Kolla Ansible stopped setting them as they turned out to be
unnecessary for its operations, yet may have conflicted with
security policies of the hosts. [1] [2]
[1] https://launchpad.net/bugs/1837551
[2] https://launchpad.net/bugs/1945453
Change-Id: Ie8ccd3ab6f22a6f548b1da8d3acd334068dc48f5
removed:
- 701 [galaxy_info missing] is no longer emited
- 602 [empty string compare] is now opt-in
- 208 [permissions not mentioned] is no longer emited
- 106 [role name] is no longer emited
renamed from number to role name:
- 503 [no-handler]
- 301 [no-changed-when]
Change-Id: I8b059d87c94499decbd9b115ef2cde033aa88fbd
With the release of ansible-lint 6.7.0, the openstack-tox-linters job
started failing with these errors:
WARNING Listing 30 violation(s) that are fatal
ansible/roles/ceilometer/tasks/config.yml:66: name: Jinja templates should only be at the end of 'name' (name[template])
[...]
Add this new check to skip_list for now.
Change-Id: Ia82a88ee3b9bb6a3cb09f09c6568d1914ee2592d
Remove hard-coded internal address; introduce variable to control
external web url.
Closes-bug: #1972817
Change-Id: Ib834a9f8b4a0238960dca65b2ebc1da840cec626
Sometimes in CI we're seeing Address already in use on clustercheck restarts.
Adding reuseaddr that allows immediate restart of the server process.
Change-Id: Ib1c9dcf99381b6b9d1095f450d74c797d39f4cb2
Fluentd has a default timeout of 5s for flushing data to ElasticSearch.
If there is a significant backlog of unsent log messages, this timeout
can be exceeded, resulting in Fluentd failing to make further progress.
Raise the default timeout to 60s.
This patch adopts the configuration parameters previously proposed by
Krzysztof Klimonda.
Closes-Bug: #1983031
Closes-Bug: #1896611
Change-Id: I1aaab654a5a0752fccef2cfb8cc0bde4a0ee2562
Moves Hashi Vault client login to use `auth.approle.login` as
current method is being deprecated in the next release.
```
DeprecationWarning: Call to deprecated function 'auth_approle'.
This method will be removed in version '0.12.0' Please use
the 'login' method on the 'hvac.api.auth_methods.approle'
class moving forward.
client.auth_approle(vault_role_id, vault_secret_id)
```
Change-Id: Ie5c1ebe99c8508336cc10944fdaa742ad7d1d85e
With CentOS-based jobs disabled, we don't have any job testing the
cells scenario. This patch adds it for Ubuntu.
Change-Id: Ic872242717006085f4dc586b0aea0e068f064a4b
Prometheus is creating user and granting permissions
to database from which is gathering metrics. This
process is different when haproxy/proxysql is used.
Proxysql:
- kolla-ansible should use root_shard_ID user to connect
to ProxySQL endpoint and it is routed to proper shard.
Haproxy:
- kolla-ansible should use root user to connect to HAProxy
endpoint and that's all.
If proxysql is not used, mariadb role will not create user
shard_root_ID user in bootstrap (from my perspective of view
it should), and therefore it will fail when HAProxy is used.
This patch is just fixing user to connect.
Change-Id: Icd07807b2c404eb4d3f398879639b17f1e7949c2
MariaDB is left unchanged because its custom_member_list uses a
different group (mariadb_default_database_shard_hosts).
Change-Id: Icefd5a3d02ae4dfeb27401696c35ca2c38e203d3
In a multi-controller node, the presence of "run_once: True"
and "when: inventory_hostname == groups['keystone'][-1]"
will cause the task to be skipped
Closes-Bug: #1987982
Change-Id: I6a8f4ca285cda0675711b631aeed7ae4c992d879
Instead of specifying a custom member list for each service that should
be configured as active/passive, a new `active_passive` parameter can be
set to true. This only works if `custom_member_list` is not used.
Change-Id: I3758bc2377c25a277a29f02ebc20c946c7499093
