1349 Commits

Author SHA1 Message Date
Radosław Piliszek
18a0af6954 Do not set pid file for iscsid
Kolla Ansible runs iscsid in the foreground (-f) and
a recent change to iscsid in CentOS 8 (both Linux and Stream)
caused it to reject setting pid file in such a case.
PID file is irrelevant in this scenario so this commit
removes its parameter.

Closes-Bug: #1933033
Change-Id: Ic0c4beae0c812f3ca68a6ee5cc4daa2fee0f277d
2021-06-20 14:14:53 +00:00
Radosław Piliszek
640dbb03fa Revert "Reduce container metrics cardinality"
This reverts commit c6259158e3eff4aff9770b7044b0179a7de533aa.

Reason for revert: cAdvisor fails with:

invalid value "percpu,referenced_memory,cpu_topology,resctrl,udp,advtcp,sched,hugetlb,memory_numa,tcp,process" for flag -disable_metrics: unsupported metric "referenced_memory" specified in disable_metrics

Change-Id: I1a0eea5c20f95f38c707401b56b7d2454484377d
2021-06-20 13:58:32 +00:00
Zuul
663be549e0 Merge "Reduce container metrics cardinality" 2021-06-20 11:10:48 +00:00
Zuul
754206477c Merge "Remove rally deployment" 2021-06-20 10:55:30 +00:00
Zuul
b113507e05 Merge "chronyd crash loop if Debian server is rebooted" 2021-06-17 09:15:04 +00:00
Zuul
b660f97a5b Merge "Persist nova libvirt secrets in a Docker volume" 2021-06-17 09:14:18 +00:00
Zuul
ffd200f5f1 Merge "octavia: Ensure service auth project exists" 2021-06-17 08:44:02 +00:00
Zuul
4f8a716b1e Merge "baremetal: fix /etc/hosts generation when api_interface has dashes" 2021-06-17 08:42:50 +00:00
Piotr Parczewski
c6259158e3 Reduce container metrics cardinality
Adds support for passing extra runtime options to cAdvisor.
By default new options disable exporting rarely useful metrics
and labels by cAdvisor. This helps reducing the load on Prometheus
and cAdvisor itself.

Change-Id: Id0144e8fa518e3236cb94ba2e3961fb455d36443
2021-06-16 08:10:51 +02:00
wu.chunyang
3009109616 Remove rally deployment
Remove rally role as planned

Change-Id: Ic898efe42b21b01c45d4621af2cf90ecd7afc398
2021-06-16 09:12:34 +08:00
Mark Goddard
3f9662278c Reno follow up for docker_disable_ip_forward
Follow up to I5129136c066489fdfaa4d93741c22e5010b7e89d, adding upgrade
notes.

Related-Bug: #1931615
Change-Id: I2f88b8fc2c6924de9f6bc1840b183ee024c5c1e9
2021-06-15 09:49:45 +01:00
Zuul
3675b442c9 Merge "Disable docker's ip-forward when iptables disabled" 2021-06-14 16:30:09 +00:00
Zuul
f5fa171983 Merge "Add ability to use the Neutron packet logging framework" 2021-06-14 14:44:53 +00:00
Zuul
4dcea739d5 Merge "Remove support for panko" 2021-06-11 20:56:40 +00:00
Matthias Runge
ccf8cc5dca Remove support for panko
the project is deprecated and in the process of being removed
from OpenStack upstream.

Change-Id: I9d5ebed293a5fb25f4cd7daa473df152440e8b50
2021-06-11 18:00:05 +02:00
Zuul
01142ecf2d Merge "Reduce RabbitMQ busy waiting, lowering CPU load" 2021-06-11 09:35:24 +00:00
Radosław Piliszek
0fa4ee56eb Disable docker's ip-forward when iptables disabled
With the new default since Wallaby, starting Docker makes it
enable forwarding and not filter it at all.
This may pose a security risk and should be mitigated.

Closes-Bug: #1931615
Change-Id: I5129136c066489fdfaa4d93741c22e5010b7e89d
2021-06-10 19:02:33 +00:00
Zuul
aa8b8798ac Merge "Fix RabbitMQ restart ordering" 2021-06-08 17:53:11 +00:00
Zuul
8e9b4ced7e Merge "Add forgotten 'Restart container' handler for swift" 2021-06-08 09:51:55 +00:00
Mark Goddard
0cd5b027c9 Fix RabbitMQ restart ordering
The host list order seen during Ansible handlers may differ to the usual
play host list order, due to race conditions in notifying handlers. This
means that restart_services.yml for RabbitMQ may be included in a
different order than the rabbitmq group, resulting in a node other than
the 'first' being restarted first. This can cause some nodes to fail to
join the cluster. The include_tasks loop was introduced in [1].

This change fixes the issue by splitting the handler into two tasks, and
restarting the first node before all others.

[1] https://review.opendev.org/c/openstack/kolla-ansible/+/763137

Change-Id: I1823301d5889589bfd48326ed7de03c6061ea5ba
Closes-Bug: #1930293
2021-06-08 08:20:46 +00:00
Maksim Malchuk
5c19f9a5e0 Add forgotten 'Restart container' handler for swift
Since I0474324b60a5f792ef5210ab336639edf7a8cd9e swift role uses the new
service-cert-copy role introduced in the
I6351147ddaff8b2ae629179a9bc3bae2ebac9519 but the swift role itself
doesn't contain the handler used in the service-cert-copy. Right now,
restarting the swift container isn't necessary, but the handler should
exist. Also we should fix the name of the service used.

Closes-Bug: #1931097
Change-Id: I2d0615ce6914e1f875a2647c8a95b86dd17eeb22
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2021-06-08 02:48:40 +03:00
John Garbutt
70f6f8e4c0 Reduce RabbitMQ busy waiting, lowering CPU load
On machines with many cores, we were seeing excessive CPU load on systems
that were not very busy. With the following Erlang VM argument we saw
RabbitMQ CPU usage drop from about 150% to around 20%, on a system with
40 hyperthreads.

    +S 2:2

By default RabbitMQ starts N schedulers where N is the number of CPU
cores, including hyper-threaded cores. This is fine when you assume all
your CPUs are dedicated to RabbitMQ. Its not a good idea in a typical
Kolla Ansible setup. Here we go for two scheduler threads.
More details can be found here:
https://www.rabbitmq.com/runtime.html#scheduling
and here:
https://erlang.org/doc/man/erl.html#emulator-flags

    +sbwt none

This stops busy waiting of the scheduler, for more details see:
https://www.rabbitmq.com/runtime.html#busy-waiting
Newer versions of rabbit may need additional flags:
"+sbwt none +sbwtdcpu none +sbwtdio none"
But this patch should be back portable to older versions of RabbitMQ
used in Train and Stein.

Note that information on this tuning was found by looking at data from:
rabbitmq-diagnostics runtime_thread_stats
More details on that can be found here:
https://www.rabbitmq.com/runtime.html#thread-stats

Related-Bug: #1846467

Change-Id: Iced014acee7e590c10848e73feca166f48b622dc
2021-06-07 13:18:39 +01:00
Zuul
dda787fca9 Merge "Bump min Docker version" 2021-06-07 09:00:26 +00:00
Zuul
3337e9873a Merge "chrony: allow to remove the container" 2021-06-07 08:55:19 +00:00
Scott Shambarger
aea9bf3550 monasca-thresh: Fix topology submission to storm
monasca-thresh currently runs a local copy of the storm
to handle the threshold topology.  However, it doesn't setup
the environment correctly, and the executable fails, causing
the container to continually restart.

This patch updates the container command to correctly
submit the topology to the running Apache storm.  The
container will exit after it finishes the submission,
so the restart_policy is updated to on-failure, this way
if the storm is temporarily unavailable, the submission
will be retried. (NOTE: further deploys will see the
container as "changed" as it won't be running)

Patch uses KOLLA_BOOTSTRAP to trigger the container to
check if the topology is already submitted, and if so skips
the submission command so the container doesn't fail.

The config task now triggers a new reconfigure handler that
spawns a one-shot container to replace any existing topology
if the configuration has changed.

Also, all the storm.* variables in storm.yml.j2 are
removed as they were only needed for local mode and
make submitted topologies fail to load when the storm
is restarted (the referenced directories not mounted
on nimbus).

Depends-On: https://review.opendev.org/c/openstack/kolla/+/792751
Closes-Bug: #1808805
Change-Id: Ib225d76076782d695c9387e1c2693bae9a4521d7
2021-06-06 13:41:29 -07:00
Zuul
fad696be8d Merge "Fix release note markup" 2021-06-05 09:32:16 +00:00
Mark Goddard
46bd05250d baremetal: fix /etc/hosts generation when api_interface has dashes
Interface names with dashes can cause problems in Ansible since dashes
are replaced with underscores when referencing facts. In the baremetal
role we reference the fact for api_interface without replacing dashes
with underscores. This may result in host entries being omitted from
/etc/hosts.

This change fixes the issue.

Change-Id: I667adc7d8a7dbd20dbfa293f389e02355f8275bb
Related-Bug: #1927357
2021-06-04 17:11:05 +01:00
John Garbutt
dee9d22dcf Add suppress_type_name to stop warnings with ES7
When using elasticsearch 7 with fluentd, you seem to get a lot
of warnings in the docker logs output that look like:

    [types removal] Specifying types in bulk requests is deprecated.

The docs suggest adding suppress_type_name to stop these warnings,
and that seems to work without affecting any functionality.

Further info here:
https://github.com/uken/fluent-plugin-elasticsearch/issues/785

Closes-Bug: #1930856
Change-Id: I45be67df3717f78d78bcdc7df69600ab8681922f
2021-06-04 10:21:24 +01:00
Mark Goddard
84ac7b3096 chrony: allow to remove the container
The chrony container is deprecated in Wallaby, and disabled by default.
This change allows to remove the container if chrony is disabled.

Change-Id: I1c4436072c2d47a95625e64b731edb473384b395
2021-06-02 17:28:35 +00:00
Pierre Riteau
887bf6f1f3 Fix release note markup
Change-Id: I73c2b0ab9c81bfad59725a3ea16eab5c13e07815
2021-05-31 11:14:38 +02:00
Radosław Piliszek
9a77fb1ca0 Add support for Debian Bullseye (11) as host distro
Makes nova-libvirt container always run in 'host' CgroupnsMode
to ensure it works.

Change-Id: I75105baf434977c68bc5c8ca1f5213e602c52c8c
2021-05-30 18:40:12 +00:00
Radosław Piliszek
95520df094 [docker] Add support for setting CgroupnsMode
This is required to support Debian Bullseye (11) - need to set
nova-libvirt to use 'host' CgroupnsMode.

Change-Id: I40213d4092fa325bcf37bb1fb4437ab125fe328b
2021-05-30 18:28:54 +00:00
Radosław Piliszek
a3caf8c3a0 Bump min Docker version
And python-docker version.
Make them less scary.

Change-Id: I134e8aa8ed5eae479e5af743464dc2a0e40a1353
2021-05-28 13:22:38 +00:00
Pierre Riteau
bb56861cc5 Use mariadb-server image for mariabackup
The mariadb image was removed in Wallaby, leading to database backup
failures.

Change-Id: I90986e7521779997df2782767bb95efcbd8ef232
Closes-Bug: #1928129
2021-05-28 13:24:11 +02:00
Scott Shambarger
283b0dec63 fluentd: Fix check for external elasticsearch
When enable_elasticsearch is False, and kolla_internal_fqdn is set
and elasticsearch_address is the default, fluentd is still enabling
output to elasticsearch.

elasticsearch_address defaults to kolla_internal_fqdn, but the
check to enable logging to an "external" elasticsearch host
compares with kolla_internal_vip_address (fqdn != vip address).

This patch fixes the comparison to use the kolla_internal_fqdn.

Closes-Bug: #1927880
Change-Id: If23a6b1273c2639d1296becc9d222546d52f63ac
2021-05-27 17:26:04 +00:00
Zuul
4e28adbe6e Merge "docs: update supported OS distros" 2021-05-25 12:33:59 +00:00
Mark Goddard
86ddc94ec2 Fix exit code with bogus command name
Running this:

$ kolla-ansible bogus-command

Should show usage & give a non-zero exit code. Previously it gave a zero
exit code. This change fixes the issue.

Closes-Bug: #1929397

Change-Id: I580c208d61d5efe115f936dfb8f3f6508acd91b2
2021-05-25 08:52:19 +00:00
Zuul
cc5667db01 Merge "Remove Monasca Grafana service" 2021-05-21 09:42:42 +00:00
Zuul
e9490fc747 Merge "Disable usage collection in Kibana" 2021-05-21 09:42:04 +00:00
Zuul
a753d54fc0 Merge "Use Docker healthchecks for qdrouterd services" 2021-05-20 02:57:19 +00:00
Michał Nasiadka
b053bd8ecf baremetal: Install Docker SDK less than 5.0.0
Docker 5.0.0 [1] dropped requirement for six, but still imports it.

[1]: https://github.com/docker/docker-py/issues/2807

Closes-Bug: #1928915
Change-Id: I726541f4b3fdc357387a44c6a2153593a10bf282
2021-05-19 07:33:35 +00:00
Zuul
c61bee3fb4 Merge "baremetal: Don't start Docker after install on Debian/Ubuntu" 2021-05-14 09:40:04 +00:00
Michał Nasiadka
bc96179195 baremetal: Don't start Docker after install on Debian/Ubuntu
docker-ce on Debian/Ubuntu gets started just after installation, before
baremetal role configures daemon.json - which results in iptables rules
being implemented - but not removed on docker engine restart.

Closes-Bug: #1923203

Change-Id: Ib1faa092e0b8f0668d1752490a34d0c2165d58d2
2021-05-14 09:00:01 +02:00
Mark Goddard
f295b1a055 docs: update supported OS distros
* add CentOS Stream 8 info & reno
* mark RHEL as deprecated in docs

Change-Id: Ifa3b8c7365e4092202bf9e89b67293cf8d983e0a
2021-05-12 10:35:54 +01:00
Piotr Parczewski
b300f7bc40 Disable Alertmanager's peer gossip in non-HA deployments
Reference:

https://github.com/prometheus/alertmanager#turn-off-high-availability

Closes-Bug: #1926463
Change-Id: I60e1dedeac25fa8fe9538a3a8e582bd8cc9324d7
2021-05-11 14:39:29 +00:00
Florian LEDUC
e923236001 Add ability to use the Neutron packet logging framework
* Enables the Neutron packet logging framework for OVS
(https://docs.openstack.org/neutron/latest/admin/config-logging.html).
* Adds a toggle variable "enable_neutron_packet_logging"

Change-Id: Ica3594cdac634b496949a06ed813dccd18090af4
Implements: blueprint neutron-log-service-plugin
2021-05-11 13:50:49 +02:00
Michal Arbet
41fe771bcc Do not write octavia_amp_ssh_key if auto_config disabled
This task is writing private key from passwords to
/etc/kolla/octavia-worker/{{ octavia_amp_ssh_key_name }} even
if user disabled octavia auto configure.

This patch is adding conditional for this task and skipping
it if octavia_auto_configure: "no".

Closes-Bug: #1927727

Change-Id: Ib993b387d681921d804f654bea780a1481b2b0d0
2021-05-10 11:13:41 +00:00
Michał Nasiadka
aff99355d2 ovn: make DVR work on VLAN tenant networks
In order for DVR to work on VLAN tenant networks we need to configure
external_ids:ovn-chassis-mac-mappings with per node generated MAC [1]
on computes [1].

[1]: 1fed74cfc1

Co-Authored-By: Bartosz Bezak <bartosz@stackhpc.com>

Depends-On: https://review.opendev.org/c/openstack/neutron/+/782250
Change-Id: I3a3ccde5b9ef2afb4c3e9206f13827687880cb57
2021-05-06 10:17:59 +00:00
Radosław Piliszek
b056f54c14 Deprecate tempest and rally
Per [1].

[1] http://eavesdrop.openstack.org/meetings/kolla/2021/kolla.2021-04-28-15.00.html

Change-Id: Ie109d15db1e26e20b78efdb4ab0653d24054820f
2021-05-05 08:10:28 +00:00
Zuul
3253996434 Merge "Add Monasca Grafana deprecation notice" 2021-04-28 09:24:43 +00:00