Barbican has recently bumped max_allowed_secret_in_bytes from 10 KB to
20 KB since the original value was too small for some certificates [1].
Remove custom value from the barbican.conf template, which anyway was
the same as the default configuration before the recent upstream change.
The upstream change was backported to Wallaby and has been proposed to
Victoria, Ussuri and Train [2], so this change should be backported too.
[1] https://review.opendev.org/c/openstack/barbican/+/783381
[2] https://review.opendev.org/q/I59d11c5c9c32128ab9d71eaecdf46dd2d789a8d1
Change-Id: I83e4cb48192c8024650a8d347363f6babb75ad90
Closes-Bug: #1957795
Access to console of any zun container fails when
kolla_enable_tls_external is true.
This is due to the protocol of the base_url of the websocket_proxy
section in zun.conf is hardcoded to 'ws'.
[base_url = ws://<external_fqdn>:<port>]
This fix adds a new variable zun_wsproxy_protocol
and sets it's value to 'wss' when kolla_enable_tls_external is true
or to 'ws' otherwise
Then the base url's protocol of the websocket_proxy section
in zun.conf is set by zun_wsproxy_protocol
[base_url = "{{ zun_wsproxy_protocol }}://<external_fqdn>:<port>"]
Closes-Bug: 1957117
Change-Id: Ibd9ca6e40ee8c265775b0657d318aa3f82e4cccb
rabbitmq starting from 3.8.0, built-in Prometheus support,
prometheus plugins are enabled by default, when the environment is
"enable_prometheus is no", rabbitmq role will disable prometheus plugins
Closes-Bug: #1885106
Change-Id: I4d694d6224c813285d228d6bc7eece5731db1078
We are not using it anywhere (metadata agents are using internal network),
so let's disable it by default.
Change-Id: If06db5030b0f09e20ef506c3b3ab39c3573b5f3d
Kolla has removed the Volume V2 API by default since OpenStack Wallaby.
However, openstack-exporter attempts to use the Volume V2 API by
default, resulting in clean installs failing to fetch Cinder metrics
in Prometheus.
This patch updates the clouds.yml configuration file for
openstack-exporter to use the Volume V3 API instead.
Closes-Bug: #1938194
Change-Id: Ifbb601be3ef1a1e853d5a7e832adf556c0ae38b9
This patch also configure delete indices action before close indices.
more info check curator source code[0].
[0] ac5db911a1/curator/cli.py (L217-L224)
Change-Id: I9fb4b25514f5890adfac2f4007ec4a819fc9f566
Closes-Bug: #1954720
This commit added ovn_sb_connection to octavia.conf otherwise it will
try to connect to ovn-sb-db using the default address which is
127.0.0.1 while the ovn-sb-db listen on the IP address of the
api_interface.
Closes-Bug: #1950111
Change-Id: I9cb9a0365d00ffd70562b4b3e83493ec09bd52c2
Fix configuration for ironic role in order to apply custom
policies for ironic-inspector API
Closes-Bug: #1952948
Change-Id: Id454c693f570e99ea58d2a6231f01a84b80ca56a
The admin interface for endpoints never had any real use, the
functionality was the same as for the public or internal endpoints,
except for Keystone. Even for Keystone with API v3 it would no longer
really be needed, but it is still being required by some libraries that
cannot be changed in order to stay backwards compatible.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Icf3bf08deab2c445361f0a0124d87ad8b0e4e9d9
The initial migrations when starting grafana for the first time may
sometimes take much longer than 20s, we have seen samples up to near
60s. Allow 120s to have some margin. Also make the timeout parameters
configurable.
Closes-Bug: 1769962
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: If9186d8aa65150c492657550064789e211dbb570
Based on some variables like tunnel_interface_address that are not present in nodes without ovn-controller like controller nodes this task will be failed because of undefined variable
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Change-Id: Ic511bf6479438f9288a008afb2aae43083a4e69f
Closes-Bug: #1953367
This patch is fixing file path for WSGIScriptAlias
as debian/ubuntu binary packages installs /usr/bin/aodh-api
as it is in source images also. For details please check
LP bug report.
Closes-Bug: #1953059
Change-Id: I9efe73193bf828b084c2844be73c9813a969c9c7
Nova provides a mechanism to set static vendordata via a file [1].
This patch provides support in Kolla Ansible for using this
feature.
Arguably this could be part of a generic mechansim for copying
arbitrary config, but:
- It's not clear if there is anything else that would take
advantage of this
- One size might not fit all
[1] https://docs.openstack.org/nova/latest/configuration/config.html#api.vendordata_jsonfile_path
Change-Id: Id420376d96d0c40415c369ae8dd36e845a781820
This service was deprecated in the Wallaby release and we
can now start removing it if it hasn't already been removed.
Change-Id: I7d825906edc4b78677d839942cba3a158f44b2e2
When only the directory is specified, separate log files
are created for the Nova API / metadata services with a
-wsgi postfix. This affects the 'programname' field in
Fluentd which affects the processing of these logs. This
is a regression.
When the log file name is specified, the directory is
not required.
Closes-Bug: #1950185
Change-Id: I8fec8b787349f83c05d8af7f52fc58da7c3e9cc4
In case of running mariadb role with --limit the group_by module will only include the limited hosts and other hosts that are not limited by ansible will not be included.
Using add_host will add all hosts in mariadb group to their shards group
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Change-Id: I1331698e313bd714a16fc35f38fb579d75b56370
Closes-Bug: #1947589
