This is confusing as it is not meant to be used by users.
Also, various tools show duplicated matches due to both locations
containing the exact same content.
Change-Id: I2debe121f64954e57788270d3258775f29f1cbb0
This fixes an issue with Bifrost that setting
kolla_internal_vip_address became mandatory.
Additionally, it does a better job ensuring the syntax is
correct when any of the entries is missing.
Change-Id: Ie86a345365ca3766aebd8a29ce329b370e61af6c
Closes-Bug: #1894199
The Prometheus OpenStack exporter was needlessly configured to use the
prometheus Docker volume and change permissions of /data, which does
not exist in the container image.
This must have been copy-pasted from existing Prometheus code.
Change-Id: I96017c17e68ca7a00a2d5ac41f2f43ef87694514
This patch introduces an optional backend encryption for the Ironic API
and Ironic Inspector service. When used in conjunction with enabling
TLS for service API endpoints, network communcation will be encrypted
end to end, from client through HAProxy to the Ironic service.
Change-Id: I3e82c8ec112e53f907e89fea0c8c849072dcf957
Partially-Implements: blueprint add-ssl-internal-network
Depends-On: https://review.opendev.org/#/c/742776/
Including tasks has a performance penalty when compared with importing
tasks. If the include has a condition associated with it, then the
overhead of the include may be lower than the overhead of skipping all
imported tasks. In the case of the register.yml and bootstrap.yml
includes, all of the tasks in the included file use run_once: True.
The run_once flag improves performance at scale drastically, so
importing these tasks unconditionally will have a lower overhead than a
conditional include task. It therefore makes sense to switch to use
import_tasks there.
See [1] for benchmarks of run_once.
[1] https://github.com/stackhpc/ansible-scaling/blob/master/doc/run-once.md
Change-Id: Ic67631ca3ea3fb2081a6f8978e85b1522522d40d
Partially-Implements: blueprint performance-improvements
Including tasks has a performance penalty when compared with importing
tasks. The nova-cell role uses include_tasks twice when generating
certificates and keys for libvirt TLS. While a dynamic include makes
sense here for a non-default feature, we can use one include rather than
two with the same effect. Since this task runs against compute nodes the
overhead is significant.
See [1] for benchmarks of include_tasks and import_tasks.
[1] https://github.com/stackhpc/ansible-scaling/blob/master/doc/include-and-import.md
Partially-Implements: blueprint performance-improvements
Change-Id: Ic687d2f7d4625aede386e576ebb174da72142756
Including tasks has a performance penalty when compared with importing
tasks. If the include has a condition associated with it, then the
overhead of the include may be lower than the overhead of skipping all
imported tasks. For unconditionally included tasks, switching to
import_tasks provides a clear benefit.
Benchmarking of include vs. import is available at [1].
This change switches from include_tasks to import_tasks where there is
no condition applied to the include.
[1] https://github.com/stackhpc/ansible-scaling/blob/master/doc/include-and-import.md#task-include-and-import
Partially-Implements: blueprint performance-improvements
Change-Id: Ia45af4a198e422773d9f009c7f7b2e32ce9e3b97
Enabling both l2_population and arp_responder for LinuxBridge can cause
problems in some configurations [0]. This commit removes the explicit
'true', reverting it to the default which is 'False'.
Closes-Bug: #1892776
[0] https://bugs.launchpad.net/neutron/+bug/1661717
Change-Id: Ia9445a651fd7a082835a858964bcb9e8e325338d
Signed-off-by: Nick Jones <nick@dischord.org>
It was found to be useless in [1].
It is one of distro_python_version usages.
Note Freezer and Horizon still use python_path (and hence
distro_python_version) for different purposes.
[1] https://review.opendev.org/675822
Change-Id: I6d6d9fdf4c28cb2b686d548955108c994b685bb1
Partially-Implements: blueprint drop-distro-python-version
this ps[0] uses new condition for timezone mounting
but we missed prechecks condition.
[0] https://review.opendev.org/#/c/745505/
Change-Id: I79323a392e171bebe36d06c19d34e458e05e194b
Closes-Bug: #1882553
Neutron's containers should use ENV from kolla_docker module's
environment parameter (defined in roles/neutron/defaults/main.yml)
after reconfigure, not only when deploying.
Currently this is working only for deploy, not for reconfigure.
How to test it ?
- Deploy neutron with "neutron_legacy_iptables" set to yes/no.
- Change value of "neutron_legacy_iptables" to opposite value as before.
- Reconfigure neutron.
Current result :
- "KOLLA_LEGACY_IPTABLES" in container's ENV is not changed
Expected result :
- "KOLLA_LEGACY_IPTABLES:" in container's ENV should be changed
This patch is fixing this behaviour by adding missing
environment parameter to neutron's "Check neutron containers" task.
Change-Id: Ibfbe2d4f49261fa766acbb6ff45da9994118bda8
Closes-Bug: #1853776
