Skip to content
Snippets Groups Projects
Select Git revision
  • deployment default
1 result
Search by author
  • Any Author
  • KANAPA SYLVERE p1919734 KANAPA SYLVERE p1919734 p1919734
1 author
  1. Nov 13, 2020
  3. Nov 10, 2020
  5. Nov 04, 2020
  7. Oct 08, 2020
  9. Oct 07, 2020
    • Mark Goddard's avatar
      CI: enable designate in magnum CI job · c2987d65
      Mark Goddard authored 
      Follows designate guide, adding a default zone for fixed and
floating IPs, then boots an instance and verifies that its
name resolves.

Change-Id: Ifbfdab425e2c8a36a8f3ab8539f70dca4cce2abc
      c2987d65
  11. Oct 05, 2020
    • Michal Nasiadka's avatar
      Use Docker healthchecks for core services · c52a89ae
      Michal Nasiadka authored 
      This change enables the use of Docker healthchecks for core OpenStack
services.
Also check-failures.sh has been updated to treat containers with
unhealthy status as failed.

Implements: blueprint container-health-check
Change-Id: I79c6b11511ce8af70f77e2f6a490b59b477fefbb
      c52a89ae
  13. Oct 04, 2020
    • Radosław Piliszek's avatar
      Coordinate haproxy and keepalived restarts · c2d0bf30
      Radosław Piliszek authored 
      Keepalived and haproxy cooperate to provide control plane HA in
kolla-ansible deployments.
Certain care should be exerted to avoid prolonged availability
loss during reconfigurations and upgrades.
This patch aims to provide this care.
There is nothing special about keepalived upgrade compared to
reconfig, hence it is simplified to run the same code as for
deploy.
The broken logic of safe upgrade is replaced by common handler
code which's goal is to ensure we down current master only after
we have backups ready.

This change introduces a switch to kolla_docker module that allows
to ignore missing containers (as they are logically stopped).
ignore_missing is the switch's name.
All tests are included.

Change-Id: I22ddec5f7ee4a7d3d502649a158a7e005fe29c48
      c2d0bf30
  15. Sep 30, 2020
  17. Sep 24, 2020
    • James Kirsch's avatar
      Add support for encrypting Ironic API · 7c2df87d
      James Kirsch authored 
      This patch introduces an optional backend encryption for the Ironic API
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Ironic service.

Change-Id: I9edf7545c174ca8839ceaef877bb09f49ef2b451
Partially-Implements: blueprint add-ssl-internal-network
      7c2df87d
  19. Sep 23, 2020
  21. Sep 17, 2020
    • Mark Goddard's avatar
      CI: add magnum scenario, also covering octavia · d2326712
      Mark Goddard authored 
      Adds a new Zuul job, kolla-ansible-centos8-source-magnum, for testing
deployment of Magnum, Octavia and associated services.

Change-Id: I61b293ba6bb52064ea98a73e2dff0023fa01a2a2
      d2326712
    • Mark Goddard's avatar
      Support TLS encryption of RabbitMQ client-server traffic · 761ea9a3
      Mark Goddard authored 
      This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.

The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.

RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.

Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support
      761ea9a3
  23. Sep 12, 2020
    • Radosław Piliszek's avatar
      [CI] Ensure network is set for Zun · 7a3072e9
      Radosław Piliszek authored 
      If we don't set it, then Zun chooses one randomly (the first one
from Neutron).
This may break if it is a network that is not available on
target hosts, e.g. external via L3 agent router.

Since capsules do not support nets yet [1], this patch ensures
desired network creation order in init-runonce instead.

[1] https://bugs.launchpad.net/zun/+bug/1895263

Change-Id: Iaa113dcfb826164a2772d2c91d34ec0236be0817
      7a3072e9
  25. Sep 10, 2020
  27. Sep 08, 2020
    • Radosław Piliszek's avatar
      [CI] Remove setup_gate.sh symlink · b21c07ac
      Radosław Piliszek authored 
      This is confusing as it is not meant to be used by users.
Also, various tools show duplicated matches due to both locations
containing the exact same content.

Change-Id: I2debe121f64954e57788270d3258775f29f1cbb0
      b21c07ac
  29. Aug 13, 2020
  31. Aug 11, 2020
  33. Aug 07, 2020
  35. Jul 27, 2020
  37. Jul 15, 2020
  39. Jul 10, 2020
  41. Jul 07, 2020
    • Mark Goddard's avatar
      Performance: Run common role in a separate play · 56ae2db7
      Mark Goddard authored 
      The common role was previously added as a dependency to all other roles.
It would set a fact after running on a host to avoid running twice. This
had the nice effect that deploying any service would automatically pull
in the common services for that host. When using tags, any services with
matching tags would also run the common role. This could be both
surprising and sometimes useful.

When using Ansible at large scale, there is a penalty associated with
executing a task against a large number of hosts, even if it is skipped.
The common role introduces some overhead, just in determining that it
has already run.

This change extracts the common role into a separate play, and removes
the dependency on it from all other roles. New groups have been added
for cron, fluentd, and kolla-toolbox, similar to other services. This
changes the behaviour in the following ways:

* The common role is now run for all hosts at the beginning, rather than
  prior to their first enabled service
* Hosts must be in the necessary group for each of the common services
  in order to have that service deployed. This is mostly to avoid
  deploying on localhost or the deployment host
* If tags are specified for another service e.g. nova, the common role
  will *not* automatically run for matching hosts. The common tag must
  be specified explicitly

The last of these is probably the largest behaviour change. While it
would be possible to determine which hosts should automatically run the
common role, it would be quite complex, and would introduce some
overhead that would probably negate the benefit of splitting out the
common role.

Partially-Implements: blueprint performance-improvements

Change-Id: I6a4676bf6efeebc61383ec7a406db07c7a868b2a
      56ae2db7
  43. Jun 20, 2020
  45. Jun 19, 2020
  47. Jun 17, 2020
  49. Jun 16, 2020
  51. Jun 15, 2020
    • James Kirsch's avatar
      Generate Root CA for Self-Signed Certificates · a982d3ac
      James Kirsch authored 
      Update the certificate generation task to create a root CA for the
self-signed certificates. The internal and external facing certificates
are then generated using the root CA.

Updated openstack_cacert to use system CA trust store in CI tests
certificate by default.

Change-Id: I6c2adff7d0128146cf086103ff6060b0dcefa37b
Partially-Implements: blueprint add-ssl-internal-network
      a982d3ac
  53. Jun 14, 2020
    • Radosław Piliszek's avatar
      CI: Add Ubuntu KVM job · 88e7f800
      Radosław Piliszek authored 
      This also uses the recommended machinery to set qemu instead
of relying on config file override so that we test what we
really want to test.

Change-Id: I560e4f9d0a69c347e6aaf3b970331157c1a56f18
      88e7f800
  55. Jun 12, 2020
  57. May 30, 2020
  59. May 23, 2020
    • Doug Szumski's avatar
      Switch to Monasca API for logs · b39a0f80
      Doug Szumski authored 
      The Monasca Log API has been removed and in this change we switch
to using the unified API. If dedicated log APIs are required then
this can be supported through configuration. Out of the box the
Monasca API is used for both logs and metrics which is envisaged to
work for most use cases.

In order to use the unified API for logs, we need to disable the
legacy Kafka client. We also rename the Monasca API config file
to remove a warning about using the old style name.

Depends-On: https://review.opendev.org/#/c/728638
Change-Id: I9b6bf5b6690f4b4b3445e7d15a40e45dd42d2e84
      b39a0f80
  61. May 12, 2020
  63. May 11, 2020
    • Will Szumski's avatar
      Add extend_lists option to merge_yaml · 69a6acf7
      Will Szumski authored 
      This allows you to extend lists in yaml config. This is useful, for
example, in prometheus.yml, where it would be nice to be able to
extend the scrape_configs to include exporters that aren't packaged
with kolla-ansible. This would provide a mechanism to do so.

Change-Id: I7a10e363f42e8ffaae3c0d2c2a758853e2cab7e1
Related: blueprint custom-prometheus-targets
      69a6acf7
    • Will Szumski's avatar
      Stop mocking ansible modules globally · 4fcbdd77
      Will Szumski authored 
      This causes non-local side effects that are hard to track down. E.g:

--- import errors ---
Failed to import test module: tests.test_merge_yaml
Traceback (most recent call last):
  File "/home/will/.pyenv/versions/3.7.7/lib/python3.7/unittest/loader.py", line 436, in _find_test_path
    module = self._get_module_from_name(name)
  File "/home/will/.pyenv/versions/3.7.7/lib/python3.7/unittest/loader.py", line 377, in _get_module_from_name
    __import__(name)
  File "/home/will/code/kolla-ansible/tests/test_merge_yaml.py", line 19, in <module>
    from ansible.errors import AnsibleModuleError
ModuleNotFoundError: No module named 'ansible.errors'; 'ansible' is not a package

This `'ansible' is not a package` message occurs because ansible is a Mock.

Depends-On: https://review.opendev.org/#/c/726768/
Change-Id: Iddbdd3d855daadbf12536cc990559e6b8e123051
      4fcbdd77
  65. May 01, 2020
    • Radosław Piliszek's avatar
      OVN IPv6 · 7d73246f
      Radosław Piliszek authored 
      Fixes:
- SB/NB DB address format (single host) for SB/NB DB daemon
- SB/NB DB address format (all hosts) for Neutron / northd /
  ovn-ovs bootstrap
- OVN tests

Change-Id: I539773c48f89b731d068280c228ce11782bf5788
Closes-Bug: #1875222
      7d73246f