652 Commits

Author SHA1 Message Date
Ivan Halomi
4ce47e2250 Refactor of kolla_container_facts
Refactor that prepares kolla_container_facts
module for introducing more actions that will be moved
from kolla_container module and kolla_container_volume_facts.

This change is based on a discussion about adding a new action
to kolla_container module that retrieves all names of the running
containers. It was agreed that kolla-ansible should follow Ansible's
direction of splitting modules between action modules and facts
modules. Because of this, kolla_container_facts needs to be able
to handle different requests for data about containers or volumes.

Change-Id: Ieaec8f64922e4e5a2199db2d6983518b124cb4aa
Signed-off-by: Ivan Halomi <ivan.halomi@tietoevry.com>
2024-08-12 09:54:05 +02:00
Roman Krček
fb3a8f5fa9 Performance: use filters for service dicts
Most roles are not leveraging the jinja filters available.
According to [1] filtering the list of services makes the execution
faster than skipping the tasks.

This patchset also includes some cosmetic changes to genconfig.
Individual services are now also using a jinja filter. This has
no impact on performance, just makes the tasks look cleaner.

Naming of some vars in genconfig was changed to "service" to make
the tasks more uniform as some were previously using
the service name and some were using "service".

Three metrics from the deployment were taken and those were
- overall deployment time [s]
- time spent on the specific role [s]
- CPU usage (measured with perf) [-]
Overall genconfig time went down on avg. from 209s to 195s
Time spent on the loadbalancer role went down on avg. from 27s to 23s
Time spent on the neutron role went down on avg from 102s to 95s
Time spent on the nova-cell role went down on avg. from 54s to 52s
Also the average CPUs utilized reported by perf went down
from 3.31 to 3.15.
For details of how this was measured see the comments in gerrit.

[1] - https://github.com/stackhpc/ansible-scaling/blob/master/doc/skip.md

Change-Id: Ib0f00aadb6c7022de6e8b455ac4b9b8cd6be5b1b
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
2024-06-28 09:04:43 +02:00
Michal Nasiadka
031859764a neutron: add service role
After Neutron policy changes - Octavia jobs started
to fail on cascade LB deletion due to Neutron user
not having service role.

Closes-Bug: #2065337

Change-Id: I616bf3a3dbb4d963665b1621a9e5e9d417b13942
2024-05-09 19:22:15 +00:00
howardlee
e9794721ab Re-add the neutron-fwaas
neutron-fwaas has become active again

Depends-On: https://review.opendev.org/c/openstack/kolla/+/914855

Change-Id: Ie5a7b2da9a351e8f47a1ae830bb2fee0a8e35e38
2024-04-29 07:43:16 +00:00
Zuul
55cdf7905d Merge "Drop Vitrage" 2024-04-25 14:26:46 +00:00
Zuul
553c007e49 Merge "CI: Add codespell to pep8" 2024-04-25 12:16:53 +00:00
Michal Nasiadka
ca1fe60fb6 Drop Vitrage
It was deprecated in Antelope cycle.

Change-Id: I499e69ec6db63e4067e49376e2a1f3e01e48fe62
2024-04-25 09:20:51 +00:00
Michal Nasiadka
448209459d CI: Add codespell to pep8
Fix existing spelling errors

Change-Id: Ie689cf5a344aaa630a4860448b09242333a8e119
2024-04-22 13:19:23 +00:00
Roman Krček
e2a0d1f59b Add sysctl role
This new role will handle setting sysctl values.

It also handles cases when IPv6 setting is changed, but IPv6 is
not enabled on the system by skipping those settings.

This is an augmentation of previous patch:
Icccfc1c509179c3cfd59650b7917a637f9af9646

Related-bug: #1906306
Change-Id: I5d6cda3307b3d2f27c1b2995f28772523b203fe7
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
2024-04-08 13:12:41 +02:00
Roman Krček
9301e82d7b Add conditionals for IPv6 sysctl settings
This way the playbooks won't try to set ipv6 systemctl options
unless ipv6 is available on the system.

Closes-bug: #1906306
Change-Id: Icccfc1c509179c3cfd59650b7917a637f9af9646
2024-03-13 09:47:29 +01:00
Michal Arbet
6f847610b5 Fix neutron DNS integration
This patch basically does a simple thing, on the basis
of a variable neutron_dns_integration it enables/disables
DNS integration.

There is also precheck added which checks whether dns_domain
in neutron.conf has a non-default value if DNS integration is
enabled as this is requirement.

[1] https://docs.openstack.org/neutron/latest/admin/config-dns-int.html
[2] https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#config-dns-int-ext-serv

Closes-Bug: #2049503

Change-Id: I90f0f8dcec6fa0112179f050d96e9d9db5956cf8
2024-01-30 09:56:45 +01:00
Zuul
3681427b31 Merge "Persist Neutron agent state files in volume" 2024-01-03 09:51:57 +00:00
Zuul
c0cddb0967 Merge "Configures the tap-as-a-service neutron plugin" 2023-12-13 16:11:36 +00:00
Sven Kieske
64575519aa enable quorum queues
This implements a global toggle `om_enable_rabbitmq_quorum_queues`
to enable quorum queues for each service in RabbitMQ, similar to
what was done for HA[0].

Quorum Queues are enabled by default.

Quorum queues are more reliable, safer, simpler and faster than
replicated mirrored classic queues[1].

Mirrored classic queues are deprecated and scheduled for removal
in RabbitMQ 4.0[2].

Notice, that we do not need a new policy in the RabbitMQ definitions
template, because their usage is enabled on the client side and can't
be set using a policy[3].

Notice also, that quorum queues are not yet enabled in oslo.messaging
for the usage of reply_ and fanout_ queues (transient queues).
This will change once[4] is merged.

[0]: https://review.opendev.org/c/openstack/kolla-ansible/+/867771
[1]: https://www.rabbitmq.com/quorum-queues.html
[2]: https://blog.rabbitmq.com/posts/2021/08/4.0-deprecation-announcements/
[3]: https://www.rabbitmq.com/quorum-queues.html#declaring
[4]: https://review.opendev.org/c/openstack/oslo.messaging/+/888479

Signed-off-by: Sven Kieske <kieske@osism.tech>
Change-Id: I6c033d460a5c9b93c346e9e47e93b159d3c27830
2023-11-30 13:53:00 +00:00
Zuul
db79eb0a55 Merge "Rename kolla_docker to kolla_container" 2023-11-28 12:06:09 +00:00
Zuul
e2f3ae5a3a Merge "Adds condition to handle QoS extension in sriov_agent.ini template" 2023-11-15 13:14:37 +00:00
Martin Hiner
a13d83400f Rename kolla_docker to kolla_container
Changes name of ansible module kolla_docker to
kolla_container.

Change-Id: I13c676ed0378aa721a21a1300f6054658ad12bc7
Signed-off-by: Martin Hiner <m.hiner@partner.samsung.com>
2023-11-15 13:54:57 +01:00
Michal Nasiadka
cea076f379 Introduce oneshot docker_restart_policy
docker_restart_policy: no causes systemd units to not get created
and we use it in CI to disable restarts on services.

Introducing oneshot policy to not create systemd unit for oneshot
containers (those that are running bootstrap tasks, like db
bootstrap and don't need a systemd unit), but still create systemd
units for long lived containers but with Restart=No.

Change-Id: I9e0d656f19143ec2fcad7d6d345b2c9387551604
2023-11-14 15:17:50 +00:00
German Espinoza
38b8f7562d Adds condition to handle QoS extension in sriov_agent.ini template
When Neutron QoS is enabled, the QoS extension needs to be defined
in the sriov_agent.ini file.

Closes-Bug: #2041863
Change-Id: Id0de181df06a9e382a1483b32c12a8b5da1b71a9
Signed-off-by: German Espinoza <gespinoza@whitestack.com>
2023-10-30 12:34:00 -05:00
Juan Pablo Suazo
664b968bbe Configures the tap-as-a-service neutron plugin
Adds the needed changes and configurations in
order to use the neutron plugin, tap-as-a-service,
to create port mirrors using `openstack tap` commands.

Implements: configure-taas-plugin
Depends-On: https://review.opendev.org/c/openstack/kolla/+/885151
Change-Id: Ia09e1f8b423d43c0466fe2d6605ce383fd813544
Signed-off-by: Juan Pablo Suazo <jsuazo@whitestack.com>
2023-10-11 09:55:59 -03:00
Zuul
b422bada22 Merge "Add ML2/OVN and ML2/OVS setting checks for neutron" 2023-09-27 13:26:03 +00:00
Adam Oswick
25244517e1 Persist Neutron agent state files in volume
The Neutron L3 agent stores state at state_path (/var/lib/neutron by
default) and it is expected that these files persist across restarts.

This change updates the Neutron state_path value to
/var/lib/neutron/kolla (which is where the neutron_metadata_socket
volume is mounted) so that these state files are stored there.

Change-Id: I739aaf9e2d0b2b2e7f7b8f60ef8c2111d6873cef
Signed-off-by: Adam Oswick <adam@adamoswick.co.uk>
Closes-Bug: #2009884
2023-09-27 12:48:30 +01:00
Rafal Lewandowski
d3d67dc02c Add ML2/OVN and ML2/OVS setting checks for neutron
It will check the setting of neutron_plugin_agent,
if it is set to "ovn" or "openvswitch", and run
container and volume checks to make sure the other
agent was not already deployed.

Change-Id: Ie00572f3ff9d3500abd5519bd472e2134c318886
2023-09-26 21:24:12 +02:00
Bartosz Bezak
7186f960d9 Add option for extra kernel modules in neutron role
Closes-Bug: #2036741

Change-Id: Ib448d04e43dff78e344064161beadae917c41206
2023-09-21 11:54:00 +00:00
Bartosz Bezak
cf8283928e Configure OVN to emit "need to frag" packets in case of MTU mismatch
It is useful when external network's MTU is lower then internal
geneve networks.
Host kernel needs to be in version >= 5.2 for this option to work.
All Kolla supported host operating systems have higher kernel version.

Change-Id: Id64e99b07e2bb5e6c97b784f4ffedafc7e7de188
2023-08-29 10:08:53 +00:00
Michal Nasiadka
30fce65b2a glance/neutron: drop nbproc and add nbthread support
Change-Id: I42f9f182a2dab8563008e8b817ac58a69b72b062
2023-08-18 12:21:41 +00:00
Michal Nasiadka
4bc410c6ca haproxy: support single external frontend
Use case: exposing single external https frontend and
load balancing services using FQDNs.

Support different ports for internal and external endpoints.

Introduced kolla_url filter to normalize urls like:
- https://magnum.external:443/v1
- http://magnum.external:80/v1

Change-Id: I9fb03fe1cebce5c7198d523e015280c69f139cd0
Co-Authored-By: Jakub Darmach <jakub@stackhpc.com>
2023-06-29 01:44:00 +02:00
Michal Nasiadka
07815a21da neutron: Add neutron-ovn-agent support
Depends-On: https://review.opendev.org/c/openstack/neutron/+/878535
Change-Id: I05d8b29b59a7de76da488f68775547a8f0f11d0f
2023-05-19 10:20:16 +00:00
Zuul
8f15011134 Merge "neutron: Use assert on checks for readability" 2023-02-17 08:55:28 +00:00
Bartosz Bezak
95895d5b06 Default neutron_tls_proxy and glance_tls_proxy to haproxy_tag
neutron_tls_proxy and glance_tls_proxy are using haproxy container
image. Pin them to haproxy_tag directly.

Change-Id: I73142db48ebe6641520d21b560f16de892e07c34
2023-01-30 16:45:56 +00:00
Zuul
99d1e3c710 Merge "Adding optional delay between l3 agent restarts" 2023-01-25 14:08:06 +00:00
Alex-Welsh
391aa4677f Adding optional delay between l3 agent restarts
This change serialises the neutron l3 agent restart process and adds a
user configurable delay between restarts. This can prevent connectivity
loss due to all agents being restarted at the same time.

Routers increase the recovery time, making this issue more prevalent.

Change-Id: I3be0ebfa12965e6ae32d1b5f13f8fd23c3f52b8c
2023-01-23 09:14:59 +00:00
Zuul
383dfc21d6 Merge "Fix prechecks in check mode" 2023-01-16 11:14:45 +00:00
Matt Crees
09df6fc1aa Add a flag to handle RabbitMQ high availability
A combination of durable queues and classic queue mirroring can be used
to provide high availability of RabbitMQ. However, these options should
only be used together, otherwise the system will become unstable. Using
the flag ``om_enable_rabbitmq_high_availability`` will either enable
both options at once, or neither of them.

There are some queues that should not be mirrored:
* ``reply`` queues (these have a single consumer and TTL policy)
* ``fanout`` queues (these have a TTL policy)
* ``amq`` queues (these are auto-delete queues, with a single consumer)
An exclusionary pattern is used in the classic mirroring policy. This
pattern is ``^(?!(amq\\.)|(.*_fanout_)|(reply_)).*``

Change-Id: I51c8023b260eb40b2eaa91bd276b46890c215c25
2023-01-13 15:40:08 +00:00
Mark Goddard
46aeb9843f Fix prechecks in check mode
When running in check mode, some prechecks previously failed because
they use the command module which is silently not run in check mode.
Other prechecks were not running correctly in check mode due to e.g.
looking for a string in empty command output or not querying which
containers are running.

This change fixes these issues.

Closes-Bug: #2002657
Change-Id: I5219cb42c48d5444943a2d48106dc338aa08fa7c
2023-01-12 14:27:36 +00:00
Erik Berg
391f49c949
neutron: Use assert on checks for readability
assert will also fail when we're not meeting the conditions, makes
clear what we're actually testing, and isn't listed as a skipped task
when the condition is ok.

Change-Id: I3e396f1c605d5d2644e757bbb3d954efe537b65e
2023-01-09 19:49:15 +01:00
Zuul
2b88144c05 Merge "Explicitly set the value of heartbeat_in_pthread" 2023-01-05 13:02:20 +00:00
Matt Crees
8b8b4a8217 Explicitly set the value of heartbeat_in_pthread
The ``[oslo_messaging_rabbit] heartbeat_in_pthread`` config option
is set to ``true`` for wsgi applications to allow the RabbitMQ
heartbeats to function. For non-wsgi applications it is set to ``false``
as it may otherwise break the service [1].

[1] https://docs.openstack.org/releasenotes/oslo.messaging/zed.html#upgrade-notes

Change-Id: Id89bd6158aff42d59040674308a8672c358ccb3c
2023-01-05 09:18:13 +00:00
Zuul
29e96d89b1 Merge "Integrate oslo-config-validator" 2023-01-03 17:40:00 +00:00
Zuul
066a24ae1f Merge "Fix some neutron configuration options" 2023-01-02 11:40:56 +00:00
Matt Crees
6c2aace8d6 Integrate oslo-config-validator
Regularly, we experience issues in Kolla Ansible deployments because we
use wrong options in OpenStack configuration files. This is because
OpenStack services ignore unknown options. We also need to keep on top
of deprecated options that may be removed in the future. Integrating
oslo-config-validator into Kolla Ansible will greatly help.

Adds a shared role to run oslo-config-validator on each service. Takes
into account that services have multiple containers, and these may also
use multiple config files. Service roles are extended to use this shared
role. Executed with the new command ``kolla-ansible validate-config``.

Change-Id: Ic10b410fc115646d96d2ce39d9618e7c46cb3fbc
2022-12-21 17:19:09 +00:00
Pierre Riteau
68376d6f31 Remove allow_overlapping_ips configuration option
This option was removed from Neutron in the Zed release [1]. This can be
backported to Yoga where the default value was changed to True [2].

[1] https://review.opendev.org/c/openstack/neutron/+/837286
[2] https://review.opendev.org/c/openstack/neutron/+/807848

Change-Id: Ibcd81a3a5f4b8de60459b3a4cfc30a50a06a436f
2022-11-23 21:17:18 +01:00
Pierre Riteau
92d6e27c5e Fix some neutron configuration options
Move metadata_workers from neutron.conf to metadata_agent.ini.

Remove unknown option placement/os_region_name: we already have
placement/region_name which is the correct one.

This can be backported to previous releases.

Change-Id: I710b5364244d976020656e1ee68e89f337cb3086
2022-11-23 21:12:09 +01:00
Ivan Halomi
4ca2d41762 Adding container_engine to kolla_toolbox module
Second part of patchset:
https://review.opendev.org/c/openstack/kolla-ansible/+/799229/
in which was suggested to split patch into smaller ones.

THis change adds container_engine to module parameters
so when we introduce podman, kolla_toolbox can be used
for both engines.

Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Co-authored-by: Martin Hiner <m.hiner@partner.samsung.com>
Change-Id: Ic2093aa9341a0cb36df8f340cf290d62437504ad
2022-11-04 15:32:30 +01:00
Ivan Halomi
7a9f04573a Adding container engine to kolla_container_facts
Second part of patchset:
https://review.opendev.org/c/openstack/kolla-ansible/+/799229/
in which was suggested to split patch into smaller ones.

This change adds container_engine variable to kolla_container_facts
module, this prepares module to be used with docker and podman as well
without further changes in roles.

Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Co-authored-by: Martin Hiner <m.hiner@partner.samsung.com>
Change-Id: I9e8fa30646844ab4a288555f3aafdda345b3a118
2022-11-02 13:44:45 +01:00
Ivan Halomi
910f9bd36f Usage of kolla_container_engine variable instead of docker
First part of patchset:
 https://review.opendev.org/c/openstack/kolla-ansible/+/799229/
in which was suggested to split patch into smaller ones.

This implements kolla_container_engine variable
in command calls of docker,so later on it can be
also used for podman without further change.

Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Change-Id: Ic30b67daa2e215524096ad1f4385c569e3d41b95
2022-10-28 09:15:55 +02:00
Zuul
447ee7b269 Merge "Fix interface option for ironic-neutron-agent" 2022-10-04 10:40:02 +00:00
Radosław Piliszek
6a7e6a25bc Remove deprecated sysctl knobs
Kolla Ansible stopped setting them as they turned out to be
unnecessary for its operations, yet may have conflicted with
security policies of the hosts. [1] [2]

[1] https://launchpad.net/bugs/1837551
[2] https://launchpad.net/bugs/1945453

Change-Id: Ie8ccd3ab6f22a6f548b1da8d3acd334068dc48f5
2022-09-26 11:54:08 +00:00
Pierre Riteau
39eafd068b Fix interface option for ironic-neutron-agent
The correct option to use is valid_interfaces [1], not os_endpoint_type.

[1] https://docs.openstack.org/networking-baremetal/latest/configuration/ironic-neutron-agent/config.html#ironic

Closes-Bug: #1990675
Change-Id: I35e7d3072c6340f4ecbe02f8961158bcb663954e
2022-09-26 10:52:38 +02:00
Michal Nasiadka
1aac65de0c Fix issues introduced by ansible-lint 6.6.0
mainly jinja spacing and jinja[invalid] related

Change-Id: I6f52f2b0c1ef76de626657d79486d31e0f47f384
2022-09-21 14:34:54 +00:00