Currently kolla-ansible sets haproxy balance algorithm to source for
horizon. We can set it to round-robin if the cache backend is memcached
or using the database as the session storage backend. So we can
distribute http requests evenly to all available horizon instances.
Closes-Bug: #1990523
Change-Id: I0721cadcf53d59947bc0db6a193bfafe49c41ad3
This patch also changes python version and default tag for centos.
prometheus-efk and venus jobs commented out, elasticsearch images
are unbuildable
cells is commented out because proxysql is unbuildable
Change-Id: Ic358f8b600317d3c2fc45130a59785225aea1153
JWT failed to validate on auth-oidc endpoint used by openstack cli
with "could not find key with kid: XX" error. To fix this we need
to use jwks provided in "jwks_uri" by OIDC metadata endpoint.
Missing "ServerName" directive from vhost config causes redirection
to fail in some cases when external tls is enabled.
- added "keystone_federation_oidc_jwks_uri" variable
- added "OIDCOAuthVerifyJwksUri" to keystone vhost config
- added "ServerName" to keystone vhost config
- jinja templating additional whitespace trimmed to
correct end result indentation and empty newlines
Closes-bug: 1990375
Change-Id: I4f5c1bd8be8e23cf6299ca4bdfd79e9d98c9a9eb
With this option enabled, dnsmasq can offer the same IP address to
multiple hosts when their requests are close to each other. Remove this
option in order to use the built-in hashing mechanism which will
allocate random IP addresses, which should be less likely to conflict.
Closes-Bug: #1991390
Change-Id: I09a9fa2d0c54635b899ad7906cc2e2e4580ef5ad
Both venv and linters (and its children) environments install
kolla-ansible and thus also install the requirements.
However, they were doing this post-factum and thus without the
constraints pin.
This patch also removes the installation of test-requirements
in venv as it is meant to be used for running the software and
we already have environments for unit tests.
The doc requirements are left in place because docs mention
that ``tox -e venv -- reno`` should work. They should be harmless
but I am open to removing them as well.
Change-Id: I15f1ecc216c9ba81dad740c372d297adf279a945
By the comment message, it should no longer be necessary to wait
at this stage and we can speed up the process a little bit.
Change-Id: Ia96bfa79aaad5fbd54a9f527702cca7a63616bf7
They served us well in Yoga but they are no longer needed in Zed.
This also avoids the early deletion of the ironic-conductor, making
it really roll.
Change-Id: I9bc85d894b5bf947ac8fca505df446b99b0bb99b
CirrOS 0.6.0 was released yesterday. Has newer kernel and userspace,
better network configuration (more IPv6 stuff) and some other
improvements.
Change-Id: Ife7767904efe64602531fa3eb163c78260650909
Bind9 is running without limit for UDP listeners.
This patch is changing this behaviour and sets max 32
of UDP listeners. This is needed because of bug below [1].
[1] https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1827923
Change-Id: Ie4c2ac4d5e990ebdc30c3a94d855703d814f1fee
The admin endpoint is kept on upgrade to allow the upgrade to
happen (as it allows to rewrite the previous admin endpoint entry
to the new one).
Change-Id: I1c16892bab67f281d539843f1f0fa658df1c4874
Depends-On: https://review.opendev.org/c/openstack/kolla/+/854837
Kolla Ansible stopped setting them as they turned out to be
unnecessary for its operations, yet may have conflicted with
security policies of the hosts. [1] [2]
[1] https://launchpad.net/bugs/1837551
[2] https://launchpad.net/bugs/1945453
Change-Id: Ie8ccd3ab6f22a6f548b1da8d3acd334068dc48f5
removed:
- 701 [galaxy_info missing] is no longer emited
- 602 [empty string compare] is now opt-in
- 208 [permissions not mentioned] is no longer emited
- 106 [role name] is no longer emited
renamed from number to role name:
- 503 [no-handler]
- 301 [no-changed-when]
Change-Id: I8b059d87c94499decbd9b115ef2cde033aa88fbd
With the release of ansible-lint 6.7.0, the openstack-tox-linters job
started failing with these errors:
WARNING Listing 30 violation(s) that are fatal
ansible/roles/ceilometer/tasks/config.yml:66: name: Jinja templates should only be at the end of 'name' (name[template])
[...]
Add this new check to skip_list for now.
Change-Id: Ia82a88ee3b9bb6a3cb09f09c6568d1914ee2592d
Remove hard-coded internal address; introduce variable to control
external web url.
Closes-bug: #1972817
Change-Id: Ib834a9f8b4a0238960dca65b2ebc1da840cec626
