This change serialises the neutron l3 agent restart process and adds a
user configurable delay between restarts. This can prevent connectivity
loss due to all agents being restarted at the same time.
Routers increase the recovery time, making this issue more prevalent.
Change-Id: I3be0ebfa12965e6ae32d1b5f13f8fd23c3f52b8c
In order to honour configured max number of attempts
it has to be presented in nova.conf inside of
nova_conductor container, otherwise the default value
of 3 will be used
Closes-Bug: #2003587
Change-Id: I928af332b8658223444594f96417830233057284
This commit adds SystemdWorker class to kolla_docker ansible module.
It is used to manage container state via systemd calls.
Change-Id: I20e65a6771ebeee462a3aaaabaa5f0596bdd0581
Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Signed-off-by: Martin Hiner <m.hiner@partner.samsung.com>
As rabbitmq's configuration file is not ini or yaml file,
there is no option to extend configuration by new config
options via merge_configs or merge_yaml.
This patch moves config options to dictionary
so it can be overriden in /etc/kolla/globals.yml.
Change-Id: I5cd772f4fb80a0e200fb24d67be735ca81e3fdeb
Nova changes to RBAC [1] are breaking Kolla Ansible and causing most CI
jobs to fail. Disable these changes until we can adapt.
[1] https://review.opendev.org/c/openstack/nova/+/866218
Change-Id: I506697d2b374e74a6b066c788bd2d61edc8d4876
According to the code, docs and oslo-config-validator, this
configuration option is not supported.
Change-Id: I34410e5267d527ec629748f35771f227183810b6
Makes sure the facts required to generate octavia.conf are available
when using genconfig.
This change also ensures that the necessary tasks run when using Ansible
check mode.
Closes-Bug: #1987299
Change-Id: Ib8fbee2d3abdcfd2eae0f9b3e9b69eeb0e3086e0
A combination of durable queues and classic queue mirroring can be used
to provide high availability of RabbitMQ. However, these options should
only be used together, otherwise the system will become unstable. Using
the flag ``om_enable_rabbitmq_high_availability`` will either enable
both options at once, or neither of them.
There are some queues that should not be mirrored:
* ``reply`` queues (these have a single consumer and TTL policy)
* ``fanout`` queues (these have a TTL policy)
* ``amq`` queues (these are auto-delete queues, with a single consumer)
An exclusionary pattern is used in the classic mirroring policy. This
pattern is ``^(?!(amq\\.)|(.*_fanout_)|(reply_)).*``
Change-Id: I51c8023b260eb40b2eaa91bd276b46890c215c25
When running in check mode, some prechecks previously failed because
they use the command module which is silently not run in check mode.
Other prechecks were not running correctly in check mode due to e.g.
looking for a string in empty command output or not querying which
containers are running.
This change fixes these issues.
Closes-Bug: #2002657
Change-Id: I5219cb42c48d5444943a2d48106dc338aa08fa7c
Prevent the haproxy-config role from attempting to modify firewalld when
running kolla-ansible genconfig.
Closes-Bug: #2002522
Change-Id: Ie8a524cc944aa8cb9cf0999b1b8da79f30b40092
assert will also fail when we're not meeting the conditions, makes
clear what we're actually testing, and isn't listed as a skipped task
when the condition is ok.
Change I940b1d3eceb98e16fa366c243672f588b1412d70 dropped CentOS 7,
so now we're just asserting that it's not RedHat.
Change-Id: Iec4e9a6922b67f7c9eb79f580fffbcc8160529e9
assert will also fail when we're not meeting the conditions, makes
clear what we're actually testing, and isn't listed as a skipped task
when the condition is ok.
Change-Id: Ia72c7052d7f9b8c7d86d74a15dcd9e003178972b
assert will also fail when we're not meeting the conditions, makes
clear what we're actually testing, and isn't listed as a skipped task
when the condition is ok.
Change-Id: I3e396f1c605d5d2644e757bbb3d954efe537b65e
assert will also fail when we're not meeting the conditions, makes
clear what we're actually testing, and isn't listed as a skipped task
when the condition is ok.
Change-Id: I20a48bb2eaa3715c6351f5ede04c191ea0a10d3d
assert will also fail when we're not meeting the conditions, makes
clear what we're actually testing, and isn't listed as a skipped task
when the condition is ok.
Change-Id: I7d316e11a733c63133cc80677ec1e790e76bf8c6
assert will also fail when we're not meeting the conditions, makes
clear what we're actually testing, and isn't listed as a skipped task
when the condition is ok.
Change-Id: I4c919b523dde2602c81179ab3d28b913650b4c9f
assert will also fail when we're not meeting the conditions, makes
clear what we're actually testing, and isn't listed as a skipped task
when the condition is ok.
Change-Id: Iffb84aa14b930eb82cf2043add721c1717ca6c74
The ``[oslo_messaging_rabbit] heartbeat_in_pthread`` config option
is set to ``true`` for wsgi applications to allow the RabbitMQ
heartbeats to function. For non-wsgi applications it is set to ``false``
as it may otherwise break the service [1].
[1] https://docs.openstack.org/releasenotes/oslo.messaging/zed.html#upgrade-notes
Change-Id: Id89bd6158aff42d59040674308a8672c358ccb3c
Setting ovn-monitor-all to 'true' will configure
ovn-controller to monitor all OVS database records
unconditionally. That will release some CPU resource
from OVS Southbound DB but will increase number of events
coming to ovn-controller.
Default value is 'false'.
Change-Id: I291e166013d8c88f00e84ceaf308251c352c9a79
Regularly, we experience issues in Kolla Ansible deployments because we
use wrong options in OpenStack configuration files. This is because
OpenStack services ignore unknown options. We also need to keep on top
of deprecated options that may be removed in the future. Integrating
oslo-config-validator into Kolla Ansible will greatly help.
Adds a shared role to run oslo-config-validator on each service. Takes
into account that services have multiple containers, and these may also
use multiple config files. Service roles are extended to use this shared
role. Executed with the new command ``kolla-ansible validate-config``.
Change-Id: Ic10b410fc115646d96d2ce39d9618e7c46cb3fbc
Without this setting, the keystone fetcher fails to authenticate when
using internal TLS with a local CA.
Closes-Bug: #2000097
Change-Id: Ia709f450c3e5b73e145e89a305cd038c05507dc6
We sometimes have the requirement that images should explicitly not
be pulled. Using the service-images-pull tag, it is now possible to
skip the actual pull task by using --skip-tags.
Change-Id: Ia00a5ecbcb944c252cd9d0366d8cf1e7ff6327f7
The opensearch config playbook was iterating over opensearch_services,
generating a file named opensearch-dashboards.yml containing an empty
JSON dictionary. The next task was generating opensearch_dashboards.yml
which is actually used by OpenSearch Dashboards.
Remove with_dict in the first task to only generate opensearch.yml.
Change-Id: I39cf74916630d27cd34ce0783ba8c3c0d20bbddc
This change replaces ElasticSearch with OpenSearch, and Kibana
with OpenSearch Dashboards. It migrates the data from ElasticSearch
to OpenSearch upon upgrade.
No TLS support is in this patch (will be a followup).
A replacement for ElasticSearch Curator will be added as a followup.
Depends-On: https://review.opendev.org/c/openstack/kolla/+/830373
Co-authored-by: Doug Szumski <doug@stackhpc.com>
Co-authored-by: Kyle Dean <kyle@stackhpc.com>
Change-Id: Iab10ce7ea5d5f21a40b1f99b28e3290b7e9ce895
We have been using --db-nb-create-insecure-remote=yes - that results
a TCP method is set by ovn-ctl script to run ovsdb-server.
Downside is - we can't configure inactivity probe on that connection.
Closes-Bug: #1917484
Change-Id: I550aa4fe92aadea2a49ca5aff49c0183609b9470
Instead of handling everything in one role - let's have small
fit-for-purpose roles, because in reality these are two hosts
roles and performance should be better with this approach.
[1]: https://docs.ovn.org/en/latest/intro/install/ovn-upgrades.html
Change-Id: I8f9dbe9d950323f16375ad5e1dbaedfb1be6585f
Typo fix and adding condition on not checking docker SDK version
when container engine is not docker
This is a followup to Ic30b67daa2e215524096ad1f4385c569e3d41b95
Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Change-Id: Iafa24db06ad46bcfe250451ed98bc3c48d8a5138
