953 Commits

Author SHA1 Message Date
Grzegorz Koper
8fb0bddfe9 Fix services config in single external frontend
Adding missing group_vars for gnocchi service.
Using proper variables in haproxy config for vitrage and venus services.

Closes-Bug: #2038904
Change-Id: I06e8f29440c13864a866ea03ce0a0821fbe846f8
2023-10-12 12:00:44 +00:00
Bartosz Bezak
fc7deed9cd Default keystone user role changed to member
_member_ role is a long not used default keystone role,
for instance Horizon moved to use member role from yoga [1]

[1] https://docs.openstack.org/horizon/yoga/configuration/settings.html#openstack-keystone-default-role

Closes-Bug: #2038314
Change-Id: Idc9bce82c682e37c5bea10c93577091b85f3ad45
2023-10-04 11:07:09 +00:00
Michal Nasiadka
00dfa4233c Remove remnants of Monasca and deps
Following Monasca initial removal in [1]

[1]: I6fc7842bcda18e417a3fd21c11e28979a470f1cf

Change-Id: I94d6f102e8da3882f37f3007639b917c49f907a9
2023-10-02 13:10:03 +02:00
Dincer Celik
f64c86de1d [haproxy] Adds http/2 support to HAProxy
This change introduces haproxy_enable_http2 to let operators enable
http/2 on HAProxy frontends when kolla_enable_tls_external is enabled.

Change-Id: I2e00d3e9193a3052d43a228915ea249794490afe
Closes-Bug: #1850924
2023-09-25 11:36:54 +02:00
Célestin Matte
4b52e11528 Fix ansible-lint warnings related to jinja spacing
Change-Id: I901c0a57efcb6cbaaac43f64f2243fff7d7980c8
2023-09-18 15:44:39 +02:00
Zuul
da2d8e8b83 Merge "Remove duplicate whitespace" 2023-09-08 11:27:55 +00:00
Zuul
b3c13d22ff Merge "Use better default bind address for ironic-tftp" 2023-08-30 17:03:38 +00:00
Robin Klostermeyer
9a9c8fe794 Add ironic-prometheus-exporter
This commit adds the ironic-prometheus-exporter, following the
conventions used by the previously integrated exporters. '[The] Ironic
Prometheus Exporter is a Tool to expose hardware sensor data in the
Prometheus format through an HTTP endpoint.'[0]

Prometheus has been enabled in CI jobs to ensure test coverage.

[0] https://opendev.org/openstack/ironic-prometheus-exporter

Depends-On: https://review.opendev.org/c/openstack/kolla/+/874415

Change-Id: I6d421effd833d2e0524dd0b81736445c9a730ea9
2023-08-30 09:24:56 +02:00
Pierre Riteau
f6e83f92c7 Remove duplicate whitespace
Change-Id: Ica155c5da29d36a3f944eb6a4a0ef5af88b01358
2023-08-29 14:43:16 +02:00
Matt Crees
b86c304a29 Enable RabbitMQ HA queues by default
Sets the variable ``om_enable_rabbitmq_high_availability`` to ``true``
by default. An upgrade will therefore require some manual steps to
migrate from transient to durable queues. Note that this will be
caught by this precheck:
https://review.opendev.org/c/openstack/kolla-ansible/+/880274

Also updates the CI upgrade jobs to perform this migration. This will
need to be removed in Caracal.

Related-Bug: #2031294

Change-Id: I26a70d4722aaa4663eced5f5337840474c7b961c
2023-08-25 10:10:04 +00:00
Michal Nasiadka
d1a52b5816 debian: Add Bookworm Host OS support
Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/892323

Change-Id: I11db700511233aa60229ee65d0cc96e46aafdf90
2023-08-24 19:08:36 +00:00
Zuul
b49694ff99 Merge "rabbitmq: add rabbitmq_datadir_volume parameter" 2023-08-09 16:22:01 +00:00
Michal Nasiadka
4bc410c6ca haproxy: support single external frontend
Use case: exposing single external https frontend and
load balancing services using FQDNs.

Support different ports for internal and external endpoints.

Introduced kolla_url filter to normalize urls like:
- https://magnum.external:443/v1
- http://magnum.external:80/v1

Change-Id: I9fb03fe1cebce5c7198d523e015280c69f139cd0
Co-Authored-By: Jakub Darmach <jakub@stackhpc.com>
2023-06-29 01:44:00 +02:00
Zuul
1e9f19aa6b Merge "Use friendly prometheus instance labels" 2023-06-22 17:01:47 +00:00
yann.degat
81948f5b16 Use better default bind address for ironic-tftp
ironic tftp service binds on 0.0.0.0. This may be
an issue in some setup. This patch propose a better
default, such as using the same listen address as
the dnsmasq service

Closes-Bug: #2024664

Change-Id: I0401bfc03cd31d72c5a2ae0a111889d5c29a8aa2
2023-06-22 13:12:18 +00:00
Bartosz Bezak
309793d425 Set previous_release to stable/2023.1
Change-Id: Idbbd02b966922d5857ed54bac57668f0cf22113c
2023-06-20 10:43:20 +02:00
Dawud
eef3ff3084 Use friendly prometheus instance labels
Replaces the instance label on prometheus metrics with the inventory
hostname as opposed to the ip address. The ip address is still used as
the target address which means that there is no issue of the hostname
being unresolvable. Can be optionally enabled or set to FQDNs by
changing the prometheus_instance_label variable as mentioned in the
release notes.

Co-Authored-By: Will Szumski <will@stackhpc.com>
Change-Id: I387c9d8f5c01baf6054381834ecf4e554d0fff35
2023-06-20 06:44:10 +00:00
Zuul
a53052ede3 Merge "Add support for multiple ceph files" 2023-06-16 16:51:23 +00:00
Michal Arbet
fdf2385f14 Add support for multiple ceph files
This patch is adding a feature for an option to copy different
ceph configuration files and corresponding keyrings for cinder,
glance, manila, gnocchi and nova services.

This is especially useful when the deployment uses availability
zones as below example.

  - Individual compute can read/write to individual ceph
    cluster in same AZ.
  - Cinder can write to several ceph clusters in several AZs.
  - Glance can use multistore and upload images to
    several ceph clusters in several AZs at once.

Change-Id: Ie4d8ab5a3df748137835cae1c943b9180cd10eb1
2023-06-14 10:18:11 +02:00
Michal Nasiadka
07815a21da neutron: Add neutron-ovn-agent support
Depends-On: https://review.opendev.org/c/openstack/neutron/+/878535
Change-Id: I05d8b29b59a7de76da488f68775547a8f0f11d0f
2023-05-19 10:20:16 +00:00
Zuul
226eb2aa99 Merge "Configure coordination in default for masakari-api" 2023-04-20 09:11:13 +00:00
Zuul
f5991df02b Merge "mariadb: add mariadb_datadir_volume parameter" 2023-04-19 08:27:42 +00:00
Michal Arbet
842adf6d2f Configure coordination in default for masakari-api
This patch introduces distributed lock for masakari-api
service when handle the concurrent notifications for the same
host failure from multiple masakari-hostmonitor services.

Change-Id: I46985202dc8da22601357eefe2727599e7a413e5
2023-04-17 20:02:42 +02:00
Christian Berendt
a78127414c rabbitmq: add rabbitmq_datadir_volume parameter
With the parameter rabbitmq_datadir_volume it is possible
to use a directory as volume for the rabbitmq service. By default,
a volume named rabbitmq is used (the previous default).

Change-Id: I99d6bd71ca79cba81062dedfb767c5ed341bb182
2023-03-06 23:49:11 +01:00
Christian Berendt
b327ae4a56 mariadb: add mariadb_datadir_volume parameter
With the parameter ``mariadb_datadir_volume`` it is possible
to use a directory as volume for the mariadb service. By default,
a volume named mariadb is used (the previous default).

Change-Id: Ic61fe981825c5fa6f50e53c9555b6a102f42f522
2023-03-06 23:45:23 +01:00
Christian Berendt
6768b760ab Add neutron_ovn_availability_zones parameter
With the new ``neutron_ovn_availability_zones`` parameter it is possible
to define network availability zones for OVN. Further details can be found
in the Neutron OVN documentation:
https://docs.openstack.org/neutron/latest/admin/ovn/availability_zones.html#how-to-configure-it

Change-Id: I203e0d400a3218d0b4a41f2a948207032c4febec
2023-03-06 13:28:28 +00:00
Zuul
ff0fca8fdc Merge "Switch trove-api to wsgi running under apache." 2023-02-20 16:46:42 +00:00
wu.chunyang
303998e294 Switch trove-api to wsgi running under apache.
This change also adds support for Trove backend TLS.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/854744
Change-Id: I2acf7820b24b112b57b0c00a01f5c4b8cb85ce25
2023-02-02 01:22:59 +00:00
yangshaoxue
113b77c8cb Add skyline service
Support to deploy skyline by kolla-ansible.

Implements: blueprint skyline
Depends-On: https://review.opendev.org/c/openstack/kolla/+/826948

Change-Id: Ice5621491a432ba32138abd6f62d1f815cc219e0
2023-01-31 13:47:18 +08:00
Ghanshyam Mann
283fa242ca Remove system scope token to access services
As per the RBAC new direction in Zed cycle, we have dropped the
system scope from API policies and all the policies are hardcoded
to project scoped so that any user accessing APIs using system scope
will get 403 error. It is dropped from all the OpenStack services
except for the Ironic service which will have system scope and to
support ironic only deployment, we are keeping system as well as project
scope in Keystone.

Complete discussion and direction can be found in the below gerrit
change and TC goal direction:

- https://review.opendev.org/c/openstack/governance/+/847418
- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#the-issues-we-are-facing-with-scope-concept

As phase-2 of RBAC goal, services will start enabling the new
defaults and project scope by default. For example: Nova did in
- https://review.opendev.org/c/openstack/nova/+/866218

Kolla who start accessing the services using system scope token
- https://review.opendev.org/c/openstack/kolla-ansible/+/692179

This commit partially revert the above change except keeping
system scope usage for Keystone and Ironic. Rest all services are changed
to use the project scope token.

And enable the scope and new defaults for Nova which was disabled
by https://review.opendev.org/c/openstack/kolla-ansible/+/870804

Change-Id: I0adbe0a6c39e11d7c9542569085fc5d580f26c9d
2023-01-26 17:52:00 -06:00
Zuul
32dce70f09 Merge "Drop skydive" 2023-01-19 10:26:01 +00:00
Matt Crees
09df6fc1aa Add a flag to handle RabbitMQ high availability
A combination of durable queues and classic queue mirroring can be used
to provide high availability of RabbitMQ. However, these options should
only be used together, otherwise the system will become unstable. Using
the flag ``om_enable_rabbitmq_high_availability`` will either enable
both options at once, or neither of them.

There are some queues that should not be mirrored:
* ``reply`` queues (these have a single consumer and TTL policy)
* ``fanout`` queues (these have a TTL policy)
* ``amq`` queues (these are auto-delete queues, with a single consumer)
An exclusionary pattern is used in the classic mirroring policy. This
pattern is ``^(?!(amq\\.)|(.*_fanout_)|(reply_)).*``

Change-Id: I51c8023b260eb40b2eaa91bd276b46890c215c25
2023-01-13 15:40:08 +00:00
Bartosz Bezak
5f492f1390 Set previous_release to zed
Change-Id: Ie9832bd9cae497e7dbd2a03661361c125d8ec15a
2023-01-10 11:59:17 +01:00
Michal Nasiadka
673ca8c7e7 Drop skydive
Change-Id: I8855bd60c2fd77f33fb55d4123131a94327bd166
2023-01-05 14:55:53 +01:00
Michal Nasiadka
f128d19957 Remove kafka, storm, zookeeper
Their cleanup has been added to monasca cleanup command.

Change-Id: I19a846e2683ae70b33ca64d2aba7ac71eb724588
2022-12-08 06:50:15 +00:00
Zuul
113242c864 Merge "Replace ElasticSearch and Kibana with OpenSearch" 2022-12-01 14:38:51 +00:00
Michal Nasiadka
e1ec02eddf Replace ElasticSearch and Kibana with OpenSearch
This change replaces ElasticSearch with OpenSearch, and Kibana
with OpenSearch Dashboards. It migrates the data from ElasticSearch
to OpenSearch upon upgrade.

No TLS support is in this patch (will be a followup).

A replacement for ElasticSearch Curator will be added as a followup.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/830373

Co-authored-by: Doug Szumski <doug@stackhpc.com>
Co-authored-by: Kyle Dean <kyle@stackhpc.com>
Change-Id: Iab10ce7ea5d5f21a40b1f99b28e3290b7e9ce895
2022-12-01 10:27:50 +00:00
Zuul
83a51bbb30 Merge "Allow setting any_errors_fatal true for gather-facts" 2022-11-22 10:08:57 +00:00
Zuul
a28af74982 Merge "Add NVMe-RoCE Cinder driver support for Pure Storage" 2022-11-16 20:57:24 +00:00
Doug Szumski
adb8f89a36 Remove support for deploying OpenStack Monasca
Kolla Ansible is switching to OpenSearch and is dropping support for
deploying ElasticSearch. This is because the final OSS release of
ElasticSearch has exceeded its end of life.

Monasca is affected because it uses both Logstash and ElasticSearch.
Whilst it may continue to work with OpenSearch, Logstash remains an
issue.

In the absence of any renewed interest in the project, we remove
support for deploying it. This helps to reduce the complexity
of log processing configuration in Kolla Ansible, freeing up
development time.

Change-Id: I6fc7842bcda18e417a3fd21c11e28979a470f1cf
2022-11-11 15:48:11 +00:00
Zuul
a0fc5c5205 Merge "octavia: run auto_configure only when amphora is enabled" 2022-11-10 12:14:49 +00:00
Simon Dodsley
716899ffba Add NVMe-RoCE Cinder driver support for Pure Storage
From OpenStack Zed the Pure Storage Cinder driver supports
NVMe-RoCE as a dataplane protocol. This patch adds support
for this new driver type.

Also amend a couple of documentation formatting typos.

Change-Id: Ic1eed7d19e9b583e22419625c92ac3507ea4614d
2022-11-07 12:23:45 -05:00
Michal Nasiadka
587f5382de octavia: run auto_configure only when amphora is enabled
Change-Id: I87845ec386fda3c6582abad37ae7d8600f222000
2022-10-28 11:59:35 +02:00
Ivan Halomi
910f9bd36f Usage of kolla_container_engine variable instead of docker
First part of patchset:
 https://review.opendev.org/c/openstack/kolla-ansible/+/799229/
in which was suggested to split patch into smaller ones.

This implements kolla_container_engine variable
in command calls of docker,so later on it can be
also used for podman without further change.

Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Change-Id: Ic30b67daa2e215524096ad1f4385c569e3d41b95
2022-10-28 09:15:55 +02:00
Zuul
f9bc6b10a5 Merge "Default to Rocky Linux instead of CentOS Stream" 2022-10-26 12:20:31 +00:00
Zuul
05da50b46e Merge "designate: Enable Sink only when designate is enabled" 2022-10-20 13:54:57 +00:00
Bartosz Bezak
b4ff2ad981 designate: Enable Sink only when designate is enabled
A recent patch [1] enabled sink related changes to nova/neutron even
when designate is not enabled. This patch fixes that.

[1] - https://review.opendev.org/c/openstack/kolla-ansible/+/802301

Change-Id: I6d76f342a7cdbcc61d1522689ea489b60353adcd
2022-10-20 13:09:13 +02:00
Marcin Juszkiewicz
3c6959df33 Default to Rocky Linux instead of CentOS Stream
We agreed that CentOS Stream 9 images are not published as we keep it
for CI use only (to check potential failures before it hits RHEL).

We recommend Rocky Linux 9 instead.

Change-Id: I06e6746e5c2abbdcd97912ea2f99d82fc662531d
2022-10-18 14:50:11 +02:00
Marcin Juszkiewicz
33d37575f9 Update RHEL family information
Some time ago we dropped RHEL as one of possible options. During 'Zed'
cycle we added Rocky Linux 9 as alternative to CentOS Stream 9.

This change updates some mentions of both.

Change-Id: I9ed93efcb7d1ff97b1c7d8342db8252aba2a9887
2022-10-18 14:42:39 +02:00
Radosław Piliszek
5b431f0f7f Allow setting any_errors_fatal true for gather-facts
Kolla Ansible now supports failing execution early if fact collection
fails on any of the hosts. This is to avoid late failures due to missing
facts (especially cross-host).

Change-Id: I7a74b937ded0b9da0621cf413f3a5d0d13a2cd68
Partial-Bug: #1833737
2022-10-10 11:11:15 +00:00