Kolla Ansible renamed kolla_internal_fqdn_cacert to
kolla_admin_openrc_cacert in Victoria, after which we no longer set the
variable correctly in globals.yml. This would lead to a missing
OS_CACERT in admin-openrc.sh and public-openrc.sh.
This change fixes the issue by renaming the relevant Kayobe variables to
match and passing through the correct variable. Backwards compatibility
is provided until the end of the deprecation period.
kolla_public_openrc_cacert -> kolla_external_fqdn_cacert
kolla_admin_openrc_cacert -> kolla_internal_fqdn_cacert
Story: 2010486
Task: 47054
Change-Id: I9e1cc20579cf80525d6ef732a1aac99a65bc171b
Co-Authored-By: Maksim Malchuk <maksim.malchuk@gmail.com>
Previously, we only supported passing through group_vars. Passing
through the inventory as is allows you to use other features of ansible
inventory such as host vars. It also simplifies the logic of merging
multiple inventories as we can just pass the inventory to ansible and
let ansible take care of the rest. This is useful for the multiple
environments feature.
Change-Id: I28f5d73d414d405d67f5fc92ab371aa2e28a4ce3
Story: 2002009
Task: 42910
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/802863
This follows removal of support from Kolla Ansible. This also removes
support for configuring Grafana with overcloud post configure.
Change-Id: I8102fafb00db178f1ae6801d37c43a39033cbfe6
Kolla removed support for binary images in the Zed release, as well as
the install_type config option. It also changed the image tag format.
Yoga & earlier:
openstack.kolla/centos-source-base:yoga
Zed & later:
openstack.kolla/base:zed-centos-stream9
This change removes the kolla_install_type variable. It also adds a
kolla_base_distro_version variable, which is passed to kolla and
kolla-ansible.
The following two variables are also removed, since all images are now
of type source:
* overcloud_container_image_regex_map_source
* overcloud_container_image_regexes_source
Change-Id: I0023765438c0c73394c3465828c4d98f766d9350
Synchronize with new kolla-ansible parameters introduced in the
Ib69fc0017b3bfbc8da4dfd4301710fbf88be661a for Ironic Inspector.
Depends-On: Ib69fc0017b3bfbc8da4dfd4301710fbf88be661a
Change-Id: I6d9e3acc477c9c4b3bb9db9c01a2db83b9568f59
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
This change fix the issue when inspection didn't work corrctly in
case of L3-routed Ironic networks when DHCP packets received via a
DHCP-relay. The dnsmasq optional netmask part in the dhcp-range
parameter should be specified [1] in this case.
[1] https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Change-Id: I9488a72db588e31289907668f1997596a8ccdec6
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/813268
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Supports merging configuration for the following files:
* kolla/globals.yml
* kolla/config/bifrost/bifrost.yml
* kolla/config/bifrost/dib.yml
* kolla/config/bifrost/servers.yml
* kolla/kolla-build.conf
Configuration is merged from the following sources:
* Kayobe source code
* Base Kayobe config
* Kayobe environment
Co-Authored-By: Will Szumski <will@stackhpc.com>
Change-Id: I552bd8f7853b2032954b372bf4476676dac3e271
Story: 2002009
Task: 42974
Update Apt cache prior to all package installation tasks.
Adds apt_cache_valid_time, which defaults to 3600 seconds. This allows
the time for which the Apt cache is valid to be configured.
Change-Id: I0ecf4f4ce9b7333d3e41c69c3f908bee83391781
Story: 2004960
Task: 41766
Kayobe generates a host_vars file for each host in the Kolla Ansible
inventory. These contain network interfaces and other host-specific
things. Currently this is done by iterating over all hosts, which does
not scale well with a large number of hosts.
This change extracts the host vars generation into a separate role, and
executes it in a play targeted at all hosts, with delegate_to:
localhost. This ensures that host variable files are generated in
parallel.
Story: 2007993
Task: 40629
Change-Id: Iae75e17024adee9c2874c14d3ed36f4c87ba48d7
Adds support for HTTP basic authentication with the Docker registry.
The kolla docker registry password is now written to passwords.yml.
Change-Id: Ie6e854a66a6660d4e02771fe2b5dd97af814194d
Story: 2007952
Task: 40429
Various kolla-ansible TLS features (including backend TLS and custom CA
certs) require certificates to be passed via
$KOLLA_CONFIG_PATH/certificates/. Currently Kayobe does not support
this.
This change adds support for copying across files from
$KAYOBE_CONFIG_PATH/kolla/certificates.
It also uses the kolla-ansible default value for
kolla_external_fqdn_cert and kolla_internal_fqdn_cert when
kolla_external_tls_cert and kolla_internal_tls_cert are respectively
not set. This allows for the standard kolla-ansible configuration
approach of dropping these certificates into the
$KAYOBE_CONFIG_PATH/kolla/certificates directory, rather than defining
them as variables. This can be useful if using the kolla-ansible
certificates command to generate certificates for testing.
Change-Id: I646930ad8ea70991d6ffa00f15f93f72d922141b
Story: 2007679
Task: 39790
It leaves certain ceph mentions in globals.yml.j2 as it needs
syncing with kolla-ansible contents anyways
(these are all comments).
Change-Id: I05e9c6223583e9bb5dc0020edc0b56990275093c
Story: 2007295
Task: 38766
In Kayobe hosts which are part of a Nova cell can be managed via the
existing controller and compute groups. However, since Nova Cells are
configured via group vars in Kolla Ansible we need some way of setting
these. We could pass vars through to Kolla Ansible host vars using
`kolla_overcloud_inventory_pass_through_host_vars` but the list of
variables which may be set on a per cell basis is large and undefined.
This change allows the user to directly specify Kolla Ansible group vars
as part of Kayobe config, allowing the deployment of Nova Cells by
Kayobe to be largely unchanged from the procedure documented in Kolla
Ansible.
Change-Id: I2695034d36936fcc77a4828c67f9552155781dd6
Story: 2004291
Task: 37804
Kolla Ansible Train introduces support for TLS encryption of the
internal API. This change introduces support for internal API encryption
in Kayobe.
The following new variables are introduced:
* kolla_enable_tls_internal
* kolla_internal_tls_cert
* kolla_internal_fqdn_cacert
Also only set kolla_*_fqdn_cacert in globals.yml if set.
Change-Id: If432afde374fe247d09c952e110c9567e17daea1
Story: 2006959
Task: 37649
Instead of always checking out the master branch, use the kolla-ansible
branch with which this Kayobe version is meant to be used.
Change-Id: I074d4b9d444649ecf956d3cd92748862e8c89a5c
The kolla-ansible CLI now requires the kolla_ansible python module to be
importable. We need to activate the virtualenv to make this work.
Change-Id: I43d4761409df3eea146dc7ff16b4c8d80855a91b
Fixes an issue where multiple NTP daemons could be running on the
overcloud hosts, due to Kolla Ansible deploying a chrony container by
default starting with the Rocky release.
Kayobe now overrides this default, to ensure that chrony does not conflict
with the NTP daemon deployed on the host. To use the containerised chrony
daemon instead, set ``kolla_enable_chrony`` to ``true`` in
``${KAYOBE_CONFIG_PATH}/kolla.yml``. This will also disable the host NTP
daemon.
To ensure that chrony is not running, Kayobe removes the chrony container
if ``kolla_enable_chrony`` is ``false`` in the following commands:
* ``kayobe overcloud service deploy``
* ``kayobe overcloud service reconfigure``
* ``kayobe overcloud service upgrade``
The play in Kayobe is tagged with ``stop-chrony``.
Change-Id: I89a973c0b600abece79bddcba5a46cc28a4f1df9
Story: 2005272
Task: 30122
Updates the minimum version of Ansible from 2.4 to 2.5, and the maximum
supported version from 2.6 to 2.7.
Change-Id: If8071a9b5c85e5e69fbb333e91c84d10c20d80f3
Story: 2006143
Task: 35639
In a deployment that has both Ceph or Swift deployed it can be useful to seperate the network traffic.
This change adds support for dedicated storage networks for both Ceph and Swift. By default, the storage hosts are
attached to the following networks:
* Overcloud admin network
* Internal network
* Storage network
* Storage management network
This adds four additional networks, which can be used to seperate the storage network traffic as follows:
* Ceph storage network (ceph_storage_net_name) is used to carry Ceph storage
data traffic. Defaults to the storage network (storage_net_name).
* Ceph storage management network (ceph_storage_mgmt_net_name) is used to carry
storage management traffic. Defaults to the storage management network
(storage_mgmt_net_name).
* Swift storage network (swift_storage_net_name) is used to carry Swift storage data
traffic. Defaults to the storage network (storage_net_name).
* Swift storage replication network (swift_storage_replication_net_name) is used to
carry storage management traffic. Defaults to the storage management network
(storage_mgmt_net_name).
This change also includes several improvements to Swift device management and ring generation.
The device management and ring generation are now separate, with device management occurring during
'kayobe overcloud host configure', and ring generation during a new command, 'kayobe overcloud swift rings generate'.
For the device management, we now use standard Ansible modules rather than commands for device preparation.
File system labels can be configured for each device individually.
For ring generation, all commands are run on a single host, by default a host in the Swift storage group.
A python script runs in one of the kolla Swift containers, which consumes an autogenerated YAML config file that defines
the layout of the rings.
Change-Id: Iedc7535532d706f02d710de69b422abf2f6fe54c
Kayobe writes out several host variables to the Kolla ansible inventory
files, etc/kolla/inventory/seed and etc/kolla/inventory/overcloud. These
include ansible_host, and network interfaces such as api_interface,
ironic_dnsmasq_interface, etc.
In Ansible, these should have a higher precedence than the kolla ansible
group variables in ansible/group_vars/all.yml that set the defaults.
However, in Ansible 2.4+, if the host has the same name as a group that
it is in, the group variables now take precedence, meaning that it is
not possible to override them.
This was observed when using the kayobe-config-dev repo for testing,
where the seed host is in the seed group.
Admittedly ansible does tell you not to do this: [WARNING]:
Found both group and host with same name: localhost
The solution used here is to use a separate host_vars file for each
host. Alternatively we could enforce that hostnames and groups do not
overlap.
Change-Id: I349c8279d85a591689ac8108bce14d96889440fe
Story: 2004418
Task: 28065
Fixes an issue with ironic prechecks, which now require
ironic_dnsmasq_dhcp_range to be set when ironic is enabled.
Also uses the new kolla variable ironic_dnsmasq_default_gateway to
configure the gateway for the inspection network.
These changes mean that we can drop our custom override of
ironic-dnsmasq.conf, since it now matches the file in kolla ansible.
This change depends on the Rocky release of Kolla Ansible.
Change-Id: I0b2e094904772fc6e14f1916e20ef207161ec001
Kolla-ansible uses the variable 'ironic_dnsmasq_interface' to denote the
interface for the ironic inspector dnsmasq service. Previously kayobe
was incorrectly using the variable 'inspector_dnsmasq_interface', which
caused kolla-ansible to ignore it and use the API interface instead.
This patch fixes that.
Change-Id: I733a84759cd03b62659dbf2d7027b7be9e42e818
Story: 2004026
Task: 27017
Adds support for configuration of per-host network interfaces in Kolla Ansible.
Previously, all interfaces were configured in globals.yml, meaning that all
hosts used the same interface names. Now, interfaces are configured for each
host via inventory files.
This does have the drawback that host entries in the inventory are rather long
and not too readable. An improvement on this could be to generate host_vars
files. With a little more intelligence, it would be possible to use group_vars
files or even globals.yml when interfaces are uniform within a group or
globally.
Change-Id: I95a128d762ff9faf70467f83cb276a5ab619d1ea
Story: 2001658
Task: 6691
Support configuring a separate tunnel network for tenant
overlay network traffic.
Change-Id: I74274823d6fe3a42aabcca00c8cd20e1abb3d219
Story: 2003054
Task: 23091
In some cases it is useful to use a user other than the default 'kolla'
to perform kolla ansible remote execution. Kolla is adding support for
this in the Rocky release, we should use it.
It is now possible to configure a different user via the
kolla_ansible_user and kolla_ansible_group variables.
Depends-On: https://review.openstack.org/581330
Change-Id: I280fb8f70eacd31fff0ae5671ddd6608cd02ae6e
Story: 2002914
Task: 22892