11274 Commits

Author SHA1 Message Date
Zuul
8deefbd8d1 Merge "CI: Add ansible-lint to tox" 2020-05-18 10:38:49 +00:00
Zuul
b480ecff0c Merge "CI: Discern between Ironic client and grep failure" 2020-05-17 21:02:22 +00:00
Michal Nasiadka
d8f31e0a5e CI: Add ansible-lint to tox
* Reworked tox pep8 into linters job, that runs:
  - pep8
  - bandit
  - bashate
  - doc8
  - yamllint
  - ansible-lint (validate-all-files.py + ansible-lint)

* Skip E701 - missing galaxy_info in meta and E602 see [1].
* Skip E301 and E503 - followup later in a separate change
* Added ansible-role-jobs to zuul.d/project.yaml which will run
  openstack-tox-linters job in check queue
* Fixed remaining style issue
* Made tox and docs reference the new env for linters
* Dropped pype environment (not supported)

[1]: https://github.com/ansible/ansible-lint/issues/457

Change-Id: I494b4b151804aac8173120e6c6e42bc2fdb00234
2020-05-17 17:02:38 +02:00
Zuul
fe54fdbc34 Merge "Enable W503 for flake8 check" 2020-05-17 14:07:15 +00:00
Zuul
f942e93d12 Merge "Deprecate rabbitmq_hipe_compile" 2020-05-17 12:47:35 +00:00
Zuul
bfcd2966fa Merge "multipath requires udev-rules in host" 2020-05-17 12:30:11 +00:00
Zuul
eeca3a9588 Merge "Fix Keystone Centos 8 mod_ssl" 2020-05-17 12:30:10 +00:00
Zuul
574f6c501b Merge "Fix Heat WSGI Logging" 2020-05-17 12:30:08 +00:00
Zuul
4b4662a611 Merge "Fix registration of Monasca Grafana datasource" 2020-05-17 12:26:58 +00:00
Zuul
c07ee9af4f Merge "Configure RabbitMQ user tags in nova-cell role" 2020-05-17 12:26:56 +00:00
Zuul
1fe174829d Merge "Fix deprecation warnings in fluentd" 2020-05-17 12:26:54 +00:00
Zuul
26536011d2 Merge "make murano work with endpoints with non-public CA" 2020-05-17 12:26:52 +00:00
gugug
22f7aecbd9 Enable W503 for flake8 check
W503 and W504 are incompatible and we need to choose one of them.
Existing codes follows W503, so we disable W504.

Change-Id: Ic745e956dd332eb0fa49b93c1e6acb12f8a7f26c
2020-05-17 18:21:39 +08:00
xiaojueguan
1f3cb24aeb make murano work with endpoints with non-public CA
Change-Id: Ic0d0543b6ad93743eae2a144e8a3b07de54e6d96
Closes-Bug: #1878344
2020-05-17 10:28:47 +08:00
Zuul
50359204b4 Merge "Improve fernet_token_expiry precheck" 2020-05-16 09:34:45 +00:00
Will Szumski
810acea6b1 Improve fernet_token_expiry precheck
The pre-check was broken, see bug report for details.

Change-Id: I089f1e288bae6c093be66181c81a4373a6ef3de4
Closes-Bug: #1856021
2020-05-15 16:50:35 +00:00
Michal Nasiadka
3611f053ef Fix deprecation warnings in fluentd
Change-Id: I812665059783617d581d748e619b29426f89b353
2020-05-15 17:21:21 +02:00
Jeffrey Zhang
869e3f21c2 Configure RabbitMQ user tags in nova-cell role
The RabbitMQ 'openstack' user has the 'administrator' tag assigned via
the RabbitMQ definitions.json file.

Since the Train release, the nova-cell role also configures the RabbitMQ
user, but omits the tag. This causes the tag to be removed from the
user, which prevents it from accessing the management UI and API.

This change adds support for configuring user tags to the
service-rabbitmq role, and sets the administrator tag by default.

Change-Id: I7a5d6fe324dd133e0929804d431583e5b5c1853d
Closes-Bug: #1875786
2020-05-15 16:02:46 +01:00
Doug Szumski
776253c436 Fix registration of Monasca Grafana datasource
The refactor in change I500cc8800c412bc0e95edb15babad5c1189e6ee4
broke the task `Enable Monasca Grafana datasource for control
plane organisation`. This change fixes the brackets.

Change-Id: I9167a312be107fbfddfd07740f67845c2eaafc3d
Closes-Bug: 1878878
2020-05-15 10:16:22 +01:00
generalfuzz
67a31fd219 Fix Heat WSGI Logging
Fix Heat WSGI logging directives and correct access log name.

Change-Id: Iac09e481ae46934fc26300eba8c5d81ccd0504e8
Partially-Implements: blueprint add-ssl-internal-network
2020-05-14 21:32:42 +00:00
Zuul
fe1edb1baf Merge "Fix file extension in MariaDB backup docs" 2020-05-14 14:37:30 +00:00
Zuul
cd9f7faa6c Merge "dpdk-vswitchd: some ovs tools require ovs daemons pidfiles" 2020-05-14 14:37:29 +00:00
zhouhenglc
d47ffc7947 dpdk-vswitchd: some ovs tools require ovs daemons pidfiles
Change-Id: I797bb5997e6a3391e82bff766c96f7855de4adc4
Closes-bug: #1878325
2020-05-14 18:43:59 +08:00
Zuul
d10c5ac15c Merge "Ansible lint related fixes" 2020-05-14 09:52:29 +00:00
generalfuzz
783bbfddcd Fix Keystone Centos 8 mod_ssl
Keystone was not loading the correct mod_ssl library in centos 8
deployment.

Change-Id: I604d675ba7ad28922f360fdc729746f99c1507b4
Partially-Implements: blueprint add-ssl-internal-network
2020-05-14 09:08:42 +00:00
Pierre Riteau
cdd0eb6488 Fix file extension in MariaDB backup docs
Change-Id: I0495c1e33696cea36765f027bc453b9d3e8563e0
2020-05-13 18:47:39 +02:00
Zuul
9540f22e24 Merge "Add support for encrypting Barbican API" 2020-05-13 16:36:27 +00:00
Zuul
e51f3e0c5e Merge "Fix hacking min version to 3.0.1" 2020-05-13 15:07:34 +00:00
Zuul
43469d6fdb Merge "Add extras directory to prometheus config" 2020-05-13 14:31:51 +00:00
Zuul
e17cf01f82 Merge "Support customizing prometheus.cfg files" 2020-05-13 14:31:49 +00:00
Zuul
e2b25023d9 Merge "Add extend_lists option to merge_yaml" 2020-05-13 14:31:47 +00:00
James Kirsch
2e08ffd6d3 Add support for encrypting Barbican API
This patch introduces an optional backend encryption for the Barbican
API service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Barbican service.

Change-Id: I62a43b36ebe4a03230bf944980b45e4b6938871b
Partially-Implements: blueprint add-ssl-internal-network
2020-05-13 10:26:09 +00:00
Ghanshyam Mann
7bb397a8eb Fix hacking min version to 3.0.1
flake8 new release 3.8.0 added new checks and gate pep8
job start failing. hacking 3.0.1 fix the pinning of flake8 to
avoid bringing in a new version with new checks.

Though it is fixed in latest hacking but 2.0 and 3.0 has cap for
flake8 as <4.0.0 which mean flake8 new version 3.9.0 can also
break the pep8 job if new check are added.

To avoid similar gate break in future, we need to bump the hacking min
version.

- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014828.html

Change-Id: I4b11eaad9eac9985342a00e583f16e379a2ad04a
2020-05-12 19:26:30 -05:00
Zuul
c3a4f78d14 Merge "Stop mocking ansible modules globally" 2020-05-12 21:31:13 +00:00
Michal Nasiadka
2128075c6e Ansible lint related fixes
Change-Id: I146ea3d84efb83ec5d7405644ad372e57ecafc1e
2020-05-12 17:39:07 +00:00
Zuul
e53b3e69eb Merge "CI: Blacklist Ansible 2.9.8" 2020-05-12 15:44:43 +00:00
Mark Goddard
100f92563f CI: Blacklist Ansible 2.9.8
Ansible 2.9.8 includes a regression on the fileglob plugin [1] that
causes the HAProxy role to fail.

This change blacklists Ansible 2.9.8 to work around the issue.

[1] https://github.com/ansible/ansible/issues/69450

Change-Id: I12ca3b154fc7fed6a221880596e0acb5f6278bb7
Related-Bug: #1878192
2020-05-12 11:55:44 +00:00
Zuul
12ac15b5f7 Merge "Use FQDN to communicate with Kibana and Elasticsearch" 2020-05-11 20:18:53 +00:00
Zuul
5c193cbe95 Merge "Fixes Gnocchi & external Ceph integration" 2020-05-11 15:31:21 +00:00
Will Szumski
d05578f59f Add extras directory to prometheus config
This provides a generic mechanism to include extra files
that you can reference in prometheus.yml, for example:

scrape_targets:
  - job_name: ipmi
    params:
      module: default
    scrape_interval: 1m
    scrape_timeout: 30s
    metrics_path: /ipmi
    scheme: http
    file_sd_configs:
    - files:
      - /etc/prometheus/extras/file_sd/ipmi-exporter-targets.yml
      refresh_interval: 5m

Change-Id: Ie2f085204b71725b901a179ee51541f1f383c6fa
Related: blueprint custom-prometheus-targets
2020-05-11 13:47:12 +01:00
Will Szumski
956a29f83a Support customizing prometheus.cfg files
This provides a mechanism to scrape targets defined outside of kolla-ansible.

Depends-On: https://review.opendev.org/#/c/685671/
Change-Id: I0950341b147bb374b4128f09f807ef5a756f5dfa
Related: blueprint custom-prometheus-targets
2020-05-11 13:47:12 +01:00
Will Szumski
69a6acf7a8 Add extend_lists option to merge_yaml
This allows you to extend lists in yaml config. This is useful, for
example, in prometheus.yml, where it would be nice to be able to
extend the scrape_configs to include exporters that aren't packaged
with kolla-ansible. This would provide a mechanism to do so.

Change-Id: I7a10e363f42e8ffaae3c0d2c2a758853e2cab7e1
Related: blueprint custom-prometheus-targets
2020-05-11 13:47:12 +01:00
Will Szumski
4fcbdd7740 Stop mocking ansible modules globally
This causes non-local side effects that are hard to track down. E.g:

--- import errors ---
Failed to import test module: tests.test_merge_yaml
Traceback (most recent call last):
  File "/home/will/.pyenv/versions/3.7.7/lib/python3.7/unittest/loader.py", line 436, in _find_test_path
    module = self._get_module_from_name(name)
  File "/home/will/.pyenv/versions/3.7.7/lib/python3.7/unittest/loader.py", line 377, in _get_module_from_name
    __import__(name)
  File "/home/will/code/kolla-ansible/tests/test_merge_yaml.py", line 19, in <module>
    from ansible.errors import AnsibleModuleError
ModuleNotFoundError: No module named 'ansible.errors'; 'ansible' is not a package

This `'ansible' is not a package` message occurs because ansible is a Mock.

Depends-On: https://review.opendev.org/#/c/726768/
Change-Id: Iddbdd3d855daadbf12536cc990559e6b8e123051
2020-05-11 13:47:12 +01:00
Zuul
9768c266fd Merge "Add release note for CloudKitty configuration fixes" 2020-05-11 12:28:47 +00:00
Mark Goddard
82c5c1c75f Fixes Gnocchi & external Ceph integration
The removal of Kolla Ceph deploy [1] broke gnocchi & external Ceph
integration - the variable gnocchi_pool_name is referenced in the config
template, but should now be ceph_gnocchi_pool_name.

This change fixes the issue.

Reported by Nick Wilson.

[1] https://review.opendev.org/#/c/704309/12/ansible/roles/gnocchi/defaults/main.yml

Change-Id: I7089781c0c4d7bce8a44cb8b1fca847dd0b7efd1
Closes-Bug: #1877974
2020-05-11 10:23:58 +01:00
Zuul
a5c1d36626 Merge "Make nova perms consistent between applications" 2020-05-11 08:29:26 +00:00
Fabian Zimmermann
5dfc270a62 multipath requires udev-rules in host
install sg3-utils-udev if multipath is enabled, else SCSI_IDENT*
vars are missing in udev.

Closes-Bug: 1877509
Change-Id: Ib205f3cdb775c9cfa719325f702f4fad196d346b
2020-05-08 08:32:47 +02:00
Zuul
a44bba845f Merge "Update Advanced Config guide to clarify paths" 2020-05-07 11:41:54 +00:00
Radosław Piliszek
93c9ad892c Make nova perms consistent between applications
Nova cells support introduced a slight regression that triggers
odd behaviour when we tried switching to Apache (httpd) [1].
Bootstrap no longer applied permissions recursively to all log
files, creating a discrepancy between normal and bootstrap runs
and also Nova and other services such as Cinder (regarding
bootstrap logging).

This patch fixes it.

Backport to Train.

Not creating reno nor a bug record because it does not affect
any current standard usage in any currently known way.

Note this only really hides (standardizes?) the global issue that
we don't control file permissions on newly created files too well.

[1] https://review.opendev.org/724793

Change-Id: I35e9924ccede5edd2e1307043379aba944725143
Needed-By: https://review.opendev.org/724793
2020-05-06 18:36:10 +00:00
Pierre Riteau
4503bf2419 Add release note for CloudKitty configuration fixes
This note refers to configuration changes done in
I626dc7afe9eabfbeb6c08137a3e6bbeebde2b332.

Change-Id: I75a37b9d3b28964f353977baa3a9f49fc424d866
Closes-Bug: #1876985
2020-05-05 22:53:30 +02:00