This variable was configuring enable_host_ntp in kolla-ansible, which
was removed in the Xena release.
Change-Id: I737598d3bbe40b933b4b727eccc3b2a76ed97cdb
Kayobe has fairly coarse-grained default groups - controller, compute,
etc, which work well in the majority of cases. Kolla Ansible allows much
more fine-grained placement on a per-service basis, e.g.
ironic-conductor. If the operator has taken advantage of this
fine-grained placement, then it is possible that some of the assumptions
in Kayobe may be incorrect. This is one downside of the split between
Kayobe and Kolla Ansible.
For example, Ironic conductor services may have been moved to a subset
of the top level 'controllers' group. In this case, we would not want
the Ironic networks to be mapped to all hosts in the controllers group -
only those running Ironic conductor services. The same argument can be
made if the loadbalancer services (HAProxy & keepalived) or Neutron
dataplane services (e.g. L3 & DHCP agents) have been separated from the
top level 'network' group.
This change abstracts the placement of Ironic conductor Ironic
inspector, loadbalancer and network services into separate variables,
rather than referencing the top level 'controllers' and 'network' groups
directly. These variables may be updated by the operator to match the
service placement.
Change-Id: Idbf181c795ee98ad653f11ae483f9dab4ef1b599
Kolla Ansible renamed kolla_internal_fqdn_cacert to
kolla_admin_openrc_cacert in Victoria, after which we no longer set the
variable correctly in globals.yml. This would lead to a missing
OS_CACERT in admin-openrc.sh and public-openrc.sh.
This change fixes the issue by renaming the relevant Kayobe variables to
match and passing through the correct variable. Backwards compatibility
is provided until the end of the deprecation period.
kolla_public_openrc_cacert -> kolla_external_fqdn_cacert
kolla_admin_openrc_cacert -> kolla_internal_fqdn_cacert
Story: 2010486
Task: 47054
Change-Id: I9e1cc20579cf80525d6ef732a1aac99a65bc171b
Co-Authored-By: Maksim Malchuk <maksim.malchuk@gmail.com>
This variable is not supported since
I61a61ca59652b13687c2247d5881012b51f666a7, but was not removed from
etc/kayobe/kolla.yml in that change.
This change also adds the replacement variable docker_registry_insecure
to etc/kayobe/docker.yml.
TrivialFix
Change-Id: I3fa96f0276e08a6678e5d743399d01bc19a8dd1b
Previously, we only supported passing through group_vars. Passing
through the inventory as is allows you to use other features of ansible
inventory such as host vars. It also simplifies the logic of merging
multiple inventories as we can just pass the inventory to ansible and
let ansible take care of the rest. This is useful for the multiple
environments feature.
Change-Id: I28f5d73d414d405d67f5fc92ab371aa2e28a4ce3
Story: 2002009
Task: 42910
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/802863
This change bumps up the maximum supported Ansible version to 7.x
(ansible-core 2.14.x) and minimum to 6.x (ansible-core 2.13.x).
This synchronises Kayobe with Kolla Ansible.
Change-Id: Ibffecaa8085bd38ebc8cded9a4bfebe77d59d515
The 'kayobe * host configure' commands no longer use the 'kolla-ansible
bootstrap-servers' command, and associated 'baremetal' role in Kolla
Ansible. The functionality provided by the 'baremetal' role has been
extracted into the openstack.kolla Ansible collection, and split
into separate roles. This allows Kayobe to use it directly, and only the
necessary parts.
This change improves failure handling in these Kayobe commands, and aims
to reduce confusion over which '--limit' and '--tags' arguments to
provide. This ensures that if a host fails during a host configuration
command, other hosts are able to continue to completion. Previously, if
any host failed during the Kayobe playbooks, the 'kolla-ansible
bootstrap-servers' command would not run. This is useful at scale, where
host failures occur more frequently.
This change has implications for configuration of Kayobe, since some
variables that were previously in Kolla Ansible are now in Kayobe.
Several parts of the baremetal role have been split out and used here:
* apparmor-libvirt: disable AppArmor rules for libvirt on Ubuntu.
* docker: Docker installation & configuration. The docker role in
openstack.kolla combines functionality from kolla-ansible and kayobe.
* etc-hosts: it proved difficult to generalise this, so we have some
almost duplicated the code from kolla-ansible here. Requires delegated
fact gathering for the case when --limit is used.
* firewall: support to disable UFW, for feature parity.
* kolla-packages: miscellaneous package installs & removals.
The addition of the stack user to the docker group has been moved to the
user bootstrapping playbook, and the docker SDK installation has been
moved to the virtualenv setup playbook.
Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/829587
Story: 2009854
Task: 44505
Change-Id: I61a61ca59652b13687c2247d5881012b51f666a7
Currently kayobe creates kolla-ansible venv using kayobe venv
python3. There are corner cases when creation k-a venv fails
while using kayobe venv created with python 3.6 buggy setuptools/
virtualenv command. Using OS python to create venv solves those
corner cases issues and preserves compatibilty.
Story: 2010634
Task: 47599
Change-Id: Ie0d9bf895f6714cbb8b0bd31a008eb388f4c51c2
This commit adds the necessary changes needed to support
reading and writing Kolla passwords to a Hashicorp Vault server
using Kolla-Ansible commands `kolla-readpwd` and `kolla-writepwd`.
This follows the support that was added into Kolla-Ansible in
the Change-Id Icf0eaf7544fcbdf7b83f697cc711446f47118a4d.
Change-Id: I732988e6160cc64d663d6ef8179f04d3e1226537
This change bumps up the maximum supported Ansible version to 6.x
(ansible-core 2.13.x) and minimum to 5.x. This synchronises Kayobe with
Kolla Ansible.
Shebang has been removed from modules due to [1].
os_openstacksdk_version has been added as openstack cloud modules don't
support versions greater than 0.99.
[1]: https://github.com/ansible/ansible/pull/76677
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/867546
Change-Id: Ibb00f6d079442a8509411ae8a71d74fd7bd8cccd
This follows removal of support from Kolla Ansible. This also removes
support for configuring Grafana with overcloud post configure.
Change-Id: I8102fafb00db178f1ae6801d37c43a39033cbfe6
Kolla removed support for binary images in the Zed release, as well as
the install_type config option. It also changed the image tag format.
Yoga & earlier:
openstack.kolla/centos-source-base:yoga
Zed & later:
openstack.kolla/base:zed-centos-stream9
This change removes the kolla_install_type variable. It also adds a
kolla_base_distro_version variable, which is passed to kolla and
kolla-ansible.
The following two variables are also removed, since all images are now
of type source:
* overcloud_container_image_regex_map_source
* overcloud_container_image_regexes_source
Change-Id: I0023765438c0c73394c3465828c4d98f766d9350
This adds a variable that allows you to modify the version of ansible
installed in the kolla-ansible virtualenv. This is useful if you want
to use a customised version of ansible.
Change-Id: I319dd51ed3221826f820fbc0ae3639b89e9c82ea
This change uses the new Galaxy requirements file in Kolla Ansible to
install the openstack.kolla collection.
Cross-project dependencies on ansible-collection-kolla are supported.
Story: 2009854
Task: 44504
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/819430
Change-Id: Iac185dd2bbbca128c6cf71b2734e94b3e1c6133b
EPEL is no longer required for a default installation. Let's disable it.
Also clean up the install_epel variable from Kolla Ansible globals.yml
template, since it never existed.
Story: 2009757
Task: 44227
Change-Id: I96eb4685f997e85ad2ee5318640d58d0287a016d
Kolla Ansible has recently updated the default Docker configuration to
stop using an insecure registry [1]. To avoid breaking existing Kayobe
deployments, automatically set docker_registry_insecure to true if we
deploy a registry without TLS.
[1] https://review.opendev.org/c/openstack/kolla-ansible/+/805449
Change-Id: Ifec7102812b5503cb02f207098192e99e7193d49
This change fix the issue when inspection didn't work corrctly in
case of L3-routed Ironic networks when DHCP packets received via a
DHCP-relay. The dnsmasq optional netmask part in the dhcp-range
parameter should be specified [1] in this case.
[1] https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Change-Id: I9488a72db588e31289907668f1997596a8ccdec6
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/813268
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Supports merging configuration for the following files:
* kolla/globals.yml
* kolla/config/bifrost/bifrost.yml
* kolla/config/bifrost/dib.yml
* kolla/config/bifrost/servers.yml
* kolla/kolla-build.conf
Configuration is merged from the following sources:
* Kayobe source code
* Base Kayobe config
* Kayobe environment
Co-Authored-By: Will Szumski <will@stackhpc.com>
Change-Id: I552bd8f7853b2032954b372bf4476676dac3e271
Story: 2002009
Task: 42974
By default, Ansible injects a variable for every fact, prefixed with
ansible_. This can result in a large number of variables for each host,
which at scale can incur a performance penalty. Ansible provides a
configuration option [0] that can be set to False to prevent this
injection of facts. In this case, facts should be referenced via
ansible_facts.<fact>.
This change updates all references to Ansible facts within Kayobe
from using individual fact variables to using the items in the
ansible_facts dictionary. This allows users to disable fact variable
injection in their Ansible configuration, which may provide some
performance improvement.
This change disables fact variable injection in the ansible
configuration used in CI, to catch any attempts to use the injected
variables.
[0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars
Story: 2007993
Task: 42464
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/791276
Change-Id: I14db53ed6e57d37bbd28dd5819e432e3fe6628b2
To avoid switching existing deployments from devicemapper to overlay2,
we check the existing storage driver configuration directly with the
Docker daemon, or if unreachable by reading the /etc/docker/daemon.json
configuration file.
Co-Authored-By: Pierre Riteau <pierre@stackhpc.com>
Story: 2005667
Task: 30972
Change-Id: Iaf2ee8c9f302f4684ae039bb00b2e2e5969cf1fc
Kayobe generates a host_vars file for each host in the Kolla Ansible
inventory. These contain network interfaces and other host-specific
things. Currently this is done by iterating over all hosts, which does
not scale well with a large number of hosts.
This change extracts the host vars generation into a separate role, and
executes it in a play targeted at all hosts, with delegate_to:
localhost. This ensures that host variable files are generated in
parallel.
Story: 2007993
Task: 40629
Change-Id: Iae75e17024adee9c2874c14d3ed36f4c87ba48d7
Adds support for HTTP basic authentication with the Docker registry.
The kolla docker registry password is now written to passwords.yml.
Change-Id: Ie6e854a66a6660d4e02771fe2b5dd97af814194d
Story: 2007952
Task: 40429
Various kolla-ansible TLS features (including backend TLS and custom CA
certs) require certificates to be passed via
$KOLLA_CONFIG_PATH/certificates/. Currently Kayobe does not support
this.
This change adds support for copying across files from
$KAYOBE_CONFIG_PATH/kolla/certificates.
It also uses the kolla-ansible default value for
kolla_external_fqdn_cert and kolla_internal_fqdn_cert when
kolla_external_tls_cert and kolla_internal_tls_cert are respectively
not set. This allows for the standard kolla-ansible configuration
approach of dropping these certificates into the
$KAYOBE_CONFIG_PATH/kolla/certificates directory, rather than defining
them as variables. This can be useful if using the kolla-ansible
certificates command to generate certificates for testing.
Change-Id: I646930ad8ea70991d6ffa00f15f93f72d922141b
Story: 2007679
Task: 39790
* Always use Python 3
* Drop code paths for CentOS 7
* Drop support for Yum
* Remove support for host NTP daemon, always use chrony
* Switch references from 'yum_install_epel' to 'dnf_install_epel'
* Remove overcloud host image workaround for tagged VLAN admin network
* Remove the kayobe.utils.yum_install function, which is unused
Change-Id: I368f6edafed9779658798fc342116b4c1b3ffd48
Story: 2006574
Task: 39481
We can use the Ansible pip module's support for specifying a list of
packages with version constraints.
Change-Id: If5d3c7117175732c54e38025692eb4c036053ebc
Using become for all Kolla Ansible tasks is not ideal from a security
perspective. It is also incompatible with fact caching, since it causes
facts to be gathered and cached as root, which changes some facts.
This change modifies the default value of kolla_ansible_become to false.
Change-Id: I9ee5c55e59276f70c92e9c698c01123dcf8919a1
Story: 2007492
Task: 39217
It leaves certain ceph mentions in globals.yml.j2 as it needs
syncing with kolla-ansible contents anyways
(these are all comments).
Change-Id: I05e9c6223583e9bb5dc0020edc0b56990275093c
Story: 2007295
Task: 38766
This reverts commit a93b85ba07.
The local Python executable for Kolla Ansible is changed to Python 3
because Kolla Ansible master no longer supports Python 2.
Change-Id: I768ce8db9cec1c70d94f271997bbcc64d370403e
The default is still Python 2. This is a necessary prerequisite for using
the master branch of kolla-ansible, which requires Python 3.
Change-Id: Ida5b60b723c8208bb7305c3d669eafdab6dbbe01
Story: 2004959
Task: 38767
In Kayobe hosts which are part of a Nova cell can be managed via the
existing controller and compute groups. However, since Nova Cells are
configured via group vars in Kolla Ansible we need some way of setting
these. We could pass vars through to Kolla Ansible host vars using
`kolla_overcloud_inventory_pass_through_host_vars` but the list of
variables which may be set on a per cell basis is large and undefined.
This change allows the user to directly specify Kolla Ansible group vars
as part of Kayobe config, allowing the deployment of Nova Cells by
Kayobe to be largely unchanged from the procedure documented in Kolla
Ansible.
Change-Id: I2695034d36936fcc77a4828c67f9552155781dd6
Story: 2004291
Task: 37804
Kolla Ansible Train introduces support for TLS encryption of the
internal API. This change introduces support for internal API encryption
in Kayobe.
The following new variables are introduced:
* kolla_enable_tls_internal
* kolla_internal_tls_cert
* kolla_internal_fqdn_cacert
Also only set kolla_*_fqdn_cacert in globals.yml if set.
Change-Id: If432afde374fe247d09c952e110c9567e17daea1
Story: 2006959
Task: 37649
Matt Crees