1791 Commits

Author SHA1 Message Date
Christian Berendt
6768b760ab Add neutron_ovn_availability_zones parameter
With the new ``neutron_ovn_availability_zones`` parameter it is possible
to define network availability zones for OVN. Further details can be found
in the Neutron OVN documentation:
https://docs.openstack.org/neutron/latest/admin/ovn/availability_zones.html#how-to-configure-it

Change-Id: I203e0d400a3218d0b4a41f2a948207032c4febec
2023-03-06 13:28:28 +00:00
Matthew N Heler
5d3eed23a7 Set the etcd internal hostname and cacert for tls internal enabled
deployments

This allows services to work with etcd when coordination is enabled
for TLS internal deployments. Without this fix, we fail to connect to
etcd with the coordination backend and the service itself crashes.

Change-Id: I0c1d6b87e663e48c15a846a2774b0a4531a3ca68
2023-03-02 06:48:40 -06:00
Zuul
ff0fca8fdc Merge "Switch trove-api to wsgi running under apache." 2023-02-20 16:46:42 +00:00
Zuul
b1e5a97028 Merge "Use loadbalancer to connect to etcd" 2023-02-17 08:55:34 +00:00
Mark Goddard
572ff2f8dc Fix deploy/genconfig in check mode
Previously, when running one of the following commands:

  kolla-ansible deploy --check
  kolla-ansible genconfig --check

deployment or configuration generation fails for various reasons.

MariaDB fails to lookup the existing cluster.

Keystone fails to generate cron config.

Nova-cell fails to get the cell settings.

Closes-Bug: #2002661
Change-Id: I5e765f498ae86d213d0a4379ca5d473db1499962
2023-02-14 17:18:16 +00:00
Zuul
0a128d24b9 Merge "Put etcd behind HTTP loadbalancer" 2023-02-14 11:31:09 +00:00
John Garbutt
6cf22b0cb1 Improve RabbitMQ performance by reducing ha replicas
Currently we do not follow the RabbitMQ advice on replicas here:
https://www.rabbitmq.com/ha.html#replication-factor

Here we reduce the number of replicas to n // 2 + 1 as advised
above. The hope it this helps speed up recovery from rabbit
issues.

Related-Bug: #1954925
Change-Id: Ib6bcb26c499c9884faa4a0cd51abaec00cacb096
2023-02-14 10:56:11 +00:00
Matt Crees
e13072a98d Add flag to change RabbitMQ ha-mode definition
Adds the flag `rabbitmq_ha_replica_count` to change how many different
nodes a queue should be mirrored across. If the value is not set, then
it defaults to "ha-mode":"all". This value is unset by default to avoid
any unexpected changes to the RabbitMQ definitions.json file, as that
would trigger an unexpected restart of RabbitMQ during the next deploy.

Change-Id: Iee98cd937197a73a3b04aa8501fa325e8ecfff24
2023-02-14 10:51:46 +00:00
Will Szumski
e2c7dace44 Use loadbalancer to connect to etcd
Hardcoding the first etcd host creates a single point of failure.

Change-Id: I0f83030fcd84ddcdc4bf2226e76605c7cab84cbb
2023-02-14 10:16:55 +00:00
Will Szumski
6f536a4f71 Put etcd behind HTTP loadbalancer
etcd-compatible tooz drivers do not support multiple endpoints via
backend_url. We can put a loadbalancer in front of etcd and configure
backend_url to use the VIP instead. The issue with hard coding the first
host is that we break coordination if we take this host offline. In the
case of cinder, we would not be able to perform any volume related
operations.

Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Change-Id: Ib684501ba03c386dc5ac71e5cbea05c99f191665
2023-02-13 11:45:53 +00:00
Zuul
df12f2ce02 Merge "Default neutron_tls_proxy and glance_tls_proxy to haproxy_tag" 2023-02-10 14:47:49 +00:00
John Garbutt
94f3ce0c78 RabbitMQ: Support setting ha-promote-on-shutdown
By default ha-promote-on-shutdown=when-synced. However we are seeing
issues with RabbitMQ automatically recovering when nodes are restarted.
https://www.rabbitmq.com/ha.html#cluster-shutdown

Rather than waiting for operator interventions, it is better we allow
recovery to happen, even if that means we may loose some messages.
A few failed and timed out operations is better than a totaly broken
cloud. This is achieved using ha-promote-on-shutdown=always.

Note, when a node failure is detected, this is already the default
behaviour from 3.7.5 onwards:
https://www.rabbitmq.com/ha.html#promoting-unsynchronised-mirrors

This patch adds the option to change the ha-promote-on-shutdown
definition, using the flag `rabbitmq_ha_promote_on_shutdown`. This
value is unset by default to avoid any unexpected changes to the
RabbitMQ definitions.json file, as that would trigger an unexpected
restart of RabbitMQ during the next deploy.

Related-Bug: #1954925

Change-Id: I2146bda2c72ddac2c9923c6941b0596395fd9ab5
2023-02-09 13:49:07 +00:00
Zuul
429ac6fc00 Merge "Fix kolla_docker module" 2023-02-08 11:53:22 +00:00
Zuul
75bd313678 Merge "Trivial: Add connection: local for keystone-fernet cron generate task" 2023-02-08 00:15:59 +00:00
Michal Arbet
63b9fa5639 Fix kolla_docker module
This patch fixes kolla_docker module
as it did not take into account common_options
parameter. From patchset it's visible that module's
default values are used always - even if user overrided
some param in common_options dict.

Closes-Bug: #2003079

Change-Id: I677fde708dd004decaff4bd39f2173d8d81052fb
2023-02-04 23:54:47 +01:00
wu.chunyang
303998e294 Switch trove-api to wsgi running under apache.
This change also adds support for Trove backend TLS.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/854744
Change-Id: I2acf7820b24b112b57b0c00a01f5c4b8cb85ce25
2023-02-02 01:22:59 +00:00
Michal Arbet
78cf9585b7 Trivial: Add connection: local for keystone-fernet cron generate task
This patch add connection local for above mentioned task as
kolla-ansible can be executed in docker container as in
my case.

When there is no connection: local, ansible is trying to connect
to localhost via ssh where specified python script is not available.

After connection: local everything is working as expected as file
is found inside container

Closes-Bug: #2004224

Change-Id: I219a958b4f101efb71a2935e6d910dae5c65f0be
2023-01-31 06:48:40 +01:00
yangshaoxue
113b77c8cb Add skyline service
Support to deploy skyline by kolla-ansible.

Implements: blueprint skyline
Depends-On: https://review.opendev.org/c/openstack/kolla/+/826948

Change-Id: Ice5621491a432ba32138abd6f62d1f815cc219e0
2023-01-31 13:47:18 +08:00
Bartosz Bezak
95895d5b06 Default neutron_tls_proxy and glance_tls_proxy to haproxy_tag
neutron_tls_proxy and glance_tls_proxy are using haproxy container
image. Pin them to haproxy_tag directly.

Change-Id: I73142db48ebe6641520d21b560f16de892e07c34
2023-01-30 16:45:56 +00:00
Zuul
98139b0f10 Merge "Remove system scope token to access services" 2023-01-30 13:03:13 +00:00
Ghanshyam Mann
283fa242ca Remove system scope token to access services
As per the RBAC new direction in Zed cycle, we have dropped the
system scope from API policies and all the policies are hardcoded
to project scoped so that any user accessing APIs using system scope
will get 403 error. It is dropped from all the OpenStack services
except for the Ironic service which will have system scope and to
support ironic only deployment, we are keeping system as well as project
scope in Keystone.

Complete discussion and direction can be found in the below gerrit
change and TC goal direction:

- https://review.opendev.org/c/openstack/governance/+/847418
- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#the-issues-we-are-facing-with-scope-concept

As phase-2 of RBAC goal, services will start enabling the new
defaults and project scope by default. For example: Nova did in
- https://review.opendev.org/c/openstack/nova/+/866218

Kolla who start accessing the services using system scope token
- https://review.opendev.org/c/openstack/kolla-ansible/+/692179

This commit partially revert the above change except keeping
system scope usage for Keystone and Ironic. Rest all services are changed
to use the project scope token.

And enable the scope and new defaults for Nova which was disabled
by https://review.opendev.org/c/openstack/kolla-ansible/+/870804

Change-Id: I0adbe0a6c39e11d7c9542569085fc5d580f26c9d
2023-01-26 17:52:00 -06:00
Zuul
38ccebb8cb Merge "Add systemd container control" 2023-01-25 18:43:47 +00:00
Zuul
99d1e3c710 Merge "Adding optional delay between l3 agent restarts" 2023-01-25 14:08:06 +00:00
Zuul
cab09e31dc Merge "Add ability to configure rabbitmq" 2023-01-25 11:20:23 +00:00
Alex-Welsh
391aa4677f Adding optional delay between l3 agent restarts
This change serialises the neutron l3 agent restart process and adds a
user configurable delay between restarts. This can prevent connectivity
loss due to all agents being restarted at the same time.

Routers increase the recovery time, making this issue more prevalent.

Change-Id: I3be0ebfa12965e6ae32d1b5f13f8fd23c3f52b8c
2023-01-23 09:14:59 +00:00
Zuul
32dce70f09 Merge "Drop skydive" 2023-01-19 10:26:01 +00:00
Martin Hiner
4866017e52 Add systemd container control
This commit adds SystemdWorker class to kolla_docker ansible module.
It is used to manage container state via systemd calls.

Change-Id: I20e65a6771ebeee462a3aaaabaa5f0596bdd0581
Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Signed-off-by: Martin Hiner <m.hiner@partner.samsung.com>
2023-01-19 10:38:41 +01:00
Zuul
08267a59ce Merge "Stop firewalld config during kolla genconfig" 2023-01-18 16:26:19 +00:00
Michal Arbet
701dc20f50 Add ability to configure rabbitmq
As rabbitmq's configuration file is not ini or yaml file,
there is no option to extend configuration by new config
options via merge_configs or merge_yaml.

This patch moves config options to dictionary
so it can be overriden in /etc/kolla/globals.yml.

Change-Id: I5cd772f4fb80a0e200fb24d67be735ca81e3fdeb
2023-01-17 22:03:54 +01:00
Zuul
24dc34615a Merge "Fix issue with genconfig and octavia_auto_configure" 2023-01-16 12:17:58 +00:00
Zuul
383dfc21d6 Merge "Fix prechecks in check mode" 2023-01-16 11:14:45 +00:00
Will Szumski
2bf4d4db4e Fix issue with genconfig and octavia_auto_configure
Makes sure the facts required to generate octavia.conf are available
when using genconfig.

This change also ensures that the necessary tasks run when using Ansible
check mode.

Closes-Bug: #1987299
Change-Id: Ib8fbee2d3abdcfd2eae0f9b3e9b69eeb0e3086e0
2023-01-16 09:11:27 +01:00
Matt Crees
09df6fc1aa Add a flag to handle RabbitMQ high availability
A combination of durable queues and classic queue mirroring can be used
to provide high availability of RabbitMQ. However, these options should
only be used together, otherwise the system will become unstable. Using
the flag ``om_enable_rabbitmq_high_availability`` will either enable
both options at once, or neither of them.

There are some queues that should not be mirrored:
* ``reply`` queues (these have a single consumer and TTL policy)
* ``fanout`` queues (these have a TTL policy)
* ``amq`` queues (these are auto-delete queues, with a single consumer)
An exclusionary pattern is used in the classic mirroring policy. This
pattern is ``^(?!(amq\\.)|(.*_fanout_)|(reply_)).*``

Change-Id: I51c8023b260eb40b2eaa91bd276b46890c215c25
2023-01-13 15:40:08 +00:00
Mark Goddard
46aeb9843f Fix prechecks in check mode
When running in check mode, some prechecks previously failed because
they use the command module which is silently not run in check mode.
Other prechecks were not running correctly in check mode due to e.g.
looking for a string in empty command output or not querying which
containers are running.

This change fixes these issues.

Closes-Bug: #2002657
Change-Id: I5219cb42c48d5444943a2d48106dc338aa08fa7c
2023-01-12 14:27:36 +00:00
Zuul
74f64a19f1 Merge "ovn: add ovn-monitor-all variable" 2023-01-12 12:33:43 +00:00
Jack Hodgkiss
86870bd7f8
Stop firewalld config during kolla genconfig
Prevent the haproxy-config role from attempting to modify firewalld when
running kolla-ansible genconfig.

Closes-Bug: #2002522
Change-Id: Ie8a524cc944aa8cb9cf0999b1b8da79f30b40092
2023-01-11 12:03:49 +00:00
Michal Nasiadka
673ca8c7e7 Drop skydive
Change-Id: I8855bd60c2fd77f33fb55d4123131a94327bd166
2023-01-05 14:55:53 +01:00
Zuul
2b88144c05 Merge "Explicitly set the value of heartbeat_in_pthread" 2023-01-05 13:02:20 +00:00
Matt Crees
8b8b4a8217 Explicitly set the value of heartbeat_in_pthread
The ``[oslo_messaging_rabbit] heartbeat_in_pthread`` config option
is set to ``true`` for wsgi applications to allow the RabbitMQ
heartbeats to function. For non-wsgi applications it is set to ``false``
as it may otherwise break the service [1].

[1] https://docs.openstack.org/releasenotes/oslo.messaging/zed.html#upgrade-notes

Change-Id: Id89bd6158aff42d59040674308a8672c358ccb3c
2023-01-05 09:18:13 +00:00
Zuul
bea4535613 Merge "ovn: Change order of deployment" 2023-01-04 13:38:35 +00:00
Zuul
29e96d89b1 Merge "Integrate oslo-config-validator" 2023-01-03 17:40:00 +00:00
labedz
20355edb2b ovn: add ovn-monitor-all variable
Setting ovn-monitor-all to 'true' will configure
ovn-controller to monitor all OVS database records
unconditionally. That will release some CPU resource
from OVS Southbound DB but will increase number of events
coming to ovn-controller.

Default value is 'false'.

Change-Id: I291e166013d8c88f00e84ceaf308251c352c9a79
2022-12-22 10:13:15 +00:00
Michal Nasiadka
3a94996b41 ovn: Change order of deployment
ovn-controller should be deployed first according to OVN upgrade guide.
Since we are getting newer OVN/OVS versions from RDO/Ubuntu in a cycle,
let's apply that to deployment.

Closes-Bug: #1979329

Change-Id: I017aec611a057db1634cfc2634164b21cb210193
2022-12-22 09:50:40 +01:00
Matt Crees
6c2aace8d6 Integrate oslo-config-validator
Regularly, we experience issues in Kolla Ansible deployments because we
use wrong options in OpenStack configuration files. This is because
OpenStack services ignore unknown options. We also need to keep on top
of deprecated options that may be removed in the future. Integrating
oslo-config-validator into Kolla Ansible will greatly help.

Adds a shared role to run oslo-config-validator on each service. Takes
into account that services have multiple containers, and these may also
use multiple config files. Service roles are extended to use this shared
role. Executed with the new command ``kolla-ansible validate-config``.

Change-Id: Ic10b410fc115646d96d2ce39d9618e7c46cb3fbc
2022-12-21 17:19:09 +00:00
a9f0948d82 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: I8f24a2318b5bd5ff60a235c093db022344dec644
2022-12-09 13:23:30 +00:00
Michal Nasiadka
ae3de342e4 Monasca reno followup polish
Change-Id: I2db0ddcdacb1502878609f51c4252210c8d5fd6c
2022-12-08 15:06:46 +01:00
Michal Nasiadka
48a4153887 Tidy up renos for Monasca and dependencies
Change-Id: Ieb2f4ee5d4c64c92e589d4da63c5b66472052163
2022-12-08 12:18:35 +00:00
Michal Nasiadka
f128d19957 Remove kafka, storm, zookeeper
Their cleanup has been added to monasca cleanup command.

Change-Id: I19a846e2683ae70b33ca64d2aba7ac71eb724588
2022-12-08 06:50:15 +00:00
Bartosz Bezak
60b39ccd40 [release] Tidy up release notes for Zed
Change-Id: If98434d7941cf319b0689441827290791f596a04
2022-12-05 12:47:08 +01:00
Zuul
113242c864 Merge "Replace ElasticSearch and Kibana with OpenSearch" 2022-12-01 14:38:51 +00:00