Skip to content
Snippets Groups Projects
Select Git revision
  • deployment default
1 result
Search by author
  • Any Author
  • KANAPA SYLVERE p1919734 KANAPA SYLVERE p1919734 p1919734
1 author
  1. Dec 22, 2020
  3. Dec 16, 2020
  5. Nov 19, 2020
  7. Nov 13, 2020
  9. Nov 10, 2020
  11. Nov 04, 2020
  13. Oct 08, 2020
  15. Oct 07, 2020
    • Mark Goddard's avatar
      CI: enable designate in magnum CI job · c2987d65
      Mark Goddard authored 
      Follows designate guide, adding a default zone for fixed and
floating IPs, then boots an instance and verifies that its
name resolves.

Change-Id: Ifbfdab425e2c8a36a8f3ab8539f70dca4cce2abc
      c2987d65
  17. Oct 05, 2020
    • Michal Nasiadka's avatar
      Use Docker healthchecks for core services · c52a89ae
      Michal Nasiadka authored 
      This change enables the use of Docker healthchecks for core OpenStack
services.
Also check-failures.sh has been updated to treat containers with
unhealthy status as failed.

Implements: blueprint container-health-check
Change-Id: I79c6b11511ce8af70f77e2f6a490b59b477fefbb
      c52a89ae
  19. Oct 04, 2020
    • Radosław Piliszek's avatar
      Coordinate haproxy and keepalived restarts · c2d0bf30
      Radosław Piliszek authored 
      Keepalived and haproxy cooperate to provide control plane HA in
kolla-ansible deployments.
Certain care should be exerted to avoid prolonged availability
loss during reconfigurations and upgrades.
This patch aims to provide this care.
There is nothing special about keepalived upgrade compared to
reconfig, hence it is simplified to run the same code as for
deploy.
The broken logic of safe upgrade is replaced by common handler
code which's goal is to ensure we down current master only after
we have backups ready.

This change introduces a switch to kolla_docker module that allows
to ignore missing containers (as they are logically stopped).
ignore_missing is the switch's name.
All tests are included.

Change-Id: I22ddec5f7ee4a7d3d502649a158a7e005fe29c48
      c2d0bf30
  21. Sep 30, 2020
  23. Sep 26, 2020
  25. Sep 24, 2020
    • James Kirsch's avatar
      Add support for encrypting Ironic API · 7c2df87d
      James Kirsch authored 
      This patch introduces an optional backend encryption for the Ironic API
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Ironic service.

Change-Id: I9edf7545c174ca8839ceaef877bb09f49ef2b451
Partially-Implements: blueprint add-ssl-internal-network
      7c2df87d
  27. Sep 23, 2020
  29. Sep 17, 2020
    • Mark Goddard's avatar
      CI: add magnum scenario, also covering octavia · d2326712
      Mark Goddard authored 
      Adds a new Zuul job, kolla-ansible-centos8-source-magnum, for testing
deployment of Magnum, Octavia and associated services.

Change-Id: I61b293ba6bb52064ea98a73e2dff0023fa01a2a2
      d2326712
    • Mark Goddard's avatar
      Support TLS encryption of RabbitMQ client-server traffic · 761ea9a3
      Mark Goddard authored 
      This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.

The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.

RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.

Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support
      761ea9a3
  31. Sep 12, 2020
    • Radosław Piliszek's avatar
      [CI] Ensure network is set for Zun · 7a3072e9
      Radosław Piliszek authored 
      If we don't set it, then Zun chooses one randomly (the first one
from Neutron).
This may break if it is a network that is not available on
target hosts, e.g. external via L3 agent router.

Since capsules do not support nets yet [1], this patch ensures
desired network creation order in init-runonce instead.

[1] https://bugs.launchpad.net/zun/+bug/1895263

Change-Id: Iaa113dcfb826164a2772d2c91d34ec0236be0817
      7a3072e9
  33. Sep 10, 2020
  35. Sep 08, 2020
    • Radosław Piliszek's avatar
      [CI] Remove setup_gate.sh symlink · b21c07ac
      Radosław Piliszek authored 
      This is confusing as it is not meant to be used by users.
Also, various tools show duplicated matches due to both locations
containing the exact same content.

Change-Id: I2debe121f64954e57788270d3258775f29f1cbb0
      b21c07ac
  37. Aug 13, 2020
  39. Aug 11, 2020
  41. Aug 07, 2020
  43. Jul 27, 2020
  45. Jul 15, 2020
  47. Jul 10, 2020
  49. Jul 07, 2020
    • Mark Goddard's avatar
      Performance: Run common role in a separate play · 56ae2db7
      Mark Goddard authored 
      The common role was previously added as a dependency to all other roles.
It would set a fact after running on a host to avoid running twice. This
had the nice effect that deploying any service would automatically pull
in the common services for that host. When using tags, any services with
matching tags would also run the common role. This could be both
surprising and sometimes useful.

When using Ansible at large scale, there is a penalty associated with
executing a task against a large number of hosts, even if it is skipped.
The common role introduces some overhead, just in determining that it
has already run.

This change extracts the common role into a separate play, and removes
the dependency on it from all other roles. New groups have been added
for cron, fluentd, and kolla-toolbox, similar to other services. This
changes the behaviour in the following ways:

* The common role is now run for all hosts at the beginning, rather than
  prior to their first enabled service
* Hosts must be in the necessary group for each of the common services
  in order to have that service deployed. This is mostly to avoid
  deploying on localhost or the deployment host
* If tags are specified for another service e.g. nova, the common role
  will *not* automatically run for matching hosts. The common tag must
  be specified explicitly

The last of these is probably the largest behaviour change. While it
would be possible to determine which hosts should automatically run the
common role, it would be quite complex, and would introduce some
overhead that would probably negate the benefit of splitting out the
common role.

Partially-Implements: blueprint performance-improvements

Change-Id: I6a4676bf6efeebc61383ec7a406db07c7a868b2a
      56ae2db7
  51. Jun 20, 2020
  53. Jun 19, 2020
  55. Jun 17, 2020
  57. Jun 16, 2020
  59. Jun 15, 2020
    • James Kirsch's avatar
      Generate Root CA for Self-Signed Certificates · a982d3ac
      James Kirsch authored 
      Update the certificate generation task to create a root CA for the
self-signed certificates. The internal and external facing certificates
are then generated using the root CA.

Updated openstack_cacert to use system CA trust store in CI tests
certificate by default.

Change-Id: I6c2adff7d0128146cf086103ff6060b0dcefa37b
Partially-Implements: blueprint add-ssl-internal-network
      a982d3ac
  61. Jun 14, 2020
    • Radosław Piliszek's avatar
      CI: Add Ubuntu KVM job · 88e7f800
      Radosław Piliszek authored 
      This also uses the recommended machinery to set qemu instead
of relying on config file override so that we test what we
really want to test.

Change-Id: I560e4f9d0a69c347e6aaf3b970331157c1a56f18
      88e7f800
  63. Jun 12, 2020