Adds HAcluster Ansible role. This role contains High Availability
clustering solution composed of Corosync, Pacemaker and Pacemaker Remote.
HAcluster is added as a helper role for Masakari which requires it for
its host monitoring, allowing to provide HA to instances on a failed
compute host.
Kolla hacluster images merged in [1].
[1] https://review.opendev.org/#/c/668765/
Change-Id: I91e5c1840ace8f567daf462c4eb3ec1f0c503823
Implements: blueprint ansible-pacemaker-support
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
For using 3rd party Octavia providers (such as OVN provider) an
octavia-driver-agent container must be running to expose those providers to
use.
OVN CI job has been extended with deploying Octavia and testing OVN Load
Balancer.
Closes-Bug: #1903506
Depends-On: https://review.opendev.org/c/openstack/kolla/+/771191
Change-Id: Ibafa8b7307981f2a51e630cc113d18af6162171c
In order to disable libvirt debug in CI (which takes vast amount of storage)
this change introduces nova_libvirt_logging_debug and disables that in CI.
Change-Id: I90bfd1b300ad3202ea4d139fda6d6beb44c5820f
This reverts commit ff441c1c0ceb8fc06a17f5db8e460ad00e8db365.
Since RabbitMQ TLS is still not functional in Victoria, it is
not enabled for upgrade jobs.
Change-Id: I575942c8d90441145de78dcb16a2b4c1f172773b
Adds the following new Zuul job for testing deployment of Monasca and
associated services:
* kolla-ansible-centos8-source-monasca
All core OpenStack services except for Keystone are disabled to ensure
enough memory is available.
A follow up patch will replace the basic tests here with Tempest.
Co-Authored-By: Doug Szumski <doug@stackhpc.com>
Change-Id: I5d33fd3d7b69798ba0aa23509f7b809065f61c19
Now that it has its own branch and published images.
Depends-On: https://review.opendev.org/761822
Change-Id: I99924b52ee4e0aca1ca4c416190292e561b5c043
Follows designate guide, adding a default zone for fixed and
floating IPs, then boots an instance and verifies that its
name resolves.
Change-Id: Ifbfdab425e2c8a36a8f3ab8539f70dca4cce2abc
Adds a new Zuul job, kolla-ansible-centos8-source-magnum, for testing
deployment of Magnum, Octavia and associated services.
Change-Id: I61b293ba6bb52064ea98a73e2dff0023fa01a2a2
This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.
The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.
RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.
Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support
Tests prometheus, grafana, and centralised logging.
The tests could be improved in future by querying logs in elasticsearch,
and metrics in prometheus.
Change-Id: Iabad035d583d291169f23be3d71931cb260e87ae
Replaced "kolla_external_fqdn_cacert" and "kolla_internal_fqdn_cacert" with
"kolla_admin_openrc_cacert". OS_CACERT is now set to the value of
"kolla_admin_openrc_cacert" in the generated admin-openrc.sh file.
Change-Id: If195d5402579cee9a14b91f63f5fde84eb84cccf
Partially-Implements: blueprint add-ssl-internal-network
Depends-On: https://review.opendev.org/#/c/731344/
Update the certificate generation task to create a root CA for the
self-signed certificates. The internal and external facing certificates
are then generated using the root CA.
Updated openstack_cacert to use system CA trust store in CI tests
certificate by default.
Change-Id: I6c2adff7d0128146cf086103ff6060b0dcefa37b
Partially-Implements: blueprint add-ssl-internal-network
This also uses the recommended machinery to set qemu instead
of relying on config file override so that we test what we
really want to test.
Change-Id: I560e4f9d0a69c347e6aaf3b970331157c1a56f18
Zun has a new component "zun-cni-daemon" which should be
deployed in every compute nodes. It is basically an implementation
of CNI (Container Network Interface) that performs the neutron
port binding.
If users is using the capsule (pod) API, the recommended deployment
option is using "cri" as capsule driver. This is basically to use
a CRI runtime (i.e. CRI plugin for containerd) for supporting
capsules (pods). A CRI runtime needs a CNI plugin which is what
the "zun-cni-daemon" provides.
The configuration is based on the Zun installation guide [1].
It consits of the following steps:
* Configure the containerd daemon in the host. The "zun-compute"
container will use grpc to communicate with this service.
* Install the "zun-cni" binary at host. The containerd process
will invoke this binary to call the CNI plugin.
* Run a "zun-cni-daemon" container. The "zun-cni" binary will
communicate with this container via HTTP.
Relevant patches:
Blueprint: https://blueprints.launchpad.net/zun/+spec/add-support-cri-runtime
Install guide: https://review.opendev.org/#/c/707948/
Devstack plugin: https://review.opendev.org/#/c/705338/
Kolla image: https://review.opendev.org/#/c/708273/
[1] https://docs.openstack.org/zun/latest/install/index.html
Depends-On: https://review.opendev.org/#/c/721044/
Change-Id: I9c361a99b355af27907cf80f5c88d97191193495
Drops support for creating Python 2 virtualenvs in bootstrap-servers,
and looking for a python2 interpreter in the kolla-ansible script.
Also forces the use of Python 3 as the remote interpreter in CI on
Debian and Ubuntu hosts, since they typically symlink the unversioned
interpreter to python2.7.
Change-Id: Id0e977de381e7faafed738674a140ba36184727e
Partially-Implements: blueprint drop-py2-support
This patch introduces an optional backend encryption for Keystone
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Keystone service.
Change-Id: I6351147ddaff8b2ae629179a9bc3bae2ebac9519
Partially-Implements: blueprint add-ssl-internal-network
CentOS 8 support is now fairly complete - time to drop CentOS 7.
Partially-Implements: blueprint centos-rhel-8
Change-Id: I940b1d3eceb98e16fa366c243672f588b1412d70
Since fluentd is disabled in MariaDB jobs - haproxy logs are not getting
populated.
Change-Id: I56b3fc1be6940d97905cdb2c4452b846f106c071
Depends-on: https://review.opendev.org/713704
In some resource-constrained environments, particularly during service
bootstrap Galera cluster nodes can experience timeouts in inter-node
communication.
This change sets the gmcast.peer_timeout based on the galera cluster
documentation:
https://galeracluster.com/library/documentation/galera-parameters.html
We are observing peer timeout issues on some CI runs - therefore raising
it to PT15S as in similar Ubuntu charms jobs.
Change-Id: Id036e41b62a88bab486c35a5f1fde5cfc2fa4803
global_physnet_mtu needs to be set in neutron.conf, because linuxbridge-agent
discovers underlying vxlan0 interface mtu and returns an error when creating
vxlan port
CentOS8 job will not be added, because CentOS 8 iptables-ebtables package
is missing broute (--among-src) tables support required for linuxbridge agent,
see [1].
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1720637
Change-Id: I6b12f7ba95401d3342359c57ceeee8bec8aefe49
