Barbican has recently bumped max_allowed_secret_in_bytes from 10 KB to
20 KB since the original value was too small for some certificates [1].
Remove custom value from the barbican.conf template, which anyway was
the same as the default configuration before the recent upstream change.
The upstream change was backported to Wallaby and has been proposed to
Victoria, Ussuri and Train [2], so this change should be backported too.
[1] https://review.opendev.org/c/openstack/barbican/+/783381
[2] https://review.opendev.org/q/I59d11c5c9c32128ab9d71eaecdf46dd2d789a8d1
Change-Id: I83e4cb48192c8024650a8d347363f6babb75ad90
Closes-Bug: #1957795
They seem to think ping is too dangerous for normal users.
Co-Authored-By: Pierre Riteau <pierre@stackhpc.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/824903
Change-Id: I30c2a7b6850350901b15fe196175508634c8e9a5
Access to console of any zun container fails when
kolla_enable_tls_external is true.
This is due to the protocol of the base_url of the websocket_proxy
section in zun.conf is hardcoded to 'ws'.
[base_url = ws://<external_fqdn>:<port>]
This fix adds a new variable zun_wsproxy_protocol
and sets it's value to 'wss' when kolla_enable_tls_external is true
or to 'ws' otherwise
Then the base url's protocol of the websocket_proxy section
in zun.conf is set by zun_wsproxy_protocol
[base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]
Closes-Bug: 1957117
Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb
Some ID provider configurations do not require a certificate file.
Change the logic to allow this, and update documentation accordingly.
Change-Id: I2c34a6b5894402bbebeb3fb96768789bc3c7fe84
rabbitmq starting from 3.8.0, built-in Prometheus support,
prometheus plugins are enabled by default, when the environment is
"enable_prometheus is no", rabbitmq role will disable prometheus plugins
Closes-Bug: #1885106
Change-Id: I4d694d6224c813285d228d6bc7eece5731db1078
Moved the DockerWorker class from module file into its separate file
in module_utils directory for future extension.
Unit tests changed accordingly.
Signed-off-by: Ivan Halomi <ivan.halomi@tietoevry.com>
Co-authored-by: Martin Hiner <martin.hiner@tietoevry.com>
Change-Id: Ia2a471a9a2805e13b2c20dbf8a7297c23231aae3
We are not using it anywhere (metadata agents are using internal network),
so let's disable it by default.
Change-Id: If06db5030b0f09e20ef506c3b3ab39c3573b5f3d
Kolla has removed the Volume V2 API by default since OpenStack Wallaby.
However, openstack-exporter attempts to use the Volume V2 API by
default, resulting in clean installs failing to fetch Cinder metrics
in Prometheus.
This patch updates the clouds.yml configuration file for
openstack-exporter to use the Volume V3 API instead.
Closes-Bug: #1938194
Change-Id: Ifbb601be3ef1a1e853d5a7e832adf556c0ae38b9
This patch also configure delete indices action before close indices.
more info check curator source code[0].
[0] ac5db911a1/curator/cli.py (L217-L224)
Change-Id: I9fb4b25514f5890adfac2f4007ec4a819fc9f566
Closes-Bug: #1954720
Role vars have a higher precedence than role defaults. This allows to
import default vars from another role via vars_files without overriding
project_name (see related bug for details).
Change-Id: I3d919736e53d6f3e1a70d1267cf42c8d2c0ad221
Related-Bug: #1951785
This commit added ovn_sb_connection to octavia.conf otherwise it will
try to connect to ovn-sb-db using the default address which is
127.0.0.1 while the ovn-sb-db listen on the IP address of the
api_interface.
Closes-Bug: #1950111
Change-Id: I9cb9a0365d00ffd70562b4b3e83493ec09bd52c2
We stopped using this file in Queens
(https://review.opendev.org/494635), but the file was not removed at
that time.
Change-Id: Ibe5fb291e7c39965f5c4ff5ee4ea0bb1f8e6e9c2
Closes-Bug: #1840158
Bifrost in Yoga will change the default TFTP and HTTP boot directories
to reside under /var/lib/ironic/. We already avoid the cross-filesystem
linking issue that the patch aims to address, by overriding
tftp_master_path. Avoid this breaking us by reverting to the previous
defaults.
Needed-By: https://review.opendev.org/c/openstack/bifrost/+/822743
Change-Id: Idc54c78c618ae90b4d933c2c401bb1789b0abd36
Fix configuration for ironic role in order to apply custom
policies for ironic-inspector API
Closes-Bug: #1952948
Change-Id: Id454c693f570e99ea58d2a6231f01a84b80ca56a
This variable is referenced by horizon_listen_port, which becomes
undefined outside of the horizon role. One symptom of this is that
the hostvars variable becomes undefined when referenced for debugging
purposes.
This issue was introduced by Ibb5ad1a5d1bbc74bcb62610d77852d8124c4a323,
which has been backported to Victoria.
This change fixes the issue by moving horizon_enable_tls_backend to
group_vars.
TrivialFix
Change-Id: I1fc4e2a24fe096a49434d7e16851e63efd25d74c
The admin interface for endpoints never had any real use, the
functionality was the same as for the public or internal endpoints,
except for Keystone. Even for Keystone with API v3 it would no longer
really be needed, but it is still being required by some libraries that
cannot be changed in order to stay backwards compatible.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Icf3bf08deab2c445361f0a0124d87ad8b0e4e9d9
