Enable libvirt TLS in CI jobs with TLS enabled.
Uses the new functionality of the certificates command to generate
certificates for both libvirt client and server (added in
I1bde9fa018f66037aec82dc74c61ad1f477a7c12).
Change-Id: Ica304685b043f699799ccee6c9c2fbcf968888db
Adds support to the 'kolla-ansible certificates' command for generating
certificates for libvirt TLS, when libvirt_tls is true. The same
certificate and key are used for the libvirt client and server.
The certificates use the same root CA as the other generated
certificates, and are written to
{{ node_custom_config }}/nova/nova-libvirt/, ready to be picked up by
nova-libvirt and nova-compute.
Change-Id: I1bde9fa018f66037aec82dc74c61ad1f477a7c12
Enables zun to access cinder volumes when cinder is configured to use
external ceph.
Copies ceph config file and ceph cinder keyring to /etc/ceph in
zun_compute container.
Closes-Bug: 1848934
Change-Id: Ie56868d5e9ed37a9274b8cbe65895f3634b895c8
This fixes a bug in registering identity providers
The bug was caused by a missing `=` in the openstack command
Add the missing `=` after `--os-user-domain-name`
Closes-Bug: #1959022
Change-Id: I73f80cd2c81a3944de0933e60f5768956a1a3b70
The value of node_custom_config should is {{ node_config }}/config,
when specified using --configdir
Change-Id: I076b7d2c8980ddd3baa28f998f84a6b7005dc352
This change enables the use of Docker healthchecks for ironic-neutron-agent services.
Change-Id: I80f8319b2cf2e4ae09904a08532cde5ec0385fa3
Implements: blueprint container-health-check
There is no explanation for why this option was bumped to 1 MB instead
of the upstream default. This has been the case since the original
barbican role commit in 2016.
Restore upstream default in Yoga.
Change-Id: Ib0245f44d2b049f7e2254d8d2ea4b2080a8d62dd
Barbican has recently bumped max_allowed_secret_in_bytes from 10 KB to
20 KB since the original value was too small for some certificates [1].
Remove custom value from the barbican.conf template, which anyway was
the same as the default configuration before the recent upstream change.
The upstream change was backported to Wallaby and has been proposed to
Victoria, Ussuri and Train [2], so this change should be backported too.
[1] https://review.opendev.org/c/openstack/barbican/+/783381
[2] https://review.opendev.org/q/I59d11c5c9c32128ab9d71eaecdf46dd2d789a8d1
Change-Id: I83e4cb48192c8024650a8d347363f6babb75ad90
Closes-Bug: #1957795
They seem to think ping is too dangerous for normal users.
Co-Authored-By: Pierre Riteau <pierre@stackhpc.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/824903
Change-Id: I30c2a7b6850350901b15fe196175508634c8e9a5
CentOS Stream 8 currently has a bug which makes it require root
privileges for ping.
A workaround patch (see needed-by below) has been proposed, yet
the dependency on previous branches via the upgrade jobs make it
fail the CI.
Thus, this patch temporarily disables those jobs on CentOS Stream 8.
This patch is to be reverted once we patch the affected branches.
Needed-By: https://review.opendev.org/c/openstack/kolla-ansible/+/824681
Change-Id: I827ed30d0247f21478a45d96ae8396ec0e778d3b
