From 159f3de989b27c0dcee67e39809588de75ce7665 Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Wed, 30 Apr 2025 10:14:40 +0100 Subject: [PATCH 1/7] Remove warning from password rotation docs page The Password rotation docs page had a warning that the guide relied on "recent changes" to Kolla Ansible. The changes have now existed for over a year, so the warning is not needed. Change-Id: I0706de976f5184a91977c11897524a6cd48d0b1c --- doc/source/admin/password-rotation.rst | 7 ------- 1 file changed, 7 deletions(-) diff --git a/doc/source/admin/password-rotation.rst b/doc/source/admin/password-rotation.rst index 5067099759..a566783912 100644 --- a/doc/source/admin/password-rotation.rst +++ b/doc/source/admin/password-rotation.rst @@ -11,13 +11,6 @@ variable, only the most common ones. Always back up your ``passwords.yml`` file before making any changes. Otherwise, it is easy to make unrecoverable mistakes. -.. warning:: - - This guide relies on recent changes to Kolla and Kolla-Ansible. You may - encounter errors if applying this guide to older deployments. It is - recommended that you update your containers and kolla-ansible to the latest - available versions before proceeding. - Regenerating secrets -------------------- From 6d3ce3074dae66dbd0e16e6f302f0fda75cf7df7 Mon Sep 17 00:00:00 2001 From: Doug Szumski Date: Mon, 20 Apr 2026 09:40:33 +0100 Subject: [PATCH 2/7] Update name of dataplane node exporter This was renamed upstream, and the default config path has also been amended [1]. [1] https://github.com/openstack-k8s-operators/openstack-network-exporter#configuration Depends-on: Id30cab4e4bbac470f33354870fd941c3ea17815c Change-Id: I35b3bb10aec18a9377515e8c04d2542e712c0f12 Signed-off-by: Doug Szumski --- .../templates/prometheus-openstack-network-exporter.json.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/prometheus/templates/prometheus-openstack-network-exporter.json.j2 b/ansible/roles/prometheus/templates/prometheus-openstack-network-exporter.json.j2 index ea74a9b7ae..fe27ee57c8 100644 --- a/ansible/roles/prometheus/templates/prometheus-openstack-network-exporter.json.j2 +++ b/ansible/roles/prometheus/templates/prometheus-openstack-network-exporter.json.j2 @@ -1,9 +1,9 @@ { - "command": "/opt/openstack-network-exporter/dataplane-node-exporter", + "command": "/opt/openstack-network-exporter/openstack-network-exporter", "config_files": [ { "source": "{{ container_config_directory }}/openstack-network-exporter.yaml", - "dest": "/etc/dataplane-node-exporter.yaml", + "dest": "/etc/openstack-network-exporter.yaml", "owner": "prometheus", "perm": "0600" }{% if kolla_copy_ca_into_containers | bool %}, From a05ceb5fe6b6e30b88ca4d4539465245fd475f02 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Thu, 2 Apr 2026 10:25:03 +0200 Subject: [PATCH 3/7] Tidy up release notes for Gazpacho release Change-Id: I9a7ba73ed499dd5edeea5f8fec6a4aef72d026cb Signed-off-by: Bertrand Lanson --- ...terface_length_check-e7c4456b92cae281.yaml | 11 ++++----- ...add_rabbitmq_mgm_tls-86706572b96aacfa.yaml | 4 +++- .../barbican-uwsgi-845123de69b4a30a.yaml | 4 ++-- ...yaml => bug-2106219-67532593585a1e10.yaml} | 0 .../notes/bug-2131993-d67c68845ddf5556.yaml | 2 +- .../notes/bug-2138498-564e7475f1d4cc27.yaml | 1 - .../notes/bug-2143979-7c81b4560bba6efd.yaml | 2 +- ...innodb-log-file-size-6d280b738baa3897.yaml | 23 ++++++++----------- ...op-influxdb-telegraf-53da82866d55c3e5.yaml | 10 ++++---- ...n_haproxy_tls_config-edeea2ed54316bad.yaml | 4 ++-- .../ironic-drop-legacy-6ab1fa7c20a80ff7.yaml | 3 ++- ...asource-alertmanager-d724981bd971da92.yaml | 3 ++- ...istro-python-version-09adac8895cb87d1.yaml | 3 ++- ...lugin-install-via-ui-6c437ae59b68ef53.yaml | 2 +- .../uwsgi-designate-649599b4b9a1bdfd.yaml | 2 +- .../notes/uwsgi-magnum-6702c72f30286978.yaml | 2 +- 16 files changed, 36 insertions(+), 40 deletions(-) rename releasenotes/notes/{bug-2073159-67532593585a1e10.yaml => bug-2106219-67532593585a1e10.yaml} (100%) diff --git a/releasenotes/notes/add_neutron_external_interface_length_check-e7c4456b92cae281.yaml b/releasenotes/notes/add_neutron_external_interface_length_check-e7c4456b92cae281.yaml index c66c808a9c..76531ed032 100644 --- a/releasenotes/notes/add_neutron_external_interface_length_check-e7c4456b92cae281.yaml +++ b/releasenotes/notes/add_neutron_external_interface_length_check-e7c4456b92cae281.yaml @@ -1,10 +1,9 @@ --- features: - | - Add neutron interface<->bridge parity validation. - Validates that the number of neutron_external_interface - entries matches the number of neutron_bridge_name entries - in the configuration. This prevents misconfigurations - that could cause deployment failures or incorrect - networking behavior. + Added a validation check to ensure the number of + ``neutron_external_interface`` entries matches the number of + ``neutron_bridge_name`` entries in the configuration. + This prevents misconfigurations that could cause deployment + failures or incorrect networking behavior. `LP#1864832 `__ diff --git a/releasenotes/notes/add_rabbitmq_mgm_tls-86706572b96aacfa.yaml b/releasenotes/notes/add_rabbitmq_mgm_tls-86706572b96aacfa.yaml index 83a03b83b8..864e56ea63 100644 --- a/releasenotes/notes/add_rabbitmq_mgm_tls-86706572b96aacfa.yaml +++ b/releasenotes/notes/add_rabbitmq_mgm_tls-86706572b96aacfa.yaml @@ -1,4 +1,6 @@ --- features: - | - Added support for RabbitMQ management interface SSL configuration. + Added TLS support for the RabbitMQ management API and UI. When + ``rabbitmq_enable_tls`` is set to ``true``, TLS is now also enabled + for the RabbitMQ management interface. diff --git a/releasenotes/notes/barbican-uwsgi-845123de69b4a30a.yaml b/releasenotes/notes/barbican-uwsgi-845123de69b4a30a.yaml index 81b6580298..91e4ca7b4d 100644 --- a/releasenotes/notes/barbican-uwsgi-845123de69b4a30a.yaml +++ b/releasenotes/notes/barbican-uwsgi-845123de69b4a30a.yaml @@ -1,5 +1,5 @@ --- upgrade: - | - ``barbican`` uWSGI configuration has been reworked to use the same service - role as other Ansible roles. + ``barbican-api`` uWSGI configuration has been migrated to use the + ``service-uwsgi-config`` role, consistent with other Kolla-Ansible roles. diff --git a/releasenotes/notes/bug-2073159-67532593585a1e10.yaml b/releasenotes/notes/bug-2106219-67532593585a1e10.yaml similarity index 100% rename from releasenotes/notes/bug-2073159-67532593585a1e10.yaml rename to releasenotes/notes/bug-2106219-67532593585a1e10.yaml diff --git a/releasenotes/notes/bug-2131993-d67c68845ddf5556.yaml b/releasenotes/notes/bug-2131993-d67c68845ddf5556.yaml index 8c06ba28b4..ad4ad91d95 100644 --- a/releasenotes/notes/bug-2131993-d67c68845ddf5556.yaml +++ b/releasenotes/notes/bug-2131993-d67c68845ddf5556.yaml @@ -3,4 +3,4 @@ fixes: - | Fixes issue where ProxySQL certificates were copied over even with ``kolla_externally_managed_cert`` set to True. - `LP#2073159 `__ + `LP#2131993 `__ diff --git a/releasenotes/notes/bug-2138498-564e7475f1d4cc27.yaml b/releasenotes/notes/bug-2138498-564e7475f1d4cc27.yaml index dcbd2c54da..41c353134f 100644 --- a/releasenotes/notes/bug-2138498-564e7475f1d4cc27.yaml +++ b/releasenotes/notes/bug-2138498-564e7475f1d4cc27.yaml @@ -4,5 +4,4 @@ fixes: Fixed an issue where Neutron sub-services (RPC server, maintenance and periodic workers) would crash when ``enable_neutron_vpnaas`` was set to ``yes`` due to missing ``neutron_vpnaas.conf`` file injection. - neutron: inject neutron_vpnaas.conf into auxiliary services `LP#2138498 `__ diff --git a/releasenotes/notes/bug-2143979-7c81b4560bba6efd.yaml b/releasenotes/notes/bug-2143979-7c81b4560bba6efd.yaml index 5a9f4729b2..8d85754164 100644 --- a/releasenotes/notes/bug-2143979-7c81b4560bba6efd.yaml +++ b/releasenotes/notes/bug-2143979-7c81b4560bba6efd.yaml @@ -5,6 +5,6 @@ fixes: unnecessarily restarted during every ``reconfigure`` operation. The container handler now correctly includes the ``healthcheck`` configuration, ensuring idempotency - by matching the container's runtime definition with + by matching the container's runtime definition with the service defaults. `LP#2143979 `__ diff --git a/releasenotes/notes/bugfix-bump-mariadb-innodb-log-file-size-6d280b738baa3897.yaml b/releasenotes/notes/bugfix-bump-mariadb-innodb-log-file-size-6d280b738baa3897.yaml index 3dafce0c8f..038557bb72 100644 --- a/releasenotes/notes/bugfix-bump-mariadb-innodb-log-file-size-6d280b738baa3897.yaml +++ b/releasenotes/notes/bugfix-bump-mariadb-innodb-log-file-size-6d280b738baa3897.yaml @@ -2,22 +2,17 @@ features: - | Increased the default value of ``innodb_log_file_size`` from 96MB to 2GB. - This change improves overall performance of MariaDB. - However, the recovery of MariaDB may take longer time as a tradeoff. - Users can adjust the value by overriding K-A variable - ``mariadb_innodb_log_file_size_mb``. - The allowed minimum is 4MB and maximum is 524288MB (512GB) + This change improves overall MariaDB performance, though crash recovery + may take longer as a tradeoff. Users can adjust the value by overriding + the ``mariadb_innodb_log_file_size_mb`` variable. The allowed range is + 4MB to 524288MB (512GB). upgrade: - | The default value of ``innodb_log_file_size`` has increased from 96MB to - 2GB. - This improves MariaDB performance but recovery time from crash may take - longer time as a tradeoff. - Users are recommended to consider the recovery time with new default - before upgrade. - Users are recommended to check if disk space is enough with larger InnoDB - log file. + 2GB. This improves MariaDB performance but crash recovery may take longer. + Before upgrading, ensure sufficient disk space is available for the larger + InnoDB log file. fixes: - | - Fixes bug `LP#2129930 `__ - which made Zuul CI to fail MariaDB backup test sometimes. + Fixed an intermittent Zuul CI failure in the MariaDB backup test. + `LP#2129930 `__ diff --git a/releasenotes/notes/drop-influxdb-telegraf-53da82866d55c3e5.yaml b/releasenotes/notes/drop-influxdb-telegraf-53da82866d55c3e5.yaml index 92deca5d73..4f8a2159e5 100644 --- a/releasenotes/notes/drop-influxdb-telegraf-53da82866d55c3e5.yaml +++ b/releasenotes/notes/drop-influxdb-telegraf-53da82866d55c3e5.yaml @@ -1,12 +1,10 @@ --- upgrade: - | - Support for deploying ``influxdb`` has been dropped, because Kolla - delivers a community end of life version v1, and there are no plans - to upgrade influxdb to v2 - there are better open source alternatives - out there. - Existing users need to remove influxdb containers and their - configuration manually. + Support for deploying ``influxdb`` has been dropped. Kolla delivered + the community end-of-life version v1, and there are no plans to upgrade + to v2. Users should migrate to an alternative monitoring solution and + remove influxdb containers and their configuration manually. - | Support for deploying ``telegraf`` has been dropped after earlier deprecation. diff --git a/releasenotes/notes/harden_haproxy_tls_config-edeea2ed54316bad.yaml b/releasenotes/notes/harden_haproxy_tls_config-edeea2ed54316bad.yaml index 1adcdcec1d..c5c2a235b2 100644 --- a/releasenotes/notes/harden_haproxy_tls_config-edeea2ed54316bad.yaml +++ b/releasenotes/notes/harden_haproxy_tls_config-edeea2ed54316bad.yaml @@ -1,7 +1,7 @@ --- features: - | - Harden the HAProxy TLS configuration according to Mozilla SSL - recommendations for HAProxy 2.8.15 and OpenSSL 3.x + The HAProxy TLS configuration has been hardened following Mozilla SSL + Modern recommendations for HAProxy 2.8.15 and OpenSSL 3.x (Rocky Linux and Ubuntu): ``__ diff --git a/releasenotes/notes/ironic-drop-legacy-6ab1fa7c20a80ff7.yaml b/releasenotes/notes/ironic-drop-legacy-6ab1fa7c20a80ff7.yaml index 0fe4e9821a..07308c265c 100644 --- a/releasenotes/notes/ironic-drop-legacy-6ab1fa7c20a80ff7.yaml +++ b/releasenotes/notes/ironic-drop-legacy-6ab1fa7c20a80ff7.yaml @@ -1,4 +1,5 @@ --- upgrade: - | - ``Ironic`` legacy upgrade mechanism has been dropped. + The legacy (non-rolling) ``ironic`` upgrade mechanism has been dropped. + Ironic upgrades now exclusively use the rolling upgrade mechanism. diff --git a/releasenotes/notes/new-datasource-alertmanager-d724981bd971da92.yaml b/releasenotes/notes/new-datasource-alertmanager-d724981bd971da92.yaml index 0a63da14b2..53591f2034 100644 --- a/releasenotes/notes/new-datasource-alertmanager-d724981bd971da92.yaml +++ b/releasenotes/notes/new-datasource-alertmanager-d724981bd971da92.yaml @@ -1,4 +1,5 @@ --- features: - | - Added new Alertmanager datasource in Grafana. + An Alertmanager datasource is now automatically configured in Grafana + when ``enable_prometheus_alertmanager`` is set to ``true``. diff --git a/releasenotes/notes/remove-distro-python-version-09adac8895cb87d1.yaml b/releasenotes/notes/remove-distro-python-version-09adac8895cb87d1.yaml index 6f19718c39..c3629c1235 100644 --- a/releasenotes/notes/remove-distro-python-version-09adac8895cb87d1.yaml +++ b/releasenotes/notes/remove-distro-python-version-09adac8895cb87d1.yaml @@ -1,4 +1,5 @@ --- upgrade: - | - The global variable ``distro_python_version`` has been removed + The global variable ``distro_python_version`` has been removed as it is + no longer needed. Python path handling is now done at the image level. diff --git a/releasenotes/notes/stop-grafana-plugin-install-via-ui-6c437ae59b68ef53.yaml b/releasenotes/notes/stop-grafana-plugin-install-via-ui-6c437ae59b68ef53.yaml index bfba78baa2..c496552718 100644 --- a/releasenotes/notes/stop-grafana-plugin-install-via-ui-6c437ae59b68ef53.yaml +++ b/releasenotes/notes/stop-grafana-plugin-install-via-ui-6c437ae59b68ef53.yaml @@ -3,4 +3,4 @@ fixes: - | Prevents users installing plugins via the Grafana UI which will cause Grafana instances to become out-of-sync in multinode deployments. - See `LP#2122587 `_. + `LP#2122587 `__ diff --git a/releasenotes/notes/uwsgi-designate-649599b4b9a1bdfd.yaml b/releasenotes/notes/uwsgi-designate-649599b4b9a1bdfd.yaml index 65097770c2..64280ae730 100644 --- a/releasenotes/notes/uwsgi-designate-649599b4b9a1bdfd.yaml +++ b/releasenotes/notes/uwsgi-designate-649599b4b9a1bdfd.yaml @@ -1,4 +1,4 @@ --- upgrade: - | - ``designate-api`` is now running under uWSGI and now supports backend TLS. + ``designate-api`` is now running under uWSGI and supports backend TLS. diff --git a/releasenotes/notes/uwsgi-magnum-6702c72f30286978.yaml b/releasenotes/notes/uwsgi-magnum-6702c72f30286978.yaml index d8794b4c85..47e5bf7a9e 100644 --- a/releasenotes/notes/uwsgi-magnum-6702c72f30286978.yaml +++ b/releasenotes/notes/uwsgi-magnum-6702c72f30286978.yaml @@ -1,4 +1,4 @@ --- upgrade: - | - ``magnum-api`` is now running under uWSGI and now supports backend TLS. + ``magnum-api`` is now running under uWSGI and supports backend TLS. From bb687777c8da07a002a2c0a0d8cc8ea428f10765 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Wed, 22 Apr 2026 14:59:13 +0200 Subject: [PATCH 4/7] nova-compute: Copy multipath.conf into nova-compute container When using multipathd - nova-compute errors out with nonexisting /etc/multipath.conf - let's copy it in Closes-Bug: #2100614 Change-Id: I52716276ab58df57180dc5dec9d7ef1c537d7e8d Signed-off-by: Michal Nasiadka --- ansible/roles/nova-cell/tasks/config.yml | 20 +++++++++++++++++++ .../nova-cell/templates/multipath.conf.j2 | 8 ++++++++ .../nova-cell/templates/nova-compute.json.j2 | 6 ++++++ 3 files changed, 34 insertions(+) create mode 100644 ansible/roles/nova-cell/templates/multipath.conf.j2 diff --git a/ansible/roles/nova-cell/tasks/config.yml b/ansible/roles/nova-cell/tasks/config.yml index 87104f89e8..b6bd7e5d03 100644 --- a/ansible/roles/nova-cell/tasks/config.yml +++ b/ansible/roles/nova-cell/tasks/config.yml @@ -212,3 +212,23 @@ with_items: - nova-compute - nova-compute-ironic + +- name: Copying over multipath.conf + become: true + vars: + service: "{{ nova_cell_services['nova-compute'] }}" + ansible.builtin.template: + src: "{{ item }}" + dest: "{{ node_config_directory }}/nova-compute/multipath.conf" + mode: "0660" + with_first_found: + - files: + - "{{ node_custom_config }}/nova/{{ inventory_hostname }}/multipath.conf" + - "{{ node_custom_config }}/multipath/{{ inventory_hostname }}/multipath.conf" + - "{{ node_custom_config }}/nova/multipath.conf" + - "{{ node_custom_config }}/multipath.conf" + - "multipath.conf.j2" + skip: true + when: + - service | service_enabled_and_mapped_to_host + - enable_multipathd | bool diff --git a/ansible/roles/nova-cell/templates/multipath.conf.j2 b/ansible/roles/nova-cell/templates/multipath.conf.j2 new file mode 100644 index 0000000000..478eef0230 --- /dev/null +++ b/ansible/roles/nova-cell/templates/multipath.conf.j2 @@ -0,0 +1,8 @@ +defaults { + user_friendly_names no + find_multipaths yes + skip_kpartx yes +} + +blacklist { +} diff --git a/ansible/roles/nova-cell/templates/nova-compute.json.j2 b/ansible/roles/nova-cell/templates/nova-compute.json.j2 index 655ee03794..97bd5235ef 100644 --- a/ansible/roles/nova-cell/templates/nova-compute.json.j2 +++ b/ansible/roles/nova-cell/templates/nova-compute.json.j2 @@ -79,6 +79,12 @@ "dest": "/var/lib/kolla/share/ca-certificates", "owner": "root", "perm": "0600" + }{% endif %}{% if enable_multipathd | bool %}, + { + "source": "{{ container_config_directory }}/multipath.conf", + "dest": "/etc/multipath.conf", + "owner": "root", + "perm": "0644" }{% endif %} ], "permissions": [ From 1b42101d82d716387af9c970e4573f766579f7f6 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 25 Jun 2025 11:09:40 +0100 Subject: [PATCH 5/7] Make RabbitMQ stream retention policy configurable When fanout queues are set to be RabbitMQ stream, number of ready messages in stream queues grow large. This is because retention policy of stream is only applied when stream segments hit the maximum size. This change make the maximum size of RabbitMQ stream segment and the retention time configurable by new variables ``rabbitmq_stream_max_segment_size_bytes`` and ``rabbitmq_stream_segment_max_age`` respectively. NOTE: These are only applied when ``om_enable_rabbitmq_stream_fanout`` is set to ``true``. Change-Id: Iade5e525f0de8981a0e03e3340ad7552c2f40121 Signed-off-by: Seunghun Lee --- ansible/roles/rabbitmq/defaults/main.yml | 13 ++++++++ ansible/roles/rabbitmq/tasks/precheck.yml | 21 +++++++++++++ .../rabbitmq/templates/definitions.json.j2 | 19 +++++++++++- .../reference/message-queues/rabbitmq.rst | 31 +++++++++++++++++++ ...-policy-configurable-99388b8113d5fcac.yaml | 10 ++++++ 5 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/make-rabbitmq-stream-retention-policy-configurable-99388b8113d5fcac.yaml diff --git a/ansible/roles/rabbitmq/defaults/main.yml b/ansible/roles/rabbitmq/defaults/main.yml index f1ed69f38a..9ccbb6b0ac 100644 --- a/ansible/roles/rabbitmq/defaults/main.yml +++ b/ansible/roles/rabbitmq/defaults/main.yml @@ -88,6 +88,19 @@ rabbitmq_message_ttl_ms: 600000 rabbitmq_queue_expiry_ms: 3600000 rabbitmq_extra_config: {} +### RabbitMQ stream queue retention policy ### +# These policies will only be applied when om_enable_rabbitmq_stream_fanout is true + +# Maximum size of stream segments. This variable needs to be positive integer. +# Default value follows RabbitMQ default size of a segment in bytes: 500000000 (500MB) +# https://www.rabbitmq.com/docs/streams#declaring +rabbitmq_stream_max_segment_size_bytes: 500000000 +# Retention time of segments that reached the maximum size. +# This variable needs to be string with valid options of Y, M, D, h, m, s. +# Default value follows oslo.messaging default: 1800s +# https://docs.openstack.org/oslo.messaging/latest/configuration/opts.html#oslo_messaging_rabbit.rabbit_transient_queues_ttl +rabbitmq_stream_segment_max_age: "1800s" + #################### # Plugins #################### diff --git a/ansible/roles/rabbitmq/tasks/precheck.yml b/ansible/roles/rabbitmq/tasks/precheck.yml index 19f192dfc1..a5c8f6340f 100644 --- a/ansible/roles/rabbitmq/tasks/precheck.yml +++ b/ansible/roles/rabbitmq/tasks/precheck.yml @@ -161,3 +161,24 @@ when: - item.name is search('_fanout') - om_enable_rabbitmq_stream_fanout | bool + +- name: Check if RabbitMQ stream queue policy variables are valid + when: om_enable_rabbitmq_stream_fanout | bool + block: + - name: Check if the value of rabbitmq_stream_max_segment_size_bytes is valid + ansible.builtin.assert: + that: + - rabbitmq_stream_max_segment_size_bytes is integer + - rabbitmq_stream_max_segment_size_bytes > 0 + fail_msg: > + rabbitmq_stream_max_segment_size_bytes needs to be a positive integer. + Please check its value again. + + - name: Check if the value of rabbitmq_stream_segment_max_age is valid + ansible.builtin.assert: + that: + - rabbitmq_stream_segment_max_age is string + - 'rabbitmq_stream_segment_max_age is regex("^[0-9]+[YMDhms]$")' + fail_msg: > + rabbitmq_stream_segment_max_age needs to have numeric string that ends with one of the units in [Y, M, D, h, m, s]. + Please check its value again. diff --git a/ansible/roles/rabbitmq/templates/definitions.json.j2 b/ansible/roles/rabbitmq/templates/definitions.json.j2 index 2987066336..319e95f13b 100644 --- a/ansible/roles/rabbitmq/templates/definitions.json.j2 +++ b/ansible/roles/rabbitmq/templates/definitions.json.j2 @@ -1,3 +1,4 @@ +#jinja2: trim_blocks: False { "vhosts": [ {"name": "/"} @@ -10,5 +11,21 @@ {"user": "{{ role_rabbitmq_user }}", "vhost": "/", "configure": ".*", "write": ".*", "read": ".*"}{% if role_rabbitmq_monitoring_user is defined and role_rabbitmq_monitoring_user %}, {"user": "{{ role_rabbitmq_monitoring_user }}", "vhost": "/", "configure": "^$", "write": "^$", "read": ".*"}{% endif %} ], - "policies":[] +{% if om_enable_rabbitmq_stream_fanout | bool %} + "policies": [ + { + "vhost": "/", + "name": "stream-retention-policy", + "apply-to": "streams", + "pattern": ".+", + "definition": { + "stream-max-segment-size-bytes": {{ rabbitmq_stream_max_segment_size_bytes }}, + "max-age": "{{ rabbitmq_stream_segment_max_age }}" + }, + "priority": 1 + } + ] +{% else %} + "policies": [] +{% endif %} } diff --git a/doc/source/reference/message-queues/rabbitmq.rst b/doc/source/reference/message-queues/rabbitmq.rst index 1eed7ef146..1396976337 100644 --- a/doc/source/reference/message-queues/rabbitmq.rst +++ b/doc/source/reference/message-queues/rabbitmq.rst @@ -209,3 +209,34 @@ Currently, membership changes for streams `is not entirely safe `__, so this script should only be used when the RabbitMQ cluster is in a known healthy state. + +Streams Retention Period +~~~~~~~~~~~~~~~~~~~~~~~~ + +When using RabbitMQ streams for fanout queues by setting +``om_enable_rabbitmq_stream_fanout: true``, users can set retention policy for +them with the use of two variables ``rabbitmq_stream_max_segment_size_bytes`` +and ``rabbitmq_stream_segment_max_age`` to avoid running out of disk space +eventually. + +Default configuration set segments of a stream queues to have maximum size of +500 MB (`RabbitMQ default `__) +and the retention time of 1800 seconds once a segment reaches the maximum size +(`oslo.messaging default +`__). +These default values will leave large number of ready messages in stream +queues even though old ones are removed by the retention policy. +So it is recommended to tune them based on how busy the cloud is. + +``rabbitmq_stream_max_segment_size_bytes`` sets the maximum size of stream +segments. This variable needs to be positive integer. + +``rabbitmq_stream_segment_max_age`` sets the retention time of segments that +reached the maximum size. This variable needs to be string with valid options +of Y, M, D, h, m, s (e.g. 24h for 24 hours). + +.. code-block:: yaml + + # Example custom retention policy configuration + rabbitmq_stream_max_segment_size_bytes: 5000 # 5 KB + rabbitmq_stream_segment_max_age: "60s" # 60 seconds diff --git a/releasenotes/notes/make-rabbitmq-stream-retention-policy-configurable-99388b8113d5fcac.yaml b/releasenotes/notes/make-rabbitmq-stream-retention-policy-configurable-99388b8113d5fcac.yaml new file mode 100644 index 0000000000..7f14e29b7b --- /dev/null +++ b/releasenotes/notes/make-rabbitmq-stream-retention-policy-configurable-99388b8113d5fcac.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + New variables ``rabbitmq_stream_max_segment_size_bytes`` and + ``rabbitmq_stream_segment_max_age`` are added to make RabbitMQ stream + retention policy configurable. + These two new variables are only applied when + ``om_enable_rabbitmq_stream_fanout`` is set to true. + It is recommended to tune the values based on user's environment to + prevent leaving too many ready messages in stream queues. From 9f1256ba74f05ea815e97e5769f9942f80bc0261 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Fri, 24 Apr 2026 19:05:46 +0200 Subject: [PATCH 6/7] Drop zun and kuryr Zun is broken in 2026.1, it has been released broken and there are no reviews on the patch to fix it [1]. [1]: https://review.opendev.org/c/openstack/zun/+/982362 Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/986150 Change-Id: I8ced621754d03c44b7672dd94fc3d7d2173ac734 Signed-off-by: Michal Nasiadka --- README.rst | 2 - ansible/group_vars/all/horizon.yml | 1 - ansible/group_vars/all/kuryr.yml | 4 - ansible/group_vars/all/placement.yml | 2 +- ansible/group_vars/all/zun.yml | 30 -- ansible/inventory/all-in-one | 16 -- ansible/inventory/multinode | 16 -- ansible/roles/cron/tasks/config.yml | 2 - ansible/roles/fluentd/defaults/main.yml | 2 - .../templates/conf/filter/01-rewrite.conf.j2 | 10 - ansible/roles/horizon/defaults/main.yml | 1 - ansible/roles/kuryr/defaults/main.yml | 98 ------- ansible/roles/kuryr/handlers/main.yml | 16 -- .../roles/kuryr/tasks/check-containers.yml | 4 - ansible/roles/kuryr/tasks/check.yml | 4 - ansible/roles/kuryr/tasks/clone.yml | 16 -- ansible/roles/kuryr/tasks/config.yml | 79 ------ ansible/roles/kuryr/tasks/config_validate.yml | 8 - ansible/roles/kuryr/tasks/copy-certs.yml | 6 - .../roles/kuryr/tasks/deploy-containers.yml | 3 - ansible/roles/kuryr/tasks/deploy.yml | 17 -- ansible/roles/kuryr/tasks/main.yml | 3 - ansible/roles/kuryr/tasks/precheck.yml | 28 -- ansible/roles/kuryr/tasks/pull.yml | 4 - ansible/roles/kuryr/tasks/reconfigure.yml | 3 - ansible/roles/kuryr/tasks/register.yml | 7 - ansible/roles/kuryr/tasks/stop.yml | 7 - ansible/roles/kuryr/tasks/upgrade.yml | 9 - ansible/roles/kuryr/templates/kuryr.conf.j2 | 32 --- ansible/roles/kuryr/templates/kuryr.json.j2 | 36 --- ansible/roles/kuryr/templates/kuryr.spec.j2 | 1 - ansible/roles/kuryr/vars/main.yml | 2 - ansible/roles/loadbalancer/tasks/precheck.yml | 13 - ansible/roles/prometheus/defaults/main.yml | 4 - ansible/roles/skyline/templates/nginx.conf.j2 | 12 - .../roles/skyline/templates/skyline.yaml.j2 | 3 - ansible/roles/zun/defaults/main.yml | 265 ------------------ ansible/roles/zun/handlers/main.yml | 72 ----- ansible/roles/zun/tasks/bootstrap.yml | 41 --- ansible/roles/zun/tasks/bootstrap_service.yml | 20 -- ansible/roles/zun/tasks/check-containers.yml | 4 - ansible/roles/zun/tasks/check.yml | 4 - ansible/roles/zun/tasks/clone.yml | 8 - ansible/roles/zun/tasks/config.yml | 88 ------ ansible/roles/zun/tasks/config_validate.yml | 8 - ansible/roles/zun/tasks/copy-certs.yml | 6 - ansible/roles/zun/tasks/deploy-containers.yml | 3 - ansible/roles/zun/tasks/deploy.yml | 19 -- ansible/roles/zun/tasks/external_ceph.yml | 23 -- ansible/roles/zun/tasks/loadbalancer.yml | 7 - ansible/roles/zun/tasks/main.yml | 3 - ansible/roles/zun/tasks/precheck.yml | 60 ---- ansible/roles/zun/tasks/pull.yml | 4 - ansible/roles/zun/tasks/reconfigure.yml | 3 - ansible/roles/zun/tasks/register.yml | 8 - ansible/roles/zun/tasks/stop.yml | 7 - ansible/roles/zun/tasks/upgrade.yml | 12 - ansible/roles/zun/templates/zun-api.json.j2 | 36 --- .../zun/templates/zun-cni-daemon.json.j2 | 29 -- .../roles/zun/templates/zun-compute.json.j2 | 48 ---- .../roles/zun/templates/zun-wsproxy.json.j2 | 30 -- ansible/roles/zun/templates/zun.conf.j2 | 144 ---------- ansible/roles/zun/vars/main.yml | 2 - ansible/site.yml | 37 --- doc/source/contributor/ci-matrix.csv | 1 - doc/source/reference/compute/index.rst | 1 - doc/source/reference/compute/zun-guide.rst | 116 -------- doc/source/reference/containers/index.rst | 4 +- .../reference/containers/kuryr-guide.rst | 66 ----- .../reference/storage/external-ceph-guide.rst | 28 -- etc/kolla/globals.yml | 9 +- etc/kolla/passwords.yml | 5 - .../drop-kuryr-and-zun-0c88940bb0878090.yaml | 6 + roles/openstack-clients/defaults/main.yml | 2 - tests/check-logs.sh | 3 - tests/pre.yml | 2 +- tests/run.yml | 16 +- tests/templates/globals-default.j2 | 14 - tests/templates/inventory.j2 | 16 -- tests/test-zun.sh | 169 ----------- zuul.d/scenarios/zun.yaml | 42 --- 81 files changed, 13 insertions(+), 1979 deletions(-) delete mode 100644 ansible/group_vars/all/kuryr.yml delete mode 100644 ansible/group_vars/all/zun.yml delete mode 100644 ansible/roles/kuryr/defaults/main.yml delete mode 100644 ansible/roles/kuryr/handlers/main.yml delete mode 100644 ansible/roles/kuryr/tasks/check-containers.yml delete mode 100644 ansible/roles/kuryr/tasks/check.yml delete mode 100644 ansible/roles/kuryr/tasks/clone.yml delete mode 100644 ansible/roles/kuryr/tasks/config.yml delete mode 100644 ansible/roles/kuryr/tasks/config_validate.yml delete mode 100644 ansible/roles/kuryr/tasks/copy-certs.yml delete mode 100644 ansible/roles/kuryr/tasks/deploy-containers.yml delete mode 100644 ansible/roles/kuryr/tasks/deploy.yml delete mode 100644 ansible/roles/kuryr/tasks/main.yml delete mode 100644 ansible/roles/kuryr/tasks/precheck.yml delete mode 100644 ansible/roles/kuryr/tasks/pull.yml delete mode 100644 ansible/roles/kuryr/tasks/reconfigure.yml delete mode 100644 ansible/roles/kuryr/tasks/register.yml delete mode 100644 ansible/roles/kuryr/tasks/stop.yml delete mode 100644 ansible/roles/kuryr/tasks/upgrade.yml delete mode 100644 ansible/roles/kuryr/templates/kuryr.conf.j2 delete mode 100644 ansible/roles/kuryr/templates/kuryr.json.j2 delete mode 100644 ansible/roles/kuryr/templates/kuryr.spec.j2 delete mode 100644 ansible/roles/kuryr/vars/main.yml delete mode 100644 ansible/roles/zun/defaults/main.yml delete mode 100644 ansible/roles/zun/handlers/main.yml delete mode 100644 ansible/roles/zun/tasks/bootstrap.yml delete mode 100644 ansible/roles/zun/tasks/bootstrap_service.yml delete mode 100644 ansible/roles/zun/tasks/check-containers.yml delete mode 100644 ansible/roles/zun/tasks/check.yml delete mode 100644 ansible/roles/zun/tasks/clone.yml delete mode 100644 ansible/roles/zun/tasks/config.yml delete mode 100644 ansible/roles/zun/tasks/config_validate.yml delete mode 100644 ansible/roles/zun/tasks/copy-certs.yml delete mode 100644 ansible/roles/zun/tasks/deploy-containers.yml delete mode 100644 ansible/roles/zun/tasks/deploy.yml delete mode 100644 ansible/roles/zun/tasks/external_ceph.yml delete mode 100644 ansible/roles/zun/tasks/loadbalancer.yml delete mode 100644 ansible/roles/zun/tasks/main.yml delete mode 100644 ansible/roles/zun/tasks/precheck.yml delete mode 100644 ansible/roles/zun/tasks/pull.yml delete mode 100644 ansible/roles/zun/tasks/reconfigure.yml delete mode 100644 ansible/roles/zun/tasks/register.yml delete mode 100644 ansible/roles/zun/tasks/stop.yml delete mode 100644 ansible/roles/zun/tasks/upgrade.yml delete mode 100644 ansible/roles/zun/templates/zun-api.json.j2 delete mode 100644 ansible/roles/zun/templates/zun-cni-daemon.json.j2 delete mode 100644 ansible/roles/zun/templates/zun-compute.json.j2 delete mode 100644 ansible/roles/zun/templates/zun-wsproxy.json.j2 delete mode 100644 ansible/roles/zun/templates/zun.conf.j2 delete mode 100644 ansible/roles/zun/vars/main.yml delete mode 100644 doc/source/reference/compute/zun-guide.rst delete mode 100644 doc/source/reference/containers/kuryr-guide.rst create mode 100644 releasenotes/notes/drop-kuryr-and-zun-0c88940bb0878090.yaml delete mode 100755 tests/test-zun.sh delete mode 100644 zuul.d/scenarios/zun.yaml diff --git a/README.rst b/README.rst index aacf55d767..1ef3018d9a 100644 --- a/README.rst +++ b/README.rst @@ -53,7 +53,6 @@ Kolla Ansible deploys containers for the following OpenStack projects: - `Horizon `__ - `Ironic `__ - `Keystone `__ -- `Kuryr `__ - `Magnum `__ - `Manila `__ - `Masakari `__ @@ -65,7 +64,6 @@ Kolla Ansible deploys containers for the following OpenStack projects: - `Tacker `__ - `Trove `__ - `Watcher `__ -- `Zun `__ Infrastructure components ------------------------- diff --git a/ansible/group_vars/all/horizon.yml b/ansible/group_vars/all/horizon.yml index d906f04085..71e1cc5e1b 100644 --- a/ansible/group_vars/all/horizon.yml +++ b/ansible/group_vars/all/horizon.yml @@ -15,7 +15,6 @@ enable_horizon_octavia: "{{ enable_octavia | bool }}" enable_horizon_tacker: "{{ enable_tacker | bool }}" enable_horizon_trove: "{{ enable_trove | bool }}" enable_horizon_watcher: "{{ enable_watcher | bool }}" -enable_horizon_zun: "{{ enable_zun | bool }}" ####################### # Horizon options diff --git a/ansible/group_vars/all/kuryr.yml b/ansible/group_vars/all/kuryr.yml deleted file mode 100644 index 8d6fada178..0000000000 --- a/ansible/group_vars/all/kuryr.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -enable_kuryr: false - -kuryr_port: "23750" diff --git a/ansible/group_vars/all/placement.yml b/ansible/group_vars/all/placement.yml index 4949393eaa..7afa7dcb8d 100644 --- a/ansible/group_vars/all/placement.yml +++ b/ansible/group_vars/all/placement.yml @@ -1,5 +1,5 @@ --- -enable_placement: "{{ enable_nova | bool or enable_zun | bool }}" +enable_placement: "{{ enable_nova | bool }}" placement_keystone_user: "placement" diff --git a/ansible/group_vars/all/zun.yml b/ansible/group_vars/all/zun.yml deleted file mode 100644 index 1d767401ce..0000000000 --- a/ansible/group_vars/all/zun.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -enable_zun: false - -# Extra docker options for Zun -docker_configure_for_zun: false -docker_zun_options: -H tcp://{{ api_interface_address | put_address_in_context('url') }}:2375 -docker_zun_config: {} -# Extra containerd options for Zun -containerd_configure_for_zun: false - -# Enable Ceph backed Cinder Volumes for zun -zun_configure_for_cinder_ceph: false - -# 42463 is the static group id of the zun user in the Zun image. -# If users customize this value on building the Zun images, -# they need to change this config accordingly. -containerd_grpc_gid: 42463 - -zun_api_port: "9517" -zun_api_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else zun_api_port }}" -zun_api_listen_port: "{{ zun_api_port }}" -zun_wsproxy_internal_fqdn: "{{ kolla_internal_fqdn }}" -zun_wsproxy_external_fqdn: "{{ kolla_external_fqdn }}" -zun_wsproxy_port: "6784" -zun_wsproxy_protocol: "{{ 'wss' if kolla_enable_tls_external | bool else 'ws' }}" -zun_cni_daemon_port: "9036" -zun_internal_fqdn: "{{ kolla_internal_fqdn }}" -zun_external_fqdn: "{{ kolla_external_fqdn }}" -zun_internal_base_endpoint: "{{ zun_internal_fqdn | kolla_url(internal_protocol, zun_api_port) }}" -zun_public_base_endpoint: "{{ zun_external_fqdn | kolla_url(public_protocol, zun_api_public_port) }}" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index a878e29a6b..2f5f1cf38c 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -142,9 +142,6 @@ control [bifrost:children] deployment -[zun:children] -control - [skyline:children] control @@ -491,19 +488,6 @@ designate [placement-api:children] placement -# Zun -[zun-api:children] -zun - -[zun-wsproxy:children] -zun - -[zun-compute:children] -compute - -[zun-cni-daemon:children] -compute - # Skyline [skyline-apiserver:children] skyline diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 2b3157b9c9..7bfa71ed09 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -160,9 +160,6 @@ control [bifrost:children] deployment -[zun:children] -control - [skyline:children] control @@ -508,19 +505,6 @@ designate [placement-api:children] placement -# Zun -[zun-api:children] -zun - -[zun-wsproxy:children] -zun - -[zun-compute:children] -compute - -[zun-cni-daemon:children] -compute - # Skyline [skyline-apiserver:children] skyline diff --git a/ansible/roles/cron/tasks/config.yml b/ansible/roles/cron/tasks/config.yml index 2bc2018f41..04cb91ba58 100644 --- a/ansible/roles/cron/tasks/config.yml +++ b/ansible/roles/cron/tasks/config.yml @@ -54,7 +54,6 @@ - { name: "horizon", enabled: "{{ enable_horizon | bool }}" } - { name: "ironic", enabled: "{{ enable_ironic | bool }}" } - { name: "keystone", enabled: "{{ enable_keystone | bool }}" } - - { name: "kuryr", enabled: "{{ enable_kuryr | bool }}" } - { name: "magnum", enabled: "{{ enable_magnum | bool }}" } - { name: "manila", enabled: "{{ enable_manila | bool }}" } - { name: "mariadb", enabled: "{{ enable_mariadb | bool }}" } @@ -76,7 +75,6 @@ - { name: "tacker", enabled: "{{ enable_tacker | bool }}" } - { name: "trove", enabled: "{{ enable_trove | bool }}" } - { name: "watcher", enabled: "{{ enable_watcher | bool }}" } - - { name: "zun", enabled: "{{ enable_zun | bool }}" } ansible.builtin.template: src: "{{ item }}" dest: "{{ node_config_directory }}/cron/logrotate.conf" diff --git a/ansible/roles/fluentd/defaults/main.yml b/ansible/roles/fluentd/defaults/main.yml index cdb6a8f47f..e21b24458f 100644 --- a/ansible/roles/fluentd/defaults/main.yml +++ b/ansible/roles/fluentd/defaults/main.yml @@ -101,8 +101,6 @@ fluentd_input_openstack_services: enabled: "{{ enable_ironic | bool }}" - name: keystone enabled: "{{ enable_keystone | bool }}" - - name: kuryr - enabled: "{{ enable_kuryr | bool }}" - name: magnum enabled: "{{ enable_magnum | bool }}" - name: manila diff --git a/ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2 b/ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2 index d6bb684903..02f9607005 100644 --- a/ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2 +++ b/ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2 @@ -91,16 +91,6 @@ pattern ^(octavia-api|octavia-health-manager|octavia-housekeeping|octavia-worker)$ tag openstack_python - - key programname - pattern ^(zun-api|zun-compute|zun-cni-daemon)$ - tag openstack_python - - - key programname - pattern ^(kuryr-server)$ - tag openstack_python - key programname pattern ^(gnocchi-api|gnocchi-statsd|gnocchi-metricd|gnocchi-upgrade)$ diff --git a/ansible/roles/horizon/defaults/main.yml b/ansible/roles/horizon/defaults/main.yml index de4f6129a3..04cd147611 100644 --- a/ansible/roles/horizon/defaults/main.yml +++ b/ansible/roles/horizon/defaults/main.yml @@ -21,7 +21,6 @@ horizon_services: ENABLE_TACKER: "{{ 'yes' if enable_horizon_tacker | bool else 'no' }}" ENABLE_TROVE: "{{ 'yes' if enable_horizon_trove | bool else 'no' }}" ENABLE_WATCHER: "{{ 'yes' if enable_horizon_watcher | bool else 'no' }}" - ENABLE_ZUN: "{{ 'yes' if enable_horizon_zun | bool else 'no' }}" FORCE_GENERATE: "{{ 'yes' if horizon_dev_mode | bool else 'no' }}" volumes: "{{ horizon_default_volumes + horizon_extra_volumes }}" dimensions: "{{ horizon_dimensions }}" diff --git a/ansible/roles/kuryr/defaults/main.yml b/ansible/roles/kuryr/defaults/main.yml deleted file mode 100644 index 1b90c9d371..0000000000 --- a/ansible/roles/kuryr/defaults/main.yml +++ /dev/null @@ -1,98 +0,0 @@ ---- -libnetwork_project_name: "kuryr-libnetwork" - -# NOTE(huikang, apuimedo): when you request a driver in a docker operation, such -# as docker network create, docker searches /usr/lib/docker or /etc/docker -# subdirs for network/storage plugin specs or json definitions. so it's either -# have ansible place the file there, or volume mount it and let the container -# place the file there - -kuryr_services: - kuryr: - container_name: kuryr - group: compute - enabled: true - image: "{{ kuryr_image_full }}" - privileged: true - cap_add: - - NET_ADMIN - volumes: "{{ kuryr_default_volumes + kuryr_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}" - dimensions: "{{ kuryr_dimensions }}" - healthcheck: "{{ kuryr_healthcheck }}" - -#################### -# Config Validate -#################### -kuryr_config_validation: - - generator: "/kuryr/etc/kuryr-config-generator.conf" - config: "/etc/kuryr/kuryr.conf" - -#################### -# Docker -#################### -kuryr_image: "{{ docker_image_url }}kuryr-libnetwork" -kuryr_tag: "{{ openstack_tag }}" -kuryr_image_full: "{{ kuryr_image }}:{{ kuryr_tag }}" - -kuryr_enable_healthchecks: "{{ enable_container_healthchecks }}" -kuryr_healthcheck_interval: "{{ default_container_healthcheck_interval }}" -kuryr_healthcheck_retries: "{{ default_container_healthcheck_retries }}" -kuryr_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -kuryr_healthcheck_test: ["CMD-SHELL", "healthcheck_listen kuryr-server {{ kuryr_port }}"] -kuryr_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" -kuryr_healthcheck: - interval: "{{ kuryr_healthcheck_interval }}" - retries: "{{ kuryr_healthcheck_retries }}" - start_period: "{{ kuryr_healthcheck_start_period }}" - test: "{% if kuryr_enable_healthchecks | bool %}{{ kuryr_healthcheck_test }}{% else %}NONE{% endif %}" - timeout: "{{ kuryr_healthcheck_timeout }}" - -kuryr_default_volumes: - - "{{ node_config_directory }}/kuryr/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "/lib/modules:/lib/modules:ro" - - "/run:/run{{ ':shared' if kolla_container_engine == 'docker' else '' }}" - - "/usr/lib/docker:/usr/lib/docker" - - "{{ kolla_dev_repos_directory ~ '/kuryr:/dev-mode/kuryr' if kuryr_dev_mode | bool else '' }}" - - "{{ kolla_dev_repos_directory ~ '/kuryr-libnetwork:/dev-mode/kuryr-libnetwork' if kuryr_dev_mode | bool else '' }}" - - "kolla_logs:/var/log/kolla/" - -kuryr_extra_volumes: "{{ default_extra_volumes }}" - -#################### -# OpenStack -#################### -kuryr_logging_debug: "{{ openstack_logging_debug }}" - -kuryr_keystone_user: "kuryr" - -openstack_kuryr_auth: "{{ openstack_auth }}" - -#################### -# Kolla -#################### -kuryr_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" -kuryr_libnetwork_git_repository: "{{ kolla_dev_repos_git }}/{{ libnetwork_project_name }}" -kuryr_dev_repos_pull: "{{ kolla_dev_repos_pull }}" -kuryr_dev_mode: "{{ kolla_dev_mode }}" -kuryr_dimensions: "{{ default_container_dimensions }}" -kuryr_source_version: "{{ kolla_source_version }}" - -#################### -# Keystone -#################### -kuryr_ks_users: - - project: "service" - user: "{{ kuryr_keystone_user }}" - password: "{{ kuryr_keystone_password }}" - role: "admin" - -########### -# Endpoints -########## -kuryr_internal_endpoint: "{{ internal_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ kuryr_port }}" - -################### -# Copy certificates -################### -kuryr_copy_certs: "{{ kolla_copy_ca_into_containers | bool }}" diff --git a/ansible/roles/kuryr/handlers/main.yml b/ansible/roles/kuryr/handlers/main.yml deleted file mode 100644 index aa4cad094e..0000000000 --- a/ansible/roles/kuryr/handlers/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Restart kuryr container - vars: - service_name: "kuryr" - service: "{{ kuryr_services[service_name] }}" - become: true - kolla_container: - action: "recreate_or_restart_container" - common_options: "{{ docker_common_options }}" - name: "{{ service.container_name }}" - image: "{{ service.image }}" - privileged: "{{ service.privileged | default(False) }}" - cap_add: "{{ service.cap_add }}" - volumes: "{{ service.volumes }}" - dimensions: "{{ service.dimensions }}" - healthcheck: "{{ service.healthcheck | default(omit) }}" diff --git a/ansible/roles/kuryr/tasks/check-containers.yml b/ansible/roles/kuryr/tasks/check-containers.yml deleted file mode 100644 index 8de17dc336..0000000000 --- a/ansible/roles/kuryr/tasks/check-containers.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Check kuryr containers - ansible.builtin.import_role: - name: service-check-containers diff --git a/ansible/roles/kuryr/tasks/check.yml b/ansible/roles/kuryr/tasks/check.yml deleted file mode 100644 index bea4512cc0..0000000000 --- a/ansible/roles/kuryr/tasks/check.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Checking Kuryr containers - ansible.builtin.import_role: - role: service-check diff --git a/ansible/roles/kuryr/tasks/clone.yml b/ansible/roles/kuryr/tasks/clone.yml deleted file mode 100644 index 8eaead5d06..0000000000 --- a/ansible/roles/kuryr/tasks/clone.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Cloning kuryr source repository for development - become: true - ansible.builtin.git: - repo: "{{ kuryr_git_repository }}" - dest: "{{ kolla_dev_repos_directory }}/{{ project_name }}" - update: "{{ kuryr_dev_repos_pull }}" - version: "{{ kuryr_source_version }}" - -- name: Cloning kuryr-libnetwork source repository for development - become: true - ansible.builtin.git: - repo: "{{ kuryr_libnetwork_git_repository }}" - dest: "{{ kolla_dev_repos_directory }}/{{ libnetwork_project_name }}" - update: "{{ kuryr_dev_repos_pull }}" - version: "{{ kuryr_source_version }}" diff --git a/ansible/roles/kuryr/tasks/config.yml b/ansible/roles/kuryr/tasks/config.yml deleted file mode 100644 index f1f8ad1909..0000000000 --- a/ansible/roles/kuryr/tasks/config.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- name: Ensuring config directories exist - ansible.builtin.file: - path: "{{ node_config_directory }}/{{ item.key }}" - state: "directory" - owner: "{{ config_owner_user }}" - group: "{{ config_owner_group }}" - mode: "0770" - become: true - with_dict: "{{ kuryr_services | select_services_enabled_and_mapped_to_host }}" - -- name: Check if policies shall be overwritten - ansible.builtin.stat: - path: "{{ item }}" - delegate_to: localhost - run_once: true - register: kuryr_policy - with_first_found: - - files: "{{ supported_policy_format_list }}" - paths: - - "{{ node_custom_config }}/kuryr/" - skip: true - -- name: Set kuryr policy file - ansible.builtin.set_fact: - kuryr_policy_file: "{{ kuryr_policy.results.0.stat.path | basename }}" - kuryr_policy_file_path: "{{ kuryr_policy.results.0.stat.path }}" - when: - - kuryr_policy.results | length > 0 - -- name: Copying over TLS certificates - ansible.builtin.include_tasks: copy-certs.yml - when: - - kuryr_copy_certs | bool - -- name: Copying over config.json files for services - ansible.builtin.template: - src: "{{ item.key }}.json.j2" - dest: "{{ node_config_directory }}/{{ item.key }}/config.json" - mode: "0660" - become: true - with_dict: "{{ kuryr_services | select_services_enabled_and_mapped_to_host }}" - -- name: Copying over kuryr.conf - vars: - service_name: "{{ item.key }}" - merge_configs: - sources: - - "{{ role_path }}/templates/kuryr.conf.j2" - - "{{ node_custom_config }}/global.conf" - - "{{ node_custom_config }}/kuryr.conf" - - "{{ node_custom_config }}/kuryr/{{ item.key }}.conf" - - "{{ node_custom_config }}/kuryr/{{ inventory_hostname }}/{{ item.key }}.conf" - dest: "{{ node_config_directory }}/{{ item.key }}/kuryr.conf" - mode: "0660" - become: true - with_dict: "{{ kuryr_services | select_services_enabled_and_mapped_to_host }}" - -- name: Copying over kuryr.spec - vars: - service: "{{ kuryr_services['kuryr'] }}" - ansible.builtin.template: - src: "kuryr.spec.j2" - dest: "{{ node_config_directory }}/{{ item }}/kuryr.spec" - mode: "0660" - become: true - when: service | service_enabled_and_mapped_to_host - with_items: - - "kuryr" - -- name: Copying over existing policy file - ansible.builtin.template: - src: "{{ kuryr_policy_file_path }}" - dest: "{{ node_config_directory }}/{{ item.key }}/{{ kuryr_policy_file }}" - mode: "0660" - become: true - when: - - kuryr_policy_file is defined - with_dict: "{{ kuryr_services | select_services_enabled_and_mapped_to_host }}" diff --git a/ansible/roles/kuryr/tasks/config_validate.yml b/ansible/roles/kuryr/tasks/config_validate.yml deleted file mode 100644 index 47d6a66219..0000000000 --- a/ansible/roles/kuryr/tasks/config_validate.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Validate kuryr configuration - ansible.builtin.import_role: - name: service-config-validate - vars: - service_config_validate_services: "{{ kuryr_services }}" - service_name: "{{ project_name }}" - service_config_validation: "{{ kuryr_config_validation }}" diff --git a/ansible/roles/kuryr/tasks/copy-certs.yml b/ansible/roles/kuryr/tasks/copy-certs.yml deleted file mode 100644 index 90781daed1..0000000000 --- a/ansible/roles/kuryr/tasks/copy-certs.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "Copy certificates and keys for {{ project_name }}" - ansible.builtin.import_role: - role: service-cert-copy - vars: - project_services: "{{ kuryr_services }}" diff --git a/ansible/roles/kuryr/tasks/deploy-containers.yml b/ansible/roles/kuryr/tasks/deploy-containers.yml deleted file mode 100644 index 764417502b..0000000000 --- a/ansible/roles/kuryr/tasks/deploy-containers.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Check kuryr containers - ansible.builtin.import_tasks: check-containers.yml diff --git a/ansible/roles/kuryr/tasks/deploy.yml b/ansible/roles/kuryr/tasks/deploy.yml deleted file mode 100644 index 6a4dfc7dc0..0000000000 --- a/ansible/roles/kuryr/tasks/deploy.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Register kuryr in Keystone - ansible.builtin.import_tasks: register.yml - -- name: Configure kuryr - ansible.builtin.import_tasks: config.yml - -- name: Check kuryr containers - ansible.builtin.import_tasks: check-containers.yml - -- name: Clone kuryr repository - ansible.builtin.include_tasks: clone.yml - when: - - kuryr_dev_mode | bool - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/ansible/roles/kuryr/tasks/main.yml b/ansible/roles/kuryr/tasks/main.yml deleted file mode 100644 index 594ad5d851..0000000000 --- a/ansible/roles/kuryr/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: "Include tasks for action {{ kolla_action }}" - ansible.builtin.include_tasks: "{{ kolla_action }}.yml" diff --git a/ansible/roles/kuryr/tasks/precheck.yml b/ansible/roles/kuryr/tasks/precheck.yml deleted file mode 100644 index 4741081358..0000000000 --- a/ansible/roles/kuryr/tasks/precheck.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Precheck kuryr configuration - ansible.builtin.import_role: - name: service-precheck - vars: - service_precheck_services: "{{ kuryr_services }}" - service_name: "{{ project_name }}" - -- name: Get container facts - become: true - kolla_container_facts: - action: get_containers - container_engine: "{{ kolla_container_engine }}" - name: - - kuryr - check_mode: false - register: container_facts - -- name: Checking free port for Kuryr - ansible.builtin.wait_for: - host: "{{ api_interface_address }}" - port: "{{ kuryr_port }}" - connect_timeout: 1 - timeout: 1 - state: stopped - when: - - container_facts.containers['kuryr'] is not defined - - inventory_hostname in groups['compute'] diff --git a/ansible/roles/kuryr/tasks/pull.yml b/ansible/roles/kuryr/tasks/pull.yml deleted file mode 100644 index 7b81e14746..0000000000 --- a/ansible/roles/kuryr/tasks/pull.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Pull kuryr images - ansible.builtin.import_role: - role: service-images-pull diff --git a/ansible/roles/kuryr/tasks/reconfigure.yml b/ansible/roles/kuryr/tasks/reconfigure.yml deleted file mode 100644 index 5d261b6686..0000000000 --- a/ansible/roles/kuryr/tasks/reconfigure.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Deploy kuryr - ansible.builtin.import_tasks: deploy.yml diff --git a/ansible/roles/kuryr/tasks/register.yml b/ansible/roles/kuryr/tasks/register.yml deleted file mode 100644 index 483792787e..0000000000 --- a/ansible/roles/kuryr/tasks/register.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Register kuryr service, endpoints, and users in Keystone - ansible.builtin.import_role: - name: service-ks-register - vars: - service_ks_register_auth: "{{ openstack_kuryr_auth }}" - service_ks_register_users: "{{ kuryr_ks_users }}" diff --git a/ansible/roles/kuryr/tasks/stop.yml b/ansible/roles/kuryr/tasks/stop.yml deleted file mode 100644 index 1cd93b148c..0000000000 --- a/ansible/roles/kuryr/tasks/stop.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Stop kuryr containers - ansible.builtin.import_role: - name: service-stop - vars: - project_services: "{{ kuryr_services }}" - service_name: "{{ project_name }}" diff --git a/ansible/roles/kuryr/tasks/upgrade.yml b/ansible/roles/kuryr/tasks/upgrade.yml deleted file mode 100644 index 57b441eb2b..0000000000 --- a/ansible/roles/kuryr/tasks/upgrade.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Configure kuryr - ansible.builtin.import_tasks: config.yml - -- name: Check kuryr containers - ansible.builtin.import_tasks: check-containers.yml - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2 deleted file mode 100644 index 00c8784bbb..0000000000 --- a/ansible/roles/kuryr/templates/kuryr.conf.j2 +++ /dev/null @@ -1,32 +0,0 @@ -[DEFAULT] -kuryr_uri = {{ kuryr_internal_endpoint }} -debug = {{ kuryr_logging_debug }} -log_dir = /var/log/kolla/kuryr - -capability_scope = local -bindir = /var/lib/kolla/venv/libexec/kuryr - -[binding] -default_driver = kuryr.lib.binding.drivers.veth - -[neutron] -auth_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_internal_url }} -auth_type = password -endpoint_type = internal -project_domain_name = {{ default_project_domain_name }} -project_name = service -user_domain_name = {{ default_user_domain_name }} -project_domain_id = {{ default_project_domain_id }} -user_domain_id = {{ default_user_domain_id }} -password = {{ kuryr_keystone_password }} -username = {{ kuryr_keystone_user }} -cafile = {{ openstack_cacert }} - -{% if kuryr_policy_file is defined %} -[oslo_policy] -policy_file = {{ kuryr_policy_file }} -{% endif %} - -[oslo_concurrency] -lock_path = /var/lib/kuryr/tmp diff --git a/ansible/roles/kuryr/templates/kuryr.json.j2 b/ansible/roles/kuryr/templates/kuryr.json.j2 deleted file mode 100644 index 4ba23100ff..0000000000 --- a/ansible/roles/kuryr/templates/kuryr.json.j2 +++ /dev/null @@ -1,36 +0,0 @@ -{ - "command": "kuryr-server --config-file /etc/kuryr/kuryr.conf", - "config_files": [ - { - "source": "{{ container_config_directory }}/kuryr.conf", - "dest": "/etc/kuryr/kuryr.conf", - "owner": "kuryr", - "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/kuryr.spec", - "dest": "/usr/lib/docker/plugins/kuryr/kuryr.spec", - "owner": "root", - "perm": "0600" - }{% if kuryr_policy_file is defined %}, - { - "source": "{{ container_config_directory }}/{{ kuryr_policy_file }}", - "dest": "/etc/kuryr/{{ kuryr_policy_file }}", - "owner": "kuryr", - "perm": "0600" - }{% endif %}{% if kolla_copy_ca_into_containers | bool %}, - { - "source": "{{ container_config_directory }}/ca-certificates", - "dest": "/var/lib/kolla/share/ca-certificates", - "owner": "root", - "perm": "0600" - }{% endif %} - ], - "permissions": [ - { - "path": "/var/log/kolla/kuryr", - "owner": "kuryr:kolla", - "recurse": true - } - ] -} diff --git a/ansible/roles/kuryr/templates/kuryr.spec.j2 b/ansible/roles/kuryr/templates/kuryr.spec.j2 deleted file mode 100644 index 06c8be3d00..0000000000 --- a/ansible/roles/kuryr/templates/kuryr.spec.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ kuryr_internal_endpoint }} diff --git a/ansible/roles/kuryr/vars/main.yml b/ansible/roles/kuryr/vars/main.yml deleted file mode 100644 index dfe30f4a92..0000000000 --- a/ansible/roles/kuryr/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -project_name: "kuryr" diff --git a/ansible/roles/loadbalancer/tasks/precheck.yml b/ansible/roles/loadbalancer/tasks/precheck.yml index 73e3a15661..54ab859031 100644 --- a/ansible/roles/loadbalancer/tasks/precheck.yml +++ b/ansible/roles/loadbalancer/tasks/precheck.yml @@ -717,19 +717,6 @@ - haproxy_stat.find('watcher_api') == -1 - haproxy_vip_prechecks -- name: Checking free port for Zun API HAProxy - ansible.builtin.wait_for: - host: "{{ kolla_internal_vip_address }}" - port: "{{ zun_api_port }}" - connect_timeout: 1 - timeout: 1 - state: stopped - when: - - enable_zun | bool - - inventory_hostname in groups['loadbalancer'] - - haproxy_stat.find('zun_api') == -1 - - haproxy_vip_prechecks - - name: Firewalld checks when: - enable_external_api_firewalld | bool diff --git a/ansible/roles/prometheus/defaults/main.yml b/ansible/roles/prometheus/defaults/main.yml index 1145286c8c..3416f72d9b 100644 --- a/ansible/roles/prometheus/defaults/main.yml +++ b/ansible/roles/prometheus/defaults/main.yml @@ -313,10 +313,6 @@ prometheus_blackbox_exporter_endpoints_default: - "watcher:os_endpoint:{{ watcher_public_endpoint }}" - "{{ ('watcher_internal:os_endpoint:' + watcher_internal_endpoint) if not kolla_same_external_internal_vip | bool }}" enabled: "{{ enable_watcher | bool }}" - - endpoints: - - "zun:os_endpoint:{{ zun_public_base_endpoint }}" - - "{{ ('zun_internal:os_endpoint:' + zun_internal_base_endpoint) if not kolla_same_external_internal_vip | bool }}" - enabled: "{{ enable_zun | bool }}" # Additional service endpoints - endpoints: >- {%- set ns = namespace(etcd_endpoints=[]) -%} diff --git a/ansible/roles/skyline/templates/nginx.conf.j2 b/ansible/roles/skyline/templates/nginx.conf.j2 index 4a647fbe58..221323ed21 100644 --- a/ansible/roles/skyline/templates/nginx.conf.j2 +++ b/ansible/roles/skyline/templates/nginx.conf.j2 @@ -222,18 +222,6 @@ http { } {% endif %} - {% if enable_zun | bool %}# Region: {{ openstack_region_name }}, Service: zun - location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun { - proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/; - proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun/; - proxy_buffering off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header Host $http_host; - } - {% endif %} - {% if enable_magnum | bool %}# Region: {{ openstack_region_name }}, Service: magnum location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum { proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/; diff --git a/ansible/roles/skyline/templates/skyline.yaml.j2 b/ansible/roles/skyline/templates/skyline.yaml.j2 index 9d0ae07410..64c57b329f 100644 --- a/ansible/roles/skyline/templates/skyline.yaml.j2 +++ b/ansible/roles/skyline/templates/skyline.yaml.j2 @@ -44,9 +44,6 @@ openstack: {% if enable_nova | bool %} compute: nova {% endif %} -{% if enable_zun | bool %} - container: zun -{% endif %} {% if enable_magnum | bool %} container-infra: magnum {% endif %} diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml deleted file mode 100644 index 69fce72c29..0000000000 --- a/ansible/roles/zun/defaults/main.yml +++ /dev/null @@ -1,265 +0,0 @@ ---- -zun_services: - zun-api: - container_name: zun_api - group: zun-api - enabled: true - image: "{{ zun_api_image_full }}" - volumes: "{{ zun_api_default_volumes + zun_api_extra_volumes }}" - dimensions: "{{ zun_api_dimensions }}" - healthcheck: "{{ zun_api_healthcheck }}" - wsgi: "zun.wsgi.api:application" - haproxy: - zun_api: - enabled: "{{ enable_zun }}" - mode: "http" - external: false - port: "{{ zun_api_port }}" - listen_port: "{{ zun_api_listen_port }}" - backend_http_extra: - - "option httpchk GET /healthcheck" - - "http-check expect status 200" - zun_api_external: - enabled: "{{ enable_zun }}" - mode: "http" - external: true - external_fqdn: "{{ zun_external_fqdn }}" - port: "{{ zun_api_public_port }}" - listen_port: "{{ zun_api_listen_port }}" - backend_http_extra: - - "option httpchk GET /healthcheck" - - "http-check expect status 200" - zun-wsproxy: - container_name: zun_wsproxy - group: zun-wsproxy - enabled: true - image: "{{ zun_wsproxy_image_full }}" - volumes: "{{ zun_wsproxy_default_volumes + zun_wsproxy_extra_volumes }}" - dimensions: "{{ zun_wsproxy_dimensions }}" - healthcheck: "{{ zun_wsproxy_healthcheck }}" - haproxy: - zun_wsproxy: - enabled: "{{ enable_zun }}" - mode: "http" - external: false - port: "{{ zun_wsproxy_port }}" - zun_wsproxy_external: - enabled: "{{ enable_zun }}" - mode: "http" - external: true - port: "{{ zun_wsproxy_port }}" - zun-compute: - container_name: zun_compute - group: zun-compute - enabled: true - image: "{{ zun_compute_image_full }}" - privileged: true - volumes: "{{ zun_compute_default_volumes + zun_compute_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}" - dimensions: "{{ zun_compute_dimensions }}" - healthcheck: "{{ zun_compute_healthcheck }}" - zun-cni-daemon: - container_name: zun_cni_daemon - group: zun-cni-daemon - enabled: true - image: "{{ zun_cni_daemon_image_full }}" - privileged: true - volumes: "{{ zun_cni_daemon_default_volumes + zun_cni_daemon_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}" - dimensions: "{{ zun_cni_daemon_dimensions }}" - healthcheck: "{{ zun_cni_daemon_healthcheck }}" - -#################### -# Config Validate -#################### -zun_config_validation: - - generator: "/zun/etc/zun/zun-config-generator.conf" - config: "/etc/zun/zun.conf" - -#################### -## Database -#################### -zun_database_name: "zun" -zun_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}zun{% endif %}" -zun_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}" - -#################### -# Database sharding -#################### -zun_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ zun_database_shard_id }}{% else %}{{ database_user }}{% endif %}" -zun_database_shard_id: "{{ mariadb_default_database_shard_id | int }}" -zun_database_shard: - users: - - user: "{{ zun_database_user }}" - password: "{{ zun_database_password }}" - shard_id: "{{ zun_database_shard_id }}" - rules: - - schema: "{{ zun_database_name }}" - shard_id: "{{ zun_database_shard_id }}" - - user: "{{ zun_database_user }}" - shard_id: "{{ zun_database_shard_id }}" - - -#################### -## Docker -#################### -zun_tag: "{{ openstack_tag }}" - -zun_api_image: "{{ docker_image_url }}zun-api" -zun_api_tag: "{{ zun_tag }}" -zun_api_image_full: "{{ zun_api_image }}:{{ zun_api_tag }}" - -zun_wsproxy_image: "{{ docker_image_url }}zun-wsproxy" -zun_wsproxy_tag: "{{ zun_tag }}" -zun_wsproxy_image_full: "{{ zun_wsproxy_image }}:{{ zun_wsproxy_tag }}" - -zun_compute_image: "{{ docker_image_url }}zun-compute" -zun_compute_tag: "{{ zun_tag }}" -zun_compute_image_full: "{{ zun_compute_image }}:{{ zun_compute_tag }}" - -zun_cni_daemon_image: "{{ docker_image_url }}zun-cni-daemon" -zun_cni_daemon_tag: "{{ zun_tag }}" -zun_cni_daemon_image_full: "{{ zun_cni_daemon_image }}:{{ zun_cni_daemon_tag }}" - - -zun_api_dimensions: "{{ default_container_dimensions }}" -zun_wsproxy_dimensions: "{{ default_container_dimensions }}" -zun_compute_dimensions: "{{ default_container_dimensions }}" -zun_cni_daemon_dimensions: "{{ default_container_dimensions }}" - -zun_api_enable_healthchecks: "{{ enable_container_healthchecks }}" -zun_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}" -zun_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}" -zun_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -zun_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ zun_api_port }}/healthcheck"] -zun_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" -zun_api_healthcheck: - interval: "{{ zun_api_healthcheck_interval }}" - retries: "{{ zun_api_healthcheck_retries }}" - start_period: "{{ zun_api_healthcheck_start_period }}" - test: "{% if zun_api_enable_healthchecks | bool %}{{ zun_api_healthcheck_test }}{% else %}NONE{% endif %}" - timeout: "{{ zun_api_healthcheck_timeout }}" - -zun_wsproxy_enable_healthchecks: "{{ enable_container_healthchecks }}" -zun_wsproxy_healthcheck_interval: "{{ default_container_healthcheck_interval }}" -zun_wsproxy_healthcheck_retries: "{{ default_container_healthcheck_retries }}" -zun_wsproxy_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -zun_wsproxy_healthcheck_test: ["CMD-SHELL", "healthcheck_listen zun-wsproxy {{ zun_wsproxy_port }}"] -zun_wsproxy_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" -zun_wsproxy_healthcheck: - interval: "{{ zun_wsproxy_healthcheck_interval }}" - retries: "{{ zun_wsproxy_healthcheck_retries }}" - start_period: "{{ zun_wsproxy_healthcheck_start_period }}" - test: "{% if zun_wsproxy_enable_healthchecks | bool %}{{ zun_wsproxy_healthcheck_test }}{% else %}NONE{% endif %}" - timeout: "{{ zun_wsproxy_healthcheck_timeout }}" - -zun_compute_enable_healthchecks: "{{ enable_container_healthchecks }}" -zun_compute_healthcheck_interval: "{{ default_container_healthcheck_interval }}" -zun_compute_healthcheck_retries: "{{ default_container_healthcheck_retries }}" -zun_compute_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -zun_compute_healthcheck_test: ["CMD-SHELL", "healthcheck_port zun-compute {{ om_rpc_port }}"] -zun_compute_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" -zun_compute_healthcheck: - interval: "{{ zun_compute_healthcheck_interval }}" - retries: "{{ zun_compute_healthcheck_retries }}" - start_period: "{{ zun_compute_healthcheck_start_period }}" - test: "{% if zun_compute_enable_healthchecks | bool %}{{ zun_compute_healthcheck_test }}{% else %}NONE{% endif %}" - timeout: "{{ zun_compute_healthcheck_timeout }}" - -zun_cni_daemon_enable_healthchecks: "{{ enable_container_healthchecks }}" -zun_cni_daemon_healthcheck_interval: "{{ default_container_healthcheck_interval }}" -zun_cni_daemon_healthcheck_retries: "{{ default_container_healthcheck_retries }}" -zun_cni_daemon_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" -zun_cni_daemon_healthcheck_test: ["CMD-SHELL", "healthcheck_listen zun-cni-daemon {{ zun_cni_daemon_port }}"] -zun_cni_daemon_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" -zun_cni_daemon_healthcheck: - interval: "{{ zun_cni_daemon_healthcheck_interval }}" - retries: "{{ zun_cni_daemon_healthcheck_retries }}" - start_period: "{{ zun_cni_daemon_healthcheck_start_period }}" - test: "{% if zun_cni_daemon_enable_healthchecks | bool %}{{ zun_cni_daemon_healthcheck_test }}{% else %}NONE{% endif %}" - timeout: "{{ zun_cni_daemon_healthcheck_timeout }}" - -zun_api_default_volumes: - - "{{ node_config_directory }}/zun-api/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "{{ kolla_dev_repos_directory ~ '/zun:/dev-mode/zun' if zun_dev_mode | bool else '' }}" - - "kolla_logs:/var/log/kolla/" - - "{{ '/dev/shm:/dev/shm' }}" -zun_wsproxy_default_volumes: - - "{{ node_config_directory }}/zun-wsproxy/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "{{ kolla_dev_repos_directory ~ '/zun:/dev-mode/zun' if zun_dev_mode | bool else '' }}" - - "kolla_logs:/var/log/kolla/" - - "{{ '/dev/shm:/dev/shm' }}" -zun_compute_default_volumes: - - "{{ node_config_directory }}/zun-compute/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "kolla_logs:/var/log/kolla/" - - "{{ kolla_dev_repos_directory ~ '/zun:/dev-mode/zun' if zun_dev_mode | bool else '' }}" - - "/run:/run{{ ':shared' if kolla_container_engine == 'docker' else '' }}" - - "/usr/lib/docker:/usr/lib/docker" - - "/var/lib/docker:/var/lib/docker" - - "/lib/modules:/lib/modules:ro" - - "/dev:/dev" - - "{% if enable_iscsid | bool %}iscsi_info:/etc/iscsi{% endif %}" - - "{% if zun_configure_for_cinder_ceph | bool %}/var/lib/zun:/var/lib/zun:shared{% endif %}" -zun_cni_daemon_default_volumes: - - "{{ node_config_directory }}/zun-cni-daemon/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "kolla_logs:/var/log/kolla/" - - "{{ '/dev/shm:/dev/shm' }}" - - "{{ kolla_dev_repos_directory ~ '/zun:/dev-mode/zun' if zun_dev_mode | bool else '' }}" - - "/run:/run{{ ':shared' if kolla_container_engine == 'docker' else '' }}" - -zun_extra_volumes: "{{ default_extra_volumes }}" -zun_api_extra_volumes: "{{ zun_extra_volumes }}" -zun_wsproxy_extra_volumes: "{{ zun_extra_volumes }}" -zun_compute_extra_volumes: "{{ zun_extra_volumes }}" -zun_cni_daemon_extra_volumes: "{{ zun_extra_volumes }}" - -#################### -## OpenStack -#################### -zun_internal_endpoint: "{{ zun_internal_base_endpoint }}/v1/" -zun_public_endpoint: "{{ zun_public_base_endpoint }}/v1/" - -zun_logging_debug: "{{ openstack_logging_debug }}" - -zun_keystone_user: "zun" - -openstack_zun_auth: "{{ openstack_auth }}" - -zun_api_workers: "{{ openstack_service_workers }}" - -#################### -# Kolla -#################### -zun_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" -zun_dev_repos_pull: "{{ kolla_dev_repos_pull }}" -zun_dev_mode: "{{ kolla_dev_mode }}" -zun_source_version: "{{ kolla_source_version }}" - -#################### -# Keystone -#################### -zun_ks_services: - - name: "zun" - type: "container" - description: "Container Service" - endpoints: - - {'interface': 'internal', 'url': '{{ zun_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ zun_public_endpoint }}'} - -zun_ks_users: - - project: "service" - user: "{{ zun_keystone_user }}" - password: "{{ zun_keystone_password }}" - role: "admin" - -zun_ceph_cluster: "ceph" - -# Database -zun_database_enable_tls_internal: "{{ database_enable_tls_internal | bool }}" - -################### -# Copy certificates -################### -zun_copy_certs: "{{ kolla_copy_ca_into_containers | bool or zun_database_enable_tls_internal | bool }}" diff --git a/ansible/roles/zun/handlers/main.yml b/ansible/roles/zun/handlers/main.yml deleted file mode 100644 index 9185a70cb7..0000000000 --- a/ansible/roles/zun/handlers/main.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -- name: Restart zun-api container - vars: - service_name: "zun-api" - service: "{{ zun_services[service_name] }}" - become: true - kolla_container: - action: "recreate_or_restart_container" - common_options: "{{ docker_common_options }}" - name: "{{ service.container_name }}" - image: "{{ service.image }}" - privileged: "{{ service.privileged | default(False) }}" - volumes: "{{ service.volumes | reject('equalto', '') | list }}" - dimensions: "{{ service.dimensions }}" - healthcheck: "{{ service.healthcheck | default(omit) }}" - -- name: Restart zun-wsproxy container - vars: - service_name: "zun-wsproxy" - service: "{{ zun_services[service_name] }}" - become: true - kolla_container: - action: "recreate_or_restart_container" - common_options: "{{ docker_common_options }}" - name: "{{ service.container_name }}" - image: "{{ service.image }}" - privileged: "{{ service.privileged | default(False) }}" - volumes: "{{ service.volumes | reject('equalto', '') | list }}" - dimensions: "{{ service.dimensions }}" - healthcheck: "{{ service.healthcheck | default(omit) }}" - -- name: Restart zun-compute container - vars: - service_name: "zun-compute" - service: "{{ zun_services[service_name] }}" - become: true - kolla_container: - action: "recreate_or_restart_container" - common_options: "{{ docker_common_options }}" - name: "{{ service.container_name }}" - image: "{{ service.image }}" - privileged: "{{ service.privileged | default(False) }}" - volumes: "{{ service.volumes | reject('equalto', '') | list }}" - dimensions: "{{ service.dimensions }}" - healthcheck: "{{ service.healthcheck | default(omit) }}" - -- name: Restart zun-cni-daemon container - vars: - service_name: "zun-cni-daemon" - service: "{{ zun_services[service_name] }}" - become: true - kolla_container: - action: "recreate_or_restart_container" - common_options: "{{ docker_common_options }}" - name: "{{ service.container_name }}" - image: "{{ service.image }}" - privileged: "{{ service.privileged | default(False) }}" - volumes: "{{ service.volumes | reject('equalto', '') | list }}" - dimensions: "{{ service.dimensions }}" - healthcheck: "{{ service.healthcheck | default(omit) }}" - -- name: Copy loopback binary from zun-cni-daemon container to host - vars: - service_name: "zun-cni-daemon" - service: "{{ zun_services[service_name] }}" - become: true - changed_when: true - ansible.builtin.command: "{{ kolla_container_engine }} cp {{ service.container_name }}:/opt/loopback /opt/cni/bin/" - # NOTE(yoctozepto): it would be cleaner to listen only on image change - # but there is no such mechanism (yet) - listen: - - Restart zun-cni-daemon container diff --git a/ansible/roles/zun/tasks/bootstrap.yml b/ansible/roles/zun/tasks/bootstrap.yml deleted file mode 100644 index dca9cd4890..0000000000 --- a/ansible/roles/zun/tasks/bootstrap.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Creating Zun database - become: true - kolla_toolbox: - container_engine: "{{ kolla_container_engine }}" - module_name: mysql_db - module_args: - ca_cert: "{{ openstack_cacert if database_enable_tls_internal | bool else omit }}" - login_host: "{{ database_address }}" - login_port: "{{ database_port }}" - login_user: "{{ zun_database_shard_root_user }}" - login_password: "{{ database_password }}" - name: "{{ zun_database_name }}" - run_once: true - delegate_to: "{{ groups['zun-api'][0] }}" - when: - - not use_preconfigured_databases | bool - -- name: Creating Zun database user and setting permissions - become: true - kolla_toolbox: - container_engine: "{{ kolla_container_engine }}" - module_name: mysql_user - module_args: - ca_cert: "{{ openstack_cacert if database_enable_tls_internal | bool else omit }}" - login_host: "{{ database_address }}" - login_port: "{{ database_port }}" - login_user: "{{ zun_database_shard_root_user }}" - login_password: "{{ database_password }}" - name: "{{ zun_database_user }}" - password: "{{ zun_database_password }}" - host: "%" - priv: "{{ zun_database_name }}.*:ALL" - append_privs: "yes" - run_once: true - delegate_to: "{{ groups['zun-api'][0] }}" - when: - - not use_preconfigured_databases | bool - -- name: Run zun bootstrap container - ansible.builtin.import_tasks: bootstrap_service.yml diff --git a/ansible/roles/zun/tasks/bootstrap_service.yml b/ansible/roles/zun/tasks/bootstrap_service.yml deleted file mode 100644 index b68dc002a4..0000000000 --- a/ansible/roles/zun/tasks/bootstrap_service.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Running Zun bootstrap container - vars: - zun_api: "{{ zun_services['zun-api'] }}" - become: true - kolla_container: - action: "start_container" - common_options: "{{ docker_common_options }}" - detach: false - environment: - KOLLA_BOOTSTRAP: - KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" - image: "{{ zun_api.image }}" - labels: - BOOTSTRAP: - name: "bootstrap_zun" - restart_policy: oneshot - volumes: "{{ zun_api.volumes | reject('equalto', '') | list }}" - run_once: true - delegate_to: "{{ groups[zun_api.group][0] }}" diff --git a/ansible/roles/zun/tasks/check-containers.yml b/ansible/roles/zun/tasks/check-containers.yml deleted file mode 100644 index 59ab0b4914..0000000000 --- a/ansible/roles/zun/tasks/check-containers.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Check zun containers - ansible.builtin.import_role: - name: service-check-containers diff --git a/ansible/roles/zun/tasks/check.yml b/ansible/roles/zun/tasks/check.yml deleted file mode 100644 index b2bde3bf90..0000000000 --- a/ansible/roles/zun/tasks/check.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Checking Zun containers - ansible.builtin.import_role: - role: service-check diff --git a/ansible/roles/zun/tasks/clone.yml b/ansible/roles/zun/tasks/clone.yml deleted file mode 100644 index 629f06e7e7..0000000000 --- a/ansible/roles/zun/tasks/clone.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Cloning zun source repository for development - become: true - ansible.builtin.git: - repo: "{{ zun_git_repository }}" - dest: "{{ kolla_dev_repos_directory }}/{{ project_name }}" - update: "{{ zun_dev_repos_pull }}" - version: "{{ zun_source_version }}" diff --git a/ansible/roles/zun/tasks/config.yml b/ansible/roles/zun/tasks/config.yml deleted file mode 100644 index 1f50148125..0000000000 --- a/ansible/roles/zun/tasks/config.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- name: Ensuring config directories exist - ansible.builtin.file: - path: "{{ node_config_directory }}/{{ item.key }}" - state: "directory" - owner: "{{ config_owner_user }}" - group: "{{ config_owner_group }}" - mode: "0770" - become: true - with_dict: "{{ zun_services | select_services_enabled_and_mapped_to_host }}" - -- name: Include tasks from external_ceph.yml - ansible.builtin.include_tasks: external_ceph.yml - when: - - zun_configure_for_cinder_ceph | bool - - inventory_hostname in groups['zun-compute'] - -- name: Check if policies shall be overwritten - ansible.builtin.stat: - path: "{{ item }}" - run_once: true - delegate_to: localhost - register: zun_policy - with_first_found: - - files: "{{ supported_policy_format_list }}" - paths: - - "{{ node_custom_config }}/zun/" - skip: true - -- name: Set zun policy file - ansible.builtin.set_fact: - zun_policy_file: "{{ zun_policy.results.0.stat.path | basename }}" - zun_policy_file_path: "{{ zun_policy.results.0.stat.path }}" - when: - - zun_policy.results | length > 0 - -- name: Copying over TLS certificates - ansible.builtin.include_tasks: copy-certs.yml - when: - - zun_copy_certs | bool - -- name: Copying over config.json files for services - ansible.builtin.template: - src: "{{ item.key }}.json.j2" - dest: "{{ node_config_directory }}/{{ item.key }}/config.json" - mode: "0660" - become: true - with_dict: "{{ zun_services | select_services_enabled_and_mapped_to_host }}" - -- name: Copying over zun.conf - vars: - service_name: "{{ item.key }}" - merge_configs: - sources: - - "{{ role_path }}/templates/zun.conf.j2" - - "{{ node_custom_config }}/global.conf" - - "{{ node_custom_config }}/zun.conf" - - "{{ node_custom_config }}/zun/{{ item.key }}.conf" - - "{{ node_custom_config }}/zun/{{ inventory_hostname }}/zun.conf" - dest: "{{ node_config_directory }}/{{ item.key }}/zun.conf" - mode: "0660" - become: true - with_dict: "{{ zun_services | select_services_enabled_and_mapped_to_host }}" - -- name: "Configure uWSGI for zun-api" - ansible.builtin.include_role: - name: service-uwsgi-config - vars: - project_services: "{{ zun_services }}" - service: "{{ zun_services['zun-api'] }}" - service_name: "zun-api" - service_uwsgi_config_http_port: "{{ zun_api_listen_port }}" - service_uwsgi_config_log_file_chmod: "644" - service_uwsgi_config_module: "{{ service.wsgi }}" - service_uwsgi_config_uid: "zun" - service_uwsgi_config_workers: "{{ zun_api_workers }}" - when: - - service | service_enabled_and_mapped_to_host - -- name: Copying over existing policy file - ansible.builtin.template: - src: "{{ zun_policy_file_path }}" - dest: "{{ node_config_directory }}/{{ item.key }}/{{ zun_policy_file }}" - mode: "0660" - become: true - when: - - zun_policy_file is defined - with_dict: "{{ zun_services | select_services_enabled_and_mapped_to_host }}" diff --git a/ansible/roles/zun/tasks/config_validate.yml b/ansible/roles/zun/tasks/config_validate.yml deleted file mode 100644 index e9352fb368..0000000000 --- a/ansible/roles/zun/tasks/config_validate.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Validate zun configuration - ansible.builtin.import_role: - name: service-config-validate - vars: - service_config_validate_services: "{{ zun_services }}" - service_name: "{{ project_name }}" - service_config_validation: "{{ zun_config_validation }}" diff --git a/ansible/roles/zun/tasks/copy-certs.yml b/ansible/roles/zun/tasks/copy-certs.yml deleted file mode 100644 index 080eb08c41..0000000000 --- a/ansible/roles/zun/tasks/copy-certs.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "Copy certificates and keys for {{ project_name }}" - ansible.builtin.import_role: - role: service-cert-copy - vars: - project_services: "{{ zun_services }}" diff --git a/ansible/roles/zun/tasks/deploy-containers.yml b/ansible/roles/zun/tasks/deploy-containers.yml deleted file mode 100644 index 628fb97301..0000000000 --- a/ansible/roles/zun/tasks/deploy-containers.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Check zun containers - ansible.builtin.import_tasks: check-containers.yml diff --git a/ansible/roles/zun/tasks/deploy.yml b/ansible/roles/zun/tasks/deploy.yml deleted file mode 100644 index 06db29b410..0000000000 --- a/ansible/roles/zun/tasks/deploy.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Register zun in Keystone - ansible.builtin.import_tasks: register.yml - -- name: Configure zun - ansible.builtin.import_tasks: config.yml - -- name: Check zun containers - ansible.builtin.import_tasks: check-containers.yml - -- name: Clone zun repository - ansible.builtin.include_tasks: clone.yml - when: zun_dev_mode | bool - -- name: Bootstrap zun service - ansible.builtin.import_tasks: bootstrap.yml - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/ansible/roles/zun/tasks/external_ceph.yml b/ansible/roles/zun/tasks/external_ceph.yml deleted file mode 100644 index ec0c205437..0000000000 --- a/ansible/roles/zun/tasks/external_ceph.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Copying over ceph.conf for Zun - ansible.builtin.copy: - src: "{{ node_custom_config }}/zun/zun-compute/{{ ceph_cluster }}.conf" - dest: "{{ node_config_directory }}/zun-compute/" - mode: "0660" - become: true - -- name: Copy over Ceph keyring files for zun-compute - ansible.builtin.copy: - src: "{{ node_custom_config }}/zun/zun-compute/{{ ceph_cluster }}.client.{{ ceph_cinder_user }}.keyring" - dest: "{{ node_config_directory }}/zun-compute/" - mode: "0660" - become: true - when: external_ceph_cephx_enabled | bool - -- name: Ensuring config directory has correct owner and permission - become: true - ansible.builtin.file: - path: "{{ node_config_directory }}/zun-compute" - recurse: true - owner: "{{ config_owner_user }}" - group: "{{ config_owner_group }}" diff --git a/ansible/roles/zun/tasks/loadbalancer.yml b/ansible/roles/zun/tasks/loadbalancer.yml deleted file mode 100644 index 1f46646e0e..0000000000 --- a/ansible/roles/zun/tasks/loadbalancer.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: "Configure loadbalancer for {{ project_name }}" - ansible.builtin.import_role: - name: loadbalancer-config - vars: - project_services: "{{ zun_services }}" - tags: always diff --git a/ansible/roles/zun/tasks/main.yml b/ansible/roles/zun/tasks/main.yml deleted file mode 100644 index 594ad5d851..0000000000 --- a/ansible/roles/zun/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: "Include tasks for action {{ kolla_action }}" - ansible.builtin.include_tasks: "{{ kolla_action }}.yml" diff --git a/ansible/roles/zun/tasks/precheck.yml b/ansible/roles/zun/tasks/precheck.yml deleted file mode 100644 index 7227fb0566..0000000000 --- a/ansible/roles/zun/tasks/precheck.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- name: Precheck zun configuration - ansible.builtin.import_role: - name: service-precheck - vars: - service_precheck_services: "{{ zun_services }}" - service_name: "{{ project_name }}" - -- name: Get container facts - become: true - kolla_container_facts: - action: get_containers - container_engine: "{{ kolla_container_engine }}" - name: - - zun_api - - zun_wsproxy - - zun_cni_daemon - check_mode: false - register: container_facts - -- name: Checking free port for Zun API - ansible.builtin.wait_for: - host: "{{ api_interface_address }}" - port: "{{ zun_api_port }}" - connect_timeout: 1 - timeout: 1 - state: stopped - when: - - container_facts.containers['zun_api'] is not defined - - inventory_hostname in groups['zun-api'] - -- name: Checking free port for Zun WSproxy - ansible.builtin.wait_for: - host: "{{ api_interface_address }}" - port: "{{ zun_wsproxy_port }}" - connect_timeout: 1 - timeout: 1 - state: stopped - when: - - container_facts.containers['zun_wsproxy'] is not defined - - inventory_hostname in groups['zun-wsproxy'] - -- name: Checking free port for zun-cni-daemon - ansible.builtin.wait_for: - host: "{{ api_interface_address }}" - port: "{{ zun_cni_daemon_port }}" - connect_timeout: 1 - timeout: 1 - state: stopped - when: - - container_facts.containers['zun_cni_daemon'] is not defined - - inventory_hostname in groups['zun-cni-daemon'] - -- name: Ensure kuryr enabled for zun - ansible.builtin.assert: - that: enable_kuryr | bool - fail_msg: "kuryr is required but not enabled" - run_once: true - when: - - enable_zun | bool diff --git a/ansible/roles/zun/tasks/pull.yml b/ansible/roles/zun/tasks/pull.yml deleted file mode 100644 index 9ce4db5dc5..0000000000 --- a/ansible/roles/zun/tasks/pull.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Pull zun images - ansible.builtin.import_role: - role: service-images-pull diff --git a/ansible/roles/zun/tasks/reconfigure.yml b/ansible/roles/zun/tasks/reconfigure.yml deleted file mode 100644 index c324f9ff67..0000000000 --- a/ansible/roles/zun/tasks/reconfigure.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: Deploy zun - ansible.builtin.import_tasks: deploy.yml diff --git a/ansible/roles/zun/tasks/register.yml b/ansible/roles/zun/tasks/register.yml deleted file mode 100644 index 8be6a98bf3..0000000000 --- a/ansible/roles/zun/tasks/register.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Register zun service, endpoints, and users in Keystone - ansible.builtin.import_role: - name: service-ks-register - vars: - service_ks_register_auth: "{{ openstack_zun_auth }}" - service_ks_register_services: "{{ zun_ks_services }}" - service_ks_register_users: "{{ zun_ks_users }}" diff --git a/ansible/roles/zun/tasks/stop.yml b/ansible/roles/zun/tasks/stop.yml deleted file mode 100644 index cd749cc0f8..0000000000 --- a/ansible/roles/zun/tasks/stop.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Stop zun containers - ansible.builtin.import_role: - name: service-stop - vars: - project_services: "{{ zun_services }}" - service_name: "{{ project_name }}" diff --git a/ansible/roles/zun/tasks/upgrade.yml b/ansible/roles/zun/tasks/upgrade.yml deleted file mode 100644 index afb48e1c3d..0000000000 --- a/ansible/roles/zun/tasks/upgrade.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Configure zun - ansible.builtin.import_tasks: config.yml - -- name: Check zun containers - ansible.builtin.import_tasks: check-containers.yml - -- name: Run zun bootstrap container - ansible.builtin.import_tasks: bootstrap_service.yml - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/ansible/roles/zun/templates/zun-api.json.j2 b/ansible/roles/zun/templates/zun-api.json.j2 deleted file mode 100644 index 27198a32b0..0000000000 --- a/ansible/roles/zun/templates/zun-api.json.j2 +++ /dev/null @@ -1,36 +0,0 @@ -{ - "command": "uwsgi /etc/zun/zun-api-uwsgi.ini", - "config_files": [ - { - "source": "{{ container_config_directory }}/zun.conf", - "dest": "/etc/zun/zun.conf", - "owner": "zun", - "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/zun-api-uwsgi.ini", - "dest": "/etc/zun/zun-api-uwsgi.ini", - "owner": "zun", - "perm": "0600" - }{% if zun_policy_file is defined %}, - { - "source": "{{ container_config_directory }}/{{ zun_policy_file }}", - "dest": "/etc/zun/{{ zun_policy_file }}", - "owner": "zun", - "perm": "0600" - }{% endif %}{% if kolla_copy_ca_into_containers | bool %}, - { - "source": "{{ container_config_directory }}/ca-certificates", - "dest": "/var/lib/kolla/share/ca-certificates", - "owner": "root", - "perm": "0600" - }{% endif %} - ], - "permissions": [ - { - "path": "/var/log/kolla/zun", - "owner": "zun:kolla", - "recurse": true - } - ] -} diff --git a/ansible/roles/zun/templates/zun-cni-daemon.json.j2 b/ansible/roles/zun/templates/zun-cni-daemon.json.j2 deleted file mode 100644 index 3e165e06ba..0000000000 --- a/ansible/roles/zun/templates/zun-cni-daemon.json.j2 +++ /dev/null @@ -1,29 +0,0 @@ -{ - "command": "zun-cni-daemon --config-file /etc/zun/zun.conf", - "config_files": [ - { - "source": "{{ container_config_directory }}/zun.conf", - "dest": "/etc/zun/zun.conf", - "owner": "zun", - "perm": "0600" - }{% if kolla_copy_ca_into_containers | bool %}, - { - "source": "{{ container_config_directory }}/ca-certificates", - "dest": "/var/lib/kolla/share/ca-certificates", - "owner": "root", - "perm": "0600" - }{% endif %} - ], - "permissions": [ - { - "path": "/var/log/kolla/zun", - "owner": "zun:kolla", - "recurse": true - }, - { - "path": "/opt/cni/", - "owner": "zun:kolla", - "recurse": true - } - ] -} diff --git a/ansible/roles/zun/templates/zun-compute.json.j2 b/ansible/roles/zun/templates/zun-compute.json.j2 deleted file mode 100644 index c9f9a7ccdf..0000000000 --- a/ansible/roles/zun/templates/zun-compute.json.j2 +++ /dev/null @@ -1,48 +0,0 @@ -{ - "command": "zun-compute --config-file /etc/zun/zun.conf", - "config_files": [ - { - "source": "{{ container_config_directory }}/zun.conf", - "dest": "/etc/zun/zun.conf", - "owner": "zun", - "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/{{ ceph_cluster }}.client.{{ ceph_cinder_user }}.keyring", - "dest": "/etc/ceph/{{ ceph_cluster }}.client.{{ ceph_cinder_user }}.keyring", - "owner": "zun", - "perm": "0600", - "optional": {{ (not zun_configure_for_cinder_ceph | bool) | string | lower }} - }, - { - "source": "{{ container_config_directory }}/{{ ceph_cluster }}.conf", - "dest": "/etc/ceph/{{ ceph_cluster }}.conf", - "owner": "zun", - "perm": "0600", - "optional": {{ (not zun_configure_for_cinder_ceph | bool) | string | lower }} - }{% if zun_policy_file is defined %}, - { - "source": "{{ container_config_directory }}/{{ zun_policy_file }}", - "dest": "/etc/zun/{{ zun_policy_file }}", - "owner": "zun", - "perm": "0600" - }{% endif %}{% if kolla_copy_ca_into_containers | bool %}, - { - "source": "{{ container_config_directory }}/ca-certificates", - "dest": "/var/lib/kolla/share/ca-certificates", - "owner": "root", - "perm": "0600" - }{% endif %} - ], - "permissions": [ - { - "path": "/var/log/kolla/zun", - "owner": "zun:kolla", - "recurse": true - }{% if zun_configure_for_cinder_ceph | bool %}, - { - "path": "/var/lib/zun", - "owner": "zun:kolla" - }{% endif %} - ] -} diff --git a/ansible/roles/zun/templates/zun-wsproxy.json.j2 b/ansible/roles/zun/templates/zun-wsproxy.json.j2 deleted file mode 100644 index 89dd398b60..0000000000 --- a/ansible/roles/zun/templates/zun-wsproxy.json.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{ - "command": "zun-wsproxy --config-file /etc/zun/zun.conf", - "config_files": [ - { - "source": "{{ container_config_directory }}/zun.conf", - "dest": "/etc/zun/zun.conf", - "owner": "zun", - "perm": "0600" - }{% if zun_policy_file is defined %}, - { - "source": "{{ container_config_directory }}/{{ zun_policy_file }}", - "dest": "/etc/zun/{{ zun_policy_file }}", - "owner": "zun", - "perm": "0600" - }{% endif %}{% if kolla_copy_ca_into_containers | bool %}, - { - "source": "{{ container_config_directory }}/ca-certificates", - "dest": "/var/lib/kolla/share/ca-certificates", - "owner": "root", - "perm": "0600" - }{% endif %} - ], - "permissions": [ - { - "path": "/var/log/kolla/zun", - "owner": "zun:kolla", - "recurse": true - } - ] -} diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2 deleted file mode 100644 index 2322dac7ab..0000000000 --- a/ansible/roles/zun/templates/zun.conf.j2 +++ /dev/null @@ -1,144 +0,0 @@ -[DEFAULT] -debug = {{ zun_logging_debug }} - -{% if service_name == 'zun-api' %} -# Force zun-api.log or will use app.wsgi -log_file = /var/log/kolla/zun/zun-api.log -{% endif %} - -log_dir = /var/log/kolla/zun -transport_url = {{ rpc_transport_url }} - -state_path = /var/lib/zun -container_driver = docker -capsule_driver = cri - -sandbox_image = k8s.gcr.io/pause:3.6 - -[network] -driver = kuryr - -[database] -connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }}{{ '?ssl_ca=' ~ openstack_cacert if zun_database_enable_tls_internal | bool }} -connection_recycle_time = {{ database_connection_recycle_time }} -max_pool_size = {{ database_max_pool_size }} -max_retries = -1 - -# NOTE(yoctozepto): despite what the docs say, both keystone_auth and -# keystone_authtoken sections are used and Zun internals may use either - -# - best keep them both in sync -[keystone_auth] -www_authenticate_uri = {{ keystone_public_url }} -auth_url = {{ keystone_internal_url }} -auth_type = password -project_domain_id = {{ default_project_domain_id }} -user_domain_id = {{ default_user_domain_id }} -project_name = service -username = {{ zun_keystone_user }} -password = {{ zun_keystone_password }} -service_token_roles_required = true -region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert }} - -{% if enable_memcached | bool %} -memcache_security_strategy = {{ memcache_security_strategy }} -memcache_secret_key = {{ memcache_secret_key }} -memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} -{% endif %} - -# NOTE(yoctozepto): despite what the docs say, both keystone_auth and -# keystone_authtoken sections are used and Zun internals may use either - -# - best keep them both in sync -[keystone_authtoken] -service_type = container -www_authenticate_uri = {{ keystone_public_url }} -auth_url = {{ keystone_internal_url }} -auth_type = password -project_domain_id = {{ default_project_domain_id }} -user_domain_id = {{ default_user_domain_id }} -project_name = service -username = {{ zun_keystone_user }} -password = {{ zun_keystone_password }} -service_token_roles_required = true -region_name = {{ openstack_region_name }} -cafile = {{ openstack_cacert }} - -{% if enable_memcached | bool %} -memcache_security_strategy = {{ memcache_security_strategy }} -memcache_secret_key = {{ memcache_secret_key }} -memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} -{% endif %} - -[zun_client] -region_name = {{ openstack_region_name }} -endpoint_type = internalURL -ca_file = {{ openstack_cacert }} - -[glance_client] -region_name = {{ openstack_region_name }} -endpoint_type = internalURL -ca_file = {{ openstack_cacert }} - -[neutron_client] -region_name = {{ openstack_region_name }} -endpoint_type = internalURL -ca_file = {{ openstack_cacert }} - -[cinder_client] -region_name = {{ openstack_region_name }} -endpoint_type = internalURL -ca_file = {{ openstack_cacert }} - -[placement_client] -region_name = {{ openstack_region_name }} -endpoint_type = internalURL -ca_file = {{ openstack_cacert }} - -{% if enable_osprofiler | bool %} -[profiler] -enabled = true -trace_sqlalchemy = true -hmac_keys = {{ osprofiler_secret }} -connection_string = {{ osprofiler_backend_connection_string }} -{% endif %} - -[oslo_concurrency] -lock_path = /var/lib/zun/tmp - -{% if zun_policy_file is defined %} -[oslo_policy] -policy_file = {{ zun_policy_file }} -{% endif %} - -[compute] -host_shared_with_nova = {{ inventory_hostname in groups['compute'] and enable_nova | bool and not enable_nova_fake | bool }} - -[websocket_proxy] -wsproxy_host = {{ api_interface_address }} -wsproxy_port = {{ zun_wsproxy_port }} -base_url = {{ zun_wsproxy_protocol }}://{{ zun_external_fqdn | put_address_in_context('url') }}:{{ zun_wsproxy_port }} - -[docker] -api_url = tcp://{{ api_interface_address | put_address_in_context('url') }}:2375 -docker_remote_api_host = {{ api_interface_address }} -docker_remote_api_port = 2375 - -[cni_daemon] -cni_daemon_port = {{ zun_cni_daemon_port }} - -[oslo_messaging_rabbit] -use_queue_manager = true -{% if service_name == 'zun-api' %} -processname = {{ service_name }} -{% endif %} -heartbeat_in_pthread = {{ service_name == 'zun-api' }} -{% if om_enable_rabbitmq_tls | bool %} -ssl = true -ssl_ca_file = {{ om_rabbitmq_cacert }} -{% endif %} -rabbit_quorum_queue = true -{% if om_enable_rabbitmq_stream_fanout | bool %} -rabbit_stream_fanout = true -rabbit_qos_prefetch_count = {{ om_rabbitmq_qos_prefetch_count }} -{% endif %} -rabbit_transient_quorum_queue = true diff --git a/ansible/roles/zun/vars/main.yml b/ansible/roles/zun/vars/main.yml deleted file mode 100644 index 6be04f59f8..0000000000 --- a/ansible/roles/zun/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -project_name: "zun" diff --git a/ansible/site.yml b/ansible/site.yml index 911596dc1c..baf4754fac 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -44,7 +44,6 @@ - enable_ironic_{{ enable_ironic | bool }} - enable_iscsid_{{ enable_iscsid | bool }} - enable_keystone_{{ enable_keystone | bool }} - - enable_kuryr_{{ enable_kuryr | bool }} - enable_letsencrypt_{{ enable_letsencrypt | bool }} - enable_loadbalancer_{{ enable_loadbalancer | bool }} - enable_magnum_{{ enable_magnum | bool }} @@ -69,7 +68,6 @@ - enable_tacker_{{ enable_tacker | bool }} - enable_trove_{{ enable_trove | bool }} - enable_watcher_{{ enable_watcher | bool }} - - enable_zun_{{ enable_zun | bool }} tags: always - name: Apply role prechecks @@ -379,12 +377,6 @@ tasks_from: loadbalancer tags: watcher when: enable_watcher | bool - - name: Configure loadbalancer for zun - ansible.builtin.include_role: - name: zun - tasks_from: loadbalancer - tags: zun - when: enable_zun | bool # NOTE(r-krcek): This last step will notify handlers if any # changes to the configuration have been made. - name: Check loadbalancer containers @@ -713,19 +705,6 @@ roles: - { role: neutron, tags: neutron } -- name: Apply role kuryr - gather_facts: false - hosts: - - compute - - "&enable_kuryr_True" - serial: '{{ kolla_serial|default("0") }}' - max_fail_percentage: >- - {{ kuryr_max_fail_percentage | - default(kolla_max_fail_percentage) | - default(100) }} - roles: - - { role: kuryr, tags: kuryr } - - name: Apply role hacluster gather_facts: false hosts: @@ -997,22 +976,6 @@ roles: - { role: octavia, tags: octavia } -- name: Apply role zun - gather_facts: false - hosts: - - zun-api - - zun-wsproxy - - zun-compute - - zun-cni-daemon - - "&enable_zun_True" - serial: '{{ kolla_serial|default("0") }}' - max_fail_percentage: >- - {{ zun_max_fail_percentage | - default(kolla_max_fail_percentage) | - default(100) }} - roles: - - { role: zun, tags: zun } - - name: Apply role blazar gather_facts: false hosts: diff --git a/doc/source/contributor/ci-matrix.csv b/doc/source/contributor/ci-matrix.csv index c49b728680..c9ba67f009 100644 --- a/doc/source/contributor/ci-matrix.csv +++ b/doc/source/contributor/ci-matrix.csv @@ -21,4 +21,3 @@ OVN;–;✅;✅;✅;✅;–;✅;✅;–;✅;–;–;Neutron ML2/OVN + OVN Octavi Prometheus + OpenSearch;–;–;–;✅;–;✅;✅;–;–;–;–;–;Fluentd, OpenSearch, Grafana, Prometheus, RabbitMQ/DB core. Skyline;❌;–;✅;–;–;✅;–;–;–;–;–;–;"Skyline dashboard; currently disabled (SSO issues)." Telemetry;–;–;✅;–;–;✅;–;–;–;–;✅;✅;Aodh, Ceilometer, Gnocchi. -Zun;–;✅;✅;–;✅;✅;✅;✅;–;–;–;–;"Zun + Kuryr + Cinder LVM; etcd; dashboard." diff --git a/doc/source/reference/compute/index.rst b/doc/source/reference/compute/index.rst index d155ffa694..b13bd2ec93 100644 --- a/doc/source/reference/compute/index.rst +++ b/doc/source/reference/compute/index.rst @@ -13,4 +13,3 @@ compute services. nova-cells-guide nova-fake-driver nova-guide - zun-guide diff --git a/doc/source/reference/compute/zun-guide.rst b/doc/source/reference/compute/zun-guide.rst deleted file mode 100644 index 8df209a735..0000000000 --- a/doc/source/reference/compute/zun-guide.rst +++ /dev/null @@ -1,116 +0,0 @@ -======================= -Zun - Container service -======================= - -"Zun is an OpenStack Container service. It aims to provide an -OpenStack API for provisioning and managing containerized -workload on OpenStack." -For more details about Zun, see `OpenStack Zun Documentation -`__. - -Preparation and Deployment --------------------------- - -By default Zun and its dependencies are disabled. -In order to enable Zun, you need to edit globals.yml and set the -following variables: - -.. code-block:: yaml - - enable_zun: true - enable_kuryr: true - enable_etcd: true - docker_configure_for_zun: true - containerd_configure_for_zun: true - -Docker reconfiguration requires rebootstrapping before deploy. -Make sure you understand the consequences of restarting Docker. -Please see :ref:`rebootstrapping` for details. -If it's initial deploy, then there is nothing to worry about -because it's initial bootstrapping as well and there are no -running services to affect. - -.. code-block:: console - - $ kolla-ansible bootstrap-servers - -Finally deploy: - -.. code-block:: console - - $ kolla-ansible deploy - -Verification ------------- - -#. Generate the credentials file: - - .. code-block:: console - - $ kolla-ansible post-deploy - -#. Source credentials file: - - .. code-block:: console - - $ . /etc/kolla/admin-openrc.sh - -#. Download and create a glance container image: - - .. code-block:: console - - $ docker pull cirros - $ docker save cirros | openstack image create cirros --public \ - --container-format docker --disk-format raw - -#. Create zun container: - - .. code-block:: console - - $ zun create --name test --net network=demo-net cirros ping -c4 8.8.8.8 - - .. note:: - - Kuryr does not support networks with DHCP enabled, disable DHCP in the - subnet used for zun containers. - - .. code-block:: console - - $ openstack subnet set --no-dhcp - -#. Verify container is created: - - .. code-block:: console - - $ zun list - - +--------------------------------------+------+---------------+---------+------------+------------+-------+ - | uuid | name | image | status | task_state | addresses | ports | - +--------------------------------------+------+---------------+---------+------------+------------+-------+ - | 3719a73e-5f86-47e1-bc5f-f4074fc749f2 | test | cirros | Created | None | 172.17.0.3 | [] | - +--------------------------------------+------+---------------+---------+------------+------------+-------+ - -#. Start container: - - .. code-block:: console - - $ zun start test - Request to start container test has been accepted. - -#. Verify container: - - .. code-block:: console - - $ zun logs test - PING 8.8.8.8 (8.8.8.8): 56 data bytes - 64 bytes from 8.8.8.8: seq=0 ttl=45 time=96.396 ms - 64 bytes from 8.8.8.8: seq=1 ttl=45 time=96.504 ms - 64 bytes from 8.8.8.8: seq=2 ttl=45 time=96.721 ms - 64 bytes from 8.8.8.8: seq=3 ttl=45 time=95.884 ms - - --- 8.8.8.8 ping statistics --- - 4 packets transmitted, 4 packets received, 0% packet loss - round-trip min/avg/max = 95.884/96.376/96.721 ms - -For more information about how zun works, see -`zun, OpenStack Container service `__. diff --git a/doc/source/reference/containers/index.rst b/doc/source/reference/containers/index.rst index c1bcc84d4d..76afa71f8a 100644 --- a/doc/source/reference/containers/index.rst +++ b/doc/source/reference/containers/index.rst @@ -2,11 +2,9 @@ Containers ========== -This section describes configuring and running container based services -including kuryr. +This section describes configuring and running container based services. .. toctree:: :maxdepth: 1 - kuryr-guide magnum-guide diff --git a/doc/source/reference/containers/kuryr-guide.rst b/doc/source/reference/containers/kuryr-guide.rst deleted file mode 100644 index f85451d57e..0000000000 --- a/doc/source/reference/containers/kuryr-guide.rst +++ /dev/null @@ -1,66 +0,0 @@ -============================ -Kuryr - Container networking -============================ - -"Kuryr is a Docker network plugin that uses Neutron to provide networking -services to Docker containers. It provides containerized images for the common -Neutron plugins. Kuryr requires at least Keystone and neutron. Kolla makes -kuryr deployment faster and accessible. - -Requirements -~~~~~~~~~~~~ - -* A minimum of 3 hosts for a vanilla deploy - -Preparation and Deployment -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To allow Docker daemon connect to the etcd, add the following in the -``docker.service`` file. - -.. code-block:: ini - - ExecStart= -H tcp://172.16.1.13:2375 -H unix:///var/run/docker.sock --cluster-advertise=172.16.1.13:2375 - -The IP address is host running the etcd service. ```2375``` is port that -allows Docker daemon to be accessed remotely. ```2379``` is the etcd listening -port. - -By default etcd and kuryr are disabled in the ``group_vars/all/etcd.yml`` and -``group_vars/all/kuryr.yml`` files. -In order to enable them, you need to edit the file globals.yml and set the -following variables - -.. code-block:: yaml - - enable_etcd: true - enable_kuryr: true - -Deploy the OpenStack cloud and kuryr network plugin - -.. code-block:: console - - kolla-ansible deploy - -Create a Virtual Network -~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - docker network create -d kuryr --ipam-driver=kuryr --subnet=10.1.0.0/24 --gateway=10.1.0.1 docker-net1 - -To list the created network: - -.. code-block:: console - - docker network ls - -The created network is also available from OpenStack CLI: - -.. code-block:: console - - openstack network list - -For more information about how kuryr works, see -`kuryr (OpenStack Containers Networking) -`__. diff --git a/doc/source/reference/storage/external-ceph-guide.rst b/doc/source/reference/storage/external-ceph-guide.rst index 49e64d6c32..a831015ba7 100644 --- a/doc/source/reference/storage/external-ceph-guide.rst +++ b/doc/source/reference/storage/external-ceph-guide.rst @@ -312,24 +312,6 @@ for use with availability zones: * ``/etc/kolla/config/nova//ceph2.conf`` * ``/etc/kolla/config/nova//ceph2.client.cinder.keyring`` -If ``zun`` is enabled, and you wish to use cinder volumes with zun, -it must also be configured to allow access to Cinder volumes: - -* Enable Cinder Ceph backend for Zun in ``globals.yml``: - - .. code-block:: yaml - - zun_configure_for_cinder_ceph: "yes" - -* Copy Ceph configuration file to: - - * ``/etc/kolla/config/zun/zun-compute/ceph.conf`` - -* Copy Ceph keyring file(s) to: - - * ``/etc/kolla/config/zun/zun-compute/ceph.client.cinder.keyring`` - - Nova ---- @@ -583,13 +565,3 @@ HTTPS (443) port will be used. For example: The HAProxy frontend port is defined via ``ceph_rgw_port``, and defaults to 6780. - -Cephadm and Ceph Client Version -=============================== -When configuring Zun with Cinder volumes, kolla-ansible installs some -Ceph client packages on zun-compute hosts. You can set the version -of the Ceph packages installed by, - -* Configuring Ceph version details in ``/etc/kolla/globals.yml``: - - * ``ceph_version`` (default: ``pacific``) diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index b4ade81cae..44904c9d7d 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -110,10 +110,6 @@ workaround_ansible_issue_8743: true # Docker client timeout in seconds. #docker_client_timeout: 120 -#docker_configure_for_zun: false -#containerd_configure_for_zun: false -#containerd_grpc_gid: 42463 - ################### # Messaging options ################### @@ -381,13 +377,11 @@ workaround_ansible_issue_8743: true #enable_horizon_tacker: "{{ enable_tacker | bool }}" #enable_horizon_trove: "{{ enable_trove | bool }}" #enable_horizon_watcher: "{{ enable_watcher | bool }}" -#enable_horizon_zun: "{{ enable_zun | bool }}" #enable_ironic: false #enable_ironic_neutron_agent: false #enable_ironic_prometheus_exporter: "{{ enable_ironic | bool and enable_prometheus | bool }}" #enable_ironic_pxe_filter: false #enable_iscsid: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}" -#enable_kuryr: false #enable_magnum: false #enable_manila: false #enable_manila_backend_generic: false @@ -432,7 +426,7 @@ workaround_ansible_issue_8743: true #enable_ovn: "{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}" #enable_ovs_dpdk: false #enable_osprofiler: false -#enable_placement: "{{ enable_nova | bool or enable_zun | bool }}" +#enable_placement: "{{ enable_nova | bool }}" #enable_prometheus: false #enable_proxysql: true #enable_valkey: false @@ -441,7 +435,6 @@ workaround_ansible_issue_8743: true #enable_trove: false #enable_trove_singletenant: false #enable_watcher: false -#enable_zun: false ############# # S3 options diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 1120754a82..ac45a61ae4 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -60,8 +60,6 @@ glance_keystone_password: gnocchi_database_password: gnocchi_keystone_password: -kuryr_keystone_password: - nova_database_password: nova_api_database_password: nova_keystone_password: @@ -128,9 +126,6 @@ octavia_client_ca_password: tacker_database_password: tacker_keystone_password: -zun_database_password: -zun_keystone_password: - masakari_database_password: masakari_keystone_password: diff --git a/releasenotes/notes/drop-kuryr-and-zun-0c88940bb0878090.yaml b/releasenotes/notes/drop-kuryr-and-zun-0c88940bb0878090.yaml new file mode 100644 index 0000000000..de730ae80e --- /dev/null +++ b/releasenotes/notes/drop-kuryr-and-zun-0c88940bb0878090.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + Support for deploying ``zun`` has been dropped due to the service being + broken in 2026.1. ``kuryr`` has been dropped as well, due to it being + only used by ``zun``. diff --git a/roles/openstack-clients/defaults/main.yml b/roles/openstack-clients/defaults/main.yml index 034618843a..c0049c63aa 100644 --- a/roles/openstack-clients/defaults/main.yml +++ b/roles/openstack-clients/defaults/main.yml @@ -28,8 +28,6 @@ openstack_clients_pip_packages: enabled: "{{ scenario == 'nfv' }}" - package: python-troveclient enabled: "{{ scenario == 'magnum' }}" - - package: python-zunclient - enabled: "{{ scenario == 'zun' }}" openstack_clients_venv_base: "{{ ansible_user_dir }}" openstack_clients_venv_name: "openstackclient-venv" diff --git a/tests/check-logs.sh b/tests/check-logs.sh index 2bc3ccee13..bb2420cf4f 100755 --- a/tests/check-logs.sh +++ b/tests/check-logs.sh @@ -103,9 +103,6 @@ function check_fluentd_missing_logs { /var/log/kolla/tenks/*) continue ;; - /var/log/kolla/zun/*) - continue - ;; *) if ! sudo grep -q "following tail of $file" $fluentd_log_file; then echo "no match for $file" diff --git a/tests/pre.yml b/tests/pre.yml index 1480609b36..59d1052108 100644 --- a/tests/pre.yml +++ b/tests/pre.yml @@ -79,7 +79,7 @@ become: true package: name: lvm2 - when: scenario in ['cephadm', 'zun'] + when: scenario in ['cephadm'] - name: Ensure /tmp/logs/ dir file: diff --git a/tests/run.yml b/tests/run.yml index efa817e24d..f6b7819717 100644 --- a/tests/run.yml +++ b/tests/run.yml @@ -22,7 +22,7 @@ need_build_image: "{{ kolla_build_images | default(false) }}" build_image_tag: "change_{{ zuul.change | default('none') }}" openstack_core_enabled: "{{ openstack_core_enabled }}" - openstack_core_tested: "{{ scenario in ['core', 'cephadm', 'zun', 'cells', 'ovn', 'lets-encrypt', 'container-engine-migration'] }}" + openstack_core_tested: "{{ scenario in ['core', 'cephadm', 'cells', 'ovn', 'lets-encrypt', 'container-engine-migration'] }}" dashboard_enabled: "{{ openstack_core_enabled }}" upper_constraints_file: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt" docker_image_tag_suffix: "{{ '-aarch64' if ansible_architecture == 'aarch64' else '' }}" @@ -38,7 +38,7 @@ - import_role: name: kolla-ansible-setup-disks - when: scenario in ['cephadm', 'zun'] + when: scenario in ['cephadm'] - name: Update /etc/hosts with internal API FQDN blockinfile: @@ -427,7 +427,7 @@ EXT_NET_GATEWAY: "{{ neutron_external_network_prefix }}1" EXT_NET_DEMO_ROUTER_ADDR: "{{ neutron_external_network_prefix }}10" SCENARIO: "{{ scenario }}" - when: openstack_core_tested or scenario in ['ironic', 'multi-compute-ironic' ,'magnum', 'nfv', 'zun', 'octavia'] + when: openstack_core_tested or scenario in ['ironic', 'multi-compute-ironic' ,'magnum', 'nfv', 'octavia'] - name: Test OVN VPNaaS import_role: @@ -456,16 +456,6 @@ - "{{ tempest_src_dir if (zuul.branch == 'master' and not is_upgrade) else 'tempest' }}" when: openstack_core_tested - - name: Run test-zun.sh script - script: - cmd: test-zun.sh - executable: /bin/bash - chdir: "{{ kolla_ansible_src_dir }}" - when: scenario == 'zun' - environment: - BASE_DISTRO: "{{ base_distro }}" - CONTAINER_ENGINE: "{{ container_engine }}" - - name: Run test-scenario-nfv.sh script script: cmd: test-scenario-nfv.sh diff --git a/tests/templates/globals-default.j2 b/tests/templates/globals-default.j2 index ca2ad562e0..0f6da316af 100644 --- a/tests/templates/globals-default.j2 +++ b/tests/templates/globals-default.j2 @@ -88,20 +88,6 @@ openstack_tag_suffix: "{{ docker_image_tag_suffix }}" {% endif %} {% endif %} -{% if scenario == "zun" %} -enable_zun: "yes" -enable_kuryr: "yes" -enable_etcd: "yes" -etcd_remove_deleted_members: "yes" -docker_configure_for_zun: "yes" -containerd_configure_for_zun: "yes" -enable_cinder: "yes" -cinder_cluster_skip_precheck: "yes" -# lvm backup driver for cinder-backup does not exist -enable_cinder_backup: "no" -enable_cinder_backend_lvm: "yes" -{% endif %} - {% if scenario == "ipv6" %} enable_prometheus: "yes" enable_prometheus_openstack_exporter: "no" diff --git a/tests/templates/inventory.j2 b/tests/templates/inventory.j2 index a3bea72130..e2c5ff3388 100644 --- a/tests/templates/inventory.j2 +++ b/tests/templates/inventory.j2 @@ -218,9 +218,6 @@ control [bifrost:children] deployment -[zun:children] -control - # TODO(gkoper): Remove redis group after G/2026.1 release [redis:children] control @@ -601,19 +598,6 @@ designate [placement-api:children] placement -# Zun -[zun-api:children] -zun - -[zun-wsproxy:children] -zun - -[zun-compute:children] -compute - -[zun-cni-daemon:children] -compute - # Tacker [tacker-server:children] tacker diff --git a/tests/test-zun.sh b/tests/test-zun.sh deleted file mode 100755 index 984bb03f6b..0000000000 --- a/tests/test-zun.sh +++ /dev/null @@ -1,169 +0,0 @@ -#!/bin/bash - -set -o xtrace -set -o errexit - -export PYTHONUNBUFFERED=1 - -function test_zun_logged { - . /etc/kolla/admin-openrc.sh - . ~/openstackclient-venv/bin/activate - - container_engine="${1:-docker}" - - echo "TESTING: Zun" - openstack appcontainer service list - openstack appcontainer host list - openstack subnet set --no-dhcp demo-subnet - sudo ${container_engine} pull quay.io/openstack.kolla/alpine - sudo ${container_engine} save quay.io/openstack.kolla/alpine | openstack image create alpine --public --container-format docker --disk-format raw - openstack appcontainer run --net network=demo-net --name test alpine sleep 1000 - attempt=1 - while [[ $(openstack appcontainer show test -f value -c status) != "Running" ]]; do - echo "Container not running yet" - attempt=$((attempt+1)) - if [[ $attempt -eq 10 ]]; then - echo "Container failed to start" - openstack appcontainer show test - return 1 - fi - sleep 10 - done - openstack appcontainer list - openstack appcontainer show test - openstack appcontainer delete --force --stop test - - # NOTE(yoctozepto): We have to wait for the container to be deleted due to - # check-failure.sh checking stopped containers and failing. - # It is also nice to test that deleting actually works. - attempt=1 - while openstack appcontainer show test; do - echo "Container not deleted yet" - attempt=$((attempt+1)) - if [[ $attempt -eq 10 ]]; then - echo "Zun failed to delete the container" - openstack appcontainer show test - return 1 - fi - sleep 10 - done - - echo "SUCCESS: Zun" - - echo "TESTING: Zun Cinder volume attachment" - openstack volume create --size 2 zun_test_volume - attempt=1 - while [[ $(openstack volume show zun_test_volume -f value -c status) != "available" ]]; do - echo "Volume not available yet" - attempt=$((attempt+1)) - if [[ $attempt -eq 10 ]]; then - echo "Volume failed to become available" - openstack volume show zun_test_volume - return 1 - fi - sleep 10 - done - openstack appcontainer run --net network=demo-net --name test2 --mount source=zun_test_volume,destination=/data alpine sleep 1000 - attempt=1 - while [[ $(openstack volume show zun_test_volume -f value -c status) != "in-use" ]]; do - echo "Volume not attached yet" - attempt=$((attempt+1)) - if [[ $attempt -eq 10 ]]; then - echo "Volume failed to attach" - openstack volume show zun_test_volume - return 1 - fi - sleep 10 - done - attempt=1 - while [[ $(openstack appcontainer show test2 -f value -c status) != "Running" ]]; do - echo "Container not running yet" - attempt=$((attempt+1)) - if [[ $attempt -eq 10 ]]; then - echo "Container failed to start" - openstack appcontainer show test2 - return 1 - fi - sleep 10 - done - openstack appcontainer delete --stop test2 - attempt=1 - while [[ $(openstack volume show zun_test_volume -f value -c status) != "available" ]]; do - echo "Volume not detached yet" - attempt=$((attempt+1)) - if [[ $attempt -eq 10 ]]; then - echo "Volume failed to detach" - openstack volume show zun_test_volume - return 1 - fi - sleep 10 - done - openstack volume delete zun_test_volume - echo "SUCCESS: Zun Cinder volume attachment" - - echo "TESTING: Zun capsule" - cat >/tmp/capsule.yaml < $log_file 2>&1 - result=$? - if [[ $result != 0 ]]; then - echo "Testing Zun failed. See ansible/test-zun for details" - else - echo "Successfully tested Zun. See ansible/test-zun for details" - fi - return $result -} - -test_zun $1 diff --git a/zuul.d/scenarios/zun.yaml b/zuul.d/scenarios/zun.yaml deleted file mode 100644 index ea5e96a52c..0000000000 --- a/zuul.d/scenarios/zun.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- job: - name: kolla-ansible-zun-base - parent: kolla-ansible-base - voting: false - files: !inherit - - ^ansible/group_vars/all/(zun|kuryr|etcd|cinder|iscsi).yml - - ^ansible/roles/(zun|kuryr|etcd|cinder|iscsi)/ - - ^tests/setup_disks.sh - - ^tests/test-core-openstack.sh - - ^tests/test-zun.sh - - ^tests/test-dashboard.sh - vars: - kolla_ansible_setup_disks_file_path: "/var/lib/cinder_data.img" - kolla_ansible_setup_disks_vg_name: "cinder-volumes" - scenario: zun - scenario_images_extra: - - ^zun - - ^kuryr - - ^etcd - - ^cinder - - ^iscsid - - ^tgtd - -- job: - name: kolla-ansible-debian-trixie-zun - parent: kolla-ansible-zun-base - nodeset: kolla-ansible-debian-trixie-multi-8GB - -- job: - name: kolla-ansible-ubuntu-noble-zun - parent: kolla-ansible-zun-base - nodeset: kolla-ansible-ubuntu-noble-multi-8GB - -- project-template: - name: kolla-ansible-scenario-zun - description: | - Runs Kolla-Ansible Zun scenario jobs. - check: - jobs: - - kolla-ansible-debian-trixie-zun - - kolla-ansible-ubuntu-noble-zun From 2b50175b33503d96d493a1f03e234ce004206183 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Fri, 24 Apr 2026 20:08:47 +0200 Subject: [PATCH 7/7] manila: Fix manila-api.log location Without that it ends up as .log or some other Python frozenset.log Change-Id: I3a6e2541aab07f822402f0b5fca96f8aba7e2f4a Signed-off-by: Michal Nasiadka --- ansible/roles/manila/templates/manila.conf.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2 index cadde4c0a1..148989d9aa 100644 --- a/ansible/roles/manila/templates/manila.conf.j2 +++ b/ansible/roles/manila/templates/manila.conf.j2 @@ -2,6 +2,9 @@ debug = {{ manila_logging_debug }} log_dir = /var/log/kolla/manila +{% if service_name == "manila-api" %} +log_file = manila-api.log +{% endif %} use_forwarded_for = true my_ip = {{ api_interface_address }}