For the CentOS 7 to 8 transition, we will have a period where both
CentOS 7 and 8 images are available. We differentiate these images via a
tag - the CentOS 8 images will have a tag of train-centos8 (or
master-centos8 temporarily).
To achieve this, and maintain backwards compatibility for the
openstack_release variable, we introduce a new 'openstack_tag' variable.
This variable is based on openstack_release, but has a suffix of
'openstack_tag_suffix', which is empty except on CentOS 8 where it has a
value of '-centos8'.
Change-Id: I12ce4661afb3c255136cdc1aabe7cbd25560d625
Partially-Implements: blueprint centos-rhel-8
In CentOS/RHEL 8 there is no scsi-target-utils package, nor is it
available in EPEL. It is removed from kolla in [1]. In RHEL 7 and beyond
the LIO kernel subsystem can be used instead of the tgtd daemon.
This change removes support for the SCSI target daemon on CentOS/RHEL 8.
The 'tgtd' image is no longer available for CentOS/RHEL 8.
[1] https://review.openstack.org/#/c/613815/5
Change-Id: I718fc16cde2dd177b2a1c2f79b932426034897fe
Related: blueprint centos-rhel-8
Introduce kolla_address filter.
Introduce put_address_in_context filter.
Add AF config to vars.
Address contexts:
- raw (default): <ADDR>
- memcache: inet6:[<ADDR>]
- url: [<ADDR>]
Other changes:
globals.yml - mention just IP in comment
prechecks/port_checks (api_intf) - kolla_address handles validation
3x interface conditional (swift configs: replication/storage)
2x interface variable definition with hostname
(haproxy listens; api intf)
1x interface variable definition with hostname with bifrost exclusion
(baremetal pre-install /etc/hosts; api intf)
neutron's ml2 'overlay_ip_version' set to 6 for IPv6 on tunnel network
basic multinode source CI job for IPv6
prechecks for rabbitmq and qdrouterd use proper NSS database now
MariaDB Galera Cluster WSREP SST mariabackup workaround
(socat and IPv6)
Ceph naming workaround in CI
TODO: probably needs documenting
RabbitMQ IPv6-only proto_dist
Ceph ms switch to IPv6 mode
Remove neutron-server ml2_type_vxlan/vxlan_group setting
as it is not used (let's avoid any confusion)
and could break setups without proper multicast routing
if it started working (also IPv4-only)
haproxy upgrade checks for slaves based on ipv6 addresses
TODO:
ovs-dpdk grabs ipv4 network address (w/ prefix len / submask)
not supported, invalid by default because neutron_external has no address
No idea whether ovs-dpdk works at all atm.
ml2 for xenapi
Xen is not supported too well.
This would require working with XenAPI facts.
rp_filter setting
This would require meddling with ip6tables (there is no sysctl param).
By default nothing is dropped.
Unlikely we really need it.
ironic dnsmasq is configured IPv4-only
dnsmasq needs DHCPv6 options and testing in vivo.
KNOWN ISSUES (beyond us):
One cannot use IPv6 address to reference the image for docker like we
currently do, see: https://github.com/moby/moby/issues/39033
(docker_registry; docker API 400 - invalid reference format)
workaround: use hostname/FQDN
RabbitMQ may fail to bind to IPv6 if hostname resolves also to IPv4.
This is due to old RabbitMQ versions available in images.
IPv4 is preferred by default and may fail in the IPv6-only scenario.
This should be no problem in real life as IPv6-only is indeed IPv6-only.
Also, when new RabbitMQ (3.7.16/3.8+) makes it into images, this will
no longer be relevant as we supply all the necessary config.
See: https://github.com/rabbitmq/rabbitmq-server/pull/1982
For reliable runs, at least Ansible 2.8 is required (2.8.5 confirmed
to work well). Older Ansible versions are known to miss IPv6 addresses
in interface facts. This may affect redeploys, reconfigures and
upgrades which run after VIP address is assigned.
See: https://github.com/ansible/ansible/issues/63227
Bifrost Train does not support IPv6 deployments.
See: https://storyboard.openstack.org/#!/story/2006689
Change-Id: Ia34e6916ea4f99e9522cd2ddde03a0a4776f7e2c
Implements: blueprint ipv6-control-plane
Signed-off-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Sometimes as cloud admins, we want to only update code that is running
in a cloud. But we dont need to do anything else. Make an action in
kolla-ansible that allows us to do that.
Change-Id: I904f595c69f7276e71692696471e32fd1f88e6e8
Implements: blueprint deploy-containers-action
Without this we may see the following error in cinder-backup when using
the LVM backend:
Could not login to any iSCSI portal
Enabling the iscsid container on hosts in the cinder-backup group fixes
this.
Closes-Bug: #1838624
Change-Id: If373c002b0744ce9dbdffed50a02bab55dd0acb9
Co-Authored-By: dmitry-a-grachev <dmitry.a.grachev@gmail.com>
We don't add extra volumes support for all services in patch [1].
In order to unify the management of the volume, so we need add extra volumes
support for these services.
[1] 12ff28a693
Change-Id: Ie148accdd8e6c60df6b521d55bda12b850c0d255
Partially-Implements: blueprint support-extra-volumes
Signed-off-by: ZijianGuo <guozijn@gmail.com>
Many tasks that use Docker have become specified already, but
not all. This change ensures all tasks that use the following
modules have become:
* kolla_docker
* kolla_ceph_keyring
* kolla_toolbox
* kolla_container_facts
It also adds become for 'command' tasks that use docker CLI.
Change-Id: I4a5ebcedaccb9261dbc958ec67e8077d7980e496
The iscsi_helper option was deprecated in favour of target_helper in
Queens, and will be removed in the Stein release.
This also renames the cinder_iscsi_helper variable to
cinder_target_helper, deprecating but still supporting the former name
until the Train release.
Change-Id: Ie38c09b2dd8598f62b0733c8444eec5f6ce3daac
With this change, an operator may be able to stop a
service container without stopping all services in a host.
This change is the starting point to start
fast-forward upgrades support.
In next changes new flags will be introducced to disable
stop dataplane services during upgrades.
Change-Id: Ifde7a39d7d8596ef0d7405ecf1ac1d49a459d9ef
Implements: blueprint support-stop-containers
The configfs kernel module is not mounted by default in Ubuntu 16.04,
leading to the iscsid container failing to start because it bind mounts
/sys/kernel/config. The issue does not apply to Ubuntu 18.04, or other
distros (AFAIK), which load configfs by default.
This change loads the configfs module when the iscsid container is in
use.
Change-Id: I5b521ddca24b919658d2664ede2d878507d6d106
Closes-Bug: #1631072
Add become to all tasks that use the module "kolla_docker"
Change-Id: I4309c4011687b88ec31d739fd8f834fe2326ff10
Partial-Implements: blueprint ansible-specific-task-become
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
Add check enable_cinder to iscsi and tgtd deploy logic.
The ironic check is not effected.
Change-Id: If14ae52fbacf106b112e40a813ad6143cb095edc
Closes-Bug: #1742873
Cinder backends that utilize iSCSI protocol require iscsid on
compute and storage nodes to handle volumes and their backups.
Change-Id: I1c735d2abace4b46879be99731ead47d578335ea
Closes-Bug: #1725258
Iscsid is not only needed by cinder lvm backend, but also by ironic
conductor container.
Change-Id: I903cda88ca71ba31b30c220761f33808495aba72
Closes-Bug: #1709809
In case Kolla's users want to deploy with both of
binary and source image, we should have a variable
install type that define install type for each project.
We also add specific image tag for each Openstack project.
This commit is implemented for Ironic, Kabor,
Keystone project and iscsi as well.
Change-Id: I134d840b1c0e24171a32dec0c7daa6dc2e9ecd87
Implements: blueprint mixing-binary-and-source-image
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
Check enable_* variables first, then check inventory_host in
group, will help to avoid configuration errors.
Change-Id: Icdb1f50e5c911203b92ac431723620756b15f3c6
Closes-Bug: #1648376
When using both /run and /run/netns in docker container, mount
propagation won't work when delete namespace after the containers are
restarted. This PS makes /run mount as shared.
Closes-Bug: #1616268
Change-Id: Ie16699e1b193b2bf1263d89ea634e89ea69add9e
As part of non-lvm iscsi bugfix, changes were introduced
to iscsi's start.yml. Same changes/conditions should be
reflected to config.yml so container configuration is deployed on
the same nodes as containers are started.
TrivialFix
Change-Id: Ib988df2d36983d63a3aff4226224dc5fc6064221
* enable iscsid when ironic is enabled
* update sample inventory files with above
* add logrotate conf template for iscsid
* add 'common' role dependency for iscsi role
Change-Id: I3054b9139a43542febf26c3ce9a71b65f2fcdd84
Closes-bug: #1632850
When the iscsid containers is included in the kolla deployment it starts
successfully on a compute node but fails to start on a storage node, if
cinder is enabled because the config file is not copied to the container
BTW, if cinder is not enabled the iscsid container starts successfully
on both the compute and storage nodes.
Change-Id: I665535d858affebc9623b29f79c89c18f7cc399f
Closes-Bug: #1629381
Cinder-backup containers require iscsid to mount iscsi volumes
to backup if the volumes are on different storage host. This
fix adds missing 'storage' group to iscsi playbook.
Change-Id: Iba3fb861b3f14c20b8a020075f2473ba7a0dd9a2
Closes-Bug: 1611330
Currently Cinder enables iscsid service only when LVM is choosen as
backend. This fix will allow to specify external iSCSI storage via
configuration add-on and to run iscsid independently of LVM settings.
Change-Id: Iaae0f8025534e5ab1c5f9d5e812a7d41129915ef
Closes-Bug: 1614125
Useful for upgrade etc., which is preferablly done serially.
Example usage: tools/kolla-ansible deploy OR tools/kolla-ansible upgrade
Closes-Bug: #1576708
DocImpact
Change-Id: I34b2e16f8ce53e472a4682a4738c4ac0f5abf00c
In ansible/roles/iscsi/tasks/pull.yml, there are references to
'iscsi', which should be 'iscsid' instead. This patchset
fixes this typo.
Change-Id: Id2c31bf69556ec8dcf66cc1d32d2bfe77f02367b
Closes-bug: #1602566
This partially implements iscsi and lvm2 support for cinder
in Kolla. Adds ansible code for iscsid and tgtd containers.
Change-Id: I2a4cfcf104397396ea61a09637d9ef3fc77b515f
Partially-Implements: blueprint iscsi-lvm2-docker
