Continuing fixing CI after [1], this patch fixes the other branch
that [2] has not previously included.
[1] https://review.opendev.org/c/openstack/kolla-ansible/+/805449
[2] 02e07a0860e8ca8bc1d6d7716e44bd2888591ecd
Change-Id: I44014a93b92b5a8782e34cf394881dec74cdeea1
As a result of https://review.opendev.org/c/openstack/kolla-ansible/+/805449
CI is failing, because we don't have a TLS certificate on our registry.
This workaround will get our CI to be green while a proper patch
(TLS certs for registry) can be worked out.
Change-Id: Ia45c8a764a1f87d1c44717c4da3b9a3f94cdc967
Currently only operations done with default kolla_toolbox user are logged
to /var/log/kolla/ansible.log.
In order to fix logging, permissions to ansible.log must allow writing
for other users in kolla group - and then a separate patch will follow
to make custom ansible.cfg file usable by other toolbox users.
Partial-Bug: #1942846
Change-Id: I1be60ac7647b1a838e97f05f15ba5f0e39e8ae3c
This is required for libvirtd with cgroupsv2 (Debian Bullseye and
soon others).
Otherwise, device attachments simply fail.
The warning message suggests filtering will be disabled but it
actually just fails the action entirely.
Change-Id: Id1fbd49a31a6e6e51b667f646278b93897c05b21
Closes-Bug: #1941940
Just like I added Cinder volume upgrade testing before, let's
also test similarly for Nova and Neutron. :-)
More robust debugging and refactor included.
Related-Bug: #1941706
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/806476
Change-Id: Id79df44254603f9b37ce7da2bfc796fc0b1ac91f
It was removed in [1] as part of cgroupsv2 cleanup.
However, the testing did not catch the fact that the legacy
cgroups behaviour was actually still breaking despite latest
Docker and setting to use host's cgroups namespace.
[1] 286a03bad20955aa4d3f7009cef5856d328b76f1
Closes-Bug: #1941706
Change-Id: I629bb9e70a3fd6bd1e26b2ca22ffcff5e9e8c731
To follow best security practices and help fellow operators.
More details inline and in the linked bug report.
Closes-Bug: #1940547
Change-Id: Ide9e9009a6e272f20a43319f27d257efdf315f68
For now role haproxy is maintaining haproxy
and keepalived. In follow-up changes there is also
proxysql added.
This patch is *only* renaming/moving stuff to more
prominent role loadbalancer, and moving also specific
templates to subdirectory.
This was done only to better diff in follow-up
changes.
Change-Id: I1d39d5bcaefc4016983bf267a2736b742cc3a555
Sometimes, the registries may intermittently fail to deliver the
images. This is often seen in the CI, though it also happens with
production deployments, even those with internal registries and/or
registry mirrors - due to sheer load when trying to pull the
images from many hosts.
This patchs adds two new vars to control retry behaviour.
The default has been set to make users happier by default. :-)
Change-Id: I81ad7d8642654f8474f11084c6934aab40243d35
It seems to have been mistakenly introduced by
de00bf491dfbabc8e11009fce4410bce5c2110ed
"Simplify handler conditionals"
Change-Id: I65b6e322fa11a870f32099bbfd62150cbea4feb5
This change enables the use of Docker healthchecks for
keystone-fernet container. It checks if "key 0" has
right permissions, and if rsync is able to distribute
keys to other keystones.
Implements: blueprint container-health-check
Change-Id: I17bea723d4109e869cd05d211f6f8e4653f46e17
This change enables the use of Docker healthchecks for
nova-spicehtml5proxy service.
Implements: blueprint container-health-check
Change-Id: I584c588c20781e6c6567429811aecf97967baea3
Swift is a major OpenStack project. It could use testing upgrades.
New jobs are placed in the experimental pipeline to avoid
excessive CI load on general changes.
Change-Id: I8a089fdd1f21eb4c3e00c38ea9dfcecc77565bf5
Related-Bug: #1874691
Certain overrides for rabbitmq may need to be set for `rabbitmqctl` in
kolla-toolbox aswell.
This commit allows to override `rabbitmq-env.conf` and `erl_inetrc` in
kolla-toolbox.
Change-Id: Idef6adcf9700f75a2db503444a8de093ee21a9c5
Debian upgrades failed on using the ansible command to remove
chrony service because of broken python autodetection.
This patch uses the same workaround we have in globals-default.j2.
This is not nice long-term but there is no reason to keep the two
out of sync. We should remove this workaround from both places
when the situation fixes itself (possibly with newer Ansible).
Change-Id: I8b7f0c76d55cd31311285ce746acb6335e044470
