The concept of splitting the compute group into external/internal just
to specify agent_mode for Neutron DVR was deemed to be heavy handed, and
depreacated in the Pike cycle.
Now that Rocky has been released we can remove these completely for Stein.
Change-Id: I28a1eba7f40fee55a7ec41c27451e39e4d7fd8f0
This patchset implements Neutron rolling upgrade logic as described
in [1].
Due to only neutron, vpnass and fwaas have supported for rolling upgrade
database migration, so I used the list "neutron_rolling_upgrade_services"
in neutron/default/main.yml for contain there services.
[1] https://docs.openstack.org/neutron/latest/contributor/internals/upgrade.html
Co-author: Ha Manh Dong <donghm@vn.fujitsu.com>
Change-Id: I2ed2f941d30d4df0d0f42c0d10e7ca03ec1c166a
Implements: blueprint apply-service-upgrade-procedure
Having all services in one giant haproxy file makes altering
configuration for a service both painful and dangerous. Each service
should be configured with a simple set of variables and rendered with a
single unified template.
Available are two new templates:
* haproxy_single_service_listen.cfg.j2: close to the original style, but
only one service per file
* haproxy_single_service_split.cfg.j2: using the newer haproxy syntax
for separated frontend and backend
For now the default will be the single listen block, for ease of
transition.
Change-Id: I6e237438fbc0aa3c89a3c8bd706a53b74e71904b
Disable neutron-lbaas-agent and use lbaasv2-proxy when enable octavia.
Use keystone-auth v3 and internal endpoint for lbaasv2 plugin.
Change-Id: I69e8436f3722cf99644457323b71b94dc9036bb9
Co-Authored-By: Hieu LE <hieulq2@viettel.com.vn>
Closes-Bug: #1756771
Closes-Bug: #1738115
If we are not using l3 ha mode, it’s not necessary to delete the namespaces related to l3. It will speed up the start of the neutron l3 agent.
Change-Id: I78f6d927a78e8f9e4ed855e4b6d1362bdfc6b985
Closes-Bug: #1785880
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Co-Authored-By: confi-surya <singh.surya64mnnit@gmail.com>
Change-Id: Ifd8527d404f1df807ae8196eac2b3849911ddc26
Closes-Bug: #1761907
This commit is to apply resource-constraints to a few more OpenStack services.
Commit to apply constraints to the last set of services will be made in
the upcoming commit.
Depends-on: Icafa54baca24d2de64238222a5677b9d8b90e2aa
Change-Id: I39004f54281f97d53dfa4b1dbcf248650ad6f186
Enables setting rp_filter mode on Neutron L3 agent and Nova compute
hosts whilst maintaining the default that it is disabled.
Closes-Bug: #1782799
Change-Id: I93e53bad9727beb786b00bd7fcd6d78785c619c2
As of the Queens release, Keystone solely implements the Identity
API v3. Support for Identity API v2.0 has been removed since Queens
in favor of the Identity API v3.
Change-Id: If65b26935e8bd1e6655d84259499f4013762e4e3
Closes-Bug: #1778846
Add become to all tasks that use the module "kolla_docker"
Change-Id: I4309c4011687b88ec31d739fd8f834fe2326ff10
Partial-Implements: blueprint ansible-specific-task-become
NSXV3 is the OpenStack support for the NSX Transformers platform.
This is supported from neutron in the Mitaka version. This patch
adds Kolla support
This adds a new neutron_plugin_agent type 'vmware_nsxv3'. The plugin
does not run any neutron agents.
Change-Id: I1ecd7e5f3471e4ff03cfe8c9a3aff17af3fe1842
Currently osprofiler only choose elasticsearch,
which is only supported on x86.
On other platform like aarch64 osprofiler can
not be used since no elasticsearch package.
Enable osprofiler by enable_osprofiler: "yes",
which choose elasticsearch by default.
Choose redis by enable_redis: "yes" & osprofiler_backend: "redis"
On platform without elasticsearch support like aarch64
set enable_elasticsearch: "no"
Change-Id: I68fe7a33e11d28684962fc5d0b3d326e90784d78
In change I78cb60168aaa40bb6439198283546b7faf33917c, action was changed
to kolla_action, and serial to kolla_serial, to avoid Ansible warnings
due to use of reserved keywords. In that change, some keywords were
missed, and some changes that were merged since then have not switched
to the new variables. This change fixes all current instances of those
issues.
Change-Id: I357dffdfcb2b405e280a962d366ee65eebf0a8d1
Implements: blueprint migrate-to-ansible-2-2-0
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
Allow to set computes_need_external_bridge to true/false
depending on the desired configuration, for allowing
cases such as disable dvr and enable l3 ha.
Closes-Bug: #1769686
Change-Id: I1565b08dfccb7bec2ddda8c048b7d951c9eb1824
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
As neutron-vpnaas-agent has been loaded just inside of the existing l3 agent
rather than requiring operators to run a completely different binary with a
subclass of the existing L3 agent[1]. We need restructure this role to fit
with this new feature.
[1] https://review.openstack.org/488247
Depends-On: I47cd8ba5a14da3c76d5b1eb0b4c0cf0c729eb2ff
Change-Id: Id690a652bc9facf1c3e39358f548ab7ddd967d80
Implements: blueprint restructure-neutron-vpnaas
Closes-Bug: #1731498
Change the default hardcoded values of the dnsmasq dns resolvers
on dhcp_agent.ini.j2 to a configuration option part
of group_vars/all.yml.
Also adding 1.1.1.1 as part of the default set.
Change-Id: I629c69e556d4ddba19f68f06627038e1886ae5f9
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
If SSL is enabled, api of multiple services returns
wrong external URL without https prefix.
Removal of condition for deletion of http header.
Change-Id: I4264e04d0d6b9a3e11ef7dd7add6c5e166cf9fb4
Closes-Bug: #1749155
Closes-Bug: #1717491
This patch allows configuration of the Infoblox
pluggable IPAM driver in neutron [0].
When 'infoblox' is chosen as the driver, an Infoblox
IPAM agent can be started as well. The agent
allows for enhanced DNS capabilities by listening
for neutron and nova notifications.
[0] https://github.com/openstack/networking-infoblox/blob/master/README.rst
Change-Id: I4f863750a7806a7b6eaf13900d44e5f063afe3de
Depends-On: Ia44f0e0d7a0d60cebf0857ad51700e02eba5099b
Partially-Implements: blueprint neutron-ipam-driver-infoblox
- remove uesless module_extra_vars, this is a historical issue. In the
past, we use 'docker exec kolla_toolbox ansible xxx' to run module on
target node, so complex data have to pass through extra_vars. Now we
are using kolla_toolbox module, no need to use extra_vars anymore.
- Remove some useless until.
Change-Id: I72ed28001202917f9a82a1c3ea33cd6319911ec8
This feature replaces splitting of compute hosts into inner
and external with a new variable 'neutron_compute_dvr_mode'
that controls whether computes will have full-blown DVR or
internal only (tenant) networking.
Change-Id: I6720ccfcfcec89f9996d4cb5ae60f31eb3113667
Implements: blueprint dvr-mode-property
This patchset implements yamllint test to all *.yml
files.
Also fixes syntax errors to make jobs to pass.
Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
When bootstrap compute hosts for XenAPI, it will generate a facts
file for each compute node. It contains some XenAPI specific variables
for both the compute host and the XenServer where the compute host
run on. This commit is to fetch the facts file into deployment host
and put it under a centralized directory - each compute host will
have a separate sub-dir which is named with its *inventory_hostname*.
In this way, the following tasks can use proper variable from the
proper facts file which exactly belongs to the host they running on.
Change-Id: I68d1a2d098d38c8e6bf4db76cdaf1f0465831822
blueprint: xenserver-support
This commit contains two fixes:
1. ``of_listen_address``: We use the xenapi's facts directly, so
that we can avoid depending on facts gathered by setup for hosts;
This is useful when deploy on the role of neutron only (--tag neutron);
2. ``local_ip``: Get the proper IP for tunnel. It should be chosen
from dom0's IP which is in the same network where tunnel interface
is connected.
blueprint: xenserver-support
Change-Id: I61bbd6499323e3fddd6293a0df6baec34dbddf23
When enabled provider networks; the neutron-openvswith-agent-xenapi
should use proper bridge_mappings which should have dom0's bridges
where the VMs' vifs actually connected to for the interfaces defined
in the configure option of *neutron_external_interface*.
Depends-On: I9a6bebe19ed488bb2173d5dc2daa14e236411243
Change-Id: I44f59c69d25b8400e1b936fcdf8f21b5c4168f1f
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
When using XenAPI as the compute virt driver, we need an OVS agent
to manage the OVS running in XenServer dom0. This OVS agent uses
the HIMN(Host Internal Management Network) to communicate with
dom0's OVS. This commit includes the following changes:
* Add a new ovs agent service - neutron-openvswitch-agent-xenapi
This new agent service will run in the compute hosts and controls
the OVS running in XenServer dom0; the existing agent service -
neutron-openvswitch-agent will run in the network hosts and controls
the OVS running in network hosts.
* It retrieves XenAPI variables from the json file generated at XenAPI
bootstrap.
* Basing on the XenAPI variables, it will customize relative ml2_conf.ini's
configure options in a new template which will override the default options.
e.g.
* of_listen_address:
XenAPI use the local himn interface's IP as of_listen_address, so
that the ovs running dom0 can receive OpenFlow rules from the service
of neutron-openvswitch-agent-xenapi.
* ovsdb_connection:
XenAPI use XenServer dom0's HIMN IP as the OVS DB connection IP, so
that neutron-openvswitch-agent-xenapi can connect to dom0's OVS DB.
* host:
Use the dom0's hostname.
* At the moment, l2_population doesn't for for XenAPI. So disable it.
References:
* XenServer (and other XAPI based Xen variants):
https://docs.openstack.org/nova/pike/admin/configuration/hypervisor-xen-api.html
* XenCenter HIMN plugin (adding HIMN network which is used by XenAPI driver to
communicate with XenServer):
https://github.com/citrix-openstack/xencenter-himn-plugin
* Neutron OVS agent configuration options:
https://docs.openstack.org/neutron/latest/configuration/openvswitch-agent.html
Change-Id: Iaee0a6c84069b3e6015b00de7aea880cdd33ab09
blueprint: xenserver-support
through the database_address has beed defined in groups_vars/all.yml, we should
better use it, this way, if we want to use external database, we just need to
redefined in all.yml
refer to https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L83
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
Change-Id: Ie559301451954e16347ceaabf02f594c5c5cbe56
