Removes and/or replaces all mentions of py27.
Cleans up obsolete requirements and their lower-constraints.
Update cliff minimum to 3.1.0 in requirements.txt, which has a fix for
story 2005891.
Change-Id: I52cffa2f1aee944f79c4618ea20b779755792f2a
Kayobe has a workaround for CentOS cloud images which contain a bogus
nameserver entry in /etc/resolv.conf. By setting
overcloud_host_image_workaround_resolv_enabled to true, the entry would
be removed. Previously we removed a specific IP address - 10.0.2.3 -
that was present in the CentOS 7 images. However, it seems that CentOS 8
images have a different IP - 192.168.122.1.
This change fixes the issue and becomes resilient to future changes by
matching any IP address. This should be fairly safe, since this
workaround is opt-in.
Change-Id: I9323a38cb2bb627ff56f5713900be00595ea8d4b
Story: 2006574
Task: 39484
Kayobe generates passwords.yml for Kolla Ansible, and can encrypt it
using the vault password. Previously this was failing on Python 3 due to
passing a string to file.write() which expects bytes.
This change fixes the issue by encoding the password string passed to
file.write().
This allows us to run the ansible role tests under Python 3.
Change-Id: I33813f79984a46f1967ef3aee455dcfbe7eb93da
Story: 2006574
Task: 39481
Backport: train, stein, rocky
This fixes issues seen with a-universe-from-nothing using stable/train.
Change-Id: Ib477de5f3af2e4c182d0c2999c274dbb5553531c
Story: 2007572
Task: 39469
We can use the Ansible pip module's support for specifying a list of
packages with version constraints.
Change-Id: If5d3c7117175732c54e38025692eb4c036053ebc
Currently we require a Linux bridge to exist between OVS and the
physical interface. This is necessary if you want to set an IP on the
native VLAN of that interface, but that is not always the case.
This change allows the physical interface (or any non-bridge interface)
to be plugged into OVS.
Change-Id: I2172a74f4719605f6ec81fadec46ce49f8310a96
Story: 2007364
Task: 38920
Adds information on tuning Ansible, including forks, SSH pipelining and
fact caching.
Change-Id: I83d1469c62d63390222750d9d1f6e337e45b2373
Story: 2007492
Task: 39447
Previously, Kayobe used Kolla Ansible's bootstrap-servers command to
create a user account and Python virtual environment for Kolla Ansible.
In order to do this it used the Kayobe Ansible user and Python
interpreter.
This causes problems for Ansible fact caching, which needs separate
caches for Kayobe and Kolla Ansible, since the different users and
Python interpreters used result in different facts. Bootstrapping
servers with the Kayobe user and interpreter resulted in the Kolla
Ansible fact cache being populated with Kayobe's user and interpreter.
This change disables user creation during Kolla Ansible's
bootstrap-servers command, instead creating the user and virtual
environment in Kayobe prior to running the command. This allows the
bootstrap-servers command to be executed using the normal Kolla Ansible
user and interpreter, which results in the correct facts being gathered.
The downside here is some duplication of code and configuration, but a
nice side effect is that we no longer need to dump configuration in the
CLI for host configure in order to fetch the Ansible user and
interpreter.
Change-Id: I85670be7242bc436f73c689f027670b0938ba031
Story: 2007492
Task: 39444
Tests various non-default configuration:
* Custom users
* Network interfaces, VLANs, bridges, bonds
* Software RAID
* LVM & docker devicemapper
* timezone
* Package mirrors
* yum-cron / DNF automatic
This improved test coverage allows us to be more confident about these
features working on CentOS 8.
Change-Id: I36148e4356deb7d5ec00d8d3ebeb2d3932ff4f94
Story: 2006574
Task: 38938
* Change default seed VM image to CentOS 8
* Change default bifrost deploy image to CentOS 8
* Workaround DIB bug
https://bugs.launchpad.net/diskimage-builder/+bug/1866847 by setting
DIB_DISABLE_KERNEL_CLEANUP to 1
* Install iptables on seed for SNAT - missing on CentOS 8
* Fix provider network MTU lookup for empty string
* Bump stackhpc.libvirt-host to 1.7.0 for CentOS 8 support
* Bump stackhpc.libvirt-vm to 1.13.0 for CentOS 8 support
* Bump jriguera.configdrive for Python 3 support
Change-Id: Ie0edf6a924a914395c6502e2d5cf1139bce14a48
Story: 2006574
Task: 39000
Some Ruckus switches, e.g. the Ruckus ICX 7150, advertise switch
interface names as switch port descriptions. Unlike Dell switches, there
is no space character between port type and port number. For example:
GigabitEthernet1/1/9.
Update regular expression to match both styles.
Change-Id: I359b07abadc8665ff0a8c3407ca0fc5effc504cf
Story: 2007532
Task: 39343
The seed VM will fail to provision if the Ansible control host and the
seed hypervisor are not the same hosts.
This is because Kayobe creates the seed-vm-user-data file on the
seed-hypervisor host. It then invokes the jriguera.configdrive role
which uses a copy task without remote_src, which fails to find the
source file locally on the Ansible control host.
Instead we create a local temporary file for seed VM user data.
Change-Id: Iabbe4c624b9ad02bb82c323070f99c16e5822966
Story: 2007530
Task: 39338
One way to improve the performance of Ansible is through fact caching.
Rather than gather facts in every play, we can configure Ansible to
cache them in a persistent store. An example Ansible configuration for
doing this is as follows:
[defaults]
gathering = smart
fact_caching = jsonfile
fact_caching_connection = ./facts
fact_caching_timeout = 86400
While this mostly just works, there are a few places where we
unconditionally gather facts using the setup module. This change
modifies these to only gather facts when necessary.
We no longer execute the MichaelRigart.interfaces role using become:
true, since it may gather facts and we do not want it to do so as root.
The role uses become where necessary.
Change-Id: I9984a187fc6c0496ada489bb8eef36e44d695aac
Story: 2007492
Task: 39216
Adds a new variable, 'kolla_enable_openstack_core', which can be set a
default value for whether the default OpenStack services are enabled.
This includes Glance, Heat, Horizon, Ironic, Keystone, Neutron and Nova.
It is 'true' by default.
Change-Id: I7768d3a92272d4353522dbf1a96f124225f4d73d
Story: 2007524
Task: 39315
When configuring Docker we need to kill persistent SSH connections to
refresh the membership of the docker group for the stack user. Currently
we are using a fairly heavy handed method of removing all ControlPersist
sockets because the Ansible reset_connection meta module previously did
not work [1]. This issue is fixed since Ansible 2.5.6.
This change switches to the reset_connection meta module, which now
works as expected.
[1] https://github.com/ansible/ansible/issues/27520
Change-Id: Id4d951e447720e1d769491c0d34ad83099c030eb
Kolla Ansible sets kolla_{external,internal}_fqdn_cacert variables with
default values compatible with the use of `kolla-ansible certificates`.
However, when these variables are left unset in Kayobe, which is
generally the case when using trusted certificates, we end up with
openrc files setting OS_CACERT to a file that does not exist:
${KOLLA_CONFIG_PATH}/certificates/haproxy-ca.crt
Instead we allow null cacert variables to be passed to kolla-ansible,
which results in openrc files without the bogus OS_CACERT entry.
Change-Id: Ifa615888b6d8d54c9e6314fd90f3fc4872fc6e5a
Story: 2007516
Task: 39299
Now that py2 is gone, oslotest dropped dependency on mock and will
soon affect Ussuri CI [1], let's use unittest.mock built in py3.
This also fixes py38 jobs and proactively prevents py36 and py37
failing due to [1]. This is because we never included mock in
test-requirements and instead relied on oslotest to bring it in.
[1] https://review.opendev.org/716322
Change-Id: I0c18b13c4e1fbaa9db41da4e2039ad908c28caa6
Since Kayobe is now an official OpenStack deliverable, our releases
documentation page is now outdated. It needs to be updated to document
the process using official release tools.
This change makes the releases page more similar to the Kolla release
management page:
https://docs.openstack.org/kolla/latest/contributor/release-management.html.
Change-Id: Ic49a63d66dfdb8e4235a60c1f01ad70bef6bea43
Story: 2007079
Task: 37990
Detect current branch from .gitreview and use upper constraints to
install python-openstackclient, to guarantee compatibility with the
Python version in use.
Change-Id: Ie44508fe3d3b08190afa5a43748e43548a63ff82
There is no activity on the resmo fork of the role and it seems
impossible to get any patches merged.
Change-Id: I1f09f7c11767226e89b34687dab1553e87be76ba
Story: 2005272
Task: 39197
Tuning Ansible is typically done by customising configuration in
ansible.cfg. Currently Kayobe adheres to the standard locations for
Ansible configuration [1].
This change allows custom Ansible configuration files stored in the
kayobe-config repository to be used for execution of Kayobe and Kolla
Ansible playbooks.
[1] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations
Change-Id: Iab2021b8e88b5a3a2b0f8583f1246ab2c83670e5
Story: 2007494
Task: 39219
Using become for all Kolla Ansible tasks is not ideal from a security
perspective. It is also incompatible with fact caching, since it causes
facts to be gathered and cached as root, which changes some facts.
This change modifies the default value of kolla_ansible_become to false.
Change-Id: I9ee5c55e59276f70c92e9c698c01123dcf8919a1
Story: 2007492
Task: 39217
This is a minimal fix to support loading dashboards into the Monasca
Grafana fork. It firstly aligns the default Monasca Grafana control
plane organisation and Monasca Grafana local admin username with Kolla
Ansible to make the feature easier to use. Secondly, it extracts the
associated OpenStack project name from this variable by stripping off
the OpenStack domain.
Longer term we may wish to move the dashboard loading functionality into
Kolla Ansible, now that it supports deploying Monasca.
Affects Rocky onwards.
Change-Id: I77c94edf654565a12ce8be681e3c9b16caa55c86
Story: 2007477
Task: 39186
Adds support for configuration of DNF repo mirrors for CentOS and EPEL
repositories, as well as custom repositories.
Adds support for DNF automatic, which is a replacement for yum-cron.
Configuration is backwards compatible, falling back to the equivalent
yum variables when DNF variables have not been overridden.
Change-Id: I8bef5e9c8e1c77c25d6077ff690da8f2cde6a643
Story: 2006574
Task: 38922
It leaves certain ceph mentions in globals.yml.j2 as it needs
syncing with kolla-ansible contents anyways
(these are all comments).
Change-Id: I05e9c6223583e9bb5dc0020edc0b56990275093c
Story: 2007295
Task: 38766
