Ironic provides a feature to allow instance images to be served from a
local HTTP server [1]. This is the same server used for PXE images with
iPXE. This does not work currently because the ironic_ipxe container
does not have access to /var/lib/ironic/images (ironic docker volume),
where the images are cached. Note that to make use of this feature, the
following is required in ironic.conf:
[agent]
image_download_source = http
This change fixes the issue by giving ironic_ipxe container access to
the ironic volume.
[1] https://docs.openstack.org/ironic/latest/admin/interfaces/deploy.html#deploy-with-custom-http-servers
Change-Id: I501d02cfd40fbacea32d551c3912640c5661d821
Closes-Bug: #1856194
Change Id84e3b6e62e544582d6917047534e846e026798d added support for
custom HAProxy service config using a plain copy of files in services.d.
Use a template action instead of a copy so that we can use variables and
iterate over group of hosts.
Change-Id: I1f07785932de4e4540422bd18af95241f05a67bf
We generate the keystone cron schedule via a python script on localhost.
Currently this always uses 'python', however this may not be available
on some systems.
This change switches to use the same python interpreter as used by
ansible-playbook.
Partially-Implements: blueprint python-3
Change-Id: I6007f8d6880f418a503766cec21a330c44e5b80f
This allows users to supply an Elasticsearch Curator actions file
to manage log retention [1]. Curator then runs on a cron job, which
defaults to every day. A default curator actions file is provided,
which can be customised by the end user if required.
[1] https://www.elastic.co/guide/en/elasticsearch/client/curator/current/actionfile.html
Change-Id: Ide9baea9190ae849e61b9d8b6cff3305bdcdd534
Enable reconnect_on_error option so that ES plugin re-establishes
a new session to the ES cluster on errors. Also, enable buffering
to the file, so that the buffer survives container restarts.
Co-Authored-By: Michal Nasiadka <mnasiadka@gmail.com>
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Co-Authored-By: Doug Szumski <doug@stackhpc.com>
Closes-Bug: #1830724
Change-Id: Ia40685b9d4fc02194e03c8791ddeb3d29d7f07f6
To fix instability and availability issues:
etcd3 is not available in repos for binary kolla images.
etcd3 does not support eventlet-based services [1].
[1] https://review.opendev.org/466098
Change-Id: I430bab735da204fc81696130b17931a89214c876
Closes-bug: #1852086
Closes-bug: #1854932
Currently we don't put global Apache error logs into /var/log/kolla,
this change adds statements that redirect those logs there.
Adapted the logfile names to catch into openstack wsgi logging fluentd
input config and existing logrotate cron entries.
Change-Id: I21216e688a1993239e3e81411a4e8b6f13e138c2
Adds support for configuration of the Docker client timeout via
'docker_client_timeout'.
This change also increases the default timeout to 120 seconds, as we
sometimes see timeouts in CI and heavily loaded or underpowered
environments. Increasing 'docker_client_timeout' further may be helpful
in cases where Docker reports 'Read timed out'.
Change-Id: I73745771078cb2c0ebae2b1d87ba2c4c12958d82
Closes-Bug: #1809844
It turned out the previous fix ([1]) was incomplete.
Additionally, it seems we have to limit Tacker server
to one instance co-located with conductor.
[1] https://review.opendev.org/684275
commit b96ade3cf01009d822f85744efee523127f2674c
Change-Id: I9ce27d5f68f32ef59e245960e23336ae5c5db905
Closes-bug: #1853715
Related-bug: #1845142
When using external ceph without nova integration, kolla-ansible fails
because 'nova_cephx_raw_key' is undefined.
This patch fixes the issue by applying the 'default' filter to
prevent failure on undefined.
The change in behavior was introduced by [1].
[1] https://review.opendev.org/689753
commit 44709f413246a05b891f250e88c43226e1f1b0c9
Change-Id: I2fdca1a6a78e78623733a387a2d8c7e29d449083
Closes-Bug: #1853862
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
This option appears to have been removed in 2015 in Neutron change
I9cf36e1fd3a009c175e0d475af407a30f4e5c408.
Change-Id: Ib2d94743aeeff328c900ab1607900844acb4462b
The [placement].os_interface option was replaced by
[placement].valid_interfaces in Queens and was removed in Rocky.
Change-Id: I306c57305b9088159dd18af4aa373bbc39a8b881
Closes-Bug: #1853621
As part of the effort to implement Ansible code linting in CI
(using ansible-lint) - we need to implement recommendations from
ansible-lint output [1].
One of them is to stop using local_action in favor of delegate_to -
to increase readability and and match the style of typical ansible
tasks.
[1]: https://review.opendev.org/694779/
Partially implements: blueprint ansible-lint
Change-Id: I46c259ddad5a6aaf9c7301e6c44cd8a1d5c457d3
The "os_region" param is missing in the ironic_neutron_agent.ini.j2
file. Without specifying the region, the neutron service will randomly
pick a region for the ironic-neutron-agent. Therefore, a list of
incorrect agents might be created in the neutron database "agents"
table for nodes from other regions. To list all neutron agents, use
'openstack network agent list'.
Change-Id: Idec265230d0ab63b7559d94690c059608dc2617e
Closes-bug: #1853464
In one of the blazar ansible tasks in "bootstrap.yml", the admin
project name and username are hard-coded as "admin". OpenStack
users can define their admin project name and username differently
and the hard-coded names would cause authentication errors.
In addition, keystone identity api version 3 uses "os-project-name"
instead of "os-tenant-name". Although "os-tenant-name" might be
still accepatable, it's better to keep the latest.
Change-Id: Ie5c1016f9ce6f402ef208f3c295e6883a9edd8ab
Closes-bug: #1853462
Qinling could not be deployed due to use of an undefined variable
(you guessed it, it was a typo).
Change-Id: Iadbf269e66decc0a4c6b24b3d828ac560adeb7a7
Closes-bug: #1853201
