Commit Graph

61 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov 2e78c2314d Remove `localhost` record from hosts file
After adding `localhost` to inventory explicitly [1] this caused an interesting
side-effect, where a record for `localhost` is being added to the managed block
in /etc/hosts file, which might override FQDN defenition for the host.

This also makes healthcheck-hosts.yml fail the test, since expected record is not present.

[1] https://review.opendev.org/c/openstack/openstack-ansible/+/899523

Change-Id: If1840530a54aa9ae22eda1d3094f0c40ab66ddde
2023-12-29 10:48:24 +01:00
Dmitriy Rabotyagov 65f28c5bb4 Add ability to define a config for journald
At the moment we aim to make systemd-journald a universal destination
for log files across services. With that there is currently no way
of configuring journald using OSA. While this might be
neat for production deployments, it's very valuable to have for CI
as well.

Change-Id: I70a8c9266cb12811a58f5a183955dbec319e539f
2023-08-22 08:25:21 +00:00
Dmitriy Rabotyagov 4d68d23f51 Allow to manage extra services, mounts and networks
We do mainatain set of systemd roles, that allow to easily provision
extra services, mounts or even networks and used quite widely across
roles. This way we can ease lives of deployers and need of maintaining
external playbooks and roles that will do basically same. Feature for a
way to create/manage internal networking was also asked for quite
a while amoung users. Systemd-service role can also be used to
define post/pre hooks for configured networks and systemd_mount
can be usefull to setup a shared filesystems for image or volume
conversion directories to avoid running out of diskspace on controllers.

Change-Id: Ia13f7747696db5b7b7640df7532c6d55627bdd01
2022-12-26 10:23:00 +00:00
OpenStack Release Bot 4d28a46f08 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: Ief4ce78fc8c03bd2cc913cb06bc154cb6b41a774
2022-12-13 13:09:53 +00:00
Dmitriy Rabotyagov f26fbe4c6a Allow to add extra records to /etc/hosts
Add variable, that would allow to provide extra records for /etc/hosts
file. That might be useful for ppl who still have not adopted proper
DNS or want to do DNS RR, but not for internal VIP and manage internal
VIP with /etc/hosts file, where each host group would resolve FQDN to
a local address.

Change-Id: I89f8cdebf9322c0451b5600b073c82b7773af164
2022-07-28 17:57:39 +02:00
Jonathan Rosser 2fa0318c73 Prevent ceph packages installing from ubuntu-cloud-archive
This patch adds a new variable `openstack_hosts_apt_pinned_packages`
which defaults to pinning ceph packages from the UCA repository to
a lower priority than the equivalent packages from the main ubuntu
repository.

Without this change, installing lxc-templates will pull packages from
the Quincy release of Ceph via Yoga UCA, and this is ahead of the
Pacific version expected by the ceph_client and ceph-ansible code.

This change improves consistency of the ceph packages installed across
the deployment and does not allow very new packages in UCA to later
cause a package downgrade failure when the ceph_client/ceph-ansible
attempts to install the well-defined version of ceph required by
openstack-ansible.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/838762
Change-Id: Ia19ba6bae3e95ceb2e517039fbbfb9346e014961
2022-04-21 12:54:36 +00:00
Jonathan Rosser fddc4fa4db Add centos_mirror_url variable.
This variable can define the centos mirror location deploymemnt
wide rather than need an override per role.

Change-Id: Ibc4f63d84f82ba14b4e432b9c5d78c270071a284
2022-02-02 15:46:22 +00:00
Dmitriy Rabotyagov 92b1d408b8 Set REQUESTS_CA_BUNDLE env var
In order to force requests module inside venvs to trust system-trusted
certificate authorities, we need to define environment variable
that will provide full path to CA file. Otherwise certifi provided file
will be used, that can't be updated with new CA once they're added
to system trust store.

Change-Id: I79446813602ae094bb788d3c29654fb814ec19a8
2021-06-25 13:26:46 +00:00
Zuul c8e2b4b127 Merge "Decrease TCP retries in case of VIP failover" 2021-04-12 14:17:49 +00:00
Damian Dabrowski 853114ea28 Ability to add extra package manager configuration
This change implements openstack_hosts_package_manager_extra_conf variable which allows to add extra content into package manager's configuration(works with apt,yum and dnf).

Change-Id: Icbd3350c11bd0698bffc2083215ad51af759d5ef
2021-04-02 14:36:55 +02:00
Andrew Bonney 7434bed989 Add hostname resolution to deploy host
This addresses an issue with delegation to containers noticed
as a result of https://github.com/ansible/ansible/issues/72776
which causes the container host to be accessed by its hostname.

Where a separate deploy host is used, up to now this has not had
its hosts file modified. This patch applies the same /etc/hosts
entries to the deploy host which are used elsewhere.

Change-Id: I82b48ba5cfe6e533426e7098c455b729084b2d51
2021-03-18 09:52:27 +00:00
Dmitriy Rabotyagov e479735681 Decrease TCP retries in case of VIP failover
In case of VIP failover some connections (like mysql) can stuck
in retrying to connect and detect a dead connection. We
should probably make this failover to be detected faster then the
default value as suggested in [1]

[1] https://access.redhat.com/solutions/726753

Change-Id: Ia51f7f8f5225c4e350760093686858eabb3fec8a
Related-Bug: #1917068
2021-03-09 14:41:54 +00:00
Jonathan Rosser 588f4ae719 Assume centos version is at least 8.3
Removing this check allows the same code to work on centos-8 stream
where the version is reported just as '8'.

Change-Id: Icc608500a099f51e5c44cecd1d259ff6315758f7
2021-03-02 07:59:48 +00:00
Dmitriy Rabotyagov d7a4ff5a6a Set UCA repo to Victoria
Since UCA provides V only for 20.04, we are not able to provide
distro installs for 18.04
Still we're leaving UCA fixed to U for bionic to get required KVM
libraries and other dependencies.

Change-Id: I94fbc9fc75e188d3a4a334ffb08836d431003764
2020-10-16 17:06:19 +03:00
Andreas Jaeger d8632d0882 Use newer openstackdocstheme and reno versions
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.

Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.

openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.

See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html

Change-Id: I4e7cbb2aca8ef44e0c1859b526d2597949685f4d
2020-06-03 19:04:27 +02:00
OpenStack Release Bot f613c3b9a9 Update master for stable/ussuri
Add file to the reno documentation build to show release notes for
stable/ussuri.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.

Change-Id: I0f8b174c1f56480d17837d56e0a83db06e7ef14e
Sem-Ver: feature
2020-06-01 13:11:02 +00:00
Andreas Jaeger e530191b4d Update docstheme for style
New version of openstackdocstheme (Victoria+) respects pygments_style.
Since this repo is using now Victoria (master) requirements but has
not branched for Ussuri yet, it uses the new version.

Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.

Change-Id: I83827de22f4bca3ef3fea51f830740fa539a6114
2020-05-20 18:46:10 +02:00
Zuul 751cc4e3b1 Merge "Use blockinfile for hosts file generation" 2020-03-11 14:04:50 +00:00
Dmitriy Rabotyagov c64e1caf72 Use blockinfile for hosts file generation
This patch aims to simplify generation of hosts
file content as it's now generated purely with ansible.

As a result upgrade jobs should be fixed afterwards

Change-Id: I7961115f215153515ba3f3a00bbbeeb9fb4568f1
2020-02-26 18:46:27 +00:00
Dmitriy Rabotyagov 04949ede51 Use debian OpenStack repos
Debian has their own OpenStack repositories [1] which we should use
for delivering modern software and for distro deployments.

This patch also renames uca related variable to apt to correspond
the needs of these variables.

[1] https://wiki.debian.org/OpenStack

Change-Id: I7b613d50027a3e55500c5de4823268a290e04ffb
2020-02-06 17:47:56 +02:00
Dmitriy Rabotyagov 2ca3c1639e Replace git.openstack.org with opendev.org
This patch replaces git.openstack.org with opendev.org as redirection
from old path was enabled.

Change-Id: I6f0ade4f1e67260eb9d52323998801d57024a9b3
2019-11-14 14:13:36 +02:00
OpenStack Release Bot e25eb13431 Update master for stable/train
Add file to the reno documentation build to show release notes for
stable/train.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.

Change-Id: I6f45763aac984e539b68e0d1946bd650e4e1bdaa
Sem-Ver: feature
2019-10-22 18:55:32 +00:00
Jonathan Rosser 1498d0d61d Install user supplied CA certificates into system trust store
This functionality can be used to install any CA certificates that
the deployer requires into any combination of hosts/containers.

Change-Id: Ic1292e18c8add78e8cb30f624be96292b153d4fe
2019-06-26 11:42:12 +01:00
OpenStack Release Bot 7d0e71cce8 Update master for stable/stein
Add file to the reno documentation build to show release notes for
stable/stein.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.

Change-Id: Ia7542d407b9d31aba3197cf06f1aac5bfba8b0a8
Sem-Ver: feature
2019-04-08 09:16:03 +00:00
Mohammed Naser 3c3f4c09d8 Do not disable caching for apt when http proxies are configured
This patch removes code which detected http proxies being set in
environment variables, and inserted an apt configuration instructing
those proxies not to perform caching.

This lack of caching reduces the effectiveness of an http proxy which
has caching enabled - a common technique for increasing performance of
operating system installs without having to run a full mirror of
upstream repositories.

If a deployer is faced with a proxy server which in some way breaks
upstream package repository interactions, this no-cache setting can be
applied by the deployer as part of host preparation and will be
duplicated into containers by the OSA tooling.

Change-Id: I62293c723353ffb986db1cddc5d0da20ae0df447
2018-11-07 15:41:33 +00:00
OpenStack Release Bot e262f81402 Update reno for stable/rocky
Change-Id: I4b9e8cce8edb347269cd26271dde36372e60040f
2018-08-10 16:45:27 +00:00
Markos Chandras 899e838419 tasks: Use PIP distribution packages for openSUSE and Ubuntu
Supported openSUSE and Ubuntu distributions ship with relatively new
pip, setuptools, virtualenv and wheel packages so we can use that in
favor of the PIP ones. This also avoids running the pip_install role
on these hosts making the deployment somewhat faster.

Implements: blueprint openstack-distribution-packages
Change-Id: I424ca9ca71253cc4e673065f35c9b939942eeda3
2018-04-23 17:31:21 +01:00
melissaml 83b6015f8a fix a typo in documentation
Change-Id: I2157cf5704d5b760264e0626f3bd7f18adc866de
2018-03-23 08:19:06 +08:00
Zuul 59112cbd84 Merge "Allow deployers to configure yum fastestmirror" 2018-02-19 09:24:45 +00:00
OpenStack Release Bot af57407853 Update reno for stable/queens
Change-Id: I266d036e3d3b2293bc6b965632c982bfc512158f
2018-02-14 15:46:19 +00:00
Major Hayden 3d6612b821
Allow deployers to configure yum fastestmirror
This patch uses the new ``openstack_hosts_enable_yum_fastestmirror``
variable to determine whether yum's fastestmirror plugin should be
enabled.

Depends-On: I8b2a1db084ab47962dbef8c6b037836f44b4ed46
Change-Id: Id340ac48a551081031b14804d376e6e5d744fa0d
2018-02-13 16:03:54 -06:00
Major Hayden 181f6cea3a
Keep persistent systemd journals
This patch enables persistent systemd journals and allows a deployer
to disable the option if needed. The disk space requirements are
extremely low since the files are stored in binary format. It is
significantly less storage than rsyslog requires.

Closes-Bug: 1748195
Change-Id: I4de267f2839c5022e83a07fa7779f242808df5c0
2018-02-08 07:52:08 -06:00
Jean-Philippe Evrard 754348632f Force the uca filename
Defining staticly the UCA filename allows us to know in advance
which file to copy from host in the lxc_host role.

We remove here previously defined or default UCA filenames for
the same branch.

Change-Id: If6e3fe6b6c24570c34fe7bab358aed59340f379c
2017-12-02 13:03:19 +00:00
Zuul b12bced81b Merge "Add the ability to run the role on all hosts" 2017-11-27 21:52:08 +00:00
Jean-Philippe Evrard f8a150cc76 Add the ability to run the role on all hosts
We currently have spread out package/host management to multiple
roles, sometimes repeating ourselves in the process (see
pip_install and openstack_hosts overlap)

That is against Ansible principles, and we should have one role
that configures the minimum (to run openstack), applying it to
all the nodes, maybe behaving slightly differently depending on
some parameters. Here that parameter is if the host is a container
or not. If the host is a container, all the physical host
configuration (kernel and sysctl) is be skipped, the
rest of the configuration (packages/repos) still applies.

This needed a refactor to split the tasks into those two group
while remaining efficient and avoid multiple back and forth
of package installs/removal. For that last point, new defaults
variables were introduced, allowing overrides per host/group.
A node now member of a group x can now directly use this role
to setup all its necessary repos and keys.

Last, but not least, this override mechanism can now easily
trigger pip_install role, which can from now on, be removed
from every role. On top of that pip_install role can now
remove its repo management, and focus on installing pip on
hosts that don't have a proper version of pip installed.

Change-Id: Ibf145e561c80a12055bd4d5dca3914c4d495a748
2017-11-24 14:50:40 +00:00
Andreas Jaeger 26b0a4b313 Remove setting of version/release from releasenotes
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.

Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.

This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html
.

Change-Id: I07504f0cccfa52162a989d450f3ecf014e5185af
2017-11-17 07:52:00 +01:00
Jean-Philippe Evrard ad1d712889 Initial OSA zuul v3 role jobs
This patch implements an initial set of jobs intended to match
the current job execution method. It does not intend to improve
how the jobs are executed - only to replicate what is currently
in openstack-infra/openstack-zuul-jobs and provide the platform
to iterate on.

Change-Id: If38825e721ca099fd13b51e87fcb8dbb9714c99e
2017-10-17 18:20:51 +00:00
Jenkins 39163fd3bb Merge "Ensure sysstat is running on CentOS" 2017-10-04 09:06:08 +00:00
Major Hayden df374a6e02 Add reno for bridge-nf-call change
This patch adds a release note for the bridge-nf-call patch from
I4d5139a6016e75ebec84994ac3555600d65a3f7c.

Change-Id: I1a2fd13f88f48182db866cc444d63bb0c6d2cf31
2017-09-20 21:01:21 +00:00
Major Hayden e9f75bf860
Ensure sysstat is running on CentOS
This patch fixes sysstat on CentOS so that it runs properly.

Closes-Bug: 1717361
Change-Id: If95b0e02d7863291f88b67909128439599660ad0
2017-09-14 15:21:33 -06:00
Jenkins 1c8d98c82f Merge "Update reno for stable/pike" 2017-08-22 14:48:30 +00:00
OpenStack Release Bot 26dc6e5605 Update reno for stable/pike
Change-Id: I740191e97c461a3d160f70d2886f7c5a608f70e0
2017-08-21 10:28:49 +01:00
Major Hayden 690ecb8ca4
Allow override of RDO repo baseurl
This patch allows deployers to set openstack_hosts_centos_mirror_url
and override the default RDO repository (mirrors.centos.org).

Change-Id: I81d89299541211556bd76794a82475f3879fa297
2017-08-18 10:06:39 -05:00
ZhongShengping 52a9e7d958 Fix openstackdocstheme settings
To use openstackdocstheme 1.11.0 properly, this patch fixes
some settings according to follow[0].

[0]https://docs.openstack.org/openstackdocstheme/latest/

Change-Id: I19c5a4db5773b80606750df588a09d2f4a082e56
2017-07-03 16:12:38 +08:00
ZhongShengping 2ff8c84001 Switch from oslosphinx to openstackdocstheme
As part of the docs migration work[0] for Pike we need to switch to use the
openstackdocstheme.

[0]https://review.openstack.org/#/c/472275/

Change-Id: I5d259006c5a85155bad3405d13546627fee4d3e5
2017-06-26 13:56:41 +08:00
Jenkins 5980c9e7c7 Merge "Update reno for stable/ocata" 2017-02-06 09:26:32 +00:00
gecong1973 9ff8983d00 Use https instead of http for git.openstack.org
TrivialFix

Change-Id: Ibf6aee790902ed72f039649fd6881dede645cec1
2017-02-06 10:50:45 +08:00
OpenStack Release Bot 86c54ef597 Update reno for stable/ocata
Change-Id: Ifa78bd2c5cd817b60a9bbe711b1b8638df384a2b
2017-02-03 18:57:53 +00:00
Major Hayden 86c83d08d0 Make nf_conntrack_max configurable
Some OpenStack clouds host applications that handle a large amount of
concurrent connections and this exhausts the default
`nf_conntrack_max` value of `262144`.

This patch allows deployers to easily specify a larger amount of
connections by setting ``openstack_host_nf_conntrack_max``.

Closes-Bug: 1660991
Change-Id: I62b6ad8805b962050664880e6011abdab7514481
2017-02-01 08:03:31 -06:00
Jesse Pretorius dde8effbd0 Make the release file options more configurable
Downstream deployers may want not to deploy the
/etc/openstack-release file, or to customise the
contents.

This patch makes the file drop optional, but also
makes the contents more configurable.

Change-Id: I549a23f2f08dfb97ca8daa36f00437d927de30a5
2016-12-07 12:32:54 +00:00