This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
Fixes a bug where the Baremetal Introspection service's public endpoint
registered in the Identity service referenced the internal API endpoint.
Also updates keystone endpoints for the Baremetal and Baremetal
Introspection services during reconfigure and upgrade operations.
Previously this was only done during deploy.
Change-Id: I32d475f288bb4a3834c13cc86f0c53b5437c3d25
Closes-Bug: #1738418
Support pxe uefi mode following guide
https://docs.openstack.org/ironic/latest/install/configure-pxe.html
In the meantime, ironic-agent kernel and initramfs does not have to
be provided as precondition under /etc/kolla/config in such mode.
Add condition check as well.
Change-Id: Ieefcf5f9fe839eab63f3fe4a1c5cf845f4fd4eb5
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
flat network type is not mandatory. There are two cases,
1. ironic with flat network: we can use neutron vlan network to
provision baremetal nodes, as long as the interface of the baremetal
nodes are configured to use the same vlan.
2. ironic with neutron network: all provision and cleaning_network can
be vlan type and no flat is needed at all.
So we should remove the task.
Change-Id: I176ded6d2a8b14e350f665f63bc37eb488d32679
Closes-Bug: #1725170
When deploying with tls enabled in public
endpoints, ansible modules fails due SSL certificates
are self-signed.
This change adds a new variable to allow customization
on which endpoints ansible should connect.
Defaults to admin because admin auth parameters defaults
to admin endpoint.
Change-Id: Ic3ed58cf9c9579cae08a11bbfe6fce983b5a9cbc
Closes-Bug: #1720995
Actually Openstack services configuration can be overriden using many
files:
- /etc/kolla/config/<< service name >>/<< config file >>
- /etc/kolla/config/<< service name >>/<<host>>/<< config file >>
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
Only per-service configuration is actually documented here:
https://github.com/openstack/kolla-ansible/blob/master/doc/advanced-configuration.rst#L164
Allowing to globally modify service configuration can be perform too,
but it can be done in 3 different manners, all not documented:
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
database.conf and messaging.conf seems redundant with global.conf.
In order to simplify codebase it seems logical to remove them.
Documentation has been added for overriding configuration globally and
release note has been added too.
Closes-Bug: #1682479
Change-Id: I5d922dfc0d938173bad34ac64e490b78db1b7e31
Before this change ironic prechecks failed with the error:
'tenant_network_types' is undefined
This problem appears to have been introduced in:
296ddbeb035c6f582b316f066fe2ddffece07aca
Closes-Bug: #1714946
Change-Id: I609ae20c4558370a0a8c4c316cd47cbd1d086331
The Ironic templates and roles assume Keystone is enabled and they don't
make use of the `enable_keystone var. This patch changes the behavior so
that `noauth` is used as auth method for Ironic if keystone is not
enabled, the Ironic endpoint is not registered if keystone is not
enabled and the keystone section is not created in the config file.
Change-Id: I813de42d10ac264eec81076cb107b58af09ff686
Ironic inspector should honour the Ansible inventory group
ironic-inspector. Ironic inspector may not be required at all. If
Ironic inspector is required then it should only run on a single
node, and this should be reflected by the inventory.
This change makes a number of Ironic inspector-related tasks dependent
upon the host's membership of the ironic-inspector group. Also, we
couple the ironic-dnsmasq container with the ironic-inspector group
rather than ironic-conductor, as the service is for inspector rather
than Ironic.
Change-Id: Ifd90753b0fe1a55c11b7723c28e1d14ab3d32737
Closes-Bug: #1665257
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
In order to speed up deployment time some "local" actions should be run
only once using 'run_once: True'.
This will decrease deployment time in case of multihost configuration.
Change-Id: I6015d772d35c15e96c52f577013b6e41197cb41a
This patch add configuration options for tenant network types and type
drivers. Both lists are checked so that tenant types are listed in
drivers. For ironic 'flat' driver is mandatory and is added explicitly
into ironic prechecks.
Change-Id: Ie5775001165412910a258cbed2d2ebbb8ebbd879
Closes-Bug: #1694725
Ansible task support vars directive, no need implement another one in
merge_config. This patch remove the vars directive in merge_config
action plugin.
Change-Id: I33648a2b6e39b4d49ce76eb66fbf2522721f8c68
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
- remove the unnecessary blank
- add "ironic_inspector" into its own prechecks and haproxy prechecks
Change-Id: Id542971057a9116eef679f1eb0827266eb18ba30
Closes-bug: #1668178
There is not prechecks for Ironic kernel and initramfs files, this
patch add it.
Change-Id: I7e576eeff02310170d51a4585cbda6c465a29e0d
Closes-bug: #1667544
Most bootstrap actions use the run_once flag to run on a single host
as they typically involve service-global operations such as database
syncs. The ironic_pxe container bootstrap is different, as it copies
pxelinux files into the ironic_pxe Docker volume. This should be done
on all hosts but currently is only done on one host.
This change performs the ironic_pxe bootstrap on all hosts in the
ironic-pxe group.
Change-Id: Iffd34e6ff26a0ba5140e5d477418cc8aebcdac62
Closes-Bug: #1667153
The ironic_dnsmasq container is currently tied to the ironic-conductor
Ansible group. It is required only for Ironic inspector and should
really either be tied to the ironic-inspector group or have a new
ironic-dnsmasq group defined for it. This problem means that if all
hosts are removed from the ironic-inspector group I will still have an
ironic_dnsmasq container deployed.
This change uses the ironic-inspector group to determine where to place
the ironic_dnsmasq container.
Change-Id: I6af3f402795107b8b9d7a1619722f12cbf496257
Closes-Bug: #1666982
Currently the ironic_dnsmasq container does not support
reconfiguration. This change adds support for reconfiguration of
ironic_dnsmasq.
Change-Id: I7f121dca7d32e0b28c7531378dd0eef03ae4f1ce
Closes-Bug: #1667090
Currently, policy.json is put in
"{{ node_config_directory }}/{{ service_name }}"
in target nodes.
Relocation policy.json to "{{ node_config_directory }}/{{ item }}"
with item is corresponding service compoment config directory.
Currently, the policy.json is copied to all services, but it
should be reviewed and left only in neccesary service
(at many cases, only API service needs that).
Redundant files will be removed in follow up patchset.
Change-Id: I0e997dccf4ec438c9c0436db71ec2fd06650f50d
Closes-Bug: #1639686
