In kolla ansible we typically configure services to communicate via IP
addresses rather than hostnames. One accidental exception to this was
live migration, which used the hostname of the destination even when
not required (i.e. TLS not being used for libvirt).
To make such hostnames work, k-a adds entries to /etc/hosts in the
bootstrap-servers command. Alternatively users may provide DNS.
One problem with using /etc/hosts is that, if a new compute host is
added to the cloud, or an IP address is changed, that will not be
reflected in the /etc/hosts file of other hosts. This would cause live
migration to the new host from an old host to fail, as the name cannot
be resolved.
The workaround for this was to update the /etc/hosts file (perhaps via
bootstrap-servers) on all hosts after adding new compute hosts. Then the
nova_libvirt container had to be restarted to pick up the change.
Similarly, if user has overridden the migration_interface, the used
hostname could point to a wrong address on which libvirt would not
listen.
This change adds the live_migration_inbound_addr option to nova.conf. If
TLS is not in use for libvirt, this will be set to the IP address of the
host on the migration network. If TLS is enabled for libvirt,
live_migration_inbound_addr will be set to migration_hostname, since
certificates will typically reference the hostname rather than the
host's IP. With libvirt TLS enabled, DNS is recommended to avoid the
/etc/hosts issue which is likely the case in production deployments.
Change-Id: I0201b46a9fbab21433a9f53685131aeb461543a8
Closes-Bug: #1729566
keystone and keystone_fernet container name variable is fixed
in some places, but in the defaults directory, keystone
and keystone_fernet container_name variable is variable.
If the keystone and keystone_fernet container_name variable is
changed during deployment, it will not be assigned to keystone
and keystone_fernet, but a fixed 'keystone' and 'keystone_fernet' name.
Change-Id: Ifc8ac69e6abc4586f0e4fd820b9022aea9f76396
mariadb container name variable is fixed in some places,
but in the defaults directory, mariadb container_name variable
is variable. If the mariadb container_name variable is changed
during deployment, it will not be assigned to container_name,
but a fixed 'mariadb' name.
Change-Id: Ie8efa509953d5efa5c3073c9b550be051a7f4f9b
The 'kolla-ansible stop' command can be used to stop the services
running on hosts. However, if you run this command in an environment
with heterogeneous nodes (most real world scenarios have at least
control/compute), then it fails. This is because it only checks
whether a container is enabled, and not whether the host is in the
correct group. For example, it fails with nova-libvirt:
No such container: nova_libvirt to stop.
This change fixes the issue by only attempting to stop containers on
hosts to which they are mapped.
Change-Id: Ibecac60d1417269bbe25a280996ca9de6e6d018f
Closes-Bug: #1868596
This is useful to people who manage their Prometheus Server
externally to Kolla Ansible, or want to use the exporters with
another framework such as Monasca.
Change-Id: Ie3f61e2e186c8e77e21a7b53d2bd7d2a27eee18e
The service_mapped_to_host filter is used to check if a service is
mapped to a host, based on the group for the service or its
host_in_groups attribute if one exists. We check if the service's group
is in the 'groups' list. However, to get the list of groups to which a
host belongs, we should use the 'group_names' list.
This filter is currently only used in neutron IPv6 module loading, so
the effects are minimal.
Change-Id: I37409ca8d273b0426df0a648db222dc5432e738a
Closes-Bug: #1868285
The affected command was meant to create a tenant network, so let
us really test it this way.
Not marking CI, because someone may be using this script.
Change-Id: I5abe46948992121a11a36f941d4f8fac1caa92b1
Sometimes ping & ssh to the instance are failing - outputting instance console
log can help in the case when there are metadata access issues (or other
issues).
Change-Id: I8437300d621448782e964d877b2614ca606f5849
Since fluentd is disabled in MariaDB jobs - haproxy logs are not getting
populated.
Change-Id: I56b3fc1be6940d97905cdb2c4452b846f106c071
Depends-on: https://review.opendev.org/713704
Fluentd cannot accept empty 'path' parameter.
I refactored the service list following the general pattern
we have.
Change-Id: I83d820efcc7e86bac9f8bda26a8f8bece72159e6
Closes-bug: #1867953
Currently, config folders lack the execute bit so Fluentd
cannot read the config and just does nothing when it starts up. This
change explicitly sets the execute bit on folders which need it,
rather than doing it in a more generic way which is more risky from
a security perspective.
Change-Id: Ia840f4b67043df4eaa654f47673dcdc973f13d9c
Closes-Bug: #1867754
ceph-ansible by default uses "latest" tag for ceph Docker Hub images,
but recently latest tag has been upgraded to be Octopus release,
not Nautilus.
Change-Id: I5247c10079ab91cce130cd5ba403f25ccaf7c1fb
tox will be removed from the base image. Install it before that happens.
This change is made in a simple way that can be easily backported.
Depends-On: https://review.opendev.org/713386
Change-Id: I4181654c88554c81940f0d079cf1d64326cdec79
ovs-ofctl is still being run by neutron-openvswitch-agent.
Potential removal is scheduled for Victoria.
Until then, we have to mount /run/openvswitch in there.
Change-Id: Ia73b5665cece523bb822f6a223335f6fae94fb6a
Closes-bug: #1867506
While supporting both CentOS 7 and 8, we used the tag 'master-centos8'
for CentOS 8 images. We are now ready to drop CentOS 7 support, and
Kolla is switching to publish CentOS 8 images using the master tag on
the master branch, so we should use this.
Depends-On: https://review.opendev.org/713265
Partially-Implements: blueprint centos-rhel-8
Change-Id: I07d2c285e3214a6dc827a8e8eacf263048ee099b
We are getting this randomly on neutron-server shutdown
for upgrade.
As it does not affect real operations (and if it did,
we would definitely see it now), let's ignore it.
Change-Id: Ibe561517d44a1108e8223442a71fab36b69c2258
Related-bug: #1863579
Add copy ca file to horizon container.
because:
Could not find a suitable TLS CA certificate bundle,
invalid path: /etc/pki/ca-trust/source/anchors/kolla-customca-haproxy-internal.crt
Closes-Bug: #1867121
Change-Id: I64d4dbeebd53048705005b61eb3c5b2104e8f2ed
Signed-off-by: yj.bai <bai.yongjun@99cloud.net>
We only log the release in the 'Checking host OS release or version'
precheck, but we allow either the release or version to be included in
the list. For example, on CentOS 7:
CentOS release Core is not supported. Supported releases are: 8
Include the version in the failure message too.
Change-Id: I0302cd4fc94a0c3a6aa1dbac7b9fedf37c11b81e
Related: blueprint improve-prechecks
grafana not support ipv6 in grafana.ini.j2.
Closes-Bug: #1866141
Change-Id: Ia89a9283e70c10a624f25108b487528dbb370ee4
Signed-off-by: yj.bai <bai.yongjun@99cloud.net>
I didn't use a for loop as the logic for omitting the
comma for the final element dirties the logic.
Change-Id: Id29d5deebcc5126d69a1bd8395e0df989f2081f0
