In a multi-controller node, the presence of "run_once: True"
and "when: inventory_hostname == groups['keystone'][-1]"
will cause the task to be skipped
Closes-Bug: #1987982
Change-Id: I6a8f4ca285cda0675711b631aeed7ae4c992d879
Instead of specifying a custom member list for each service that should
be configured as active/passive, a new `active_passive` parameter can be
set to true. This only works if `custom_member_list` is not used.
Change-Id: I3758bc2377c25a277a29f02ebc20c946c7499093
This allows you to use a more descriptive name if you desire.
For example, when using cinder with multiple ceph backends, rbd-1,
doesn't convey much information. You could include location, disk
technology, etc. in the name.
Change-Id: Icfdc2e5726fec8b645d6c2c63391a13c31f2ce9a
This patch follows upstream and disables linuxbridge testing.
Users are notified of the situation via the release note.
Change-Id: I524682ceb5287c14ef0ba99baae0c081850f4c5e
Bifrost supports enabling TLS for the services it deploys, as well as
generating a self-signed TLS certificate. Let's use it.
Change-Id: I2a60ec780c37895e810cdba65bb485d0986a196d
By default Bifrost generates passwords for use by services, and stores
them in files in /root/.config/bifrost/ in the container. This directory
is not persistent, so the passwords are lost if the container is
recreated. This is generally not a problem, because recreating the
container is generally done when redeploying Bifrost, and new passwords
will be generated and written to configuration files. However, if you
access the Ironic or Inspector APIs outside of the Bifrost playbooks,
the credentials will have changed.
This change fixes the issue by persisting the credentials directory in a
Docker volume. Note that applying this change will cause existing
credentials to be removed.
Closes-Bug: #1983356
Change-Id: I45a899e228b7634ba86fab5822139252c48a7f07
This change introduces automated configuration of firewalld and adds
a new filter for extracting services from the project_services dict.
the filter selects any enabled services and their haproxy element
and returns them so they can be iterated over.
This commit also enables automated configuration of firewalld from enabled
openstack services and adds them to the defined zone and reloads the
system firewall.
Change-Id: Iea3680142711873984efff2b701347b6a56dd355
This reverts commit 73fc230fe3f1d159b5bb9d62a6e15f93cecb6e7c.
Reason for revert: CI jobs failing with "msg": "{{ s3_url }}: 's3_url' is undefined"
Change-Id: Iba7099988cea0c0d8254b9e202309cd9c82a984d
Added options to configure S3 cinder backup driver, so cinder backup
can use S3 storage, for safekeeping backups.
Change-Id: Id6ff6206714581555baacecebfb6d8dd53bed8ac
To use notifications with ironic, the notification_level
option in the [DEFAULT] section of the configuration file
must be set, we use ``info`` as a reasonable level.
Closes-Bug: #1969826
Change-Id: I38bb1e5404e917c788689a3181741022f875da06
With the ironic_http_interface/ironic_http_interface_address
parameters it is possible to set the addresses for the
ironic_http service.
Change-Id: I72c257ebedf283cdef1b98485a576631e2190657
Starting from v1.5.0 of the exporter, OS_COMPUTE_API_VERSION can be set
to configure the Nova API version to be used [1]. Microversion 2.1 can
be used to keep metrics unmodified from the previous exporter version
deployed by Kolla (v1.3.0).
Support it with prometheus_openstack_exporter_compute_api_version,
defaulting to using the latest version.
[1] https://github.com/openstack-exporter/openstack-exporter/pull/201
Change-Id: I7605a3f9f74effb29ecec3b28e4709fd5f7f8cd4
As kolla-toolbox is mounting /run:/run
there is no need to mount also /run/openvswitch.
This is causing /run/openvswitch is mounted
again and again up to 32767 times after kolla-toolbox
restart.
Closes-Bug: #1979295
Change-Id: I49b3bde8b2bd61b6c931a81542a0d89f8a303ffc
Fixes an issue where access rules failed to validate:
Cannot validate request with restricted access rules. Set
service_type in [keystone_authtoken] to allow access rule validation
I've used the values from the endpoint. This was mostly a straight
forward copy and paste, except:
- versioned endpoints e.g cinderv3 where I stripped the version
- monasca has multiple endpoints associated with a single service. For
this, I concatenated logging and monitoring to be logging-monitoring.
Closes-Bug: #1965111
Change-Id: Ic4b3ab60abad8c3dd96cd4923a67f2a8f9d195d7
Masakari-hostmonitor needs to have
corosync/pacemaker deployed.
This patch is just changing default enable_hacluter: "no"
to "yes" if masakari-hostmonitor is enabled.
Closes-Bug: #1934149
Change-Id: I979d1d6d08ca0cc0a748f175da77f68bcecc2d1a
Even on moderately sized clouds, openstack-exporter can easily take more
than 10 seconds to return, causing Prometheus to fail to scrape data.
Since the default scrape internal is 60 seconds, we can increase the
default timeout to 45 seconds.
Change-Id: Id8dffc425ff057b1e45103eb53734543bca8be80
Closes-Bug: #1976629
Following up on [1].
The 3 variables are only introducing noise after we removed
the reliance on Keystone's admin port.
[1] I5099b08953789b280c915a6b7a22bdd4e3404076
Change-Id: I3f9dab93042799eda9174257e604fd1844684c1c
Add a switches to enable/disable deploy of the Masakari monitors.
Change-Id: I3ab603f7cab7946ea8f2e063fe91190d6592066a
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>