This workaround is no longer needed for current CentOS 8 images as
resolv.conf file comes now empty.
Moreover, the workaround has been preventing seed host configure from
running successfully on Ubuntu hosts.
Change-Id: I30e34e3c58db3f3a93a07f3d6d53671286e4260e
Kayobe currently supports definition of various different networks -
public, internal, tunnel, etc. These typically map to a VLAN or flat
network, with an IP subnet. When a cloud exceeds the size of a single
VLAN/subnet, this approach no longer works.
One way to resolve this is to have multiple subnets that map to a single
logical network, and provide routing between them. This is a similar
concept to neutron's routed networks, but for the control plane.
This change provides documentation for the currently tested parts of
this feature.
Change-Id: Ic06c6d4fff0fa568eb9ed3a9c30ce21c7699d965
Story: 2008180
Task: 40938
The critical part of this commit is adapting code that was still
sourcing env-vars. This file was removed from Bifrost in the Victoria
release, breaking the `kayobe seed deployment image build` command.
The other changes are not yet breaking Kayobe:
1) Release notes claim that OpenStackClient is no longer installed when
keystone is not enabled, but it appears to still be available. Use
the ironic native baremetal command instead except in playbooks
related to baremetal compute nodes (i.e. overcloud ironic).
2) The use of OS_CLOUD=bifrost-inspector is deprecated and should be
replaced by OS_CLOUD=bifrost.
Change-Id: I25078e69acdf41a4ef9957f99fe5047de54b778d
Story: 2008558
Task: 41696
Kayobe allows specifying a --limit argument, which is passed through to
Ansible. In some cases we wish to add an intersection with a group. This
allows us to reuse playbooks for the seed, overcloud etc.
For example, the lvm.yml playbook specifies a host list of
seed-hypervisor:seed:overcloud. When executed as part of a kayobe
overcloud host configure command, Kayobe passes a limit of overcloud. If
the user specifies a --limit argument, this gets intersected with the
overcloud limit: host1:&overcloud.
The problem happens if the user specifies multiple parts to the host
pattern in their limit using a comma, e.g. host1,host2. This results in
host1,host2:&overcloud. Ansible ignores the colon, and treats this as
host1 or host2:&overcloud.
The solution is to use a comma to join the patterns if the user has used
a comma: host1,host2,&overcloud
Change-Id: Ibe42fa372c6fa0c539d2c2b0e238601286dc213d
Story: 2008255
Task: 41111
If a seed's bifrost_deploy container is deployed using a CentOS 8.2 base
image, prior to the CentOS 8.3 release, then a user runs 'kayobe seed
service deploy', the following task may fail:
TASK [Ensure the overcloud host image has bogus name server entries removed]
This seems to be an issue with libgcrypt not being upgraded with
qemu-kvm, and becoming incompatible. The workaround is to ensure
libgcrypt is upgraded also.
Story: 2008430
Task: 41379
Change-Id: I82313fcd258e58969e0b68ae91a78943df537a7f
* Bump stackhpc.libvirt-host to v1.7.1. On seed-hypervisors installed
using CentOS 8.2 or earlier, interaction with libvirt may fail due to
libgcrypt being incompatible. See
https://github.com/stackhpc/ansible-role-libvirt-host/issues/42
* Bump MichaelRigart.interfaces to v1.9.2. The CentOS 8.3 cloud image
includes an ifcfg-ens3-1 file. See
https://github.com/michaelrigart/ansible-role-interfaces/pull/93
* Previously a second libvirt daemon was installed by Tenks on the host,
however changes in libvirt 6.0.0 to separate libvirtd into multiple
daemons do not allow for customisation of the PID files used by the
new daemons. This leads to a conflict between the container and host
daemons. Update the Tenks config to use the containerised Nova libvirt
daemon. This depends on a change to the stackhpc.libvirt-host role:
https://github.com/stackhpc/ansible-role-libvirt-host/pull/44
* Not CentOS 8.3 related, but tox jobs are now failing on python
dependencies. Remove upper limits from docker and paramiko.
* Not CentOS 8.3 related, but Bifrost has enabled authentication by
default. We are not ready to support this, so override it.
Story: 2008429
Task: 41378
Change-Id: Ie8fd965165e8d347d27528a2c16d0647e412ccdc
Ring files are binary formatted and should not be templated. Attempting
to template them causes an error such as the following:
Template source files must be utf-8 encoded
This change fixes the issue by implementing support for configuration
files that are listed as 'untemplated'.
Change-Id: I9c6b0d9d5e13e8b82ebb8e8a3a0f432efb865e28
Story: 2007297
Task: 38774
Set packages argument explicitly as a list to avoid "No package matching
'<generator object select_or_reject at 0x7ff25f341750>' is available" error.
Story: 2008378
Task: 41298
Change-Id: Ibe44583cb93b7dca8f5091c893386a15288af915
Add file to the reno documentation build to show release notes for
stable/victoria.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/victoria.
Change-Id: I79b0d63a283b56a12b5acd3aaa740a6be3c3cb6f
Sem-Ver: feature
Without this setting, bifrost creates a bifrost firewalld zone only
allowing network traffic for Ironic services and assigns the
provisioning network interface to it, potentially causing loss of
connectivity.
Using the public zone is suggested as a workaround [1] but is not
sufficient: it allows SSH traffic, but blocks other services deployed on
the seed, such as Docker registry traffic.
[1] https://review.opendev.org/#/c/754406/
Change-Id: I80f9d95f02e11fda5916f9a9dd257b688a9db7e2
Story: 2008153
Task: 40899
Kayobe currently supports definition of various different networks -
public, internal, tunnel, etc. These typically map to a VLAN or flat
network, with an IP subnet. When a cloud exceeds the size of a single
VLAN/subnet, this approach no longer works.
One way to resolve this is to have multiple subnets that map to a single
logical network, and provide routing between them. This is a similar
concept to neutron's routed networks, but for the control plane.
An issue arising from this is that if different hosts can have different
network definitions for the internal and public networks, it is no
longer trivial to use a network attribute [1] to specify the VIP address
and FQDN. Furthermore, the play that generates Kolla Ansible's
globals.yml containing the VIP and FQDN variables runs as localhost,
which does not necessarily have the internal and public networks
defined.
To resolve this, we add global variables for the VIPs and FQDNs. The
default values are as before, except in the case where HAProxy is
disabled, which we no longer provide a useful default for. That
configuration is very rarely used in practice, and the need to reference
the IP address of a host in the network group makes it difficult to
define safely.
[1] https://docs.openstack.org/kayobe/latest/configuration/reference/network.html#global-network-configuration
Story: 2008180
Task: 40937
Change-Id: I2c428ffc2b285aee03d8f59ae7cd3fb7230ce4ae
To avoid switching existing deployments from devicemapper to overlay2,
we check the existing storage driver configuration directly with the
Docker daemon, or if unreachable by reading the /etc/docker/daemon.json
configuration file.
Co-Authored-By: Pierre Riteau <pierre@stackhpc.com>
Story: 2005667
Task: 30972
Change-Id: Iaf2ee8c9f302f4684ae039bb00b2e2e5969cf1fc
We do not need the workload provisioning, cleaning or inspection
networks when Ironic is disabled in the overcloud.
Change-Id: I300d0ef136224126f25d2c70a80a42afeea5f586
Story: 2008207
Task: 40992
Ironic is now disabled by default in the overcloud. This brings Kayobe's
default set of services into line with Kolla Ansible. For environments
using Ironic in the overcloud, set kolla_enable_ironic to true in
kolla.yml.
Story: 2008207
Task: 40991
Change-Id: I33eb4fa534847e199a599350b525d4762a2beaac
Adds support for HTTP basic authentication with the Docker registry.
The kolla docker registry password is now written to passwords.yml.
Change-Id: Ie6e854a66a6660d4e02771fe2b5dd97af814194d
Story: 2007952
Task: 40429
The variables in yum.yml and yum-cron.yml were deprecated in Ussuri.
This patch removes them, and updates the defaults in dnf.yml.
Story: 2008160
Task: 40906
Change-Id: I97cc98dd2ff726e5885fefcab17f17796d9fd453
Since kayobe is installing python3-pip in pip.yml - and dnf proxy is set
later, it fails on no-direct-internet systems.
Change-Id: I93f29ec4334829bfec107ba7aa6df05a47d2ab96
Story: 2008067
Task: 40750
Depends-On: https://review.opendev.org/748587
Depends-On: https://review.opendev.org/750804