Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I52a2ac12df98edbeba79eb1c39f23bf1b113255b
The removal of support for Centos-7 means that it is no longer necessary
to maintain compatibility with LXC2 configuration keys. This patch removes
the code which substitutes LXC3 keys for LXC2 keys.
Depends-On: https://review.opendev.org/742166
Depends-On: https://review.opendev.org/742103
Change-Id: I2911a20a3391e880df80f41eed5c9a8d5e36c2f4
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Ic5b77991ef4fe356771041fc71c2930744b23d4e
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I5946da2354a2adf955df3c3eabf4fe2129845f77
Sem-Ver: feature
New version of openstackdocstheme (Victoria+) respects pygments_style.
Since this repo is using now Victoria (master) requirements but has
not branched for Ussuri yet, it uses the new version.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
Change-Id: Icb7ee6ec2b567e98d0a1145bfae10d205fb91a25
This repo is now testing only with Python
3, so let's make a few cleanups:
- Remove setup.* files, those are not needed
for this repo
- Cleanup */source/conf.py to remove now
obsolete content.
- Remove install_cmd from tox.ini, the default is fine;
move constraints into deps, cleanup
Change-Id: I6dae70865bac5abb0d394e93c2a854e74c2689d7
Add file to the reno documentation build to show release notes for
stable/train.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.
Change-Id: I962197fa9c061f9a82b147aa04c67287838a8315
Sem-Ver: feature
Add file to the reno documentation build to show release notes for
stable/stein.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.
Change-Id: I3e9d08a943fea462bfb9fe861e5a5c8e7e0a2886
Sem-Ver: feature
In Ica79472568799098ebf83c6cefc585f117975f37 some incorrect
variable names were used. This patch changes the variable
names to suit their purpose and ensures that they are used
consistently throughout the role.
Change-Id: If9e912641b5b6cb7791221b40dd4d56e215c2b98
Some use cases such as public facing dns servers for Designate
are difficult to deploy with the dynamic inventory as they have
a hard requirement for fixed IP on certain interfaces. An additional
variable allows the deployer to create these special interfaces.
Change-Id: I4f0ac58f2d5c19fea1606fe1fbb011bb1a36f7b4
The container and host can link journals giving operators the ability to
log stream and check on the health of a system without needing to login
(attach) to the container. This change implements journal linking for
LXC containers following the reference systemd specification.
Reference implementation:
https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--link-journal=
Change-Id: Id68cf39a77b5dd9c13c010829b47cd7a414378bc
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The variable `lxc_user_defined_container` has been added which allows a
deployer to define the container variable file in use for a given
container type.
Depends-On: https://review.openstack.org/554383
Change-Id: Ia1373bfa916b4add49a8444d2e4553f898650328
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Patch I0d83fd4895d4c5beaf5a84a239c1a1ed71521dee dropped the ARP=yes
option for networkd because it's not supported by old systemd releases.
This however brings back a problem where the default one sysctl
arp_notify option in the kernel may not correctly set for our use case.
Containers are created with random MAC addresses so we need to ensure
that ARP entries are populated correctly when a container is restarted.
Instead of having to implement some sort of a new workaround on the host,
it's probably better to create all containers with fixed MAC addresses from
now on.
Change-Id: I8ad390fc3ce27756f26c57c92aaa3adc8e506a17
Unify container network interfaces using Systemd Networkd for ubuntu,
centos, and openSUSE. This change allows the role to use a single way to
configure container networks.
Care has been taken to ensure we're able to cleanly upgrade to the new
capabilities within existing environments without breaking any feature
compatibility or causing any container restarts.
It's also worth noting that all of the pre/post networking up/down
script options have been converted to systemd "oneshot" services. This
retains the ability to run adhoc scripts post network availability
while also opening up this capability, which used to be ubuntu only,
to all of our supported operating systems.
> Our usage of `lxc-attach` was removed in favor of `nsenter` to fix a
issue where multiple `lxc-attach` commands issued to a single physical
host could result in a hang.
> Scripts that were being generated inline have been placed into
template files. This solves a long standing memory consumption issue
when creating lots of containers. The old shell tasks will now be
executed from a generated script. While this should also help with
debugging, the main driver is to ensure better system stability.
> A lot of cleanup has been done throughout the task files and
templates. In the process of updating the role to use unified
networking a lot of duplicate tasks, scripts, and processes have
consolidated.
> Handlers have been added for network connection wait conditions and
to various service restarts.
> The OSA plugins have been added to this role as a dependency. We
rely on the connection plugins throughout the stack however we were
doing a lot of workarounds to cater to the possibility of a deployer
running this role without them. This change simply adds the plugins
as a known dependency which allows for a more streamlined setup.
Change-Id: I5d3ddcfa11d575648a69a04f2fb30236c2c89da3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.
Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.
This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html
.
Change-Id: I035c3f5c0d4f63d24e015c74a0d25979553e920a
This patch implements an initial set of jobs intended to match
the current job execution method. It does not intend to improve
how the jobs are executed - only to replicate what is currently
in openstack-infra/openstack-zuul-jobs and provide the platform
to iterate on.
Change-Id: If86f31a6ff188c57c5981dcf9eddc26af7101b25
The LXC container create role has not been updated to use some of our
more well throughout patterns and layouts. This change updates the role
so that its following our normal role conventions and simplifying task
execution.
New tags have been added to follow the basic tag pattern found in all
other roles. The two tags now supported are lxc-config, and lxc-create.
The creation backends have been seperated out into dynamically included
files. This will reduce our "skips" which will improve execution time
and assist developers in understanding what is happening when a
container is created. Stubbs for BTRFS and ZFS container types have been
added so future work can continue on those two store options without
impacting our normal workflow.
All task files have been updated to use the "lxc_" prefix which follows
the pattern found in everyone of our roles.
Change-Id: I0982a42321cf88f66442b5f766729f17c68e8e4a
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The `lxc_container_recreate` variable will allow for recreating already
deployed containers using either a playbook or a command line argument.
This option is most useful during an upgrade, where the containers are
thrown away and completely rebuilt from scratch.
Change-Id: I3ba35daf49111a3fdfb2e30cffddd9af23aafb28
This change allows for caching of the MAC addresses between runs by
using local facts on the physical host. This saves calculation time
after the first run, since the facts are effectively cached.
This also means any containers that rely on having stable MAC addresses
(such as neutron agents or rabbitmq) can be recreated with the same MAC
address if the container is destroyed. It will *not* be retained if
destroyed and removed from inventory, however, since the facts rely on
using the exact same hostname.
Change-Id: Id3d13299c1416cc4862437629b32f4309c2dc595
The s390x architecture (aka IBM z Systems) supports OpenStack since
the Kilo release. This change adds the necessary tweaks to let
openstack-ansible do its work on that platform.
Change-Id: Ifa788182142b9fb4613007c087dae78eec52c5d9
Co-Authored-By: Chris Beukers <chris.beukers@icu-it.nl>
As part of the docs migration work[0] for Pike we need to switch to use the
openstackdocstheme.
[0]https://review.openstack.org/#/c/472275/
Change-Id: Id9888937c5287bf07162e205a51bb4e37527037a
After configuring networking in the container, we used a task to wait
for SSH to respond on the container, using the Ansible wait_for module
trying to connect to port 22.
When managing containers in Ansible using other connection plugins that
use LXC commands on the physical host to execute modules, there may not
be an SSH daemon running within the container. In these situations we
can accomplish the same check without SSH by using the wait_for_connection
module (new in ansible 2.3) to verify that Ansible has a working execution
path into the container, but not necessarily via SSH.
Change-Id: I81beda2590b5f5505b7de9ae94cef06bcbdf2f93
Add the ability to append pre-up, post-up, pre-down, and post-down script
entries to the container_networks dict that are dropped along with the OSA
default configurations when templating the container's interface config files.
The keys preup, postup, predown, and postdown will be appended to the OSA
lxc_container_default_{pre,post}{up/down} lists when dropping the interface
config.
Change-Id: Idf15ec17bac03b55638fb8d862e5445093677f23
In order to facilitate role-based base containers when
copy-on-write containers are created, a prefix can now
be used to differentiate the base containers.
Change-Id: If8094d5bc6a52524128bcaddff2aaf20acf39833
This change resolves a long standing issue where a container's mac
address regenerates when it was restarted. In most cases when a
container is restarted and it's mac address is rotated and nothing bad
happens; mac learning will resolve itself given enough time in just
about all situations. However services like neutron-agents are long
lived and are highly sensitive to network changes. These types of
services expect consistent hardware addressing and when mac
addresses rotate may become confused.
To limit the possibility of prolonged downtime caused by mac address
rotation on network sensitive containers an option has been created to
allow a container to have a fixed mac address. If this option is enabled
the container will generate fixed addresses for all networks assosiated
with the specific container. The option is `lxc_container_fixed_mac` and
it has a default value of "false".
Change-Id: Ie1a8dc172c45fc2b4cfa724a2bafa67cb481ba73
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Releasenote translation publishing is being prepared. 'locale_dirs'
needs to be defined in conf.py to generate translated version of the
release notes.
Note that this repository might not get translated release notes - or
no translations at all - but we add the entry here nevertheless to
prepare for it.
Change-Id: Ieb84a1478a9062bd19f0bb814f12f6e60f149952
This patch implements the ability to set 'copy-on-write' as the
'lxc_container_backing_method' for containers where the
'lxc_container_backing_store' is 'lvm'.
Change-Id: I571fe60d6d051a7d377ec95d83a2617e3f0dd384
Depends-On: I0bf227891a85bd7c8db53ca73fc5380b95e514fa
This change adds the ability for a container to have network interfaces
added without needing to restart to get the interfaces online. Adding
the interface with the container online will be faster and allow for
rolling changes in an environment that may effect critical services that
run from within a container.
Change-Id: I68048ae10cdd52fc3b5c43542686e056237a9305
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
With the move of the container creation process from each service
playbook into the lxc-container-create playbook/role, it would be
appropriate to ensure that the delay implemented in the service
plays is implemented in the role.
This patch does so.
Change-Id: I473bcccde315ef66f45e912ad33ed665bed3b07c
To reduce the number of times a container is restarted during the
build process, this patch implements the facility to consume
LXC bind mounts items from the inventory.
This allows bind mounts to be set in group_vars and therefore have
them applied on container creation instead of later when the service
install playbook runs.
Previously the container_commands option was used, but the bind
mounts are a special case which are better served with its own
set of tasks to ensure that everything needed is in place on the
host and in the container.
Needed-By: Ie2a0528fbd56c8360dd679f55fb2047e0a061c31
Change-Id: I72cdc607d7b4364d78c840bf688e43e013f40709
To reduce the number of times a container is restarted during the
build process, this patch implements the facility to consume
LXC container_command items from the inventory.
This allows any arbitrary command, such as the creation of a bind
mount directory, to be set in group_vars and therefore have it
applied on container creation instead of later when the service
install playbook runs.
Change-Id: I2aa015a136d6efca501797430d82f1461c303edf
This changes allows a deployer to disable a container restart
by setting the option ``lxc_container_allow_restarts`` to ``false``.
Forward port based on:
- https://review.openstack.org/344834
- https://review.openstack.org/346064
Change-Id: I2c681d7e0681f8586286dc9f371d7b5e231bda68
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Since overlayfs is now part of the mainstream kernel, it makes sense
to take advantage of it to speed up the container creation process.
This patch implements the ability to set 'overlayfs' as the backing
store for containers. This is an optional feature which must
explicitly be set by the deployer.
As this only works with Ansible > 2.0 a pre-requisite check has been
implemented to protect against its use with prior versions. The
inventory and key prep playbook have been adjusted to work with
Ansible versions <2 and >2.
The logging for the veth cleanup has been removed as overlayfs
containers do not have access to the /dev/log device. This causes
the container setup to be incomplete.
Depends-On: I20123b83af10c0890f4d5945b9fb230acd664213
Change-Id: If5b11ef6d94fe863a75efd174957ad43b9d2e030
This patch updates the sphinx configuration for docs and releasenotes
to make it easier to replicate across repositories and to comply with
pep8 testing without exceptions.
Change-Id: I9ad5b8912ce67c4c1b7f722dd0cc280ccd4a8c2e
This commit adds support for container creation on Ubuntu ppc64le.
It maps the ansible architecture to the correct lxc architecture
and sets the container arch accordingly.
Change-Id: I1f142686d7190e5bfe7147366d406381b5011725
In lxc-container create this update will ensure we're using good
hostnames. This is required in some logging cases as well as SSL.
This will also allow a deployer to customize the domain name based on
their needs.
A new variable has been created called ``lxc_container_domain`` with a
default value of "openstack.local". This change has no upgrade impact as
any changes that need to happen within an existing environment will be
automatically taken care of without impacting the functionality of an
existing deployment.
This is largely based on Ib31a48dd480ecb376a6a8c5b35b09dfa5d2e58f6, with
the intent being to move the tasks from a playbook in the integrated
repo to the lxc_container_create role, and with the addition of limiting
127.0.0.1 to localhost within /etc/hosts.
Change-Id: I9e72699354a467478742281cab74690e66b6a652
Co-Authored-By: Kevin Carter <kevin.carter@rackspace.com>