Kayobe has fairly coarse-grained default groups - controller, compute,
etc, which work well in the majority of cases. Kolla Ansible allows much
more fine-grained placement on a per-service basis, e.g.
ironic-conductor. If the operator has taken advantage of this
fine-grained placement, then it is possible that some of the assumptions
in Kayobe may be incorrect. This is one downside of the split between
Kayobe and Kolla Ansible.
For example, Ironic conductor services may have been moved to a subset
of the top level 'controllers' group. In this case, we would not want
the Ironic networks to be mapped to all hosts in the controllers group -
only those running Ironic conductor services. The same argument can be
made if the loadbalancer services (HAProxy & keepalived) or Neutron
dataplane services (e.g. L3 & DHCP agents) have been separated from the
top level 'network' group.
This change abstracts the placement of Ironic conductor Ironic
inspector, loadbalancer and network services into separate variables,
rather than referencing the top level 'controllers' and 'network' groups
directly. These variables may be updated by the operator to match the
service placement.
Change-Id: Idbf181c795ee98ad653f11ae483f9dab4ef1b599
Fixes an issue when user forgot to combine
'kolla_ansible_custom_passwords',
'kolla_ansible_default_custom_passwords' and own dictionary with
custom passwords in configuration files. Now
'kolla_ansible_extra_custom_passwords' should provide only user
custom passwords to add or override in the passwords.yml.
Change-Id: I4813a1f6ab9cb566596e806bd0ada6dff342d119
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Kolla Ansible renamed kolla_internal_fqdn_cacert to
kolla_admin_openrc_cacert in Victoria, after which we no longer set the
variable correctly in globals.yml. This would lead to a missing
OS_CACERT in admin-openrc.sh and public-openrc.sh.
This change fixes the issue by renaming the relevant Kayobe variables to
match and passing through the correct variable. Backwards compatibility
is provided until the end of the deprecation period.
kolla_public_openrc_cacert -> kolla_external_fqdn_cacert
kolla_admin_openrc_cacert -> kolla_internal_fqdn_cacert
Story: 2010486
Task: 47054
Change-Id: I9e1cc20579cf80525d6ef732a1aac99a65bc171b
Co-Authored-By: Maksim Malchuk <maksim.malchuk@gmail.com>
This variable is not supported since
I61a61ca59652b13687c2247d5881012b51f666a7, but was not removed from
etc/kayobe/kolla.yml in that change.
This change also adds the replacement variable docker_registry_insecure
to etc/kayobe/docker.yml.
TrivialFix
Change-Id: I3fa96f0276e08a6678e5d743399d01bc19a8dd1b
Follow on to Ie17ef9ce1147cbaec2e42db932c7d59293b49b1b
Adds seed_deploy_containers_registry_attempt_login variable to seed.yml,
which acts as a redirection of deploy_containers_registry_attempt_login
so that the variable is more descriptive, declared in a better location,
and extensible to other groups
Change-Id: I86d8f13062ff8e664919cd5d63bc17bdafb32e0c
This change adds a variable that can be used to disable kolla docker
registry login attempts, even when the registry username and password
are set.
This is required for deployments using a non-standard containerised
registry deployed on the seed during the deploy-container step,
since it takes place after the registry login attempt.
Change-Id: Ie17ef9ce1147cbaec2e42db932c7d59293b49b1b
The default value for ipa_build_dib_elements_default was previously
changed in Iefd2d0b7a3a3e07f5c112d58e2ec0b3da0a747d3. This change
updates the comments to match.
Change-Id: I47e5acb19c806a1067879c9cf5fa5ccb7f07ccd4
Since I2831e58d84f1da03485f8315eccdd2e79231e584 is used by Bifrost
we add custom user_data content configuration for Bifrost.
Story: 2010580
Task: 47336
Change-Id: I989069f3b3b43bc7a7a2e46ef5f046b8ed7cf8d1
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
For Rocky Linux 9, Kayobe will now disable STP on a bridge by default,
to preserve compatibility with network scripts, as Network Manager
enables STP on all bridges by default.
Enabling STP can lead to port down event if BPDU guard is enabled
on the switch.
Closes-Bug: #2028775
Change-Id: I35eaa92f4243af00697306aa801e5a733885ce4f
The name of ``mrlesmithjr.manage_lvm`` was changed yesterday in release
v0.2.10 to use an underscore, instead of a hyphen. As this changes the
name of the role on Ansible Galaxy, it needs to be updated in
``requirements.yml``.
Closes-Bug: #2024163
Change-Id: I4ea8d8c3a822a7c217bcfcfd5027eecfd21beaed
Allows you to combine multiple environments by declaring any dependencies.
Story: 2002009
Task: 42911
Change-Id: I4d9f96ec4cf3c6cd0d28dfe5ddb239d863498a72
This patch adds new functionality - merging base & environment specific
kolla config. This allows you to place common settings in the base
configuration and only keep environment specific settings in the
environment directories.
Change-Id: Id4588f4529a4522e68e22ce58711cb927fa68a9d
Story: 2002009
Task: 42903
Previously, we only supported passing through group_vars. Passing
through the inventory as is allows you to use other features of ansible
inventory such as host vars. It also simplifies the logic of merging
multiple inventories as we can just pass the inventory to ansible and
let ansible take care of the rest. This is useful for the multiple
environments feature.
Change-Id: I28f5d73d414d405d67f5fc92ab371aa2e28a4ce3
Story: 2002009
Task: 42910
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/802863
Followup the I0b07da22fea27e0ff4e90aaad19e50d84ff9a121 from Kolla.
This change allow to use own repos.y[a]ml file to build containers.
Multiple Environments supported.
Change-Id: I0d7ab0d8ff5b16ac5de8e50e63400bd455996555
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
The 'kayobe * host configure' commands no longer use the 'kolla-ansible
bootstrap-servers' command, and associated 'baremetal' role in Kolla
Ansible. The functionality provided by the 'baremetal' role has been
extracted into the openstack.kolla Ansible collection, and split
into separate roles. This allows Kayobe to use it directly, and only the
necessary parts.
This change improves failure handling in these Kayobe commands, and aims
to reduce confusion over which '--limit' and '--tags' arguments to
provide. This ensures that if a host fails during a host configuration
command, other hosts are able to continue to completion. Previously, if
any host failed during the Kayobe playbooks, the 'kolla-ansible
bootstrap-servers' command would not run. This is useful at scale, where
host failures occur more frequently.
This change has implications for configuration of Kayobe, since some
variables that were previously in Kolla Ansible are now in Kayobe.
Several parts of the baremetal role have been split out and used here:
* apparmor-libvirt: disable AppArmor rules for libvirt on Ubuntu.
* docker: Docker installation & configuration. The docker role in
openstack.kolla combines functionality from kolla-ansible and kayobe.
* etc-hosts: it proved difficult to generalise this, so we have some
almost duplicated the code from kolla-ansible here. Requires delegated
fact gathering for the case when --limit is used.
* firewall: support to disable UFW, for feature parity.
* kolla-packages: miscellaneous package installs & removals.
The addition of the stack user to the docker group has been moved to the
user bootstrapping playbook, and the docker SDK installation has been
moved to the virtualenv setup playbook.
Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/829587
Story: 2009854
Task: 44505
Change-Id: I61a61ca59652b13687c2247d5881012b51f666a7
This is folllowup on I69bf810632d09eddaa3983ae56e833debe9fd03b to
avoid user accidentely forgot the 'acl' package when override the
dev_tools_packages_default in their custom configuration. Also this
adds an ability to customise list of packages installed in addition
to the default list.
Change-Id: I03a826e98a18b158774ba100cfa2987299eb6c25
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Adds the command ``kayobe overcloud service configuration validate`` to
run the ``oslo-config-validator`` on all hosts via Kolla-Ansible. The
output directory of the results is specified with the flag
``--output-dir``.
Change-Id: I5d5d16eeabe69e8659e33722165928df096b3559
Kayobe provides various roles and plugins in the ansible directory.
These are accessible to Kayobe playbooks in the same directory.
In some cases it can be useful to use these items from Kayobe custom
playbooks, however they cannot since they reside in a different
directory. Typically we work around this by symlinking to the relevant
directory from the directory containing the custom playbook. This is not
an elegant workaround, and has assumptions about the relative paths of
the Kayobe configuration and virtual environment in which Kayobe is
installed.
This change adds the Kayobe role, collection, and plugin paths to the
relevant Ansible lookup paths using environment variables. This allows
custom playbooks to use these items. Also added to the lookup paths are
roles, collections and plugins in Kayobe configuration in the
etc/kayobe/ansible/ directory. This removes the limitation of playbooks
needing to reside in the same directory as those items in order to use
them.
We import the Ansible configuration settings module directly, since it
avoids replicating the configuration logic.
Story: 2010280
Task: 46234
Change-Id: I2fb2b4d7ed937e0184a62b0f119659569448f8df
We need to change the version of ansible-collection-kolla used for each
release. Use a more recent patch including this change.
Change-Id: I3e7bcbaca442f7aa01f43df9209a80f7e176c548
