diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one
index 5fa8ba9599..1eccb53107 100644
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@@ -175,10 +175,10 @@ common
[fluentd:children]
common
-[kolla-logs:children]
+[kolla-toolbox:children]
common
-[kolla-toolbox:children]
+[kolla_logs:children]
common
[opensearch:children]
diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode
index 4aaec07851..9c87a2015b 100644
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@@ -193,12 +193,16 @@ common
[fluentd:children]
common
-[kolla-logs:children]
-common
-
[kolla-toolbox:children]
common
+[kolla_logs:children]
+control
+network
+compute
+storage
+monitoring
+
[opensearch:children]
control
diff --git a/ansible/roles/aodh/defaults/main.yml b/ansible/roles/aodh/defaults/main.yml
index 76d9360dd0..0c6df039ca 100644
--- a/ansible/roles/aodh/defaults/main.yml
+++ b/ansible/roles/aodh/defaults/main.yml
@@ -17,7 +17,8 @@ aodh_services:
port: "{{ aodh_api_port }}"
listen_port: "{{ aodh_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
aodh_api_external:
enabled: "{{ enable_aodh }}"
mode: "http"
@@ -26,7 +27,8 @@ aodh_services:
port: "{{ aodh_api_public_port }}"
listen_port: "{{ aodh_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
aodh-evaluator:
container_name: aodh_evaluator
group: aodh-evaluator
@@ -131,7 +133,11 @@ aodh_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
aodh_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
aodh_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
aodh_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
-aodh_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ aodh_api_listen_port }}"]
+aodh_api_healthcheck_test:
+ - "CMD-SHELL"
+ - >-
+ healthcheck_curl http://{{
+ api_interface_address | put_address_in_context('url') }}:{{ aodh_api_listen_port }}/healthcheck
aodh_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
aodh_api_healthcheck:
interval: "{{ aodh_api_healthcheck_interval }}"
diff --git a/ansible/roles/barbican/defaults/main.yml b/ansible/roles/barbican/defaults/main.yml
index 86d12e558c..2110805792 100644
--- a/ansible/roles/barbican/defaults/main.yml
+++ b/ansible/roles/barbican/defaults/main.yml
@@ -18,7 +18,8 @@ barbican_services:
listen_port: "{{ barbican_api_listen_port }}"
tls_backend: "{{ barbican_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
barbican_api_external:
enabled: "{{ enable_barbican }}"
mode: "http"
@@ -28,7 +29,8 @@ barbican_services:
listen_port: "{{ barbican_api_listen_port }}"
tls_backend: "{{ barbican_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
barbican-keystone-listener:
container_name: barbican_keystone_listener
group: barbican-keystone-listener
@@ -107,7 +109,7 @@ barbican_api_healthcheck_test:
- >-
healthcheck_curl {{
'https' if barbican_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ barbican_api_listen_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ barbican_api_listen_port }}/healthcheck"
barbican_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
barbican_api_healthcheck:
interval: "{{ barbican_api_healthcheck_interval }}"
diff --git a/ansible/roles/cinder/defaults/main.yml b/ansible/roles/cinder/defaults/main.yml
index e6dfcb3628..4258d863e2 100644
--- a/ansible/roles/cinder/defaults/main.yml
+++ b/ansible/roles/cinder/defaults/main.yml
@@ -18,7 +18,8 @@ cinder_services:
listen_port: "{{ cinder_api_listen_port }}"
tls_backend: "{{ cinder_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
cinder_api_external:
enabled: "{{ enable_cinder }}"
mode: "http"
@@ -28,7 +29,8 @@ cinder_services:
listen_port: "{{ cinder_api_listen_port }}"
tls_backend: "{{ cinder_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
cinder-scheduler:
container_name: cinder_scheduler
group: cinder-scheduler
@@ -125,7 +127,7 @@ cinder_api_healthcheck_test:
- >-
healthcheck_curl {{
'https' if cinder_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ cinder_api_listen_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ cinder_api_listen_port }}/healthcheck
cinder_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
cinder_api_healthcheck:
interval: "{{ cinder_api_healthcheck_interval }}"
@@ -357,13 +359,6 @@ cinder_ks_services:
endpoints:
- {'interface': 'internal', 'url': '{{ cinder_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ cinder_public_endpoint }}'}
- # TODO(mattcrees): switch to absent in G-cycle, remove in H
- - name: "cinderv3"
- type: "volumev3"
- description: "Openstack Block Storage (deprecated)"
- endpoints:
- - {'interface': 'internal', 'url': '{{ cinder_v3_internal_endpoint }}'}
- - {'interface': 'public', 'url': '{{ cinder_v3_public_endpoint }}'}
cinder_ks_users:
- project: "service"
diff --git a/ansible/roles/cinder/tasks/upgrade.yml b/ansible/roles/cinder/tasks/upgrade.yml
index 5b395b1c04..7a872aecb3 100644
--- a/ansible/roles/cinder/tasks/upgrade.yml
+++ b/ansible/roles/cinder/tasks/upgrade.yml
@@ -20,6 +20,20 @@
- name: Reload cinder services
ansible.builtin.import_tasks: reload.yml
+# TODO(mnasiadka): Remove me in 2026.2
+- name: Remove cinderv3 catalog entries
+ vars:
+ _cinder_volumev3:
+ - name: "cinderv3"
+ type: "volumev3"
+ description: "Openstack Block Storage (deprecated)"
+ endpoints: []
+ state: absent
+ service_ks_register_auth: "{{ openstack_cinder_auth }}"
+ service_ks_register_services: "{{ _cinder_volumev3 }}"
+ ansible.builtin.import_role:
+ name: service-ks-register
+
- name: Running Cinder online schema migration
vars:
cinder_api: "{{ cinder_services['cinder-api'] }}"
diff --git a/ansible/roles/cloudkitty/defaults/main.yml b/ansible/roles/cloudkitty/defaults/main.yml
index c5c093571f..b1840642ec 100644
--- a/ansible/roles/cloudkitty/defaults/main.yml
+++ b/ansible/roles/cloudkitty/defaults/main.yml
@@ -17,7 +17,8 @@ cloudkitty_services:
port: "{{ cloudkitty_api_port }}"
listen_port: "{{ cloudkitty_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
cloudkitty_api_external:
enabled: "{{ enable_cloudkitty }}"
mode: "http"
@@ -26,7 +27,8 @@ cloudkitty_services:
port: "{{ cloudkitty_api_public_port }}"
listen_port: "{{ cloudkitty_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
cloudkitty-processor:
container_name: "cloudkitty_processor"
group: "cloudkitty-processor"
@@ -100,7 +102,11 @@ cloudkitty_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
cloudkitty_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
cloudkitty_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
cloudkitty_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
-cloudkitty_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ cloudkitty_api_port }}"]
+cloudkitty_api_healthcheck_test:
+ - "CMD-SHELL"
+ - >-
+ healthcheck_curl http://{{
+ api_interface_address | put_address_in_context('url') }}:{{ cloudkitty_api_port }}/healthcheck
cloudkitty_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
cloudkitty_api_healthcheck:
interval: "{{ cloudkitty_api_healthcheck_interval }}"
diff --git a/ansible/roles/common/tasks/bootstrap.yml b/ansible/roles/common/tasks/bootstrap.yml
index 8224ced75f..ed97d539c0 100644
--- a/ansible/roles/common/tasks/bootstrap.yml
+++ b/ansible/roles/common/tasks/bootstrap.yml
@@ -1,16 +1 @@
---
-- name: Creating log volume
- become: true
- kolla_container:
- action: "create_volume"
- common_options: "{{ docker_common_options }}"
- name: "kolla_logs"
- when: inventory_hostname in groups['kolla-logs']
-
-- name: Link kolla_logs volume to /var/log/kolla
- become: true
- ansible.builtin.file:
- src: "{{ container_engine_volumes_path }}/kolla_logs/_data"
- path: /var/log/kolla
- state: link
- when: inventory_hostname in groups['kolla-logs']
diff --git a/ansible/roles/cron/templates/cron-logrotate-aodh.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-aodh.conf.j2
deleted file mode 100644
index fd333f6e41..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-aodh.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/aodh/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-barbican.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-barbican.conf.j2
deleted file mode 100644
index eaa5f0f494..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-barbican.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/barbican/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-blazar.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-blazar.conf.j2
deleted file mode 100644
index 1c0c0e2ca1..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-blazar.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/blazar/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-ceilometer.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-ceilometer.conf.j2
deleted file mode 100644
index 5993500a5b..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-ceilometer.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/ceilometer/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-cinder.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-cinder.conf.j2
deleted file mode 100644
index b5e59abd26..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-cinder.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/cinder/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-cloudkitty.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-cloudkitty.conf.j2
deleted file mode 100644
index 2dada642d8..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-cloudkitty.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/cloudkitty/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-collectd.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-collectd.conf.j2
deleted file mode 100644
index 4e5878be82..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-collectd.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/collectd/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-cyborg.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-cyborg.conf.j2
deleted file mode 100644
index d4f8b90214..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-cyborg.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/cyborg/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-default.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-default.conf.j2
new file mode 100644
index 0000000000..1213e5dcbd
--- /dev/null
+++ b/ansible/roles/cron/templates/cron-logrotate-default.conf.j2
@@ -0,0 +1,3 @@
+"/var/log/kolla/{{ service }}/*.log"
+{
+}
diff --git a/ansible/roles/cron/templates/cron-logrotate-designate.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-designate.conf.j2
deleted file mode 100644
index c3c4751251..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-designate.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/designate/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-etcd.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-etcd.conf.j2
deleted file mode 100644
index 5b009c46e4..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-etcd.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/etcd/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-fluentd.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-fluentd.conf.j2
deleted file mode 100644
index 37c76a5f93..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-fluentd.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/fluentd/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-glance-tls-proxy.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-glance-tls-proxy.conf.j2
deleted file mode 100644
index 5f53099180..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-glance-tls-proxy.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/glance-tls-proxy/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-glance.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-glance.conf.j2
deleted file mode 100644
index 5b20985bd0..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-glance.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/glance/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-global.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-global.conf.j2
index b8628a88d0..1d487601e4 100644
--- a/ansible/roles/cron/templates/cron-logrotate-global.conf.j2
+++ b/ansible/roles/cron/templates/cron-logrotate-global.conf.j2
@@ -19,6 +19,6 @@ maxsize {{ cron_logrotate_log_maxsize }}
su root kolla
{% for service in cron_logrotate_enabled_services %}
-{% include "cron-logrotate-" ~ service ~ ".conf.j2" %}
+{% include ["cron-logrotate-" ~ service ~ ".conf.j2", "cron-logrotate-default.conf.j2"] %}
{% endfor %}
diff --git a/ansible/roles/cron/templates/cron-logrotate-gnocchi.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-gnocchi.conf.j2
deleted file mode 100644
index d6d5d6f449..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-gnocchi.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/gnocchi/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-grafana.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-grafana.conf.j2
deleted file mode 100644
index 2a3a0889a4..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-grafana.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/grafana/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-hacluster.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-hacluster.conf.j2
deleted file mode 100644
index 856193e411..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-hacluster.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/hacluster/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-haproxy.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-haproxy.conf.j2
deleted file mode 100644
index 3e89a2e751..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-haproxy.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/haproxy/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-heat.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-heat.conf.j2
deleted file mode 100644
index 7f5e89a77e..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-heat.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/heat/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-horizon.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-horizon.conf.j2
deleted file mode 100644
index f346694f48..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-horizon.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/horizon/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-ironic.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-ironic.conf.j2
deleted file mode 100644
index 796c88c3a3..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-ironic.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/ironic/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-keystone.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-keystone.conf.j2
deleted file mode 100644
index 79cf10b347..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-keystone.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/keystone/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-kuryr.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-kuryr.conf.j2
deleted file mode 100644
index 3565e1138a..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-kuryr.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/kuryr/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-letsencrypt.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-letsencrypt.conf.j2
deleted file mode 100644
index fea08e0163..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-letsencrypt.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/letsencrypt/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-magnum.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-magnum.conf.j2
deleted file mode 100644
index 4b2c2af4e6..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-magnum.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/magnum/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-manila.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-manila.conf.j2
deleted file mode 100644
index 9b9719514f..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-manila.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/manila/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-mariadb.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-mariadb.conf.j2
deleted file mode 100644
index 8543983e04..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-mariadb.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/mariadb/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-masakari.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-masakari.conf.j2
deleted file mode 100644
index 8f71f0975f..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-masakari.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/masakari/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-mistral.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-mistral.conf.j2
deleted file mode 100644
index e8e6da8e39..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-mistral.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/mistral/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-nova.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-nova.conf.j2
deleted file mode 100644
index 657a994da1..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-nova.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/nova/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-octavia.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-octavia.conf.j2
deleted file mode 100644
index f7464d7e25..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-octavia.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/octavia/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-opensearch-dashboards.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-opensearch-dashboards.conf.j2
deleted file mode 100644
index 7d77ee24ed..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-opensearch-dashboards.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/opensearch-dashboards/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-opensearch.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-opensearch.conf.j2
deleted file mode 100644
index 4f02e14a74..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-opensearch.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/opensearch/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-openvswitch.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-openvswitch.conf.j2
deleted file mode 100644
index 5abab08b2a..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-openvswitch.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/openvswitch/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-placement.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-placement.conf.j2
deleted file mode 100644
index 3df479c0d0..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-placement.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/placement/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-prometheus.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-prometheus.conf.j2
deleted file mode 100644
index fdfe807141..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-prometheus.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/prometheus/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-proxysql.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-proxysql.conf.j2
deleted file mode 100644
index 7055cce4ea..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-proxysql.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/proxysql/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-rabbitmq.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-rabbitmq.conf.j2
deleted file mode 100644
index cf2dc3f367..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-rabbitmq.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/rabbitmq/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-skyline.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-skyline.conf.j2
deleted file mode 100644
index 847870d9a6..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-skyline.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/skyline/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-swift.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-swift.conf.j2
deleted file mode 100644
index 0ad2badf1b..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-swift.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/swift/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-tacker.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-tacker.conf.j2
deleted file mode 100644
index 6815816451..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-tacker.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/tacker/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-trove.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-trove.conf.j2
deleted file mode 100644
index 7a8150c318..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-trove.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/trove/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-valkey.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-valkey.conf.j2
deleted file mode 100644
index f59111e1d4..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-valkey.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/valkey/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-watcher.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-watcher.conf.j2
deleted file mode 100644
index e7edaf909d..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-watcher.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/watcher/*.log"
-{
-}
diff --git a/ansible/roles/cron/templates/cron-logrotate-zun.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-zun.conf.j2
deleted file mode 100644
index 57eef45c6e..0000000000
--- a/ansible/roles/cron/templates/cron-logrotate-zun.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/zun/*.log"
-{
-}
diff --git a/ansible/roles/cyborg/defaults/main.yml b/ansible/roles/cyborg/defaults/main.yml
index 75e790eaa8..7aa233a007 100644
--- a/ansible/roles/cyborg/defaults/main.yml
+++ b/ansible/roles/cyborg/defaults/main.yml
@@ -16,6 +16,9 @@ cyborg_services:
external: false
port: "{{ cyborg_api_port }}"
listen_port: "{{ cyborg_api_listen_port }}"
+ backend_http_extra:
+ - "option httpchk GET /"
+ - "http-check expect status 200"
cyborg_api_external:
enabled: "{{ enable_cyborg }}"
mode: "http"
@@ -23,6 +26,9 @@ cyborg_services:
external_fqdn: "{{ cyborg_external_fqdn }}"
port: "{{ cyborg_api_public_port }}"
listen_port: "{{ cyborg_api_listen_port }}"
+ backend_http_extra:
+ - "option httpchk GET /"
+ - "http-check expect status 200"
cyborg-agent:
container_name: cyborg_agent
group: cyborg-agent
diff --git a/ansible/roles/designate/defaults/main.yml b/ansible/roles/designate/defaults/main.yml
index cb94c39a6f..f9e5bc7e5e 100644
--- a/ansible/roles/designate/defaults/main.yml
+++ b/ansible/roles/designate/defaults/main.yml
@@ -17,7 +17,8 @@ designate_services:
port: "{{ designate_api_port }}"
listen_port: "{{ designate_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
tls_backend: "{{ designate_enable_tls_backend | bool }}"
designate_api_external:
enabled: "{{ enable_designate }}"
@@ -27,7 +28,8 @@ designate_services:
port: "{{ designate_api_public_port }}"
listen_port: "{{ designate_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
tls_backend: "{{ designate_enable_tls_backend | bool }}"
designate-backend-bind9:
container_name: designate_backend_bind9
@@ -159,7 +161,7 @@ designate_api_healthcheck_test:
- >-
healthcheck_curl {{
'https' if designate_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ designate_api_listen_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ designate_api_listen_port }}/healthcheck
designate_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
designate_api_healthcheck:
interval: "{{ designate_api_healthcheck_interval }}"
diff --git a/ansible/roles/etcd/defaults/main.yml b/ansible/roles/etcd/defaults/main.yml
index 443031eccc..563eff9dc2 100644
--- a/ansible/roles/etcd/defaults/main.yml
+++ b/ansible/roles/etcd/defaults/main.yml
@@ -8,12 +8,16 @@ etcd_services:
image: "{{ etcd_image_full }}"
volumes: "{{ etcd_default_volumes + etcd_extra_volumes }}"
dimensions: "{{ etcd_dimensions }}"
+ healthcheck: "{{ etcd_healthcheck }}"
haproxy:
etcd:
enabled: true
mode: "http"
external: false
port: "{{ etcd_client_port }}"
+ backend_http_extra:
+ - "option httpchk GET /health"
+ - "http-check expect status 200"
tls_backend: "{{ etcd_enable_tls | bool }}"
####################
@@ -84,6 +88,19 @@ etcd_tag: "{{ openstack_tag }}"
etcd_image_full: "{{ etcd_image }}:{{ etcd_tag }}"
etcd_dimensions: "{{ default_container_dimensions }}"
+etcd_enable_healthchecks: "{{ enable_container_healthchecks }}"
+etcd_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
+etcd_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
+etcd_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
+etcd_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}/health"]
+etcd_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
+etcd_healthcheck:
+ interval: "{{ etcd_healthcheck_interval }}"
+ retries: "{{ etcd_healthcheck_retries }}"
+ start_period: "{{ etcd_healthcheck_start_period }}"
+ test: "{% if etcd_enable_healthchecks | bool %}{{ etcd_healthcheck_test }}{% else %}NONE{% endif %}"
+ timeout: "{{ etcd_healthcheck_timeout }}"
+
etcd_default_volumes:
- "{{ node_config_directory }}/etcd/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
diff --git a/ansible/roles/etcd/tasks/bootstrap_cluster.yml b/ansible/roles/etcd/tasks/bootstrap_cluster.yml
index e62ebfc0da..f8b731dea9 100644
--- a/ansible/roles/etcd/tasks/bootstrap_cluster.yml
+++ b/ansible/roles/etcd/tasks/bootstrap_cluster.yml
@@ -12,6 +12,7 @@
name: "{{ service.container_name }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
+ healthcheck: "{{ service.healthcheck | default(omit) }}"
- name: Wait for etcd service port liveness
ansible.builtin.wait_for:
diff --git a/ansible/roles/etcd/tasks/bootstrap_services.yml b/ansible/roles/etcd/tasks/bootstrap_services.yml
index b2bb463286..d9aa18abcf 100644
--- a/ansible/roles/etcd/tasks/bootstrap_services.yml
+++ b/ansible/roles/etcd/tasks/bootstrap_services.yml
@@ -24,6 +24,7 @@
name: "{{ service.container_name }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
+ healthcheck: "{{ service.healthcheck | default(omit) }}"
- name: Wait for etcd service port liveness
ansible.builtin.wait_for:
diff --git a/ansible/roles/etcd/tasks/restart_services.yml b/ansible/roles/etcd/tasks/restart_services.yml
index 3f6991dcf0..192bad8d47 100644
--- a/ansible/roles/etcd/tasks/restart_services.yml
+++ b/ansible/roles/etcd/tasks/restart_services.yml
@@ -12,6 +12,7 @@
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
environment: "{{ service.environment }}"
+ healthcheck: "{{ service.healthcheck | default(omit) }}"
- name: Wait for etcd service port liveness
ansible.builtin.wait_for:
diff --git a/ansible/roles/fluentd/templates/conf/filter/00-record_transformer.conf.j2 b/ansible/roles/fluentd/templates/conf/filter/00-record_transformer.conf.j2
index ffdf37c27b..508f7df1c6 100644
--- a/ansible/roles/fluentd/templates/conf/filter/00-record_transformer.conf.j2
+++ b/ansible/roles/fluentd/templates/conf/filter/00-record_transformer.conf.j2
@@ -7,13 +7,6 @@
-
- @type record_transformer
-
- Logger ${tag_parts[4]}
-
-
-
@type record_transformer
diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml
index b24235c434..b8ab385143 100644
--- a/ansible/roles/glance/defaults/main.yml
+++ b/ansible/roles/glance/defaults/main.yml
@@ -22,7 +22,8 @@ glance_services:
- "timeout client {{ haproxy_glance_api_client_timeout }}"
backend_http_extra:
- "timeout server {{ haproxy_glance_api_server_timeout }}"
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
custom_member_list: "{{ haproxy_members.split(';') }}"
tls_backend: "{{ glance_enable_tls_backend | bool }}"
glance_api_external:
@@ -35,7 +36,8 @@ glance_services:
- "timeout client {{ haproxy_glance_api_client_timeout }}"
backend_http_extra:
- "timeout server {{ haproxy_glance_api_server_timeout }}"
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
custom_member_list: "{{ haproxy_members.split(';') }}"
tls_backend: "{{ glance_enable_tls_backend | bool }}"
@@ -146,7 +148,7 @@ glance_api_healthcheck_test:
- "CMD-SHELL"
- >-
healthcheck_curl {{ 'https' if glance_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ glance_api_listen_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ glance_api_listen_port }}/healthcheck
glance_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
glance_api_healthcheck:
interval: "{{ glance_api_healthcheck_interval }}"
@@ -155,6 +157,23 @@ glance_api_healthcheck:
test: "{% if glance_api_enable_healthchecks | bool %}{{ glance_api_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ glance_api_healthcheck_timeout }}"
+glance_tls_proxy_enable_healthchecks: "{{ enable_container_healthchecks }}"
+glance_tls_proxy_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
+glance_tls_proxy_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
+glance_tls_proxy_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
+glance_tls_proxy_healthcheck_test:
+ - "CMD-SHELL"
+ - >-
+ healthcheck_curl -u {{ haproxy_user }}:{{ haproxy_password }} {{
+ api_interface_address | put_address_in_context('url') }}:{{ glance_tls_proxy_stats_port }}/healthcheck
+glance_tls_proxy_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
+glance_tls_proxy_healthcheck:
+ interval: "{{ glance_tls_proxy_healthcheck_interval }}"
+ retries: "{{ glance_tls_proxy_healthcheck_retries }}"
+ start_period: "{{ glance_tls_proxy_healthcheck_start_period }}"
+ test: "{% if glance_tls_proxy_enable_healthchecks | bool %}{{ glance_tls_proxy_healthcheck_test }}{% else %}NONE{% endif %}"
+ timeout: "{{ glance_tls_proxy_healthcheck_timeout }}"
+
glance_api_default_volumes:
- "{{ node_config_directory }}/glance-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
diff --git a/ansible/roles/gnocchi/defaults/main.yml b/ansible/roles/gnocchi/defaults/main.yml
index 32ba19ca40..401f143267 100644
--- a/ansible/roles/gnocchi/defaults/main.yml
+++ b/ansible/roles/gnocchi/defaults/main.yml
@@ -17,7 +17,8 @@ gnocchi_services:
port: "{{ gnocchi_api_port }}"
listen_port: "{{ gnocchi_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
gnocchi_api_external:
enabled: "{{ enable_gnocchi }}"
mode: "http"
@@ -26,7 +27,8 @@ gnocchi_services:
port: "{{ gnocchi_api_public_port }}"
listen_port: "{{ gnocchi_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
gnocchi-metricd:
container_name: gnocchi_metricd
group: gnocchi-metricd
@@ -100,7 +102,11 @@ gnocchi_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
gnocchi_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
gnocchi_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
gnocchi_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
-gnocchi_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ gnocchi_api_listen_port }}"]
+gnocchi_api_healthcheck_test:
+ - "CMD-SHELL"
+ - >-
+ healthcheck_curl http://{{
+ api_interface_address | put_address_in_context('url') }}:{{ gnocchi_api_listen_port }}/healthcheck
gnocchi_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
gnocchi_api_healthcheck:
interval: "{{ gnocchi_api_healthcheck_interval }}"
diff --git a/ansible/roles/grafana/defaults/main.yml b/ansible/roles/grafana/defaults/main.yml
index b98d6e7272..e7aac005a6 100644
--- a/ansible/roles/grafana/defaults/main.yml
+++ b/ansible/roles/grafana/defaults/main.yml
@@ -7,6 +7,7 @@ grafana_services:
image: "{{ grafana_image_full }}"
volumes: "{{ grafana_default_volumes + grafana_extra_volumes }}"
dimensions: "{{ grafana_dimensions }}"
+ healthcheck: "{{ grafana_healthcheck }}"
haproxy:
grafana_server:
enabled: "{{ enable_grafana }}"
@@ -15,7 +16,8 @@ grafana_services:
port: "{{ grafana_server_port }}"
listen_port: "{{ grafana_server_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /api/health"
+ - "http-check expect status 200"
grafana_server_external:
enabled: "{{ enable_grafana_external | bool }}"
mode: "http"
@@ -24,7 +26,8 @@ grafana_services:
port: "{{ grafana_server_public_port }}"
listen_port: "{{ grafana_server_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /api/health"
+ - "http-check expect status 200"
####################
# Database
@@ -90,6 +93,23 @@ grafana_tag: "{{ openstack_tag }}"
grafana_image_full: "{{ grafana_image }}:{{ grafana_tag }}"
grafana_admin_username: "admin"
+grafana_enable_healthchecks: "{{ enable_container_healthchecks }}"
+grafana_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
+grafana_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
+grafana_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
+grafana_healthcheck_test:
+ - "CMD-SHELL"
+ - >-
+ healthcheck_curl http://{{
+ api_interface_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/health
+grafana_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
+grafana_healthcheck:
+ interval: "{{ grafana_healthcheck_interval }}"
+ retries: "{{ grafana_healthcheck_retries }}"
+ start_period: "{{ grafana_healthcheck_start_period }}"
+ test: "{% if grafana_enable_healthchecks | bool %}{{ grafana_healthcheck_test }}{% else %}NONE{% endif %}"
+ timeout: "{{ grafana_healthcheck_timeout }}"
+
grafana_dimensions: "{{ default_container_dimensions }}"
grafana_default_volumes:
- "{{ node_config_directory }}/grafana/:{{ container_config_directory }}/:ro"
@@ -100,8 +120,7 @@ grafana_extra_volumes: "{{ default_extra_volumes }}"
grafana_start_first_node_delay: 10
grafana_start_first_node_retries: 12
-# TODO(dawudm): make this True in the D release
-grafana_remove_old_volume: false
+grafana_remove_old_volume: true
############
# Prometheus
diff --git a/ansible/roles/grafana/handlers/main.yml b/ansible/roles/grafana/handlers/main.yml
index 7096d367d5..7e66df2da1 100644
--- a/ansible/roles/grafana/handlers/main.yml
+++ b/ansible/roles/grafana/handlers/main.yml
@@ -12,6 +12,7 @@
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
+ healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- inventory_hostname == groups[service.group] | first
@@ -25,7 +26,7 @@
container_engine: "{{ kolla_container_engine }}"
module_name: uri
module_args:
- url: "http://{{ api_interface_address | put_address_in_context('url') }}:{{ grafana_server_port }}/login"
+ url: "http://{{ api_interface_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/health"
status_code: 200
register: result
until: result.get('status') == 200
@@ -47,5 +48,6 @@
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
+ healthcheck: "{{ service.healthcheck | default(omit) }}"
when:
- inventory_hostname != groups[service.group] | first
diff --git a/ansible/roles/heat/defaults/main.yml b/ansible/roles/heat/defaults/main.yml
index f13263d230..ec82d57c0b 100644
--- a/ansible/roles/heat/defaults/main.yml
+++ b/ansible/roles/heat/defaults/main.yml
@@ -18,7 +18,8 @@ heat_services:
listen_port: "{{ heat_api_listen_port }}"
tls_backend: "{{ heat_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
heat_api_external:
enabled: "{{ enable_heat }}"
mode: "http"
@@ -28,7 +29,8 @@ heat_services:
listen_port: "{{ heat_api_listen_port }}"
tls_backend: "{{ heat_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
heat-api-cfn:
container_name: heat_api_cfn
group: heat-api-cfn
@@ -47,7 +49,8 @@ heat_services:
listen_port: "{{ heat_api_cfn_listen_port }}"
tls_backend: "{{ heat_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
heat_api_cfn_external:
enabled: "{{ enable_heat }}"
mode: "http"
@@ -57,7 +60,8 @@ heat_services:
listen_port: "{{ heat_api_cfn_listen_port }}"
tls_backend: "{{ heat_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
heat-engine:
container_name: heat_engine
group: heat-engine
@@ -127,7 +131,7 @@ heat_api_healthcheck_test:
- "CMD-SHELL"
- >-
healthcheck_curl {{ 'https' if heat_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ heat_api_listen_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ heat_api_listen_port }}/healthcheck
heat_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
heat_api_healthcheck:
interval: "{{ heat_api_healthcheck_interval }}"
@@ -144,7 +148,7 @@ heat_api_cfn_healthcheck_test:
- "CMD-SHELL"
- >-
healthcheck_curl {{ 'https' if heat_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ heat_api_cfn_listen_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ heat_api_cfn_listen_port }}/healthcheck
heat_api_cfn_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
heat_api_cfn_healthcheck:
interval: "{{ heat_api_cfn_healthcheck_interval }}"
diff --git a/ansible/roles/ironic/tasks/upgrade.yml b/ansible/roles/ironic/tasks/upgrade.yml
index 83b7fa0d72..7303686ad8 100644
--- a/ansible/roles/ironic/tasks/upgrade.yml
+++ b/ansible/roles/ironic/tasks/upgrade.yml
@@ -114,7 +114,7 @@
delegate_to: "{{ groups[ironic_api.group][0] }}"
when: inventory_hostname in groups[ironic_api.group]
-# TODO(mnasiadka): Remove this task in Gazpacho/2026.1 release
+# TODO(mnasiadka): Remove this task after Gazpacho/2026.1 release
- name: Remove ironic_inspector_dhcp_hosts volume
become: true
changed_when: true
diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml
index f6a29d44b2..3727fdd3f7 100644
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@@ -19,7 +19,8 @@ keystone_services:
listen_port: "{{ keystone_internal_listen_port }}"
backend_http_extra:
- "balance {{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
keystone_external:
enabled: "{{ enable_keystone }}"
mode: "http"
@@ -30,7 +31,8 @@ keystone_services:
listen_port: "{{ keystone_public_listen_port }}"
backend_http_extra:
- "balance {{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}"
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
keystone-fernet:
container_name: "keystone_fernet"
group: "keystone"
@@ -136,7 +138,7 @@ keystone_healthcheck_test:
- "CMD-SHELL"
- >-
healthcheck_curl {{ 'https' if keystone_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ keystone_public_listen_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ keystone_public_listen_port }}/healthcheck
keystone_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
keystone_healthcheck:
interval: "{{ keystone_healthcheck_interval }}"
diff --git a/ansible/roles/loadbalancer/tasks/upgrade.yml b/ansible/roles/loadbalancer/tasks/upgrade.yml
index 1347277cb2..d33b4f1e72 100644
--- a/ansible/roles/loadbalancer/tasks/upgrade.yml
+++ b/ansible/roles/loadbalancer/tasks/upgrade.yml
@@ -18,7 +18,7 @@
when:
- inventory_hostname in groups['loadbalancer']
-# TODO(mnasiadka): Remove this task after Gazpacho release
+# TODO(mnasiadka): Remove this task after Gazpacho/2026.1 release
- name: Removing config for glance-tls-proxy
ansible.builtin.file:
path: "{{ node_config_directory }}/haproxy/services.d/glance-tls-proxy.cfg"
@@ -36,7 +36,7 @@
when:
- inventory_hostname in groups['loadbalancer']
-# TODO(mnasiadka): Remove this task in Gazpacho/2026.1 release
+# TODO(mnasiadka): Remove this task after Gazpacho/2026.1 release
- name: Removing config for ironic-inspector
ansible.builtin.file:
path: "{{ node_config_directory }}/haproxy/services.d/ironic-inspector.cfg"
diff --git a/ansible/roles/logs/tasks/main.yml b/ansible/roles/logs/tasks/main.yml
new file mode 100644
index 0000000000..3ebc0fc44c
--- /dev/null
+++ b/ansible/roles/logs/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: Ensure /var/log/kolla exists
+ when: kolla_action in ['deploy', 'reconfigure']
+ block:
+ - name: Ensure log volume exists
+ become: true
+ kolla_container:
+ action: "create_volume"
+ common_options: "{{ docker_common_options }}"
+ name: "kolla_logs"
+
+ - name: Ensure kolla_logs volume link to /var/log/kolla exists
+ become: true
+ ansible.builtin.file:
+ src: "{{ container_engine_volumes_path }}/kolla_logs/_data"
+ path: /var/log/kolla
+ state: link
diff --git a/ansible/roles/magnum/defaults/main.yml b/ansible/roles/magnum/defaults/main.yml
index 0118ee657d..0e848a7297 100644
--- a/ansible/roles/magnum/defaults/main.yml
+++ b/ansible/roles/magnum/defaults/main.yml
@@ -19,7 +19,8 @@ magnum_services:
port: "{{ magnum_api_port }}"
listen_port: "{{ magnum_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
tls_backend: "{{ magnum_enable_tls_backend | bool }}"
magnum_api_external:
enabled: "{{ enable_magnum }}"
@@ -29,7 +30,8 @@ magnum_services:
port: "{{ magnum_api_public_port }}"
listen_port: "{{ magnum_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
tls_backend: "{{ magnum_enable_tls_backend | bool }}"
magnum-conductor:
container_name: magnum_conductor
@@ -105,7 +107,7 @@ magnum_api_healthcheck_test:
- "CMD-SHELL"
- >-
healthcheck_curl {{ 'https' if magnum_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ magnum_api_listen_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ magnum_api_listen_port }}/healthcheck
magnum_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
magnum_api_healthcheck:
interval: "{{ magnum_api_healthcheck_interval }}"
diff --git a/ansible/roles/manila/defaults/main.yml b/ansible/roles/manila/defaults/main.yml
index 8b7442ba5d..3ddaa7d84a 100644
--- a/ansible/roles/manila/defaults/main.yml
+++ b/ansible/roles/manila/defaults/main.yml
@@ -17,7 +17,8 @@ manila_services:
port: "{{ manila_api_port }}"
listen_port: "{{ manila_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
manila_api_external:
enabled: "{{ enable_manila }}"
mode: "http"
@@ -26,7 +27,8 @@ manila_services:
port: "{{ manila_api_public_port }}"
listen_port: "{{ manila_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
manila-scheduler:
container_name: "manila_scheduler"
group: "manila-scheduler"
@@ -115,7 +117,11 @@ manila_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
manila_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
manila_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
manila_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
-manila_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ manila_api_port }}"]
+manila_api_healthcheck_test:
+ - "CMD-SHELL"
+ - >-
+ healthcheck_curl http://{{
+ api_interface_address | put_address_in_context('url') }}:{{ manila_api_port }}/healthcheck
manila_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
manila_api_healthcheck:
interval: "{{ manila_api_healthcheck_interval }}"
diff --git a/ansible/roles/masakari/defaults/main.yml b/ansible/roles/masakari/defaults/main.yml
index 396726964f..12910a5b92 100644
--- a/ansible/roles/masakari/defaults/main.yml
+++ b/ansible/roles/masakari/defaults/main.yml
@@ -7,6 +7,7 @@ masakari_services:
image: "{{ masakari_api_image_full }}"
volumes: "{{ masakari_api_default_volumes + masakari_api_extra_volumes }}"
dimensions: "{{ masakari_api_dimensions }}"
+ healthcheck: "{{ masakari_api_healthcheck }}"
wsgi: "masakari.wsgi.api:application"
haproxy:
masakari_api:
@@ -16,7 +17,8 @@ masakari_services:
port: "{{ masakari_api_port }}"
listen_port: "{{ masakari_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /"
+ - "http-check expect status 200"
masakari_api_external:
enabled: "{{ enable_masakari }}"
mode: "http"
@@ -25,7 +27,8 @@ masakari_services:
port: "{{ masakari_api_public_port }}"
listen_port: "{{ masakari_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /"
+ - "http-check expect status 200"
masakari-engine:
container_name: masakari_engine
group: masakari-engine
@@ -105,6 +108,23 @@ masakari_engine_dimensions: "{{ default_container_dimensions }}"
masakari_instancemonitor_dimensions: "{{ masakari_monitors_dimensions | default(default_container_dimensions) }}"
masakari_hostmonitor_dimensions: "{{ default_container_dimensions }}"
+masakari_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
+masakari_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
+masakari_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
+masakari_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
+masakari_api_healthcheck_test:
+ - "CMD-SHELL"
+ - >-
+ healthcheck_curl http://{{
+ api_interface_address | put_address_in_context('url') }}:{{ masakari_api_port }}/healthcheck
+masakari_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
+masakari_api_healthcheck:
+ interval: "{{ masakari_api_healthcheck_interval }}"
+ retries: "{{ masakari_api_healthcheck_retries }}"
+ start_period: "{{ masakari_api_healthcheck_start_period }}"
+ test: "{% if masakari_api_enable_healthchecks | bool %}{{ masakari_api_healthcheck_test }}{% else %}NONE{% endif %}"
+ timeout: "{{ masakari_api_healthcheck_timeout }}"
+
masakari_extra_volumes: "{{ default_extra_volumes }}"
masakari_api_extra_volumes: "{{ masakari_extra_volumes }}"
masakari_engine_extra_volumes: "{{ masakari_extra_volumes }}"
diff --git a/ansible/roles/mistral/defaults/main.yml b/ansible/roles/mistral/defaults/main.yml
index 0bb5755900..1563421185 100644
--- a/ansible/roles/mistral/defaults/main.yml
+++ b/ansible/roles/mistral/defaults/main.yml
@@ -17,7 +17,8 @@ mistral_services:
port: "{{ mistral_api_port }}"
listen_port: "{{ mistral_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /"
+ - "http-check expect status 200"
mistral_api_external:
enabled: "{{ enable_mistral }}"
mode: "http"
@@ -26,7 +27,8 @@ mistral_services:
port: "{{ mistral_api_public_port }}"
listen_port: "{{ mistral_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /"
+ - "http-check expect status 200"
mistral-engine:
container_name: mistral_engine
group: mistral-engine
diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index 8e3e53c625..0518e3d8d3 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -18,7 +18,8 @@ neutron_services:
port: "{{ neutron_server_port }}"
listen_port: "{{ neutron_server_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
tls_backend: "{{ neutron_enable_tls_backend | bool }}"
neutron_server_external:
enabled: true
@@ -28,7 +29,8 @@ neutron_services:
port: "{{ neutron_server_public_port }}"
listen_port: "{{ neutron_server_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
tls_backend: "{{ neutron_enable_tls_backend | bool }}"
neutron-rpc-server:
container_name: "neutron_rpc_server"
@@ -443,7 +445,7 @@ neutron_server_healthcheck_test:
- "CMD-SHELL"
- >-
healthcheck_curl {{ 'https' if neutron_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ neutron_server_listen_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ neutron_server_listen_port }}/healthcheck
neutron_server_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
neutron_server_healthcheck:
interval: "{{ neutron_server_healthcheck_interval }}"
diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml
index 2fe3b3e526..faf44558a3 100644
--- a/ansible/roles/nova/defaults/main.yml
+++ b/ansible/roles/nova/defaults/main.yml
@@ -19,7 +19,8 @@ nova_services:
listen_port: "{{ nova_api_listen_port }}"
tls_backend: "{{ nova_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /"
+ - "http-check expect status 200"
nova_api_external:
enabled: "{{ enable_nova }}"
mode: "http"
@@ -29,7 +30,8 @@ nova_services:
listen_port: "{{ nova_api_listen_port }}"
tls_backend: "{{ nova_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /"
+ - "http-check expect status 200"
nova-metadata:
container_name: "nova_metadata"
group: "nova-metadata"
@@ -48,7 +50,8 @@ nova_services:
listen_port: "{{ nova_metadata_listen_port }}"
tls_backend: "{{ nova_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /"
+ - "http-check expect status 200"
nova_metadata_external:
enabled: "{{ nova_enable_external_metadata }}"
mode: "http"
@@ -58,7 +61,8 @@ nova_services:
listen_port: "{{ nova_metadata_listen_port }}"
tls_backend: "{{ nova_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /"
+ - "http-check expect status 200"
nova-scheduler:
container_name: "nova_scheduler"
group: "nova-scheduler"
diff --git a/ansible/roles/octavia/defaults/main.yml b/ansible/roles/octavia/defaults/main.yml
index 37cd2b077c..a75ee1770a 100644
--- a/ansible/roles/octavia/defaults/main.yml
+++ b/ansible/roles/octavia/defaults/main.yml
@@ -17,6 +17,9 @@ octavia_services:
port: "{{ octavia_api_port }}"
listen_port: "{{ octavia_api_listen_port }}"
tls_backend: "{{ octavia_enable_tls_backend }}"
+ backend_http_extra:
+ - "option httpchk GET /"
+ - "http-check expect status 200"
octavia_api_external:
enabled: "{{ enable_octavia }}"
mode: "http"
@@ -25,6 +28,9 @@ octavia_services:
port: "{{ octavia_api_public_port }}"
listen_port: "{{ octavia_api_listen_port }}"
tls_backend: "{{ octavia_enable_tls_backend }}"
+ backend_http_extra:
+ - "option httpchk GET /"
+ - "http-check expect status 200"
octavia-driver-agent:
container_name: octavia_driver_agent
group: octavia-driver-agent
diff --git a/ansible/roles/ovn-db/defaults/main.yml b/ansible/roles/ovn-db/defaults/main.yml
index 05bd6c81c1..f01a739ced 100644
--- a/ansible/roles/ovn-db/defaults/main.yml
+++ b/ansible/roles/ovn-db/defaults/main.yml
@@ -104,17 +104,10 @@ ovn_db_inactivity_probe: "60000"
ovn_sb_db_inactivity_probe: "{{ ovn_db_inactivity_probe }}"
ovn_nb_db_inactivity_probe: "{{ ovn_db_inactivity_probe }}"
ovn_sb_db_relay_active_inactivity_probe: "{{ ovn_db_inactivity_probe | int * 2 }}"
-ovn_sb_db_relay_passive_inactivity_probe: "{{ ovn_db_inactivity_probe }}"
-ovn_sb_db_relay_max_backoff: "{{ ovn_db_inactivity_probe }}"
-
-# TODO(mnnasiadka): remove that once Debian gets OVS 3.3+
ovn_sb_db_relay_config_file_args: >-
- {% if kolla_base_distro == 'debian' %}
- --db-sb-relay-remote={{ ovn_sb_connection_no_relay }}
- -- --remote=ptcp:{{ ovn_sb_db_relay_port_prefix ~ ovn_sb_db_relay_group_id }}:{{ api_interface_address | put_address_in_context('url') }}
- {% else %}
--db-sb-relay-config-file=/etc/ovn/ovsdb-relay.json
- {% endif %}
+ovn_sb_db_relay_passive_inactivity_probe: "{{ ovn_db_inactivity_probe }}"
+ovn_sb_db_relay_max_backoff: "{{ ovn_db_inactivity_probe }}"
# OVN startup commands
ovn_nb_command: >-
diff --git a/ansible/roles/placement/defaults/main.yml b/ansible/roles/placement/defaults/main.yml
index 85a734c182..f70c496b9a 100644
--- a/ansible/roles/placement/defaults/main.yml
+++ b/ansible/roles/placement/defaults/main.yml
@@ -19,6 +19,7 @@ placement_services:
tls_backend: "{{ placement_enable_tls_backend }}"
backend_http_extra:
- "option httpchk GET /"
+ - "http-check expect status 200"
placement_api_external:
enabled: "{{ enable_placement }}"
mode: "http"
@@ -29,6 +30,7 @@ placement_services:
tls_backend: "{{ placement_enable_tls_backend }}"
backend_http_extra:
- "option httpchk GET /"
+ - "http-check expect status 200"
####################
# Config Validate
diff --git a/ansible/roles/rabbitmq/defaults/main.yml b/ansible/roles/rabbitmq/defaults/main.yml
index f1ed69f38a..72cb1e657f 100644
--- a/ansible/roles/rabbitmq/defaults/main.yml
+++ b/ansible/roles/rabbitmq/defaults/main.yml
@@ -26,7 +26,8 @@ rabbitmq_services:
port: "{{ rabbitmq_management_port }}"
host_group: "rabbitmq"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /api/overview"
+ - "http-check send hdr Authorization 'Basic {{ (rabbitmq_monitoring_user + ':' + rabbitmq_monitoring_password) | b64encode }}'"
####################
# Docker
diff --git a/ansible/roles/tacker/defaults/main.yml b/ansible/roles/tacker/defaults/main.yml
index ddcee2a24b..e00108b97c 100644
--- a/ansible/roles/tacker/defaults/main.yml
+++ b/ansible/roles/tacker/defaults/main.yml
@@ -16,6 +16,9 @@ tacker_services:
external: false
port: "{{ tacker_server_port }}"
listen_port: "{{ tacker_server_listen_port }}"
+ backend_http_extra:
+ - "option httpchk GET /"
+ - "http-check expect status 200"
custom_member_list: "{{ tacker_haproxy_members.split(';') }}"
tacker_server_external:
enabled: "{{ enable_tacker }}"
@@ -24,6 +27,9 @@ tacker_services:
external_fqdn: "{{ tacker_external_fqdn }}"
port: "{{ tacker_server_public_port }}"
listen_port: "{{ tacker_server_listen_port }}"
+ backend_http_extra:
+ - "option httpchk GET /"
+ - "http-check expect status 200"
custom_member_list: "{{ tacker_haproxy_members.split(';') }}"
tacker-conductor:
container_name: "tacker_conductor"
diff --git a/ansible/roles/trove/defaults/main.yml b/ansible/roles/trove/defaults/main.yml
index 3abf8e622a..8dd251d4e6 100644
--- a/ansible/roles/trove/defaults/main.yml
+++ b/ansible/roles/trove/defaults/main.yml
@@ -18,7 +18,8 @@ trove_services:
listen_port: "{{ trove_api_listen_port }}"
tls_backend: "{{ trove_enable_tls_backend }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
trove_api_external:
enabled: "{{ enable_trove }}"
mode: "http"
@@ -28,7 +29,8 @@ trove_services:
external_fqdn: "{{ trove_external_fqdn }}"
port: "{{ trove_api_public_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
trove-conductor:
container_name: trove_conductor
group: trove-conductor
@@ -106,7 +108,7 @@ trove_api_healthcheck_test:
- "CMD-SHELL"
- >-
healthcheck_curl {{ 'https' if trove_enable_tls_backend | bool else 'http' }}://{{
- api_interface_address | put_address_in_context('url') }}:{{ trove_api_port }}
+ api_interface_address | put_address_in_context('url') }}:{{ trove_api_port }}/healthcheck
trove_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
trove_api_healthcheck:
interval: "{{ trove_api_healthcheck_interval }}"
diff --git a/ansible/roles/watcher/defaults/main.yml b/ansible/roles/watcher/defaults/main.yml
index d22e5ad995..86a68d5b4f 100644
--- a/ansible/roles/watcher/defaults/main.yml
+++ b/ansible/roles/watcher/defaults/main.yml
@@ -17,6 +17,7 @@ watcher_services:
listen_port: "{{ watcher_api_listen_port }}"
backend_http_extra:
- "option httpchk GET /"
+ - "http-check expect status 200"
watcher_api_external:
enabled: "{{ enable_watcher }}"
mode: "http"
@@ -26,6 +27,7 @@ watcher_services:
listen_port: "{{ watcher_api_listen_port }}"
backend_http_extra:
- "option httpchk GET /"
+ - "http-check expect status 200"
watcher-applier:
container_name: watcher_applier
group: watcher-applier
diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml
index a35d0ddfa4..01a577f20c 100644
--- a/ansible/roles/zun/defaults/main.yml
+++ b/ansible/roles/zun/defaults/main.yml
@@ -17,7 +17,8 @@ zun_services:
port: "{{ zun_api_port }}"
listen_port: "{{ zun_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
zun_api_external:
enabled: "{{ enable_zun }}"
mode: "http"
@@ -26,7 +27,8 @@ zun_services:
port: "{{ zun_api_public_port }}"
listen_port: "{{ zun_api_listen_port }}"
backend_http_extra:
- - "option httpchk"
+ - "option httpchk GET /healthcheck"
+ - "http-check expect status 200"
zun-wsproxy:
container_name: zun_wsproxy
group: zun-wsproxy
@@ -127,7 +129,7 @@ zun_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
zun_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
zun_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
zun_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
-zun_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ zun_api_port }}"]
+zun_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ zun_api_port }}/healthcheck"]
zun_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
zun_api_healthcheck:
interval: "{{ zun_api_healthcheck_interval }}"
diff --git a/ansible/site.yml b/ansible/site.yml
index abc31d580a..08a072ccfd 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -83,10 +83,23 @@
roles:
- role: prechecks
+- name: Apply role logs
+ gather_facts: false
+ hosts: kolla_logs
+ serial: '{{ kolla_serial|default("0") }}'
+ max_fail_percentage: >-
+ {{ logs_max_fail_percentage |
+ default(kolla_max_fail_percentage) |
+ default(100) }}
+ tags:
+ - common
+ - logs
+ roles:
+ - logs
+
- name: Apply role common
gather_facts: false
hosts:
- - kolla-logs
- kolla-toolbox
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
diff --git a/doc/source/reference/shared-services/keystone-guide.rst b/doc/source/reference/shared-services/keystone-guide.rst
index b92230dcb6..5f5bc60ac6 100644
--- a/doc/source/reference/shared-services/keystone-guide.rst
+++ b/doc/source/reference/shared-services/keystone-guide.rst
@@ -96,13 +96,13 @@ used by OpenStack command line client. Example config shown below:
keystone_federation_oidc_jwks_uri: "https:////discovery/v2.0/keys"
-Some identity providers need additional mod_auth_openidc config.
-Example for Keycloak shown below:
+Some identity providers need additional ``mod_auth_openidc`` config, which can
+be passed with the ``keystone_federation_oidc_additional_options`` variable:
.. code-block:: yaml
keystone_federation_oidc_additional_options:
- OIDCTokenBindingPolicy: disabled
+ OIDCOutgoingProxy: "http://proxy.example.com"
When using OIDC, operators can also use the following variable
to customize the delay to retry authenticating in the IdP if the
diff --git a/releasenotes/notes/add-healthcheck-a7b535c31bb72cfe.yaml b/releasenotes/notes/add-healthcheck-a7b535c31bb72cfe.yaml
new file mode 100644
index 0000000000..9b0082db71
--- /dev/null
+++ b/releasenotes/notes/add-healthcheck-a7b535c31bb72cfe.yaml
@@ -0,0 +1,14 @@
+---
+features:
+ - |
+ Standardized health check endpoints for OpenStack API
+ services and supporting components (Grafana, etcd, influxdb,
+ rabbitmq). Both HAProxy and Docker health checks now use
+ dedicated endpoints like **/healthcheck**, **/api/health**,
+ or service-specific paths for consistent and reliable detection.
+
+ Health checks now explicitly expect HTTP 200 status codes
+ and use standardized curl commands across all services.
+
+ Docker container health checks have been unified with
+ HAProxy configurations, using the same dedicated endpoints.
diff --git a/releasenotes/notes/kolla-logs-rename-13892296d83a41f5.yaml b/releasenotes/notes/kolla-logs-rename-13892296d83a41f5.yaml
new file mode 100644
index 0000000000..52b70fcbcc
--- /dev/null
+++ b/releasenotes/notes/kolla-logs-rename-13892296d83a41f5.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - |
+ ``kolla_logs`` role has been split from ``common`` role, please update
+ your inventory accordingly to include ``kolla_logs`` group.
diff --git a/releasenotes/notes/simplified-cron-templates-5d4f1730bd562da1.yaml b/releasenotes/notes/simplified-cron-templates-5d4f1730bd562da1.yaml
new file mode 100644
index 0000000000..d7e3b58f9a
--- /dev/null
+++ b/releasenotes/notes/simplified-cron-templates-5d4f1730bd562da1.yaml
@@ -0,0 +1,7 @@
+
+other:
+ - |
+ The structure of the templates for log rotate cron jobs
+ has been simplified to reduce repetition. If you have local
+ changes which add to or modify these templates you may need
+ to update your modifications.
diff --git a/tests/templates/inventory.j2 b/tests/templates/inventory.j2
index e9172ecfaa..1e28332982 100644
--- a/tests/templates/inventory.j2
+++ b/tests/templates/inventory.j2
@@ -251,12 +251,22 @@ common
[fluentd:children]
common
+{# TODO(mnasiadka) Remove in 2027.2 (after next SLURP) #}
+{% if is_upgrade | bool %}
[kolla-logs:children]
common
+{% endif %}
[kolla-toolbox:children]
common
+[kolla_logs:children]
+control
+network
+compute
+storage
+monitoring
+
[opensearch:children]
control
diff --git a/zuul.d/scenarios/aio.yaml b/zuul.d/scenarios/aio.yaml
index e26b9be8ff..4a89a11a7f 100644
--- a/zuul.d/scenarios/aio.yaml
+++ b/zuul.d/scenarios/aio.yaml
@@ -3,10 +3,10 @@
parent: kolla-ansible-base
name: kolla-ansible-aio-base
files: !inherit
- - ^ansible/group_vars/all/(common|fluentd|glance|haproxy|heat|horizon|keepalived|keystone|loadbalancer|neutron|nova|nova-cell|openvswitch|placement|proxysql|rabbitmq).yml
+ - ^ansible/group_vars/all/(common|cron|fluentd|glance|haproxy|heat|horizon|keepalived|keystone|loadbalancer|neutron|nova|nova-cell|openvswitch|placement|proxysql|rabbitmq).yml
- ^ansible/group_vars/baremetal/ansible-python-interpreter.yml
- ^ansible/(action_plugins|filter_plugins|library|module_utils)/
- - ^ansible/roles/(common|fluentd|glance|haproxy-config|heat|horizon|keystone|loadbalancer|loadbalancer-config|neutron|nova|nova-cell|openvswitch|placement|proxysql|rabbitmq|service.*)/
+ - ^ansible/roles/(common|cron|fluentd|glance|haproxy-config|heat|horizon|keystone|loadbalancer|loadbalancer-config|neutron|nova|nova-cell|openvswitch|placement|proxysql|rabbitmq|service.*)/
- ^kolla_ansible/
- ^roles/kolla-ansible-(deploy|tempest|test-dashboard|reconfigure)/
- ^tests/testinfra/test_horizon.py