On seed hypervisors running CentOS 8, the configdrive role will fail to
install coreutils if coreutils-single is already present:
Error:
Problem: problem with installed package coreutils-single-8.30-6.el8.x86_64
- package coreutils-8.30-6.el8_1.1.x86_64 conflicts with coreutils-single provided by coreutils-single-8.30-6.el8.x86_64
- package coreutils-8.30-6.el8_1.1.x86_64 conflicts with coreutils-single provided by coreutils-single-8.30-6.el8_1.1.x86_64
- conflicting requests
Until the role handles it, install coreutils using the --allowerasing
option which will remove coreutils-single at the same time. Use a
command task for now since this option has just been added to
ansible:devel [1].
[1] https://github.com/ansible/ansible/pull/48319
Change-Id: I43bbe9dae3d6796e308fbf66cb04d16b57ff5e37
Story: 2007612
Task: 39607
1. Blacklist Ansible 2.9.8
Ansible 2.9.8 includes a regression on the fileglob plugin [1] that
causes the Kolla Ansible HAProxy role to fail.
This change blacklists Ansible 2.9.8 to work around the issue.
2. Use ensure-docker role instead of install-docker
The install-* roles are being deprecated and renamed to follow the
ensure-* naming convention [2].
[1] https://github.com/ansible/ansible/issues/69450
[2] http://lists.zuul-ci.org/pipermail/zuul-announce/2020-April/000071.html
Change-Id: Iab1d84e6a8c1b3dd81e53279309153687677a061
Story: 2007659
Task: 39748
Ironic inspector rules are registered both with the seed and (if using)
overcloud ironic inspector services. These tasks often show up as
changed even when no configuration changes have been made that would
affect the rules.
This is caused by inspector returning default values for fields that may
be omitted in the requested rule. This change fixes the issue by
including those defaults in the comparison.
Change-Id: Ia24e328d4531201d76a65b6385e4463bb1f3c5c6
Story: 2007399
Task: 38997
Sets 'monasca_install_type: source' to remove need
for kolla-ansible var boilerplate.
Also use default Monasca parameters to configure
Grafana post deploy.
Change-Id: I2b6d62104c9c127cb8f6b4f4930dd695cd00da17
Story: 2007597
Task: 39587
A common failure early on when using Kayobe is during discovery of SSH
known hosts. This happens if a host does not have an IP address
configured on the admin (SSH) network. The failure looks like this:
PLAY [Ensure known hosts are configured]
**********************************************************************
TASK [ssh-known-host : Scan for SSH keys]
**********************************************************************
failed: [compute0 -> localhost] (item=) => {"ansible_loop_var": "item",
"changed": false, "cmd": ["ssh-keyscan"], "delta": "0:00:00.013855",
"end": "2020-04-17 10:51:01.857855", "item": "", "msg": "non-zero
return code", "rc": 1, "start": "2020-04-17 10:51:01.844000",
"stderr": "usage: ssh-keyscan [-46cDHv] [-f file] [-p port] [-T
timeout] [-t type]\n\t\t [host | addrlist namelist]",
"stderr_lines": ["u sage: ssh-keyscan [-46cDHv] [-f file] [-p port]
[-T timeout] [-t type]", "\t\t [host | addrlist namelist]"],
"stdout": "", "stdout_lines": []}
This happens when ansible_host is an empty string, typically because the
host has no IP address defined in for the admin network in
network-allocation.yml. This is very confusing for a new user. We should
provide a more informative message.
It's not exactly clear how a user gets to this point, since the
ip-allocation.yml playbook runs before ssh-known-host.yml, which should
populate network-allocation.yml.
This change detects this failure mode and provides a message with
information about how to resolve it.
Change-Id: I564b6e4509a30dec7c49a23bb2f75d490be775ed
Story: 2007566
Task: 39456
Removes and/or replaces all mentions of py27.
Cleans up obsolete requirements and their lower-constraints.
Update cliff minimum to 3.1.0 in requirements.txt, which has a fix for
story 2005891.
Change-Id: I52cffa2f1aee944f79c4618ea20b779755792f2a
Kayobe has a workaround for CentOS cloud images which contain a bogus
nameserver entry in /etc/resolv.conf. By setting
overcloud_host_image_workaround_resolv_enabled to true, the entry would
be removed. Previously we removed a specific IP address - 10.0.2.3 -
that was present in the CentOS 7 images. However, it seems that CentOS 8
images have a different IP - 192.168.122.1.
This change fixes the issue and becomes resilient to future changes by
matching any IP address. This should be fairly safe, since this
workaround is opt-in.
Change-Id: I9323a38cb2bb627ff56f5713900be00595ea8d4b
Story: 2006574
Task: 39484
Kayobe generates passwords.yml for Kolla Ansible, and can encrypt it
using the vault password. Previously this was failing on Python 3 due to
passing a string to file.write() which expects bytes.
This change fixes the issue by encoding the password string passed to
file.write().
This allows us to run the ansible role tests under Python 3.
Change-Id: I33813f79984a46f1967ef3aee455dcfbe7eb93da
Story: 2006574
Task: 39481
Backport: train, stein, rocky
This fixes issues seen with a-universe-from-nothing using stable/train.
Change-Id: Ib477de5f3af2e4c182d0c2999c274dbb5553531c
Story: 2007572
Task: 39469
We can use the Ansible pip module's support for specifying a list of
packages with version constraints.
Change-Id: If5d3c7117175732c54e38025692eb4c036053ebc
Currently we require a Linux bridge to exist between OVS and the
physical interface. This is necessary if you want to set an IP on the
native VLAN of that interface, but that is not always the case.
This change allows the physical interface (or any non-bridge interface)
to be plugged into OVS.
Change-Id: I2172a74f4719605f6ec81fadec46ce49f8310a96
Story: 2007364
Task: 38920
Adds information on tuning Ansible, including forks, SSH pipelining and
fact caching.
Change-Id: I83d1469c62d63390222750d9d1f6e337e45b2373
Story: 2007492
Task: 39447
Previously, Kayobe used Kolla Ansible's bootstrap-servers command to
create a user account and Python virtual environment for Kolla Ansible.
In order to do this it used the Kayobe Ansible user and Python
interpreter.
This causes problems for Ansible fact caching, which needs separate
caches for Kayobe and Kolla Ansible, since the different users and
Python interpreters used result in different facts. Bootstrapping
servers with the Kayobe user and interpreter resulted in the Kolla
Ansible fact cache being populated with Kayobe's user and interpreter.
This change disables user creation during Kolla Ansible's
bootstrap-servers command, instead creating the user and virtual
environment in Kayobe prior to running the command. This allows the
bootstrap-servers command to be executed using the normal Kolla Ansible
user and interpreter, which results in the correct facts being gathered.
The downside here is some duplication of code and configuration, but a
nice side effect is that we no longer need to dump configuration in the
CLI for host configure in order to fetch the Ansible user and
interpreter.
Change-Id: I85670be7242bc436f73c689f027670b0938ba031
Story: 2007492
Task: 39444
Tests various non-default configuration:
* Custom users
* Network interfaces, VLANs, bridges, bonds
* Software RAID
* LVM & docker devicemapper
* timezone
* Package mirrors
* yum-cron / DNF automatic
This improved test coverage allows us to be more confident about these
features working on CentOS 8.
Change-Id: I36148e4356deb7d5ec00d8d3ebeb2d3932ff4f94
Story: 2006574
Task: 38938
* Change default seed VM image to CentOS 8
* Change default bifrost deploy image to CentOS 8
* Workaround DIB bug
https://bugs.launchpad.net/diskimage-builder/+bug/1866847 by setting
DIB_DISABLE_KERNEL_CLEANUP to 1
* Install iptables on seed for SNAT - missing on CentOS 8
* Fix provider network MTU lookup for empty string
* Bump stackhpc.libvirt-host to 1.7.0 for CentOS 8 support
* Bump stackhpc.libvirt-vm to 1.13.0 for CentOS 8 support
* Bump jriguera.configdrive for Python 3 support
Change-Id: Ie0edf6a924a914395c6502e2d5cf1139bce14a48
Story: 2006574
Task: 39000
Some Ruckus switches, e.g. the Ruckus ICX 7150, advertise switch
interface names as switch port descriptions. Unlike Dell switches, there
is no space character between port type and port number. For example:
GigabitEthernet1/1/9.
Update regular expression to match both styles.
Change-Id: I359b07abadc8665ff0a8c3407ca0fc5effc504cf
Story: 2007532
Task: 39343
The seed VM will fail to provision if the Ansible control host and the
seed hypervisor are not the same hosts.
This is because Kayobe creates the seed-vm-user-data file on the
seed-hypervisor host. It then invokes the jriguera.configdrive role
which uses a copy task without remote_src, which fails to find the
source file locally on the Ansible control host.
Instead we create a local temporary file for seed VM user data.
Change-Id: Iabbe4c624b9ad02bb82c323070f99c16e5822966
Story: 2007530
Task: 39338
One way to improve the performance of Ansible is through fact caching.
Rather than gather facts in every play, we can configure Ansible to
cache them in a persistent store. An example Ansible configuration for
doing this is as follows:
[defaults]
gathering = smart
fact_caching = jsonfile
fact_caching_connection = ./facts
fact_caching_timeout = 86400
While this mostly just works, there are a few places where we
unconditionally gather facts using the setup module. This change
modifies these to only gather facts when necessary.
We no longer execute the MichaelRigart.interfaces role using become:
true, since it may gather facts and we do not want it to do so as root.
The role uses become where necessary.
Change-Id: I9984a187fc6c0496ada489bb8eef36e44d695aac
Story: 2007492
Task: 39216
Adds a new variable, 'kolla_enable_openstack_core', which can be set a
default value for whether the default OpenStack services are enabled.
This includes Glance, Heat, Horizon, Ironic, Keystone, Neutron and Nova.
It is 'true' by default.
Change-Id: I7768d3a92272d4353522dbf1a96f124225f4d73d
Story: 2007524
Task: 39315
Kolla Ansible sets kolla_{external,internal}_fqdn_cacert variables with
default values compatible with the use of `kolla-ansible certificates`.
However, when these variables are left unset in Kayobe, which is
generally the case when using trusted certificates, we end up with
openrc files setting OS_CACERT to a file that does not exist:
${KOLLA_CONFIG_PATH}/certificates/haproxy-ca.crt
Instead we allow null cacert variables to be passed to kolla-ansible,
which results in openrc files without the bogus OS_CACERT entry.
Change-Id: Ifa615888b6d8d54c9e6314fd90f3fc4872fc6e5a
Story: 2007516
Task: 39299
