Currently we have a very wide /run mount for all Neutron/OVS services,
which allows sudo/rootwrap to contact with the hosts dbus - all symptoms
are documented in the related bug.
Since we use tcp connections to OVS from Neutron agents - removing
bind mounts.
Closes-Bug: #1861792
Change-Id: Ifee4bec7b2e9ef4e2d624b1411f1a9e6332325c6
The start-ovsdb-server script is only ever called with one argument by
kolla ansible, so we can remove the multiple argument handling used by
kolla-kubernetes (RIP).
Change-Id: I9c3bc8ad24768052fc883c6fedd5f19336eb3fa4
This allows you to tune the performance of InfluxDB by locating the
volume on a drive that is separate to the default docker storage.
Change-Id: Iea555a2702b225b30f5d7035b8a703d4f3376ee7
Per http://eavesdrop.openstack.org/meetings/kolla/2020/kolla.2020-02-12-15.01.txt
Deprecates support for deploying MongoDB. In Victoria support for
deploying MongoDB will be removed from Kolla Ansible. Note CentOS 8
already lost support for MongoDB due to decisions made upstream.
This affects Panko as it will no longer be possible to get automatic
deployment of MongoDB database for it. However, the default, SQL,
backend is and will be supported via MariaDB.
MongoDB lost its position in OpenStack environment after
controversial relicensing under their custom SSPL (Server Side
Public License) which did not pass OSI (Open Source Initiative)
validation.
Change-Id: I09f77d275dfd2c8f9ae97a47c8ab1136a8de880f
It looks like the only missing part was the actual mount of
/lib/modules
Now Cinder Backup volumes differ from Cinder Volume volumes only
by /etc/target which is not relevant (Cinder Backup does not
provide a target).
Change-Id: Iccf4298c4f9306eb0a95b6712815778555ef44fc
Closes-bug: #1863094
By default api_interface is set to public, masakari-monitor
on compute nodes should communicate via the internal API to
reach masakari-api.
Change-Id: I454f44e57d7b17d93d4aefc4cbbed93aefe874b1
Closes-Bug: #1858431
Kolla-Ansible Ceph deployment mechanism has been deprecated in Train [1].
This change removes the Ansible code and associated CI jobs.
[1]: https://review.opendev.org/669214
Change-Id: Ie2167f02ad2f525d3b0f553e2c047516acf55bc2
There are cases when a multinode deployment ends up in unusable
keystone public wsgi on some nodes.
The root cause is that keystone public wsgi doesn't find fernet
keys on startup - and then persists on sending 500 errors to any
requests - due to a race condition between
fernet_setup/fernet-push.sh and keystone startup.
Depends-On: https://review.opendev.org/703742/
Change-Id: I63709c2e3f6a893db82a05640da78f492bf8440f
Closes-Bug: #1846789
This fixes issues reported by Mark:
- possible failure with 4-node cluster (however unlikely)
- failure to stop all nodes from progressing when conditions are
not valid (due to: "any_errors_fatal: False")
Change-Id: Ib6995bf4c99202c9813859b3d9e2f420448f0445
ceph.conf is loaded by qemu, not libvirt.
Since qemu runs as the nova user, ceph.conf owned by root
causes a permission error. The logs in
/var/log/libvirt/qemu/instance-*.log reveal the error.
This change fixes the issue by changing the ownership of ceph.conf
in nova-libvirt to the nova user.
Closes-Bug: #1861513
Change-Id: I1881f51a6c8508f0f186a5623443343dc1df41d4
Signed-off-by: Ning Yao <yaoning@unitedstack.com>
Currently the WSGI configuration for binary images uses python2.7
site-packages in some places. This change uses distro_python_version to
select the correct python path.
Change-Id: Id5f3f0ede106498b9264942fa0399d7c7862c122
Partially-Implements: blueprint python-3
In dev mode currently the python source is mounted under python2.7
site-packages. This change fixes this to use the distro_python_version
variable to ensure dev mode works with Python 3 images.
Change-Id: Ieae3778a02f1b79023b4f1c20eff27b37f481077
Partially-Implements: blueprint python-3
To make the configuration easier for the user, and to allow non-standard
ceph authentication ids - introduce ceph_*_user variables.
Change-Id: I24e01c43c826b62b6748d93a498f4b7d8ce9e309
Placement only needs its listen port to be free. During the Placement
split from Nova in commit 2fc6d4cfc5 the wrong variable got moved into
precheck for Placement, this fixes it.
Change-Id: I71e3607c50110763259bfcd70ffb2f4c76e27f62
Closes-Bug: #1861189
Generate both internal and external self signed TLS certificates.
Duplicate the certificate if internal and external VIPs are the same.
Change-Id: I16b345c0b29ff13e042eed8798efe644e0ad2c74
Partially-Implements: blueprint custom-cacerts
Delegate executing uri REST methods to the current module containers
using kolla_toolbox. This will allow self signed certificate that are
already copied into the container to be automatically validated. This
circumvents requiring Kolla Ansible to explicitly disable certificate
validation in the ansible uri module.
Partially-Implements: blueprint custom-cacerts
Change-Id: I2625db7b8000af980e4745734c834c5d9292290b
When kolla_copy_ca_into_containers is set to "yes", the Certificate
Authority in /etc/kolla/certificates will be copied into service
containers to enable trust for that CA. This is especially useful when
the CA is self signed, and would not be trusted by default.
Partially-Implements: blueprint custom-cacerts
Change-Id: I4368f8994147580460ebe7533850cf63a419d0b4
* HAProxy is now 1.8 in CentOS 8
* Support python3 in baremetal role
* Remove support for environments without python2 installed (this could
not have worked since we gather facts before this point)
Workarounds:
* Using CentOS 7 yum repo for Docker, with module_hotfixes
Change-Id: I30bd3d58f6224ad4c9575ba66c74deabe6895cc4
Partially-Implements: blueprint centos-rhel-8
This change introduces prune-images command.
Uses docker_prune module of Ansible that comes with version 2.8.
Depends-On: https://review.opendev.org/#/c/699333/
Implements: blueprint docker-image-pruning
Change-Id: Icbf374dd50e1cc1f1604bb4fa779b34279efd50c
