From 596e4caa3b3983b5b0a73af195e45d30d100cb9b Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 31 Mar 2026 19:13:50 +0200 Subject: [PATCH 1/9] release: cinder TODO Change-Id: I11167abf2bfab89f199b93abda80a01cc31a6731 Signed-off-by: Michal Nasiadka --- ansible/roles/cinder/defaults/main.yml | 7 ------- ansible/roles/cinder/tasks/upgrade.yml | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/ansible/roles/cinder/defaults/main.yml b/ansible/roles/cinder/defaults/main.yml index e6dfcb3628..e2a2d2dd6a 100644 --- a/ansible/roles/cinder/defaults/main.yml +++ b/ansible/roles/cinder/defaults/main.yml @@ -357,13 +357,6 @@ cinder_ks_services: endpoints: - {'interface': 'internal', 'url': '{{ cinder_internal_endpoint }}'} - {'interface': 'public', 'url': '{{ cinder_public_endpoint }}'} - # TODO(mattcrees): switch to absent in G-cycle, remove in H - - name: "cinderv3" - type: "volumev3" - description: "Openstack Block Storage (deprecated)" - endpoints: - - {'interface': 'internal', 'url': '{{ cinder_v3_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ cinder_v3_public_endpoint }}'} cinder_ks_users: - project: "service" diff --git a/ansible/roles/cinder/tasks/upgrade.yml b/ansible/roles/cinder/tasks/upgrade.yml index 5b395b1c04..7a872aecb3 100644 --- a/ansible/roles/cinder/tasks/upgrade.yml +++ b/ansible/roles/cinder/tasks/upgrade.yml @@ -20,6 +20,20 @@ - name: Reload cinder services ansible.builtin.import_tasks: reload.yml +# TODO(mnasiadka): Remove me in 2026.2 +- name: Remove cinderv3 catalog entries + vars: + _cinder_volumev3: + - name: "cinderv3" + type: "volumev3" + description: "Openstack Block Storage (deprecated)" + endpoints: [] + state: absent + service_ks_register_auth: "{{ openstack_cinder_auth }}" + service_ks_register_services: "{{ _cinder_volumev3 }}" + ansible.builtin.import_role: + name: service-ks-register + - name: Running Cinder online schema migration vars: cinder_api: "{{ cinder_services['cinder-api'] }}" From 60716da1b68ee06adc8e8e8538ac046facd45b16 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 7 Apr 2026 08:41:45 +0200 Subject: [PATCH 2/9] release: Remove grafana volume by default Change-Id: I15eb7f618909d8c55507a66b2c941bd15fa36cd8 Signed-off-by: Michal Nasiadka --- ansible/roles/grafana/defaults/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/roles/grafana/defaults/main.yml b/ansible/roles/grafana/defaults/main.yml index b98d6e7272..0b34175b85 100644 --- a/ansible/roles/grafana/defaults/main.yml +++ b/ansible/roles/grafana/defaults/main.yml @@ -100,8 +100,7 @@ grafana_extra_volumes: "{{ default_extra_volumes }}" grafana_start_first_node_delay: 10 grafana_start_first_node_retries: 12 -# TODO(dawudm): make this True in the D release -grafana_remove_old_volume: false +grafana_remove_old_volume: true ############ # Prometheus From 062f2bb3fb9d5dde37ed47b72c5d046cfac3caac Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 7 Apr 2026 08:42:37 +0200 Subject: [PATCH 3/9] release: Retarget removal of ironic-inspector Some tasks have been mistakenly marked as to be removed in Gazpacho instead of after Gazpacho/in Hibiscus. Change-Id: I6b6f98371546ab4fa316c53effb2be1954c3a84b Signed-off-by: Michal Nasiadka --- ansible/roles/ironic/tasks/upgrade.yml | 2 +- ansible/roles/loadbalancer/tasks/upgrade.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/ironic/tasks/upgrade.yml b/ansible/roles/ironic/tasks/upgrade.yml index 83b7fa0d72..7303686ad8 100644 --- a/ansible/roles/ironic/tasks/upgrade.yml +++ b/ansible/roles/ironic/tasks/upgrade.yml @@ -114,7 +114,7 @@ delegate_to: "{{ groups[ironic_api.group][0] }}" when: inventory_hostname in groups[ironic_api.group] -# TODO(mnasiadka): Remove this task in Gazpacho/2026.1 release +# TODO(mnasiadka): Remove this task after Gazpacho/2026.1 release - name: Remove ironic_inspector_dhcp_hosts volume become: true changed_when: true diff --git a/ansible/roles/loadbalancer/tasks/upgrade.yml b/ansible/roles/loadbalancer/tasks/upgrade.yml index 1347277cb2..d33b4f1e72 100644 --- a/ansible/roles/loadbalancer/tasks/upgrade.yml +++ b/ansible/roles/loadbalancer/tasks/upgrade.yml @@ -18,7 +18,7 @@ when: - inventory_hostname in groups['loadbalancer'] -# TODO(mnasiadka): Remove this task after Gazpacho release +# TODO(mnasiadka): Remove this task after Gazpacho/2026.1 release - name: Removing config for glance-tls-proxy ansible.builtin.file: path: "{{ node_config_directory }}/haproxy/services.d/glance-tls-proxy.cfg" @@ -36,7 +36,7 @@ when: - inventory_hostname in groups['loadbalancer'] -# TODO(mnasiadka): Remove this task in Gazpacho/2026.1 release +# TODO(mnasiadka): Remove this task after Gazpacho/2026.1 release - name: Removing config for ironic-inspector ansible.builtin.file: path: "{{ node_config_directory }}/haproxy/services.d/ironic-inspector.cfg" From 2e9f2caaf8a8eb19563a1085e6a23d778b279dbc Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Tue, 7 Apr 2026 18:34:55 +0200 Subject: [PATCH 4/9] Remove deleted mod_auth_openidc option The option OIDCTokenBindingPolicy was deleted from mod_auth_openidc [1]. Remove it from our documentation. SSO with Keycloak was successfully tested without it. Keep documentation about keystone_federation_oidc_additional_options by using OIDCOutgoingProxy instead. [1] https://github.com/OpenIDC/mod_auth_openidc/commit/f9a52507acee0817b9cc91ec194bcea894f77ee0 Change-Id: Icfe4ef0f6070a97c4e43f691643169e71cc2772a Signed-off-by: Pierre Riteau --- doc/source/reference/shared-services/keystone-guide.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/source/reference/shared-services/keystone-guide.rst b/doc/source/reference/shared-services/keystone-guide.rst index b92230dcb6..5f5bc60ac6 100644 --- a/doc/source/reference/shared-services/keystone-guide.rst +++ b/doc/source/reference/shared-services/keystone-guide.rst @@ -96,13 +96,13 @@ used by OpenStack command line client. Example config shown below: keystone_federation_oidc_jwks_uri: "https:////discovery/v2.0/keys" -Some identity providers need additional mod_auth_openidc config. -Example for Keycloak shown below: +Some identity providers need additional ``mod_auth_openidc`` config, which can +be passed with the ``keystone_federation_oidc_additional_options`` variable: .. code-block:: yaml keystone_federation_oidc_additional_options: - OIDCTokenBindingPolicy: disabled + OIDCOutgoingProxy: "http://proxy.example.com" When using OIDC, operators can also use the following variable to customize the delay to retry authenticating in the IdP if the From a31a126cef629415f5c4c8ae48004c34c2bdaf4c Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 31 Mar 2026 19:41:34 +0200 Subject: [PATCH 5/9] release: ovn TODO Change-Id: I083a6dc921a2fb11edce4deb8bd8528cd8be8121 Signed-off-by: Michal Nasiadka --- ansible/roles/ovn-db/defaults/main.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/ansible/roles/ovn-db/defaults/main.yml b/ansible/roles/ovn-db/defaults/main.yml index 05bd6c81c1..f01a739ced 100644 --- a/ansible/roles/ovn-db/defaults/main.yml +++ b/ansible/roles/ovn-db/defaults/main.yml @@ -104,17 +104,10 @@ ovn_db_inactivity_probe: "60000" ovn_sb_db_inactivity_probe: "{{ ovn_db_inactivity_probe }}" ovn_nb_db_inactivity_probe: "{{ ovn_db_inactivity_probe }}" ovn_sb_db_relay_active_inactivity_probe: "{{ ovn_db_inactivity_probe | int * 2 }}" -ovn_sb_db_relay_passive_inactivity_probe: "{{ ovn_db_inactivity_probe }}" -ovn_sb_db_relay_max_backoff: "{{ ovn_db_inactivity_probe }}" - -# TODO(mnnasiadka): remove that once Debian gets OVS 3.3+ ovn_sb_db_relay_config_file_args: >- - {% if kolla_base_distro == 'debian' %} - --db-sb-relay-remote={{ ovn_sb_connection_no_relay }} - -- --remote=ptcp:{{ ovn_sb_db_relay_port_prefix ~ ovn_sb_db_relay_group_id }}:{{ api_interface_address | put_address_in_context('url') }} - {% else %} --db-sb-relay-config-file=/etc/ovn/ovsdb-relay.json - {% endif %} +ovn_sb_db_relay_passive_inactivity_probe: "{{ ovn_db_inactivity_probe }}" +ovn_sb_db_relay_max_backoff: "{{ ovn_db_inactivity_probe }}" # OVN startup commands ovn_nb_command: >- From e0bcc8973d0752e58c56cf658f0a16349f3c7eaa Mon Sep 17 00:00:00 2001 From: Michal Arbet Date: Thu, 26 Mar 2026 17:55:37 +0100 Subject: [PATCH 6/9] fluentd: drop unused infra.var.log.kolla filter The Fluentd config contains a record_transformer filter for `infra.var.log.kolla.*.*.log`, but no input source or rewrite_tag_filter produces tags matching that pattern. Kolla service logs are tagged under `kolla.*`, and infrastructure logs use `infra.*`. Since `infra.var.log.kolla.*.*.log` is never generated, the filter is effectively dead code. Remove it to keep the tag pipeline accurate and easier to follow. Change-Id: I8ec4a294c8204efeb1957730684fdede22a880a7 Signed-off-by: Michal Arbet --- .../templates/conf/filter/00-record_transformer.conf.j2 | 7 ------- 1 file changed, 7 deletions(-) diff --git a/ansible/roles/fluentd/templates/conf/filter/00-record_transformer.conf.j2 b/ansible/roles/fluentd/templates/conf/filter/00-record_transformer.conf.j2 index ffdf37c27b..508f7df1c6 100644 --- a/ansible/roles/fluentd/templates/conf/filter/00-record_transformer.conf.j2 +++ b/ansible/roles/fluentd/templates/conf/filter/00-record_transformer.conf.j2 @@ -7,13 +7,6 @@ - - @type record_transformer - - Logger ${tag_parts[4]} - - - @type record_transformer From c39525322520ffb980182d271ff7a5c3c3ad62f3 Mon Sep 17 00:00:00 2001 From: Michael Still Date: Fri, 3 Apr 2026 17:56:48 +1100 Subject: [PATCH 7/9] Simplify cron jobs for log rotate There was a lot of repetitive jinja for the cron templates for logrotate, but they were also fairly infrequently overriden from the default. Let's DRY up this code by having a default template and only overriding it when required. Co-Authored-By: Doug Szumski Change-Id: I23c3dd66e71a6729a42ea7988931a46ce20d4fc6 Signed-off-by: Michael Still --- ansible/roles/cron/templates/cron-logrotate-aodh.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-barbican.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-blazar.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-ceilometer.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-cinder.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-cloudkitty.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-collectd.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-cyborg.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-default.conf.j2 | 3 +++ .../roles/cron/templates/cron-logrotate-designate.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-etcd.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-fluentd.conf.j2 | 3 --- .../cron/templates/cron-logrotate-glance-tls-proxy.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-glance.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-global.conf.j2 | 2 +- .../roles/cron/templates/cron-logrotate-gnocchi.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-grafana.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-hacluster.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-haproxy.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-heat.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-horizon.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-ironic.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-keystone.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-kuryr.conf.j2 | 3 --- .../cron/templates/cron-logrotate-letsencrypt.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-magnum.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-manila.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-mariadb.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-masakari.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-mistral.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-nova.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-octavia.conf.j2 | 3 --- .../templates/cron-logrotate-opensearch-dashboards.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-opensearch.conf.j2 | 3 --- .../cron/templates/cron-logrotate-openvswitch.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-placement.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-prometheus.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-proxysql.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-rabbitmq.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-skyline.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-swift.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-tacker.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-trove.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-valkey.conf.j2 | 3 --- .../roles/cron/templates/cron-logrotate-watcher.conf.j2 | 3 --- ansible/roles/cron/templates/cron-logrotate-zun.conf.j2 | 3 --- .../notes/simplified-cron-templates-5d4f1730bd562da1.yaml | 7 +++++++ zuul.d/scenarios/aio.yaml | 4 ++-- 48 files changed, 13 insertions(+), 135 deletions(-) delete mode 100644 ansible/roles/cron/templates/cron-logrotate-aodh.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-barbican.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-blazar.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-ceilometer.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-cinder.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-cloudkitty.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-collectd.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-cyborg.conf.j2 create mode 100644 ansible/roles/cron/templates/cron-logrotate-default.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-designate.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-etcd.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-fluentd.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-glance-tls-proxy.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-glance.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-gnocchi.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-grafana.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-hacluster.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-haproxy.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-heat.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-horizon.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-ironic.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-keystone.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-kuryr.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-letsencrypt.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-magnum.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-manila.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-mariadb.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-masakari.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-mistral.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-nova.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-octavia.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-opensearch-dashboards.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-opensearch.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-openvswitch.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-placement.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-prometheus.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-proxysql.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-rabbitmq.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-skyline.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-swift.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-tacker.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-trove.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-valkey.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-watcher.conf.j2 delete mode 100644 ansible/roles/cron/templates/cron-logrotate-zun.conf.j2 create mode 100644 releasenotes/notes/simplified-cron-templates-5d4f1730bd562da1.yaml diff --git a/ansible/roles/cron/templates/cron-logrotate-aodh.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-aodh.conf.j2 deleted file mode 100644 index fd333f6e41..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-aodh.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/aodh/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-barbican.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-barbican.conf.j2 deleted file mode 100644 index eaa5f0f494..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-barbican.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/barbican/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-blazar.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-blazar.conf.j2 deleted file mode 100644 index 1c0c0e2ca1..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-blazar.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/blazar/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-ceilometer.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-ceilometer.conf.j2 deleted file mode 100644 index 5993500a5b..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-ceilometer.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/ceilometer/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-cinder.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-cinder.conf.j2 deleted file mode 100644 index b5e59abd26..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-cinder.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/cinder/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-cloudkitty.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-cloudkitty.conf.j2 deleted file mode 100644 index 2dada642d8..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-cloudkitty.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/cloudkitty/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-collectd.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-collectd.conf.j2 deleted file mode 100644 index 4e5878be82..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-collectd.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/collectd/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-cyborg.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-cyborg.conf.j2 deleted file mode 100644 index d4f8b90214..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-cyborg.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/cyborg/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-default.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-default.conf.j2 new file mode 100644 index 0000000000..1213e5dcbd --- /dev/null +++ b/ansible/roles/cron/templates/cron-logrotate-default.conf.j2 @@ -0,0 +1,3 @@ +"/var/log/kolla/{{ service }}/*.log" +{ +} diff --git a/ansible/roles/cron/templates/cron-logrotate-designate.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-designate.conf.j2 deleted file mode 100644 index c3c4751251..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-designate.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/designate/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-etcd.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-etcd.conf.j2 deleted file mode 100644 index 5b009c46e4..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-etcd.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/etcd/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-fluentd.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-fluentd.conf.j2 deleted file mode 100644 index 37c76a5f93..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-fluentd.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/fluentd/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-glance-tls-proxy.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-glance-tls-proxy.conf.j2 deleted file mode 100644 index 5f53099180..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-glance-tls-proxy.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/glance-tls-proxy/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-glance.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-glance.conf.j2 deleted file mode 100644 index 5b20985bd0..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-glance.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/glance/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-global.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-global.conf.j2 index b8628a88d0..1d487601e4 100644 --- a/ansible/roles/cron/templates/cron-logrotate-global.conf.j2 +++ b/ansible/roles/cron/templates/cron-logrotate-global.conf.j2 @@ -19,6 +19,6 @@ maxsize {{ cron_logrotate_log_maxsize }} su root kolla {% for service in cron_logrotate_enabled_services %} -{% include "cron-logrotate-" ~ service ~ ".conf.j2" %} +{% include ["cron-logrotate-" ~ service ~ ".conf.j2", "cron-logrotate-default.conf.j2"] %} {% endfor %} diff --git a/ansible/roles/cron/templates/cron-logrotate-gnocchi.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-gnocchi.conf.j2 deleted file mode 100644 index d6d5d6f449..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-gnocchi.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/gnocchi/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-grafana.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-grafana.conf.j2 deleted file mode 100644 index 2a3a0889a4..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-grafana.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/grafana/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-hacluster.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-hacluster.conf.j2 deleted file mode 100644 index 856193e411..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-hacluster.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/hacluster/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-haproxy.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-haproxy.conf.j2 deleted file mode 100644 index 3e89a2e751..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-haproxy.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/haproxy/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-heat.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-heat.conf.j2 deleted file mode 100644 index 7f5e89a77e..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-heat.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/heat/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-horizon.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-horizon.conf.j2 deleted file mode 100644 index f346694f48..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-horizon.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/horizon/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-ironic.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-ironic.conf.j2 deleted file mode 100644 index 796c88c3a3..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-ironic.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/ironic/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-keystone.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-keystone.conf.j2 deleted file mode 100644 index 79cf10b347..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-keystone.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/keystone/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-kuryr.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-kuryr.conf.j2 deleted file mode 100644 index 3565e1138a..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-kuryr.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/kuryr/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-letsencrypt.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-letsencrypt.conf.j2 deleted file mode 100644 index fea08e0163..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-letsencrypt.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/letsencrypt/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-magnum.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-magnum.conf.j2 deleted file mode 100644 index 4b2c2af4e6..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-magnum.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/magnum/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-manila.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-manila.conf.j2 deleted file mode 100644 index 9b9719514f..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-manila.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/manila/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-mariadb.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-mariadb.conf.j2 deleted file mode 100644 index 8543983e04..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-mariadb.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/mariadb/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-masakari.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-masakari.conf.j2 deleted file mode 100644 index 8f71f0975f..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-masakari.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/masakari/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-mistral.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-mistral.conf.j2 deleted file mode 100644 index e8e6da8e39..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-mistral.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/mistral/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-nova.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-nova.conf.j2 deleted file mode 100644 index 657a994da1..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-nova.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/nova/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-octavia.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-octavia.conf.j2 deleted file mode 100644 index f7464d7e25..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-octavia.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/octavia/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-opensearch-dashboards.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-opensearch-dashboards.conf.j2 deleted file mode 100644 index 7d77ee24ed..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-opensearch-dashboards.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/opensearch-dashboards/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-opensearch.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-opensearch.conf.j2 deleted file mode 100644 index 4f02e14a74..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-opensearch.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/opensearch/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-openvswitch.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-openvswitch.conf.j2 deleted file mode 100644 index 5abab08b2a..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-openvswitch.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/openvswitch/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-placement.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-placement.conf.j2 deleted file mode 100644 index 3df479c0d0..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-placement.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/placement/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-prometheus.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-prometheus.conf.j2 deleted file mode 100644 index fdfe807141..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-prometheus.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/prometheus/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-proxysql.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-proxysql.conf.j2 deleted file mode 100644 index 7055cce4ea..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-proxysql.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/proxysql/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-rabbitmq.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-rabbitmq.conf.j2 deleted file mode 100644 index cf2dc3f367..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-rabbitmq.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/rabbitmq/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-skyline.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-skyline.conf.j2 deleted file mode 100644 index 847870d9a6..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-skyline.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/skyline/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-swift.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-swift.conf.j2 deleted file mode 100644 index 0ad2badf1b..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-swift.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/swift/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-tacker.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-tacker.conf.j2 deleted file mode 100644 index 6815816451..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-tacker.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/tacker/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-trove.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-trove.conf.j2 deleted file mode 100644 index 7a8150c318..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-trove.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/trove/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-valkey.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-valkey.conf.j2 deleted file mode 100644 index f59111e1d4..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-valkey.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/valkey/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-watcher.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-watcher.conf.j2 deleted file mode 100644 index e7edaf909d..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-watcher.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/watcher/*.log" -{ -} diff --git a/ansible/roles/cron/templates/cron-logrotate-zun.conf.j2 b/ansible/roles/cron/templates/cron-logrotate-zun.conf.j2 deleted file mode 100644 index 57eef45c6e..0000000000 --- a/ansible/roles/cron/templates/cron-logrotate-zun.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/zun/*.log" -{ -} diff --git a/releasenotes/notes/simplified-cron-templates-5d4f1730bd562da1.yaml b/releasenotes/notes/simplified-cron-templates-5d4f1730bd562da1.yaml new file mode 100644 index 0000000000..d7e3b58f9a --- /dev/null +++ b/releasenotes/notes/simplified-cron-templates-5d4f1730bd562da1.yaml @@ -0,0 +1,7 @@ + +other: + - | + The structure of the templates for log rotate cron jobs + has been simplified to reduce repetition. If you have local + changes which add to or modify these templates you may need + to update your modifications. diff --git a/zuul.d/scenarios/aio.yaml b/zuul.d/scenarios/aio.yaml index e26b9be8ff..4a89a11a7f 100644 --- a/zuul.d/scenarios/aio.yaml +++ b/zuul.d/scenarios/aio.yaml @@ -3,10 +3,10 @@ parent: kolla-ansible-base name: kolla-ansible-aio-base files: !inherit - - ^ansible/group_vars/all/(common|fluentd|glance|haproxy|heat|horizon|keepalived|keystone|loadbalancer|neutron|nova|nova-cell|openvswitch|placement|proxysql|rabbitmq).yml + - ^ansible/group_vars/all/(common|cron|fluentd|glance|haproxy|heat|horizon|keepalived|keystone|loadbalancer|neutron|nova|nova-cell|openvswitch|placement|proxysql|rabbitmq).yml - ^ansible/group_vars/baremetal/ansible-python-interpreter.yml - ^ansible/(action_plugins|filter_plugins|library|module_utils)/ - - ^ansible/roles/(common|fluentd|glance|haproxy-config|heat|horizon|keystone|loadbalancer|loadbalancer-config|neutron|nova|nova-cell|openvswitch|placement|proxysql|rabbitmq|service.*)/ + - ^ansible/roles/(common|cron|fluentd|glance|haproxy-config|heat|horizon|keystone|loadbalancer|loadbalancer-config|neutron|nova|nova-cell|openvswitch|placement|proxysql|rabbitmq|service.*)/ - ^kolla_ansible/ - ^roles/kolla-ansible-(deploy|tempest|test-dashboard|reconfigure)/ - ^tests/testinfra/test_horizon.py From 894fcd5aa62b4c9c50a177194f7e2434a95b633d Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 7 Oct 2025 18:06:25 +0200 Subject: [PATCH 8/9] kolla-logs: break out from common role In the process of renaming common role to kolla-toolbox - the only non-toolbox tasks are creation of kolla_logs volume and establishing a link in /var/log/kolla Change-Id: I12a0c0276ca4c915afc98363ab329331dc79f6bc Signed-off-by: Michal Nasiadka --- ansible/inventory/all-in-one | 4 ++-- ansible/inventory/multinode | 10 +++++++--- ansible/roles/common/tasks/bootstrap.yml | 15 --------------- ansible/roles/logs/tasks/main.yml | 17 +++++++++++++++++ ansible/site.yml | 15 ++++++++++++++- .../kolla-logs-rename-13892296d83a41f5.yaml | 5 +++++ tests/templates/inventory.j2 | 10 ++++++++++ 7 files changed, 55 insertions(+), 21 deletions(-) create mode 100644 ansible/roles/logs/tasks/main.yml create mode 100644 releasenotes/notes/kolla-logs-rename-13892296d83a41f5.yaml diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index ce3b26f16f..40b2081ef4 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -175,10 +175,10 @@ common [fluentd:children] common -[kolla-logs:children] +[kolla-toolbox:children] common -[kolla-toolbox:children] +[kolla_logs:children] common [opensearch:children] diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 40db78c1ec..8cfceb8909 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -193,12 +193,16 @@ common [fluentd:children] common -[kolla-logs:children] -common - [kolla-toolbox:children] common +[kolla_logs:children] +control +network +compute +storage +monitoring + [opensearch:children] control diff --git a/ansible/roles/common/tasks/bootstrap.yml b/ansible/roles/common/tasks/bootstrap.yml index 8224ced75f..ed97d539c0 100644 --- a/ansible/roles/common/tasks/bootstrap.yml +++ b/ansible/roles/common/tasks/bootstrap.yml @@ -1,16 +1 @@ --- -- name: Creating log volume - become: true - kolla_container: - action: "create_volume" - common_options: "{{ docker_common_options }}" - name: "kolla_logs" - when: inventory_hostname in groups['kolla-logs'] - -- name: Link kolla_logs volume to /var/log/kolla - become: true - ansible.builtin.file: - src: "{{ container_engine_volumes_path }}/kolla_logs/_data" - path: /var/log/kolla - state: link - when: inventory_hostname in groups['kolla-logs'] diff --git a/ansible/roles/logs/tasks/main.yml b/ansible/roles/logs/tasks/main.yml new file mode 100644 index 0000000000..3ebc0fc44c --- /dev/null +++ b/ansible/roles/logs/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: Ensure /var/log/kolla exists + when: kolla_action in ['deploy', 'reconfigure'] + block: + - name: Ensure log volume exists + become: true + kolla_container: + action: "create_volume" + common_options: "{{ docker_common_options }}" + name: "kolla_logs" + + - name: Ensure kolla_logs volume link to /var/log/kolla exists + become: true + ansible.builtin.file: + src: "{{ container_engine_volumes_path }}/kolla_logs/_data" + path: /var/log/kolla + state: link diff --git a/ansible/site.yml b/ansible/site.yml index f37939f37d..d9318ac1c7 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -83,10 +83,23 @@ roles: - role: prechecks +- name: Apply role logs + gather_facts: false + hosts: kolla_logs + serial: '{{ kolla_serial|default("0") }}' + max_fail_percentage: >- + {{ logs_max_fail_percentage | + default(kolla_max_fail_percentage) | + default(100) }} + tags: + - common + - logs + roles: + - logs + - name: Apply role common gather_facts: false hosts: - - kolla-logs - kolla-toolbox serial: '{{ kolla_serial|default("0") }}' max_fail_percentage: >- diff --git a/releasenotes/notes/kolla-logs-rename-13892296d83a41f5.yaml b/releasenotes/notes/kolla-logs-rename-13892296d83a41f5.yaml new file mode 100644 index 0000000000..52b70fcbcc --- /dev/null +++ b/releasenotes/notes/kolla-logs-rename-13892296d83a41f5.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + ``kolla_logs`` role has been split from ``common`` role, please update + your inventory accordingly to include ``kolla_logs`` group. diff --git a/tests/templates/inventory.j2 b/tests/templates/inventory.j2 index 0751557a3f..a714860c38 100644 --- a/tests/templates/inventory.j2 +++ b/tests/templates/inventory.j2 @@ -251,12 +251,22 @@ common [fluentd:children] common +{# TODO(mnasiadka) Remove in 2027.2 (after next SLURP) #} +{% if is_upgrade | bool %} [kolla-logs:children] common +{% endif %} [kolla-toolbox:children] common +[kolla_logs:children] +control +network +compute +storage +monitoring + [opensearch:children] control From fa19b11fbb9c6ba3b9824e54e4b10668bccb0bc1 Mon Sep 17 00:00:00 2001 From: Piotr Milewski Date: Wed, 21 Jan 2026 17:05:35 +0100 Subject: [PATCH 9/9] Standardize API health check endpoints Configure dedicated health check endpoints for Load Balancers Standardize health check paths in OpenStack and Grafana Ansible defaults to improve Load Balancer (HAProxy) reliability. The 'httpchk' configuration for the modified roles now uses dedicated health check endpoints (e.g., /healthcheck or /api/health) and enforces an HTTP 200 OK expectation. This ensures faster and more robust failure detection. Additionally, by moving health checks away from generic endpoints (such as OPTIONS /), application logs are now much cleaner. The log files will no longer be flooded every second with HAProxy probe entries like: "OPTIONS / HTTP/1.0" 200 94 0.000954 NOTE: The following services are exceptions to this standardization and still use the root endpoint (`/`) for health checks due to the lack of a dedicated health check middleware in their default API paste configuration: **cyborg_api**, **masakari**, **mistral_api**, **nova_api**, **octavia_api**, **placement**, **tacker**, **venus**, and **watcher**. Updated roles: * aodh * barbican * cinder * cloudkitty * cyborg * designate * etcd * glance * gnocchi * grafana * heat * horizon * influxdb * ironic * keystone * loadbalancer * magnum * manila * masakari * mistral * neutron * nova * nova-cell * octavia * opensearch * placement * rabbitmq * skyline * tacker * trove * venus * watcher * zun Change-Id: Ibbb9fda45a98565ab12e784bbef80be787bd6638 Signed-off-by: Piotr Milewski --- ansible/roles/aodh/defaults/main.yml | 12 ++++++--- ansible/roles/barbican/defaults/main.yml | 8 +++--- ansible/roles/cinder/defaults/main.yml | 8 +++--- ansible/roles/cloudkitty/defaults/main.yml | 12 ++++++--- ansible/roles/cyborg/defaults/main.yml | 6 +++++ ansible/roles/designate/defaults/main.yml | 8 +++--- ansible/roles/etcd/defaults/main.yml | 17 +++++++++++++ .../roles/etcd/tasks/bootstrap_cluster.yml | 1 + .../roles/etcd/tasks/bootstrap_services.yml | 1 + ansible/roles/etcd/tasks/restart_services.yml | 1 + ansible/roles/glance/defaults/main.yml | 25 ++++++++++++++++--- ansible/roles/gnocchi/defaults/main.yml | 12 ++++++--- ansible/roles/grafana/defaults/main.yml | 24 ++++++++++++++++-- ansible/roles/grafana/handlers/main.yml | 4 ++- ansible/roles/heat/defaults/main.yml | 16 +++++++----- ansible/roles/keystone/defaults/main.yml | 8 +++--- ansible/roles/magnum/defaults/main.yml | 8 +++--- ansible/roles/manila/defaults/main.yml | 12 ++++++--- ansible/roles/masakari/defaults/main.yml | 24 ++++++++++++++++-- ansible/roles/mistral/defaults/main.yml | 6 +++-- ansible/roles/neutron/defaults/main.yml | 8 +++--- ansible/roles/nova/defaults/main.yml | 12 ++++++--- ansible/roles/octavia/defaults/main.yml | 6 +++++ ansible/roles/placement/defaults/main.yml | 2 ++ ansible/roles/rabbitmq/defaults/main.yml | 3 ++- ansible/roles/tacker/defaults/main.yml | 6 +++++ ansible/roles/trove/defaults/main.yml | 8 +++--- ansible/roles/watcher/defaults/main.yml | 2 ++ ansible/roles/zun/defaults/main.yml | 8 +++--- .../add-healthcheck-a7b535c31bb72cfe.yaml | 14 +++++++++++ 30 files changed, 225 insertions(+), 57 deletions(-) create mode 100644 releasenotes/notes/add-healthcheck-a7b535c31bb72cfe.yaml diff --git a/ansible/roles/aodh/defaults/main.yml b/ansible/roles/aodh/defaults/main.yml index 76d9360dd0..0c6df039ca 100644 --- a/ansible/roles/aodh/defaults/main.yml +++ b/ansible/roles/aodh/defaults/main.yml @@ -17,7 +17,8 @@ aodh_services: port: "{{ aodh_api_port }}" listen_port: "{{ aodh_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" aodh_api_external: enabled: "{{ enable_aodh }}" mode: "http" @@ -26,7 +27,8 @@ aodh_services: port: "{{ aodh_api_public_port }}" listen_port: "{{ aodh_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" aodh-evaluator: container_name: aodh_evaluator group: aodh-evaluator @@ -131,7 +133,11 @@ aodh_api_enable_healthchecks: "{{ enable_container_healthchecks }}" aodh_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}" aodh_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}" aodh_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -aodh_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ aodh_api_listen_port }}"] +aodh_api_healthcheck_test: + - "CMD-SHELL" + - >- + healthcheck_curl http://{{ + api_interface_address | put_address_in_context('url') }}:{{ aodh_api_listen_port }}/healthcheck aodh_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" aodh_api_healthcheck: interval: "{{ aodh_api_healthcheck_interval }}" diff --git a/ansible/roles/barbican/defaults/main.yml b/ansible/roles/barbican/defaults/main.yml index 86d12e558c..2110805792 100644 --- a/ansible/roles/barbican/defaults/main.yml +++ b/ansible/roles/barbican/defaults/main.yml @@ -18,7 +18,8 @@ barbican_services: listen_port: "{{ barbican_api_listen_port }}" tls_backend: "{{ barbican_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" barbican_api_external: enabled: "{{ enable_barbican }}" mode: "http" @@ -28,7 +29,8 @@ barbican_services: listen_port: "{{ barbican_api_listen_port }}" tls_backend: "{{ barbican_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" barbican-keystone-listener: container_name: barbican_keystone_listener group: barbican-keystone-listener @@ -107,7 +109,7 @@ barbican_api_healthcheck_test: - >- healthcheck_curl {{ 'https' if barbican_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ barbican_api_listen_port }} + api_interface_address | put_address_in_context('url') }}:{{ barbican_api_listen_port }}/healthcheck" barbican_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" barbican_api_healthcheck: interval: "{{ barbican_api_healthcheck_interval }}" diff --git a/ansible/roles/cinder/defaults/main.yml b/ansible/roles/cinder/defaults/main.yml index e2a2d2dd6a..4258d863e2 100644 --- a/ansible/roles/cinder/defaults/main.yml +++ b/ansible/roles/cinder/defaults/main.yml @@ -18,7 +18,8 @@ cinder_services: listen_port: "{{ cinder_api_listen_port }}" tls_backend: "{{ cinder_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" cinder_api_external: enabled: "{{ enable_cinder }}" mode: "http" @@ -28,7 +29,8 @@ cinder_services: listen_port: "{{ cinder_api_listen_port }}" tls_backend: "{{ cinder_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" cinder-scheduler: container_name: cinder_scheduler group: cinder-scheduler @@ -125,7 +127,7 @@ cinder_api_healthcheck_test: - >- healthcheck_curl {{ 'https' if cinder_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ cinder_api_listen_port }} + api_interface_address | put_address_in_context('url') }}:{{ cinder_api_listen_port }}/healthcheck cinder_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" cinder_api_healthcheck: interval: "{{ cinder_api_healthcheck_interval }}" diff --git a/ansible/roles/cloudkitty/defaults/main.yml b/ansible/roles/cloudkitty/defaults/main.yml index c5c093571f..b1840642ec 100644 --- a/ansible/roles/cloudkitty/defaults/main.yml +++ b/ansible/roles/cloudkitty/defaults/main.yml @@ -17,7 +17,8 @@ cloudkitty_services: port: "{{ cloudkitty_api_port }}" listen_port: "{{ cloudkitty_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" cloudkitty_api_external: enabled: "{{ enable_cloudkitty }}" mode: "http" @@ -26,7 +27,8 @@ cloudkitty_services: port: "{{ cloudkitty_api_public_port }}" listen_port: "{{ cloudkitty_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" cloudkitty-processor: container_name: "cloudkitty_processor" group: "cloudkitty-processor" @@ -100,7 +102,11 @@ cloudkitty_api_enable_healthchecks: "{{ enable_container_healthchecks }}" cloudkitty_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}" cloudkitty_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}" cloudkitty_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -cloudkitty_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ cloudkitty_api_port }}"] +cloudkitty_api_healthcheck_test: + - "CMD-SHELL" + - >- + healthcheck_curl http://{{ + api_interface_address | put_address_in_context('url') }}:{{ cloudkitty_api_port }}/healthcheck cloudkitty_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" cloudkitty_api_healthcheck: interval: "{{ cloudkitty_api_healthcheck_interval }}" diff --git a/ansible/roles/cyborg/defaults/main.yml b/ansible/roles/cyborg/defaults/main.yml index 75e790eaa8..7aa233a007 100644 --- a/ansible/roles/cyborg/defaults/main.yml +++ b/ansible/roles/cyborg/defaults/main.yml @@ -16,6 +16,9 @@ cyborg_services: external: false port: "{{ cyborg_api_port }}" listen_port: "{{ cyborg_api_listen_port }}" + backend_http_extra: + - "option httpchk GET /" + - "http-check expect status 200" cyborg_api_external: enabled: "{{ enable_cyborg }}" mode: "http" @@ -23,6 +26,9 @@ cyborg_services: external_fqdn: "{{ cyborg_external_fqdn }}" port: "{{ cyborg_api_public_port }}" listen_port: "{{ cyborg_api_listen_port }}" + backend_http_extra: + - "option httpchk GET /" + - "http-check expect status 200" cyborg-agent: container_name: cyborg_agent group: cyborg-agent diff --git a/ansible/roles/designate/defaults/main.yml b/ansible/roles/designate/defaults/main.yml index cb94c39a6f..f9e5bc7e5e 100644 --- a/ansible/roles/designate/defaults/main.yml +++ b/ansible/roles/designate/defaults/main.yml @@ -17,7 +17,8 @@ designate_services: port: "{{ designate_api_port }}" listen_port: "{{ designate_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" tls_backend: "{{ designate_enable_tls_backend | bool }}" designate_api_external: enabled: "{{ enable_designate }}" @@ -27,7 +28,8 @@ designate_services: port: "{{ designate_api_public_port }}" listen_port: "{{ designate_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" tls_backend: "{{ designate_enable_tls_backend | bool }}" designate-backend-bind9: container_name: designate_backend_bind9 @@ -159,7 +161,7 @@ designate_api_healthcheck_test: - >- healthcheck_curl {{ 'https' if designate_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ designate_api_listen_port }} + api_interface_address | put_address_in_context('url') }}:{{ designate_api_listen_port }}/healthcheck designate_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" designate_api_healthcheck: interval: "{{ designate_api_healthcheck_interval }}" diff --git a/ansible/roles/etcd/defaults/main.yml b/ansible/roles/etcd/defaults/main.yml index 443031eccc..563eff9dc2 100644 --- a/ansible/roles/etcd/defaults/main.yml +++ b/ansible/roles/etcd/defaults/main.yml @@ -8,12 +8,16 @@ etcd_services: image: "{{ etcd_image_full }}" volumes: "{{ etcd_default_volumes + etcd_extra_volumes }}" dimensions: "{{ etcd_dimensions }}" + healthcheck: "{{ etcd_healthcheck }}" haproxy: etcd: enabled: true mode: "http" external: false port: "{{ etcd_client_port }}" + backend_http_extra: + - "option httpchk GET /health" + - "http-check expect status 200" tls_backend: "{{ etcd_enable_tls | bool }}" #################### @@ -84,6 +88,19 @@ etcd_tag: "{{ openstack_tag }}" etcd_image_full: "{{ etcd_image }}:{{ etcd_tag }}" etcd_dimensions: "{{ default_container_dimensions }}" +etcd_enable_healthchecks: "{{ enable_container_healthchecks }}" +etcd_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +etcd_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +etcd_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +etcd_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}/health"] +etcd_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +etcd_healthcheck: + interval: "{{ etcd_healthcheck_interval }}" + retries: "{{ etcd_healthcheck_retries }}" + start_period: "{{ etcd_healthcheck_start_period }}" + test: "{% if etcd_enable_healthchecks | bool %}{{ etcd_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ etcd_healthcheck_timeout }}" + etcd_default_volumes: - "{{ node_config_directory }}/etcd/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" diff --git a/ansible/roles/etcd/tasks/bootstrap_cluster.yml b/ansible/roles/etcd/tasks/bootstrap_cluster.yml index e62ebfc0da..f8b731dea9 100644 --- a/ansible/roles/etcd/tasks/bootstrap_cluster.yml +++ b/ansible/roles/etcd/tasks/bootstrap_cluster.yml @@ -12,6 +12,7 @@ name: "{{ service.container_name }}" volumes: "{{ service.volumes }}" dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" - name: Wait for etcd service port liveness ansible.builtin.wait_for: diff --git a/ansible/roles/etcd/tasks/bootstrap_services.yml b/ansible/roles/etcd/tasks/bootstrap_services.yml index b2bb463286..d9aa18abcf 100644 --- a/ansible/roles/etcd/tasks/bootstrap_services.yml +++ b/ansible/roles/etcd/tasks/bootstrap_services.yml @@ -24,6 +24,7 @@ name: "{{ service.container_name }}" volumes: "{{ service.volumes }}" dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" - name: Wait for etcd service port liveness ansible.builtin.wait_for: diff --git a/ansible/roles/etcd/tasks/restart_services.yml b/ansible/roles/etcd/tasks/restart_services.yml index 3f6991dcf0..192bad8d47 100644 --- a/ansible/roles/etcd/tasks/restart_services.yml +++ b/ansible/roles/etcd/tasks/restart_services.yml @@ -12,6 +12,7 @@ volumes: "{{ service.volumes }}" dimensions: "{{ service.dimensions }}" environment: "{{ service.environment }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" - name: Wait for etcd service port liveness ansible.builtin.wait_for: diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml index b24235c434..b8ab385143 100644 --- a/ansible/roles/glance/defaults/main.yml +++ b/ansible/roles/glance/defaults/main.yml @@ -22,7 +22,8 @@ glance_services: - "timeout client {{ haproxy_glance_api_client_timeout }}" backend_http_extra: - "timeout server {{ haproxy_glance_api_server_timeout }}" - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" custom_member_list: "{{ haproxy_members.split(';') }}" tls_backend: "{{ glance_enable_tls_backend | bool }}" glance_api_external: @@ -35,7 +36,8 @@ glance_services: - "timeout client {{ haproxy_glance_api_client_timeout }}" backend_http_extra: - "timeout server {{ haproxy_glance_api_server_timeout }}" - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" custom_member_list: "{{ haproxy_members.split(';') }}" tls_backend: "{{ glance_enable_tls_backend | bool }}" @@ -146,7 +148,7 @@ glance_api_healthcheck_test: - "CMD-SHELL" - >- healthcheck_curl {{ 'https' if glance_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ glance_api_listen_port }} + api_interface_address | put_address_in_context('url') }}:{{ glance_api_listen_port }}/healthcheck glance_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" glance_api_healthcheck: interval: "{{ glance_api_healthcheck_interval }}" @@ -155,6 +157,23 @@ glance_api_healthcheck: test: "{% if glance_api_enable_healthchecks | bool %}{{ glance_api_healthcheck_test }}{% else %}NONE{% endif %}" timeout: "{{ glance_api_healthcheck_timeout }}" +glance_tls_proxy_enable_healthchecks: "{{ enable_container_healthchecks }}" +glance_tls_proxy_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +glance_tls_proxy_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +glance_tls_proxy_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +glance_tls_proxy_healthcheck_test: + - "CMD-SHELL" + - >- + healthcheck_curl -u {{ haproxy_user }}:{{ haproxy_password }} {{ + api_interface_address | put_address_in_context('url') }}:{{ glance_tls_proxy_stats_port }}/healthcheck +glance_tls_proxy_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +glance_tls_proxy_healthcheck: + interval: "{{ glance_tls_proxy_healthcheck_interval }}" + retries: "{{ glance_tls_proxy_healthcheck_retries }}" + start_period: "{{ glance_tls_proxy_healthcheck_start_period }}" + test: "{% if glance_tls_proxy_enable_healthchecks | bool %}{{ glance_tls_proxy_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ glance_tls_proxy_healthcheck_timeout }}" + glance_api_default_volumes: - "{{ node_config_directory }}/glance-api/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" diff --git a/ansible/roles/gnocchi/defaults/main.yml b/ansible/roles/gnocchi/defaults/main.yml index 32ba19ca40..401f143267 100644 --- a/ansible/roles/gnocchi/defaults/main.yml +++ b/ansible/roles/gnocchi/defaults/main.yml @@ -17,7 +17,8 @@ gnocchi_services: port: "{{ gnocchi_api_port }}" listen_port: "{{ gnocchi_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" gnocchi_api_external: enabled: "{{ enable_gnocchi }}" mode: "http" @@ -26,7 +27,8 @@ gnocchi_services: port: "{{ gnocchi_api_public_port }}" listen_port: "{{ gnocchi_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" gnocchi-metricd: container_name: gnocchi_metricd group: gnocchi-metricd @@ -100,7 +102,11 @@ gnocchi_api_enable_healthchecks: "{{ enable_container_healthchecks }}" gnocchi_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}" gnocchi_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}" gnocchi_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -gnocchi_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ gnocchi_api_listen_port }}"] +gnocchi_api_healthcheck_test: + - "CMD-SHELL" + - >- + healthcheck_curl http://{{ + api_interface_address | put_address_in_context('url') }}:{{ gnocchi_api_listen_port }}/healthcheck gnocchi_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" gnocchi_api_healthcheck: interval: "{{ gnocchi_api_healthcheck_interval }}" diff --git a/ansible/roles/grafana/defaults/main.yml b/ansible/roles/grafana/defaults/main.yml index 0b34175b85..e7aac005a6 100644 --- a/ansible/roles/grafana/defaults/main.yml +++ b/ansible/roles/grafana/defaults/main.yml @@ -7,6 +7,7 @@ grafana_services: image: "{{ grafana_image_full }}" volumes: "{{ grafana_default_volumes + grafana_extra_volumes }}" dimensions: "{{ grafana_dimensions }}" + healthcheck: "{{ grafana_healthcheck }}" haproxy: grafana_server: enabled: "{{ enable_grafana }}" @@ -15,7 +16,8 @@ grafana_services: port: "{{ grafana_server_port }}" listen_port: "{{ grafana_server_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /api/health" + - "http-check expect status 200" grafana_server_external: enabled: "{{ enable_grafana_external | bool }}" mode: "http" @@ -24,7 +26,8 @@ grafana_services: port: "{{ grafana_server_public_port }}" listen_port: "{{ grafana_server_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /api/health" + - "http-check expect status 200" #################### # Database @@ -90,6 +93,23 @@ grafana_tag: "{{ openstack_tag }}" grafana_image_full: "{{ grafana_image }}:{{ grafana_tag }}" grafana_admin_username: "admin" +grafana_enable_healthchecks: "{{ enable_container_healthchecks }}" +grafana_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +grafana_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +grafana_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +grafana_healthcheck_test: + - "CMD-SHELL" + - >- + healthcheck_curl http://{{ + api_interface_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/health +grafana_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +grafana_healthcheck: + interval: "{{ grafana_healthcheck_interval }}" + retries: "{{ grafana_healthcheck_retries }}" + start_period: "{{ grafana_healthcheck_start_period }}" + test: "{% if grafana_enable_healthchecks | bool %}{{ grafana_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ grafana_healthcheck_timeout }}" + grafana_dimensions: "{{ default_container_dimensions }}" grafana_default_volumes: - "{{ node_config_directory }}/grafana/:{{ container_config_directory }}/:ro" diff --git a/ansible/roles/grafana/handlers/main.yml b/ansible/roles/grafana/handlers/main.yml index 7096d367d5..7e66df2da1 100644 --- a/ansible/roles/grafana/handlers/main.yml +++ b/ansible/roles/grafana/handlers/main.yml @@ -12,6 +12,7 @@ image: "{{ service.image }}" volumes: "{{ service.volumes }}" dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" when: - inventory_hostname == groups[service.group] | first @@ -25,7 +26,7 @@ container_engine: "{{ kolla_container_engine }}" module_name: uri module_args: - url: "http://{{ api_interface_address | put_address_in_context('url') }}:{{ grafana_server_port }}/login" + url: "http://{{ api_interface_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/health" status_code: 200 register: result until: result.get('status') == 200 @@ -47,5 +48,6 @@ image: "{{ service.image }}" volumes: "{{ service.volumes }}" dimensions: "{{ service.dimensions }}" + healthcheck: "{{ service.healthcheck | default(omit) }}" when: - inventory_hostname != groups[service.group] | first diff --git a/ansible/roles/heat/defaults/main.yml b/ansible/roles/heat/defaults/main.yml index f13263d230..ec82d57c0b 100644 --- a/ansible/roles/heat/defaults/main.yml +++ b/ansible/roles/heat/defaults/main.yml @@ -18,7 +18,8 @@ heat_services: listen_port: "{{ heat_api_listen_port }}" tls_backend: "{{ heat_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" heat_api_external: enabled: "{{ enable_heat }}" mode: "http" @@ -28,7 +29,8 @@ heat_services: listen_port: "{{ heat_api_listen_port }}" tls_backend: "{{ heat_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" heat-api-cfn: container_name: heat_api_cfn group: heat-api-cfn @@ -47,7 +49,8 @@ heat_services: listen_port: "{{ heat_api_cfn_listen_port }}" tls_backend: "{{ heat_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" heat_api_cfn_external: enabled: "{{ enable_heat }}" mode: "http" @@ -57,7 +60,8 @@ heat_services: listen_port: "{{ heat_api_cfn_listen_port }}" tls_backend: "{{ heat_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" heat-engine: container_name: heat_engine group: heat-engine @@ -127,7 +131,7 @@ heat_api_healthcheck_test: - "CMD-SHELL" - >- healthcheck_curl {{ 'https' if heat_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ heat_api_listen_port }} + api_interface_address | put_address_in_context('url') }}:{{ heat_api_listen_port }}/healthcheck heat_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" heat_api_healthcheck: interval: "{{ heat_api_healthcheck_interval }}" @@ -144,7 +148,7 @@ heat_api_cfn_healthcheck_test: - "CMD-SHELL" - >- healthcheck_curl {{ 'https' if heat_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ heat_api_cfn_listen_port }} + api_interface_address | put_address_in_context('url') }}:{{ heat_api_cfn_listen_port }}/healthcheck heat_api_cfn_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" heat_api_cfn_healthcheck: interval: "{{ heat_api_cfn_healthcheck_interval }}" diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml index f6a29d44b2..3727fdd3f7 100644 --- a/ansible/roles/keystone/defaults/main.yml +++ b/ansible/roles/keystone/defaults/main.yml @@ -19,7 +19,8 @@ keystone_services: listen_port: "{{ keystone_internal_listen_port }}" backend_http_extra: - "balance {{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}" - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" keystone_external: enabled: "{{ enable_keystone }}" mode: "http" @@ -30,7 +31,8 @@ keystone_services: listen_port: "{{ keystone_public_listen_port }}" backend_http_extra: - "balance {{ 'source' if enable_keystone_federation | bool else 'roundrobin' }}" - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" keystone-fernet: container_name: "keystone_fernet" group: "keystone" @@ -136,7 +138,7 @@ keystone_healthcheck_test: - "CMD-SHELL" - >- healthcheck_curl {{ 'https' if keystone_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ keystone_public_listen_port }} + api_interface_address | put_address_in_context('url') }}:{{ keystone_public_listen_port }}/healthcheck keystone_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" keystone_healthcheck: interval: "{{ keystone_healthcheck_interval }}" diff --git a/ansible/roles/magnum/defaults/main.yml b/ansible/roles/magnum/defaults/main.yml index 0118ee657d..0e848a7297 100644 --- a/ansible/roles/magnum/defaults/main.yml +++ b/ansible/roles/magnum/defaults/main.yml @@ -19,7 +19,8 @@ magnum_services: port: "{{ magnum_api_port }}" listen_port: "{{ magnum_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" tls_backend: "{{ magnum_enable_tls_backend | bool }}" magnum_api_external: enabled: "{{ enable_magnum }}" @@ -29,7 +30,8 @@ magnum_services: port: "{{ magnum_api_public_port }}" listen_port: "{{ magnum_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" tls_backend: "{{ magnum_enable_tls_backend | bool }}" magnum-conductor: container_name: magnum_conductor @@ -105,7 +107,7 @@ magnum_api_healthcheck_test: - "CMD-SHELL" - >- healthcheck_curl {{ 'https' if magnum_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ magnum_api_listen_port }} + api_interface_address | put_address_in_context('url') }}:{{ magnum_api_listen_port }}/healthcheck magnum_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" magnum_api_healthcheck: interval: "{{ magnum_api_healthcheck_interval }}" diff --git a/ansible/roles/manila/defaults/main.yml b/ansible/roles/manila/defaults/main.yml index 8b7442ba5d..3ddaa7d84a 100644 --- a/ansible/roles/manila/defaults/main.yml +++ b/ansible/roles/manila/defaults/main.yml @@ -17,7 +17,8 @@ manila_services: port: "{{ manila_api_port }}" listen_port: "{{ manila_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" manila_api_external: enabled: "{{ enable_manila }}" mode: "http" @@ -26,7 +27,8 @@ manila_services: port: "{{ manila_api_public_port }}" listen_port: "{{ manila_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" manila-scheduler: container_name: "manila_scheduler" group: "manila-scheduler" @@ -115,7 +117,11 @@ manila_api_enable_healthchecks: "{{ enable_container_healthchecks }}" manila_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}" manila_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}" manila_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -manila_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ manila_api_port }}"] +manila_api_healthcheck_test: + - "CMD-SHELL" + - >- + healthcheck_curl http://{{ + api_interface_address | put_address_in_context('url') }}:{{ manila_api_port }}/healthcheck manila_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" manila_api_healthcheck: interval: "{{ manila_api_healthcheck_interval }}" diff --git a/ansible/roles/masakari/defaults/main.yml b/ansible/roles/masakari/defaults/main.yml index 396726964f..12910a5b92 100644 --- a/ansible/roles/masakari/defaults/main.yml +++ b/ansible/roles/masakari/defaults/main.yml @@ -7,6 +7,7 @@ masakari_services: image: "{{ masakari_api_image_full }}" volumes: "{{ masakari_api_default_volumes + masakari_api_extra_volumes }}" dimensions: "{{ masakari_api_dimensions }}" + healthcheck: "{{ masakari_api_healthcheck }}" wsgi: "masakari.wsgi.api:application" haproxy: masakari_api: @@ -16,7 +17,8 @@ masakari_services: port: "{{ masakari_api_port }}" listen_port: "{{ masakari_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /" + - "http-check expect status 200" masakari_api_external: enabled: "{{ enable_masakari }}" mode: "http" @@ -25,7 +27,8 @@ masakari_services: port: "{{ masakari_api_public_port }}" listen_port: "{{ masakari_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /" + - "http-check expect status 200" masakari-engine: container_name: masakari_engine group: masakari-engine @@ -105,6 +108,23 @@ masakari_engine_dimensions: "{{ default_container_dimensions }}" masakari_instancemonitor_dimensions: "{{ masakari_monitors_dimensions | default(default_container_dimensions) }}" masakari_hostmonitor_dimensions: "{{ default_container_dimensions }}" +masakari_api_enable_healthchecks: "{{ enable_container_healthchecks }}" +masakari_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}" +masakari_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}" +masakari_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" +masakari_api_healthcheck_test: + - "CMD-SHELL" + - >- + healthcheck_curl http://{{ + api_interface_address | put_address_in_context('url') }}:{{ masakari_api_port }}/healthcheck +masakari_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" +masakari_api_healthcheck: + interval: "{{ masakari_api_healthcheck_interval }}" + retries: "{{ masakari_api_healthcheck_retries }}" + start_period: "{{ masakari_api_healthcheck_start_period }}" + test: "{% if masakari_api_enable_healthchecks | bool %}{{ masakari_api_healthcheck_test }}{% else %}NONE{% endif %}" + timeout: "{{ masakari_api_healthcheck_timeout }}" + masakari_extra_volumes: "{{ default_extra_volumes }}" masakari_api_extra_volumes: "{{ masakari_extra_volumes }}" masakari_engine_extra_volumes: "{{ masakari_extra_volumes }}" diff --git a/ansible/roles/mistral/defaults/main.yml b/ansible/roles/mistral/defaults/main.yml index 0bb5755900..1563421185 100644 --- a/ansible/roles/mistral/defaults/main.yml +++ b/ansible/roles/mistral/defaults/main.yml @@ -17,7 +17,8 @@ mistral_services: port: "{{ mistral_api_port }}" listen_port: "{{ mistral_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /" + - "http-check expect status 200" mistral_api_external: enabled: "{{ enable_mistral }}" mode: "http" @@ -26,7 +27,8 @@ mistral_services: port: "{{ mistral_api_public_port }}" listen_port: "{{ mistral_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /" + - "http-check expect status 200" mistral-engine: container_name: mistral_engine group: mistral-engine diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 8e3e53c625..0518e3d8d3 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -18,7 +18,8 @@ neutron_services: port: "{{ neutron_server_port }}" listen_port: "{{ neutron_server_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" tls_backend: "{{ neutron_enable_tls_backend | bool }}" neutron_server_external: enabled: true @@ -28,7 +29,8 @@ neutron_services: port: "{{ neutron_server_public_port }}" listen_port: "{{ neutron_server_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" tls_backend: "{{ neutron_enable_tls_backend | bool }}" neutron-rpc-server: container_name: "neutron_rpc_server" @@ -443,7 +445,7 @@ neutron_server_healthcheck_test: - "CMD-SHELL" - >- healthcheck_curl {{ 'https' if neutron_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ neutron_server_listen_port }} + api_interface_address | put_address_in_context('url') }}:{{ neutron_server_listen_port }}/healthcheck neutron_server_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" neutron_server_healthcheck: interval: "{{ neutron_server_healthcheck_interval }}" diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index 2fe3b3e526..faf44558a3 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -19,7 +19,8 @@ nova_services: listen_port: "{{ nova_api_listen_port }}" tls_backend: "{{ nova_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /" + - "http-check expect status 200" nova_api_external: enabled: "{{ enable_nova }}" mode: "http" @@ -29,7 +30,8 @@ nova_services: listen_port: "{{ nova_api_listen_port }}" tls_backend: "{{ nova_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /" + - "http-check expect status 200" nova-metadata: container_name: "nova_metadata" group: "nova-metadata" @@ -48,7 +50,8 @@ nova_services: listen_port: "{{ nova_metadata_listen_port }}" tls_backend: "{{ nova_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /" + - "http-check expect status 200" nova_metadata_external: enabled: "{{ nova_enable_external_metadata }}" mode: "http" @@ -58,7 +61,8 @@ nova_services: listen_port: "{{ nova_metadata_listen_port }}" tls_backend: "{{ nova_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /" + - "http-check expect status 200" nova-scheduler: container_name: "nova_scheduler" group: "nova-scheduler" diff --git a/ansible/roles/octavia/defaults/main.yml b/ansible/roles/octavia/defaults/main.yml index 37cd2b077c..a75ee1770a 100644 --- a/ansible/roles/octavia/defaults/main.yml +++ b/ansible/roles/octavia/defaults/main.yml @@ -17,6 +17,9 @@ octavia_services: port: "{{ octavia_api_port }}" listen_port: "{{ octavia_api_listen_port }}" tls_backend: "{{ octavia_enable_tls_backend }}" + backend_http_extra: + - "option httpchk GET /" + - "http-check expect status 200" octavia_api_external: enabled: "{{ enable_octavia }}" mode: "http" @@ -25,6 +28,9 @@ octavia_services: port: "{{ octavia_api_public_port }}" listen_port: "{{ octavia_api_listen_port }}" tls_backend: "{{ octavia_enable_tls_backend }}" + backend_http_extra: + - "option httpchk GET /" + - "http-check expect status 200" octavia-driver-agent: container_name: octavia_driver_agent group: octavia-driver-agent diff --git a/ansible/roles/placement/defaults/main.yml b/ansible/roles/placement/defaults/main.yml index 85a734c182..f70c496b9a 100644 --- a/ansible/roles/placement/defaults/main.yml +++ b/ansible/roles/placement/defaults/main.yml @@ -19,6 +19,7 @@ placement_services: tls_backend: "{{ placement_enable_tls_backend }}" backend_http_extra: - "option httpchk GET /" + - "http-check expect status 200" placement_api_external: enabled: "{{ enable_placement }}" mode: "http" @@ -29,6 +30,7 @@ placement_services: tls_backend: "{{ placement_enable_tls_backend }}" backend_http_extra: - "option httpchk GET /" + - "http-check expect status 200" #################### # Config Validate diff --git a/ansible/roles/rabbitmq/defaults/main.yml b/ansible/roles/rabbitmq/defaults/main.yml index f1ed69f38a..72cb1e657f 100644 --- a/ansible/roles/rabbitmq/defaults/main.yml +++ b/ansible/roles/rabbitmq/defaults/main.yml @@ -26,7 +26,8 @@ rabbitmq_services: port: "{{ rabbitmq_management_port }}" host_group: "rabbitmq" backend_http_extra: - - "option httpchk" + - "option httpchk GET /api/overview" + - "http-check send hdr Authorization 'Basic {{ (rabbitmq_monitoring_user + ':' + rabbitmq_monitoring_password) | b64encode }}'" #################### # Docker diff --git a/ansible/roles/tacker/defaults/main.yml b/ansible/roles/tacker/defaults/main.yml index ddcee2a24b..e00108b97c 100644 --- a/ansible/roles/tacker/defaults/main.yml +++ b/ansible/roles/tacker/defaults/main.yml @@ -16,6 +16,9 @@ tacker_services: external: false port: "{{ tacker_server_port }}" listen_port: "{{ tacker_server_listen_port }}" + backend_http_extra: + - "option httpchk GET /" + - "http-check expect status 200" custom_member_list: "{{ tacker_haproxy_members.split(';') }}" tacker_server_external: enabled: "{{ enable_tacker }}" @@ -24,6 +27,9 @@ tacker_services: external_fqdn: "{{ tacker_external_fqdn }}" port: "{{ tacker_server_public_port }}" listen_port: "{{ tacker_server_listen_port }}" + backend_http_extra: + - "option httpchk GET /" + - "http-check expect status 200" custom_member_list: "{{ tacker_haproxy_members.split(';') }}" tacker-conductor: container_name: "tacker_conductor" diff --git a/ansible/roles/trove/defaults/main.yml b/ansible/roles/trove/defaults/main.yml index 3abf8e622a..8dd251d4e6 100644 --- a/ansible/roles/trove/defaults/main.yml +++ b/ansible/roles/trove/defaults/main.yml @@ -18,7 +18,8 @@ trove_services: listen_port: "{{ trove_api_listen_port }}" tls_backend: "{{ trove_enable_tls_backend }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" trove_api_external: enabled: "{{ enable_trove }}" mode: "http" @@ -28,7 +29,8 @@ trove_services: external_fqdn: "{{ trove_external_fqdn }}" port: "{{ trove_api_public_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" trove-conductor: container_name: trove_conductor group: trove-conductor @@ -106,7 +108,7 @@ trove_api_healthcheck_test: - "CMD-SHELL" - >- healthcheck_curl {{ 'https' if trove_enable_tls_backend | bool else 'http' }}://{{ - api_interface_address | put_address_in_context('url') }}:{{ trove_api_port }} + api_interface_address | put_address_in_context('url') }}:{{ trove_api_port }}/healthcheck trove_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" trove_api_healthcheck: interval: "{{ trove_api_healthcheck_interval }}" diff --git a/ansible/roles/watcher/defaults/main.yml b/ansible/roles/watcher/defaults/main.yml index d22e5ad995..86a68d5b4f 100644 --- a/ansible/roles/watcher/defaults/main.yml +++ b/ansible/roles/watcher/defaults/main.yml @@ -17,6 +17,7 @@ watcher_services: listen_port: "{{ watcher_api_listen_port }}" backend_http_extra: - "option httpchk GET /" + - "http-check expect status 200" watcher_api_external: enabled: "{{ enable_watcher }}" mode: "http" @@ -26,6 +27,7 @@ watcher_services: listen_port: "{{ watcher_api_listen_port }}" backend_http_extra: - "option httpchk GET /" + - "http-check expect status 200" watcher-applier: container_name: watcher_applier group: watcher-applier diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml index a35d0ddfa4..01a577f20c 100644 --- a/ansible/roles/zun/defaults/main.yml +++ b/ansible/roles/zun/defaults/main.yml @@ -17,7 +17,8 @@ zun_services: port: "{{ zun_api_port }}" listen_port: "{{ zun_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" zun_api_external: enabled: "{{ enable_zun }}" mode: "http" @@ -26,7 +27,8 @@ zun_services: port: "{{ zun_api_public_port }}" listen_port: "{{ zun_api_listen_port }}" backend_http_extra: - - "option httpchk" + - "option httpchk GET /healthcheck" + - "http-check expect status 200" zun-wsproxy: container_name: zun_wsproxy group: zun-wsproxy @@ -127,7 +129,7 @@ zun_api_enable_healthchecks: "{{ enable_container_healthchecks }}" zun_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}" zun_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}" zun_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -zun_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ zun_api_port }}"] +zun_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ zun_api_port }}/healthcheck"] zun_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" zun_api_healthcheck: interval: "{{ zun_api_healthcheck_interval }}" diff --git a/releasenotes/notes/add-healthcheck-a7b535c31bb72cfe.yaml b/releasenotes/notes/add-healthcheck-a7b535c31bb72cfe.yaml new file mode 100644 index 0000000000..9b0082db71 --- /dev/null +++ b/releasenotes/notes/add-healthcheck-a7b535c31bb72cfe.yaml @@ -0,0 +1,14 @@ +--- +features: + - | + Standardized health check endpoints for OpenStack API + services and supporting components (Grafana, etcd, influxdb, + rabbitmq). Both HAProxy and Docker health checks now use + dedicated endpoints like **/healthcheck**, **/api/health**, + or service-specific paths for consistent and reliable detection. + + Health checks now explicitly expect HTTP 200 status codes + and use standardized curl commands across all services. + + Docker container health checks have been unified with + HAProxy configurations, using the same dedicated endpoints.