Skip to content
Snippets Groups Projects
  1. Feb 15, 2024
  2. Oct 20, 2023
  3. Aug 30, 2023
  4. Aug 02, 2023
    • Christian Berendt's avatar
      ironic: add ironic_agent_files_directory parameter · 58b5ca27
      Christian Berendt authored
      With the parameter ironic_agent_files_directory it is possible to provide
      the directory for the ironic-agent.kernel and ironic-agent.initramfs
      files. By default the parameter is set to the value of node_custom_config.
      This corresponds to the existing behaviour.
      
      Change-Id: I53bb0eddc5380713a967356c85897d8df8ce505f
      58b5ca27
  5. Jun 28, 2023
  6. Jun 22, 2023
    • yann.degat's avatar
      Use better default bind address for ironic-tftp · 81948f5b
      yann.degat authored
      ironic tftp service binds on 0.0.0.0. This may be
      an issue in some setup. This patch propose a better
      default, such as using the same listen address as
      the dnsmasq service
      
      Closes-Bug: #2024664
      
      Change-Id: I0401bfc03cd31d72c5a2ae0a111889d5c29a8aa2
      81948f5b
  7. Mar 15, 2023
  8. Dec 21, 2022
    • Matt Crees's avatar
      Integrate oslo-config-validator · 6c2aace8
      Matt Crees authored
      Regularly, we experience issues in Kolla Ansible deployments because we
      use wrong options in OpenStack configuration files. This is because
      OpenStack services ignore unknown options. We also need to keep on top
      of deprecated options that may be removed in the future. Integrating
      oslo-config-validator into Kolla Ansible will greatly help.
      
      Adds a shared role to run oslo-config-validator on each service. Takes
      into account that services have multiple containers, and these may also
      use multiple config files. Service roles are extended to use this shared
      role. Executed with the new command ``kolla-ansible validate-config``.
      
      Change-Id: Ic10b410fc115646d96d2ce39d9618e7c46cb3fbc
      6c2aace8
  9. Sep 29, 2022
  10. Sep 26, 2022
  11. Sep 21, 2022
  12. Aug 09, 2022
  13. Jul 12, 2022
    • Michal Arbet's avatar
      Add api_workers for each service to defaults · 3e8db91a
      Michal Arbet authored
      Render {{ openstack_service_workers }} for workers
      of each openstack service is not enough. There are
      several services which has to have more workers because
      there are more requests sent to them.
      
      This patch is just adding default value for workers for
      each service and sets {{ openstack_service_workers }} as
      default, so value can be overrided in hostvars per server.
      Nothing changed for normal user.
      
      Change-Id: Ifa5863f8ec865bbf8e39c9b2add42c92abe40616
      3e8db91a
  14. Jun 24, 2022
    • Christian Berendt's avatar
      Add ironic_http_interface parameters · 4de34266
      Christian Berendt authored
      With the ironic_http_interface/ironic_http_interface_address
      parameters it is possible to set the addresses for the
      ironic_http service.
      
      Change-Id: I72c257ebedf283cdef1b98485a576631e2190657
      4de34266
  15. May 23, 2022
  16. Apr 20, 2022
  17. Apr 13, 2022
    • Maksim Malchuk's avatar
      Multiple DHCP ranges for Ironic Inspector · 762aecbf
      Maksim Malchuk authored
      
      Add a new parameter 'ironic_dnsmasq_dhcp_ranges' and enable the
      configuration of the corresponding 'dhcp-range' and 'dhcp-option'
      blocks in Ironic Inspector dnsmasq for multiple ranges.
      
      The old parameters 'ironic_dnsmasq_dhcp_range' and
      'ironic_dnsmasq_default_gateway' used for the only range are now
      removed.
      
      This change implements the same solution used in the TripleO several
      years ago in the: Ie49b07ffe948576f5d9330cf11ee014aef4b282d
      
      Also, this change contains: Iae15e9db0acc2ecd5b087a9ca430be948bc3e649
      fix for lease time.
      The value can be changed globally or per range.
      
      Change-Id: Ib69fc0017b3bfbc8da4dfd4301710fbf88be661a
      Signed-off-by: default avatarMaksim Malchuk <maksim.malchuk@gmail.com>
      Co-Authored-By: default avatarRadosław Piliszek <radoslaw.piliszek@gmail.com>
      762aecbf
  18. Apr 06, 2022
  19. Feb 10, 2022
    • Mark Goddard's avatar
      ironic: sync default inspection UEFI iPXE bootloader with Ironic · 556d9799
      Mark Goddard authored
      The bootloader used to boot Ironic nodes in UEFI boot mode during
      inspection when iPXE is enabled has been changed from ipxe.efi to
      snponly.efi. This is in line with the default UEFI iPXE bootloader used
      in Ironic since the Xena release. The bootloader may be changed via
      ironic_dnsmasq_uefi_ipxe_boot_file.
      
      Note that snponly.efi was not available via in the ironic-pxe image
      prior to I79e78dca550262fc86b092a036f9ea96b214ab48.
      
      Related-Bug: #1959203
      
      Change-Id: I879db340769cc1b076e77313dff15876e27fcac4
      556d9799
  20. Dec 31, 2021
    • Pierre Riteau's avatar
      Move project_name and kolla_role_name to role vars · 56fc74f2
      Pierre Riteau authored
      Role vars have a higher precedence than role defaults. This allows to
      import default vars from another role via vars_files without overriding
      project_name (see related bug for details).
      
      Change-Id: I3d919736e53d6f3e1a70d1267cf42c8d2c0ad221
      Related-Bug: #1951785
      56fc74f2
  21. Dec 21, 2021
    • Dr. Jens Harbott's avatar
      Stop creating non-keystone admin endpoints · 479a7870
      Dr. Jens Harbott authored
      
      The admin interface for endpoints never had any real use, the
      functionality was the same as for the public or internal endpoints,
      except for Keystone. Even for Keystone with API v3 it would no longer
      really be needed, but it is still being required by some libraries that
      cannot be changed in order to stay backwards compatible.
      
      Signed-off-by: default avatarDr. Jens Harbott <harbott@osism.tech>
      Change-Id: Icf3bf08deab2c445361f0a0124d87ad8b0e4e9d9
      479a7870
  22. Aug 06, 2021
    • Ilya Popov's avatar
      Extra var ironic_enable_keystone_integration added. · da4fd2d6
      Ilya Popov authored
      Basically, there are three main installation scenario:
      
      Scenario 1:
      Ironic installation together with other openstack services
      including keystone. In this case variable enable_keystone
      is set to true and keystone service will be installed
      together with ironic installation. It is possible realise this
      scenario, no fix needed
      
      Scenario 2:
      Ironic installation with connection to already installed
      keystone. In this scenario we have to set enable_keystone
      to “No” to prevent from new keystone service installation
      during the ironic installation process. But in other hand,
      we need to have correct sections in ironic.conf to provide
      all information needed to connect to existing keystone.
      But all sections for keystone are added to ironic.conf only
      if enable_keystone var is set to “Yes”. It isn’t possible
      to realise this scenario. Proposed fix provide support for
      this scenario, where multiple regions share the same
      keystone service.
      
      Scenario 3:
      No keystone integration. Ironic don't connect to Keystone.
      It is possible realise this scenario, no fix needed
      
      Proposed solution also keep the default behaviour: if no
      enable_keystone_integration is manually defined by default
      it takes value of enable_keystone variable and all behaviour
      is the same. But if we don't want to install keystone and
      want to connect to existing one at the same time, it will be
      possible to set enable_keystone var to “No”
      (preventing keystone from installation) and at the same
      time set ironic_enable_keystone_integration to Yes to allow
      needed section appear in ironic.conf through templating.
      
      Change-Id: I0c7e9a28876a1d4278fb2ed8555c2b08472864b9
      da4fd2d6
  23. Jul 22, 2021
    • Mark Goddard's avatar
      ironic: always enable conductor HTTP server · 411668ea
      Mark Goddard authored
      In the Xena release, Ironic removed the iSCSI driver [1]. The
      recommended driver is direct, which uses HTTP to transfer the disk
      image. This requires an HTTP server, and the simplest option is to use
      the one currently deployed when enable_ironic_ipxe is set to true. For
      this reason, this patch always enables the HTTP server running on the
      conductor.
      
      iPXE is still enabled separately, since it cannot currently be used at
      the same time as PXE.
      
      [1] https://review.opendev.org/c/openstack/ironic/+/789382
      
      Change-Id: I30c2ad2bf2957ac544942aefae8898cdc8a61ec6
      411668ea
  24. Jul 21, 2021
    • Mark Goddard's avatar
      Fix ironic_ipxe healthcheck on Debian/Ubuntu · aa28675c
      Mark Goddard authored
      The healthcheck checks for a process called httpd, but these distros
      call it apache2.  This results in the ironic_ipxe container being marked
      as unhealthy.
      
      This change fixes the issue by making the process name distro dependent.
      
      Change-Id: I0b0126e3071146e7f8593ba970ecbed65b36fcfa
      Closes-Bug: #1937037
      aa28675c
  25. Jun 23, 2021
    • Mark Goddard's avatar
      Use ansible_facts to reference facts · ade5bfa3
      Mark Goddard authored
      By default, Ansible injects a variable for every fact, prefixed with
      ansible_. This can result in a large number of variables for each host,
      which at scale can incur a performance penalty. Ansible provides a
      configuration option [0] that can be set to False to prevent this
      injection of facts. In this case, facts should be referenced via
      ansible_facts.<fact>.
      
      This change updates all references to Ansible facts within Kolla Ansible
      from using individual fact variables to using the items in the
      ansible_facts dictionary. This allows users to disable fact variable
      injection in their Ansible configuration, which may provide some
      performance improvement.
      
      This change disables fact variable injection in the ansible
      configuration used in CI, to catch any attempts to use the injected
      variables.
      
      [0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars
      
      Change-Id: I7e9d5c9b8b9164d4aee3abb4e37c8f28d98ff5d1
      Partially-Implements: blueprint performance-improvements
      ade5bfa3
  26. Mar 08, 2021
    • LinPeiWen's avatar
      Use Docker healthchecks for ironic services · cb537eb8
      LinPeiWen authored
      This change enables the use of Docker healthchecks for ironic services.
      Implements: blueprint container-health-check
      
      Change-Id: If0a11db5470899c3a0e69ca94fdd0903daadcf8b
      cb537eb8
  27. Dec 08, 2020
  28. Sep 24, 2020
    • James Kirsch's avatar
      Add support for encrypting Ironic API · 7c2df87d
      James Kirsch authored
      This patch introduces an optional backend encryption for the Ironic API
      service. When used in conjunction with enabling TLS for service API
      endpoints, network communcation will be encrypted end to end, from
      client through HAProxy to the Ironic service.
      
      Change-Id: I9edf7545c174ca8839ceaef877bb09f49ef2b451
      Partially-Implements: blueprint add-ssl-internal-network
      7c2df87d
  29. Sep 10, 2020
    • Pierre Riteau's avatar
      Revert "Add support for encrypting Ironic API" · 3d30624c
      Pierre Riteau authored
      This reverts commit 316b0496, because
      ironic-inspector is not ready to use WSGI. It would need to be split
      into two separate containers, one running ironic-inspector-api-wsgi and
      another running ironic-inspector-conductor.
      
      Change-Id: I7e6c59dc8ad4fdee0cc6d96313fe66bc1d001bf7
      3d30624c
  30. Aug 29, 2020
    • James Kirsch's avatar
      Add support for encrypting Ironic API · 316b0496
      James Kirsch authored
      This patch introduces an optional backend encryption for the Ironic API
      and Ironic Inspector service. When used in conjunction with enabling
      TLS for service API endpoints, network communcation will be encrypted
      end to end, from client through HAProxy to the Ironic service.
      
      Change-Id: I3e82c8ec112e53f907e89fea0c8c849072dcf957
      Partially-Implements: blueprint add-ssl-internal-network
      Depends-On: https://review.opendev.org/#/c/742776/
      316b0496
  31. Aug 19, 2020
    • Rafael Weingärtner's avatar
      Standardize use and construction of endpoint URLs · f425c067
      Rafael Weingärtner authored
      
      The goal for this push request is to normalize the construction and use
       of internal, external, and admin URLs. While extending Kolla-ansible
       to enable a more flexible method to manage external URLs, we noticed
       that the same URL was constructed multiple times in different parts
       of the code. This can make it difficult for people that want to work
       with these URLs and create inconsistencies in a large code base with
       time. Therefore, we are proposing here the use of
       "single Kolla-ansible variable" per endpoint URL, which facilitates
       for people that are interested in overriding/extending these URLs.
      
      As an example, we extended Kolla-ansible to facilitate the "override"
      of public (external) URLs with the following standard
      "<component/serviceName>.<companyBaseUrl>".
      Therefore, the "NAT/redirect" in the SSL termination system (HAproxy,
      HTTPD or some other) is done via the service name, and not by the port.
      This allows operators to easily and automatically create more friendly
       URL names. To develop this feature, we first applied this patch that
       we are sending now to the community. We did that to reduce the surface
        of changes in Kolla-ansible.
      
      Another example is the integration of Kolla-ansible and Consul, which
      we also implemented internally, and also requires URLs changes.
      Therefore, this PR is essential to reduce code duplicity, and to
      facility users/developers to work/customize the services URLs.
      
      Change-Id: I73d483e01476e779a5155b2e18dd5ea25f514e93
      Signed-off-by: default avatarRafael Weingärtner <rafael@apache.org>
      f425c067
  32. Aug 10, 2020
    • Mark Goddard's avatar
      Mount /etc/timezone based on host OS · 146b00ef
      Mark Goddard authored
      Previously we mounted /etc/timezone if the kolla_base_distro is debian
      or ubuntu. This would fail prechecks if debian or ubuntu images were
      deployed on CentOS. While this is not a supported combination, for
      correctness we should fix the condition to reference the host OS rather
      than the container OS, since that is where the /etc/timezone file is
      located.
      
      Change-Id: Ifc252ae793e6974356fcdca810b373f362d24ba5
      Closes-Bug: #1882553
      146b00ef
  33. Apr 09, 2020
    • Dincer Celik's avatar
      Introduce /etc/timezone to Debian/Ubuntu containers · 4b5df0d8
      Dincer Celik authored
      Some services look for /etc/timezone on Debian/Ubuntu, so we should
      introduce it to the containers.
      
      In addition, added prechecks for /etc/localtime and /etc/timezone.
      
      Closes-Bug: #1821592
      Change-Id: I9fef14643d1bcc7eee9547eb87fa1fb436d8a6b3
      4b5df0d8
  34. Jan 30, 2020
    • Mark Goddard's avatar
      Python 3: Use distro_python_version for dev mode · 5a786436
      Mark Goddard authored
      In dev mode currently the python source is mounted under python2.7
      site-packages. This change fixes this to use the distro_python_version
      variable to ensure dev mode works with Python 3 images.
      
      Change-Id: Ieae3778a02f1b79023b4f1c20eff27b37f481077
      Partially-Implements: blueprint python-3
      5a786436
  35. Jan 10, 2020
    • Mark Goddard's avatar
      CentOS 8: Support variable image tag suffix · 9755c924
      Mark Goddard authored
      For the CentOS 7 to 8 transition, we will have a period where both
      CentOS 7 and 8 images are available. We differentiate these images via a
      tag - the CentOS 8 images will have a tag of train-centos8 (or
      master-centos8 temporarily).
      
      To achieve this, and maintain backwards compatibility for the
      openstack_release variable, we introduce a new 'openstack_tag' variable.
      This variable is based on openstack_release, but has a suffix of
      'openstack_tag_suffix', which is empty except on CentOS 8 where it has a
      value of '-centos8'.
      
      Change-Id: I12ce4661afb3c255136cdc1aabe7cbd25560d625
      Partially-Implements: blueprint centos-rhel-8
      9755c924
  36. Dec 12, 2019
    • Mark Goddard's avatar
      Allow ironic_ipxe to serve instance images · 2b662cfb
      Mark Goddard authored
      Ironic provides a feature to allow instance images to be served from a
      local HTTP server [1]. This is the same server used for PXE images with
      iPXE. This does not work currently because the ironic_ipxe container
      does not have access to /var/lib/ironic/images (ironic docker volume),
      where the images are cached. Note that to make use of this feature, the
      following is required in ironic.conf:
      
      [agent]
      image_download_source = http
      
      This change fixes the issue by giving ironic_ipxe container access to
      the ironic volume.
      
      [1] https://docs.openstack.org/ironic/latest/admin/interfaces/deploy.html#deploy-with-custom-http-servers
      
      Change-Id: I501d02cfd40fbacea32d551c3912640c5661d821
      Closes-Bug: #1856194
      2b662cfb
  37. Oct 16, 2019
    • Radosław Piliszek's avatar
      Implement IPv6 support in the control plane · bc053c09
      Radosław Piliszek authored
      Introduce kolla_address filter.
      Introduce put_address_in_context filter.
      
      Add AF config to vars.
      
      Address contexts:
      - raw (default): <ADDR>
      - memcache: inet6:[<ADDR>]
      - url: [<ADDR>]
      
      Other changes:
      
      globals.yml - mention just IP in comment
      
      prechecks/port_checks (api_intf) - kolla_address handles validation
      
      3x interface conditional (swift configs: replication/storage)
      
      2x interface variable definition with hostname
      (haproxy listens; api intf)
      
      1x interface variable definition with hostname with bifrost exclusion
      (baremetal pre-install /etc/hosts; api intf)
      
      neutron's ml2 'overlay_ip_version' set to 6 for IPv6 on tunnel network
      
      basic multinode source CI job for IPv6
      
      prechecks for rabbitmq and qdrouterd use proper NSS database now
      
      MariaDB Galera Cluster WSREP SST mariabackup workaround
      (socat and IPv6)
      
      Ceph naming workaround in CI
      TODO: probably needs documenting
      
      RabbitMQ IPv6-only proto_dist
      
      Ceph ms switch to IPv6 mode
      
      Remove neutron-server ml2_type_vxlan/vxlan_group setting
      as it is not used (let's avoid any confusion)
      and could break setups without proper multicast routing
      if it started working (also IPv4-only)
      
      haproxy upgrade checks for slaves based on ipv6 addresses
      
      TODO:
      
      ovs-dpdk grabs ipv4 network address (w/ prefix len / submask)
      not supported, invalid by default because neutron_external has no address
      No idea whether ovs-dpdk works at all atm.
      
      ml2 for xenapi
      Xen is not supported too well.
      This would require working with XenAPI facts.
      
      rp_filter setting
      This would require meddling with ip6tables (there is no sysctl param).
      By default nothing is dropped.
      Unlikely we really need it.
      
      ironic dnsmasq is configured IPv4-only
      dnsmasq needs DHCPv6 options and testing in vivo.
      
      KNOWN ISSUES (beyond us):
      
      One cannot use IPv6 address to reference the image for docker like we
      currently do, see: https://github.com/moby/moby/issues/39033
      (docker_registry; docker API 400 - invalid reference format)
      workaround: use hostname/FQDN
      
      RabbitMQ may fail to bind to IPv6 if hostname resolves also to IPv4.
      This is due to old RabbitMQ versions available in images.
      IPv4 is preferred by default and may fail in the IPv6-only scenario.
      This should be no problem in real life as IPv6-only is indeed IPv6-only.
      Also, when new RabbitMQ (3.7.16/3.8+) makes it into images, this will
      no longer be relevant as we supply all the necessary config.
      See: https://github.com/rabbitmq/rabbitmq-server/pull/1982
      
      For reliable runs, at least Ansible 2.8 is required (2.8.5 confirmed
      to work well). Older Ansible versions are known to miss IPv6 addresses
      in interface facts. This may affect redeploys, reconfigures and
      upgrades which run after VIP address is assigned.
      See: https://github.com/ansible/ansible/issues/63227
      
      Bifrost Train does not support IPv6 deployments.
      See: https://storyboard.openstack.org/#!/story/2006689
      
      
      
      Change-Id: Ia34e6916ea4f99e9522cd2ddde03a0a4776f7e2c
      Implements: blueprint ipv6-control-plane
      Signed-off-by: default avatarRadosław Piliszek <radoslaw.piliszek@gmail.com>
      bc053c09
  38. Sep 17, 2019
Loading