339 Commits

Author SHA1 Message Date
Piotr Parczewski
93f67ac478 Add support for custom shm_size for seed container(s)
It's now possible to change Docker's default 64M SHM size
for custom containers running on the seed.

Change-Id: Ic6c2ec38e8a22b8acc90e17a552e471aa8313f7d
2021-02-25 23:33:50 +01:00
Zuul
d14aa37cd3 Merge "Remove CentOS 7 image resolv.conf workaround" 2021-02-19 00:45:11 +00:00
Zuul
38409a7c1f Merge "Remove trailing whitespace" 2021-02-11 13:00:02 +00:00
Zuul
e1e4f73673 Merge "Adapt to changes from the Bifrost Victoria release" 2021-02-11 10:17:34 +00:00
Piotr Parczewski
914d61d83b Remove CentOS 7 image resolv.conf workaround
This workaround is no longer needed for current CentOS 8 images as
resolv.conf file comes now empty.

Moreover, the workaround has been preventing seed host configure from
running successfully on Ubuntu hosts.

Change-Id: I30e34e3c58db3f3a93a07f3d6d53671286e4260e
2021-02-09 14:14:57 +01:00
Zuul
c01099c07f Merge "Add documentation for routed control plane networks" 2021-02-03 13:36:57 +00:00
Zuul
8941ebe06e Merge "Fix copying Swift ring files" 2021-02-03 13:36:43 +00:00
Mark Goddard
7f7c4e2a48 Add documentation for routed control plane networks
Kayobe currently supports definition of various different networks -
public, internal, tunnel, etc. These typically map to a VLAN or flat
network, with an IP subnet. When a cloud exceeds the size of a single
VLAN/subnet, this approach no longer works.

One way to resolve this is to have multiple subnets that map to a single
logical network, and provide routing between them. This is a similar
concept to neutron's routed networks, but for the control plane.

This change provides documentation for the currently tested parts of
this feature.

Change-Id: Ic06c6d4fff0fa568eb9ed3a9c30ce21c7699d965
Story: 2008180
Task: 40938
2021-02-03 12:08:46 +00:00
Pierre Riteau
0d028b901f Remove trailing whitespace
Change-Id: I6b81c473ba9d844d0b6e5d0064dd71fe9313d647
2021-01-27 13:15:39 +01:00
Pierre Riteau
f3c0526c09 Adapt to changes from the Bifrost Victoria release
The critical part of this commit is adapting code that was still
sourcing env-vars. This file was removed from Bifrost in the Victoria
release, breaking the `kayobe seed deployment image build` command.

The other changes are not yet breaking Kayobe:

1) Release notes claim that OpenStackClient is no longer installed when
   keystone is not enabled, but it appears to still be available. Use
   the ironic native baremetal command instead except in playbooks
   related to baremetal compute nodes (i.e. overcloud ironic).

2) The use of OS_CLOUD=bifrost-inspector is deprecated and should be
   replaced by OS_CLOUD=bifrost.

Change-Id: I25078e69acdf41a4ef9957f99fe5047de54b778d
Story: 2008558
Task: 41696
2021-01-27 11:00:36 +01:00
Zuul
ff7c1741d8 Merge "Add variables for API VIP address and FQDN" 2021-01-21 20:14:37 +00:00
Zuul
4d96568912 Merge "Fix /tmp/swift-rings/backups/ files deletion" 2021-01-21 12:26:03 +00:00
Zuul
e96bd3309a Merge "Fix overcloud host image resolv workaround on CentOS 8.3" 2021-01-18 15:28:47 +00:00
Zuul
65d69244f2 Merge "Fix reno link" 2021-01-14 16:50:36 +00:00
Zuul
f248be81ec Merge "Fix --limit with commas" 2021-01-14 15:16:18 +00:00
Mark Goddard
017b092df7 Fix --limit with commas
Kayobe allows specifying a --limit argument, which is passed through to
Ansible. In some cases we wish to add an intersection with a group. This
allows us to reuse playbooks for the seed, overcloud etc.

For example, the lvm.yml playbook specifies a host list of
seed-hypervisor:seed:overcloud. When executed as part of a kayobe
overcloud host configure command, Kayobe passes a limit of overcloud. If
the user specifies a --limit argument, this gets intersected with the
overcloud limit: host1:&overcloud.

The problem happens if the user specifies multiple parts to the host
pattern in their limit using a comma, e.g. host1,host2. This results in
host1,host2:&overcloud. Ansible ignores the colon, and treats this as
host1 or host2:&overcloud.

The solution is to use a comma to join the patterns if the user has used
a comma: host1,host2,&overcloud

Change-Id: Ibe42fa372c6fa0c539d2c2b0e238601286dc213d
Story: 2008255
Task: 41111
2021-01-08 15:08:16 +00:00
Mark Goddard
31524f6f8d Fix reno link
Fixes a link to storyboard in release note added in
Ibe44583cb93b7dca8f5091c893386a15288af915.

Change-Id: I7360953c6b5b579392d746971df7200e998ed3ef
2020-12-22 09:44:26 +00:00
Kendall Nelson
0644ea238b Remove Retired Karbor Support
As announced on the openstack-discuss ML[1], Karbor is retiring
this cycle (Wallaby).

Needed-By: https://review.opendev.org/c/openstack/karbor/+/767032

[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-November/018643.html

Change-Id: I5a3af41e4cc3988540ff95c880207279133a19d4
2020-12-22 09:32:15 +00:00
Pierre Riteau
eac1702b84 Fix implementation of kayobe seed hypervisor host package update
Change-Id: Ib869ae5146948abcb11eb20691ccc2311db24bb1
Story: 2008458
Task: 41485
2020-12-21 10:29:41 +01:00
Zuul
e569036a05 Merge "Remove retired Qinling support" 2020-12-19 03:37:31 +00:00
Mark Goddard
bd5c5c0187 Fix overcloud host image resolv workaround on CentOS 8.3
If a seed's bifrost_deploy container is deployed using a CentOS 8.2 base
image, prior to the CentOS 8.3 release, then a user runs 'kayobe seed
service deploy', the following task may fail:

    TASK [Ensure the overcloud host image has bogus name server entries removed]

This seems to be an issue with libgcrypt not being upgraded with
qemu-kvm, and becoming incompatible. The workaround is to ensure
libgcrypt is upgraded also.

Story: 2008430
Task: 41379

Change-Id: I82313fcd258e58969e0b68ae91a78943df537a7f
2020-12-18 08:41:55 +00:00
Zuul
858c0f2a62 Merge "Remove retired Searchlight support" 2020-12-17 21:11:09 +00:00
Mark Goddard
4398856ec8 Fixes for CentOS 8.3
* Bump stackhpc.libvirt-host to v1.7.1. On seed-hypervisors installed
  using CentOS 8.2 or earlier, interaction with libvirt may fail due to
  libgcrypt being incompatible. See
  https://github.com/stackhpc/ansible-role-libvirt-host/issues/42

* Bump MichaelRigart.interfaces to v1.9.2. The CentOS 8.3 cloud image
  includes an ifcfg-ens3-1 file. See
  https://github.com/michaelrigart/ansible-role-interfaces/pull/93

* Previously a second libvirt daemon was installed by Tenks on the host,
  however changes in libvirt 6.0.0 to separate libvirtd into multiple
  daemons do not allow for customisation of the PID files used by the
  new daemons. This leads to a conflict between the container and host
  daemons. Update the Tenks config to use the containerised Nova libvirt
  daemon. This depends on a change to the stackhpc.libvirt-host role:
  https://github.com/stackhpc/ansible-role-libvirt-host/pull/44

* Not CentOS 8.3 related, but tox jobs are now failing on python
  dependencies. Remove upper limits from docker and paramiko.

* Not CentOS 8.3 related, but Bifrost has enabled authentication by
  default. We are not ready to support this, so override it.

Story: 2008429
Task: 41378

Change-Id: Ie8fd965165e8d347d27528a2c16d0647e412ccdc
2020-12-16 11:04:48 +00:00
Mark Goddard
c847ef9157 Fix copying Swift ring files
Ring files are binary formatted and should not be templated. Attempting
to template them causes an error such as the following:

    Template source files must be utf-8 encoded

This change fixes the issue by implementing support for configuration
files that are listed as 'untemplated'.

Change-Id: I9c6b0d9d5e13e8b82ebb8e8a3a0f432efb865e28
Story: 2007297
Task: 38774
2020-12-15 16:55:31 +00:00
Margarita Shakhova
f811d3148a Fix /tmp/swift-rings/backups/ files deletion
Add permission escalation to the swift ring generation playbook

Task: 41256
Story: 2008354
Change-Id: I7fa88a203274c3030b3d8e5208f94b2230d43c68
2020-12-13 10:15:36 -05:00
Ghanshyam Mann
d02a40c5a9 Remove retired Searchlight support
Searchlight project is retiring in Wallaby cycle[1].
This commit removes the usage of Searchlight project
before its code is removed.

Needed-By: https://review.opendev.org/c/openstack/searchlight/+/764526

[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-November/018637.html

Change-Id: Iedcc7710ee85202bd4c68443bc0f429bd133c05b
2020-11-28 16:12:43 -06:00
Ghanshyam Mann
e5505b8b34 Remove retired Qinling support
Qinling project is retiring in Wallaby cycle[1].
This commit removes the usages of Qinling project
before its code is removed.

Needed-By: https://review.opendev.org/c/openstack/qinling/+/764521

[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-November/018638.html

Change-Id: I59a61dda68e66eeaa0526e2b91de9316fd04dee8
2020-11-28 00:05:22 -06:00
Zuul
d169b4f5c7 Merge "Fix Python setup when venv is not used" 2020-11-27 20:26:39 +00:00
Zuul
2c32e66841 Merge "Support for firewalld ZONE option in network interfaces configuration" 2020-11-26 12:59:54 +00:00
Piotr Parczewski
e748faea00 Fix Python setup when venv is not used
Set packages argument explicitly as a list to avoid "No package matching
'<generator object select_or_reject at 0x7ff25f341750>' is available" error.

Story: 2008378
Task: 41298
Change-Id: Ibe44583cb93b7dca8f5091c893386a15288af915
2020-11-23 19:51:46 +01:00
Bartosz Bezak
d10d95f949 Support for firewalld ZONE option in network interfaces configuration
Change-Id: Id21616b5c03922002cd7c99d6df7976a502b4e3c
Story: 2008369
Task: 41279
2020-11-19 15:19:52 +01:00
da6debd3b9 Update master for stable/victoria
Add file to the reno documentation build to show release notes for
stable/victoria.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/victoria.

Change-Id: I79b0d63a283b56a12b5acd3aaa740a6be3c3cb6f
Sem-Ver: feature
2020-11-18 17:17:42 +00:00
Pierre Riteau
9df0f00bc5 Configure bifrost to use firewalld trusted zone
Without this setting, bifrost creates a bifrost firewalld zone only
allowing network traffic for Ironic services and assigns the
provisioning network interface to it, potentially causing loss of
connectivity.

Using the public zone is suggested as a workaround [1] but is not
sufficient: it allows SSH traffic, but blocks other services deployed on
the seed, such as Docker registry traffic.

[1] https://review.opendev.org/#/c/754406/

Change-Id: I80f9d95f02e11fda5916f9a9dd257b688a9db7e2
Story: 2008153
Task: 40899
2020-10-07 17:38:43 +02:00
Zuul
6154be4513 Merge "Disable overcloud networks for Ironic when unused" 2020-10-06 14:19:01 +00:00
Zuul
d0d7f07c0b Merge "Disable ironic in the overcloud by default" 2020-10-06 14:18:56 +00:00
Mark Goddard
1862e24bb5 Add variables for API VIP address and FQDN
Kayobe currently supports definition of various different networks -
public, internal, tunnel, etc. These typically map to a VLAN or flat
network, with an IP subnet. When a cloud exceeds the size of a single
VLAN/subnet, this approach no longer works.

One way to resolve this is to have multiple subnets that map to a single
logical network, and provide routing between them. This is a similar
concept to neutron's routed networks, but for the control plane.

An issue arising from this is that if different hosts can have different
network definitions for the internal and public networks, it is no
longer trivial to use a network attribute [1] to specify the VIP address
and FQDN. Furthermore, the play that generates Kolla Ansible's
globals.yml containing the VIP and FQDN variables runs as localhost,
which does not necessarily have the internal and public networks
defined.

To resolve this, we add global variables for the VIPs and FQDNs. The
default values are as before, except in the case where HAProxy is
disabled, which we no longer provide a useful default for. That
configuration is very rarely used in practice, and the need to reference
the IP address of a host in the network group makes it difficult to
define safely.

[1] https://docs.openstack.org/kayobe/latest/configuration/reference/network.html#global-network-configuration

Story: 2008180
Task: 40937

Change-Id: I2c428ffc2b285aee03d8f59ae7cd3fb7230ce4ae
2020-10-05 19:59:53 +00:00
Mark Goddard
869185ea7b Switch default docker storage driver to overlay2
To avoid switching existing deployments from devicemapper to overlay2,
we check the existing storage driver configuration directly with the
Docker daemon, or if unreachable by reading the /etc/docker/daemon.json
configuration file.

Co-Authored-By: Pierre Riteau <pierre@stackhpc.com>
Story: 2005667
Task: 30972

Change-Id: Iaf2ee8c9f302f4684ae039bb00b2e2e5969cf1fc
2020-10-05 19:59:11 +00:00
Mark Goddard
64fd8e1726 Disable overcloud networks for Ironic when unused
We do not need the workload provisioning, cleaning or inspection
networks when Ironic is disabled in the overcloud.

Change-Id: I300d0ef136224126f25d2c70a80a42afeea5f586
Story: 2008207
Task: 40992
2020-10-02 14:23:10 +00:00
Mark Goddard
f9de6a025d Disable ironic in the overcloud by default
Ironic is now disabled by default in the overcloud. This brings Kayobe's
default set of services into line with Kolla Ansible. For environments
using Ironic in the overcloud, set kolla_enable_ironic to true in
kolla.yml.

Story: 2008207
Task: 40991

Change-Id: I33eb4fa534847e199a599350b525d4762a2beaac
2020-10-01 16:28:30 +02:00
Zuul
3a8b560d63 Merge "Add missing barbican.conf support" 2020-09-24 10:28:52 +00:00
Michal Nasiadka
0f25900a43 Add missing barbican.conf support
Story: 2008170
Task: 40925

Change-Id: I3014983f481a5dca7c93e140b3e10caa5d537669
2020-09-23 19:17:51 +00:00
Mark Goddard
7b80482ac3 Docker registry basic auth
Adds support for HTTP basic authentication with the Docker registry.

The kolla docker registry password is now written to passwords.yml.

Change-Id: Ie6e854a66a6660d4e02771fe2b5dd97af814194d
Story: 2007952
Task: 40429
2020-09-21 14:19:29 +02:00
Zuul
79426d0740 Merge "Support neutron-mlnx-agent" 2020-09-17 22:25:10 +00:00
Zuul
620b4e61f7 Merge "Remove support for deprecated Yum variables" 2020-09-17 20:47:06 +00:00
Mark Goddard
26cea075f2 Remove support for deprecated Yum variables
The variables in yum.yml and yum-cron.yml were deprecated in Ussuri.
This patch removes them, and updates the defaults in dnf.yml.

Story: 2008160
Task: 40906

Change-Id: I97cc98dd2ff726e5885fefcab17f17796d9fd453
2020-09-17 14:32:28 +00:00
Bharat Kunwar
d29aca985e Support neutron-mlnx-agent
Depends-On: I173669bdf92b1f2ea98907ba16808ca3c914944c
Change-Id: I5a5bd255b937fe5d4c56cc21ef898b796c5bda41
2020-09-17 14:25:50 +02:00
Pierre Riteau
2606c23812 Avoid setting IPADDR=0.0.0.0
Configuring network interfaces with IPADDR=0.0.0.0 may fail with:
Error, some other host (FF:FF:FF:FF:FF:FF) already uses address 0.0.0.0.

Change-Id: I908dc3320cb1dce7a040a1dbfeac414ace22d6e3
Co-Authored-By: Bartosz Bezak <bartosz@stackhpc.com>
Story: 2007900
Task: 40289
2020-09-16 15:29:14 +02:00
Michal Nasiadka
1094358033 Move dnf.yml earlier in host configure workflow
Since kayobe is installing python3-pip in pip.yml - and dnf proxy is set
later, it fails on no-direct-internet systems.

Change-Id: I93f29ec4334829bfec107ba7aa6df05a47d2ab96
Story: 2008067
Task: 40750
Depends-On: https://review.opendev.org/748587
Depends-On: https://review.opendev.org/750804
2020-09-11 19:59:02 +00:00
Zuul
faf03dbf35 Merge "Add support for custom Aodh configuration" 2020-08-22 00:46:57 +00:00
Zuul
cd834045c8 Merge "Make pip_index_url variable conditional" 2020-08-22 00:07:07 +00:00