1791 Commits

Author SHA1 Message Date
Zuul
41803729f3 Merge "keystone: Remove redundant 'when'" 2022-08-30 19:36:45 +00:00
Zuul
490cb977c2 Merge "[security] Make Ironic tftpd run as nobody" 2022-08-30 19:35:07 +00:00
Pierre Riteau
b8928ce54b Switch Prometheus Alertmanager to active/passive
Closes-Bug: #1987866
Change-Id: Iaf352a15b9e6c9607e0d33c803c132d9267ca727
2022-08-29 18:25:52 +02:00
LinPeiWen
aa80f81d30 keystone: Remove redundant 'when'
In a multi-controller node, the presence of "run_once: True"
and "when: inventory_hostname == groups['keystone'][-1]"
will cause the task to be skipped

Closes-Bug: #1987982

Change-Id: I6a8f4ca285cda0675711b631aeed7ae4c992d879
2022-08-29 19:42:05 +08:00
Pierre Riteau
438ff2307c Support configuring HAProxy services as active/passive
Instead of specifying a custom member list for each service that should
be configured as active/passive, a new `active_passive` parameter can be
set to true. This only works if `custom_member_list` is not used.

Change-Id: I3758bc2377c25a277a29f02ebc20c946c7499093
2022-08-29 12:01:18 +02:00
Radosław Piliszek
f1d27f7ddb [security] Make Ironic tftpd run as nobody
This avoids root privileges in tftpd's unprivileged container.

Change-Id: I50366205c9cefe2af26c27580c02368f029b7605
2022-08-26 21:48:54 +02:00
Zuul
04fbc5e84b Merge "Persist Bifrost's autogenerated passwords" 2022-08-24 09:33:17 +00:00
Michal Arbet
63d72ea7e8 Use Docker healthchecks for mariadb-server service
This change enables the use of Docker healthchecks for
mariadb-server service.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/805613
Change-Id: I893687a0501ea0f281b879df3141a354bff9eca6
2022-08-22 08:27:28 +00:00
Will Szumski
0fe8010c88 Introduce variables for cinder backend names
This allows you to use a more descriptive name if you desire.
For example, when using cinder with multiple ceph backends, rbd-1,
doesn't convey much information. You could include location, disk
technology, etc. in the name.

Change-Id: Icfdc2e5726fec8b645d6c2c63391a13c31f2ce9a
2022-08-17 15:19:37 +01:00
Zuul
7c36bbfa00 Merge "Remove the deprecated storage_interface var" 2022-08-15 09:54:58 +00:00
Zuul
6cab1fcbd0 Merge "Add support for deploying prometheus-msteams" 2022-08-10 17:14:13 +00:00
Pierre Riteau
c1155a2879 Add support for deploying prometheus-msteams
This can be used to forward Prometheus Alertmanager notifications to
Microsoft Teams.

Change-Id: I563f2438b3cb0895606b029b5269ce2e50c413e3
Depends-On: https://review.opendev.org/c/openstack/kolla/+/812678
2022-08-10 13:21:41 +02:00
Radosław Piliszek
125646b911 Honour the linuxbridge experimental status
This patch follows upstream and disables linuxbridge testing.
Users are notified of the situation via the release note.

Change-Id: I524682ceb5287c14ef0ba99baae0c081850f4c5e
2022-08-03 15:19:40 +02:00
Zuul
da214b74a9 Merge "Fix nova online volume resize with multipathd" 2022-08-03 09:40:12 +00:00
Mark Goddard
d6f4ef81f6 Enable TLS in Bifrost
Bifrost supports enabling TLS for the services it deploys, as well as
generating a self-signed TLS certificate. Let's use it.

Change-Id: I2a60ec780c37895e810cdba65bb485d0986a196d
2022-08-02 13:07:39 +01:00
Mark Goddard
d95e237f3d Persist Bifrost's autogenerated passwords
By default Bifrost generates passwords for use by services, and stores
them in files in /root/.config/bifrost/ in the container. This directory
is not persistent, so the passwords are lost if the container is
recreated. This is generally not a problem, because recreating the
container is generally done when redeploying Bifrost, and new passwords
will be generated and written to configuration files. However, if you
access the Ironic or Inspector APIs outside of the Bifrost playbooks,
the credentials will have changed.

This change fixes the issue by persisting the credentials directory in a
Docker volume. Note that applying this change will cause existing
credentials to be removed.

Closes-Bug: #1983356

Change-Id: I45a899e228b7634ba86fab5822139252c48a7f07
2022-08-02 11:26:42 +01:00
Zuul
fc1404861d Merge "adds firewalld configuration based on enabled services" 2022-07-29 08:31:26 +00:00
Victor Chembaev
277db5c3b7 Fix nova online volume resize with multipathd
Closes-Bug: 1982777

Change-Id: Ic752b981041b233ab55d5b9abef667b21b47857d
2022-07-28 21:40:27 +03:00
k-s-dean
8553e52acd adds firewalld configuration based on enabled services
This change introduces automated configuration of firewalld and adds
a new filter for extracting services from the project_services dict.
the filter selects any enabled services and their haproxy element
and returns them so they can be iterated over.
This commit also enables automated configuration of firewalld from enabled
openstack services and adds them to the defined zone and reloads the
system firewall.

Change-Id: Iea3680142711873984efff2b701347b6a56dd355
2022-07-27 12:28:40 +01:00
Radosław Piliszek
1bb4acbf9a Remove the deprecated storage_interface var
Change-Id: I63673761959a560e97c848f092f086ceba25839a
2022-07-27 12:37:59 +02:00
Zuul
0272805d5b Merge "Revert "Allow cinder-backup to be configured to use S3 backend."" 2022-07-27 09:12:02 +00:00
Michal Nasiadka
b7fe60fc4d Revert "Allow cinder-backup to be configured to use S3 backend."
This reverts commit 73fc230fe3f1d159b5bb9d62a6e15f93cecb6e7c.

Reason for revert: CI jobs failing with "msg": "{{ s3_url }}: 's3_url' is undefined"

Change-Id: Iba7099988cea0c0d8254b9e202309cd9c82a984d
2022-07-27 06:52:22 +00:00
Zuul
35a3aa3458 Merge "Allow cinder-backup to be configured to use S3 backend." 2022-07-26 09:04:00 +00:00
Zuul
db271bebad Merge "make "external_labels" optional on prometheus.yml" 2022-07-21 13:26:04 +00:00
Sergei Raiskii
73fc230fe3 Allow cinder-backup to be configured to use S3 backend.
Added options to configure S3 cinder backup driver, so cinder backup
can use S3 storage, for safekeeping backups.

Change-Id: Id6ff6206714581555baacecebfb6d8dd53bed8ac
2022-07-21 15:38:08 +03:00
Zuul
169ceba8c2 Merge "Add [taskflow] section for masakari.conf.j2" 2022-07-21 11:47:19 +00:00
zhangmeng
41a9402910 make "external_labels" optional on prometheus.yml
Closes-bug: 1944699
Change-Id: I6d0bb3b88983846fdd9c8af09456a106a940d191
2022-07-20 15:25:30 +08:00
zhangmeng
8620a5e4fc Add [taskflow] section for masakari.conf.j2
Closes-bug: 1966536
Change-Id: I66a0189511e4c937299442207459cf72165649dd
2022-07-20 15:22:23 +08:00
Zuul
fa49b1803f Merge "Set the ironic notification level" 2022-07-13 10:42:57 +00:00
Christian Berendt
ced1e3b6db Set the ironic notification level
To use notifications with ironic, the notification_level
option in the [DEFAULT] section of the configuration file
must be set, we use ``info`` as a reasonable level.

Closes-Bug: #1969826

Change-Id: I38bb1e5404e917c788689a3181741022f875da06
2022-07-12 12:55:22 +02:00
Pierre Riteau
3058b5bcd7 Support configuring the CloudKitty fetcher
Change-Id: I6d9ee98912120b9ece60ee22c7b0ad71dab8ed30
2022-07-07 21:45:38 +02:00
Mark Goddard
3d65a160d9 inspector: Prevent use of noauth in multi-region setup
In a multi-region environment without a local keystone, we should still
use authentication.

Change-Id: I9df0ddf6e0d56f0817256b07ae0a0a7021209663
2022-07-06 15:08:15 +01:00
Zuul
c2261e5652 Merge "Add ironic_http_interface parameters" 2022-07-05 12:48:35 +00:00
Pierre Riteau
13b0f3b861 Make external access to monitoring services configurable
Change-Id: Iaf6bf36ae0adce3342981c36c859fc138b172f6b
2022-06-27 11:57:53 +02:00
Christian Berendt
4de3426611 Add ironic_http_interface parameters
With the ironic_http_interface/ironic_http_interface_address
parameters it is possible to set the addresses for the
ironic_http service.

Change-Id: I72c257ebedf283cdef1b98485a576631e2190657
2022-06-24 10:15:56 +02:00
Pierre Riteau
41fba3c5df Support setting Nova API microversion for openstack-exporter
Starting from v1.5.0 of the exporter, OS_COMPUTE_API_VERSION can be set
to configure the Nova API version to be used [1]. Microversion 2.1 can
be used to keep metrics unmodified from the previous exporter version
deployed by Kolla (v1.3.0).

Support it with prometheus_openstack_exporter_compute_api_version,
defaulting to using the latest version.

[1] https://github.com/openstack-exporter/openstack-exporter/pull/201

Change-Id: I7605a3f9f74effb29ecec3b28e4709fd5f7f8cd4
2022-06-23 17:11:50 +02:00
Michal Arbet
889c0d168c Fix nested mounts of /run/openvswitch
As kolla-toolbox is mounting /run:/run
there is no need to mount also /run/openvswitch.
This is causing /run/openvswitch is mounted
again and again up to 32767 times after kolla-toolbox
restart.

Closes-Bug: #1979295
Change-Id: I49b3bde8b2bd61b6c931a81542a0d89f8a303ffc
2022-06-21 11:47:04 +02:00
Zuul
6a329d4642 Merge "Fix typo in endpoint influxdb_internal_endpoint variable" 2022-06-13 13:14:08 +00:00
Will Szumski
49006e56d9 Add keystone_authtoken.service_type
Fixes an issue where access rules failed to validate:

    Cannot validate request with restricted access rules. Set
    service_type in [keystone_authtoken] to allow access rule validation

I've used the values from the endpoint. This was mostly a straight
forward copy and paste, except:

- versioned endpoints e.g cinderv3 where I stripped the version
- monasca has multiple endpoints associated with a single service. For
  this, I concatenated logging and monitoring to be logging-monitoring.

Closes-Bug: #1965111
Change-Id: Ic4b3ab60abad8c3dd96cd4923a67f2a8f9d195d7
2022-06-09 22:49:38 +02:00
T0125936 - LALLAU Bertrand
13af278708 Fix typo in endpoint influxdb_internal_endpoint variable
This patch simply fix a typo in 'influxdb_internal_endpoint' variable.

Change-Id: I1b1068e84be7f7eaff1a4eab1ba9ddcd6f4241c7
2022-06-08 11:31:38 +02:00
Michal Arbet
e2f5c0dbb7 Enable hacluster role when it is needed
Masakari-hostmonitor needs to have
corosync/pacemaker deployed.

This patch is just changing default enable_hacluter: "no"
to "yes" if masakari-hostmonitor is enabled.

Closes-Bug: #1934149
Change-Id: I979d1d6d08ca0cc0a748f175da77f68bcecc2d1a
2022-06-07 14:20:11 +02:00
Pierre Riteau
9653ebe102 Increase openstack-exporter timeout to 45 seconds
Even on moderately sized clouds, openstack-exporter can easily take more
than 10 seconds to return, causing Prometheus to fail to scrape data.

Since the default scrape internal is 60 seconds, we can increase the
default timeout to 45 seconds.

Change-Id: Id8dffc425ff057b1e45103eb53734543bca8be80
Closes-Bug: #1976629
2022-06-02 15:56:50 +02:00
Zuul
4336ffbe44 Merge "Add support for custom alert notification templates" 2022-06-02 10:05:06 +00:00
Zuul
b42cc19b57 Merge "Do not use keystone_admin_url et al" 2022-06-01 13:30:18 +00:00
Zuul
84ece4de0d Merge "Control Masakari monitors deploy" 2022-05-31 15:56:25 +00:00
Zuul
7ed26c8a46 Merge "Improve MariaDB restore procedure" 2022-05-31 10:18:37 +00:00
Radosław Piliszek
7ca9349b09 Do not use keystone_admin_url et al
Following up on [1].
The 3 variables are only introducing noise after we removed
the reliance on Keystone's admin port.

[1] I5099b08953789b280c915a6b7a22bdd4e3404076

Change-Id: I3f9dab93042799eda9174257e604fd1844684c1c
2022-05-28 18:19:01 +02:00
Zuul
15a81a2883 Merge "Do not use a different port for Keystone admin endpoint" 2022-05-27 08:33:57 +00:00
Radosław Piliszek
42c2520144 Do not use a different port for Keystone admin endpoint
Docs and reno included.

Change-Id: I5099b08953789b280c915a6b7a22bdd4e3404076
2022-05-26 13:38:26 +00:00
Maksim Malchuk
d3dbd812c5 Control Masakari monitors deploy
Add a switches to enable/disable deploy of the Masakari monitors.

Change-Id: I3ab603f7cab7946ea8f2e063fe91190d6592066a
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2022-05-25 15:19:32 +03:00