Magnum was unable to fire up k8s cluster because heat-container-agent
inside kube-master was pointing to internal keystone endpoint instead of
public endpoint. This fix tells kolla ansible to set clients_keystone
auth_uri to public endpoint so that heat-container-agent communication
with heat is successfully authenticated by keystone.
Change-Id: Ida49528f88685710b5e6b8f3c4d4622506af5ae1
Closes-Bug: #1762754
Keystone removed uuid token provider in Rocky
This patch change the default value and fix comments for the option.
Change-Id: Idca0004852b688fcdd34ef47c38dec6b8bf05f86
Closes-Bug: #1757520
For luminous, the ceph_mgr service provide the
dashborad for ceph, and it need connect to cluster,
but now it failed to connect ceph cluster due to
ceph.client.admin.keyring missing, this ps to fix it.
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
Closes-Bug: #1768462
Change-Id: Idb24661bc5674780db390220ca02e22975490663
As neutron-vpnaas-agent has been loaded just inside of the existing l3 agent
rather than requiring operators to run a completely different binary with a
subclass of the existing L3 agent[1]. We need restructure this role to fit
with this new feature.
[1] https://review.openstack.org/488247
Depends-On: I47cd8ba5a14da3c76d5b1eb0b4c0cf0c729eb2ff
Change-Id: Id690a652bc9facf1c3e39358f548ab7ddd967d80
Implements: blueprint restructure-neutron-vpnaas
Closes-Bug: #1731498
When attempting to inspect a node with ironic, it seems at times
ironic_dnsmasq fails to process dhcp bootp requests, giving the
following error repeating:
dnsmasq-dhcp: DHCPDISCOVER(eth0) 52:54:00:ff:15:55
dnsmasq-dhcp: DHCPOFFER(eth0) 192.169.5.100 52:54:00:ff:15:55
dnsmasq-dhcp: ARP-cache injection failed: Operation not permitted
Adding NET_ADMIN fixes this.
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Closes-Bug: #1762805
Change-Id: I39acb81801710f849336380d3fde01c70cd8d8ce
Change the default hardcoded values of the dnsmasq dns resolvers
on dhcp_agent.ini.j2 to a configuration option part
of group_vars/all.yml.
Also adding 1.1.1.1 as part of the default set.
Change-Id: I629c69e556d4ddba19f68f06627038e1886ae5f9
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
The ironic_dnsmasq config for ironic inspector uses the internal VIP for
the TFTP server address DHCP option. This is not going to work,
since HAProxy is not configured to forward TFTP, and does not support
UDP forwarding anyway. The config should use the api_interface IP for
the host running ironic_dnsmasq.
Change-Id: I56a0d46e9b528041cacea7196a525891ed5922f0
Closes-Bug: #1761815
The mount is "rprivate" by default, change this to "shared"
such that mount points will dynamically propagate.
Closes-Bug: #1767828
Change-Id: If3b99bd1626a44aa7b41cf7d50d67b4fc9634462
This patch increases the default timeout for
the kolla_toolbox ansible module when talking
with the docker API from the default 60 to 180 secs.
This is required on slower deployments,
specially when bootstraping an environment and fernet
tokes are in usage. For faster deployments this will
be harmless, but for slower deployments this would be
beneficial.
Bug: #1767136
Change-Id: I0391715b16cf86d6c27fecf8a666de64f2735a7d
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
The permissions of rabbitmq-env.conf for bifrost were changed in
I6e32d94d4172dd96d09d8609e8a5221ab5586a31 to 0660. This breaks bifrost
deployment, as the rabbitmq user is no longer able to read the
root-owned file on startup.
This commit changes the ownership of the file in the container to
rabbitmq:rabbitmq after it has been copied.
Change-Id: I53418f5d4e40b7ca57e546e2e92a57f613fd381e
Closes-Bug: #1766196
If user enables TLS it also is necessary to create
a certificate. This precheck ensures the certificate
file exists before starting deployment.
Change-Id: I772d52e228ed012b9f8ccb5b616f9b188d3d340c
Closes-Bug: #1765677
This patch adds the ansible role to deploy the prometheus service which
can be used to collect performance metrics accross the environment
Partially-Implements: blueprint prometheus
Change-Id: I908b9c9dad63ab5c9b80be1e3a80a4fc8191cb9e
If SSL is enabled, api of multiple services returns
wrong external URL without https prefix.
Removal of condition for deletion of http header.
Change-Id: I4264e04d0d6b9a3e11ef7dd7add6c5e166cf9fb4
Closes-Bug: #1749155
Closes-Bug: #1717491
