There is a time once every 2 years when ubuntu team releases new LTS
release. And then UCA joins with binary packages for current OpenStack
development cycle.
It is this time for Ubuntu 20.04 'focal'.
Includes CI fix to pass:
[CI] Temporarily block new Ansible
The proper fix [1] needs fixing older branches before newer.
This one allows to fix CI first, in the usual order.
To revert after [1] gets merged in all relevant branches.
[1] https://review.opendev.org/745648
Old-Change-Id: Ifbd37d8addd4322773118e2e9d46494741a8ae66
Related-Bug: #1891145
Depends-on: https://review.opendev.org/#/c/738994/
Change-Id: Ib8b70ee40ec2d19509cc84c0f530612f81907721
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Glance role copies glance-image-import.conf
when enabled to allow configuration of
glance interoperable image import. Property
protection can be enabled and file is copied.
Change-Id: I5106675da5228a5d7e630871f0882269603e6571
Closesl-Bug: #1889272
Signed-off-by: nikparasyr <nik.parasyr@protonmail.com>
Updated TLS documentation to reflect new features and configuration
options added in Ussuri.
Change-Id: I74550eaf394287b14fc521293cc4b5ea8074192c
Partially-Implements: blueprint add-ssl-internal-network
With an incorrectly named section, whatever's defined in here is
actually ignored which can result in unexpected behaviour.
Closes-Bug: 1889455
Change-Id: Ib2e2b53e9a3c0e62a2e997881c0cd1f92acfb39c
Signed-off-by: Nick Jones <nick@dischord.org>
Moved the TLS documentation from "advanced-configuration" doc to its
own TLS document. This is in preparation for improving it.
Change-Id: I4c83f1810ef1222aaa3560174c1ba39328853c4e
Co-Authored-By: James Kirsch <generalfuzz@gmail.com>
Added a spec file for this blueprint.
Changed the kolla-ansible script to accept more than one
globals.yml file. That will still be the main one but operators
will be able to create more, under the /etc/kolla/globals.d
directory.
Also added some paragraphs in the quickstart documentation
about this.
Finally, Adding a release note
Change-Id: I34eb91d0e2ed80694594b8fc6801cf8ad77da754
Implements: blueprint multiple-globals-files
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
Update Sphinx version as well.
Remove docs requirements from lower-constraints, they are not needed
during install or test but only for docs building.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
Set openstackdocs_auto_name to use 'project' as name.
Co-Authored-By: Andreas Jaeger <aj@suse.com>
Change-Id: If23546ac4cc2c19626e05b460651b61d5e82d948
Python packages are now prefixed with 'python3' instead of 'python'.
'bridge-utils' is also no longer shipped.
Change-Id: I6e8765e53fd5c3a7f7169671d75e965c22213c61
Signed-off-by: Luke Short <ekultails@gmail.com>
The removed parts are *not* to be done 99% of operators' time,
especially for quickstart procedure.
Kolla Ansible is meant to default to a compatible release.
See [1] as well.
[1] https://review.opendev.org/730498
Change-Id: Iadafcd992a9fd030fa62fb5f7f9429c3f479ac1b
Kolla-ansible version 4.0.0 contained the steps to follow when logging
in to Kibana for the first time.
These got deleted when the process was seemingly automated, but the
relevant machinery no longer works. See [1] as well.
Backport to Ussuri, Train, Stein (possibly more).
[1] https://review.opendev.org/726289
Change-Id: If65622dc78e7f8fd16e37ee31bc9f34eb9267549
New theme of docs (Victoria+) respects pygments_style.
Since Kolla starts using Victoria reqs while being on Ussuri,
this patch ensures proper rendering both in Ussuri and Victoria.
Thanks @AJaeger for suggestion.
Change-Id: Iaf3c70b24685ab962f29007deec10b9d53c663bc
* Reworked tox pep8 into linters job, that runs:
- pep8
- bandit
- bashate
- doc8
- yamllint
- ansible-lint (validate-all-files.py + ansible-lint)
* Skip E701 - missing galaxy_info in meta and E602 see [1].
* Skip E301 and E503 - followup later in a separate change
* Added ansible-role-jobs to zuul.d/project.yaml which will run
openstack-tox-linters job in check queue
* Fixed remaining style issue
* Made tox and docs reference the new env for linters
* Dropped pype environment (not supported)
[1]: https://github.com/ansible/ansible-lint/issues/457
Change-Id: I494b4b151804aac8173120e6c6e42bc2fdb00234
This provides a generic mechanism to include extra files
that you can reference in prometheus.yml, for example:
scrape_targets:
- job_name: ipmi
params:
module: default
scrape_interval: 1m
scrape_timeout: 30s
metrics_path: /ipmi
scheme: http
file_sd_configs:
- files:
- /etc/prometheus/extras/file_sd/ipmi-exporter-targets.yml
refresh_interval: 5m
Change-Id: Ie2f085204b71725b901a179ee51541f1f383c6fa
Related: blueprint custom-prometheus-targets
This provides a mechanism to scrape targets defined outside of kolla-ansible.
Depends-On: https://review.opendev.org/#/c/685671/
Change-Id: I0950341b147bb374b4128f09f807ef5a756f5dfa
Related: blueprint custom-prometheus-targets
Add TLS support for Glance api using HAProxy to perform TLS termination.
Change-Id: I77051baaeb5d3f7dd9002262534e7d35f3926809
Partially-Implements: blueprint add-ssl-internal-network
Zun has a new component "zun-cni-daemon" which should be
deployed in every compute nodes. It is basically an implementation
of CNI (Container Network Interface) that performs the neutron
port binding.
If users is using the capsule (pod) API, the recommended deployment
option is using "cri" as capsule driver. This is basically to use
a CRI runtime (i.e. CRI plugin for containerd) for supporting
capsules (pods). A CRI runtime needs a CNI plugin which is what
the "zun-cni-daemon" provides.
The configuration is based on the Zun installation guide [1].
It consits of the following steps:
* Configure the containerd daemon in the host. The "zun-compute"
container will use grpc to communicate with this service.
* Install the "zun-cni" binary at host. The containerd process
will invoke this binary to call the CNI plugin.
* Run a "zun-cni-daemon" container. The "zun-cni" binary will
communicate with this container via HTTP.
Relevant patches:
Blueprint: https://blueprints.launchpad.net/zun/+spec/add-support-cri-runtime
Install guide: https://review.opendev.org/#/c/707948/
Devstack plugin: https://review.opendev.org/#/c/705338/
Kolla image: https://review.opendev.org/#/c/708273/
[1] https://docs.openstack.org/zun/latest/install/index.html
Depends-On: https://review.opendev.org/#/c/721044/
Change-Id: I9c361a99b355af27907cf80f5c88d97191193495
Removes and/or replaces all mentions of py27.
Cleans up obsolete requirements and their lower-constraints.
Separates test-requirements.
Makes lower-constraints pass outside of CI (MarkupSafe).
Adds FIXMEs about some hacky Mocks that may misbehave.
Change-Id: Ifc090bf3c1db17d8542ee591c91e8225a597bfe2
Just making it slightly more readable - there was an extra 'an'.
TrivialFix
Change-Id: I488f702449e217335321988874b6c3ee3136f497
Signed-off-by: Raimund Hook <openstack@sting-ray.za.net>
This update clears up an additional path that was mentioned in the
Advanced Configuration documentation, but not actually picked up in the
playbooks.
This specifically affects Service Configuration overrides. The docs have
been cleaned up to reflect the way the playbooks pick up the override
files.
Change-Id: Id15fe139af6462217c2ac26d7d21c5eac5368e12
Closes-Bug: 1873782
Signed-off-by: Raimund Hook <openstack@sting-ray.za.net>
etcd via tooz does not support group membership required by
Designate coordination.
The best k-a can do is not to configure etcd in Designate.
Change-Id: I2f64f928e730355142ac369d8868cf9f65ca357e
Closes-bug: #1872205
Related-bug: #1840070
This patch introduces an optional backend encryption for Keystone
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Keystone service.
Change-Id: I6351147ddaff8b2ae629179a9bc3bae2ebac9519
Partially-Implements: blueprint add-ssl-internal-network
Not everyone wants Kafka data stored on a Docker volume. This
change allows a user to flexibly control where the data is stored.
Change-Id: I2ba8c7a85c7bf2564f954a43c6e6dbb3257fe902