This change updates documentation, examples and tests to support
Ironic inspection through DHCP-relay. The dnsmasq service should be
configured with more specific format set in the variable
``ironic_dnsmasq_dhcp_range``. See the dnsmasq manual page [1].
[1] https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Change-Id: I9488a72db588e31289907668f1997596a8ccdec6
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Ignore the monasca_thresh container if it is listed as exited.
The container was recently changed to operate as a 'one shot' container,
submitting a job to storm then exiting. This does not fit with the
usual pattern of Kolla Ansible container usage, but is harmless.
Depends-On: https://review.opendev.org/c/openstack/kolla/+/811977
Change-Id: Id40d2260a67ef604255fb1818d41cdcbc73164d7
chrony is not supported in Xena cycle, remove it from kolla
Moved tasks from chrony role to chrony-cleanup.yml playbook to avoid a
vestigial chrony role.
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Change-Id: I5a730d55afb49d517c85aeb9208188c81e2c84cf
Since Wallaby, we default to disabling Docker's iptables
management, thus making the code being removed here obsolete.
Change-Id: Ieb7774f2380a811070aea27964a39e4c8cb02083
* Register Swift-compatible endpoints in Keystone
* Load balance across RadosGW API servers using HAProxy
The support is exercised in the cephadm CI jobs, but since RGW is
not currently enabled via cephadm, it is not yet tested.
https://docs.ceph.com/en/latest/radosgw/keystone/
Implements: blueprint ceph-rgw
Change-Id: I891c3ed4ed93512607afe65a42dd99596fd4dbf9
This change bumps up max supported Ansible version
to 4.x (ansible-core 2.11.x) and minimum to 2.10.
Change-Id: I8b9212934dfab3831986e8db55671baee32f4bbd
Continuing fixing CI after [1], this patch fixes the other branch
that [2] has not previously included.
[1] https://review.opendev.org/c/openstack/kolla-ansible/+/805449
[2] 02e07a0860e8ca8bc1d6d7716e44bd2888591ecd
Change-Id: I44014a93b92b5a8782e34cf394881dec74cdeea1
As a result of https://review.opendev.org/c/openstack/kolla-ansible/+/805449
CI is failing, because we don't have a TLS certificate on our registry.
This workaround will get our CI to be green while a proper patch
(TLS certs for registry) can be worked out.
Change-Id: Ia45c8a764a1f87d1c44717c4da3b9a3f94cdc967
Just like I added Cinder volume upgrade testing before, let's
also test similarly for Nova and Neutron. :-)
More robust debugging and refactor included.
Related-Bug: #1941706
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/806476
Change-Id: Id79df44254603f9b37ce7da2bfc796fc0b1ac91f
To follow best security practices and help fellow operators.
More details inline and in the linked bug report.
Closes-Bug: #1940547
Change-Id: Ide9e9009a6e272f20a43319f27d257efdf315f68
For now role haproxy is maintaining haproxy
and keepalived. In follow-up changes there is also
proxysql added.
This patch is *only* renaming/moving stuff to more
prominent role loadbalancer, and moving also specific
templates to subdirectory.
This was done only to better diff in follow-up
changes.
Change-Id: I1d39d5bcaefc4016983bf267a2736b742cc3a555
Swift is a major OpenStack project. It could use testing upgrades.
New jobs are placed in the experimental pipeline to avoid
excessive CI load on general changes.
Change-Id: I8a089fdd1f21eb4c3e00c38ea9dfcecc77565bf5
Related-Bug: #1874691
Debian upgrades failed on using the ansible command to remove
chrony service because of broken python autodetection.
This patch uses the same workaround we have in globals-default.j2.
This is not nice long-term but there is no reason to keep the two
out of sync. We should remove this workaround from both places
when the situation fixes itself (possibly with newer Ansible).
Change-Id: I8b7f0c76d55cd31311285ce746acb6335e044470
Once I6aa8db2214e07906f1f3e035411fc80ba911a274 has been merged and
backported, the default value of ceph_nova_user (cinder) should work.
Change-Id: I9769c4ee26393f8458537ad2ad543213cf8f57b0
The Masakari job uses 4 nodes and defaulted to a quite bulky
and not really supported config (MariaDB and RMQ on 4 nodes).
This change slims it down so that we test only HA of Masakari
and hacluster. The other services are deployed single-node.
Additionally, simplify the network group (it does not affect any
other job, the logic was simply overdone there).
Change-Id: I74b315443f79d0d7780907fc785e1a29759c1803
This commit adds two new cli commands to allow an operator
to read and write passwords into a configured Hashicorp Vault
KV.
Change-Id: Icf0eaf7544fcbdf7b83f697cc711446f47118a4d
By default, Ansible injects a variable for every fact, prefixed with
ansible_. This can result in a large number of variables for each host,
which at scale can incur a performance penalty. Ansible provides a
configuration option [0] that can be set to False to prevent this
injection of facts. In this case, facts should be referenced via
ansible_facts.<fact>.
This change updates all references to Ansible facts within Kolla Ansible
from using individual fact variables to using the items in the
ansible_facts dictionary. This allows users to disable fact variable
injection in their Ansible configuration, which may provide some
performance improvement.
This change disables fact variable injection in the ansible
configuration used in CI, to catch any attempts to use the injected
variables.
[0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars
Change-Id: I7e9d5c9b8b9164d4aee3abb4e37c8f28d98ff5d1
Partially-Implements: blueprint performance-improvements
The chrony container is deprecated in Wallaby, and disabled by default.
This change allows to remove the container if chrony is disabled.
Change-Id: I1c4436072c2d47a95625e64b731edb473384b395
This is required to support Debian Bullseye (11) - need to set
nova-libvirt to use 'host' CgroupnsMode.
Change-Id: I40213d4092fa325bcf37bb1fb4437ab125fe328b
This change also updates the CI test scripts to use PATH to find the
kolla-ansible script, rather than relying on the file in the source
checkout.
Using the script in the source checkout was hiding an issue with pip
install --user, although that has now been fixed in
I5b47a146627d06bb3fe4a747c5f20290c726b0f9.
Related-Bug: #1915527
Change-Id: I2827a657c8716a9c40391c6bdb7ff1a2a9c1260e
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/775586
OVS upgrade jobs failed due to assigning an IP on the br-ex interface
(which is recycled during OVS upgrade). This change introduces a bridge
and veth pair for Neutron to use.
Change-Id: Ib3bee6e810fb8d31552d4c72c2a1ccae382c51f0
Without this patch, if there is a change to kolla in the dependency tree
then the monasca scenario does not build grafana, and therefore fails
when trying to pull it.
Change-Id: Ic0a5b9ff940c4971a74345b8812683b29c5cedbf
