stackhpc · priteau · Dec 2, 2024 · Mar 26, 2024 · Mar 4, 2024 · Aug 13, 2024
@@ -48,7 +48,7 @@ kolla_base_distro: "rocky"
 kolla_internal_vip_address: "{{ kolla_internal_address | default('') }}"
 kolla_internal_fqdn: "{{ kolla_internal_vip_address }}"
 kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
-kolla_same_external_internal_vip: "{{ kolla_external_vip_address == kolla_internal_vip_address }}"
+kolla_same_external_internal_vip: "{{ kolla_external_vip_address | ansible.utils.ipaddr('address') == kolla_internal_vip_address | ansible.utils.ipaddr('address') }}"
 kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}"
 
 kolla_dev_repos_directory: "/opt/stack/"

@@ -9,9 +9,8 @@ bind-interfaces
 {% set tag = item.tag | default('range_' ~ loop.index) %}
 {% set lease_time = item.lease_time | default(ironic_dnsmasq_dhcp_default_lease_time) %}
 dhcp-range=set:{{ tag }},{{ item.range }},{{ lease_time }}
-{% if item.routers is defined %}
-dhcp-option=tag:{{ tag }},option:router,{{ item.routers }}
-{% endif %}
+{% if item.routers is defined %}dhcp-option=tag:{{ tag }},option:router,{{ item.routers }}{% endif %}
+{% if item.ntp_server is defined %}dhcp-option=tag:{{ tag }},option:ntp-server,{{ item.ntp_server }}{% endif %}
 {% endfor %}
 
 {% if api_address_family == 'ipv6' %}

@@ -10,13 +10,13 @@ errorlog: "/var/log/kolla/proxysql/proxysql.log"
 
 admin_variables:
    admin_credentials: "{{ proxysql_admin_user }}:{{ proxysql_admin_password }}"
-   mysql_ifaces: "{{ api_interface_address }}:{{ proxysql_admin_port }};{{ kolla_internal_vip_address }}:{{ proxysql_admin_port }};/var/lib/kolla/proxysql/admin.sock"
+   mysql_ifaces: "{{ api_interface_address | put_address_in_context('url') }}:{{ proxysql_admin_port }};{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ proxysql_admin_port }};/var/lib/kolla/proxysql/admin.sock"
    stats_credentials: "{{ proxysql_stats_user }}:{{ proxysql_stats_password }}"
 
 mysql_variables:
    threads: {{ proxysql_workers }}
    max_connections: {{ proxysql_max_connections }}
-   interfaces: "{{ kolla_internal_vip_address }}:{{ database_port }}"
+   interfaces: "{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ database_port }}"
    monitor_username: "{{ mariadb_monitor_user }}"
    monitor_password: "{{ mariadb_monitor_password }}"
 

@@ -379,7 +379,6 @@ nova_libvirt_default_volumes:
   - "{{ nova_instance_datadir_volume }}:/var/lib/nova/"
   - "{% if enable_shared_var_lib_nova_mnt | bool %}/var/lib/nova/mnt:/var/lib/nova/mnt:shared{% endif %}"
   - "nova_libvirt_qemu:/etc/libvirt/qemu"
-  - "nova_libvirt_secrets:/etc/libvirt/secrets"
   - "{{ kolla_dev_repos_directory ~ '/nova/nova:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/nova' if nova_dev_mode | bool else '' }}"
 nova_ssh_default_volumes:
   - "{{ node_config_directory }}/nova-ssh/:{{ container_config_directory }}/:ro"
@@ -451,6 +450,7 @@ nova_compute_extra_volumes: "{{ nova_extra_volumes }}"
 nova_compute_ironic_extra_volumes: "{{ nova_extra_volumes }}"
 # Used by bootstrapping containers.
 nova_cell_bootstrap_extra_volumes: "{{ nova_extra_volumes }}"
+nova_cell_get_settings_volumes: "{{ nova_cell_bootstrap_default_volumes + nova_cell_bootstrap_extra_volumes }}"
 
 nova_libvirt_volume: "{{ 'libvirtd' if enable_nova_libvirt_container | bool else '/var/lib/libvirt' }}"
 

@@ -35,3 +35,5 @@
     # and there is a cell conductor in the inventory to delegate to.
     - all_computes_in_batch | length > 0
     - groups[nova_cell_conductor_group] | length > 0
+
+- import_tasks: post-config.yml
@@ -13,7 +13,7 @@
       BOOTSTRAP:
     name: "nova_list_cells"
     restart_policy: oneshot
-    volumes: "{{ nova_cell_bootstrap_default_volumes + nova_cell_bootstrap_extra_volumes }}"
+    volumes: "{{ nova_cell_get_settings_volumes }}"
   register: existing_cells_list
   changed_when: false
   failed_when:

@@ -0,0 +1,7 @@
+---
+# TODO(kevko) Remove in E cycle
+- name: Remove old nova_libvirt_secrets container volume
+  become: true
+  kolla_docker:
+    action: "remove_volume"
+    name: nova_libvirt_secrets
@@ -14,3 +14,5 @@
 
 - name: Flush handlers
   meta: flush_handlers
+
+- import_tasks: post-config.yml
@@ -1,24 +1,65 @@
 ---
-- name: Create cell0 mappings
-  vars:
-    nova_api: "{{ nova_services['nova-api'] }}"
-    nova_cell0_connection: "mysql+pymysql://{{ nova_cell0_database_user }}:{{ nova_cell0_database_password }}@{{ nova_cell0_database_address }}/{{ nova_cell0_database_name }}"  # noqa 204
-  become: true
-  kolla_docker:
-    action: "start_container"
-    command: bash -c 'sudo -E kolla_set_configs && nova-manage cell_v2 map_cell0 --database_connection {{ nova_cell0_connection }}'
-    common_options: "{{ docker_common_options }}"
-    detach: False
-    image: "{{ nova_api.image }}"
-    labels:
-      BOOTSTRAP:
-    name: "nova_api_map_cell0"
-    restart_policy: oneshot
-    volumes: "{{ nova_api_bootstrap_default_volumes + nova_api_bootstrap_extra_volumes }}"
-  register: map_cell0
-  changed_when:
-    - map_cell0 is success
-    - '"Cell0 is already setup" not in map_cell0.stdout'
+- block:
+    - name: Create cell0 mappings
+      vars:
+        nova_api: "{{ nova_services['nova-api'] }}"
+        nova_cell0_connection: "mysql+pymysql://{{ nova_cell0_database_user }}:{{ nova_cell0_database_password }}@{{ nova_cell0_database_address }}/{{ nova_cell0_database_name }}"  # noqa 204
+      become: true
+      kolla_docker:
+        action: "start_container"
+        command: bash -c 'sudo -E kolla_set_configs && nova-manage cell_v2 map_cell0 --database_connection {{ nova_cell0_connection }}'
+        common_options: "{{ docker_common_options }}"
+        detach: False
+        image: "{{ nova_api.image }}"
+        labels:
+          BOOTSTRAP:
+        name: "nova_api_map_cell0"
+        restart_policy: oneshot
+        volumes: "{{ nova_api_bootstrap_default_volumes + nova_api_bootstrap_extra_volumes }}"
+      register: map_cell0
+      changed_when:
+        - map_cell0 is success
+        - '"Cell0 is already setup" not in map_cell0.stdout'
+
+    - import_role:
+        name: nova-cell
+        tasks_from: get_cell_settings.yml
+      vars:
+        nova_cell_name: "cell0"
+        nova_api: "{{ nova_services['nova-api'] }}"
+        nova_cell_get_settings_volumes: "{{ nova_api_bootstrap_default_volumes + nova_api_bootstrap_extra_volumes }}"
+
+    - name: Update cell0 mappings
+      vars:
+        nova_cell0_uuid: "00000000-0000-0000-0000-000000000000"
+        nova_cell0_transport_url: "none:/"
+        nova_cell0_connection: "mysql+pymysql://{{ nova_cell0_database_user }}:{{ nova_cell0_database_password }}@{{ nova_cell0_database_address }}/{{ nova_cell0_database_name }}"  # noqa 204
+        nova_api: "{{ nova_services['nova-api'] }}"
+      become: true
+      kolla_docker:
+        action: "start_container"
+        command: >
+          bash -c 'sudo -E kolla_set_configs &&
+          nova-manage cell_v2 update_cell
+          --cell_uuid {{ nova_cell0_uuid }}
+          --database_connection {{ nova_cell0_connection }}
+          --transport-url {{ nova_cell0_transport_url }}'
+        common_options: "{{ docker_common_options }}"
+        detach: False
+        image: "{{ nova_api.image }}"
+        labels:
+          BOOTSTRAP:
+        name: "nova_api_map_cell0"
+        restart_policy: oneshot
+        volumes: "{{ nova_api_bootstrap_default_volumes + nova_api_bootstrap_extra_volumes }}"
+      register: nova_cell0_updated
+      changed_when:
+        - nova_cell0_updated is success
+      failed_when:
+        - nova_cell0_updated.rc != 0
+      when:
+        - nova_cell_settings | length > 0
+        - nova_cell_settings.cell_database != nova_cell0_connection
   run_once: True
   delegate_to: "{{ groups[nova_api.group][0] }}"
 

@@ -1 +1,28 @@
 ---
+- name: Validating prometheus config files
+  vars:
+    service: "{{ prometheus_services['prometheus-server'] }}"
+  shell: >-
+    {{ kolla_container_engine }} exec -i {{ service.container_name }} bash -c
+    "/opt/prometheus/promtool check config /etc/prometheus/prometheus.yml;
+    /opt/prometheus/promtool check web-config /etc/prometheus/web.yml"
+  register: "prometheus_config_validation_results"
+  check_mode: false
+  become: true
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+
+- name: Assert prometheus config files are valid
+  vars:
+    service: "{{ prometheus_services['prometheus-server'] }}"
+  assert:
+    that: "prometheus_config_validation_results.rc == 0"
+    fail_msg: >-
+      "{{ service.container_name }} config files are invalid, the output was:
+       {{ prometheus_config_validation_results.stdout }}"
+    success_msg: >-
+      "{{ service.container_name }} config files are valid"
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
@@ -1,4 +1,6 @@
 ---
+- import_tasks: version-check.yml
+
 - include_tasks: remove-ha-all-policy.yml
   when:
     - not om_enable_rabbitmq_high_availability | bool

@@ -0,0 +1,53 @@
+---
+- block:
+    - name: Get container facts
+      become: true
+      kolla_container_facts:
+        container_engine: "{{ kolla_container_engine }}"
+        name:
+          - "{{ service.container_name }}"
+      register: container_facts
+
+    - block:
+        - name: Get current RabbitMQ version
+          become: true
+          command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl --version"
+          register: rabbitmq_version_current
+          changed_when: false
+
+        - name: Get new RabbitMQ version
+          become: true
+          vars:
+            rabbitmq_container: "{{ rabbitmq_services['rabbitmq'] }}"
+          kolla_docker:
+            action: "start_container"
+            command: "rabbitmqctl --version"
+            common_options: "{{ docker_common_options }}"
+            detach: false
+            environment:
+              KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+            image: "{{ rabbitmq_container.image }}"
+            name: "rabbitmq_version_check"
+            restart_policy: oneshot
+            volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}"
+          register: rabbitmq_version_new
+          failed_when: false
+          check_mode: false
+
+        - name: Catch when RabbitMQ is being downgraded
+          assert:
+            that: rabbitmq_version_current.stdout is version(rabbitmq_version_new.stdout | trim, 'le', version_type='semver')
+            fail_msg: >
+              Looks like you're about to downgrade RabbitMQ from version {{ rabbitmq_version_current.stdout }} to version {{ rabbitmq_version_new.stdout | trim }}.
+              If you're absolutely certain you want to do this, please skip the tag `rabbitmq-version-check`.
+              Otherwise, see these docs for how to pin the version of RabbitMQ:
+              https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#rabbitmq-versions
+
+      when: container_facts[service.container_name] is defined
+
+  delegate_to: "{{ groups[role_rabbitmq_groups] | first }}"
+  run_once: true
+  tags: rabbitmq-version-check
+  vars:
+    service_name: "rabbitmq"
+    service: "{{ rabbitmq_services[service_name] }}"
@@ -83,7 +83,7 @@ following options on the first database node:
 
    docker run --rm -it --volumes-from mariadb --name dbrestore \
       --volume mariadb_backup:/backup \
-      quay.io/openstack.kolla/centos-source-mariadb-server:|KOLLA_OPENSTACK_RELEASE| \
+      quay.io/openstack.kolla/mariadb-server:|KOLLA_OPENSTACK_RELEASE|-rocky-9 \
       /bin/bash
    (dbrestore) $ cd /backup
    (dbrestore) $ rm -rf /backup/restore
@@ -105,7 +105,7 @@ place, again on the first node:
 
    docker run --rm -it --volumes-from mariadb --name dbrestore \
       --volume mariadb_backup:/backup \
-      quay.io/openstack.kolla/centos-source-mariadb-server:|KOLLA_OPENSTACK_RELEASE| \
+      quay.io/openstack.kolla/mariadb-server:|KOLLA_OPENSTACK_RELEASE|-rocky-9 \
       /bin/bash
    (dbrestore) $ rm -rf /var/lib/mysql/*
    (dbrestore) $ rm -rf /var/lib/mysql/\.[^\.]*
@@ -148,7 +148,7 @@ incremental backup,
 
    docker run --rm -it --volumes-from mariadb --name dbrestore \
       --volume mariadb_backup:/backup --tmpfs /backup/restore \
-      quay.io/openstack.kolla/centos-source-mariadb-server:|KOLLA_OPENSTACK_RELEASE| \
+      quay.io/openstack.kolla/mariadb-server:|KOLLA_OPENSTACK_RELEASE|-rocky-9 \
       /bin/bash
    (dbrestore) $ cd /backup
    (dbrestore) $ rm -rf /backup/restore

@@ -42,6 +42,16 @@ are possible by separating addresses with commas):
      - range: "192.168.5.100,192.168.5.110"
        routers: "192.168.5.1"
 
+Together with an router there can be provided the NTP (time source) server.
+For example it can be the same address as default router for the range:
+
+.. code-block:: yaml
+
+   ironic_dnsmasq_dhcp_ranges:
+     - range: "192.168.5.100,192.168.5.110"
+       routers: "192.168.5.1"
+       ntp_server: "192.168.5.1"
+
 To support DHCP relay, it is also possible to define a netmask in the range.
 It is advisable to also provide a router to allow the traffic to reach the
 Ironic server.

@@ -177,3 +177,19 @@ Run the deployment:
 
    kolla-ansible deploy -i <path/to/multinode/inventory/file>
 
+Validate generated configuration files of enabled services:
+
+.. code-block:: console
+
+   kolla-ansible validate-config -i <path/to/multinode/inventory/file>
+
+.. note::
+
+   Due to the nature of the configuration generation the validation can
+   currently only be done after the first deployment. For some validations
+   it is necessary to access the running containers.
+   The validation tasks can be found - and altered - in each ansible role under
+   ``kolla-ansible/ansible/roles/$role/tasks/config_validate.yml``.
+   The validation for most openstack services is done by the special role:
+   ``service-config-validate``.
+
@@ -36,8 +36,7 @@ def extract_cell(list_cells_cli_output, cell_name):
     # NOTE(priteau): regexp doesn't support passwords containing spaces
     p = re.compile(
         r'\| +(?P<cell_name>[^ ]+)? +'
-        r'\| +(?!00000000-0000-0000-0000-000000000000)'
-        r'(?P<cell_uuid>[0-9a-f\-]+) +'
+        r'\| +(?P<cell_uuid>[0-9a-f\-]+) +'
         r'\| +(?P<cell_message_queue>[^ ]+) +'
         r'\| +(?P<cell_database>[^ ]+) +'
         r'\| +(?P<cell_disabled>[^ ]+) +'

@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes nova-cell not updating the cell0 database address when VIP changes.
+    `LP#1915302 <https://launchpad.net/bugs/1915302>`__
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes busy libvirt's secret volume while secrets are changing.
+    `LP#2073678 <https://launchpad.net/bugs/2073678>`__
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fix ProxySQL unable to bind due to incorrect format
+    of IPv6 addresses in the `mysql_ifaces` configuration.
+    `LP#2081106 <https://launchpad.net/bugs/2081106>`__
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds the ability to provide the NTP (time source) server for multiple DHCP
+    ranges in the Ironic Inspector DHCP server.
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Adds a check to stop deploying/upgrading the RabbitMQ containers if it
+    will result in downgrading the version of RabbitMQ running.
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes a bug where the RabbitMQ version check would fail to pull the new
+    image due to lack of auth.
+    `LP#2086171 <https://bugs.launchpad.net/kolla-ansible/+bug/2086171>`__
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes a bug where the IP address comparison was not done properly
+    for the variable ``kolla_same_external_internal_vip``.
+    Fix the comparison to use the ``ipaddr`` filter instead.
+    For details see `LP#2076889 <https://bugs.launchpad.net/kolla/+bug/2076889>`__.
@@ -0,0 +1,9 @@
+---
+
+features:
+  - |
+    kolla-ansible now validates the Prometheus configuration files when
+    called via ``kolla-ansible -i $inventory validate-config``. This
+    validation is done by running the ``promtool check config`` command.
+    See the `documentation <https://docs.openstack.org/kolla-ansible/latest/user/multinode.html>`__
+    for the ``kolla-ansible validate-config`` command for details.