Service user passwords will now be updated in keystone if services are
reconfigured with new passwords set in config. This behaviour can be
overridden.
Closes-Bug: #2045990
Change-Id: I91671dda2242255e789b521d19348b0cccec266f
HAProxy exposes a Prometheus metrics endpoint, it just needs to be
enabled. Enable this and remove configuration for
prometheus-haproxy-exporter. Remaining prometheus-haproxy-exporter
containers will automatically be removed.
Change-Id: If6e75691d2a996b06a9b95cb0aae772db54389fb
Co-Authored-By: Matt Anson <matta@stackhpc.com>
This allows us to continue execution until a certain proportion of hosts
to fail. This can be useful at scale, where failures are common, and
restarting a deployment is time-consuming.
The default max failure percentage is 100, keeping the default
behaviour. A global max failure percentage may be set via
kolla_max_fail_percentage, and individual services may define a max
failure percentage via <service>_max_fail_percentage.
Note that all hosts in the inventory must be reachable for fact
gathering, even those not included in a --limit.
Closes-Bug: #1833737
Change-Id: I808474a75c0f0e8b539dc0421374b06cea44be4f
This commit addresses a few shortcomings in the etcd service:
* Adding or removing etcd nodes required manual intervention.
* The etcd service would have brief outages during upgrades or
reconfigures because restarts weren't always serialised.
This makes the etcd service follow a similar pattern to mariadb:
* There is now a distiction between bootstrapping the cluster
and adding / removing another member.
* This more closely follows etcd's upstream bootstrapping
guidelines.
* The etcd role now serialises restarts internally so the
kolla_serial pattern is no longer appropriate (or necessary).
This does not remove the need for manual intervention in all
failure modes: the documentation has been updated to address the
most common issues.
Note that there's repetition in the container specifications: this
is somewhat deliberate. In a future cleanup, it's intended to reduce
the duplication.
Change-Id: I39829ba0c5894f8e549f9b83b416e6db4fafd96f
Adds configurations and changes tasks to enable the
systemd plugin. Additionaly, the plugin is set to
read logs from the /var/log/journal directory
Implements: enable-fluent-plugin-systemd
Signed-off-by: Juan Pablo Suazo <jsuazo@whitestack.com>
Change-Id: Ic714a341befa5f906d9c0f78fa86f4c934df87cd
Kolla Ansible should deploy Glance and Cinder Backup with
S3 backend support working out-of-the-box.
The S3 backend had been re-introduced in Ussuri after being
deprecated around the Mitaka timeframe, and having some local
object storage options is nice for testing..
Closes-Bug: #1977515
Change-Id: I4ca58382d1ee568bfca2ad108495422163f81260
Co-authored-by: Juan Pablo Suazo <jsuazo@whitestack.com>
Co-authored-by: Maksim Malchuk <maksim.malchuk@gmail.com>
This change adds basic deployment based on Podman
container manager as an alternative to Docker.
Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Signed-off-by: Martin Hiner <m.hiner@partner.samsung.com>
Signed-off-by: Petr Tuma <p.tuma@partner.samsung.com>
Change-Id: I2b52964906ba8b19b8b1098717b9423ab954fa3d
Depends-On: Ie4b4c1cf8fe6e7ce41eaa703b423dedcb41e3afc
This commit adds the ironic-prometheus-exporter, following the
conventions used by the previously integrated exporters. '[The] Ironic
Prometheus Exporter is a Tool to expose hardware sensor data in the
Prometheus format through an HTTP endpoint.'[0]
Prometheus has been enabled in CI jobs to ensure test coverage.
[0] https://opendev.org/openstack/ironic-prometheus-exporter
Depends-On: https://review.opendev.org/c/openstack/kolla/+/874415
Change-Id: I6d421effd833d2e0524dd0b81736445c9a730ea9
This patch is adding a feature for an option to copy different
ceph configuration files and corresponding keyrings for cinder,
glance, manila, gnocchi and nova services.
This is especially useful when the deployment uses availability
zones as below example.
- Individual compute can read/write to individual ceph
cluster in same AZ.
- Cinder can write to several ceph clusters in several AZs.
- Glance can use multistore and upload images to
several ceph clusters in several AZs at once.
Change-Id: Ie4d8ab5a3df748137835cae1c943b9180cd10eb1
This change replaces ElasticSearch with OpenSearch, and Kibana
with OpenSearch Dashboards. It migrates the data from ElasticSearch
to OpenSearch upon upgrade.
No TLS support is in this patch (will be a followup).
A replacement for ElasticSearch Curator will be added as a followup.
Depends-On: https://review.opendev.org/c/openstack/kolla/+/830373
Co-authored-by: Doug Szumski <doug@stackhpc.com>
Co-authored-by: Kyle Dean <kyle@stackhpc.com>
Change-Id: Iab10ce7ea5d5f21a40b1f99b28e3290b7e9ce895
Kolla Ansible is switching to OpenSearch and is dropping support for
deploying ElasticSearch. This is because the final OSS release of
ElasticSearch has exceeded its end of life.
Monasca is affected because it uses both Logstash and ElasticSearch.
Whilst it may continue to work with OpenSearch, Logstash remains an
issue.
In the absence of any renewed interest in the project, we remove
support for deploying it. This helps to reduce the complexity
of log processing configuration in Kolla Ansible, freeing up
development time.
Change-Id: I6fc7842bcda18e417a3fd21c11e28979a470f1cf
From OpenStack Zed the Pure Storage Cinder driver supports
NVMe-RoCE as a dataplane protocol. This patch adds support
for this new driver type.
Also amend a couple of documentation formatting typos.
Change-Id: Ic1eed7d19e9b583e22419625c92ac3507ea4614d
First part of patchset:
https://review.opendev.org/c/openstack/kolla-ansible/+/799229/
in which was suggested to split patch into smaller ones.
This implements kolla_container_engine variable
in command calls of docker,so later on it can be
also used for podman without further change.
Signed-off-by: Ivan Halomi <i.halomi@partner.samsung.com>
Change-Id: Ic30b67daa2e215524096ad1f4385c569e3d41b95
We agreed that CentOS Stream 9 images are not published as we keep it
for CI use only (to check potential failures before it hits RHEL).
We recommend Rocky Linux 9 instead.
Change-Id: I06e6746e5c2abbdcd97912ea2f99d82fc662531d
Some time ago we dropped RHEL as one of possible options. During 'Zed'
cycle we added Rocky Linux 9 as alternative to CentOS Stream 9.
This change updates some mentions of both.
Change-Id: I9ed93efcb7d1ff97b1c7d8342db8252aba2a9887
Kolla Ansible now supports failing execution early if fact collection
fails on any of the hosts. This is to avoid late failures due to missing
facts (especially cross-host).
Change-Id: I7a74b937ded0b9da0621cf413f3a5d0d13a2cd68
Partial-Bug: #1833737
This patch follows upstream and disables linuxbridge testing.
Users are notified of the situation via the release note.
Change-Id: I524682ceb5287c14ef0ba99baae0c081850f4c5e
Kolla environment currently uses haproxy
to fullfill HA in mariadb. This patch
is switching haproxy to proxysql if enabled.
This patch is also replacing mariadb's user
'haproxy' with user 'monitor'. This replacement
has two reasons:
- Use better name to "monitor" galera claster
as there are two services using this user
(HAProxy, ProxySQL)
- Set password for monitor user as it's
always better to use password then not use.
Previous haproxy user didn't use password
as it was historically not possible with
haproxy and mariadb-clustercheck wasn't
implemented.
Depends-On: https://review.opendev.org/c/openstack/kolla/+/769385
Depends-On: https://review.opendev.org/c/openstack/kolla/+/765781
Depends-On: https://review.opendev.org/c/openstack/kolla/+/850656
Change-Id: I0edae33d982c2e3f3b5f34b3d5ad07a431162844
This change introduces automated configuration of firewalld and adds
a new filter for extracting services from the project_services dict.
the filter selects any enabled services and their haproxy element
and returns them so they can be iterated over.
This commit also enables automated configuration of firewalld from enabled
openstack services and adds them to the defined zone and reloads the
system firewall.
Change-Id: Iea3680142711873984efff2b701347b6a56dd355
This reverts commit 73fc230fe3.
Reason for revert: CI jobs failing with "msg": "{{ s3_url }}: 's3_url' is undefined"
Change-Id: Iba7099988cea0c0d8254b9e202309cd9c82a984d
Added options to configure S3 cinder backup driver, so cinder backup
can use S3 storage, for safekeeping backups.
Change-Id: Id6ff6206714581555baacecebfb6d8dd53bed8ac
In the last PTG it was decided to drop the keystone_token_provider variable, because there is no other option anymore.
Signed-off-by: Ramona Rautenberg <rautenberg@osism.tech>
Change-Id: I1ee2c3f9b7dbbbf4633c5874cdbb3c4f8c09e277
Add an enable_cinder_backend_pure_iscsi and
enable_cinder_backend_pure_fc options to etc/kolla/globals.yml
to enable use of the FlashArray backend.
Update the documentation to include a section on configuring
Cinder with the FlashArray.
Implements: blueprint pure-cinder-driver
Change-Id: I464733f1322237321ed1ffff8636cf30bd1cbb38
Winicius Silva