11936 Commits

Author SHA1 Message Date
LinPeiWen
de5624e8e9 Use Docker healthchecks for zookeeper services
This change enables the use of Docker healthchecks for zookeeper services.
Implements: blueprint container-health-check

Change-Id: I344115580840f3aa3f872c6136492f7bd7b73db8
2021-04-08 07:07:16 +00:00
Zuul
cef8c8b3de Merge "CI: octavia: create and test a load balancer" 2021-03-05 11:00:56 +00:00
Zuul
f325add2e2 Merge "CI: octavia: remove octavia from magnum scenario" 2021-03-05 11:00:14 +00:00
Zuul
aad7a731aa Merge "octavia: support tenant management network" 2021-03-05 10:59:49 +00:00
Zuul
c02a223769 Merge "CI: Move from ceph-ansible to cephadm" 2021-03-05 09:11:32 +00:00
Zuul
9194a3e99b Merge "Fix Cinder log parsing" 2021-03-04 13:03:17 +00:00
wuchunyang
366ba8526e CI: octavia: create and test a load balancer
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Change-Id: I20c1d9bddee5a046b521b9378bade2ab50612be0
2021-03-04 09:27:38 +08:00
Zuul
1fb56cf5be Merge "Use Docker healthchecks for magnum services" 2021-03-03 17:07:03 +00:00
Zuul
21b9b5092f Merge "[CI] Cinder upgrade testing" 2021-03-03 16:47:27 +00:00
Zuul
933d575bd5 Merge "Revert "CI: Temporarily disable rabbitmq internal tls"" 2021-03-03 16:38:22 +00:00
Mark Goddard
3c5ccb915e CI: octavia: remove octavia from magnum scenario
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/755589
Co-Authored-By: wu.chunyang <wuchunyang@yovole.com>

Change-Id: I489c1ca23d8abc350d3204ecc167d5d93bbbd1d9
2021-03-03 10:54:38 +08:00
Mark Goddard
5d3ebc0452 octavia: support tenant management network
- bind health manager port to ovs
- create a octavia-interface.service (used for creating health manager
  interface after reboot)
- used for ci, test or poc

Implements: blueprint implement-automatic-deploy-of-octavia

Change-Id: I8ac30dea6c8402d97189c6b05032c608936b0ff2
Co-Authored-By: wu.chunyang <wuchunyang@yovole.com>
2021-03-03 10:20:40 +08:00
Michał Nasiadka
65a16a08e2 CI: Move from ceph-ansible to cephadm
Change-Id: I81a4f8f8b8faa7559740531bb16d8aec7fc23f9b
2021-03-02 17:49:12 +01:00
Zuul
1b1d06a9d7 Merge "Add Monasca Grafana security note" 2021-03-02 16:35:57 +00:00
Michał Nasiadka
a8981a79aa CI: Add ssh retries
Change-Id: I77791d504327ace880d0cc2438af2f8ced66d4eb
2021-02-24 16:42:06 +00:00
Doug Szumski
fa5511c75d Fix Cinder log parsing
The Cinder API log is currently written to a file called
cinder-wsgi.log, and the WSGI logs to cinder-api.log. Fluentd
then tries to parse the WSGI log as an OpenStack log which
results in 'got incomplete line' errors and prevents proper
ingestion of these logs.

Co-Authored-By: yaoning <yaoning@unitedstack.com>
Closes-Bug: 1916752
Change-Id: I3296dcc4780160cbf88bd18285571276f58bb249
2021-02-24 13:27:00 +00:00
wuchunyang
e315446291 Improve trove releasenote
trivial fix
see: https://review.opendev.org/c/openstack/kolla-ansible/+/763191

Change-Id: I7f5a5ba5e9a6b3866fc4d2c72b7b4884c85020bd
2021-02-23 22:04:46 +08:00
Zuul
d6f266b38d Merge "docs: Add information on tuning Ansible" 2021-02-23 09:11:13 +00:00
Zuul
c084795c9e Merge "Use trove.conf for all trove services" 2021-02-22 12:57:30 +00:00
Zuul
436cde8dd4 Merge "CI: Initial jinja2 templates syntax checks" 2021-02-22 10:57:30 +00:00
wu.chunyang
26a7fc04c6 Use Docker healthchecks for magnum services
This change enables the use of Docker healthchecks for magnum
services.
Implements: blueprint container-health-check

Change-Id: I14d862aa599915c781d02b71a0e57d2124de9abc
2021-02-21 07:05:46 -05:00
wu.chunyang
b567154395 Use trove.conf for all trove services
it was confused to customize opts in trove-conductor.conf
or trove-taskmanager.conf now.
if we want to customize a opts,The operator needs
to know which service is using the configuration opts.
actually trove uses trove.conf is enough for all services
this change combines  all trove config files.

Change-Id: I5a630109e3c4b59bff216146a3ed64c6d47e247f
2021-02-20 10:03:14 -05:00
Michal Nasiadka
a00fec8cc6 CI: Initial jinja2 templates syntax checks
Change-Id: If42b7324b58851a4f0beb3a80c70ca2c9dd729af
2021-02-20 09:37:48 +01:00
Zuul
4d4dff0cb8 Merge "Use a better process name for httpd subprocess" 2021-02-20 05:07:48 +00:00
Zuul
87d8bd414d Merge "Add support to OpenID Connect Authentication flow" 2021-02-19 23:15:07 +00:00
Zuul
d3d3cd6b3e Merge "Use Docker healthchecks for manila services" 2021-02-19 20:44:37 +00:00
Zuul
cb4ee5c862 Merge "Add IPv6 configuration options to Octavia management network" 2021-02-19 20:44:28 +00:00
Zuul
4bf52895db Merge "ovn: Fix disabling of gateway chassis" 2021-02-18 12:30:38 +00:00
Zuul
6a6dcfcf28 Merge "Replace db-sock with db-nb-sock and db-sb-sock" 2021-02-18 10:50:04 +00:00
Zuul
f00cd7b55f Merge "Lint and fix renos" 2021-02-17 17:31:10 +00:00
Zuul
90a079b8a7 Merge "Update String type for Monasca ES template" 2021-02-16 17:11:55 +00:00
Zuul
38a2097935 Merge "[CI] Fix the NFV scenario" 2021-02-16 16:46:16 +00:00
Michał Nasiadka
ec04972b72 ovn: Fix disabling of gateway chassis
It currently runs on hosts in ovn group, and in case that controllers are not
network gateways - it fails on missing openvswitch.

Change-Id: Ibbf683872337402b4e2a38323bb6a3f35ee4bed4
2021-02-16 17:30:07 +01:00
Doug Szumski
6af802d163 Add Monasca Grafana security note
Update the Monasca docs to improve security considerations.

Trivial-Fix
Change-Id: I97eb8441466f8c6abdbd66068257765bdbe32d4d
2021-02-16 11:33:54 +00:00
Mark Goddard
455f2c3147 Revert "CI: Temporarily disable rabbitmq internal tls"
This reverts commit ff441c1c0ceb8fc06a17f5db8e460ad00e8db365.

Since RabbitMQ TLS is still not functional in Victoria, it is
not enabled for upgrade jobs.

Change-Id: I575942c8d90441145de78dcb16a2b4c1f172773b
2021-02-16 10:20:42 +00:00
Zuul
2b906bc382 Merge "Fix Barbican API log config" 2021-02-15 22:24:57 +00:00
Pedro Henrique
f3fbe83708 Add support to OpenID Connect Authentication flow
This pull request adds support for the OpenID Connect authentication
flow in Keystone and enables both ID and access token authentication
flows. The ID token configuration is designed to allow users to
authenticate via Horizon using an identity federation; whereas the
Access token is used to allow users to authenticate in the OpenStack CLI
using a federated user.

Without this PR, if one wants to configure OpenStack to use identity
federation, he/she needs to do a lot of configurations in the keystone,
Horizon, and register quite a good number of different parameters using
the CLI such as mappings, identity providers, federated protocols, and
so on. Therefore, with this PR, we propose a method for operators to
introduce/present the IdP's metadata to Kolla-ansible, and based on the
presented metadata, Kolla-ansible takes care of all of the
configurations to prepare OpenStack to work in a federated environment.

Implements: blueprint add-openid-support
Co-Authored-By: Jason Anderson <jasonanderson@uchicago.edu>
Change-Id: I0203a3470d7f8f2a54d5e126d947f540d93b8210
2021-02-15 16:57:47 -03:00
Zuul
f0ff9dfc4c Merge "CI: Add monasca scenario" 2021-02-15 16:46:03 +00:00
Zuul
6e157f4716 Merge "Support explicit creation of Monasca Kafka topics" 2021-02-15 16:22:57 +00:00
Zuul
18a395229f Merge "Do not wait for grafana to start when kolla_action=config" 2021-02-15 15:03:52 +00:00
Mark Goddard
519ca1c083 Fix installation with pip install --user
If kolla-ansible is installed via pip install --user, currently the
kolla-ansible script is unable to locate the installed playbooks.
This leads to a failure when running commands.

This change fixes the issue by checking for the user's .local directory
as a possible installation path.

This fixes some of the scenario tests which were failing after switching
to a user installation in Ifaf1948ed5d42eebaa62d7bad375bbfc12b134d5.
Most tests did not fail since the kolla-ansible script in the source
checkout was used.

Closes-Bug: #1915527

Change-Id: I5b47a146627d06bb3fe4a747c5f20290c726b0f9
2021-02-12 17:58:04 +00:00
Zuul
638e00cfb1 Merge "CI: fix ceph-ansible installation after cryptography 3.4 release" 2021-02-12 10:23:50 +00:00
Mark Goddard
5fc7707938 CI: fix ceph-ansible installation after cryptography 3.4 release
Installing ceph-ansible in the virtualenv on CentOS 8 fails with:

    ModuleNotFoundError: No module named 'setuptools_rust'

This error appeared following the release of cryptography 3.4, which now
includes Rust code. It can be installed without Rust using a Python
wheel, but only with more recent pip than version 9.0.3 available as RPM
on CentOS 8. The cryptography bug report [1] recommends pip>=19.1.1.

This change upgrades pip in the virtualenv before installing
ceph-ansible.

[1] https://github.com/pyca/cryptography/issues/5753

Change-Id: I47473de6f71c422db2238d653c2d8f379c55e79b
2021-02-11 13:11:41 +00:00
Giacomo Lanciano
486de99dc8 Fix monasca-grafana check
- Increment retries: waiting 20 seconds (i.e., 10 retries) seem to
  be not enough for monasca-grafana to start on the first node.
  Increasing to 80 seconds (i.e., 40 retries) fixes the issue.

- Prevent the check from running when kolla_action=config. In that
  case, the command would never succeed as the service is not
  deployed yet (similarly to
  https://review.opendev.org/c/openstack/kolla-ansible/+/771237).

Closes-Bug: #1915060
Related-Bug: #1821285
Change-Id: I7b42c51a66caed0eccf118615d841dca97a7af9d
2021-02-11 11:27:07 +01:00
Mark Goddard
3dd6834a61 CI: fix kolla-ansible installation after cryptography 3.4 release
Installing kolla-ansible system-wide on CentOS 8 fails with:

    ModuleNotFoundError: No module named 'setuptools_rust'

This error appeared following the release of cryptography 3.4, which now
includes Rust code. It can be installed without Rust using a Python
wheel, but only with more recent pip than version 9.0.3 available as RPM
on CentOS 8. The cryptography bug report [1] recommends pip>=19.1.1.

This change switches to using pip --user when installing kolla-ansible.

Also fixes an issue with ansible-lint which was failing on
etc/kolla/globals.yml due to a missing space before comments.

[1] https://github.com/pyca/cryptography/issues/5753

Change-Id: Ifaf1948ed5d42eebaa62d7bad375bbfc12b134d5
Closes-Bug: #1915141
2021-02-10 22:01:40 +01:00
Radosław Piliszek
223c67935c Lint and fix renos
One of the renos was causing issues due to a duplicated id.
This change makes tox doc8 env lint renos and fixes
the offending reno.

Change-Id: Id3ae6e144b4261c97726cdec172ea9bef093de9e
2021-02-10 15:39:11 +00:00
Mark Goddard
b40cde9b9d docs: Add information on tuning Ansible
Stolen from Kayobe.

Change-Id: I42a2ef84e5fe570e8001908614337e64d035ec99
2021-02-08 09:02:00 +00:00
Zuul
ddf462d2a0 Merge "docs: improve external Ceph docs" 2021-02-07 15:32:38 +00:00
Zuul
11e6b4a844 Merge "docs: Improve multinode Docker registry setup" 2021-02-07 15:27:41 +00:00
Carsten Koester
bf6d9308aa Add IPv6 configuration options to Octavia management network
If the Octavia/Amphora management network is created by Kolla, support
setting the IP address family and IPv6 address/RA mode.

Closes-Bug: 1913409

Change-Id: I9f2ef2196654c91596cb5c4b3c157bcee267226a
2021-02-03 08:24:04 -08:00