Zuul
756ec498d3
Merge "Update Skyline configuration to enable SSO"
2024-04-19 17:14:36 +00:00
Zuul
de1552b7d7
Merge "Fix incorrect condition in kolla_container_facts"
2024-04-15 15:13:32 +00:00
Zuul
7f655d63ac
Merge "Configure log level field for the Grafana OpenSearch datasource"
2024-04-15 15:13:28 +00:00
Zuul
065820aeba
Merge "Update Grafana OpenSearch datasource configuration"
2024-04-15 15:13:25 +00:00
Zuul
345759c03d
Merge "ironic: disable heartbeat_in_pthreads"
2024-04-12 17:23:52 +00:00
Michal Nasiadka
3c3c517958
tests: Replace imp with importlib.machinery
...
It's needed for Python3.12 support, because imp has been dropped [1].
Also shlex dropped s=None support [2].
[1]: https://docs.python.org/3/whatsnew/3.12.html
[2]: https://github.com/python/cpython/issues/94352
Change-Id: I23f37897ea08ac708f6df485f699122df647e552
2024-03-29 05:16:51 +00:00
Michal Nasiadka
88aa51ac36
ironic: disable heartbeat_in_pthreads
...
inspector is not running as a WSGI
Related-Bug: #2054705
Change-Id: I20dbaef29b2ef2d6ceffc21c156c6fa4b5e8d205
2024-03-25 16:51:28 +01:00
Zuul
372f725237
Merge "Fix installation of ovs-dpdk service"
2024-03-25 11:23:49 +00:00
Zuul
4fc974d3df
Merge "Add conditionals for IPv6 sysctl settings"
2024-03-22 13:26:01 +00:00
Michal Nasiadka
8025341023
common: Fix fluentd labels when using Docker 26
...
Closes-Bug: #2058615
[1]: https://github.com/docker/cli/blob/v26.0.0/docs/deprecated.md#container-and-containerconfig-fields-in-image-inspect
Change-Id: I96ec812a482f017a48d978586c6f535fedd5fbe8
2024-03-21 08:21:32 +01:00
Martin Hiner
a7c8bcda2e
Fix incorrect condition in kolla_container_facts
...
Incorrect condition in Podman part prevented the retrieval
of facts of all the containers when no names were provided.
Closes-Bug: #2058492
Change-Id: I6d7f7ca0523eb17c7d9a9b93d2037bf77f2c2a47
Signed-off-by: Martin Hiner <martin.hiner@tietoevry.com>
2024-03-20 16:13:23 +01:00
Zuul
0b820f10e0
Merge "Skyline configure Prometheus"
2024-03-19 15:41:51 +00:00
Zuul
9874e775ec
Merge "Fix Skyline API Server TLS configuration"
2024-03-19 15:41:48 +00:00
Zuul
338b570602
Merge "Revert "zun: Deprecate Zun provisionally""
2024-03-19 15:37:30 +00:00
Zuul
238ceea44f
Merge "Zun: remove docker's cluster-store option"
2024-03-19 15:37:28 +00:00
Michal Arbet
deb08630fc
Fix installation of ovs-dpdk service
...
This patch fixes ovs-dpdk script as options
in DPDK changed and PCI whitelist config changed
from '-w' to '-a' as per [1].
[1] db27370b57
Closes-Bug: #2058372
Change-Id: Iae812a4a255c13a42b2d6a691e265922d220f4c8
2024-03-19 11:44:57 +01:00
Dawud
7102c9cc9c
Configure log level field for the Grafana OpenSearch datasource
...
Change-Id: Ic38469661323fbce438c70bd1b9301e9f7db8030
2024-03-18 21:10:59 +00:00
Zuul
38673b269b
Merge "Allow customizing of Skyline configuration"
2024-03-18 08:24:28 +00:00
Uwe Jäger
ba9a454304
Fix Skyline API Server TLS configuration
...
Closes-Bug: #1998417
Change-Id: Ib6c725880caaa7f39bb269bd8398f3894eb033c5
2024-03-18 06:40:49 +00:00
Uwe Jäger
a4e6e58e4e
Update Skyline configuration to enable SSO
...
Change-Id: I5b4a30e605bb143cf342f83f0c811c25046269ef
2024-03-15 20:18:29 +01:00
Dawud
9afc9da226
Update Grafana OpenSearch datasource configuration
...
Updates the Grafana OpenSearch datasource configuration to use values
for OpenSearch that work out of the box.
Closes-Bug: #2039500
Change-Id: Id9c7e59e6ae1dd98176c68b14a2aff1985306751
2024-03-15 16:04:45 +00:00
Christian Berendt
57a11260f0
octavia: add missing bool to the enable_octavia_jobboard parameter
...
Closes-Bug: #2058046
Change-Id: I9304f3546b20c0406e195163dccb1433fe802204
2024-03-15 16:40:39 +01:00
Zuul
21543fefb9
Merge "Fix images pull in ovs-dpdk role"
2024-03-14 18:43:49 +00:00
Zuul
bffed1ab68
Merge "Bump ansible-core versions to 2.15 and 2.16"
2024-03-14 11:13:42 +00:00
Michal Nasiadka
b04486df07
Bump ansible-core versions to 2.15 and 2.16
...
Change-Id: Iab40eb92c7e4a9092471bef9d4477a4fa34f1c85
2024-03-14 06:13:38 +00:00
Zuul
465f6ce298
Merge "rabbitmq: Add 3.12 feature flags (for upgrade to 3.13)"
2024-03-13 18:29:00 +00:00
Roman Krček
9301e82d7b
Add conditionals for IPv6 sysctl settings
...
This way the playbooks won't try to set ipv6 systemctl options
unless ipv6 is available on the system.
Closes-bug: #1906306
Change-Id: Icccfc1c509179c3cfd59650b7917a637f9af9646
2024-03-13 09:47:29 +01:00
Michal Nasiadka
7bb50ee05e
rabbitmq: bump wait timeout to 60 seconds
...
Closes-Bug: #2057676
Change-Id: I9e0287a4e80b1ebcecf9e3b66c11d4233970a30b
2024-03-12 14:48:41 +00:00
German Espinoza
a81a53092d
Fix images pull in ovs-dpdk role
...
This patch fixes ovs-dpdk images pull by adding
the variable kolla_role_name to the ovs-dpdk vars, so
services-image-pull can work correctly.
Closes-Bug: #2041864
Change-Id: I2e799290a57ebfacbc0ff9a0b1ca3dc956c513df
Signed-off-by: German Espinoza <gespinoza@whitestack.com>
2024-03-12 10:09:37 +01:00
Uwe Jäger
13dd9309df
Skyline configure Prometheus
...
Change-Id: I0a086c59076120aa53e6a05526dbab88e393c1c7
2024-03-11 18:08:41 +01:00
Michal Arbet
8c760d38a0
Fix creation of ovs bridges
...
This patch fixes the creation of the openvswitch
bridge by fixing an ansible task that was rewritten
to use an ansible module, but unfortunately, its loop
was implemented incorrectly.
Closes-Bug: #2056332
Change-Id: Ia55a36c0f9b122b72d757ca973e7d8f76ae84344
2024-03-11 09:49:51 +01:00
Michal Arbet
59da07920b
Fix coordination when redis used
...
Tooz 6.0.1 includes commit [1], which introduced
parsing the username from the Redis connection URL.
As a result, services started authenticating as admin
which, by the way, was incorrect even before, as either
a created user or the default one should have been used.
The reason it worked before is simply because the username
'admin' wasn't parsed anywhere.
This patch fixes the user being used and sets the correct
'default' one.
[1] https://review.opendev.org/c/openstack/tooz/+/907656
Closes-Bug: #2056667
Depends-On: https://review.opendev.org/c/openstack/kolla/+/911703
Change-Id: I5568dba15fa98e009ad4a9e41756aba0fa659371
2024-03-11 09:49:01 +01:00
Zuul
a7dd2425ec
Merge "prometheus: Add friendly instance labels for ironic and alertmanager"
2024-03-06 12:27:58 +00:00
Michal Nasiadka
b2a187e84e
rabbitmq: Add 3.12 feature flags (for upgrade to 3.13)
...
As per [1].
[1]: https://rabbitmq-website.pages.dev/docs/feature-flags
Depends-On: https://review.opendev.org/c/openstack/kolla/+/911093
Change-Id: Ib5bfc99a5023e4b949c1ea38eca9bfd1ea9cd633
2024-03-05 12:05:10 +00:00
Uwe Jäger
2185be008e
Allow customizing of Skyline configuration
...
Change-Id: I84cc5ce25da2fcfe4f284d8b3197f40d3a6d7ce1
2024-03-05 09:17:00 +01:00
Will Szumski
4d40c9e68f
Adds feature flag for ironic-inspector in bifrost
...
This is useful for backwards compatability.
Depends-On: https://review.opendev.org/c/openstack/kolla/+/909865
Change-Id: Ib2936580db5e7ab3479722bc353c39063010b5f2
2024-02-28 14:59:29 +00:00
Mark Goddard
10f0e9ddef
prometheus: Add friendly instance labels for ironic and alertmanager
...
These were omitted from I387c9d8f5c01baf6054381834ecf4e554d0fff35 and
I387c9d8f5c01baf6054381834ecf4e554d0fff35.
Closes-Bug: #2041855
Change-Id: I25e5450d1caeebd9c900c190fc0079988f1ca574
2024-02-28 12:16:32 +00:00
Zuul
e513ddd982
Merge "Adjust Ceph metrics scrape interval in Prometheus"
2024-02-27 11:59:32 +00:00
Zuul
ce3a6aff09
Merge "Fix gnocchi-metricd when TLS and Swift enabled"
2024-02-21 16:02:52 +00:00
Zuul
d30fb56c2a
Merge "Remove the `grafana` volume"
2024-02-20 17:25:50 +00:00
Zuul
ff63af4e65
Merge "cinder: Stop using admin service token"
2024-02-20 14:24:34 +00:00
Zuul
3c77151225
Merge "Revert "Disable new defaults and scope for Ironic (RBAC)""
2024-02-19 12:43:31 +00:00
Zuul
311fd881e4
Merge "Template system scoped admin-openrc and clouds.yml files"
2024-02-19 12:40:06 +00:00
Zuul
33129b7554
Merge "Add service role to ironic service users"
2024-02-19 12:40:03 +00:00
Zuul
a6fa564499
Merge "Ironic: enable elevated access for project scoped service role"
2024-02-19 12:40:00 +00:00
Bartosz Bezak
c51fbfdd8b
Revert "Disable new defaults and scope for Ironic (RBAC)"
...
This reverts commit d77372e86a
.
Reason for revert: service role support has been fixed in Ironic [1]
and added to Kolla-Ansible.
[1] https://review.opendev.org/c/openstack/ironic/+/907148
Closes-Bug: #2051837
Change-Id: I49664e3a353f54e0d51f454c552a78846ba64101
2024-02-15 15:14:56 +00:00
Bartosz Bezak
6e835ae758
Template system scoped admin-openrc and clouds.yml files
...
Ironic enabled secure RBAC with system scoped enforcement [1].
Some API calls, for instance 'baremetal:driver:get' needs system
scope role by design [2], even with elevated access project scope
service role [3].
[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] 8ec5606622/ironic/common/policy.py (L1349-L1357)
[3] https://review.opendev.org/c/openstack/kolla-ansible/+/908007
Related-Bug: #2051837
Change-Id: Id6313d7dd343b82d4c9ccf7bf429d340ea0e93d1
2024-02-15 15:01:59 +00:00
Zuul
0dac9eb93d
Merge "Fix mariadb role when used with check mode"
2024-02-15 14:13:18 +00:00
Bartosz Bezak
600e912400
Add service role to ironic service users
...
Add the service role to ironic service users. Ironic recently enforced
new policy validation as part of the RBAC efforts. [1][2]
Service user support was also added to Ironic. [3]
Admin role needs to stay as not all services added service role support. [4][5]
[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] e2a47de10a/goals/selected/consistent-and-secure-rbac.rst (phase-2)
[3] https://review.opendev.org/c/openstack/ironic/+/907148
[4] https://review.opendev.org/q/topic:bp%252Fpolicy-service-role-default
[5] https://review.opendev.org/q/topic:%22New-Location-Apis%22
Related-Bug: #2051837
Change-Id: I048402c2247188cf57f35437f557f84ac25d4ff2
2024-02-15 14:05:52 +00:00
Bartosz Bezak
121aa3d258
Ironic: enable elevated access for project scoped service role
...
Ironic recently started to enforce new policies and scope [1].
And Ironic is one of the sole openstack project which need
system scope for some admin related api calls [2].
However Ironic also started to allow project-scope behaviour
for service role with setting
``rbac_service_role_elevated_access``[3] [4]. This change enables
this setting to get similar behaviour of service role as other
openstack projects.
[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] e2a47de10a/goals/selected/consistent-and-secure-rbac.rst
?display=source#L261
[3] https://review.opendev.org/c/openstack/ironic/+/907148
[4] 8ec5606622/releasenotes/notes/service-project-service-role-fix-e4d1a8c23856926a.yaml
Related-Bug: #2051837
Change-Id: If8d7cf1663145d0398a2e936486e2b316d4df5e0
2024-02-15 15:04:06 +01:00