With CentOS-based jobs disabled, we don't have any job testing the
cells scenario. This patch adds it for Ubuntu.
Change-Id: Ic872242717006085f4dc586b0aea0e068f064a4b
Prometheus is creating user and granting permissions
to database from which is gathering metrics. This
process is different when haproxy/proxysql is used.
Proxysql:
- kolla-ansible should use root_shard_ID user to connect
to ProxySQL endpoint and it is routed to proper shard.
Haproxy:
- kolla-ansible should use root user to connect to HAProxy
endpoint and that's all.
If proxysql is not used, mariadb role will not create user
shard_root_ID user in bootstrap (from my perspective of view
it should), and therefore it will fail when HAProxy is used.
This patch is just fixing user to connect.
Change-Id: Icd07807b2c404eb4d3f398879639b17f1e7949c2
MariaDB is left unchanged because its custom_member_list uses a
different group (mariadb_default_database_shard_hosts).
Change-Id: Icefd5a3d02ae4dfeb27401696c35ca2c38e203d3
In a multi-controller node, the presence of "run_once: True"
and "when: inventory_hostname == groups['keystone'][-1]"
will cause the task to be skipped
Closes-Bug: #1987982
Change-Id: I6a8f4ca285cda0675711b631aeed7ae4c992d879
Instead of specifying a custom member list for each service that should
be configured as active/passive, a new `active_passive` parameter can be
set to true. This only works if `custom_member_list` is not used.
Change-Id: I3758bc2377c25a277a29f02ebc20c946c7499093
There are two shards:
One 2-node (to test the clustering), one 1-node.
Change-Id: If3a60ad4cc39d6ad0cd72a934f5f7497cd44021b
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
This patch adds loadbalancer-config role
which is "wrapper" around haproxy-config
and proxysql-config role which will be added
in follow-up patches.
Change-Id: I64d41507317081e1860a94b9481a85c8d400797d
clouds.yaml[0] is a richer way to express configuration for OpenStack
clouds. It's also fully supported by Ansible's OpenStack modules as
well as python-openstackclient and openstacksdk. It's the future - who
doesn't like the future?
Write a file using both the public (default) and the internal endpoints
for the admin user. Also, change all of the examples to reference it
and to get python-openstackclient to use it too.
[0] https://docs.openstack.org/openstacksdk/latest/user/guides/connect_from_config.html
Implements: blueprint use-clouds-yaml
Change-Id: I557d2e4975c7b3d3c713a556b9ba47af9567ce6e
Ubuntu Jammy will only support Ceph Quincy.
Workaround for now - use Jammy in-distro packages for cephadm.
Change-Id: I30f071865b9b0751f1336414a0ae82571a332530
This patch follows upstream and disables linuxbridge testing.
Users are notified of the situation via the release note.
Change-Id: I524682ceb5287c14ef0ba99baae0c081850f4c5e
By default Bifrost generates passwords for use by services, and stores
them in files in /root/.config/bifrost/ in the container. This directory
is not persistent, so the passwords are lost if the container is
recreated. This is generally not a problem, because recreating the
container is generally done when redeploying Bifrost, and new passwords
will be generated and written to configuration files. However, if you
access the Ironic or Inspector APIs outside of the Bifrost playbooks,
the credentials will have changed.
This change fixes the issue by persisting the credentials directory in a
Docker volume. Note that applying this change will cause existing
credentials to be removed.
Closes-Bug: #1983356
Change-Id: I45a899e228b7634ba86fab5822139252c48a7f07
With the handler in the haproxy-config role, it gets triggered once for
every service that changes the firewall config. This happens because the
role is included dynamically. If we move the handler to the haproxy
role, which is only included once, the handler will trigger at most
once.
This is a follow up for Iea3680142711873984efff2b701347b6a56dd355.
Change-Id: Iad9ed241026435085bc9a0f5802818010b47830f
This variable shadows the name of the actual project that calls this
role, so we end up with the following nonsense:
TASK [haproxy-config : Copying over haproxy-config haproxy config]
Change-Id: Id60046e0ddc7ec843f2e4ce7ddee7683470a88b2
Kolla environment currently uses haproxy
to fullfill HA in mariadb. This patch
is switching haproxy to proxysql if enabled.
This patch is also replacing mariadb's user
'haproxy' with user 'monitor'. This replacement
has two reasons:
- Use better name to "monitor" galera claster
as there are two services using this user
(HAProxy, ProxySQL)
- Set password for monitor user as it's
always better to use password then not use.
Previous haproxy user didn't use password
as it was historically not possible with
haproxy and mariadb-clustercheck wasn't
implemented.
Depends-On: https://review.opendev.org/c/openstack/kolla/+/769385
Depends-On: https://review.opendev.org/c/openstack/kolla/+/765781
Depends-On: https://review.opendev.org/c/openstack/kolla/+/850656
Change-Id: I0edae33d982c2e3f3b5f34b3d5ad07a431162844
