agent.initramfs kernel
argument in inspector.ipxe.
The initrd argument is present in the kolla-ansible version of
inspector.ipxe, and now contains all parameters that we need (since
Rocky), so this change simply removes our custom template, and passes
through the extra kernel argument option configuration value.
Story: 2006214
Task: 35804
Story: 2006213
Task: 35803
Depends-On: https://review.opendev.org/670566
Change-Id: I8a103b7c6d3dd1f0433f922ae90deae9b92c0c78
Fixes an issue where multiple NTP daemons could be running on the
overcloud hosts, due to Kolla Ansible deploying a chrony container by
default starting with the Rocky release.
Kayobe now overrides this default, to ensure that chrony does not conflict
with the NTP daemon deployed on the host. To use the containerised chrony
daemon instead, set ``kolla_enable_chrony`` to ``true`` in
``${KAYOBE_CONFIG_PATH}/kolla.yml``. This will also disable the host NTP
daemon.
To ensure that chrony is not running, Kayobe removes the chrony container
if ``kolla_enable_chrony`` is ``false`` in the following commands:
* ``kayobe overcloud service deploy``
* ``kayobe overcloud service reconfigure``
* ``kayobe overcloud service upgrade``
The play in Kayobe is tagged with ``stop-chrony``.
Change-Id: I89a973c0b600abece79bddcba5a46cc28a4f1df9
Story: 2005272
Task: 30122
This commit allows Kayobe to generate a global.conf file for use by
Kolla Ansible to override configuration across all OpenStack services.
Change-Id: I6d144a945e1cde06fa9fdd03c30102458c0c9f8d
Story: 2005904
Task: 34153
Updates the minimum version of Ansible from 2.4 to 2.5, and the maximum
supported version from 2.6 to 2.7.
Change-Id: If8071a9b5c85e5e69fbb333e91c84d10c20d80f3
Story: 2006143
Task: 35639
If password authentication is not disabled on the server, we may be
prompted for a password if the Kayobe Ansible user doesn't exist or
isn't configured for passwordless authentication.
By using BatchMode, the ssh command can fail quickly and proceed to
create the Kayobe Ansible user using the bootstrap user.
Change-Id: If22ed34dc4b6e87f8cf76c302948c955bddf2bc5
Uses the support [1] for database backups added to Kolla Ansible in the
Stein release.
Adds the following new commands:
kayobe overcloud database backup [--incremental]
kayobe overcloud database recover [--force-recovery-host <host>]
The recovery command is for recovering a clustered database that has
lost quorum.
[1] https://docs.openstack.org/kolla-ansible/latest/admin/mariadb-backup-and-restore.html
Change-Id: Ie16354cd01ea7dd83cd3d4058dd8451b8387600b
Story: 2005015
Task: 29493
---
1. Gather facts for localhost in kolla-ansible.yml
2. Don't include unconfigured networks in network_interfaces
3. Added Keystone configuration extra config merge
---
1. Facts are necessary for the kolla-ansible role,
which references the ansible_user_uid fact
2. It is possible to skip configuring a network,
by setting its name to None
This is done in networks.yml as follows:
admin_oc_net_name:
Currently, these networks may still be included in the 'network_interfaces'
list for each host, despite the fact that they are not in use.
A classic example is when ironic is not enabled, it is currently still
necessary to define provisioning and cleaning networks.
This change avoids including any networks that have their name set to None
in network_interfaces.
3. Added support for Keystone custom configuration
Added tests and documentation to add support for keystone extra configuration
Co-Authored-By: Mark Goddard <mark@stackhpc.com
Change-Id: Iaa304221b8093ac71f9cdbb23edc84d1517578da
Currently we configure daemon.json to use either devicemapper or overlay
as the storage driver. We should simply pass through whatever is
configured for docker_storage_driver.
Change-Id: Id4423030b5483fe4ecd4f324bc25800e5444fd63
Story: 2005649
Task: 30932
In a deployment that has both Ceph or Swift deployed it can be useful to seperate the network traffic.
This change adds support for dedicated storage networks for both Ceph and Swift. By default, the storage hosts are
attached to the following networks:
* Overcloud admin network
* Internal network
* Storage network
* Storage management network
This adds four additional networks, which can be used to seperate the storage network traffic as follows:
* Ceph storage network (ceph_storage_net_name) is used to carry Ceph storage
data traffic. Defaults to the storage network (storage_net_name).
* Ceph storage management network (ceph_storage_mgmt_net_name) is used to carry
storage management traffic. Defaults to the storage management network
(storage_mgmt_net_name).
* Swift storage network (swift_storage_net_name) is used to carry Swift storage data
traffic. Defaults to the storage network (storage_net_name).
* Swift storage replication network (swift_storage_replication_net_name) is used to
carry storage management traffic. Defaults to the storage management network
(storage_mgmt_net_name).
This change also includes several improvements to Swift device management and ring generation.
The device management and ring generation are now separate, with device management occurring during
'kayobe overcloud host configure', and ring generation during a new command, 'kayobe overcloud swift rings generate'.
For the device management, we now use standard Ansible modules rather than commands for device preparation.
File system labels can be configured for each device individually.
For ring generation, all commands are run on a single host, by default a host in the Swift storage group.
A python script runs in one of the kolla Swift containers, which consumes an autogenerated YAML config file that defines
the layout of the rings.
Change-Id: Iedc7535532d706f02d710de69b422abf2f6fe54c
Adds two new variables, 'openstack_release' and 'openstack_branch',
in ${KAYOBE_CONFIG_PATH}/openstack.yml for setting the current OpenStack
release and branch in a single place.
Also uses the master branch for the molecule tox job.
Change-Id: I851a1e6eddc6738005c1813599445b38c0ae0d57
This is supported in kolla-ansible via the ironic_inspector_pxe_filter
variable, which can be added to globals.yml. The default value for that
variable changed in the Stein release from 'iptables' to 'dnsmasq',
since the iptables filter does not work with Docker CE [1].
This change removes the inspector_manage_firewall variable.
This change also adds an iptables rule in CI tests to allow DHCP packets
to be forwarded, to ensure bare metal servers can be deployed.
[1] https://bugs.launchpad.net/kolla-ansible/+bug/1823044
Depends-On: https://review.openstack.org/649673
Change-Id: Idac6777b4d97fbd17698fc2086ceb068d7b2e326
Related-Bug: #1823044
Allow users to use the custom config mechanism for Keepalived
provided by Kolla Ansible.
Change-Id: I052bd8283944197cd2b13747e7a7c32fbe06c045
Story: 2005211
Task: 29989
When generating or updating the passwords.yml file for kolla-ansible,
kayobe writes out various stages of the process to temporary files
in /tmp, in plain text. One of these files can be left in place if
there are no changes to apply to the file.
This change ensures that we always remove temporary files containing
passwords. We also switch from shutil.copy2 to shutil.copyfile, to
keep the permissions of the destination rather than applying those of
the source, which are typically more open (644 vs 600).
Depends-On: https://review.openstack.org/647858
Change-Id: Icb290fd22dc01567a4297a42f5e4d765e3b57d37
Story: 2005299
Task: 30187
Also updates the release.sh script to support tagging release candidates
and development milestones. Adds zuul configuration to trigger a
Readthedocs webhook for the release notes.
Change-Id: Ia784b34fb0b740998de72599d4921f9303e41cac
