Commit Graph

5593 Commits

Author SHA1 Message Date
Zuul
dd55cf6ed0 Merge "Copy ca certificates also to horizon container" 2020-03-12 21:11:35 +00:00
yj.bai
ed2df25ebc Copy ca certificates also to horizon container
Add copy ca file to horizon container.
because:
Could not find a suitable TLS CA certificate bundle,
invalid path: /etc/pki/ca-trust/source/anchors/kolla-customca-haproxy-internal.crt

Closes-Bug: #1867121

Change-Id: I64d4dbeebd53048705005b61eb3c5b2104e8f2ed
Signed-off-by: yj.bai <bai.yongjun@99cloud.net>
2020-03-12 16:59:53 +00:00
Mark Goddard
96151a35d0 Host OS prechecks follow up
We only log the release in the 'Checking host OS release or version'
precheck, but we allow either the release or version to be included in
the list. For example, on CentOS 7:

    CentOS release Core is not supported. Supported releases are: 8

Include the version in the failure message too.

Change-Id: I0302cd4fc94a0c3a6aa1dbac7b9fedf37c11b81e
Related: blueprint improve-prechecks
2020-03-11 17:08:17 +00:00
Zuul
cced7e04e5 Merge "Check supported host OS distributions in prechecks" 2020-03-11 11:19:54 +00:00
Zuul
e49448439b Merge "Fix HAProxy monitor VIP precheck" 2020-03-11 02:43:00 +00:00
Zuul
f867373a73 Merge "support ipv6 for grafana.ini.j2" 2020-03-11 02:29:54 +00:00
yj.bai
3e582a05fa support ipv6 for grafana.ini.j2
grafana not support ipv6 in grafana.ini.j2.

Closes-Bug: #1866141

Change-Id: Ia89a9283e70c10a624f25108b487528dbb370ee4
Signed-off-by: yj.bai <bai.yongjun@99cloud.net>
2020-03-10 17:47:34 +00:00
Will Szumski
a1c51b73c7 Use macro to avoid repetition
I didn't use a for loop as the logic for omitting the
comma for the final element dirties the logic.

Change-Id: Id29d5deebcc5126d69a1bd8395e0df989f2081f0
2020-03-10 13:00:34 +00:00
Zuul
2a2ce059dc Merge "Add notify restart container when cert changed" 2020-03-10 12:12:55 +00:00
Zuul
98bd59455d Merge "Fix elasticsearch configuration in ipv6 environments" 2020-03-10 12:05:16 +00:00
Zuul
5fbadcd8c3 Merge "Delete stale fluent config on restart" 2020-03-10 12:05:15 +00:00
Mark Goddard
d20c65ed48 Check supported host OS distributions in prechecks
This should help to ensure that users are running tested and supported
host OS distributions.

Change-Id: I6ee76463d284ad4f3646af1c7ec2b7e50e2f3b15
Partially-Implements: blueprint improve-prechecks
2020-03-10 11:04:29 +00:00
Mark Goddard
93a4dcc1b9 Fix HAProxy monitor VIP precheck
If haproxy is running somewhere in the cluster and listening on the VIP,
but not running locally, then the following precheck may fail:

   TASK [haproxy : Checking free port for HAProxy monitor (vip interface)]

   msg: Timeout when waiting for 192.0.2.10:61313 to stop.

This change fixes the issue by skipping the check if HAProxy is running
on any host.

Change-Id: I831eb2f700ef3fcf65b7e08382c3b4fcc4ce8d8d
Closes-Bug: #1866617
2020-03-10 10:57:53 +00:00
Zuul
d9cf6a3fa2 Merge "Enable buffering to file for Monasca logs" 2020-03-10 09:45:55 +00:00
Zuul
f4d2b6e092 Merge "Construct service REST API urls using configured protocol" 2020-03-10 08:42:57 +00:00
Zuul
6ece8fbdad Merge "Use "name:" instead of "role:" for *_role modules" 2020-03-10 08:40:43 +00:00
yj.bai
d3cc2f670e Add notify restart container when cert changed
When change the cert file in /etc/kolla/certificate/.
The certificate in the container has not changed.
So I think can use kolla-ansible deploy when certificate is
changed. restart <container>

Partially-Implements: blueprint custom-cacerts

Change-Id: Iaac6f37e85ffdc0352e8062ae5049cc9a6b3db26
Signed-off-by: yj.bai <bai.yongjun@99cloud.net>
2020-03-10 16:23:09 +08:00
Will Szumski
e7870e9df9 Delete stale fluent config on restart
We already only include .conf files in fluent.conf:

(fluentd)[fluentd@cpu-e-1041 /etc/fluentd]$ cat fluent.conf
@include input/*.conf
@include filter/*.conf
@include format/*.conf
@include output/*.conf

so this change should not cause ill effect. This works because of the
merge option in config files:

merge: merges the source directory into the target directory instead of
replacing it. Boolean, defaults to false.

see https://docs.openstack.org/kolla/latest/admin/kolla_api.html#kolla-api-external-config

Change-Id: I28f63ec81f1ea5bc4a213d053bfb2c04388d5925
Closes-Bug: #1862211
2020-03-10 07:52:25 +00:00
Jeffrey Zhang
3a8f533839 Fix elasticsearch configuration in ipv6 environments
Closes-Bug: #1866727
Change-Id: I455ef6026b39110791cd38dac053205550af1ce2
2020-03-10 07:38:33 +00:00
Hongbin Lu
15afa61397 zun: load container driver from entry point
Starting from U release, container driver is loaded from entry point.
Deployers should specify the entry point (i.e. ``docker``) in config
option ``container_driver`` under ``[DEFAULT]`` session.

Zun patch: https://review.opendev.org/#/c/703259/

Change-Id: I96e38760e7b13a6e11737372e9e7fd36cca6f749
2020-03-07 01:24:52 +00:00
Christian Berendt
77a1d27938 Remove enable_cadf_notifications variable
The variable enable_cadf_notifications is deprecated and marked
for removal during the U cycle.

Change-Id: I5e4d20d112db2392b55a0788f4d704ab6ca6112f
2020-03-06 13:40:43 +00:00
Christian Berendt
e81eed930e Add deprecation note to nova-hyperv role
The support of hyperv was deprecated.

Change-Id: I3e1ca3ac0a8bac8ba68911ffb4925c5a474f24dd
2020-03-05 12:13:46 +00:00
Zuul
0a0e60580f Merge "service-rabbitmq: do not log password (use no_log)" 2020-03-03 12:26:32 +00:00
Zuul
bca303cacd Merge "Configurable logrotate rotation interval and count" 2020-03-03 11:37:04 +00:00
Radosław Piliszek
b1a4d8848a service-rabbitmq: do not log password (use no_log)
Change-Id: I68a40bebc174e8ebdaea36a0689b34cadb9009d2
Closes-bug: #1865840
2020-03-03 09:20:37 +01:00
Zhuo Zhen
29ccd38eaa Configurable logrotate rotation interval and count
The logrotate rotation interval and count are not configurable.
Currently, the configuration is a "default" that keeps 6 weeks of logs.

Change-Id: I4f55ee2a98f7861cb8de2724f5edc32da6d2f9ee
2020-03-02 20:35:22 +00:00
Zuul
ef1121de29 Merge "Use InfluxDB default [http]/max-row-limit setting" 2020-03-02 19:42:10 +00:00
Zuul
19671fb3c7 Merge "[gnocchi] Disable statsd daemon by default" 2020-03-02 13:48:26 +00:00
Radosław Piliszek
266fd61ad7 Use "name:" instead of "role:" for *_role modules
Both include_role and import_role expect role's name to be given
via "name" param instead of "role".
This worked but caused errors with ansible-lint.
See: https://review.opendev.org/694779

Change-Id: I388d4ae27111e430d38df1abcb6c6127d90a06e0
2020-03-02 10:01:17 +01:00
Zuul
9995f2d89d Merge "Fix Prometheus mysqld exporter pointing to VIP address" 2020-03-01 13:07:33 +00:00
Zuul
542312d9cd Merge "Add /run/netns bindmount to Neutron containers" 2020-02-28 12:39:54 +00:00
Zuul
05e1df998e Merge "Fix neutron-metadata-agent to use provided CA for Nova metadata" 2020-02-27 21:30:39 +00:00
Zuul
f62b2319b2 Merge "Fix client TLS in neutron-metadata-agent" 2020-02-27 21:30:38 +00:00
Michal Nasiadka
61a59e015f Add /run/netns bindmount to Neutron containers
Closes-Bug: #1864856
Change-Id: I725eeb18a22b3fa7838f16761d19f7e699ab5e82
2020-02-27 20:53:57 +00:00
Zuul
0182ea0b7e Merge "Fixes gnocchi-api script name for Ubuntu/Debian" 2020-02-26 21:09:51 +00:00
Zuul
9014d8389a Merge "Fix RabbitMQ hostname address resolution precheck" 2020-02-26 10:57:01 +00:00
Zuul
eb0a0ff8d7 Merge "Use more permissive regex to remove the offending 127.0.1.1" 2020-02-25 22:27:07 +00:00
James Kirsch
d41f072c7b Construct service REST API urls using configured protocol
Service REST API urls should be constructed using the
{{ internal_protocol }} and {{ external_protocol }} configuration
parameters.

Change-Id: Id1e8098cf59f66aa35b371149fdb4b517fa4c908
Closes-Bug: 1862817
2020-02-25 13:20:34 -08:00
Zuul
52cb500fbd Merge "Construct service configuration urls using kolla_internal_fqdn" 2020-02-25 20:44:39 +00:00
Radosław Piliszek
1d30d71d97 Fix neutron-metadata-agent to use provided CA for Nova metadata
Change-Id: I48148c56079a2998a8f8606ecd1f185f68733a6d
Partially-implements: blueprint custom-cacerts
2020-02-25 21:34:48 +01:00
Radosław Piliszek
7c200db70e Fix client TLS in neutron-metadata-agent
Backport to: Train.

Change-Id: Ide96ea43739d47e623026f0aecd4163f3a2abe7f
Closes-bug: #1864615
2020-02-25 21:30:56 +01:00
Zuul
29b73fca35 Merge "Bifrost: Stop stopping RabbitMQ" 2020-02-25 20:02:58 +00:00
Zuul
3b8b33a907 Merge "Swift: remove meta field from rsync command" 2020-02-25 15:55:03 +00:00
Zuul
a41e1fd698 Merge "Stop using deprecated stores and default_store in glance" 2020-02-24 16:25:58 +00:00
Zuul
7130b8e040 Merge "Remove useless neutron-linuxbridge-agent env vars" 2020-02-24 16:25:06 +00:00
James Kirsch
256322a8fe Construct service configuration urls using kolla_internal_fqdn
Service configuration urls should be constructed using
kolla_internal_fqdn instead of kolla_internal_vip_address. Otherwise SSL
validation will fail when certificates are issued using domain names.

Change-Id: I21689e22870c2f6206e37c60a3c33e19140f77ff
Closes-Bug: 1862419
2020-02-22 08:28:01 -08:00
Radosław Piliszek
c0eb07ddcb Remove useless neutron-linuxbridge-agent env vars
Change-Id: Ic14d565d155fda223ad2768ee6e1b3fcf85a6003
2020-02-21 20:24:41 +00:00
Mark Goddard
c31db5fa8a Bifrost: Stop stopping RabbitMQ
Bifrost no longer deploys RabbitMQ, so we should not try to stop it
during upgrade. In fact, if we do then it fails:

Failed to stop rabbitmq-server.service: Unit rabbitmq-server.service not
loaded.

Bifrost removed RabbitMQ in Train, so this is only required from Ussuri.

Change-Id: Ie86f85974fd7385e72a918065fc9c5172f9684ba
2020-02-21 16:40:30 +00:00
Radosław Piliszek
9eed85c8d4 [baremetal] Drop useless reboot task
It is not used for quite a time.
Some ancient Kolla Ansible used to update host kernel.

Change-Id: I9cdc1ec47ad802b4d65a7b6438a335fc14639e05
2020-02-21 13:42:22 +01:00
Michal Nasiadka
f031560fa3 Stop using deprecated stores and default_store in glance
Option "stores" from group "glance_store" is deprecated for removal
Option "default_store" from group "glance_store" is deprecated for removal

Multi store support is available since Rocky - time to start using
it.

Change-Id: I4991d754e34ec42a4b38331839d9679b307589bd
2020-02-21 08:48:29 +00:00