The Control Plane Service Placement documentation connects network hosts
to networks listed in controller_network_host_network_interfaces.
However this only contained public, tunnel, and external networks. For a
fully functional network host, we also need:
- the overcloud admin network, to manage the host
- internal network, for services to interact with each other
- storage network, for manila-share
This change updates the default network configuration for network hosts
and adds a variable to define extra networks like for other hosts. It
also improves the documentation for adding network hosts.
Change-Id: I1bb857bfca9e209bc6de30ae9852a4a08b2c7fb0
Currently the ordering of network interfaces in the seed VM is
non-deterministic. This happens because we apply the 'unique' filter to
the network_interfaces list, which does not guarantee a deterministic
ordering. This list is then transformed and passed to the
stackhpc.libvirt-vm role.
There are two consequences of this:
* it is not possible to determine which interface names should be used
prior to creating a seed VM
* if a seed VM is recreated, the interface ordering may change
This change fixes the issue by sorting the network_interfaces list
alphabetically before it is transformed and passed to the
stackhpc.libvirt-vm.
A new 'seed_vm_interfaces' variable is also added, which allows for
customisation of the VM's interfaces - potentially allowing for more
complex setups such as trunked VLANs.
Story: 2007259
Task: 38621
There is a second issue, which is that if the seed VM has a
network interface not configured with a gateway, cloud-init will fail to
configure the network interfaces on the host. This has been observed on
CentOS 8, but is probably more tied to the version of cloud-init, and
may affect CentOS 7. The following error is seen in the cloud-init logs:
KeyError: 'gateway'
This change has been addressed in the jriguera.configdrive role, and
this change updates the version used in requirements.yml.
Story: 2007769
Task: 39993
Change-Id: Ib6ab41a3ba320a1fe15d0d23561fad2fab7861e6
Switches to use the IPA builder project for building IPA images.
Switches the IPA images used by default to CentOS 8 based image.
Changes the file extension of the IPA kernel image from vmlinuz to
kernel.
Story: 2007070
Task: 37953
Change-Id: I82fc455f41f48dacb453e135870dd776895d7c99
Story: 2006574
Task: 39485
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
Disable openstackdocs_auto_name to use 'project' variable as name.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Ic10edb7103455b477cece3940f150f4345611562
Since adding support for Python 3, the following commands fail:
* kayobe baremetal compute inspect
* kayobe baremetal compute manage
* kayobe baremetal compute provide
There are two issues:
1. There is a missing /bin from the ansible_python_interpreter path used.
2. The stackhpc.os-ironic-nodes role fails with an undefined variable:
name 'openstack_cloud_from_module' is not defined
This is fixed in the stackhpc.os-ironic-nodes role version 1.3.1.
Story: 2007797
Task: 40051
Change-Id: Ie2a0a6bf75dc88458796a9691891e76f578d87ad
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: Iee73855fa78f80150b89e32cc9f3f79b98e5f95e
Sem-Ver: feature
Various kolla-ansible TLS features (including backend TLS and custom CA
certs) require certificates to be passed via
$KOLLA_CONFIG_PATH/certificates/. Currently Kayobe does not support
this.
This change adds support for copying across files from
$KAYOBE_CONFIG_PATH/kolla/certificates.
It also uses the kolla-ansible default value for
kolla_external_fqdn_cert and kolla_internal_fqdn_cert when
kolla_external_tls_cert and kolla_internal_tls_cert are respectively
not set. This allows for the standard kolla-ansible configuration
approach of dropping these certificates into the
$KAYOBE_CONFIG_PATH/kolla/certificates directory, rather than defining
them as variables. This can be useful if using the kolla-ansible
certificates command to generate certificates for testing.
Change-Id: I646930ad8ea70991d6ffa00f15f93f72d922141b
Story: 2007679
Task: 39790
Backport: train
Commit efb8b8bd27d08469c94f103b7314e9905cf6aa0e introduced in Train uses
docker_storage_driver in a Kayobe top-level playbook, but this variable
was only defined in defaults of the docker-devicemapper role. Unless
docker_storage_driver is explicitly set by the operator, the
docker-devicemapper playbook would fail due to the variable being
undefined.
Change-Id: I5e8219d1807b1a4e3ec65f5478eb3f1c7c02b241
Story: 2007719
Task: 39857
Steps to reproduce:
* Define a separate network for the external API network
* Don't define a cidr field for the new network (prevents IPs being
allocated to hosts on this network)
* Set the vip_address field for the network (and optionally fqdn)
* kayobe overcloud host configure
* kayobe overcloud service deploy
* kayobe overcloud host configure (again)
On the final command, keepalived will have created a VIP on the
interface, causing the command to fail with an error like the following:
Interface eth0 has an IPv4 address but none was requested
This change fixes the issue by passing the VIP address as an allowed
address to the MichaelRigart.interfaces role. This depends on
https://github.com/michaelrigart/ansible-role-interfaces/pull/71.
Change-Id: Ic86c0ca1b8209c968cb20a11bb3f40da71f296d0
Story: 2007736
Task: 39902
Kayobe has a role to disable SELinux. Some systems do not have SELinux
installed (this can be reproduced by removing the selinux-policy package
and removing /etc/selinux/config). This causes the selinux
Ansible module to fail, since it can't write to /etc/selinux/config:
Please install SELinux-policy package, if this package is not
installed previously.
This change fixes the issue by only disabling SELinux if the config file
exists.
Change-Id: I25c7282c1e8dcdee3e7feddef9d66ca5beeb1bce
Story: 2007704
Task: 39820
* Always use Python 3
* Drop code paths for CentOS 7
* Drop support for Yum
* Remove support for host NTP daemon, always use chrony
* Switch references from 'yum_install_epel' to 'dnf_install_epel'
* Remove overcloud host image workaround for tagged VLAN admin network
* Remove the kayobe.utils.yum_install function, which is unused
Change-Id: I368f6edafed9779658798fc342116b4c1b3ffd48
Story: 2006574
Task: 39481
Sometimes there is a need to develop site specific playbooks. Currently,
it is necessary to manually invoke these at the right point during the
deployment. Adding the ability to automatically run these custom
playbooks will reduce the chance of running these playbooks at the wrong
point or forgetting to run them at all.
Change-Id: I1ae0f1f94665925326c8b1869dd75038f6f1b87d
Story: 2001663
Task: 12606
This can be advantageous in deployments with a data security
requirement.
Change-Id: I555ee575ccec0cfbcc4c4bcb53677796c83227e3
Story: 2007555
Task: 39410
On seed hypervisors running CentOS 8, the configdrive role will fail to
install coreutils if coreutils-single is already present:
Error:
Problem: problem with installed package coreutils-single-8.30-6.el8.x86_64
- package coreutils-8.30-6.el8_1.1.x86_64 conflicts with coreutils-single provided by coreutils-single-8.30-6.el8.x86_64
- package coreutils-8.30-6.el8_1.1.x86_64 conflicts with coreutils-single provided by coreutils-single-8.30-6.el8_1.1.x86_64
- conflicting requests
Until the role handles it, install coreutils using the --allowerasing
option which will remove coreutils-single at the same time. Use a
command task for now since this option has just been added to
ansible:devel [1].
[1] https://github.com/ansible/ansible/pull/48319
Change-Id: I43bbe9dae3d6796e308fbf66cb04d16b57ff5e37
Story: 2007612
Task: 39607
1. Blacklist Ansible 2.9.8
Ansible 2.9.8 includes a regression on the fileglob plugin [1] that
causes the Kolla Ansible HAProxy role to fail.
This change blacklists Ansible 2.9.8 to work around the issue.
2. Use ensure-docker role instead of install-docker
The install-* roles are being deprecated and renamed to follow the
ensure-* naming convention [2].
[1] https://github.com/ansible/ansible/issues/69450
[2] http://lists.zuul-ci.org/pipermail/zuul-announce/2020-April/000071.html
Change-Id: Iab1d84e6a8c1b3dd81e53279309153687677a061
Story: 2007659
Task: 39748
The public network name is set via public_net_name, and its default
value is the first item in the external_net_names list. The variable
uses the YAML folded block scalar notation, but does not use the
chomping indictator, which means the string is assigned a trailing
newline.
This change fixes the issue by adding the chomping indicator.
Change-Id: I68fb65cd3bc7c4390813747f9ac4ecebc3b4145f
Story: 2007654
Task: 39731
Ironic inspector rules are registered both with the seed and (if using)
overcloud ironic inspector services. These tasks often show up as
changed even when no configuration changes have been made that would
affect the rules.
This is caused by inspector returning default values for fields that may
be omitted in the requested rule. This change fixes the issue by
including those defaults in the comparison.
Change-Id: Ia24e328d4531201d76a65b6385e4463bb1f3c5c6
Story: 2007399
Task: 38997
Sets 'monasca_install_type: source' to remove need
for kolla-ansible var boilerplate.
Also use default Monasca parameters to configure
Grafana post deploy.
Change-Id: I2b6d62104c9c127cb8f6b4f4930dd695cd00da17
Story: 2007597
Task: 39587
Prevously the container image tag applied to built images was configured
via 'kolla_openstack_release'. This variable also controlled the tag
used for deployed images. This could cause problems during the CentOS 8
transition, where we need to build two sets of images, and Kolla Ansible
may apply a '-centos8' suffix to the tag we specify on CentOS 8.
This change separates the tag applied to built images into a different
variable - 'kolla_tag'. The default is still 'kolla_openstack_release'.
Change-Id: I8e1d877ee91a07b86cb858d25b841f8bfcd50e21
Story: 2006574
Task: 39487