12215 Commits

Author SHA1 Message Date
Zuul
b660f97a5b Merge "Persist nova libvirt secrets in a Docker volume" 2021-06-17 09:14:18 +00:00
Zuul
7e5db84e56 Merge "Support editable installation in all cases" 2021-06-17 09:13:43 +00:00
Zuul
91d67b0821 Merge "Redis configuration syntax update" 2021-06-17 09:13:20 +00:00
Zuul
6f5f68331b Merge "Merge glance sections for nova.conf.j2" 2021-06-17 09:12:59 +00:00
Zuul
ffd200f5f1 Merge "octavia: Ensure service auth project exists" 2021-06-17 08:44:02 +00:00
Zuul
de8f9e0ded Merge "tox: Add find command to allowlist_externals list" 2021-06-17 08:43:30 +00:00
Zuul
6363fa4553 Merge "Add the ansible_managed header for admin-openrc.sh" 2021-06-17 08:43:10 +00:00
Zuul
4f8a716b1e Merge "baremetal: fix /etc/hosts generation when api_interface has dashes" 2021-06-17 08:42:50 +00:00
Zuul
db0cfea817 Merge "Reno follow up for docker_disable_ip_forward" 2021-06-15 14:31:42 +00:00
Zuul
4609afbd4e Merge "Drop /sys/fs/cgroup mounts" 2021-06-15 11:38:26 +00:00
Radosław Piliszek
286a03bad2 Drop /sys/fs/cgroup mounts
They are handled by Docker since at least 18.09 (tested).
Backport to Wallaby at most to not introduce needless restarts in
already stable branches.

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/792583
Change-Id: Ia95355c529f1b0222dc1de06632984b6d130b9ec
2021-06-15 08:55:19 +00:00
Mark Goddard
3f9662278c Reno follow up for docker_disable_ip_forward
Follow up to I5129136c066489fdfaa4d93741c22e5010b7e89d, adding upgrade
notes.

Related-Bug: #1931615
Change-Id: I2f88b8fc2c6924de9f6bc1840b183ee024c5c1e9
2021-06-15 09:49:45 +01:00
Zuul
3675b442c9 Merge "Disable docker's ip-forward when iptables disabled" 2021-06-14 16:30:09 +00:00
Zuul
f5fa171983 Merge "Add ability to use the Neutron packet logging framework" 2021-06-14 14:44:53 +00:00
Zuul
4dcea739d5 Merge "Remove support for panko" 2021-06-11 20:56:40 +00:00
Matthias Runge
ccf8cc5dca Remove support for panko
the project is deprecated and in the process of being removed
from OpenStack upstream.

Change-Id: I9d5ebed293a5fb25f4cd7daa473df152440e8b50
2021-06-11 18:00:05 +02:00
Zuul
01142ecf2d Merge "Reduce RabbitMQ busy waiting, lowering CPU load" 2021-06-11 09:35:24 +00:00
Radosław Piliszek
0fa4ee56eb Disable docker's ip-forward when iptables disabled
With the new default since Wallaby, starting Docker makes it
enable forwarding and not filter it at all.
This may pose a security risk and should be mitigated.

Closes-Bug: #1931615
Change-Id: I5129136c066489fdfaa4d93741c22e5010b7e89d
2021-06-10 19:02:33 +00:00
Zuul
aa8b8798ac Merge "Fix RabbitMQ restart ordering" 2021-06-08 17:53:11 +00:00
Zuul
8e9b4ced7e Merge "Add forgotten 'Restart container' handler for swift" 2021-06-08 09:51:55 +00:00
Mark Goddard
0cd5b027c9 Fix RabbitMQ restart ordering
The host list order seen during Ansible handlers may differ to the usual
play host list order, due to race conditions in notifying handlers. This
means that restart_services.yml for RabbitMQ may be included in a
different order than the rabbitmq group, resulting in a node other than
the 'first' being restarted first. This can cause some nodes to fail to
join the cluster. The include_tasks loop was introduced in [1].

This change fixes the issue by splitting the handler into two tasks, and
restarting the first node before all others.

[1] https://review.opendev.org/c/openstack/kolla-ansible/+/763137

Change-Id: I1823301d5889589bfd48326ed7de03c6061ea5ba
Closes-Bug: #1930293
2021-06-08 08:20:46 +00:00
Maksim Malchuk
5c19f9a5e0 Add forgotten 'Restart container' handler for swift
Since I0474324b60a5f792ef5210ab336639edf7a8cd9e swift role uses the new
service-cert-copy role introduced in the
I6351147ddaff8b2ae629179a9bc3bae2ebac9519 but the swift role itself
doesn't contain the handler used in the service-cert-copy. Right now,
restarting the swift container isn't necessary, but the handler should
exist. Also we should fix the name of the service used.

Closes-Bug: #1931097
Change-Id: I2d0615ce6914e1f875a2647c8a95b86dd17eeb22
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2021-06-08 02:48:40 +03:00
John Garbutt
70f6f8e4c0 Reduce RabbitMQ busy waiting, lowering CPU load
On machines with many cores, we were seeing excessive CPU load on systems
that were not very busy. With the following Erlang VM argument we saw
RabbitMQ CPU usage drop from about 150% to around 20%, on a system with
40 hyperthreads.

    +S 2:2

By default RabbitMQ starts N schedulers where N is the number of CPU
cores, including hyper-threaded cores. This is fine when you assume all
your CPUs are dedicated to RabbitMQ. Its not a good idea in a typical
Kolla Ansible setup. Here we go for two scheduler threads.
More details can be found here:
https://www.rabbitmq.com/runtime.html#scheduling
and here:
https://erlang.org/doc/man/erl.html#emulator-flags

    +sbwt none

This stops busy waiting of the scheduler, for more details see:
https://www.rabbitmq.com/runtime.html#busy-waiting
Newer versions of rabbit may need additional flags:
"+sbwt none +sbwtdcpu none +sbwtdio none"
But this patch should be back portable to older versions of RabbitMQ
used in Train and Stein.

Note that information on this tuning was found by looking at data from:
rabbitmq-diagnostics runtime_thread_stats
More details on that can be found here:
https://www.rabbitmq.com/runtime.html#thread-stats

Related-Bug: #1846467

Change-Id: Iced014acee7e590c10848e73feca166f48b622dc
2021-06-07 13:18:39 +01:00
Zuul
dda787fca9 Merge "Bump min Docker version" 2021-06-07 09:00:26 +00:00
Zuul
3337e9873a Merge "chrony: allow to remove the container" 2021-06-07 08:55:19 +00:00
Zuul
fad696be8d Merge "Fix release note markup" 2021-06-05 09:32:16 +00:00
likui
cccf4f7771 [TrivialFix] Remove extra slash
Change-Id: Ic45f618204875684f52133ec0f69fe7512ec9e2c
2021-06-05 07:14:27 +00:00
Mark Goddard
46bd05250d baremetal: fix /etc/hosts generation when api_interface has dashes
Interface names with dashes can cause problems in Ansible since dashes
are replaced with underscores when referencing facts. In the baremetal
role we reference the fact for api_interface without replacing dashes
with underscores. This may result in host entries being omitted from
/etc/hosts.

This change fixes the issue.

Change-Id: I667adc7d8a7dbd20dbfa293f389e02355f8275bb
Related-Bug: #1927357
2021-06-04 17:11:05 +01:00
Mark Goddard
84ac7b3096 chrony: allow to remove the container
The chrony container is deprecated in Wallaby, and disabled by default.
This change allows to remove the container if chrony is disabled.

Change-Id: I1c4436072c2d47a95625e64b731edb473384b395
2021-06-02 17:28:35 +00:00
Zuul
008ada9062 Merge "[CI] Drop Zuul host groups" 2021-06-02 11:09:26 +00:00
Zuul
45712d5e0d Merge "[CI] Move to Debian Bullseye" 2021-06-02 10:58:06 +00:00
Zuul
f2d42d80f4 Merge "Add support for Debian Bullseye (11) as host distro" 2021-06-02 02:52:30 +00:00
Zuul
667d145ae3 Merge "[docker] Add support for setting CgroupnsMode" 2021-06-02 02:49:39 +00:00
Zuul
70ebc91e7e Merge "Make rabbitmq cluster_partition_handling configurable" 2021-05-31 16:08:40 +00:00
Zuul
13f8fd75db Merge "Trivial if conditional fix in keystone.json" 2021-05-31 14:30:39 +00:00
Radosław Piliszek
e48d0a7fab [CI] Drop Zuul host groups
They are not used.

Change-Id: Icea1a5f882e2e032c22d897efbd1f137536ae580
2021-05-31 12:42:36 +00:00
Pierre Riteau
887bf6f1f3 Fix release note markup
Change-Id: I73c2b0ab9c81bfad59725a3ea16eab5c13e07815
2021-05-31 11:14:38 +02:00
Michał Nasiadka
278b63a0eb docs: Update Freenode to OFTC
Change-Id: Idaae03612dd7feabd2cdc57e510947328524e98b
2021-05-31 09:51:04 +02:00
Marcin Juszkiewicz
d60c5591c1 [CI] Move to Debian Bullseye
Wallaby upgrades run on Buster.
To be amended in Xena.

Change-Id: I8d3a320c9fb19e18d959c555d16b736b85e010cd
2021-05-30 18:44:38 +00:00
Radosław Piliszek
9a77fb1ca0 Add support for Debian Bullseye (11) as host distro
Makes nova-libvirt container always run in 'host' CgroupnsMode
to ensure it works.

Change-Id: I75105baf434977c68bc5c8ca1f5213e602c52c8c
2021-05-30 18:40:12 +00:00
Maksim Malchuk
4d6a79d217 Add the ansible_managed header for admin-openrc.sh
This change inform us that the file is 'Ansible managed'

TrivialFix

Change-Id: I99ebeb493ff9c3c7af0010ce1efea45c7f9a2559
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2021-05-30 21:38:12 +03:00
Radosław Piliszek
95520df094 [docker] Add support for setting CgroupnsMode
This is required to support Debian Bullseye (11) - need to set
nova-libvirt to use 'host' CgroupnsMode.

Change-Id: I40213d4092fa325bcf37bb1fb4437ab125fe328b
2021-05-30 18:28:54 +00:00
Radosław Piliszek
a3caf8c3a0 Bump min Docker version
And python-docker version.
Make them less scary.

Change-Id: I134e8aa8ed5eae479e5af743464dc2a0e40a1353
2021-05-28 13:22:38 +00:00
Pierre Riteau
bb56861cc5 Use mariadb-server image for mariabackup
The mariadb image was removed in Wallaby, leading to database backup
failures.

Change-Id: I90986e7521779997df2782767bb95efcbd8ef232
Closes-Bug: #1928129
2021-05-28 13:24:11 +02:00
Zuul
99e09537f2 Merge "cinder: fix condition to copy backend TLS certs" 2021-05-28 10:56:48 +00:00
Zuul
af861f98bf Merge "CI: Use PATH to find kolla-ansible script" 2021-05-27 19:49:25 +00:00
Zuul
3b9dafdf29 Merge "Indented two spaces to match the other things in this block" 2021-05-27 15:25:45 +00:00
Pierre Riteau
7d1af053b5 Remove [octavia]/base_url option from neutron.conf
This configuration option was only used by neutron-lbaas, which is now
retired. It should have been added to neutron_lbaas.conf.j2 instead.

Change-Id: Iba591473abf4304413eca0d84e0b2be197c527fc
2021-05-26 15:28:09 +02:00
Zuul
5f9c5dab9a Merge "docs: add code reviews to contributor guide" 2021-05-25 12:34:35 +00:00
Zuul
8d806277f2 Merge "docs: Add note about internal VIP when HAProxy is disabled" 2021-05-25 12:34:17 +00:00