openstack/kolla-ansible
Code Issues Proposed changes
13,871 Commits 5 Branches 115 Tags
3b0fce6fd3
Commit Graph

13871 Commits

Author SHA1 Message Date
Uwe Jäger
3b0fce6fd3 Update configuration to enable more services in Skyline Console 
Change-Id: I77f3c5f219393e604dbd24b2a97a66da1ee3ba7f
 2024-03-18 10:42:33 +01:00
Zuul
21543fefb9 Merge "Fix images pull in ovs-dpdk role" 2024-03-14 18:43:49 +00:00
Zuul
f65e4257dd Merge "CI: Use 2023.2 image for rabbitmq on ipv6 scenario" 2024-03-14 16:31:32 +00:00
Zuul
a71d04a0d2 Merge "doc: Add a note about SLURP upgrades" 2024-03-14 11:46:11 +00:00
Zuul
bffed1ab68 Merge "Bump ansible-core versions to 2.15 and 2.16" 2024-03-14 11:13:42 +00:00
Michal Nasiadka
ca10628a66 doc: Add a note about SLURP upgrades 
Change-Id: I8609cf211316d8224c925d57a5e832ccff37b906
 2024-03-14 09:34:22 +00:00
Michal Nasiadka
b04486df07 Bump ansible-core versions to 2.15 and 2.16 
Change-Id: Iab40eb92c7e4a9092471bef9d4477a4fa34f1c85
 2024-03-14 06:13:38 +00:00
Zuul
eca8b04363 Merge "[doc] document --limit limitations" 2024-03-13 21:26:56 +00:00
Zuul
465f6ce298 Merge "rabbitmq: Add 3.12 feature flags (for upgrade to 3.13)" 2024-03-13 18:29:00 +00:00
Michal Nasiadka
0ec71d87cd CI: Use 2023.2 image for rabbitmq on ipv6 scenario 
Currently RMQ 3.13 fails on ipv6 multinode scenario, use 3.12 from 2023.1
until [1] gets resolved.

[1]: https://github.com/rabbitmq/rabbitmq-server/issues/10728

Change-Id: If11710e99cf2e340e558d68e2071c1bb16825e55
 2024-03-13 16:22:32 +00:00
Michal Nasiadka
7bb50ee05e rabbitmq: bump wait timeout to 60 seconds 
Closes-Bug: #2057676

Change-Id: I9e0287a4e80b1ebcecf9e3b66c11d4233970a30b
 2024-03-12 14:48:41 +00:00
German Espinoza
a81a53092d Fix images pull in ovs-dpdk role 
This patch fixes ovs-dpdk images pull by adding
the variable kolla_role_name to the ovs-dpdk vars, so
services-image-pull can work correctly.

Closes-Bug: #2041864
Change-Id: I2e799290a57ebfacbc0ff9a0b1ca3dc956c513df
Signed-off-by: German Espinoza <gespinoza@whitestack.com>
 2024-03-12 10:09:37 +01:00
Michal Arbet
8c760d38a0 Fix creation of ovs bridges 
This patch fixes the creation of the openvswitch
bridge by fixing an ansible task that was rewritten
to use an ansible module, but unfortunately, its loop
was implemented incorrectly.

Closes-Bug: #2056332
Change-Id: Ia55a36c0f9b122b72d757ca973e7d8f76ae84344
 2024-03-11 09:49:51 +01:00
Michal Arbet
59da07920b Fix coordination when redis used 
Tooz 6.0.1 includes commit [1], which introduced
parsing the username from the Redis connection URL.
As a result, services started authenticating as admin
which, by the way, was incorrect even before, as either
a created user or the default one should have been used.

The reason it worked before is simply because the username
'admin' wasn't parsed anywhere.

This patch fixes the user being used and sets the correct
'default' one.

[1] https://review.opendev.org/c/openstack/tooz/+/907656

Closes-Bug: #2056667
Depends-On: https://review.opendev.org/c/openstack/kolla/+/911703
Change-Id: I5568dba15fa98e009ad4a9e41756aba0fa659371
 2024-03-11 09:49:01 +01:00
Sven Kieske
eb27c2b3ba
[doc] document --limit limitations 
there are currently known bugs in our interaction with the ansible
--limit option. document those and recommend not to use this like it
was agreed in the kolla meeting:
https://meetings.opendev.org/meetings/kolla/2024/kolla.2024-02-21-14.00.log.txt

Signed-off-by: Sven Kieske <kieske@osism.tech>
Change-Id: Iaeaa8c667ce7cd677b2b3dc2096ef4e52c1f651f
 2024-03-07 17:23:14 +01:00
Zuul
5169e3bcbe Merge "Fix typo in release note" 2024-03-07 13:52:12 +00:00
Zuul
3760eac763 Merge "CI: Replace etcd with redis in GATE_IMAGES for cephadm scenario" 2024-03-06 12:28:02 +00:00
Zuul
a7dd2425ec Merge "prometheus: Add friendly instance labels for ironic and alertmanager" 2024-03-06 12:27:58 +00:00
Michal Nasiadka
a88ebd77b0 CI: Replace etcd with redis in GATE_IMAGES for cephadm scenario 
We replaced redis with etcd in that scenario, but GATE_IMAGES
are not updated.

Change-Id: Ie9d6642f8ce51bc2a35b800c6c149153c14378db
 2024-03-05 16:49:45 +01:00
Michal Nasiadka
b2a187e84e rabbitmq: Add 3.12 feature flags (for upgrade to 3.13) 
As per [1].

[1]: https://rabbitmq-website.pages.dev/docs/feature-flags

Depends-On: https://review.opendev.org/c/openstack/kolla/+/911093

Change-Id: Ib5bfc99a5023e4b949c1ea38eca9bfd1ea9cd633
 2024-03-05 12:05:10 +00:00
Pierre Riteau
6ac502ec20 Fix typo in release note 
Change-Id: I2f6cd19b7f4d3954bf9de17e6095d39545fe05d3
 2024-03-01 09:30:12 +01:00
Michal Nasiadka
add8351834 Missing reno for Ic121bf9f90c9865cd4d08890c80247570ef310ae 
Folowup for missing release note, see [1].

[1]: https://review.opendev.org/q/Ic121bf9f90c9865cd4d08890c80247570ef310ae

Change-Id: Ia65e4e28d8a8dfdf439adbdd5a2516b6c064109a
 2024-03-01 09:11:59 +01:00
Zuul
06e39af796 Merge "Adds feature flag for ironic-inspector in bifrost" 2024-02-29 17:05:13 +00:00
Zuul
d42cdef420 Merge "Add password rotation docs page" 2024-02-29 11:37:52 +00:00
Will Szumski
4d40c9e68f Adds feature flag for ironic-inspector in bifrost 
This is useful for backwards compatability.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/909865
Change-Id: Ib2936580db5e7ab3479722bc353c39063010b5f2
 2024-02-28 14:59:29 +00:00
Mark Goddard
10f0e9ddef prometheus: Add friendly instance labels for ironic and alertmanager 
These were omitted from I387c9d8f5c01baf6054381834ecf4e554d0fff35 and
I387c9d8f5c01baf6054381834ecf4e554d0fff35.

Closes-Bug: #2041855
Change-Id: I25e5450d1caeebd9c900c190fc0079988f1ca574
 2024-02-28 12:16:32 +00:00
Zuul
e513ddd982 Merge "Adjust Ceph metrics scrape interval in Prometheus" 2024-02-27 11:59:32 +00:00
Zuul
ce3a6aff09 Merge "Fix gnocchi-metricd when TLS and Swift enabled" 2024-02-21 16:02:52 +00:00
Alex-Welsh
d6d82e2a88 Add password rotation docs page 
Closes-Bug: #1793323
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/903178
Depends-On: https://review.opendev.org/c/openstack/kolla/+/902057
Change-Id: Ibebd6e04de215e1a1aaff52c55d28c4741af98f2
 2024-02-21 12:02:34 +00:00
Zuul
d30fb56c2a Merge "Remove the grafana volume" 2024-02-20 17:25:50 +00:00
Zuul
ff63af4e65 Merge "cinder: Stop using admin service token" 2024-02-20 14:24:34 +00:00
Zuul
3c77151225 Merge "Revert "Disable new defaults and scope for Ironic (RBAC)"" 2024-02-19 12:43:31 +00:00
Zuul
311fd881e4 Merge "Template system scoped admin-openrc and clouds.yml files" 2024-02-19 12:40:06 +00:00
Zuul
33129b7554 Merge "Add service role to ironic service users" 2024-02-19 12:40:03 +00:00
Zuul
a6fa564499 Merge "Ironic: enable elevated access for project scoped service role" 2024-02-19 12:40:00 +00:00
Zuul
a3f3dc7ab5 Merge "CI: Change prometheus jobs to voting and gating" 2024-02-15 19:23:39 +00:00
Bartosz Bezak
c51fbfdd8b Revert "Disable new defaults and scope for Ironic (RBAC)" 
This reverts commit d77372e86ab078711d48dbe2917714f338842ca5.

Reason for revert: service role support has been fixed in Ironic [1]
and added to Kolla-Ansible.

[1] https://review.opendev.org/c/openstack/ironic/+/907148

Closes-Bug: #2051837

Change-Id: I49664e3a353f54e0d51f454c552a78846ba64101
 2024-02-15 15:14:56 +00:00
Bartosz Bezak
6e835ae758 Template system scoped admin-openrc and clouds.yml files 
Ironic enabled secure RBAC with system scoped enforcement [1].

Some API calls, for instance 'baremetal:driver:get' needs system
scope role by design [2], even with elevated access project scope
service role [3].

[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] 8ec5606622/ironic/common/policy.py (L1349-L1357)
[3] https://review.opendev.org/c/openstack/kolla-ansible/+/908007

Related-Bug: #2051837

Change-Id: Id6313d7dd343b82d4c9ccf7bf429d340ea0e93d1
 2024-02-15 15:01:59 +00:00
Zuul
0701436fd2 Merge "CI: Fix prometheus-opensearch-upgrade CI job" 2024-02-15 14:57:34 +00:00
Zuul
0dac9eb93d Merge "Fix mariadb role when used with check mode" 2024-02-15 14:13:18 +00:00
Bartosz Bezak
600e912400 Add service role to ironic service users 
Add the service role to ironic service users. Ironic recently enforced
new policy validation as part of the RBAC efforts. [1][2]
Service user support was also added to Ironic. [3]
Admin role needs to stay as not all services added service role support. [4][5]

[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] e2a47de10a/goals/selected/consistent-and-secure-rbac.rst (phase-2)
[3] https://review.opendev.org/c/openstack/ironic/+/907148
[4] https://review.opendev.org/q/topic:bp%252Fpolicy-service-role-default
[5] https://review.opendev.org/q/topic:%22New-Location-Apis%22

Related-Bug: #2051837
Change-Id: I048402c2247188cf57f35437f557f84ac25d4ff2
 2024-02-15 14:05:52 +00:00
Bartosz Bezak
121aa3d258 Ironic: enable elevated access for project scoped service role 
Ironic recently started to enforce new policies and scope [1].
And Ironic is one of the sole openstack project which need
system scope for some admin related api calls [2].
However Ironic also started to allow project-scope behaviour
for service role with setting
``rbac_service_role_elevated_access``[3] [4]. This change enables
this setting to get similar behaviour of service role as other
openstack projects.

[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] e2a47de10a/goals/selected/consistent-and-secure-rbac.rst (L261)
[3] https://review.opendev.org/c/openstack/ironic/+/907148
[4] 8ec5606622/releasenotes/notes/service-project-service-role-fix-e4d1a8c23856926a.yaml

Related-Bug: #2051837

Change-Id: If8d7cf1663145d0398a2e936486e2b316d4df5e0
 2024-02-15 15:04:06 +01:00
Michal Nasiadka
1ef765f690 cinder: Stop using admin service token 
In order to do this - we need to add service role to Nova and Cinder.

Closes-Bug: #2049762

Change-Id: Ic121bf9f90c9865cd4d08890c80247570ef310ae
 2024-02-15 12:07:39 +00:00
Michal Nasiadka
7d897399f0 CI: Change prometheus jobs to voting and gating 
Change-Id: I5bc50e390d0b8100a1b6bf5bd5c8b6ecdeb7cd6c
 2024-02-15 10:59:38 +00:00
Doug Szumski
afa202e259 CI: Fix prometheus-opensearch-upgrade CI job 
The upgrade job needs the haproxy exporter group, which
was missing from the inventory.

Change-Id: Ie4ecf283a2f4ac056ace5e76f2acc4ba1a8fe0b4
 2024-02-15 10:59:34 +00:00
Michal Nasiadka
63cf525af5 CI: Increase RADOS timeout for cephadm jobs 
Default timeout is 5 and we're often hitting that on our poor man's
Ceph.

Change-Id: Ide92b3c32150c0045b0723155f94b21ea9cdce66
 2024-02-14 10:02:35 +00:00
Michal Nasiadka
fe155496e1 CI: Switch cephadm jobs to redis 
etcd is flakey and complaining over slow disk

Change-Id: I1f5191015b53bdb218cfeaa43586ecf2d71a161e
 2024-02-13 12:46:23 +01:00
Dawud
8962b4081e
Remove the grafana volume 
Fixes not being able to add additional plugins at build time due to the
`grafana` volume being mounted over the existing `/var/lib/grafana`
directory. This is fixed by copying the dashboards into the container
from an existing bind mount instead of using the ``grafana`` volume.
This however leaves behind the volume which should be removed with
`docker volume rm grafana` or by setting `grafana_remove_old_volume` to
`True`.

Closes-Bug: #2039498
Change-Id: Ibcffa5d8922c470f655f447558d4a9c73b1ba361
 2024-02-12 16:03:19 +00:00
Zuul
07bbf1707f Merge "[CI] Enable testing horizon" 2024-02-09 13:03:12 +00:00
Zuul
92286fa7ee Merge "Fix horizon deployment" 2024-02-09 12:57:33 +00:00