this adds back the ability to configure
the rabbitmq/erlang kernel network interface
which was removed in https://review.opendev.org/#/c/584427/
seemingly by accident.
Closes-Bug: 1900160
Change-Id: I6f00396495853e117429c17fadfafe809e322a31
NSXP is the OpenStack support for the NSX Policy platform.
This is supported from neutron in the Stein version. This patch
adds Kolla support
This adds a new neutron_plugin_agent type 'vmware_nsxp'. The plugin
does not run any neutron agents.
Change-Id: I9e9d8f07e586bdc143d293e572031368af7f3fca
Allow operators to set haproxy socket to admin level.
This is done via the flag haproxy_socket_level_admin which
is set to "no" by default.
Closes-Bug: 1960215
Signed-off-by: Imran Hussain <ih@imranh.co.uk>
Change-Id: Ia0da89288d68f5803ace1934c013053f12343195
The apparmor_parser actually doesn't remove the file or doesn't create
the symlink in '/etc/apparmor.d/disable' itself so the next run of the
baremetal role will fail with the error "Unable to remove "libvirtd".
Even more after reboot, the profile is still active. We need to
disable the profile completly ourselves. This change fixes the
idempotents of the baremetal role.
Closes-Bug: #1960302
Change-Id: I162e417387393e806886b1c9ea8053b89778b4d1
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Adds support to the 'kolla-ansible certificates' command for generating
certificates for libvirt TLS, when libvirt_tls is true. The same
certificate and key are used for the libvirt client and server.
The certificates use the same root CA as the other generated
certificates, and are written to
{{ node_custom_config }}/nova/nova-libvirt/, ready to be picked up by
nova-libvirt and nova-compute.
Change-Id: I1bde9fa018f66037aec82dc74c61ad1f477a7c12
Enables zun to access cinder volumes when cinder is configured to use
external ceph.
Copies ceph config file and ceph cinder keyring to /etc/ceph in
zun_compute container.
Closes-Bug: 1848934
Change-Id: Ie56868d5e9ed37a9274b8cbe65895f3634b895c8
This fixes a bug in registering identity providers
The bug was caused by a missing `=` in the openstack command
Add the missing `=` after `--os-user-domain-name`
Closes-Bug: #1959022
Change-Id: I73f80cd2c81a3944de0933e60f5768956a1a3b70
The value of node_custom_config should is {{ node_config }}/config,
when specified using --configdir
Change-Id: I076b7d2c8980ddd3baa28f998f84a6b7005dc352
There is no explanation for why this option was bumped to 1 MB instead
of the upstream default. This has been the case since the original
barbican role commit in 2016.
Restore upstream default in Yoga.
Change-Id: Ib0245f44d2b049f7e2254d8d2ea4b2080a8d62dd
Barbican has recently bumped max_allowed_secret_in_bytes from 10 KB to
20 KB since the original value was too small for some certificates [1].
Remove custom value from the barbican.conf template, which anyway was
the same as the default configuration before the recent upstream change.
The upstream change was backported to Wallaby and has been proposed to
Victoria, Ussuri and Train [2], so this change should be backported too.
[1] https://review.opendev.org/c/openstack/barbican/+/783381
[2] https://review.opendev.org/q/I59d11c5c9c32128ab9d71eaecdf46dd2d789a8d1
Change-Id: I83e4cb48192c8024650a8d347363f6babb75ad90
Closes-Bug: #1957795
Access to console of any zun container fails when
kolla_enable_tls_external is true.
This is due to the protocol of the base_url of the websocket_proxy
section in zun.conf is hardcoded to 'ws'.
[base_url = ws://<external_fqdn>:<port>]
This fix adds a new variable zun_wsproxy_protocol
and sets it's value to 'wss' when kolla_enable_tls_external is true
or to 'ws' otherwise
Then the base url's protocol of the websocket_proxy section
in zun.conf is set by zun_wsproxy_protocol
[base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]
Closes-Bug: 1957117
Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb
This is required as nova_compute tries to reach my_ip of the other
node when resizing an instance and my_ip is set to
api_interface_address.
This potential issue was introduced with [1].
[1] https://review.opendev.org/c/openstack/kolla-ansible/+/569131
Closes-Bug: #1956976
Change-Id: Id57a672c69a2d5aa74e55f252d05bb756bbc945a
rabbitmq starting from 3.8.0, built-in Prometheus support,
prometheus plugins are enabled by default, when the environment is
"enable_prometheus is no", rabbitmq role will disable prometheus plugins
Closes-Bug: #1885106
Change-Id: I4d694d6224c813285d228d6bc7eece5731db1078
We are not using it anywhere (metadata agents are using internal network),
so let's disable it by default.
Change-Id: If06db5030b0f09e20ef506c3b3ab39c3573b5f3d
Kolla has removed the Volume V2 API by default since OpenStack Wallaby.
However, openstack-exporter attempts to use the Volume V2 API by
default, resulting in clean installs failing to fetch Cinder metrics
in Prometheus.
This patch updates the clouds.yml configuration file for
openstack-exporter to use the Volume V3 API instead.
Closes-Bug: #1938194
Change-Id: Ifbb601be3ef1a1e853d5a7e832adf556c0ae38b9
