Multiple inventories can now be passed to `kolla-ansible`. This can be
useful to construct a common inventory that is shared between multiple
environments.
Change-Id: I2ac5d7851b310bea2ba362b353f18c592a0a6a2e
As mentioned in the Iced014acee7e590c10848e73feca166f48b622dc
commit message, in Ussuri+ we can use ``+sbwtdcpu none
+sbwtdio none`` as well. This is due to relying on RMQ-provided
erlang in version 23.x.
This change adds the extra arguments by default.
It should be backported down to Ussuri before we do a release with
Iced014acee7e590c10848e73feca166f48b622dc.
Change-Id: I32e247a6cb34d7f6763b544f247fd408dce2b3a2
Delete the "haproxy_single_service_listen.cfg.j2" template,
which has been replaced by "haproxy_single_service_split.cfg.j2"
and deprecated in the Victoria version
Change-Id: I3599f85afe9d3045820ea1ea70481ea2500e49ac
In Ussuri, nova stopped using separate Ceph keys for the volumes and vms
pools by default. Instead, we set ceph_nova_keyring to the value of
ceph_cinder_keyring by default, which is ceph.client.cinder.keyring.
This is in line with the Ceph OpenStack integration guide [1]. However,
the user used by nova to access the vms pool (ceph_nova_user) defaults
to nova, meaning that nova will still try to use a
ceph.client.nova.keyring, which probably does not exist. We did not see
this issue in CI, because we set ceph_nova_user to cinder.
This change fixes the issue by setting ceph_nova_user to the value of
ceph_cinder_user by default, which is cinder.
Closes-Bug: #1934145
Related-Bug: #1928690
[1] https://docs.ceph.com/en/latest/rbd/rbd-openstack/
Change-Id: I6aa8db2214e07906f1f3e035411fc80ba911a274
Manila's wallaby release [1] made it possible for
the v2 endpoint to not include a tenant_id
(project_id). This change was made to
accommodate interactions by system scoped users.
System scoped users cannot interact with an
endpoint that needs the "tenant_id" templating,
because system scoped tokens cannot be resolved
to a particular tenant_id by definition. More
information regarding this change is captured
in the release notes for the project [2] and
the API reference [3].
[1] https://review.opendev.org/c/openstack/manila/+/773709
[2] https://docs.openstack.org/releasenotes/manila/wallaby.html#prelude
[3] https://docs.openstack.org/api-ref/shared-file-system/#shared-file-systems-api
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Change-Id: Ice359bc31429a5da403598b9b4a0e1a95d71b83f
Nova always tries to create the rabbitmq user regardless of
whether RabbitMQ is enabled or not.
This ps also adds an external rabbitmq doc.
Change-Id: Iec517226e4c82ea351889b55689a3efceaadcc76
multiple external networks are supported by linuxbridge and OVS.
Currently the config template only works for OVS
Closes-Bug: #1863935
Change-Id: I9da331e007c25c4a760839c566831769a68507a9
The Masakari job uses 4 nodes and defaulted to a quite bulky
and not really supported config (MariaDB and RMQ on 4 nodes).
This change slims it down so that we test only HA of Masakari
and hacluster. The other services are deployed single-node.
Additionally, simplify the network group (it does not affect any
other job, the logic was simply overdone there).
Change-Id: I74b315443f79d0d7780907fc785e1a29759c1803
In the Xena release, Ironic removed the iSCSI driver [1]. The
recommended driver is direct, which uses HTTP to transfer the disk
image. This requires an HTTP server, and the simplest option is to use
the one currently deployed when enable_ironic_ipxe is set to true. For
this reason, this patch always enables the HTTP server running on the
conductor.
iPXE is still enabled separately, since it cannot currently be used at
the same time as PXE.
[1] https://review.opendev.org/c/openstack/ironic/+/789382
Change-Id: I30c2ad2bf2957ac544942aefae8898cdc8a61ec6
The variable octavia_amphora_flavor should be octavia_amp_flavor.
The variable for customising network and subnet was only mentioned in
the example.
Change-Id: I3ba5a7ccc2c810fea12bc48584c064738e5aa35e
The healthcheck checks for a process called httpd, but these distros
call it apache2. This results in the ironic_ipxe container being marked
as unhealthy.
This change fixes the issue by making the process name distro dependent.
Change-Id: I0b0126e3071146e7f8593ba970ecbed65b36fcfa
Closes-Bug: #1937037
Since the Victoria release, manila-share.conf requires a glance section
for some drivers. This change adds the missing section.
It also uses the correct cinder_keystone_user variable to reference the
cinder user.
Closes-Bug: #1921935
Change-Id: Ib7ce4ed79c28456281087eb4156577f910c072e7
Adds support for passing extra runtime options to cAdvisor.
By default new options disable exporting rarely useful metrics
and labels by cAdvisor. This helps reducing the load on Prometheus
and cAdvisor itself.
Change-Id: I81f3845d6cd03a70a0c8569f8d0ea421027df083
Currently, if you override docker_yum_url, the repo must contain a GPG
key at {{ docker_yum_url }}/gpg, despite the fact that the GPG key URL
can be overridden separately via docker_yum_gpgkey. This change uses
docker_yum_gpgkey consistently, avoiding the need to keep the key in the
repo.
Closes-Bug: #1934913
Change-Id: If8e6a02ce0760123f7b076c711727ef575965192
Prior to this change, if you generated the config before deploying any
of the OVN services, it would fail on these tasks as the services will
not have been started.
TrivialFix
Change-Id: Ia85ef26015ff341bff1414da039bed52f34e7cc0
We need to correctly set keystone auth api for all cases.
By default [1] the keystone_internal_fqdn is equal to the
kolla_internal_fqdn, but in multiregion deploy it can be overriden.
1. 3a7440b370/ansible/group_vars/all.yml (L834)
Change-Id: Ib40aafaa9ca360d57e87ffdd81dbc15e603fef99
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Ansible facts can have a large impact on the performance of the Ansible
control host. This patch introduces some control over which facts are
gathered (kolla_ansible_setup_gather_subset) and which facts are stored
(kolla_ansible_setup_filter). By default we do not change the default
values of these arguments to the setup module. The flexibility of these
arguments is limited, but they do provide enough for a large performance
improvement in a typical moderate to large OpenStack cloud.
In particular, the large complex dict fact for each interface has a
large effect, and on an OpenStack controller or hypervisor there may be
many virtual interfaces. We can use the kolla_ansible_setup_filter
variable to help:
kolla_ansible_setup_filter: 'ansible_[!qt]*'
This causes Ansible to collect but not store facts matching that
pattern, which includes the virtual interface facts. Currently we are
not referencing other facts matching the pattern within Kolla Ansible.
Note that including the 'ansible_' prefix causes meta facts module_setup
and gather_subset to be filtered, but this seems to be the only way to
get a good match on the interface facts. To work around this, we use
ansible_facts rather than module_setup to detect whether facts exist in
the cache.
The exact improvement will vary, but has been reported to be as large as
18x on systems with many virtual interfaces.
For reference, here are some other tunings tried:
* Increased the number of forks (great speedup depending of the size of
the deployment)
* Use `strategy = mitogen_linear` (cut processing time in half)
* Ansible caching (little speed up)
* SSH tunning (little speed up)
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Closes-Bug: #1921538
Change-Id: Iae8ca4aae945892f1dc65e1b10381d2e26e88805
This commit adds two new cli commands to allow an operator
to read and write passwords into a configured Hashicorp Vault
KV.
Change-Id: Icf0eaf7544fcbdf7b83f697cc711446f47118a4d
