Merge pull request #158 from stackhpc/sync/stable/victoria

Sync upstream stable/victoria

Author: cityofships

ansible/group_vars/all.yml

@@ -433,6 +433,7 @@ prometheus_node_exporter_port: "9100"
 prometheus_mysqld_exporter_port: "9104"
 prometheus_haproxy_exporter_port: "9101"
 prometheus_memcached_exporter_port: "9150"
+prometheus_rabbitmq_exporter_port: "15692"
 # Default cadvisor port of 8080 already in use
 prometheus_cadvisor_port: "18080"
 
@@ -588,10 +589,9 @@ enable_chrony: "yes"
 enable_cinder: "no"
 enable_cinder_backup: "yes"
 enable_cinder_backend_hnas_nfs: "no"
-enable_cinder_backend_iscsi: "{{ enable_cinder_backend_lvm | bool or enable_cinder_backend_zfssa_iscsi | bool }}"
+enable_cinder_backend_iscsi: "{{ enable_cinder_backend_lvm | bool }}"
 enable_cinder_backend_lvm: "no"
 enable_cinder_backend_nfs: "no"
-enable_cinder_backend_zfssa_iscsi: "no"
 enable_cinder_backend_quobyte: "no"
 enable_cloudkitty: "no"
 enable_collectd: "no"
@@ -668,7 +668,7 @@ enable_neutron_port_forwarding: "no"
 enable_nova_serialconsole_proxy: "no"
 enable_nova_ssh: "yes"
 enable_octavia: "no"
-enable_octavia_driver_agent: "{{ enable_octavia | bool and neutron_plugin_agent == 'ovn' }}"
+enable_octavia_driver_agent: "{{ enable_octavia | bool and neutron_plugin_agent == 'ovn' and groups['octavia-driver-agent'] is defined }}"
 enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
 enable_ovn: "{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}"
 enable_ovs_dpdk: "no"
@@ -1100,6 +1100,7 @@ enable_prometheus_ceph_mgr_exporter: "no"
 enable_prometheus_openstack_exporter: "{{ enable_prometheus | bool }}"
 enable_prometheus_elasticsearch_exporter: "{{ enable_prometheus | bool and enable_elasticsearch | bool }}"
 enable_prometheus_blackbox_exporter: "{{ enable_prometheus | bool }}"
+enable_prometheus_rabbitmq_exporter: "{{ enable_prometheus | bool and enable_rabbitmq | bool }}"
 
 prometheus_alertmanager_user: "admin"
 prometheus_openstack_exporter_interval: "60s"

ansible/roles/aodh/templates/aodh.conf.j2

@@ -28,6 +28,7 @@ password = {{ aodh_keystone_password }}
 auth_url = {{ keystone_admin_url }}
 auth_type = password
 cafile = {{ openstack_cacert }}
+region_name = {{ openstack_region_name }}
 
 [oslo_middleware]
 enable_proxy_headers_parsing = True

ansible/roles/barbican/templates/barbican.conf.j2

@@ -64,6 +64,7 @@ password = {{ barbican_keystone_password }}
 auth_url = {{ keystone_admin_url }}
 auth_type = password
 cafile = {{ openstack_cacert }}
+region_name = {{ openstack_region_name }}
 
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}

ansible/roles/baremetal/tasks/bootstrap-servers.yml

@@ -6,5 +6,6 @@
 - import_tasks: post-install.yml
 
 - include_tasks: configure-containerd-for-zun.yml
-  when: containerd_configure_for_zun|bool and
-        inventory_hostname in groups['zun-cni-daemon']
+  when:
+    - containerd_configure_for_zun|bool
+    - "'zun-cni-daemon' in group_names"

ansible/roles/baremetal/tasks/install.yml

@@ -46,6 +46,26 @@
   changed_when: false
   register: running_containers
 
+# APT starts Docker engine right after installation, which creates
+# iptables rules before we disable iptables in Docker config
+
+- name: Check if docker systemd unit exists
+  stat:
+    path: /etc/systemd/system/docker.service
+  register: docker_unit_file
+
+- name: Mask the docker systemd unit on Debian/Ubuntu
+  file:
+    src: /dev/null
+    dest: /etc/systemd/system/docker.service
+    owner: root
+    group: root
+    state: link
+  become: true
+  when:
+    - ansible_os_family == 'Debian'
+    - not docker_unit_file.stat.exists
+
 - name: Install apt packages
   package:
     name: "{{ (debian_pkg_install | join(' ')).split() }}"
@@ -78,10 +98,11 @@
     # At some point (at least on CentOS 7) Docker CE stopped starting
     # automatically after an upgrade from legacy docker . Start it manually.
     - name: Start docker
-      service:
+      systemd:
         name: docker
         state: started
         enabled: yes
+        masked: no
       become: True
 
     - name: Wait for Docker to start
@@ -116,7 +137,8 @@
 - name: Install docker SDK for python
   pip:
     # NOTE(hrw) docker 2.4.2 is in kolla-ansible requirements
-    name: docker>=2.4.2
+    # NOTE(mnasiadka): docker 5.0.0 lacks six in deps but requires it
+    name: docker>=2.4.2,<5.0.0
     executable: "{{ virtualenv is none | ternary('pip3', omit) }}"
     virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
     virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
@@ -128,7 +150,7 @@
     name: "{{ (ubuntu_pkg_removals | join(' ')).split() }}"
     state: absent
   become: True
-  when: ansible_distribution|lower == "ubuntu"
+  when: ansible_os_family == 'Debian'
 
 - name: Remove packages
   package:

ansible/roles/baremetal/tasks/post-install.yml

@@ -66,6 +66,7 @@
     docker_config: "{{ docker_config | combine(docker_zun_config) }}"
   when:
     - docker_configure_for_zun | bool
+    - "'zun-compute' in group_names"
 
 - name: Warn about deprecations
   debug:
@@ -122,22 +123,26 @@
     state: absent
   when:
     - not docker_custom_option
-    - not docker_configure_for_zun|bool
+    - not docker_configure_for_zun | bool or 'zun-compute' not in group_names
 
 - name: Ensure docker service directory exists
   become: True
   file:
     path: /etc/systemd/system/docker.service.d
     state: directory
     recurse: yes
-  when: docker_custom_option | length > 0 or docker_configure_for_zun|bool
+  when: >
+    docker_custom_option | length > 0 or
+    (docker_configure_for_zun | bool and 'zun-compute' in group_names)
 
 - name: Configure docker service
   become: True
   template:
     src: docker_systemd_service.j2
     dest: /etc/systemd/system/docker.service.d/kolla.conf
-  when: docker_custom_option | length > 0 or docker_configure_for_zun|bool
+  when: >
+    docker_custom_option | length > 0 or
+    (docker_configure_for_zun | bool and 'zun-compute' in group_names)
 
 - name: Reload docker service file
   become: True
@@ -189,22 +194,25 @@
   when: create_kolla_user | bool
 
 - name: Start docker
-  service:
+  systemd:
     name: docker
     state: started
+    masked: no
   become: True
 
 - name: Restart docker
-  service:
+  systemd:
     name: docker
     state: restarted
+    masked: no
   become: True
   when: docker_configured.changed or docker_reloaded.changed
 
 - name: Enable docker
-  service:
+  systemd:
     name: docker
     enabled: yes
+    masked: no
   become: True
 
 - name: Stop time service

ansible/roles/baremetal/tasks/pre-install.yml

@@ -28,7 +28,7 @@
     marker: "# {mark} ANSIBLE GENERATED HOSTS"
     block: |
         {% for host in groups['baremetal'] %}
-        {% set api_interface = hostvars[host]['api_interface'] %}
+        {% set api_interface = hostvars[host]['api_interface'] | replace('-', '_') %}
         {% if host not in groups['bifrost'] or 'ansible_' + api_interface in hostvars[host] %}
         {% set hostnames = [hostvars[host]['ansible_nodename'], hostvars[host]['ansible_hostname']] %}
         {{ 'api' | kolla_address(host) }} {{ hostnames | unique | join(' ') }}
@@ -39,7 +39,7 @@
     - customize_etc_hosts | bool
     # Skip hosts in the bifrost group that do not have a valid api_interface.
     - inventory_hostname not in groups['bifrost'] or
-      'ansible_' + hostvars[inventory_hostname]['api_interface'] in hostvars[inventory_hostname]
+      'ansible_' + hostvars[inventory_hostname]['api_interface'] | replace('-', '_') in hostvars[inventory_hostname]
 
 # NOTE(osmanlicilegi): The distribution might come with cloud-init installed, and manage_etc_hosts
 # configuration enabled. If so, it will override the file /etc/hosts from cloud-init templates at

ansible/roles/baremetal/templates/docker_systemd_service.j2

@@ -1,4 +1,4 @@
 [Service]
 ExecStart=
 # ExecStart commandline copied from 'docker-ce' package. Same on CentOS/Debian/Ubuntu systems.
-ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %}
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool and 'zun-compute' in group_names %} {{ docker_zun_options }}{% endif %}

ansible/roles/blazar/templates/blazar.conf.j2

@@ -1,10 +1,7 @@
 [DEFAULT]
 debug = {{ blazar_logging_debug }}
-
 log_dir = /var/log/kolla/blazar
-
 transport_url = {{ rpc_transport_url }}
-
 host = {{ api_interface_address }}
 port = {{ blazar_api_port }}
 os_auth_host = {{ kolla_internal_fqdn }}
@@ -33,6 +30,7 @@ username = {{ blazar_keystone_user }}
 password = {{ blazar_keystone_password }}
 service_token_roles_required = True
 cafile = {{ openstack_cacert }}
+region_name = {{ openstack_region_name }}
 
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
@@ -44,13 +42,8 @@ connection_recycle_time = {{ database_connection_recycle_time }}
 max_pool_size = {{ database_max_pool_size }}
 max_retries = -1
 
-[physical:host]
-on_start = on_start
-on_end = on_end
+[nova]
 aggregate_freepool_name = {{ blazar_aggregate_pool_name }}
-blazar_username = {{ blazar_keystone_user }}
-blazar_password = {{ blazar_keystone_password }}
-blazar_project_name = service
 
 [oslo_messaging_notifications]
 {% if blazar_enabled_notification_topics %}

ansible/roles/chrony/templates/chrony.json.j2

@@ -4,8 +4,8 @@
         {
             "source": "{{ container_config_directory }}/chrony.conf",
             "dest": "/etc/chrony/chrony.conf",
-            "owner": "chrony",
-            "perm": "0600"
+            "owner": "root",
+            "perm": "0644"
         }
     ],
     "permissions": [