This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
through the database_address has beed defined in groups_vars/all.yml, we should
better use it, this way, if we want to use external database, we just need to
redefined in all.yml
refer to https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L83
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
Change-Id: Ie559301451954e16347ceaabf02f594c5c5cbe56
Fixes a bug where the Baremetal Introspection service's public endpoint
registered in the Identity service referenced the internal API endpoint.
Also updates keystone endpoints for the Baremetal and Baremetal
Introspection services during reconfigure and upgrade operations.
Previously this was only done during deploy.
Change-Id: I32d475f288bb4a3834c13cc86f0c53b5437c3d25
Closes-Bug: #1738418
Kolla-ansible typically configures services to access the internal API
endpoint of other services, rather than the default public endpoint.
This change ensures that this is the case for ironic inspector.
Change-Id: I998f12435fc1bd306444f9a68bd7f99f5b78f6f8
Closes-Bug: #1740591
Support pxe uefi mode following guide
https://docs.openstack.org/ironic/latest/install/configure-pxe.html
In the meantime, ironic-agent kernel and initramfs does not have to
be provided as precondition under /etc/kolla/config in such mode.
Add condition check as well.
Change-Id: Ieefcf5f9fe839eab63f3fe4a1c5cf845f4fd4eb5
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends
This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note
Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185
flat network type is not mandatory. There are two cases,
1. ironic with flat network: we can use neutron vlan network to
provision baremetal nodes, as long as the interface of the baremetal
nodes are configured to use the same vlan.
2. ironic with neutron network: all provision and cleaning_network can
be vlan type and no flat is needed at all.
So we should remove the task.
Change-Id: I176ded6d2a8b14e350f665f63bc37eb488d32679
Closes-Bug: #1725170
The admin_password and admin_user in default section is discarded
in code, no longer be used anymore.
Change-Id: I1d31faf0781cb61d13aa6a76534e38783e4f920f
When deploying with tls enabled in public
endpoints, ansible modules fails due SSL certificates
are self-signed.
This change adds a new variable to allow customization
on which endpoints ansible should connect.
Defaults to admin because admin auth parameters defaults
to admin endpoint.
Change-Id: Ic3ed58cf9c9579cae08a11bbfe6fce983b5a9cbc
Closes-Bug: #1720995
Actually Openstack services configuration can be overriden using many
files:
- /etc/kolla/config/<< service name >>/<< config file >>
- /etc/kolla/config/<< service name >>/<<host>>/<< config file >>
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
Only per-service configuration is actually documented here:
https://github.com/openstack/kolla-ansible/blob/master/doc/advanced-configuration.rst#L164
Allowing to globally modify service configuration can be perform too,
but it can be done in 3 different manners, all not documented:
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
database.conf and messaging.conf seems redundant with global.conf.
In order to simplify codebase it seems logical to remove them.
Documentation has been added for overriding configuration globally and
release note has been added too.
Closes-Bug: #1682479
Change-Id: I5d922dfc0d938173bad34ac64e490b78db1b7e31
Before this change ironic prechecks failed with the error:
'tenant_network_types' is undefined
This problem appears to have been introduced in:
296ddbeb035c6f582b316f066fe2ddffece07aca
Closes-Bug: #1714946
Change-Id: I609ae20c4558370a0a8c4c316cd47cbd1d086331
This patch fixes Jinja2 syntax error in ironic.conf.j2.
All kolla-kubernetes configurations was recently removed by [1], but the
commit overlooked to remove a '{% endif %}' statement in ironic.conf.j2.
[1] cacf08f0a6d009301f28c6723f399fb8c1daf267
Change-Id: I115fedfd026f14409b62f9552ff401956909f8a8
Closes-Bug: #1706230
The Ironic templates and roles assume Keystone is enabled and they don't
make use of the `enable_keystone var. This patch changes the behavior so
that `noauth` is used as auth method for Ironic if keystone is not
enabled, the Ironic endpoint is not registered if keystone is not
enabled and the keystone section is not created in the config file.
Change-Id: I813de42d10ac264eec81076cb107b58af09ff686
Ironic inspector should honour the Ansible inventory group
ironic-inspector. Ironic inspector may not be required at all. If
Ironic inspector is required then it should only run on a single
node, and this should be reflected by the inventory.
This change makes a number of Ironic inspector-related tasks dependent
upon the host's membership of the ironic-inspector group. Also, we
couple the ironic-dnsmasq container with the ironic-inspector group
rather than ironic-conductor, as the service is for inspector rather
than Ironic.
Change-Id: Ifd90753b0fe1a55c11b7723c28e1d14ab3d32737
Closes-Bug: #1665257
This reverts commit 898155dfd294371f361f0563a2c4ee1325487507.
The default value of the ironic configuration option default_boot_option
will eventually change from netboot to local. The netboot option is
incompatible with multitenancy in ironic, as it requires a PXE
environment in the tenant network, so it was no longer deemed a suitable
default value.
Ironic added a warning message when this option is not explicitly set,
presumably to alert operators to the change. The commit being reverted
set the option to 'netboot'. This will cause operators to continue to
use the netboot option even after the default value changes, which was
presumably not the intention of the ironic team in changing the default
value. It also hides the warning message from the operator that could
alert them to the fact that this default is changing.
Change-Id: I0ebb1d5ffbead50b034488337e6c93a2f48aaf69
Related-Bug: #1696636
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
In order to speed up deployment time some "local" actions should be run
only once using 'run_once: True'.
This will decrease deployment time in case of multihost configuration.
Change-Id: I6015d772d35c15e96c52f577013b6e41197cb41a
As of [1], the ironic configuration for neutron, glance, swift,
inspector and service_catalog requires explicit configuration of
authentication parameters for communication with these services.
This change adds the required parameters to [neutron], [glance] and
[inspector] sections of ironic.conf. Kolla-ansible does not configure
the [swift] or [service_discovery] sections currently.
We also replace option [glance] glance_hosts with [glance]
glance_api_servers as the former is deprecated.
Since we no longer need to support generating configuration for
kolla-kubernetes[2], some related options have been cleaned.
[1]
4f9035c24f
[2]
https://blueprints.launchpad.net/kolla-ansible/+spec/clean-k8s-config
Change-Id: Ifc239af5f3e44a508fedc9dea08cb06160c4f7f3
Closes-Bug: #1701713
The TFTP server used by ironic and ironic inspector (in.tftpd) requires
files to be world readable in order for them to be accessible via
TFTP[1].
The permissions of these files were recently changed to 0600 along with
a number of other files[2].
This change reverts the permissions to 0644 for the ironic inspector PXE
configuration files.
[1] https://linux.die.net/man/8/in.tftpd (security section)
[2]
274291463e
Change-Id: Ibc281949ebf5bab1e1d2e450ec943728aa00943b
Closes-Bug: #1701695
This patch add configuration options for tenant network types and type
drivers. Both lists are checked so that tenant types are listed in
drivers. For ironic 'flat' driver is mandatory and is added explicitly
into ironic prechecks.
Change-Id: Ie5775001165412910a258cbed2d2ebbb8ebbd879
Closes-Bug: #1694725
Ansible task support vars directive, no need implement another one in
merge_config. This patch remove the vars directive in merge_config
action plugin.
Change-Id: I33648a2b6e39b4d49ce76eb66fbf2522721f8c68
The default value of default_boot_option configuration will
change eventually from "netboot" to "local".
It is recommended to set an explicit value for it during the
transition period
Change-Id: Ic42b84e82d4ad27e371536ad9915b5a32118012d
Closes-Bug: #1696636
In case Kolla's users want to deploy with both of
binary and source image, we should have a variable
install type that define install type for each project.
We also add specific image tag for each Openstack project.
This commit is implemented for Ironic, Kabor,
Keystone project and iscsi as well.
Change-Id: I134d840b1c0e24171a32dec0c7daa6dc2e9ecd87
Implements: blueprint mixing-binary-and-source-image
XenServer drivers can be used to deploy hosts with Ironic by
using XenServer VMs to simulate bare metal nodes.
Ironic provides support via the pxe_ssh and agent_ssh drivers
for using a XenServer VM as a bare metal target and do provisioning on it.
Change-Id: Icd39f9f4573cf7c8c654591256f0228ef21d6117
Many of the templates use 600, remove unnecessary permission
on these templates to bring them in line with the others.
Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
The pxelinux.cfg directory gets created but isn't owned by the correct
user. This patch ensures that the permissions are correctly updated.
Change-Id: Ifcb80018b72d40c5d4eccf059d1c3442b71be6f8
This change updates the ironic_inspector container deployment tasks
to use the new kolla ironic-inspector image (see kolla change
Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45). The new image uses the
ironic-inspector user rather than the ironic user to execute the
ironic inspector service as this more closely aligns with what is
typically done by downstream packagers (specifically, Ubuntu and
RDO).
This change sets the owner and group to ironic-inspector when
copying configuration files into place, and uses the log directory
/var/log/kolla/ironic-inspector.
Change-Id: I8579d5c2d741636406ff60bececc74b50743b83e
Depends-On: Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45
Closes-Bug: #1624457
