This change is a precursor to switching the default Docker storage
driver to overlay2.
Previously, Kayobe's default configuration included a 'data' LVM volume
group, with a 'docker-volumes' logical volume mounted at
/var/lib/docker/volumes. Additionally, if the Docker devicemapper
storage driver was used, the data volume group would contain the
docker-thinpool and docker-thinpoolmeta volumes.
This LVM setup was really included for devicemapper, and while in some
cases it may be useful to have docker volumes as a separate logical
volume, this doesn't really make sense as a default. Often in
environments using other Docker storage drivers, the data volume group
would be removed from configuration.
This change modifies the default LVM configuration to only create a
'data' volume group if the Docker storage driver is devicemapper.
Additionally, new flags are added to make this choice independent from
the storage driver, to support cases where the data volume group is
required without devicemapper.
Change-Id: Ia3c1f6423c32fa2580b57db32512a34ce35d7acc
Story: 2005667
Task: 30973
Some Ruckus switches, e.g. the Ruckus ICX 7150, advertise switch
interface names as switch port descriptions. Unlike Dell switches, there
is no space character between port type and port number. For example:
GigabitEthernet1/1/9.
Update regular expression to match both styles.
Change-Id: I359b07abadc8665ff0a8c3407ca0fc5effc504cf
Story: 2007532
Task: 39343
The seed VM will fail to provision if the Ansible control host and the
seed hypervisor are not the same hosts.
This is because Kayobe creates the seed-vm-user-data file on the
seed-hypervisor host. It then invokes the jriguera.configdrive role
which uses a copy task without remote_src, which fails to find the
source file locally on the Ansible control host.
Instead we create a local temporary file for seed VM user data.
Change-Id: Iabbe4c624b9ad02bb82c323070f99c16e5822966
Story: 2007530
Task: 39338
Kolla Ansible sets kolla_{external,internal}_fqdn_cacert variables with
default values compatible with the use of `kolla-ansible certificates`.
However, when these variables are left unset in Kayobe, which is
generally the case when using trusted certificates, we end up with
openrc files setting OS_CACERT to a file that does not exist:
${KOLLA_CONFIG_PATH}/certificates/haproxy-ca.crt
Instead we allow null cacert variables to be passed to kolla-ansible,
which results in openrc files without the bogus OS_CACERT entry.
Change-Id: Ifa615888b6d8d54c9e6314fd90f3fc4872fc6e5a
Story: 2007516
Task: 39299
There is no activity on the resmo fork of the role and it seems
impossible to get any patches merged.
Change-Id: I1f09f7c11767226e89b34687dab1553e87be76ba
Story: 2005272
Task: 39197
Using become for all Kolla Ansible tasks is not ideal from a security
perspective. It is also incompatible with fact caching, since it causes
facts to be gathered and cached as root, which changes some facts.
This change modifies the default value of kolla_ansible_become to false.
Change-Id: I9ee5c55e59276f70c92e9c698c01123dcf8919a1
Story: 2007492
Task: 39217
This is a minimal fix to support loading dashboards into the Monasca
Grafana fork. It firstly aligns the default Monasca Grafana control
plane organisation and Monasca Grafana local admin username with Kolla
Ansible to make the feature easier to use. Secondly, it extracts the
associated OpenStack project name from this variable by stripping off
the OpenStack domain.
Longer term we may wish to move the dashboard loading functionality into
Kolla Ansible, now that it supports deploying Monasca.
Affects Rocky onwards.
Change-Id: I77c94edf654565a12ce8be681e3c9b16caa55c86
Story: 2007477
Task: 39186
Adds support for configuration of DNF repo mirrors for CentOS and EPEL
repositories, as well as custom repositories.
Adds support for DNF automatic, which is a replacement for yum-cron.
Configuration is backwards compatible, falling back to the equivalent
yum variables when DNF variables have not been overridden.
Change-Id: I8bef5e9c8e1c77c25d6077ff690da8f2cde6a643
Story: 2006574
Task: 38922
It leaves certain ceph mentions in globals.yml.j2 as it needs
syncing with kolla-ansible contents anyways
(these are all comments).
Change-Id: I05e9c6223583e9bb5dc0020edc0b56990275093c
Story: 2007295
Task: 38766
CentOS 8 does not provide an ntp package. Instead fall back to using the
chrony container provided by Kolla Ansible by default.
Depends-On: https://review.opendev.org/711511
Change-Id: If5230854d7565c8b3c91a46da4795c63edf095e4
Story: 2006574
Task: 38866
We enable ntpd by default, and provide a variable to disable it -
ntp_service_enabled. It is also automatically disabled if the user
enables the chrony container (kolla_enable_chrony).
However, setting ntp_service_enabled to false will cause the host
configure commands to fail due to a bug in the resmo.ntp role. This is
because it tries to configure the ntpd service in systemd, but it will
not exist so the task fails.
This change fixes the issue by skipping the resmo.ntp role if the NTP
service is disabled.
Change-Id: I640873c11ceae5008030dc03984c089a410a0cee
Story: 2007384
Task: 38968
This is ignored by Libvirt, so there is no need to pass it to the
libvirt-host role.
Note: omitting the capacity argument requires libvirt-host 1.3.1 or
later.
Change-Id: Id94e7b514ed36c8e042e56e8f1891d98f8371e5d
Story: 2007381
Task: 38957
This extends the physical network configuration in Kayobe to configure
Cumulus physical switches using the nclu Ansible module.
Change-Id: I960027ead301c5793a0ada1959a23549a71bdbfb
Updates the minimum version of Ansible from 2.6 to 2.8, and the maximum
supported version from 2.8 to 2.9.
CentOS 8 requires Ansible 2.8.
Change-Id: I3f8f7f8d7d37e3cb851965a491ac9c43030869d5
Story: 2006574
Task: 38826
Kayobe overcloud introspection data save fails because the dynamic
inventory script siliently breaks causing Ansible to parse it as a
static inventory file. The failure occurs due to OS_TOKEN being set.
This change works around setting OS_TOKEN before running the dynamic
inventory script by setting OS_CLOUD before querying inspector.
Confirmed on Stein and Train, and verified in both environments.
Story: 2007326
Task: 38846
Change-Id: I57fbf91ae3440d3e4e6a64cd7d05151e299c9322
One use case is to use seperate disk for the registry storage. This
can prevent the rootfs from filling up.
Change-Id: I9634ee7f5730e93b8ddd96de04982d638dd4dae2
This pulls in a number of fixes to the iDRAC role which includes
a change to allow the role to work with a recent version of the
python-dracclient library.
Change-Id: I6aa1fcece42f93cf404cf06dc96b2d70b140775e
Since I56533ead8357945a42b079fda7edbd9912fc135a (present in 7.0.0.0rc1),
seed VM provisioning fails due to a missing configdrive volume. The
problem is caused by the stackhpc.libvirt-vm role at version 1.8.0, and
the issue is described in
https://github.com/stackhpc/ansible-role-libvirt-vm/issues/45.
This change bumps the requirement for stackhpc.libvirt-vm to v1.10.0,
which includes a fix for the issue.
Change-Id: I7361510a1c9c9c25356c5abd2a68b661c6b52692
Story: 2007063
Task: 37929
Since story 2006855, it is possible to specify a list of packages when
building IPA images. However, this introduced an issue in the case where
no packages are specified. See
https://github.com/stackhpc/ansible-role-os-images/issues/26.
This change fixes the issue by updating stackhpc.os-images role to
v1.7.0, which has a fix for this issue.
Change-Id: I70d20381bec3f5b92bb467e6c506e32bb13548c2
Story: 2007069
Task: 37952
Kolla recently upgraded bifrost from 7.0.0 to 7.1.0 on the stable/train
branch. This switched to IPA builder to build the IPA image, and
introduced a rename of the IPA kernel file from ipa.vmlinuz to
ipa.kernel, which breaks overcloud provisioning. The iPXE kernel
download fails with a 404, since Kayobe introspection rules use
ipa.vmlinuz for the driver_info.deploy_kernel URL.
This change works around the issue by setting two Bifrost variables,
ipa_kernel and ipa_kernel_url, to reference the old kernel filename of
ipa.vmlinuz. This works both in the case where the image is downloaded
from a URL (ipa_kernel sets the destination file name), and where it is
built via 'kayobe seed deployment image build' (kayobe uses the legacy
ironic-agent DIB element rather than IPA builder, which creates a
hardlink to ipa.vmlinuz).
We chose the above approach rather than switching to IPA builder due to
it being a less risky change at a time close to release. A future
release of Kayobe should switch to IPA builder, but this will be a
larger effort.
[1] https://review.opendev.org/#/c/692200/1/playbooks/roles/bifrost-ironic-install/defaults/main.yml
Change-Id: I7f75c25602fd7ae4bfeb6abbdd3b42d8ee465abf
Story: 2007068
Task: 37951
Add file to the reno documentation build to show release notes for
stable/train.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.
Change-Id: I8ee7a008dc6dfc07f2fd079323d43a28f15ecb42
Sem-Ver: feature
In Kayobe hosts which are part of a Nova cell can be managed via the
existing controller and compute groups. However, since Nova Cells are
configured via group vars in Kolla Ansible we need some way of setting
these. We could pass vars through to Kolla Ansible host vars using
`kolla_overcloud_inventory_pass_through_host_vars` but the list of
variables which may be set on a per cell basis is large and undefined.
This change allows the user to directly specify Kolla Ansible group vars
as part of Kayobe config, allowing the deployment of Nova Cells by
Kayobe to be largely unchanged from the procedure documented in Kolla
Ansible.
Change-Id: I2695034d36936fcc77a4828c67f9552155781dd6
Story: 2004291
Task: 37804
These are mostly formatting fixes, but also a correction of the default
value of pip_upper_constraints_file.
Change-Id: Iadb1b45644865d67e170f94d301d3eeeab2654ee
Updates the minimum version of Ansible from 2.5 to 2.6, and the maximum
supported version from 2.7 to 2.8.
Change-Id: I5aeb28424a8d1920b58ca73e37131d8cbfeabf29
Kolla ansible switched its database backup support to mariabackup from
xtrabackup due to incompatibilities. See
https://bugs.launchpad.net/kolla/+bug/1843043 for details.
Change-Id: Ib95771f09fd6d5e71a2af471de47f811e1cab88b
Related-Bug: #1843043
Story: 2006952
Task: 37634
Kolla Ansible Train introduces support for TLS encryption of the
internal API. This change introduces support for internal API encryption
in Kayobe.
The following new variables are introduced:
* kolla_enable_tls_internal
* kolla_internal_tls_cert
* kolla_internal_fqdn_cacert
Also only set kolla_*_fqdn_cacert in globals.yml if set.
Change-Id: If432afde374fe247d09c952e110c9567e17daea1
Story: 2006959
Task: 37649