532 Commits

Author SHA1 Message Date
Ghanshyam Mann
c7386a8168 Remove retired Searchlight support
Searchlight project is retiring in Wallaby cycle[1].
This commit removes the ansible roles of Searchlight project
before its code is removed.

Needed-By: https://review.opendev.org/c/openstack/searchlight/+/764526

[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-November/018637.html

Change-Id: I85aab66376ea4f1376c2705066ba3c7e5645644f
2020-12-15 18:37:34 -06:00
Zuul
6c2bb6b736 Merge "CI: add missing --fail argument to curl" 2020-11-14 22:44:54 +00:00
Mark Goddard
9444631078 CI: add missing --fail argument to curl
Change-Id: Ibd06726ac6edcb63a1d5d4f4148851876316dc5b
2020-11-13 17:08:44 +00:00
Radosław Piliszek
ce35b43ab9 Upgrade from Victoria
Now that it has its own branch and published images.

Depends-On: https://review.opendev.org/761822
Change-Id: I99924b52ee4e0aca1ca4c416190292e561b5c043
2020-11-10 11:01:44 +00:00
Michal Nasiadka
ff441c1c0c CI: Temporarily disable rabbitmq internal tls
Due to an incompatibility between oslo.messaging and new kombu/amqp mix -
Nova RMQ TLS is not working. See [1] and [2].

[1]: https://launchpad.net/bugs/1902696
[2]: https://review.opendev.org/#/c/761194/

Change-Id: Ibffd96fe008b6fcefcd73ac3c1bc579507dca5c7
2020-11-04 08:03:53 +01:00
wu.chunyang
195269d758 add octavia openrc file
we use octavia user to upload image currently, so it is better to
create a octavia openrc file for user

Implements: blueprint implement-automatic-deploy-of-octavia

Change-Id: Ib53d00fa4a6ee59b8a0b2245f83786a6af0cbf53
2020-10-08 14:50:52 +00:00
Mark Goddard
894f4912ac octavia: generate certificates automatically
implemented as a separate command (kolla-ansible octavia-certificates)

Implements: blueprint implement-automatic-deploy-of-octavia

Co-Authored-By: wu.chunyang <wuchunyang@yovole.com>
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>

Change-Id: I2c5b26ce9e363f35c523865904a582f7960aa682
2020-10-08 16:50:30 +02:00
Zuul
8cf8459270 Merge "CI: enable designate in magnum CI job" 2020-10-07 20:54:05 +00:00
Zuul
dd0d903d88 Merge "Coordinate haproxy and keepalived restarts" 2020-10-07 19:26:31 +00:00
Mark Goddard
c2987d6582 CI: enable designate in magnum CI job
Follows designate guide, adding a default zone for fixed and
floating IPs, then boots an instance and verifies that its
name resolves.

Change-Id: Ifbfdab425e2c8a36a8f3ab8539f70dca4cce2abc
2020-10-07 14:55:10 +00:00
Michal Nasiadka
c52a89ae04 Use Docker healthchecks for core services
This change enables the use of Docker healthchecks for core OpenStack
services.
Also check-failures.sh has been updated to treat containers with
unhealthy status as failed.

Implements: blueprint container-health-check
Change-Id: I79c6b11511ce8af70f77e2f6a490b59b477fefbb
2020-10-05 08:35:47 +00:00
Radosław Piliszek
c2d0bf30ea Coordinate haproxy and keepalived restarts
Keepalived and haproxy cooperate to provide control plane HA in
kolla-ansible deployments.
Certain care should be exerted to avoid prolonged availability
loss during reconfigurations and upgrades.
This patch aims to provide this care.
There is nothing special about keepalived upgrade compared to
reconfig, hence it is simplified to run the same code as for
deploy.
The broken logic of safe upgrade is replaced by common handler
code which's goal is to ensure we down current master only after
we have backups ready.

This change introduces a switch to kolla_docker module that allows
to ignore missing containers (as they are logically stopped).
ignore_missing is the switch's name.
All tests are included.

Change-Id: I22ddec5f7ee4a7d3d502649a158a7e005fe29c48
2020-10-04 16:58:24 +02:00
Zuul
5a65bd7bf6 Merge "Add healthchecks option to kolla_docker" 2020-09-30 17:34:53 +00:00
Michal Nasiadka
d6f69174ac Add healthchecks option to kolla_docker
blueprint container-health-check

Implements healthchecks option in kolla_docker Ansible module

Change-Id: I9323d4e75378d06f52b869f31009fd656bf270d2
2020-09-30 14:29:54 +00:00
Zuul
ba933f16e9 Merge "Support TLS encryption of RabbitMQ client-server traffic" 2020-09-29 11:31:03 +00:00
Zuul
07cbec194f Merge "Add support for encrypting Ironic API" 2020-09-25 11:47:49 +00:00
James Kirsch
7c2df87ded Add support for encrypting Ironic API
This patch introduces an optional backend encryption for the Ironic API
service. When used in conjunction with enabling TLS for service API
endpoints, network communcation will be encrypted end to end, from
client through HAProxy to the Ironic service.

Change-Id: I9edf7545c174ca8839ceaef877bb09f49ef2b451
Partially-Implements: blueprint add-ssl-internal-network
2020-09-24 10:09:13 -07:00
Zuul
d047b2a5e0 Merge "CI: add magnum scenario, also covering octavia" 2020-09-24 15:01:06 +00:00
Pierre Riteau
c5c6d995d3 Bump minimum Ansible version to 2.9
Change-Id: I5befc72a4894d625ca352b27df9d3aa84a2f5b2c
2020-09-23 17:48:01 +02:00
Mark Goddard
d2326712d4 CI: add magnum scenario, also covering octavia
Adds a new Zuul job, kolla-ansible-centos8-source-magnum, for testing
deployment of Magnum, Octavia and associated services.

Change-Id: I61b293ba6bb52064ea98a73e2dff0023fa01a2a2
2020-09-17 15:01:53 +00:00
Zuul
09e667a0b6 Merge "[CI] Support building source images with in-review changes" 2020-09-17 14:54:08 +00:00
Mark Goddard
761ea9a333 Support TLS encryption of RabbitMQ client-server traffic
This change adds support for encryption of communication between
OpenStack services and RabbitMQ. Server certificates are supported, but
currently client certificates are not.

The kolla-ansible certificates command has been updated to support
generating certificates for RabbitMQ for development and testing.

RabbitMQ TLS is enabled in the all-in-one source CI jobs, or when
The Zuul 'tls_enabled' variable is true.

Change-Id: I4f1d04150fb2b5af085b762890092f87ae6076b5
Implements: blueprint message-queue-ssl-support
2020-09-17 12:05:44 +01:00
Zuul
b49c86848d Merge "[CI] Ensure network is set for Zun" 2020-09-14 12:18:27 +00:00
Radosław Piliszek
7a3072e94c [CI] Ensure network is set for Zun
If we don't set it, then Zun chooses one randomly (the first one
from Neutron).
This may break if it is a network that is not available on
target hosts, e.g. external via L3 agent router.

Since capsules do not support nets yet [1], this patch ensures
desired network creation order in init-runonce instead.

[1] https://bugs.launchpad.net/zun/+bug/1895263

Change-Id: Iaa113dcfb826164a2772d2c91d34ec0236be0817
2020-09-12 12:06:34 +02:00
Radosław Piliszek
e94f97399b [CI] Test Ironic Inspector API
Per the recent Kayobe brekage due to TLS support in Ironic [1],
let's test Ironic Inspector API as well.

[1] https://review.opendev.org/750804

Change-Id: I7ccf0c4286f8907bc2fa2eabc41ec2876c9815a9
2020-09-10 15:24:36 +00:00
Pierre Riteau
8a8c221286 Fix test-ironic.sh not catching errors
Change-Id: Ia4626479e092be8b033bcd4e75e78a33167423d3
2020-09-10 17:11:57 +02:00
Radosław Piliszek
731d6b1acf [CI] Support building source images with in-review changes
The Kolla-Ansible part.

This switches Kolla-Ansible to use the kolla-build-config role
instead of generating config locally.

Depends-On: https://review.opendev.org/607159
Change-Id: I859acbe4f84ccbdc53764574a58e6f0fab4094a3
2020-09-10 09:39:51 +00:00
Radosław Piliszek
b21c07ac2f [CI] Remove setup_gate.sh symlink
This is confusing as it is not meant to be used by users.
Also, various tools show duplicated matches due to both locations
containing the exact same content.

Change-Id: I2debe121f64954e57788270d3258775f29f1cbb0
2020-09-08 09:45:50 +02:00
Mark Goddard
9fac359bf4 CI: enable Ansible SSH pipelining
This should improve performance of CI jobs.

Change-Id: I729862b89b4fe65cbb7f852fac06741b636e4939
2020-08-13 09:26:48 +01:00
Zuul
580f929dfa Merge "ubuntu: move to 20.04 Focal" 2020-08-11 15:26:39 +00:00
Marcin Juszkiewicz
352f91ac10 ubuntu: move to 20.04 Focal
There is a time once every 2 years when ubuntu team releases new LTS
release. And then UCA joins with binary packages for current OpenStack
development cycle.

It is this time for Ubuntu 20.04 'focal'.

Includes CI fix to pass:

[CI] Temporarily block new Ansible

The proper fix [1] needs fixing older branches before newer.
This one allows to fix CI first, in the usual order.

To revert after [1] gets merged in all relevant branches.

[1] https://review.opendev.org/745648

Old-Change-Id: Ifbd37d8addd4322773118e2e9d46494741a8ae66
Related-Bug: #1891145

Depends-on: https://review.opendev.org/#/c/738994/
Change-Id: Ib8b70ee40ec2d19509cc84c0f530612f81907721
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
2020-08-11 13:55:01 +02:00
Michal Nasiadka
7c08f42b2c CI: add kolla_python_version variable
Change-Id: Ic697729bda80bfb83171bf68223a2703b8318aad
2020-08-07 09:28:24 +02:00
Christian Berendt
6eb02245d6 Remove Hyper-V integration
Change-Id: I2e22ec47f644de2f1509a0111c9e1fffe8da0a1a
2020-07-27 10:25:46 +01:00
Zuul
6033959b53 Merge "CI: Update ceph-ansible to v5 - deploy Ceph Octopus" 2020-07-22 12:32:43 +00:00
Zuul
f039de861d Merge "CI: Add Ubuntu KVM job" 2020-07-22 11:54:26 +00:00
Zuul
9a8341c2a7 Merge "Performance: Run common role in a separate play" 2020-07-17 15:43:22 +00:00
Michal Nasiadka
47f8b8917f CI: Update ceph-ansible to v5 - deploy Ceph Octopus
Change-Id: I2e736920f5b2cb4a78c2e6c216665394faf83001
2020-07-15 13:59:20 +00:00
Zuul
ac41906d89 Merge "CI: add prometheus-efk scenario" 2020-07-14 08:56:05 +00:00
wu.chunyang
879ff59a05 [CI] Remove obsolete ceph configs
Change-Id: I27188936f516318bfc7e35cfe7276198ed8f9ac9
2020-07-10 14:04:03 +00:00
Mark Goddard
f44876c406 CI: add prometheus-efk scenario
Tests prometheus, grafana, and centralised logging.

The tests could be improved in future by querying logs in elasticsearch,
and metrics in prometheus.

Change-Id: Iabad035d583d291169f23be3d71931cb260e87ae
2020-07-10 07:55:14 +00:00
Mark Goddard
56ae2db7ac Performance: Run common role in a separate play
The common role was previously added as a dependency to all other roles.
It would set a fact after running on a host to avoid running twice. This
had the nice effect that deploying any service would automatically pull
in the common services for that host. When using tags, any services with
matching tags would also run the common role. This could be both
surprising and sometimes useful.

When using Ansible at large scale, there is a penalty associated with
executing a task against a large number of hosts, even if it is skipped.
The common role introduces some overhead, just in determining that it
has already run.

This change extracts the common role into a separate play, and removes
the dependency on it from all other roles. New groups have been added
for cron, fluentd, and kolla-toolbox, similar to other services. This
changes the behaviour in the following ways:

* The common role is now run for all hosts at the beginning, rather than
  prior to their first enabled service
* Hosts must be in the necessary group for each of the common services
  in order to have that service deployed. This is mostly to avoid
  deploying on localhost or the deployment host
* If tags are specified for another service e.g. nova, the common role
  will *not* automatically run for matching hosts. The common tag must
  be specified explicitly

The last of these is probably the largest behaviour change. While it
would be possible to determine which hosts should automatically run the
common role, it would be quite complex, and would introduce some
overhead that would probably negate the benefit of splitting out the
common role.

Partially-Implements: blueprint performance-improvements

Change-Id: I6a4676bf6efeebc61383ec7a406db07c7a868b2a
2020-07-07 15:00:47 +00:00
gugug
f13847a5a2 Remove the congress roles since it has been retired
more info: https://review.opendev.org/#/c/721733/

Depends-On: I561ead226f714d98c8e06e6027715a64c3a8e47e
Depends-On: I21c9ab9820f78cf76adf11c5f0591c60f76372a8
Change-Id: Ic740d090211ee331b374a6dac69dfde466df7200
Co-Authored-By: jacky06 <zhang.min@99cloud.net>
2020-06-20 01:51:03 +00:00
Zuul
e744b9d510 Merge "Remove mongodb integration" 2020-06-19 13:50:04 +00:00
Zuul
64f05d7a05 Merge "CI: Move NFV reqs installation to where it belongs" 2020-06-19 13:48:44 +00:00
Zuul
23cd9fb2ba Merge "CI: use venv only (and not virtualenv)" 2020-06-19 13:48:40 +00:00
gugug
66ea6e099f Remove mongodb integration
more info: a6c97d7284

Change-Id: I778d472cc7f6ca19852482a3e309d793973d75a6
Co-Authored-By: jacky06 <zhang.min@99cloud.net>
2020-06-19 09:07:23 +08:00
Radosław Piliszek
e7247dbd9a CI: use venv only (and not virtualenv)
It seems we used virtualenv for ceph-ansible only.

Change-Id: I7f9002283462dbe4bae3c1d7ff1dedcc4e7d01f2
2020-06-17 18:24:07 +00:00
Michal Nasiadka
3f94ac9ce9 CI: Make ARA rsync quiet
Change-Id: I4d6e4f43bcf3dc31cad0675f94724dbc4fcb466f
2020-06-17 11:37:57 +02:00
Zuul
1e35ef5a26 Merge "Replace internal and external VIP CA with root CA" 2020-06-16 16:01:25 +00:00
Zuul
e7f39d31e9 Merge "Generate Root CA for Self-Signed Certificates" 2020-06-16 11:12:26 +00:00