Skip to content
Snippets Groups Projects
Select Git revision
  • deployment default
1 result
Search by author
  • Any Author
  • KANAPA SYLVERE p1919734 KANAPA SYLVERE p1919734 p1919734
1 author
  1. Apr 20, 2022
    • Vladislav Belogrudov's avatar
      Fix ansible version in install command · 7a6aeff4
      Vladislav Belogrudov authored 
      There are no 5.* versions of ansible for CentOS 8 Stream yet.
One should use pip install 'ansible>=4,<6' according to the
current documentation.

Closes-Bug: #1969617
Change-Id: Ie4f502f955dac5ae9ee8ddb4779c2fa2e26840d9
      7a6aeff4
  3. Apr 11, 2022
  5. Apr 06, 2022
  7. Mar 30, 2022
    • Michal Nasiadka's avatar
      neutron: add ssh key · 7fcf3ca3
      Michal Nasiadka authored 
      This key can be used by users in networking-generic-switch
scenario instead of adding cleartext password in ml2_conf.ini.

Change-Id: I10003e6526a55a97f22678ab81c411e4645c5157
      7fcf3ca3
  9. Mar 28, 2022
  11. Mar 24, 2022
  13. Mar 21, 2022
    • Mark Goddard's avatar
      libvirt: add nova-libvirt-cleanup command · 80b311be
      Mark Goddard authored 
      Change Ia1239069ccee39416b20959cbabad962c56693cf added support for
running a libvirt daemon on the host, rather than using the nova_libvirt
container. It did not cover migration of existing hosts from using a
container to using a host daemon.

This change adds a kolla-ansible nova-libvirt-cleanup command which may
be used to clean up the nova_libvirt container, volumes and related
items on hosts, once it has been disabled.

The playbook assumes that compute hosts have been emptied of VMs before
it runs. A future extension could support migration of existing VMs, but
this is currently out of scope.

Change-Id: I46854ed7eaf1d5b5e3ccd8531c963427848bdc99
      80b311be
    • Mark Goddard's avatar
      libvirt: make it possible to run libvirt on the host · 4e41acd8
      Mark Goddard authored 
      In some cases it may be desirable to run the libvirt daemon on the host.
For example, when mixing host and container OS distributions or
versions.

This change makes it possible to disable the nova_libvirt container, by
setting enable_nova_libvirt_container to false. The default values of
some Docker mounts and other paths have been updated to point to default
host directories rather than Docker volumes when using a host libvirt
daemon.

This change does not handle migration of existing systems from using
a nova_libvirt container to libvirt on the host.

Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/830504

Change-Id: Ia1239069ccee39416b20959cbabad962c56693cf
      4e41acd8
  15. Mar 10, 2022
    • Mark Goddard's avatar
      libvirt: support SASL authentication · d2d4b53d
      Mark Goddard authored 
      In Kolla Ansible OpenStack deployments, by default, libvirt is
configured to allow read-write access via an unauthenticated,
unencrypted TCP connection, using the internal API network.  This is to
facilitate migration between hosts.

By default, Kolla Ansible does not use encryption for services on the
internal network (and did not support it until Ussuri). However, most
other services on the internal network are at least authenticated
(usually via passwords), ensuring that they cannot be used by anyone
with access to the network, unless they have credentials.

The main issue here is the lack of authentication. Any client with
access to the internal network is able to connect to the libvirt TCP
port and make arbitrary changes to the hypervisor. This could include
starting a VM, modifying an existing VM, etc. Given the flexibility of
the domain options, it could be seen as equivalent to having root access
to the hypervisor.

Kolla Ansible supports libvirt TLS [1] since the Train release, using
client and server certificates for mutual authentication and encryption.
However, this feature is not enabled by default, and requires
certificates to be generated for each compute host.

This change adds support for libvirt SASL authentication, and enables it
by default. This provides base level of security. Deployments requiring
further security should use libvirt TLS.

[1] https://docs.openstack.org/kolla-ansible/latest/reference/compute/libvirt-guide.html#libvirt-tls

Depends-On: https://review.opendev.org/c/openstack/kolla/+/833021
Closes-Bug: #1964013
Change-Id: Ia91ceeb609e4cdb144433122b443028c0278b71e
      d2d4b53d
    • Adrian Andreias's avatar
      docs: state supported Python version · 78b18ffc
      Adrian Andreias authored 
      Closes-Bug: #1880290
Change-Id: If9e66c505ab1672ae6b7639872a626ad5a9408ab
      78b18ffc
  17. Mar 03, 2022
  19. Feb 25, 2022
    • Radosław Piliszek's avatar
      Enable Ironic iPXE support by default · baeca81a
      Radosław Piliszek authored 
      Ironic has changed the default PXE to be iPXE (as opposed to plain
PXE) in Yoga. Kolla Ansible supports either one or the other and
we tend to stick to upstream defaults so this change enables
iPXE instead of plain PXE - by default - the users are allowed
to change back and they need to take one other action so it is
good to remind them via upgrade notes either way.

Change-Id: If14ec83670d2212906c6e22c7013c475f3c4748a
      baeca81a
  21. Feb 21, 2022
  23. Feb 18, 2022
    • alecorps's avatar
      Add support for VMware First Class Disk (FCD) · 812e03f7
      alecorps authored 
      An FCD, also known as an Improved Virtual Disk (IVD) or
Managed Virtual Disk, is a named virtual disk independent of
a virtual machine. Using FCDs for Cinder volumes eliminates
the need for shadow virtual machines.
This patch adds Kolla support.

Change-Id: Ic0b66269e6d32762e786c95cf6da78cb201d2765
      812e03f7
  25. Feb 17, 2022
    • Alban Lecorps's avatar
      Add support for VMware NSXP · 458c8b13
      Alban Lecorps authored 
      NSXP is the OpenStack support for the NSX Policy platform.
This is supported from neutron in the Stein version. This patch
adds Kolla support

This adds a new neutron_plugin_agent type 'vmware_nsxp'. The plugin
does not run any neutron agents.

Change-Id: I9e9d8f07e586bdc143d293e572031368af7f3fca
      458c8b13
  27. Feb 02, 2022
    • Buddhika Sanjeewa's avatar
      Deploy Zun with Cinder Ceph support · eb7e0f6f
      Buddhika Sanjeewa authored 
      Enables zun to access cinder volumes when cinder is configured to use
external ceph.
Copies ceph config file and ceph cinder keyring to /etc/ceph in
zun_compute container.

Closes-Bug: 1848934
Change-Id: Ie56868d5e9ed37a9274b8cbe65895f3634b895c8
      eb7e0f6f
  29. Jan 31, 2022
  31. Jan 20, 2022
  33. Jan 09, 2022
    • Stig Telfer's avatar
      OpenID Connect certifiate file is optional · 78f29fdc
      Stig Telfer authored 
      Some ID provider configurations do not require a certificate file.
Change the logic to allow this, and update documentation accordingly.

Change-Id: I2c34a6b5894402bbebeb3fb96768789bc3c7fe84
      78f29fdc
  35. Jan 07, 2022
  37. Jan 03, 2022
  39. Dec 31, 2021
  41. Dec 23, 2021
  43. Dec 21, 2021
  45. Dec 20, 2021
    • Radosław Piliszek's avatar
      [docs] Mark init-runonce properly · 1c93c8ea
      Radosław Piliszek authored 
      This is a docs amendment to let users know that calling
init-runonce is not a required deployment step and it may not work
for them if they modified the defaults.

Change-Id: Ia3922b53d91a1a820447fec6a8074b941edc2ee9
      1c93c8ea
  47. Nov 25, 2021
  49. Nov 11, 2021
  51. Nov 10, 2021
  53. Nov 09, 2021
  55. Nov 04, 2021
  57. Oct 27, 2021
  59. Oct 22, 2021
  61. Oct 20, 2021
  63. Oct 12, 2021
  65. Oct 06, 2021
  67. Oct 04, 2021
    • Gaël THEROND (Fl1nt)'s avatar
      Add missing CloudKitty documentation. · d5aa73c4
      Gaël THEROND (Fl1nt) authored 
      * Fix various typos and formatting.
* Add documentation about custom collector backend.
* Add documentation about custom storage backend.

Change-Id: If937afc5ce2a2747f464fbaf38a5dcf2e57ba04f
Closes-bug: #1940842
      d5aa73c4