868 Commits

Author SHA1 Message Date
Marcin Juszkiewicz
e17a0ca24a init-runonce: use CirrOS 0.6.0
CirrOS 0.6.0 was released yesterday. Has newer kernel and userspace,
better network configuration (more IPv6 stuff) and some other
improvements.

Change-Id: Ife7767904efe64602531fa3eb163c78260650909
2022-09-29 11:08:32 +02:00
Michal Nasiadka
81f3aa5ac0 init-runonce: Add KOLLA_CONFIG_PATH support
Kayobe uses it, so let's fix the check.

Change-Id: I99b2a7f8609fd708f4829f21c81029c7b8da5d73
2022-09-28 17:35:09 +00:00
Michal Nasiadka
ed2cf2f5e5 Change clouds.yaml location
It's a followup to 73a1812c5856be635827b6c6de81b39c22346457
addressing post-merge comments.

Change-Id: Idd458ad6ef29e4eee2f9e537b4eae39d26eb9f64
2022-09-27 11:10:12 +00:00
Zuul
7c36bbfa00 Merge "Remove the deprecated storage_interface var" 2022-08-15 09:54:58 +00:00
Zuul
981699f554 Merge "Add clouds.yaml file and use it" 2022-08-09 13:14:55 +00:00
Monty Taylor
73a1812c58 Add clouds.yaml file and use it
clouds.yaml[0] is a richer way to express configuration for OpenStack
clouds. It's also fully supported by Ansible's OpenStack modules as
well as python-openstackclient and openstacksdk. It's the future - who
doesn't like the future?

Write a file using both the public (default) and the internal endpoints
for the admin user. Also, change all of the examples to reference it
and to get python-openstackclient to use it too.

[0] https://docs.openstack.org/openstacksdk/latest/user/guides/connect_from_config.html

Implements: blueprint use-clouds-yaml
Change-Id: I557d2e4975c7b3d3c713a556b9ba47af9567ce6e
2022-08-08 12:19:47 +00:00
Radosław Piliszek
1bb4acbf9a Remove the deprecated storage_interface var
Change-Id: I63673761959a560e97c848f092f086ceba25839a
2022-07-27 12:37:59 +02:00
Zuul
2bce0f61f5 Merge "init-runonce: Migrate to ECDSA keys" 2022-07-21 14:11:49 +00:00
Michal Nasiadka
d2bc0b42aa init-runonce: Migrate to ECDSA keys
OpenSSH 8.8 has dropped support for RSA SHA-1 keys.
ECDSA is FIPS approved, so probably it's a better
direction than just changing to SHA-256.

Change-Id: Id06d9d8912d9677dbe0f5a666f43a209664c94b4
2022-07-20 12:04:04 +00:00
Bryan Schwerer
570a1d4339 Corrected the config file to use when stopping neutron-openvswitch-agent
The use of file ml12_conf.ini has been deprecated, replaced by /etc/neutron/plugins/ml2/openvswitch_agent.ini.

The command to cleanup the agent still references the old file.  Just fix the filename

https: //bugs.launchpad.net/kolla-ansible/+bug/1982222
Change-Id: I0fe7f68eda55e0c7d9960016bba74f5ba1ae223e
2022-07-19 16:43:31 -04:00
Tim Beermann
591f366ed7 Remove sanity checks
"Smoke tests" for barbican, cinder, glance and keystone have been removed as discussed in PTG April 2022.

Signed-off-by: Tim Beermann <beermann@osism.tech>
Change-Id: I613287a31e0ea6aede070e7e9c519ab2f5f182bd
2022-05-13 17:41:34 +00:00
Vladislav Belogrudov
ae89632faa Skip /etc/kolla/globals.d on host cleanup
Closes-Bug: #1931042
Change-Id: If4bc1fe1dcd61622c8ea48b00771d5115a63c9e0
2022-04-28 16:59:30 +03:00
Marcin Juszkiewicz
1620ab5be9 drop install_type from image names
We have only one value for install_type now and it gets removed from
image names.

Change-Id: I8bf95fd7aa9dd26b80d618ca0fcb097003b4cb0a
2022-04-20 12:29:12 +02:00
Christian Berendt
89659b4607 ovs-dpdk: add ovs-dpdkctl.sh to the role itself
Currently the ovs-dpdkctl.sh file is present in the tools
directory and the "Copying ovs-dpdkctl tool" task accesses it.

This is bad practice. Files copied from a role should either be
referenced by an absolute path or be part of the role itself.

This change moves the ovs-dpdkctl.sh file in the files
directory of the role.

Change-Id: I01459d39207e54f270f32f37b4a5153c5a819347
2022-04-13 15:42:57 +00:00
Mark Goddard
80b311bef7 libvirt: add nova-libvirt-cleanup command
Change Ia1239069ccee39416b20959cbabad962c56693cf added support for
running a libvirt daemon on the host, rather than using the nova_libvirt
container. It did not cover migration of existing hosts from using a
container to using a host daemon.

This change adds a kolla-ansible nova-libvirt-cleanup command which may
be used to clean up the nova_libvirt container, volumes and related
items on hosts, once it has been disabled.

The playbook assumes that compute hosts have been emptied of VMs before
it runs. A future extension could support migration of existing VMs, but
this is currently out of scope.

Change-Id: I46854ed7eaf1d5b5e3ccd8531c963427848bdc99
2022-03-21 11:54:54 +00:00
Mark Goddard
f63f1f3082 Install openstack.kolla collection
This change adds an Ansible Galaxy requirements file including the
openstack.kolla collection. A new 'kolla-ansible install-deps' command
is provided to install the requirements.

With the new collection in place, this change also switches to using the
baremetal role from the openstack.kolla collection, and removes the
baremetal role from this repository.

Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/820168

Change-Id: I9708f57b4bb9d64eb4903c253684fe0d9147bd4a
2022-02-21 14:26:48 +00:00
Zuul
d5dcb66479 Merge "Add Ansible 5 aka core 2.12 support" 2022-01-20 20:53:03 +00:00
Radosław Piliszek
e63bbed18d Clean up chrony cleanup
In the Yoga cycle we no longer need kolla chrony container removal
procedures.

Change-Id: I4dc246cf0fd68838470bf9e9bf749fa9be4d6670
2022-01-18 15:37:51 +00:00
Radosław Piliszek
7372911a19 Add Ansible 5 aka core 2.12 support
Also bumps the minimum to 4.

Change-Id: Ia373f9cc3bb69eba0288bbb3e497e8cadb7cc4d3
2022-01-07 18:08:55 +00:00
Adrian Andreias
d4a2c14039 Add kolla-ansible --version option
Closes-Bug: #1878280
Change-Id: I0d39a015639adf3d75780edc765bebcb85c2b42e
Signed-off-by: Adrian Andreias <adrian@fleio.com>
2021-11-15 13:44:50 +02:00
Radosław Piliszek
cd13bde880 Fix missing Ansible version in the error message
Change-Id: Iefa8f78142c502ac9e8ebdbb95c94b2b05f99e5b
Closes-Bug: #1948979
2021-10-27 19:17:05 +00:00
Zuul
9e380bf11c Merge "Transition Keystone admin user to system scope" 2021-09-30 09:33:10 +00:00
Niklas Hagman
2e933dceb5 Transition Keystone admin user to system scope
A system-scoped token implies the user has authorization to act on the
deployment system. These tokens are useful for interacting with
resources that affect the deployment as a whole, or exposes resources
that may otherwise violate project or domain isolation.

Since Queens, the keystone-manage bootstrap command assigns the admin
role to the admin user with system scope, as well as in the admin
project. This patch transitions the Keystone admin user from
authenticating using project scoped tokens to system scoped tokens.
This is a necessary step towards being able to enable the updated oslo
policies in services that allow finer grained access to system-level
resources and APIs.

An etherpad with discussion about the transition to the new oslo
service policies is:

https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible

Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585
Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>
2021-09-28 09:45:06 -07:00
Zuul
d85af34ccd Merge "Bump up Ansible max supported ver to 4.x" 2021-09-24 16:43:01 +00:00
Zuul
59e6688a0c Merge "Add check and diff options to kolla-ansible" 2021-09-24 16:30:46 +00:00
Michał Nasiadka
1b650534c0 Bump up Ansible max supported ver to 4.x
This change bumps up max supported Ansible version
to 4.x (ansible-core 2.11.x) and minimum to 2.10.

Change-Id: I8b9212934dfab3831986e8db55671baee32f4bbd
2021-09-23 10:45:31 +00:00
Michal Arbet
0e720b382b Add check and diff options to kolla-ansible
This patch is adding --check and --diff options
to kolla-ansible, which cause that kolla-ansible
run will be more verbose and able to run in
semi dry-run mode.

The --diff option for kolla-ansible can be used alone or
with --check. When you run in diff mode, any module that
supports diff mode reports the changes made or, if used
with --check, the changes that would have been made.
Diff mode is most common in modules that manipulate files
(for example, the template module) but other modules might
also show ‘before and after’ information
(for example, the user module).

For more information check [1].

[1] https://docs.ansible.com/ansible/latest/user_guide/playbooks_checkmode.html#using-diff-mode

Change-Id: Ifb82ea99e5af82540e938eab9e2a442b2820d7df
2021-09-21 17:08:39 +02:00
Zuul
e06e531089 Merge "Add kolla-ansible gather-facts command" 2021-09-20 18:54:29 +00:00
Mark Goddard
d9a3758952 Add kolla-ansible gather-facts command
In some situations it may be helpful to populate the fact cache on
demand. The 'kolla-ansible gather-facts' command may be used to do this.

One specific case where this may be helpful is when running kolla-ansible
with a --limit argument, since in that case hosts that match the limit
will gather facts for hosts that fall outside the limit. In the extreme
case of a limit that matches only one host, it will serially gather
facts for all other hosts. To avoid this issue, run 'kolla-ansible
gather-facts' without a limit to populate the fact cache in parallel
before running the required command with a limit.

Change-Id: I79db9bca23aa1bd45bafa7e7500a90de5a684593
2021-08-25 16:45:39 +01:00
Marc 'risson' Schmitt
839ec629bf
tools: use /usr/bin/env bash instead of /bin/bash
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Change-Id: I374f7427a4318d00ca474367818117e11789ec13
2021-08-17 14:29:33 +02:00
Will Szumski
6c72fa8117 Support multiple inventories
Multiple inventories can now be passed to `kolla-ansible`.  This can be
useful to construct a common inventory that is shared between multiple
environments.

Change-Id: I2ac5d7851b310bea2ba362b353f18c592a0a6a2e
2021-07-29 15:25:07 +00:00
Zuul
8f05a309d1 Merge "Fix exit code with bogus command name" 2021-07-26 07:46:36 +00:00
Scott Solkhon
6bf74aa20d Support storing passwords in Hashicorp Vault
This commit adds two new cli commands to allow an operator
to read and write passwords into a configured Hashicorp Vault
KV.

Change-Id: Icf0eaf7544fcbdf7b83f697cc711446f47118a4d
2021-06-30 15:16:12 +01:00
Zuul
7e5db84e56 Merge "Support editable installation in all cases" 2021-06-17 09:13:43 +00:00
Zuul
3337e9873a Merge "chrony: allow to remove the container" 2021-06-07 08:55:19 +00:00
likui
cccf4f7771 [TrivialFix] Remove extra slash
Change-Id: Ic45f618204875684f52133ec0f69fe7512ec9e2c
2021-06-05 07:14:27 +00:00
Mark Goddard
84ac7b3096 chrony: allow to remove the container
The chrony container is deprecated in Wallaby, and disabled by default.
This change allows to remove the container if chrony is disabled.

Change-Id: I1c4436072c2d47a95625e64b731edb473384b395
2021-06-02 17:28:35 +00:00
Mark Goddard
86ddc94ec2 Fix exit code with bogus command name
Running this:

$ kolla-ansible bogus-command

Should show usage & give a non-zero exit code. Previously it gave a zero
exit code. This change fixes the issue.

Closes-Bug: #1929397

Change-Id: I580c208d61d5efe115f936dfb8f3f6508acd91b2
2021-05-25 08:52:19 +00:00
Mark Goddard
1da7158021 linters: Mock additional variables in validate-all-file.py
The linters job started failing, due to a dependency change.

Change-Id: Ibab350ecf6d9551da8e9c8b704693122cec11559
2021-05-24 14:38:55 +01:00
Michal Arbet
22a6765f5e Support editable installation in all cases
An editable installation allows changes to be made to the source code
directly, and have those changes applied immediately without having to
reinstall.

    pip install -e /path/to/kolla-ansible

Above is currently working only in virtualenv, but there is no reason to
not allow in all cases. This is usefull for example when user is
building his own docker container with editable kolla-ansible installed
from git without virtualenv.

Change-Id: I185f7c09c3f026fd6926a26001393f066ff1860d
2021-04-08 12:31:00 +00:00
Zuul
6c18e5814e Merge "Remove Monasca Log Transformer" 2021-03-24 18:21:04 +00:00
Michał Nasiadka
1ccccbcf0a Bump up supported Ansible version to 2.10
Min version stays as 2.9

Change-Id: I7ec8c5eb36757248c9aa016dc7d4e495ec5bb635
2021-03-08 11:40:31 +00:00
Doug Szumski
0743a9bf4b Remove Monasca Log Transformer
Historically Monasca Log Transformer has been for log
standardisation and processing. For example, logs from different
sources may use slightly different error levels such as WARN, 5,
or WARNING. Monasca Log Transformer is a place where these could
be 'squashed' into a single error level to simplify log searches
based on labels such as these.

However, in Kolla Ansible, we do this processing in Fluentd so
that the simpler Fluentd -> Elastic -> Kibana pipeline also
benefits. This helps to avoid spreading out log parsing
configuration over many services, with the Fluentd Monasca output
plugin being yet another potential place for processing (which
should be avoided). It therefore makes sense to remove this
service entirely, and squash any existing configuration which
can't be moved to Fluentd into the Log Perister service. I.e.
by removing this pipeline, we don't loose any functionality,
we encourage log processing to take place in Fluentd, or at least
outside of Monasca, and we make significant gains in efficiency
by removing a topic from Kafka which contains a copy of all logs
in transit.

Finally, users forwarding logs from outside the control plane,
eg. from tenant instances, should be encouraged to process the
logs at the point of sending using whichever framework they are
forwarding them with. This makes sense, because all Logstash
configuration in Monasca is only accessible by control plane
admins. A user can't typically do any processing inside Monasca,
with or without this change.

Change-Id: I65c76d0d1cd488725e4233b7e75a11d03866095c
2021-03-03 17:20:18 +00:00
Mark Goddard
519ca1c083 Fix installation with pip install --user
If kolla-ansible is installed via pip install --user, currently the
kolla-ansible script is unable to locate the installed playbooks.
This leads to a failure when running commands.

This change fixes the issue by checking for the user's .local directory
as a possible installation path.

This fixes some of the scenario tests which were failing after switching
to a user installation in Ifaf1948ed5d42eebaa62d7bad375bbfc12b134d5.
Most tests did not fail since the kolla-ansible script in the source
checkout was used.

Closes-Bug: #1915527

Change-Id: I5b47a146627d06bb3fe4a747c5f20290c726b0f9
2021-02-12 17:58:04 +00:00
Zuul
d6f3398538 Merge "Remove validate-install-command.sh" 2020-11-20 12:19:37 +00:00
Mark Goddard
202b4af1e9 Remove validate-install-command.sh
This file is for kolla images.

Change-Id: I2c1a21790b65cf6537380d576c0abb4d16bd369b
2020-11-20 08:42:52 +00:00
Zuul
e45cfec339 Merge "Fix kolla-ansible to work with pyenv-virtualenv" 2020-11-19 10:42:36 +00:00
zengchen228
aaab1d1b68 Fix kolla-ansible to work with pyenv-virtualenv
One of the pyenv-virtualenv-set-up aliases depends on a symlink.
It seems pyenv runs the bash script from such a path and it fails
because of a failing comparison (VIRTUAL_ENV not detected).

The VIRTUAL_ENV is ensured to be fully resolved as well for safety.

This requires readlink from GNU coreutils but all supported platforms
have it by default.

Extra comments included, as well as simplification of directory
detection - readlink handles this (not that `bin` itself was
ever a symlink...).

Closes-Bug: #1903887
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I2fe6eb13ce7be68d346b1b3b7036859f34c896c4
2020-11-18 20:41:01 +00:00
Mark Goddard
9444631078 CI: add missing --fail argument to curl
Change-Id: Ibd06726ac6edcb63a1d5d4f4148851876316dc5b
2020-11-13 17:08:44 +00:00
Mark Goddard
894f4912ac octavia: generate certificates automatically
implemented as a separate command (kolla-ansible octavia-certificates)

Implements: blueprint implement-automatic-deploy-of-octavia

Co-Authored-By: wu.chunyang <wuchunyang@yovole.com>
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>

Change-Id: I2c5b26ce9e363f35c523865904a582f7960aa682
2020-10-08 16:50:30 +02:00