This change enables the use of Docker healthchecks for blazar
services.
Implements: blueprint container-health-check
Change-Id: I3eaa0906b66ae6afe4d5f23048e5cadb3f984845
The two parameters "manila_glusterfs_volume_pattern"
and "manila_glusterfs_mount_point_base" do not require default
Change-Id: I58e7cdf1193900be54c136caabe6e41cedf5a932
Add scrape_timeout option in
prometheus_openstack_exporter job in order
to avoid timeout for large Openstack environment.
Change-Id: If96034e602bee3b3eea34a2656047355e1d17eec
Closes-Bug: #1903547
Currently we set enable-chassis-as-gw on compute nodes when distributed FIP
is enabled - that is not required for FIP functionality.
Change-Id: Ic880a9479fa0cdbb1d1cae3dbe9523ef2e1132ce
Closes-Bug: #1901960
CentOS 8 should work fine without the workaround.
This change adds the missing CentOS 8 IPv6 CI job as well.
Change-Id: I58af7a09b5ae09a10b9efc33c1f30c2efc6613f7
Main plays are action-redirect-stubs, ideal for import_tasks.
This avoids 'include' penalty and makes logs/ara look nicer.
Fixes haproxy and rabbitmq not to check the host group as well.
Change-Id: I46136fc40b815e341befff80b54a91ef431eabc0
Partially-Implements: blueprint performance-improvements
Follows existing backends patterns to add support for the GlusterFS
NFS driver.
NFS server type used by the GlusterFS backend, Gluster or Ganesha,
currently supports Gluster.
The GlusterFS NFS driver needs to install the glusterfs-fuse package
in the kolla images manila share container in advance, which has been merged
in https://review.opendev.org/747510
Change-Id: I7fdb121b5bf9850d62246a24f9b17d226028c2ca
During a deploy, if keystone Fernet key rotation happens before the
keystone container starts, the rotation may fail with 'permission
denied'. This happens because config.json for Keystone sets the
permissions for /etc/keystone/fernet-keys.
This change fixes the issue by also setting the permissions for
/etc/keystone/fernet-keys in config.json for keystone-fernet and
keystone-ssh.
Change-Id: I561e4171d14dcaad8a2a9a36ccab84a670daa904
Closes-Bug: #1888512
Currently we check the age of the primary Fernet key on Keystone
startup, and fail if it is older than the rotation interval. While this
may seem sensible, there are various reasons why the key may be older
than this:
* if the rotation interval is not a factor of the number of seconds in a
week, the rotation schedule will be lumpy, with the last rotation
being up to twice the nominal rotation interval
* if a keystone host is unavailable at its scheduled rotation time,
rotation will not happen. This may happen multiple times
We could do several things to avoid this issue:
1. remove the check on the age of the key
2. multiply the rotation interval by some factor to determine the
allowed key age
This change goes for the more simple option 1. It also cleans up some
terminology in the keystone-startup.sh script.
Closes-Bug: #1895723
Change-Id: I2c35f59ae9449cb1646e402e0a9f28ad61f918a8
Config plays do not need to check containers. This avoids skipping
tasks during the genconfig action.
Ironic and Glance rolling upgrades are handled specially.
Swift and Bifrost do not use the handlers at all.
Partially-Implements: blueprint performance-improvements
Change-Id: I140bf71d62e8f0932c96270d1f08940a5ba4542a
Add TLS support for backend Neutron API Server communication using
HAProxy to perform TLS termination. When used in conjunction with
enabling TLS for service API endpoints, network communication will be
encrypted end to end, from client through HAProxy to the Neutron
service.
Change-Id: Ib333a1f1bd12491df72a9e52d961161210e2d330
Partially-Implements: blueprint add-ssl-internal-network
When applying upgrade action on Swift, rolling restart was not
stopping containers on the right hosts if all Swift containers
were not deployed on the same host.
This patch proposes to use the same kind of detection already
done in reconfigure and associate a container to a group.
Closes-Bug: 1899280
Change-Id: I75e31554228350ff2e1c2f53ff864f8649c8d618
Signed-off-by: Benjamin FÜHRMANN <benjamin.fuhrmann@gmail.com>
If iptables is not installed, e.g. in the CentOS 8 cloud image, and
Docker iptables management is enabled, we get the following errors:
Failed to find iptables: exec: \"iptables\": executable file not found
in $PATH failed to start daemon: Error initializing network controller:
error obtaining controller instance: failed to create NAT chain DOCKER:
Iptables not found
This change installs the iptables package Docker iptables management is
enabled.
Change-Id: I3ba5318debccafb28c3cbce8e4e9813c28b086fc
Closes-Bug: #1899060
This fixes the `certificates` command to not include CSRs in
the haproxy bundle.
The regex was wrong.
Change-Id: If25a6d5dd40f507fea4470be01baeeb7c8a790b4
we use octavia user to upload image currently, so it is better to
create a octavia openrc file for user
Implements: blueprint implement-automatic-deploy-of-octavia
Change-Id: Ib53d00fa4a6ee59b8a0b2245f83786a6af0cbf53
Use with_first_found on placement-api-wsgi to allow
overwrite from users and keep consistency with other
roles.
Change-Id: I11c84db6df1bb5be61db5b6b0adf8c160a2bd931
Closes-Bug: #1898766
* ipxe_enabled was removed in Ussuri, now there is a separate ipxe boot
interface.
* iPXE now has its own set of configuration for the bootfile and config
template, and the values previously set when iPXE is enabled are now
the default in ironic. The overrides have been removed, since they
match the iPXE defaults.
Change-Id: I9d9f030ee4be979d0a849b59e5eb991f2d82f6a4
