At the moment Cloudkitty is targeted at all LXC hosts along with containers
which is not needed nor intended.
Unfortunatelly there's no really good compatible fix exist, so action from operator is required to handle transition to new naming for
the service.
Change-Id: I9360495e3b3347568969e36e0e96bb1325efd59f
At the moment our dynamic_inventory does have assumption that group names
defined in env.d will not contain underscores, except when it's ending
with `_hosts` or `_containers` since inventory script uses split on `_` and taking
the last argument. So in cases when underscore was used elsewhere in the
group name it will result in unexpected behaviour.
Instead of this approach we now use regexp which replaces the last octet separated with underscore with intended suffix to preserve
rest behaviour.
Change-Id: Id9ba56292972b8b52b4786c78684f2d6f289d88a
According to RFC1034 [1], underscores are not legitimate symbols for
hostnames. We have a naming convention that historically uses underscores
in names of containers which leads to a complications in some cases/logic
Moreover, container actual hostnames are always different from their
inventory_hostnames, which might break some logic of external dependencies.
To change this historical issue, all new containers will have different
naming convention, where only dash will be used as a separator.
This will not touch already existing in inventory containers and they will
preserve their names for the time being.
[1] http://www.faqs.org/rfcs/rfc1034.html
Change-Id: Iedebf9935059ecfe8370f2a84ad52516cc93320e
This patch adds variables which when can be used to extend
openstack ansible by calling additional user defined playbooks
at the start and end of the main setup-* playbooks.
Change-Id: Ic55dd6447f603d91beaeea28beb04e4c1393d6af
At the moment there is no well defined way to supply list of extra Python
requirements for Ansible venv. However, some collections for their work might
require presence of extra libraries inside the execution environment.
While PIP_OPTS might be used right for that, it's usage is not transparent
or documented.
In order to handle such need, `user-ansible-venv-requirements.txt ` is being implemented
that reside inside OSA_CONFIG_DIR and contains list of required packages
for installation when running bootstrap-ansible.sh
Change-Id: Ic99f7eff200e2e672dcc3edd875b155af84232b7
With changes to config_template module that restored usage of {% raw %} tags [1]
renderring of mapping keys, if they're defined as variables, was broken.
Ansible, by design [2], does not render mapping keys. Moreover, it was not
working as intended anyway, since renderring happened in post-copy stage
so same records were not merged together, which resulted in #1812245
As such behaviour is expected by Ansible design, instead of adding some
workaround in config_template module, I suggest working around issue
by defining troublesome mapping with Jinja, that will allow it to render properly.
[1] https://review.opendev.org/c/openstack/ansible-config_template/+/881887
[2] https://github.com/ansible/ansible/issues/17324#issuecomment-685102595
Closes-Bug: #2048036
Related-Bug: #1812245
Change-Id: I8a32736239c6326d817c620451799c13d5d8938c
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: I182d9ac70b3149dd035aaec89a64db9321a514f9
During PTG we agreed to disable quorum queues by default during this
cycle and wait for improvements proposed as part of [1] before enabling
it by default.
This also adds a separate job that will test scenario with enabled quorum
queues.
[1] https://review.opendev.org/q/topic:bug-2031497
Change-Id: I0807cc1ed991fd85f9f74d4a360d3fd23cde227c
Because implicit localhost is not a part of 'all' or any other group,
playbooks executed with '--limit' may not take it into account.
The problem was extensively described in bug #2041717.
This change explicitly adds localhost to OSA inventory to avoid
unexpected behavior.
Closes-Bug: #2041717
Change-Id: Ib44ed22d7132b42a4185a91f12c66ced5a1a6209
Code of os-nova-install has been refactored to include content from the
common nova playbook. This allows us to be more flexible in executed
tasks and simplify logic.
Related-Bug: #2034583
Change-Id: I21fe061d93cf77c97f8fa6d0003219595459e1c3
At the moment all compute nodes are explicitly added as
OVN gateway nodes. At the same time one of recommended setups
are to not pass public networks to compute hosts and have
standalone network nodes that are running ovn gateways which is
not possible to configure with current setup.
Change-Id: If99ddc47d32acf41cdb542b4e56d90b6e3589a56
HA policies were replaced with quorum queues [1] and discuouraged and
marked for removal in 4.0 [2]
Based on that we perform migration from HA queues to quorum,
since they're already supported in oslo.messaging.
Patches per-service are required to enable quorum queues in service
configuration.
This also adjusts upgrade doc to contain a variable required for
proper nova cell update on changed vhost.
[1] https://www.rabbitmq.com/quorum-queues.html
[2] https://blog.rabbitmq.com/posts/2021/08/4.0-deprecation-announcements/
Change-Id: Icd5eabcad4801b454f29b388613d7241bb9b0ad0
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: I0ef888fc91bf3888851f6251a21d546f62333195
When only 'swift' is specified in `rgw_enable_apis`, sending a http
request to the base RadosGW API URL('/') returns '405 Method Not
Allowed'.
It causes an important issue, because when any change is made to RadosGW
configuration via ceph-ansible, the 'restart ceph rgws' handler is
triggered that use restart_rgw_daemon.sh[1] script to restart radosgw
service.
Both curl and wget used by this script return non-zero return code on
'405 Method Not Allowed' response, causing ceph-ansible playbook to fail.
As a solution 's3' api can be enabled by default. With S3 API enabled,
base RadosGW API URL('/') returns 200 instead of 405 RC.
This change affects only environments using integrated ceph-ansible.
[1] https://github.com/ceph/ceph-ansible/blob/stable-7.0/roles/ceph-handler/templates/restart_rgw_daemon.sh.j2#L68
Change-Id: Ief8759e19d935aec9d8cfa855b1b0ba2b0c83424
Enabling TLS on the internal VIP for existing deployments will cause
downtime until each client is configured to use HTTPS instead of HTTP.
To avoid downtime, it is recommended to enable
`openstack_service_accept_both_protocols` until all services are
configured correctly.
It allows haproxy frontends to accept both HTTP and HTTPS.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/864784
Change-Id: Ie6f5b73c54b0a6d1f661a9d4f33b8a301d8c4170
In cases when SSH and mgmt networks are different, it might be important
to have valid management_address that services are relying on when
listening on interfaces. At the moment for bare metal hosts
management_address will be equal to ansible_host which leads to
unpredictable behaviour under some scenarios. With management_ip we allow
to define another IP address that will be used as container/management
address for bare metal host, while `ip` will still represent
ansible_host.
Related-Bug: #2002645
Change-Id: I3152ae7985319e85b9ea520021f9eea6f5850341
This patch aims to reduce confusion caused by a variable
`container_address` that's applicable for bare metal hosts. With that
it renames `is_container_address` to `is_management_address`
to be aligned with the purpose of the variable, as `container` part
raised confusion.
Change-Id: I314224f3376cf91e05680b11d225fdaf81ec32ab
At the moment it's not possible to apply different versions of
services to the different groups due to playbook vars having
prescedence over group_vars. However, it can be quite important
to such use cases, for example for phased rollouts of newer versions.
This will also reduce amount of unnecessary variables that are included
for each host, since only required git details will be loaded.
Closes-Bug: #2007296
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_rally/+/881954
Change-Id: Icaa3a958926d9f9aa6cb649bd9f3da9449dd7490
All services placed behind haproxy include an additional playbook
responsible for creating their haproxy services.
Scope for some variables was changed to be more optimal.
Change-Id: I0eec358d982cc09dcb7e2c0045b9684c65876faf
Several new features have been added to openstack-ansible which
require special handling on port 80/443, such as support for
LetsEncrypt and security.txt. This causes a confusing situation
when several different features are served by the 'horizon' haproxy
frontend/backend when horizon itself may not necessarily be deployed.
This patch splits the haproxy config for port 80/443 into a 'base'
frontend which is always deployed and is responsible for handling
requests for LetsEncrypt and security.txt with all other traffic being
handled by a default 'horizon' backend.
The 'horizon' backend is only deployed when the horizon service is
enabled, i.e. when the horizon_all ansible group has members.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/876157
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/876436
Change-Id: I7bdf71faa761897cc2a0e01d1af1ccb4946f10f5
The deployment of etcd as a service on the control plane is no
longer needed as calico was the only user of this.
The etcd-server role remains in our requirements as it is used
internally as part of the Zun playbook.
Change-Id: I2a158fd2b85ec0e637071ed4ef7c123a6583ecc0
This will allow the services to be cloned from github or a local
mirror by setting a small number of variables rather than overriding
every git repo URL individually.
Change-Id: I750d897e9e3c8ca161c0740c73cdc4c6e42b6440
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I683fb98c47a3894b2d66df44a7dd6681ae02c6b2
At the moment there is no handy functionality to override ENV variables
and store them in git near OSA config. As while we take into account
that ENV vars can already exist and we should use them, these VARs must
be defined in /etc/environement or bashrc files.
This patch aims to look for user.rc file inside OSA_CONFIG_DIR.
If it's present - it will be sourced with all it's content. This way
deployers can store environemnt variables overrides in git and they will
be loaded during on openstack-ansible startup.
Change-Id: Ie24ada54a0e0dc064be028929b416d983fdb5b49
Zookeper is being added as a coordination backend which is
required for some service features to work properly.
Change-Id: I2d464ae339f057ea4ba08bd343b6a51c029a74f3