The admin interface for endpoints never had any real use, the
functionality was the same as for the public or internal endpoints,
except for Keystone. Even for Keystone with API v3 it would no longer
really be needed, but it is still being required by some libraries that
cannot be changed in order to stay backwards compatible.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Icf3bf08deab2c445361f0a0124d87ad8b0e4e9d9
Updates the default value of 'monasca_ntp_server' from
'external_ntp_servers[0]' to '0.pool.ntp.org'. This is due to the
removal of the 'external_ntp_servers' variable as part of the removal of
Chrony deployment.
Change-Id: I2e7538a2e95c7b8e9280eb051ee634b4313db129
Ignore the monasca_thresh container if it is listed as exited.
The container was recently changed to operate as a 'one shot' container,
submitting a job to storm then exiting. This does not fit with the
usual pattern of Kolla Ansible container usage, but is harmless.
Depends-On: https://review.opendev.org/c/openstack/kolla/+/811977
Change-Id: Id40d2260a67ef604255fb1818d41cdcbc73164d7
chrony is not supported in Xena cycle, remove it from kolla
Moved tasks from chrony role to chrony-cleanup.yml playbook to avoid a
vestigial chrony role.
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Change-Id: I5a730d55afb49d517c85aeb9208188c81e2c84cf
* Register Swift-compatible endpoints in Keystone
* Load balance across RadosGW API servers using HAProxy
The support is exercised in the cephadm CI jobs, but since RGW is
not currently enabled via cephadm, it is not yet tested.
https://docs.ceph.com/en/latest/radosgw/keystone/
Implements: blueprint ceph-rgw
Change-Id: I891c3ed4ed93512607afe65a42dd99596fd4dbf9
A system-scoped token implies the user has authorization to act on the
deployment system. These tokens are useful for interacting with
resources that affect the deployment as a whole, or exposes resources
that may otherwise violate project or domain isolation.
Since Queens, the keystone-manage bootstrap command assigns the admin
role to the admin user with system scope, as well as in the admin
project. This patch transitions the Keystone admin user from
authenticating using project scoped tokens to system scoped tokens.
This is a necessary step towards being able to enable the updated oslo
policies in services that allow finer grained access to system-level
resources and APIs.
An etherpad with discussion about the transition to the new oslo
service policies is:
https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible
Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585
Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>
This patch adding option to control weight of haproxy
backends per service via host variable.
Example:
[control]
server1 haproxy_nova_api_weight=10
server2 haproxy_nova_api_weight=2 haproxy_keystone_internal_weight=10
server3 haproxy_keystone_admin_weight=50
If weight is not defined, everything is working as before.
Change-Id: Ie8cc228198651c57f8ffe3eb060875e45d1f0700
This change bumps up max supported Ansible version
to 4.x (ansible-core 2.11.x) and minimum to 2.10.
Change-Id: I8b9212934dfab3831986e8db55671baee32f4bbd
This patch is adding --check and --diff options
to kolla-ansible, which cause that kolla-ansible
run will be more verbose and able to run in
semi dry-run mode.
The --diff option for kolla-ansible can be used alone or
with --check. When you run in diff mode, any module that
supports diff mode reports the changes made or, if used
with --check, the changes that would have been made.
Diff mode is most common in modules that manipulate files
(for example, the template module) but other modules might
also show ‘before and after’ information
(for example, the user module).
For more information check [1].
[1] https://docs.ansible.com/ansible/latest/user_guide/playbooks_checkmode.html#using-diff-mode
Change-Id: Ifb82ea99e5af82540e938eab9e2a442b2820d7df
When running kolla-ansible upgrade with a host limit that does not
include controllers, the neutron upgrade fails.
Change-Id: I7125a6ef1f180db6997026ff27e84feb04ee239d
Closes-Bug: #1939691
Continuing fixing CI after [1], this patch fixes the other branch
that [2] has not previously included.
[1] https://review.opendev.org/c/openstack/kolla-ansible/+/805449
[2] 02e07a0860e8ca8bc1d6d7716e44bd2888591ecd
Change-Id: I44014a93b92b5a8782e34cf394881dec74cdeea1
As a result of https://review.opendev.org/c/openstack/kolla-ansible/+/805449
CI is failing, because we don't have a TLS certificate on our registry.
This workaround will get our CI to be green while a proper patch
(TLS certs for registry) can be worked out.
Change-Id: Ia45c8a764a1f87d1c44717c4da3b9a3f94cdc967
Currently only operations done with default kolla_toolbox user are logged
to /var/log/kolla/ansible.log.
In order to fix logging, permissions to ansible.log must allow writing
for other users in kolla group - and then a separate patch will follow
to make custom ansible.cfg file usable by other toolbox users.
Partial-Bug: #1942846
Change-Id: I1be60ac7647b1a838e97f05f15ba5f0e39e8ae3c
This is required for libvirtd with cgroupsv2 (Debian Bullseye and
soon others).
Otherwise, device attachments simply fail.
The warning message suggests filtering will be disabled but it
actually just fails the action entirely.
Change-Id: Id1fbd49a31a6e6e51b667f646278b93897c05b21
Closes-Bug: #1941940
