Since Ansible 2.5, the use of jinja tests as filters has been
deprecated.
I've run the script provided by the ansible team to 'fix' the
jinja filters to conform to the newer syntax.
This fixes the deprecation warnings.
Change-Id: I844ecb7bec94e561afb09580f58b1bf83a6d00bd
Closes-bug: #1827370
Add a possibility to mount sources as volumes to containers,
in "more than documentation" way. That will let us to use kolla
as a replacement for devstack.
Partially implements: blueprint mount-sources
Change-Id: I4868ed6829bd037e1012d1f40c4a1d1b9995bf95
Several config file permissions are incorrect on the host. In general,
files should be 0660, and directories and executables 0770.
Change-Id: Id276ac1864f280554e98b937f2845bb424d521de
Closes-Bug: #1821579
Services were being passed as a JSON list, then iterated over in the
neutron-server container's extend_start.sh script like this:
['neutron-server'
'neutron-fwaas'
'neutron-vpnaas']
I'm not actually sure why we have to specify services explicitly, it
seems liable to break if we have other plugins that need migrating.
Change-Id: Ic8ce595793cbe0772e44c041246d5af3a9471d44
When adding the rolling upgrade support, some upgrade procedures were
modified to pull images explicitly. This is done inconsistently between
services, and is a change in behaviour from Rocky and earlier releases.
This change removes all image pulling from upgrade tasks.
Change-Id: Id0fed17714235e1daed60b83b1f30620f097eb97
With newer Docker versions `systemctl show docker` returns:
MountFlags=shared
Instead of:
MountFlags=1048576
This fix accepts either value as valid to ensure the check is not
erroneously failing.
Closes-Bug: #1791365
Change-Id: I2bd626466d6a0e189e0d85877b2be8f2b4bb37f4
This allows octavia service endpoints to use custom hostnames, and adds the
following variables:
* octavia_internal_fqdn
* octavia_external_fqdn
These default to the old values of kolla_internal_fqdn or
kolla_external_fqdn.
This also adds a octavia_api_listen_port option, which defaults to
octavia_api_port for backward compatibility.
This option allow the user to differentiate between the port the
service listens on, and the port the service is reachable on. This is
useful for external load balancers which live on the same host as the
service itself.
Change-Id: I1310eb5573a469b1a0e9549e853734455307a8b3
Implements: blueprint service-hostnames
This allows designate service endpoints to use custom hostnames, and adds
the
following variables:
* designate_internal_fqdn
* designate_external_fqdn
These default to the old values of kolla_internal_fqdn or
kolla_external_fqdn.
This also adds a designate_api_listen_port option, which defaults to
designate_api_port for backward compatibility.
This option allow the user to differentiate between the port the
service listens on, and the port the service is reachable on. This is
useful for external load balancers which live on the same host as the
service itself.
Change-Id: I654bb3d1109b96cbaff6f450655cd65f349a94e6
Implements: blueprint service-hostnames
We're duplicating code to build the keystone URLs in nearly every
config, where we've already done it in group_vars. Replace the
redundancy with a variable that does the same thing.
Change-Id: I207d77870e2535c1cdcbc5eaf704f0448ac85a7a
This allows neutron service endpoints to use custom hostnames, and adds the
following variables:
* neutron_internal_fqdn
* neutron_external_fqdn
These default to the old values of kolla_internal_fqdn or
kolla_external_fqdn.
This also adds a neutron_server_listen_port option, which defaults to
neutron_server_port for backward compatibility.
This option allow the user to differentiate between the port the
service listens on, and the port the service is reachable on. This is
useful for external load balancers which live on the same host as the
service itself.
Change-Id: I87d7387326b6eaa6adae1600b48d480319d10676
Implements: blueprint service-hostnames
This allows nova service endpoints to use custom hostnames, and adds the
following variables:
* nova_internal_fqdn
* nova_external_fqdn
* placement_internal_fqdn
* placement_external_fqdn
* nova_novncproxy_fqdn
* nova_spicehtml5proxy_fqdn
* nova_serialproxy_fqdn
These default to the old values of kolla_internal_fqdn or
kolla_external_fqdn.
This also adds the following variables:
* nova_api_listen_port
* nova_metadata_listen_port
* nova_novncproxy_listen_port
* nova_spicehtml5proxy_listen_port
* nova_serialproxy_listen_port
* placement_api_listen_port
These default to <service>_port, e.g. nova_api_port, for backward
compatibility.
These options allow the user to differentiate between the port the
service listens on, and the port the service is reachable on. This is
useful for external load balancers which live on the same host as the
service itself.
Change-Id: I7bcce56a2138eeadcabac79dd07c8dba1c5af644
Implements: blueprint service-hostnames
The neutron containers were not being restarted if only the ml2_conf.ini
file is changed. This is due to the XenAPI ml2_conf.ini config task
registering a variable of the same name as the task that generates
ml2_conf.ini for other services. Since the XenAPI service is typically
not running, the tasks show as not changed, and the handler skips
restarting the container.
This change adds a second variable for XenAPI to avoid this shadowing.
Change-Id: I77819ed8defb8a7653e1e5aec92013b1d40fbf02
Closes-Bug: #1783268
According [1], vitrage notification has to be configured in Nova,
Neutron, Cinder & Aodh config file.
[1] https://review.openstack.org/#/c/302802/
Change-Id: Iaf8cd7d40e6eb988adf4d208e6ad784f1004caa5
With this change, an operator may be able to stop a
service container without stopping all services in a host.
This change is the starting point to start
fast-forward upgrades support.
In next changes new flags will be introducced to disable
stop dataplane services during upgrades.
Change-Id: Ifde7a39d7d8596ef0d7405ecf1ac1d49a459d9ef
Implements: blueprint support-stop-containers
The concept of splitting the compute group into external/internal just
to specify agent_mode for Neutron DVR was deemed to be heavy handed, and
depreacated in the Pike cycle.
Now that Rocky has been released we can remove these completely for Stein.
Change-Id: I28a1eba7f40fee55a7ec41c27451e39e4d7fd8f0
This patchset implements Neutron rolling upgrade logic as described
in [1].
Due to only neutron, vpnass and fwaas have supported for rolling upgrade
database migration, so I used the list "neutron_rolling_upgrade_services"
in neutron/default/main.yml for contain there services.
[1] https://docs.openstack.org/neutron/latest/contributor/internals/upgrade.html
Co-author: Ha Manh Dong <donghm@vn.fujitsu.com>
Change-Id: I2ed2f941d30d4df0d0f42c0d10e7ca03ec1c166a
Implements: blueprint apply-service-upgrade-procedure
Having all services in one giant haproxy file makes altering
configuration for a service both painful and dangerous. Each service
should be configured with a simple set of variables and rendered with a
single unified template.
Available are two new templates:
* haproxy_single_service_listen.cfg.j2: close to the original style, but
only one service per file
* haproxy_single_service_split.cfg.j2: using the newer haproxy syntax
for separated frontend and backend
For now the default will be the single listen block, for ease of
transition.
Change-Id: I6e237438fbc0aa3c89a3c8bd706a53b74e71904b
Disable neutron-lbaas-agent and use lbaasv2-proxy when enable octavia.
Use keystone-auth v3 and internal endpoint for lbaasv2 plugin.
Change-Id: I69e8436f3722cf99644457323b71b94dc9036bb9
Co-Authored-By: Hieu LE <hieulq2@viettel.com.vn>
Closes-Bug: #1756771
Closes-Bug: #1738115
If we are not using l3 ha mode, it’s not necessary to delete the namespaces related to l3. It will speed up the start of the neutron l3 agent.
Change-Id: I78f6d927a78e8f9e4ed855e4b6d1362bdfc6b985
Closes-Bug: #1785880
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Co-Authored-By: confi-surya <singh.surya64mnnit@gmail.com>
Change-Id: Ifd8527d404f1df807ae8196eac2b3849911ddc26
Closes-Bug: #1761907
This commit is to apply resource-constraints to a few more OpenStack services.
Commit to apply constraints to the last set of services will be made in
the upcoming commit.
Depends-on: Icafa54baca24d2de64238222a5677b9d8b90e2aa
Change-Id: I39004f54281f97d53dfa4b1dbcf248650ad6f186
Enables setting rp_filter mode on Neutron L3 agent and Nova compute
hosts whilst maintaining the default that it is disabled.
Closes-Bug: #1782799
Change-Id: I93e53bad9727beb786b00bd7fcd6d78785c619c2
As of the Queens release, Keystone solely implements the Identity
API v3. Support for Identity API v2.0 has been removed since Queens
in favor of the Identity API v3.
Change-Id: If65b26935e8bd1e6655d84259499f4013762e4e3
Closes-Bug: #1778846
Add become to all tasks that use the module "kolla_docker"
Change-Id: I4309c4011687b88ec31d739fd8f834fe2326ff10
Partial-Implements: blueprint ansible-specific-task-become
NSXV3 is the OpenStack support for the NSX Transformers platform.
This is supported from neutron in the Mitaka version. This patch
adds Kolla support
This adds a new neutron_plugin_agent type 'vmware_nsxv3'. The plugin
does not run any neutron agents.
Change-Id: I1ecd7e5f3471e4ff03cfe8c9a3aff17af3fe1842
Currently osprofiler only choose elasticsearch,
which is only supported on x86.
On other platform like aarch64 osprofiler can
not be used since no elasticsearch package.
Enable osprofiler by enable_osprofiler: "yes",
which choose elasticsearch by default.
Choose redis by enable_redis: "yes" & osprofiler_backend: "redis"
On platform without elasticsearch support like aarch64
set enable_elasticsearch: "no"
Change-Id: I68fe7a33e11d28684962fc5d0b3d326e90784d78
In change I78cb60168aaa40bb6439198283546b7faf33917c, action was changed
to kolla_action, and serial to kolla_serial, to avoid Ansible warnings
due to use of reserved keywords. In that change, some keywords were
missed, and some changes that were merged since then have not switched
to the new variables. This change fixes all current instances of those
issues.
Change-Id: I357dffdfcb2b405e280a962d366ee65eebf0a8d1
Implements: blueprint migrate-to-ansible-2-2-0
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
Allow to set computes_need_external_bridge to true/false
depending on the desired configuration, for allowing
cases such as disable dvr and enable l3 ha.
Closes-Bug: #1769686
Change-Id: I1565b08dfccb7bec2ddda8c048b7d951c9eb1824
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
As neutron-vpnaas-agent has been loaded just inside of the existing l3 agent
rather than requiring operators to run a completely different binary with a
subclass of the existing L3 agent[1]. We need restructure this role to fit
with this new feature.
[1] https://review.openstack.org/488247
Depends-On: I47cd8ba5a14da3c76d5b1eb0b4c0cf0c729eb2ff
Change-Id: Id690a652bc9facf1c3e39358f548ab7ddd967d80
Implements: blueprint restructure-neutron-vpnaas
Closes-Bug: #1731498
Change the default hardcoded values of the dnsmasq dns resolvers
on dhcp_agent.ini.j2 to a configuration option part
of group_vars/all.yml.
Also adding 1.1.1.1 as part of the default set.
Change-Id: I629c69e556d4ddba19f68f06627038e1886ae5f9
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
