We assume that all groups are present in the inventory, and quite obtuse
errors can result if any are not.
This change adds a precheck that checks for the presence of all expected
groups in the inventory for each service. It also introduces a common
service-precheck role that we can use for other common prechecks.
Change-Id: Ia0af1e7df4fff7f07cd6530e5b017db8fba530b3
Partially-Implements: blueprint improve-prechecks
Fix the upgrade TLS scenario in zuul to generate self signed
certificates and to configure TLS to be enabled in the open stack
deployment.
Change-Id: Icacc28eed6ad5b81fc3954db80486d9d7f24c082
Partially-Implements: blueprint custom-cacerts
Clients are starting to release versions that don't support Python 2.
The ironic scenario is currently failing on stable branches for this
reason.
Use upper constraints to avoid installing these new versions on stable
branches.
Change-Id: I4f91b53cbf2297d70da4b54d6c402c1427aacdd9
I'm not marking it CI-only as ppl seem to be using it.
OTOH, not adding a release note as we are not promoting its usage.
This is to allow us to customize for CI.
Change-Id: I8100a6cb63b1e54078629bd6ca8475dc5896784a
Service configuration urls should be constructed using
kolla_internal_fqdn instead of kolla_internal_vip_address. Otherwise SSL
validation will fail when certificates are issued using domain names.
Change-Id: I21689e22870c2f6206e37c60a3c33e19140f77ff
Closes-Bug: 1862419
Bifrost no longer deploys RabbitMQ, so we should not try to stop it
during upgrade. In fact, if we do then it fails:
Failed to stop rabbitmq-server.service: Unit rabbitmq-server.service not
loaded.
Bifrost removed RabbitMQ in Train, so this is only required from Ussuri.
Change-Id: Ie86f85974fd7385e72a918065fc9c5172f9684ba
This was never necessary because C7 IPv6 CI was not enabled at
the time and later we fixed IPv6 in C7 to avoid this issue.
In Ussuri C7 is going away so even more reasons to drop it. :-)
Change-Id: I4066c9cd86ff892d78f6713589f9afffc611dcc1
Option "stores" from group "glance_store" is deprecated for removal
Option "default_store" from group "glance_store" is deprecated for removal
Multi store support is available since Rocky - time to start using
it.
Change-Id: I4991d754e34ec42a4b38331839d9679b307589bd
In some resource-constrained environments, particularly during service
bootstrap Galera cluster nodes can experience timeouts in inter-node
communication.
This change sets the gmcast.peer_timeout based on the galera cluster
documentation:
https://galeracluster.com/library/documentation/galera-parameters.html
We are observing peer timeout issues on some CI runs - therefore raising
it to PT15S as in similar Ubuntu charms jobs.
Change-Id: Id036e41b62a88bab486c35a5f1fde5cfc2fa4803
There is no longer support for provisioning Ceph in Kolla Ansible, so we
should no longer say that it's only sometimes necessary to create the
cluster/pools/keyrings externally.
Change-Id: Ia3026cfeebfb8258b79490f9facc341c928845f9
global_physnet_mtu needs to be set in neutron.conf, because linuxbridge-agent
discovers underlying vxlan0 interface mtu and returns an error when creating
vxlan port
CentOS8 job will not be added, because CentOS 8 iptables-ebtables package
is missing broute (--among-src) tables support required for linuxbridge agent,
see [1].
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1720637
Change-Id: I6b12f7ba95401d3342359c57ceeee8bec8aefe49
This makes it cleaner, allows reuse and outsourcing to zuul jobs
and enables us to create multiple of these overlay networks for
testing of more advanced scenarios.
Change-Id: Id557c81f68a7f34556854e7d6efc6eddfd2e7216
Currently we have a very wide /run mount for all Neutron/OVS services,
which allows sudo/rootwrap to contact with the hosts dbus - all symptoms
are documented in the related bug.
Since we use tcp connections to OVS from Neutron agents - removing
bind mounts.
Closes-Bug: #1861792
Change-Id: Ifee4bec7b2e9ef4e2d624b1411f1a9e6332325c6
