Commit Graph

136 Commits

Author SHA1 Message Date
Hongbin Lu
91678f67af Zun: Add zun-cni-daemon to compute node
Zun has a new component "zun-cni-daemon" which should be
deployed in every compute nodes. It is basically an implementation
of CNI (Container Network Interface) that performs the neutron
port binding.

If users is using the capsule (pod) API, the recommended deployment
option is using "cri" as capsule driver. This is basically to use
a CRI runtime (i.e. CRI plugin for containerd) for supporting
capsules (pods). A CRI runtime needs a CNI plugin which is what
the "zun-cni-daemon" provides.

The configuration is based on the Zun installation guide [1].
It consits of the following steps:
* Configure the containerd daemon in the host. The "zun-compute"
  container will use grpc to communicate with this service.
* Install the "zun-cni" binary at host. The containerd process
  will invoke this binary to call the CNI plugin.
* Run a "zun-cni-daemon" container. The "zun-cni" binary will
  communicate with this container via HTTP.

Relevant patches:
Blueprint: https://blueprints.launchpad.net/zun/+spec/add-support-cri-runtime
Install guide: https://review.opendev.org/#/c/707948/
Devstack plugin: https://review.opendev.org/#/c/705338/
Kolla image: https://review.opendev.org/#/c/708273/

[1] https://docs.openstack.org/zun/latest/install/index.html

Depends-On: https://review.opendev.org/#/c/721044/
Change-Id: I9c361a99b355af27907cf80f5c88d97191193495
2020-04-30 02:22:20 +00:00
Zuul
5273828fae Merge "Remove support for Python 2 on the host" 2020-04-21 17:01:25 +00:00
Zuul
9f54c6fd1b Merge "Remove support for CentOS 7" 2020-04-20 16:57:53 +00:00
Mark Goddard
284f492861 Remove support for Python 2 on the host
Drops support for creating Python 2 virtualenvs in bootstrap-servers,
and looking for a python2 interpreter in the kolla-ansible script.

Also forces the use of Python 3 as the remote interpreter in CI on
Debian and Ubuntu hosts, since they typically symlink the unversioned
interpreter to python2.7.

Change-Id: Id0e977de381e7faafed738674a140ba36184727e
Partially-Implements: blueprint drop-py2-support
2020-04-20 16:18:31 +00:00
Zuul
2ba903de0d Merge "CI: do not build images on aarch64" 2020-04-16 15:59:13 +00:00
Marcin Juszkiewicz
3d653038dc CI: do not build images on aarch64
We publish those images for a while.

Change-Id: Ifc157b43e87e4f77a1c70d98343bd0ef9cc0de79
2020-04-16 09:29:07 +00:00
Zuul
975db2b2b4 Merge "OVN Support" 2020-04-15 20:51:57 +00:00
Marcin Juszkiewicz
bfd661a600 CI: tell Nova which CPU to emulate on AArch64
AArch64 does not have a way to get cpu features from libvirt.

Change-Id: Ieed404e17e8a9829f38c03f7ee7fdb3caa3919e8
2020-04-10 16:50:22 +00:00
James Kirsch
b475643c11 Add support for encrypting backend Keystone HAProxy traffic
This patch introduces an optional backend encryption for Keystone
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Keystone service.

Change-Id: I6351147ddaff8b2ae629179a9bc3bae2ebac9519
Partially-Implements: blueprint add-ssl-internal-network
2020-04-09 09:22:55 +00:00
Michal Nasiadka
8a0740df97 OVN Support
Implement OVN Ansible role.

Implements: blueprint ovn-controller-neutron-ansible

Depends-On: https://review.opendev.org/713422
Change-Id: Icd425dea85d58db49c838839d8f0b864b4a89a78
2020-04-09 07:40:12 +02:00
Mark Goddard
f4e20a1f16 Remove support for CentOS 7
CentOS 8 support is now fairly complete - time to drop CentOS 7.

Partially-Implements: blueprint centos-rhel-8

Change-Id: I940b1d3eceb98e16fa366c243672f588b1412d70
2020-04-08 17:05:10 +01:00
Michal Nasiadka
866a6ba16a CI: Enable fluentd in MariaDB jobs
Since fluentd is disabled in MariaDB jobs - haproxy logs are not getting
populated.

Change-Id: I56b3fc1be6940d97905cdb2c4452b846f106c071
Depends-on: https://review.opendev.org/713704
2020-03-19 09:01:23 +00:00
Michal Nasiadka
81ebae8fd1 CI: Change ceph-ansible docker tag to latest-nautilus
ceph-ansible by default uses "latest" tag for ceph Docker Hub images,
but recently latest tag has been upgraded to be Octopus release,
not Nautilus.

Change-Id: I5247c10079ab91cce130cd5ba403f25ccaf7c1fb
2020-03-17 11:20:36 +01:00
Mark Goddard
cdae86a747 CI: Add Ceph groups back to inventory
Following I21dd51c82534704f31ca8d3f72cb2587ee216cd9, the test inventory
was synced with the multinode inventory. This removed some temporary
ceph groups used by the ceph-ansible-upgrade jobs, and broke them. This
change adds the groups back.

Change-Id: I37379258447ffde6b083f4e8d9a1644bc17cd165
2020-03-03 10:12:01 +00:00
Zuul
e003898ffd Merge "CI: sync inventory with multinode" 2020-03-02 19:42:09 +00:00
Zuul
c00e1be43e Merge "CI: Use auto-detected python interpreter except on CentOS 7" 2020-02-23 17:04:17 +00:00
Mark Goddard
97a93f3266 CI: sync inventory with multinode
Change-Id: I21dd51c82534704f31ca8d3f72cb2587ee216cd9
2020-02-21 12:12:22 +00:00
Radosław Piliszek
4ac7f6f3a0 CI: Replace dummy interface (fake for neutron external) with VXLAN
This allows for some real testing, especially in a multinode
environment.

Change-Id: Ic96819fefe460e14c8460e52a78d9b0d034edc80
2020-02-21 08:56:26 +00:00
Zuul
ae41287129 Merge "CI: Fine tune Galera gmcast.peer_timeout to 15 seconds" 2020-02-21 07:09:38 +00:00
Michal Nasiadka
b05038929c CI: Fine tune Galera gmcast.peer_timeout to 15 seconds
In some resource-constrained environments, particularly during service
bootstrap Galera cluster nodes can experience timeouts in inter-node
communication.

This change sets the gmcast.peer_timeout based on the galera cluster
documentation:
https://galeracluster.com/library/documentation/galera-parameters.html

We are observing peer timeout issues on some CI runs - therefore raising
it to PT15S as in similar Ubuntu charms jobs.

Change-Id: Id036e41b62a88bab486c35a5f1fde5cfc2fa4803
2020-02-20 20:37:17 +00:00
Michal Nasiadka
f7bc4d78d9 CI: Add linuxbridge jobs
global_physnet_mtu needs to be set in neutron.conf, because linuxbridge-agent
discovers underlying vxlan0 interface mtu and returns an error when creating
vxlan port

CentOS8 job will not be added, because CentOS 8 iptables-ebtables package
is missing broute (--among-src) tables support required for linuxbridge agent,
see [1].

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1720637

Change-Id: I6b12f7ba95401d3342359c57ceeee8bec8aefe49
2020-02-20 17:08:04 +01:00
Michal Nasiadka
1a68c53fe0 CI: Add CentOS 8 ceph-ansible job
Change-Id: If354fbdeb2fd8d026faa0210b84da0a688c3ae0a
2020-02-14 09:29:05 +01:00
Zuul
cd3c51197e Merge "Remove kolla-ceph" 2020-02-13 10:09:24 +00:00
Zuul
ece2606aeb Merge "CI: Add TLS tests" 2020-02-12 01:20:19 +00:00
Michal Nasiadka
4e6fe7a6da Remove kolla-ceph
Kolla-Ansible Ceph deployment mechanism has been deprecated in Train [1].

This change removes the Ansible code and associated CI jobs.

[1]: https://review.opendev.org/669214

Change-Id: Ie2167f02ad2f525d3b0f553e2c047516acf55bc2
2020-02-11 11:42:06 +01:00
Mark Goddard
5b38fbfc23 CI: Use auto-detected python interpreter except on CentOS 7
This switches to python 3 as the remote python interpreter on
Debian/Ubuntu jobs, with CentOS 7 as the only exception using python 2.

Also switch to auto-detection of the interpeter except for CentOS 7,
which should be based on the one used by ansible-playbook (python 3).

Change-Id: Ie4aff6123dfc7267fe78f4bd736565fb72fe135e
Partially-Implements: python-3
2020-02-06 13:25:21 +00:00
Radosław Piliszek
287adab05e CentOS 8: Add deploy jobs in CI
Adds new CI job definitions for CentOS 8:

- kolla-ansible-centos8-source
- kolla-ansible-centos8-binary
- kolla-ansible-centos8-source-ceph-ansible
- kolla-ansible-centos8-source-cinder-lvm
- kolla-ansible-centos8-source-mariadb
- kolla-ansible-centos8-source-bifrost
- kolla-ansible-centos8-source-zun
- kolla-ansible-centos8-source-swift
- kolla-ansible-centos8-source-scenario-nfv
- kolla-ansible-centos8-source-ironic
- kolla-ansible-centos8-binary-ironic
- kolla-ansible-centos8-source-masakari
- kolla-ansible-centos8-source-cells

The following jobs are added to the check pipeline:

- kolla-ansible-centos8-source
- kolla-ansible-centos8-binary
- kolla-ansible-centos8-source-cinder-lvm
- kolla-ansible-centos8-source-mariadb
- kolla-ansible-centos8-source-zun
- kolla-ansible-centos8-source-swift
- kolla-ansible-centos8-source-scenario-nfv
- kolla-ansible-centos8-source-ironic
- kolla-ansible-centos8-binary-ironic
- kolla-ansible-centos8-source-cells

The following jobs are not yet passing so are not added to the check
pipeline:

- kolla-ansible-centos8-source-ceph-ansible
- kolla-ansible-centos8-source-bifrost
- kolla-ansible-centos8-source-masakari

The kolla-ansible-centos8-source job is added to the gate.

Upgrade jobs will be added when CentOS 8 support exists in Train.

Depends-On: https://review.opendev.org/704337
Depends-On: https://review.opendev.org/704848
Depends-On: https://review.opendev.org/704965

Co-Authored-By: Mark Goddard <mark@stackhpc.com>

Change-Id: Ibd806feee71721b122b77d7eff33228ca1cc2853
Partially-Implements: blueprint centos-rhel-8
2020-02-06 11:43:50 +00:00
Radosław Piliszek
5b0894299e CI: Replace cinder-lvm scenario with zun scenario
As discussed during the meeting. [1]

[1] http://eavesdrop.openstack.org/meetings/kolla/2020/kolla.2020-02-05-15.00.html

Change-Id: I339fc7f01f640a32ff35d19ded54b6f8e2fdec15
2020-02-05 18:25:18 +01:00
Michal Nasiadka
f9046c2dd9 Ceph-Ansible upgrade jobs
Change-Id: Ifc87adbac6bef0aaab2ad0e80739654b3e3123ad
2020-02-05 08:15:29 +00:00
Michal Nasiadka
fdf3729f83 External Ceph: add ceph_*_user variables
To make the configuration easier for the user, and to allow non-standard
ceph authentication ids - introduce ceph_*_user variables.

Change-Id: I24e01c43c826b62b6748d93a498f4b7d8ce9e309
2020-01-29 11:06:58 +00:00
generalfuzz
6404d0e031 CI: Add TLS tests
Add a TLS scenario in zuul to generate self signed certificates and
to configure TLS to be enabled in the open stack deployment.

Change-Id: If10a23dfa67212e843ef26486c9523074cc920e7
Partially-Implements: blueprint custom-cacerts
2020-01-28 14:03:33 -08:00
Zuul
b103989642 Merge "CI: Add Ceph-Ansible jobs" 2020-01-27 09:09:13 +00:00
Michal Nasiadka
d8c15ad4e8 CI: Add Ceph-Ansible jobs
* Adding zuul centos-source/ubuntu-source ceph-ansible jobs
* Jobs will deploy all Ceph integrated OpenStack components, i.e.
  cinder, glance, nova
* Will utilize core openstack testing script

Depends-On: https://review.opendev.org/685032
Depends-On: https://review.opendev.org/698301

Implements: blueprint ceph-ansible
Change-Id: I233082b46785f74014177f579aeac887a25b2ae2
2020-01-24 22:37:03 +01:00
Mark Goddard
9755c924be CentOS 8: Support variable image tag suffix
For the CentOS 7 to 8 transition, we will have a period where both
CentOS 7 and 8 images are available. We differentiate these images via a
tag - the CentOS 8 images will have a tag of train-centos8 (or
master-centos8 temporarily).

To achieve this, and maintain backwards compatibility for the
openstack_release variable, we introduce a new 'openstack_tag' variable.
This variable is based on openstack_release, but has a suffix of
'openstack_tag_suffix', which is empty except on CentOS 8 where it has a
value of '-centos8'.

Change-Id: I12ce4661afb3c255136cdc1aabe7cbd25560d625
Partially-Implements: blueprint centos-rhel-8
2020-01-10 09:56:04 +00:00
Zuul
beb54cbde8 Merge "CI: Test Swift" 2019-12-20 09:19:18 +00:00
Zuul
d7c297ed59 Merge "Added senlin-conductor and senlin-health-manager" 2019-12-16 11:58:06 +00:00
Radosław Piliszek
7714ea724f CI: Test Swift
Partially-implements: blueprint kolla-deployment-scenario-testing
Change-Id: I82266829dba47eac81f440a53706c2e9064b8e62
2019-12-10 13:19:17 +00:00
Hongbin Lu
c6481469e6 CI: Test Zun with Cinder LVM backend (iSCSI)
Co-authored-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Depends-on: https://review.opendev.org/694476
Change-Id: I6e7f2f4229c8b579dcc17dacffeb74160875ae29
2019-12-10 13:18:59 +00:00
Mark Goddard
a5408f425b CI: Use python 3 for local kolla-ansible execution
This change switches the CI jobs to use python 3 for local execution of
the kolla-ansible commands.

For upgrades, we use python 2 for the previous (Train) deploy, then
reinstall using python 3 for the (Ussuri) upgrade.

NOTE: This is separate from the python interpreter used on remote hosts,
which is configured via ansible_python_interpreter.

Partially Implements: blueprint python-3
Related: blueprint drop-py2-support

Change-Id: I5bdc165f68b7bde1f9ef30fe8216f2a44e6d4706
2019-12-09 17:06:19 +00:00
Mark Goddard
c320077f08 CI: Move ansible installation & configuration to Ansible
Continue to reduce the scope of setup_gate.sh. Allows us to more easily
select python 2 or 3.

Change-Id: If2eeeacbbbdf58afb765b4a39772b5a1af7b952b
Partially Implements: blueprint python-3
2019-12-09 13:30:35 +00:00
Erik Olof Gunnar Andersson
619ccf1242 Added senlin-conductor and senlin-health-manager
Depends-On: https://review.opendev.org/692948/
Depends-On: https://review.opendev.org/692691/
Change-Id: I07827b896d36c3723697540fcff164224f6729af
2019-11-30 16:49:33 -08:00
Radosław Piliszek
a2fc684164 CI: Refactor a lot
Separate upgrade logic to is_upgrade job var and rename
scenarios to match.

Rename "ACTION" to "SCENARIO" (as it is a scenario).

Separate testing of dashboard (aka Horizon) and increase
its timeout to 5 minutes (CentOS 7 slow as always).

Separate initialization of core OpenStack.

Use gate setup script from ./tests/

Remove useless tox setupenv.

Do not deploy Heat when not really necessary.

Change-Id: I4fca319ccc3de7188f8b7b44c9c71321e3899467
2019-11-26 17:30:14 +01:00
Zuul
c4818ffd16 Merge "Remove OpenDaylight role" 2019-11-18 15:30:39 +00:00
Michal Nasiadka
eec6831fff Remove OpenDaylight role
Opendaylight support has been deprecated in Train - time to remove it.

Change-Id: I3a61bfbcbf366c327ea3e25d2424bc3fedca29f0
2019-11-18 11:57:32 +00:00
Zuul
2fb08fa4e1 Merge "CI: Add mariadb test" 2019-11-15 12:17:13 +00:00
Mark Goddard
6f87625457 CI: Remove Stein upgrade support from CI
Resolves a number of TODOs in the CI configuration that provide support
for upgrading from the Stein release.

Change-Id: I9bac5c230b82ac7c097fe6ca2556e428abda31a1
Depends-On: https://review.opendev.org/694254
2019-11-14 11:57:17 +00:00
Mark Goddard
ed996ef90d CI: Add mariadb test
Tests the following operations for MariaDB:

* Stop
* Recovery

Backup and restore will be added in a separate change.

Depends-On: https://review.opendev.org/693329
Change-Id: I836d91554715cce0e82c1bbebb7430c457418b2d
2019-11-07 18:03:07 +00:00
Michal Nasiadka
df0c64ed32 Disable cinder-backup in cinder-lvm scenario
cinder-backup[1] does not include an lvm driver, we could use posix
filesystem driver - but it's not supported in kolla-ansible currently.

[1]: https://docs.openstack.org/cinder/rocky/drivers.html#backup-drivers

Change-Id: I847a55692a59c52990186332388f571a04c377b7
Closes-Bug: #1847049
2019-10-25 12:43:55 +00:00
Radosław Piliszek
099a33c87d [train] Finish configuring Zun to use Placement
This also enables Placement when Zun is enabled like Kolla Ansible
already does with Nova.

Change-Id: Id2a09f702e8503b49d2b9e73e06b2ce9f4d168a9
Closes-bug: #1840573
2019-10-20 19:33:56 +02:00
Doug Szumski
78a828ef42 Support multiple nova cells
This patch adds initial support for deploying multiple Nova cells.

Splitting a nova-cell role out from the Nova role allows a more granular
approach to deploying and configuring Nova services.

A new enable_cells flag has been added that enables the support of
multiple cells via the introduction of a super conductor in addition to
cell-specific conductors. When this flag is not set (the default), nova
is configured in the same manner as before - with a single conductor.

The nova role now deploys the global services:

* nova-api
* nova-scheduler
* nova-super-conductor (if enable_cells is true)

The nova-cell role handles services specific to a cell:

* nova-compute
* nova-compute-ironic
* nova-conductor
* nova-libvirt
* nova-novncproxy
* nova-serialproxy
* nova-spicehtml5proxy
* nova-ssh

This patch does not support using a single cell controller for managing
more than one cell. Support for sharing a cell controller will be added
in a future patch.

This patch should be backwards compatible and is tested by existing CI
jobs. A new CI job has been added that tests a multi-cell environment.

ceph-mon has been removed from the play hosts list as it is not
necessary - delegate_to does not require the host to be in the play.

Documentation will be added in a separate patch.

Partially Implements: blueprint support-nova-cells
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Change-Id: I810aad7d49db3f5a7fd9a2f0f746fd912fe03917
2019-10-16 17:42:36 +00:00