1376 Commits

Author SHA1 Message Date
Jonathan Rosser
3a4d3450e0 Upgrade magnum-cluster-api to 0.24.2
This brings in new features and a bug fix for application of
security groups.

Change-Id: I1cc97696535949db41141d239ddd08e5b4070091
2025-01-20 13:02:24 +00:00
Zuul
23172d96b7 Merge "[doc] Move all variables to group_vars" 2024-11-27 11:58:11 +00:00
Rishat Azizov
b5fba6cf35 add variable filebeat_auth_enabled for possibility to disable sending auth logs
Change-Id: I2cc2f2c4bdebbdec1fab835e9c0df1f165b5fc9d
2024-11-27 12:13:16 +05:00
Dmitriy Rabotyagov
e9a9df3ff8 [doc] Move all variables to group_vars
Makes sense to be consistent and follow suggestion to use group_vars
where applicable.
There is a bug in vexxhost collection which prevents from doing so,
unfortunatelly.

For this to be accurate doc, a patch to vexxhost collection should
land first:
https://github.com/vexxhost/ansible-collection-kubernetes/pull/136

Change-Id: I5f48e913436bf5d6a8d6c0a9f77c58886e451d1f
2024-11-20 11:11:14 +01:00
Zuul
551f75c425 Merge "Allow to supply custom kibana backend to roles" 2024-11-20 09:16:33 +00:00
Zuul
331d48149c Merge "Allow ELK7 roles to run with disabled ANSIBLE_INJECT_FACT_VARS" 2024-11-20 09:16:18 +00:00
Marcus Klein
78bb1459ea Fix Grafana deployment
Change-Id: I45c4f4f87a348d83d50952ab658058a1dc88ff08
2024-11-18 15:11:58 +01:00
Dmitriy Rabotyagov
e013623e78 Allow to supply custom kibana backend to roles
Right now all roles assume that kibana has been deployed using the
stack and `kibana` group is defined in Ansible.

However if one need just to use journalbeat or filebeat roles to push
data to external Kibana - it's barely possible. Defining `kibana` group
is risky as open doors for installKibana playbook execution.

This patch adds variable kibana_target along with more role-specific
variables that allow to adjust thi behaviour and manually supply
Kibana endpoint to be configured.

Change-Id: Id2a42ae9c6146dcc9e86b15fee36372b95461d20
2024-11-14 10:07:38 +00:00
Dmitriy Rabotyagov
1d52793ec6 Allow ELK7 roles to run with disabled ANSIBLE_INJECT_FACT_VARS
Enabling ANSIBLE_INJECT_FACT_VARS does result in a performance
regression as each variable loaded to runtime slows down task
execution.

We disable ANSIBLE_INJECT_FACT_VARS in OSA by default for a while,
so ELK role should also be able to run with this setting disabled.

Change-Id: Ibffc09cdb4f9289ddad38211ccb0265642b4321f
2024-11-11 13:07:31 +00:00
Dmitriy Rabotyagov
d596f5d2b3 Ensure that k8s hostname is lowercased
In case your hostname contains upper-level symbols, they will be all
lowered in k8s cluster.

With that it's important to ensure that the expected hostname used in
roles is always lowercase one.

Change-Id: I31e483cc7766e26f932984067daee6983122db10
2024-10-05 14:37:39 +02:00
Zuul
66c4f75967 Merge "mcapi_proxy: ensure proxy service restarts when venv changes" 2024-09-19 19:55:17 +00:00
Jonathan Rosser
b0194e3932 Update magnum-cluster-api version
Pick up fixes for nodegroup and proxy service when FIP is in use.

Change-Id: I3a6325d86d81a6684fa0d9f8cb78e2b4b5f28b82
2024-09-09 15:00:38 +01:00
Zuul
7cc118d2fd Merge "Update magnum-cluster-api version" 2024-09-09 13:56:02 +00:00
Jonathan Rosser
b0a4b8733b Revert "Ensure that python3-cryptography is present in k8s control plane hosts"
This reverts commit c1ede00a6cb3dfdf776ba4335898ef883474a596.

Reason for revert: This is now included in v1.14.0 of ansible-collection-kubernetes

Change-Id: Icfbe36d45cf39e0b7d8fdf4bbf674711cb34004f
2024-09-09 09:58:57 +00:00
Jonathan Rosser
06d5c9cd0c Update magnum-cluster-api version
Change-Id: Iab4559adf79021c9868ad83c9d3b527fe8e4a484
2024-09-04 10:09:04 +01:00
Zuul
0fc47826b0 Merge "Add support for deploying mcapi control plane k8s on debian-12" 2024-09-02 15:00:01 +00:00
Zuul
f0ecb05150 Merge "Add support for deploying mcapi control plane k8s on rocky linux" 2024-09-02 13:01:28 +00:00
Zuul
5dddad4eb0 Merge "Add variables and hook for high-availability k8s control plane test" 2024-09-02 11:12:12 +00:00
Zuul
730c5b2991 Merge "Allow mcapi proxy git sources and python package versions to be overridden" 2024-09-02 11:02:48 +00:00
Andrew Bonney
f0992b8d0d mcapi_proxy: ensure proxy service restarts when venv changes
Previously the service would only restart if the systemd unit
was modified. If the venv was changed in-place, this would not
trigger a restart.

Change-Id: I685bedef4d84bf718aaa9064a20d3c1b71daf5bf
2024-08-29 09:03:31 +01:00
Andrew Bonney
ec11f51a72 mcapi_proxy: allow overriding of systemd service environment
Various configuration options for this service are set using
environment variables, including: POD_IP, PROXY_BIND, PROXY_PORT.

This patch exposes a variable which can be used to set these via
the systemd service unit.

Change-Id: I5f649c3894c63e13649f8f12d4dd839b22ba6cfc
2024-08-22 10:50:13 +01:00
Jonathan Rosser
0e2baf97d2 Allow mcapi proxy git sources and python package versions to be overridden
This code is updated to have overrides similar to many other service
roles in openstack-ansible.

Change-Id: I4fc16b27dacd4ab40269cde1371e70255a4e2ced
2024-08-15 13:28:02 +01:00
Jonathan Rosser
2ca458f78e Add support for deploying mcapi control plane k8s on debian-12
Change-Id: I616d723f3ec5ef87123b3dba498e9bccce50b9c1
2024-07-23 11:55:59 +00:00
Jonathan Rosser
8b4b915b81 Add support for deploying mcapi control plane k8s on rocky linux
Change-Id: I03e2775d6e7067a1bfbac8f438617266f556930b
2024-07-17 07:56:02 +00:00
Jonathan Rosser
10b48d400a Add variables and hook for high-availability k8s control plane test
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/924156
Change-Id: Ia9f3a424d9d9249eb5ff76ee2d9125769c3ca732
2024-07-16 16:03:14 +00:00
Jonathan Rosser
818df7b1a8 Update format of install_defaults
In order to respect group_vars install_defaults role moved vars
definition from inlcude_vars to the role defaults. With that now we
need to provide correct path to the defaults during the role import.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/923390
Change-Id: I23ad7c955e2d0e267ea6c1aeb50f6be24c515b69
2024-07-10 08:37:31 +01:00
Jonathan Rosser
14bbd0a81e Pass kubeconfig path directly to sonobuoy role
This makes it possible to use the sonobuoy role to test the control
plane cluster as well as workload clusters.

Change-Id: Ia82ebe150774fbd694e74531c3392518887698fd
2024-07-05 19:33:51 +01:00
Jonathan Rosser
c27aee8829 Split large k8s_install playbook into more specific smaller playbooks
Change-Id: I0569a323f12848cd100abf6e50ee7afdf08b37b3
2024-07-05 19:33:51 +01:00
Zuul
1fd9949ebd Merge "Pin version of magnum_cluster_api driver" 2024-07-01 16:19:34 +00:00
Jonathan Rosser
7a98658aea Update ansible-collection-kubernetes version pin
There is now a release version that includes all the changes necessary
for successful deployment with openstack-ansible.

Change-Id: I5e76bfb1210c5890f6d373acf1a35d0a6d981ff4
2024-06-29 12:11:10 +00:00
Jonathan Rosser
039ea30f5f Pin version of magnum_cluster_api driver
Change-Id: I1f3ba1169009d5932c9a91a96f1b22907181f952
2024-06-29 12:10:32 +00:00
Jonathan Rosser
2ab60332f2 Pin version of ansible-collection-kubernetes
Pin prior to OSA Caracal release - ideally this would be a released
version of the collection but OSA requires a recent patch that is
not yet included in a release.

Change-Id: I54acd63939f2e9f87554446d4c33a155a3ffe812
2024-05-20 12:56:35 +01:00
Jonathan Rosser
a362cfab06 Apply label to control plane k8s nodes to allow cluster-autoscaler to run
Kubernetes cluster-autoscaler only runs on nodes with a specific label
so add task to set required label(s) on control-plane k8s nodes.

Change-Id: I9bf371ad1ba5d80b7e5a950ac1d60499788d9d0d
2024-05-20 12:53:39 +01:00
Jonathan Rosser
c1ede00a6c Ensure that python3-cryptography is present in k8s control plane hosts
This is required by the community.crypto.x509_certificate_info ansible
module.

Change-Id: I6838af6a53e7bcc0419184647e319ebefb5d5558
2024-05-20 12:51:29 +01:00
Jonathan Rosser
e3a77a9f15 Add CAPI job to OPS repo
Change-Id: If1ef8ce2fa04428991e49d53c1c6a290396b1791
2024-04-30 18:42:18 +01:00
Stuart Grace
0a00005bc7 Clarifications to mcapi_vexxhost README
Fix a few typos and omissions in README.rst.

Change-Id: I0e36d725d2ef1f9bc94c0ae0d8435054793b12f4
2024-04-25 14:52:47 +01:00
Jonathan Rosser
5e506f1ccf Fix URL to published documentation
Change-Id: Id8a9901951434b979f4d40b439a8b8b68202c03d
2024-04-25 14:24:58 +01:00
Jonathan Rosser
36e53f9fb8 Do not duplicate the in-repo example files inside the documentation
This patch includes the actual files used in CI for testing
magnum-cluster-api instead of duplicating the content. The docs
cannot diverge from a tested configuration now.

Change-Id: I3b09b6b31690c2f5a7032aebc40546a772d893cf
2024-04-25 07:50:20 +00:00
Dmitriy Rabotyagov
a0b16b4faf Add ClusterAPI documentation to renderred docs
Change-Id: I4f802681d494bfce2b8fdc1127c7e916a29d9944
2024-04-22 20:08:48 +02:00
Dmitriy Rabotyagov
92f00c4486 Add documentation for ELK to the renderred docs
This includes docs for ELK setup to our renderred docs of the OPS repo
It should make them better readable/searchable.

Change-Id: Icc5521a59e388ccf15f94e494de81ff4a385e90c
2024-04-22 19:17:33 +02:00
Dmitriy Rabotyagov
67e30b08ca Remove readme include from repo docs
It's confusing to have readme file include directly here as it contains default
content that is not supposed to be present in renderred docs.

Change-Id: Ie106a0f9794980ffe09c612303e5364d5c295fae
2024-04-22 19:14:24 +02:00
Dmitriy Rabotyagov
03f2244c9e Remove openstack-ansible-backup reference
This role is not maintained in a while and it's main function (galera backup)
has been implemented for a while in galera role code.

Change-Id: I8bad05ab363a84bc6668e2d0a883bc51423e8c76
2024-04-22 18:52:19 +02:00
Jonathan Rosser
afb05ba74a Add docker-image-py requirement to documentation
Change-Id: I655e3e2499ec5ce957b9af3c32f483fe1c768665
2024-04-21 07:53:18 +00:00
Jonathan Rosser
01ae541a07 Improve magnum cluster api documenation
Ensure mcapi driver is installed into magnum service for existing deployments
Document the provided functional test playbook

Change-Id: I31e99ec4f42ec79d87da0b2c7ed1e182f0709083
2024-04-20 22:32:22 +00:00
Jonathan Rosser
9eeb927523 Fix documentation for example haproxy setup
The backend now uses kube-vip on port 6443 rather than 61443,
also the healthcheck syntax not correct for current openstack-ansible
releases.

Change-Id: I357db3b24db0557302fea2b24555f7fbbf30acaa
2024-04-20 22:31:02 +00:00
Jonathan Rosser
f93fee84f5 Use upstream version of kubernetes collection.
The 'synchronise' PR is now merged so a fork is no longer
needed.

Change-Id: If2ef44cf06709e3ab76d93dfa724d56008469d9a
2024-04-20 18:28:18 +00:00
Jonathan Rosser
e5c25421b5 Correct supported release for mcapi_vexxhost
Change-Id: I731be022030c4f536d6bff66136b68c87f83f29f
2024-04-19 19:44:13 +01:00
Jonathan Rosser
9224f5df39 Clean up zuul jobs
Remove centos-7 jobs and migrate all others to focal/jammy.

As this is the ops repo some of these jobs might break, but thats
OK as it is best effort here.

Change-Id: Iead05995797652f5cd3d76db4b4eb6267e25835b
2024-03-04 17:50:11 +00:00
Jonathan Rosser
e03fc5a279 Add hook playbook install and test magnum capi driver
Change-Id: I3a7ee79c10c39cb805ed2134b21055d63786663d
2024-02-27 16:36:28 +00:00
Jonathan Rosser
c03b0e7389 Add playbook to run functional test of magnum capi driver
Change-Id: Ice644b43eccdc3d3509235ca7f3d3acfca84f364
2024-02-12 21:38:31 +00:00