openstack/kolla-ansible
Code Issues Proposed changes
13,322 Commits 5 Branches 115 Tags
5d3eed23a7
Commit Graph

13322 Commits

Author SHA1 Message Date
Matthew N Heler
5d3eed23a7 Set the etcd internal hostname and cacert for tls internal enabled 
deployments

This allows services to work with etcd when coordination is enabled
for TLS internal deployments. Without this fix, we fail to connect to
etcd with the coordination backend and the service itself crashes.

Change-Id: I0c1d6b87e663e48c15a846a2774b0a4531a3ca68
 2023-03-02 06:48:40 -06:00
Zuul
ad745bf1f8 Merge "hacluster: Use nodename to align with nova service names" 2023-02-22 20:38:43 +00:00
Zuul
d03875763e Merge "CI: cephadm: copy cephadm log" 2023-02-22 16:14:32 +00:00
Zuul
4904aae544 Merge "[Doc] update REAMDE.rst" 2023-02-22 14:13:12 +00:00
Zuul
db142a9b45 Merge "CI: Run hashivault jobs only for relevant changes" 2023-02-21 15:41:39 +00:00
Zuul
ff4c65b892 Merge "CI: Use libvirt/cpu_models instead of cpu_model" 2023-02-21 15:41:36 +00:00
Zuul
88d51f8d2e Merge "CI: bump cirros to 0.6.1" 2023-02-21 15:41:34 +00:00
Michal Nasiadka
45b79b5e26 CI: Run hashivault jobs only for relevant changes 
Change-Id: I1850523d5aeaee9d377c08107239eff66e29f049
 2023-02-21 13:30:19 +00:00
Zuul
ff0fca8fdc Merge "Switch trove-api to wsgi running under apache." 2023-02-20 16:46:42 +00:00
wuchunyang
7d77626d6c [Doc] update REAMDE.rst 
Add venus and skyline projects content in README.rst
trivial fix

Change-Id: Ie06dc45d72d7dd9e283eb03538a6fba710cdf3db
 2023-02-20 23:48:52 +08:00
Matthew N Heler
e1ae8223f9 hacluster: Use nodename to align with nova service names 
For Masakari and HACluster to work properly, the hostnames used
in HACluster need to match with the hostnames used in Nova.

Change-Id: Iac917ef4471905caab591cd64eab379e150a8524
 2023-02-18 04:33:59 +00:00
Zuul
b1e5a97028 Merge "Use loadbalancer to connect to etcd" 2023-02-17 08:55:34 +00:00
Zuul
5ee602fcf1 Merge "ansible: Use assert on checks for readability" 2023-02-17 08:55:31 +00:00
Zuul
8f15011134 Merge "neutron: Use assert on checks for readability" 2023-02-17 08:55:28 +00:00
Zuul
4a0f058c54 Merge "rabbitmq: Use assert on checks for readability" 2023-02-17 08:40:25 +00:00
Zuul
b2dcfa0824 Merge "host_os: Use assert on checks for readability" 2023-02-17 08:39:24 +00:00
Michal Nasiadka
f8e1b8f47f CI: cephadm: copy cephadm log 
Change-Id: I186651e2ad05a76a606444ee673b73e171456312
 2023-02-16 15:40:32 +00:00
Michal Nasiadka
59002ded86 CI: Pin ansible-lint to <6.13.0 
Change-Id: I13ee17a96033da75cbb377bce483f027127d646d
 2023-02-16 15:34:24 +00:00
Zuul
c8c3310a4a Merge "docs: fix information about libvirt SASL auth" 2023-02-15 14:46:39 +00:00
Michal Nasiadka
070036dbe7 CI: bump cirros to 0.6.1 
Change-Id: I80fb1469ae4ff8d38198e495690496fcb5eadc18
 2023-02-14 16:20:07 +00:00
Zuul
0a128d24b9 Merge "Put etcd behind HTTP loadbalancer" 2023-02-14 11:31:09 +00:00
Michal Nasiadka
fe46e583d2 CI: Use libvirt/cpu_models instead of cpu_model 
cpu_model is deprecated

Change-Id: If30fb6aec745a48c42a2f281f726a869017ba9b9
 2023-02-14 11:31:45 +01:00
Will Szumski
e2c7dace44 Use loadbalancer to connect to etcd 
Hardcoding the first etcd host creates a single point of failure.

Change-Id: I0f83030fcd84ddcdc4bf2226e76605c7cab84cbb
 2023-02-14 10:16:55 +00:00
Zuul
4ba17d6da4 Merge "loadbalancer: Use assert on checks for readability" 2023-02-13 16:19:50 +00:00
Zuul
ffa9c307b4 Merge "zun: Use assert on checks for readability" 2023-02-13 16:19:48 +00:00
Will Szumski
6f536a4f71 Put etcd behind HTTP loadbalancer 
etcd-compatible tooz drivers do not support multiple endpoints via
backend_url. We can put a loadbalancer in front of etcd and configure
backend_url to use the VIP instead. The issue with hard coding the first
host is that we break coordination if we take this host offline. In the
case of cinder, we would not be able to perform any volume related
operations.

Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Change-Id: Ib684501ba03c386dc5ac71e5cbea05c99f191665
 2023-02-13 11:45:53 +00:00
Zuul
df12f2ce02 Merge "Default neutron_tls_proxy and glance_tls_proxy to haproxy_tag" 2023-02-10 14:47:49 +00:00
Zuul
429ac6fc00 Merge "Fix kolla_docker module" 2023-02-08 11:53:22 +00:00
Zuul
b7731b97d7 Merge "CI: make debian/aarch64 voting" 2023-02-08 10:53:03 +00:00
Zuul
1a81e00b53 Merge "CI: Add Rocky9 upgrade jobs" 2023-02-08 10:53:00 +00:00
Zuul
0e7dfe8bec Merge "CI: Drop apparmor installation" 2023-02-08 10:36:25 +00:00
Zuul
75bd313678 Merge "Trivial: Add connection: local for keystone-fernet cron generate task" 2023-02-08 00:15:59 +00:00
Zuul
3425b0f662 Merge "docs: add note about tag suffix for aarch64" 2023-02-07 17:34:39 +00:00
Zuul
bc5e462143 Merge "remove elasticsearch remnants in antelope cycle" 2023-02-07 17:34:36 +00:00
Michal Nasiadka
654577646f CI: Drop apparmor installation 
Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/872590
Change-Id: Ia8283f28147fbbd2d24028d01e021f95598b86fb
 2023-02-07 17:12:07 +00:00
Bartosz Bezak
337cf3c9bf CI: Add Rocky9 upgrade jobs 
Rocky9 support landed in Zed release, we should start test them in
Antelope.

Change-Id: If4ca6aab660793015d577c3dfbeb7c75ca08c3fb
 2023-02-07 13:18:45 +00:00
Zuul
34c1034e30 Merge "Add skyline service" 2023-02-07 11:34:19 +00:00
Bartosz Bezak
ee658f4549 remove elasticsearch remnants in antelope cycle 
Change-Id: I115b491eca413437926f5bcaf53336151f9a7c0b
 2023-02-07 11:25:27 +01:00
Michal Nasiadka
ef49c7440f CI: Install lvm on setup_disk scenarios 
Change-Id: I99145322f65468e9926b1412844ad4ccaa6829d7
 2023-02-06 16:06:02 +00:00
Michal Arbet
63b9fa5639 Fix kolla_docker module 
This patch fixes kolla_docker module
as it did not take into account common_options
parameter. From patchset it's visible that module's
default values are used always - even if user overrided
some param in common_options dict.

Closes-Bug: #2003079

Change-Id: I677fde708dd004decaff4bd39f2173d8d81052fb
 2023-02-04 23:54:47 +01:00
Michal Nasiadka
f253f99c12 Do not support dimensions:kernel_memory on Docker API 1.42 
It is deprecated in 20.10 and removed in 23.0 (and 23.0 is out) [1], [2].

[1]: https://docs.docker.com/engine/deprecated/#kernel-memory-limit
[2]: https://docs.docker.com/engine/api/version-history/#v142-api-changes

Change-Id: Ia6fa85172aad7bcd5f958922d3c224ef79882e6c
 2023-02-03 11:32:32 +00:00
Pierre Riteau
cbf6ce640a docs: fix information about libvirt SASL auth 
Change-Id: I0ff303a2fad2edbcedbe88486b272d2efa765d8d
 2023-02-03 10:55:29 +01:00
wu.chunyang
303998e294 Switch trove-api to wsgi running under apache. 
This change also adds support for Trove backend TLS.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/854744
Change-Id: I2acf7820b24b112b57b0c00a01f5c4b8cb85ce25
 2023-02-02 01:22:59 +00:00
Michal Arbet
78cf9585b7 Trivial: Add connection: local for keystone-fernet cron generate task 
This patch add connection local for above mentioned task as
kolla-ansible can be executed in docker container as in
my case.

When there is no connection: local, ansible is trying to connect
to localhost via ssh where specified python script is not available.

After connection: local everything is working as expected as file
is found inside container

Closes-Bug: #2004224

Change-Id: I219a958b4f101efb71a2935e6d910dae5c65f0be
 2023-01-31 06:48:40 +01:00
yangshaoxue
113b77c8cb Add skyline service 
Support to deploy skyline by kolla-ansible.

Implements: blueprint skyline
Depends-On: https://review.opendev.org/c/openstack/kolla/+/826948

Change-Id: Ice5621491a432ba32138abd6f62d1f815cc219e0
 2023-01-31 13:47:18 +08:00
Bartosz Bezak
95895d5b06 Default neutron_tls_proxy and glance_tls_proxy to haproxy_tag 
neutron_tls_proxy and glance_tls_proxy are using haproxy container
image. Pin them to haproxy_tag directly.

Change-Id: I73142db48ebe6641520d21b560f16de892e07c34
 2023-01-30 16:45:56 +00:00
Zuul
66ec9cef55 Merge "Remove support for Ubuntu Focal 20.04 hosts" 2023-01-30 14:50:57 +00:00
Zuul
98139b0f10 Merge "Remove system scope token to access services" 2023-01-30 13:03:13 +00:00
Bartosz Bezak
6db6bc0a9f Remove support for Ubuntu Focal 20.04 hosts 
Users running on a Focal host will now fail in prechecks.

Change-Id: Icaef4b25458490e46f623b055658abc678d2f1c6
 2023-01-29 14:28:51 +00:00
Ghanshyam Mann
283fa242ca Remove system scope token to access services 
As per the RBAC new direction in Zed cycle, we have dropped the
system scope from API policies and all the policies are hardcoded
to project scoped so that any user accessing APIs using system scope
will get 403 error. It is dropped from all the OpenStack services
except for the Ironic service which will have system scope and to
support ironic only deployment, we are keeping system as well as project
scope in Keystone.

Complete discussion and direction can be found in the below gerrit
change and TC goal direction:

- https://review.opendev.org/c/openstack/governance/+/847418
- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#the-issues-we-are-facing-with-scope-concept

As phase-2 of RBAC goal, services will start enabling the new
defaults and project scope by default. For example: Nova did in
- https://review.opendev.org/c/openstack/nova/+/866218

Kolla who start accessing the services using system scope token
- https://review.opendev.org/c/openstack/kolla-ansible/+/692179

This commit partially revert the above change except keeping
system scope usage for Keystone and Ironic. Rest all services are changed
to use the project scope token.

And enable the scope and new defaults for Nova which was disabled
by https://review.opendev.org/c/openstack/kolla-ansible/+/870804

Change-Id: I0adbe0a6c39e11d7c9542569085fc5d580f26c9d
 2023-01-26 17:52:00 -06:00