clouds.yaml[0] is a richer way to express configuration for OpenStack
clouds. It's also fully supported by Ansible's OpenStack modules as
well as python-openstackclient and openstacksdk. It's the future - who
doesn't like the future?
Write a file using both the public (default) and the internal endpoints
for the admin user. Also, change all of the examples to reference it
and to get python-openstackclient to use it too.
[0] https://docs.openstack.org/openstacksdk/latest/user/guides/connect_from_config.html
Implements: blueprint use-clouds-yaml
Change-Id: I557d2e4975c7b3d3c713a556b9ba47af9567ce6e
By default, Ansible injects a variable for every fact, prefixed with
ansible_. This can result in a large number of variables for each host,
which at scale can incur a performance penalty. Ansible provides a
configuration option [0] that can be set to False to prevent this
injection of facts. In this case, facts should be referenced via
ansible_facts.<fact>.
This change updates all references to Ansible facts within Kolla Ansible
from using individual fact variables to using the items in the
ansible_facts dictionary. This allows users to disable fact variable
injection in their Ansible configuration, which may provide some
performance improvement.
This change disables fact variable injection in the ansible
configuration used in CI, to catch any attempts to use the injected
variables.
[0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars
Change-Id: I7e9d5c9b8b9164d4aee3abb4e37c8f28d98ff5d1
Partially-Implements: blueprint performance-improvements
we use octavia user to upload image currently, so it is better to
create a octavia openrc file for user
Implements: blueprint implement-automatic-deploy-of-octavia
Change-Id: Ib53d00fa4a6ee59b8a0b2245f83786a6af0cbf53
Previously the post-deploy.yml playbook was executed with become: true,
and the admin-openrc.sh file templated without an owner or mode
specified. This resulted in admin-openrc.sh being owned by root with 644
permissions.
This change creates the file without become: true, and explicitly sets
the owner to the user executing Ansible, and the mode to 600.
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Closes-Bug: #1891704
Change-Id: Iadf43383a7f2bf377d4666a55a38d92bd70711aa
This fix was premature as it completely ignores
the previously-respected umask.
Let's discuss a proper fix and revert this one
since CI is fixed elsewhere [1].
[1] https://review.opendev.org/743502
This reverts commit 87efdce24b.
Change-Id: If38adbf124e793574a21ae986f9ee146d587f820
Ansible changed the default mode for files, even in stable
releases. [1]
This change restores the previous default (with the common
umask).
[1] https://github.com/ansible/ansible/pull/70221
Change-Id: I0f81214b4f95fe8a378844745ebc77f3c43027ab
Closes-Bug: #1891145
The variable {{ node_config_directory }} is used for the configuration
directory on the remote hosts, and should not be used for paths on the
deploy host (localhost).
This changes the default value of the TLS certificate and CA file to
reference {{ CONFIG_DIR }}, in line with the directory used for
admin-openrc.sh (as of I0709482ead4b7a67e82796e17f85bde151e71bc0).
This change also introduces a variable, {{ node_config }}, that
references {{ CONFIG_DIR | default('/etc/kolla') }}, to remove
duplication.
Change-Id: Ibd82ac78630ebfff5824c329d7399e1e900c0ee0
Closes-Bug: #1804025
kolla-ansible can take globals.yml from any directory by using
--config-dir argument. So store admin credentials there as well.
Not everyone runs kolla-ansible as a root.
Change-Id: I0709482ead4b7a67e82796e17f85bde151e71bc0
Add config_owner_user and config_owner_group to group_vars/all,
which is user and group of Kolla configuration files in /etc/kolla.
Add become to post-deploy playbook.
Add become to only neccesary tasks in roles:
- certificate
- common
- destroy
- haproxy
- mariadb
- memcached
- rabbitmq
Change-Id: I2aba745a6e3928c52642f64551470fd08cbfd058
Partial-Implements: blueprint ansible-specific-task-become
The admin-openrc.sh should copy to where the python-openstackclient was installed.
whatever multinode and all-in-one, the place where python-openstackclient was
installed is localhost, So admin-openrc.sh should copy to localhost.
The purpose of "connection: local" in ansible playbook is that make sure this script
can copy to localhost.In all-in-one, Writting as this is ok, it will copy to localhost,
but in multinode, this will make a bug, add ansible_connection=ssh in inventory file
the admin-openrc.sh will not copy to the localhost,the "connection:local" in post-deploy.yml
will be covered by "ansible_connection=ssh" in inventory file, then the script will be copied
to target node. So we should modify the hosts to localhost to avoid this bug.
Change-Id: I054717cc2b4adc600808282034a10a58c1184a38
Closes-Bug: #1666808
Bartosz Bezak