Installing ceph-ansible in the virtualenv on CentOS 8 fails with:
ModuleNotFoundError: No module named 'setuptools_rust'
This error appeared following the release of cryptography 3.4, which now
includes Rust code. It can be installed without Rust using a Python
wheel, but only with more recent pip than version 9.0.3 available as RPM
on CentOS 8. The cryptography bug report [1] recommends pip>=19.1.1.
This change upgrades pip in the virtualenv before installing
ceph-ansible.
[1] https://github.com/pyca/cryptography/issues/5753
Change-Id: I47473de6f71c422db2238d653c2d8f379c55e79b
Installing kolla-ansible system-wide on CentOS 8 fails with:
ModuleNotFoundError: No module named 'setuptools_rust'
This error appeared following the release of cryptography 3.4, which now
includes Rust code. It can be installed without Rust using a Python
wheel, but only with more recent pip than version 9.0.3 available as RPM
on CentOS 8. The cryptography bug report [1] recommends pip>=19.1.1.
This change switches to using pip --user when installing kolla-ansible.
Also fixes an issue with ansible-lint which was failing on
etc/kolla/globals.yml due to a missing space before comments.
[1] https://github.com/pyca/cryptography/issues/5753
Change-Id: Ifaf1948ed5d42eebaa62d7bad375bbfc12b134d5
Closes-Bug: #1915141
Adds the following new Zuul job for testing deployment of Monasca and
associated services:
* kolla-ansible-centos8-source-monasca
All core OpenStack services except for Keystone are disabled to ensure
enough memory is available.
A follow up patch will replace the basic tests here with Tempest.
Co-Authored-By: Doug Szumski <doug@stackhpc.com>
Change-Id: I5d33fd3d7b69798ba0aa23509f7b809065f61c19
Now that it has its own branch and published images.
Depends-On: https://review.opendev.org/761822
Change-Id: I99924b52ee4e0aca1ca4c416190292e561b5c043
we use octavia user to upload image currently, so it is better to
create a octavia openrc file for user
Implements: blueprint implement-automatic-deploy-of-octavia
Change-Id: Ib53d00fa4a6ee59b8a0b2245f83786a6af0cbf53
Follows designate guide, adding a default zone for fixed and
floating IPs, then boots an instance and verifies that its
name resolves.
Change-Id: Ifbfdab425e2c8a36a8f3ab8539f70dca4cce2abc
This change enables the use of Docker healthchecks for core OpenStack
services.
Also check-failures.sh has been updated to treat containers with
unhealthy status as failed.
Implements: blueprint container-health-check
Change-Id: I79c6b11511ce8af70f77e2f6a490b59b477fefbb
Keepalived and haproxy cooperate to provide control plane HA in
kolla-ansible deployments.
Certain care should be exerted to avoid prolonged availability
loss during reconfigurations and upgrades.
This patch aims to provide this care.
There is nothing special about keepalived upgrade compared to
reconfig, hence it is simplified to run the same code as for
deploy.
The broken logic of safe upgrade is replaced by common handler
code which's goal is to ensure we down current master only after
we have backups ready.
This change introduces a switch to kolla_docker module that allows
to ignore missing containers (as they are logically stopped).
ignore_missing is the switch's name.
All tests are included.
Change-Id: I22ddec5f7ee4a7d3d502649a158a7e005fe29c48
This patch introduces an optional backend encryption for the Ironic API
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Ironic service.
Change-Id: I9edf7545c174ca8839ceaef877bb09f49ef2b451
Partially-Implements: blueprint add-ssl-internal-network
Adds a new Zuul job, kolla-ansible-centos8-source-magnum, for testing
deployment of Magnum, Octavia and associated services.
Change-Id: I61b293ba6bb52064ea98a73e2dff0023fa01a2a2
This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.
The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.
RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.
Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support
If we don't set it, then Zun chooses one randomly (the first one
from Neutron).
This may break if it is a network that is not available on
target hosts, e.g. external via L3 agent router.
Since capsules do not support nets yet [1], this patch ensures
desired network creation order in init-runonce instead.
[1] https://bugs.launchpad.net/zun/+bug/1895263
Change-Id: Iaa113dcfb826164a2772d2c91d34ec0236be0817
Per the recent Kayobe brekage due to TLS support in Ironic [1],
let's test Ironic Inspector API as well.
[1] https://review.opendev.org/750804
Change-Id: I7ccf0c4286f8907bc2fa2eabc41ec2876c9815a9
The Kolla-Ansible part.
This switches Kolla-Ansible to use the kolla-build-config role
instead of generating config locally.
Depends-On: https://review.opendev.org/607159
Change-Id: I859acbe4f84ccbdc53764574a58e6f0fab4094a3
This is confusing as it is not meant to be used by users.
Also, various tools show duplicated matches due to both locations
containing the exact same content.
Change-Id: I2debe121f64954e57788270d3258775f29f1cbb0
There is a time once every 2 years when ubuntu team releases new LTS
release. And then UCA joins with binary packages for current OpenStack
development cycle.
It is this time for Ubuntu 20.04 'focal'.
Includes CI fix to pass:
[CI] Temporarily block new Ansible
The proper fix [1] needs fixing older branches before newer.
This one allows to fix CI first, in the usual order.
To revert after [1] gets merged in all relevant branches.
[1] https://review.opendev.org/745648
Old-Change-Id: Ifbd37d8addd4322773118e2e9d46494741a8ae66
Related-Bug: #1891145
Depends-on: https://review.opendev.org/#/c/738994/
Change-Id: Ib8b70ee40ec2d19509cc84c0f530612f81907721
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
