Skip to content
Snippets Groups Projects
Select Git revision
  • deployment default
1 result
Search by author
  • Any Author
  • KANAPA SYLVERE p1919734 KANAPA SYLVERE p1919734 p1919734
1 author
  1. Mar 16, 2021
    • Doug Szumski's avatar
      Upgrade service configuration for ELK 7 · c2e08be4
      Doug Szumski authored 
      ELK 7 requires some minor changes from the existing ELK 6 config.

Depends-On: Icfa3db5788b25f70ee75411dbaf20d8d4a6a734b
Change-Id: I9815d202a77da0477aea43d714a5def8a24724fa
      c2e08be4
  3. Feb 24, 2021
  5. Feb 20, 2021
  7. Feb 11, 2021
    • Mark Goddard's avatar
      CI: fix ceph-ansible installation after cryptography 3.4 release · 5fc77079
      Mark Goddard authored 
      Installing ceph-ansible in the virtualenv on CentOS 8 fails with:

    ModuleNotFoundError: No module named 'setuptools_rust'

This error appeared following the release of cryptography 3.4, which now
includes Rust code. It can be installed without Rust using a Python
wheel, but only with more recent pip than version 9.0.3 available as RPM
on CentOS 8. The cryptography bug report [1] recommends pip>=19.1.1.

This change upgrades pip in the virtualenv before installing
ceph-ansible.

[1] https://github.com/pyca/cryptography/issues/5753

Change-Id: I47473de6f71c422db2238d653c2d8f379c55e79b
      5fc77079
  9. Feb 10, 2021
    • Mark Goddard's avatar
      CI: fix kolla-ansible installation after cryptography 3.4 release · 3dd6834a
      Mark Goddard authored 
      Installing kolla-ansible system-wide on CentOS 8 fails with:

    ModuleNotFoundError: No module named 'setuptools_rust'

This error appeared following the release of cryptography 3.4, which now
includes Rust code. It can be installed without Rust using a Python
wheel, but only with more recent pip than version 9.0.3 available as RPM
on CentOS 8. The cryptography bug report [1] recommends pip>=19.1.1.

This change switches to using pip --user when installing kolla-ansible.

Also fixes an issue with ansible-lint which was failing on
etc/kolla/globals.yml due to a missing space before comments.

[1] https://github.com/pyca/cryptography/issues/5753

Change-Id: Ifaf1948ed5d42eebaa62d7bad375bbfc12b134d5
Closes-Bug: #1915141
      3dd6834a
  11. Jan 23, 2021
    • likui's avatar
      remove unicode from code · 341a6ed0
      likui authored 
      Change-Id: Id9110a1f536377cea0386dda6814035d73de13b1
Implements: blueprint remove-unicode
      341a6ed0
  13. Jan 19, 2021
    • Doug Szumski's avatar
      CI: Add monasca scenario · 47fee115
      Doug Szumski authored 
      
Adds the following new Zuul job for testing deployment of Monasca and
associated services:

* kolla-ansible-centos8-source-monasca

All core OpenStack services except for Keystone are disabled to ensure
enough memory is available.

A follow up patch will replace the basic tests here with Tempest.

Co-Authored-By: default avatarDoug Szumski <doug@stackhpc.com>

Change-Id: I5d33fd3d7b69798ba0aa23509f7b809065f61c19
      47fee115
  15. Dec 22, 2020
  17. Dec 16, 2020
  19. Nov 30, 2020
  21. Nov 19, 2020
  23. Nov 13, 2020
  25. Nov 10, 2020
  27. Nov 04, 2020
  29. Oct 08, 2020
  31. Oct 07, 2020
    • Mark Goddard's avatar
      CI: enable designate in magnum CI job · c2987d65
      Mark Goddard authored 
      Follows designate guide, adding a default zone for fixed and
floating IPs, then boots an instance and verifies that its
name resolves.

Change-Id: Ifbfdab425e2c8a36a8f3ab8539f70dca4cce2abc
      c2987d65
  33. Oct 05, 2020
    • Michal Nasiadka's avatar
      Use Docker healthchecks for core services · c52a89ae
      Michal Nasiadka authored 
      This change enables the use of Docker healthchecks for core OpenStack
services.
Also check-failures.sh has been updated to treat containers with
unhealthy status as failed.

Implements: blueprint container-health-check
Change-Id: I79c6b11511ce8af70f77e2f6a490b59b477fefbb
      c52a89ae
  35. Oct 04, 2020
    • Radosław Piliszek's avatar
      Coordinate haproxy and keepalived restarts · c2d0bf30
      Radosław Piliszek authored 
      Keepalived and haproxy cooperate to provide control plane HA in
kolla-ansible deployments.
Certain care should be exerted to avoid prolonged availability
loss during reconfigurations and upgrades.
This patch aims to provide this care.
There is nothing special about keepalived upgrade compared to
reconfig, hence it is simplified to run the same code as for
deploy.
The broken logic of safe upgrade is replaced by common handler
code which's goal is to ensure we down current master only after
we have backups ready.

This change introduces a switch to kolla_docker module that allows
to ignore missing containers (as they are logically stopped).
ignore_missing is the switch's name.
All tests are included.

Change-Id: I22ddec5f7ee4a7d3d502649a158a7e005fe29c48
      c2d0bf30
  37. Sep 30, 2020
  39. Sep 26, 2020
  41. Sep 24, 2020
    • James Kirsch's avatar
      Add support for encrypting Ironic API · 7c2df87d
      James Kirsch authored 
      This patch introduces an optional backend encryption for the Ironic API
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Ironic service.

Change-Id: I9edf7545c174ca8839ceaef877bb09f49ef2b451
Partially-Implements: blueprint add-ssl-internal-network
      7c2df87d
  43. Sep 23, 2020
  45. Sep 17, 2020
    • Mark Goddard's avatar
      CI: add magnum scenario, also covering octavia · d2326712
      Mark Goddard authored 
      Adds a new Zuul job, kolla-ansible-centos8-source-magnum, for testing
deployment of Magnum, Octavia and associated services.

Change-Id: I61b293ba6bb52064ea98a73e2dff0023fa01a2a2
      d2326712
    • Mark Goddard's avatar
      Support TLS encryption of RabbitMQ client-server traffic · 761ea9a3
      Mark Goddard authored 
      This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.

The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.

RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.

Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support
      761ea9a3
  47. Sep 12, 2020
    • Radosław Piliszek's avatar
      [CI] Ensure network is set for Zun · 7a3072e9
      Radosław Piliszek authored 
      If we don't set it, then Zun chooses one randomly (the first one
from Neutron).
This may break if it is a network that is not available on
target hosts, e.g. external via L3 agent router.

Since capsules do not support nets yet [1], this patch ensures
desired network creation order in init-runonce instead.

[1] https://bugs.launchpad.net/zun/+bug/1895263

Change-Id: Iaa113dcfb826164a2772d2c91d34ec0236be0817
      7a3072e9
  49. Sep 10, 2020
  51. Sep 08, 2020
    • Radosław Piliszek's avatar
      [CI] Remove setup_gate.sh symlink · b21c07ac
      Radosław Piliszek authored 
      This is confusing as it is not meant to be used by users.
Also, various tools show duplicated matches due to both locations
containing the exact same content.

Change-Id: I2debe121f64954e57788270d3258775f29f1cbb0
      b21c07ac
  53. Aug 13, 2020
  55. Aug 11, 2020
  57. Aug 07, 2020
  59. Jul 27, 2020
  61. Jul 15, 2020
  63. Jul 10, 2020
  65. Jul 07, 2020
    • Mark Goddard's avatar
      Performance: Run common role in a separate play · 56ae2db7
      Mark Goddard authored 
      The common role was previously added as a dependency to all other roles.
It would set a fact after running on a host to avoid running twice. This
had the nice effect that deploying any service would automatically pull
in the common services for that host. When using tags, any services with
matching tags would also run the common role. This could be both
surprising and sometimes useful.

When using Ansible at large scale, there is a penalty associated with
executing a task against a large number of hosts, even if it is skipped.
The common role introduces some overhead, just in determining that it
has already run.

This change extracts the common role into a separate play, and removes
the dependency on it from all other roles. New groups have been added
for cron, fluentd, and kolla-toolbox, similar to other services. This
changes the behaviour in the following ways:

* The common role is now run for all hosts at the beginning, rather than
  prior to their first enabled service
* Hosts must be in the necessary group for each of the common services
  in order to have that service deployed. This is mostly to avoid
  deploying on localhost or the deployment host
* If tags are specified for another service e.g. nova, the common role
  will *not* automatically run for matching hosts. The common tag must
  be specified explicitly

The last of these is probably the largest behaviour change. While it
would be possible to determine which hosts should automatically run the
common role, it would be quite complex, and would introduce some
overhead that would probably negate the benefit of splitting out the
common role.

Partially-Implements: blueprint performance-improvements

Change-Id: I6a4676bf6efeebc61383ec7a406db07c7a868b2a
      56ae2db7