adds the argument --skip-hooks/-sh which will stop the execution of
hooked ansible playbooks. Either a pattern can be specified to match
against or hook execution can be stopped altogether with "all"
Story: 2009241
Task: 43390
Change-Id: I4f2176aa056fec62e31d07140e3d05779480a93d
After I3f7b480519aea38c3927bee7fb2c23eea178554d kolla-ansible
does not support EL8.
Those will be readded as Rocky9 via [1].
[1]: https://review.opendev.org/c/openstack/kayobe/+/855656
Change-Id: I6c3f9d8c54d0c6819092bd68b724a28048ac9e16
overcloud-dib: added overcloud_dib_dib_upper_constraints_file
ipa: added ipa_build_dib_upper_constraints_file
added os_images_dib_upper_constraints_file to image build
playbooks
New variables were added to facilitate control over the DIB
upper constraints without changing them for other components.
They are empty by default in order to facilitate Rocky9
image builds.
Change-Id: Ib50dd61685f13c60ace67213ddd1e714a80dece3
Currently description is applied first to the interface, but if it's a
virtual one - it won't exist before running the configuration commands.
Story: 2010279
Task: 46232
Change-Id: I40212b40a4d391272f4063f42e8a7043b3d58fd7
The group variables originally in ansible/group_vars/ were playbook
group variables, due to being adjacent to the playbooks. Typically they
provided default values for global variables in the all group, as well
as some more specific groups. This has worked fairly well, but results
in (at least) a couple of problems.
1. The default variable precedence rules mean that these playbook group
variables have a higher precedence than inventory group variables
(for a given group). This can make it challenging to override
playbook group variables in the inventory in Kayobe configuration.
2. Any playbook run by Kayobe must be in the same directory as the
playbook group variables in order to use them. Given that they
include variables required for connectivity such as ansible_host and
ansible_user, this is quite critical. For Kayobe custom playbooks, we
work around this by symlinking to the group_vars directory from the
directory containing the custom playbook. This is not an elegant
workaround, and has assumptions about the relative paths of the
Kayobe configuration and virtual environment in which Kayobe is
installed.
Story: 2010280
Task: 46233
Change-Id: Ifea5c7e73f6f410f96a7398bfd349d1f631d9fc0
After generating an inventory file in 'kayobe overcloud inventory
discover', the IP allocation playbook runs to allocate IP addresses for
the new hosts. Currently this runs without a limit, meaning it targets
all hosts. This change fixes it to use a limit of overcloud.
TrivialFix
Change-Id: Ic3a98fb9e741a2dea792b2e6cf6a6ff802d099a2
* Switch from python-ironic-inspector-client to openstacksdk in
ironic-inspector-rules. This allows us to use clouds.yaml to provide
credentials.
* Enable authentication in Bifrost. Passwords are auto-generated by
Bifrost, and stored files in /root/.config/bifrost/. This change
depends on a Kolla Ansible patch that ensures that these credentials
are persisted between recreations of the bifrost container.
* Copy clouds.yaml and (if present) a CA certificate from the Bifrost
container to the seed host, under the Kayobe Ansible user (stack).
This allows us to use the credentials to register introspection rules.
* This patch is needed by a Kolla Ansible patch that enables TLS in
Bifrost, since we need the CA certificate on the host to register
introspection rules when TLS is enabled.
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/851837
Needed-By: https://review.opendev.org/c/openstack/kolla-ansible/+/851838
Story: 2010206
Task: 45930
Change-Id: I757f1bb72afb01a4f1689bed292f5b71b9048fa0
Adds support for installing additional build host dependencies when
building IPA and overcloud host images via
'ipa_build_dib_host_packages_extra' and
'overcloud_dib_host_packages_extra'.
Support for installing additional host packages was added in
stackhpc.os-images v1.15.0 [1].
[1] https://github.com/stackhpc/ansible-role-os-images/pull/63
Change-Id: I1a05d448031cb415cec4cd601a030abdb8a5eba5
This is useful if forwarded packets need to exit on a different
interface depending on the source or destination IP address or port.
Change-Id: Ifbfbade4baaa1901b08549e52acc725e45379a16
Enables the installation and configuration of firewalld on Ubuntu
systems.
Change-Id: I4a97a2aeed277be672e15e5c7727b810e11d3c42
Story: 2010160
Task: 45818
Adds support for specifying a custom playbook when running Kolla Ansible
commands via a '--kolla-playbook' argument.
Change-Id: Ie4bba0f1bdc82657572e0f06a71db1140c0bd3a4
In networks.yml and inventory group_vars that become part of
kayobe-config, there are a lot of commented out variables for networks
that may or may not exist in a deployment. These are not always that
helpful, and may be actively harmful if the network names in a
deployment are different.
This change removes these variables, and replaces them with a short
explanation of what to add to the section.
Change-Id: I88abe2c515b60e1f1c4c7c073818ff3e47436e64
Currently the output is truncated when mock call lists don't match. This
makes it difficult to diagnose the issue. Use assertListEqual and
maxDiff = None to avoid truncating the output.
Change-Id: I93bc6907e926722156739297ac58c327e9743d9d
This is required to be able to install tenks. Otherwise, we try to
install Jinja2 3.1.2 which requires Python 3.7 or newer.
Change-Id: Ie497b191b6de8bc818dc4a2a12f7129a02d0fd00
The disable-selinux role has been renamed to selinux and now supports
setting desired state.
Previously Kayobe was defaulting to disabling and rebooted the host - to
avoid audit logs filling up. This change allows operators to define
desired SELinux state and defaults to permissive - to adhere to those
site policies that require SELinux to be at least in permissive state.
Change-Id: I42933b0b7d55c69c9f6992e331fafb2e6c42d4d1
IPA itself is still compatible with Python 3.6, but ipa-builder uses
master upper-constraints which have dropped support for 3.6 and are
pulling importlib-metadata===4.11.4, which requires 3.7.
ERROR: Cannot install ironic-python-agent==8.6.1.dev13 because these package versions have conflicting dependencies.
The conflict is caused by:
ironic-python-agent 8.6.1.dev13 depends on importlib_metadata>=1.7.0
The user requested (constraint) importlib-metadata===4.11.4
Change-Id: I0cc48d0d5ed17400badb081e9117c9351677bb38
The support was added in this commit, but the docs were not updated:
c6263dbfd4dfbac5f53a4fdd94b154811fbd0af6
Change-Id: Icfc5cbc80af1199ad00f78292c6228273af701aa
The 'overcloud container image build' command didn't build all the
hacluster images when hacluster is enabled.
TrivialFix
Change-Id: I9150e32579421e46782518948188e1363918fb39
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Requirements upper constraints bumped python-novaclient to version
18.0.0 [1], which requires Python 3.8 [2]. This results in failures when
installing python-openstackclient on CentOS and Rocky with Python 3.6.
ERROR: Cannot install python-openstackclient==5.8.0 because these package versions have conflicting dependencies.
The conflict is caused by:
python-openstackclient 5.8.0 depends on python-novaclient>=17.0.0
The user requested (constraint) python-novaclient===18.0.0
Work around this issue by using yoga upper constraints until we upgrade
to CentOS Stream 9 and Rocky Linux 9.
This also fixes another issue seen on Ubuntu where image uploads to
Glance through Ansible fail with a 400 Bad Request error. This is caused
by the bump of openstacksdk to version 0.99.0 and will be fixed by a new
release of ansible-collections-openstack.
[1] https://review.opendev.org/c/openstack/requirements/+/842808
[2] https://review.opendev.org/c/openstack/python-novaclient/+/838944
Change-Id: I40c6b898963c2218d41d37bd73d40ce8dcf22b87
