Upstream Train sync 2021-12-02 #48
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a partial backport of two commits - I6a174468bd91d214c08477b93c88032a45c137be and I056f3eebcf87bcbaaf89fdd0dc1f46d143db7785. It includes the barbican_endpoint_type option, but excludes the verify_ssl_file option, since openstack_cacert is not used in configuration files in Train. Change-Id: I1c5790fd4717d12e8ff8ddbcabfa8f0ece8411e0
Change-Id: I77791d504327ace880d0cc2438af2f8ced66d4eb (cherry picked from commit a8981a7)
In response to a mailing list post [1] trying to go from Train on CentOS 7 to Ussuri on CentOS 8. [1] http://lists.openstack.org/pipermail/openstack-discuss/2021-March/021129.html Change-Id: I3cc958665d9eb0d47c2f31e2c75bd7a3b1f64aea
The docker configuration should be a URL, not a host:port. Closes-Bug: #1919932 Change-Id: I5025fdb7e48c79a107b45f1454f5d5e81367a2f9 (cherry picked from commit 608836d)
Change-Id: Ib6719a033b37be3e248b682795b7243c60b22b84 (cherry picked from commit dbc6324)
Python 2 jobs recently started failing frequently with the following
error:
distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('pbr>=2.0.0')
The root cause appears to be that indirect requirements are handled by
easy_install which doesn't like some index servers [1]. Try updating
setuptools first.
[1] googleapis/google-cloud-python#3757 (comment)
Change-Id: I95303e52f2b462ceda21abaa4097cc9291362d33
This is to avoid the following issue:
distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('pbr>=2.0.0')
Change I95303e52f2b462ceda21abaa4097cc9291362d33 fixed it for the
kolla-ansible installation but it can also affect virtualenvs used by
testing.
Change-Id: I341df5ce7d850d6264895fe521ed5a22c271b3fd
Change-Id: If8af5a2a3fe628de15d644b4ffef0bffaa06b554
Change-Id: Iede747ceaafa54a00186761943fe2f4ac13f9559 (cherry picked from commit 030a9a2)
Need to consider Negative seqno to compare in some cases, but the task does not support to do that, we need to make it work. 1.we use mariabackup to restore datas on control1, delete the mariadb data on control2 and control3, and then use cluster recovery, as a result that the seqno of the other two nodes will be '-1'. 2. add one more control node into our existing mariadb cluster, and then use cluster recovery, the seqno of the new node will be '-1'. Change-Id: Ic1ac8656f28c3835e091637014f075ac5479d390 (cherry picked from commit 068f3fe)
This is a follow up on the change with the following ID: I337f42e174393f68b43e876ef075a74c887a5314 TrivialFix Change-Id: Ibb67811d7b086ef9ef4c695ae589171af0c4d657 (cherry picked from commit fe66477)
Reference: https://github.com/prometheus/alertmanager#turn-off-high-availability Closes-Bug: #1926463 Change-Id: I60e1dedeac25fa8fe9538a3a8e582bd8cc9324d7 (cherry picked from commit b300f7b)
Docker 5.0.0 [1] dropped requirement for six, but still imports it. [1]: docker/docker-py#2807 Closes-Bug: #1928915 Change-Id: I726541f4b3fdc357387a44c6a2153593a10bf282 (cherry picked from commit b053bd8)
Ussuri & earlier only After upgrading from Train to Ussuri, if the keepalived configuration is unchanged, it is possible that the primary keepalived container will not be upgraded. This happens because we do not import check-containers.yml in upgrade.yml, meaning that the 'Restart keepalived container' handler does not fire. This change fixes the issue. Closes-Bug: #1928362 Change-Id: I56775f1c0a8849c10ad5181cde6b50b2694a0512 (cherry picked from commit 2c72861)
This configuration option was only used by neutron-lbaas, which is now retired. It should have been added to neutron_lbaas.conf.j2 instead. Change-Id: Iba591473abf4304413eca0d84e0b2be197c527fc (cherry picked from commit 7d1af05)
It will allow us to fail fast when pulling the image is a problem - instead of failing in the middle of deployment. Change-Id: I017cddcfbbc5449e63d807385216b94e74503c9b (cherry picked from commit 8dcb56f)
This is confusing as it is not meant to be used by users. Also, various tools show duplicated matches due to both locations containing the exact same content. Change-Id: I2debe121f64954e57788270d3258775f29f1cbb0 (cherry picked from commit b21c07a)
This change also updates the CI test scripts to use PATH to find the kolla-ansible script, rather than relying on the file in the source checkout. Using the script in the source checkout was hiding an issue with pip install --user, although that has now been fixed in I5b47a146627d06bb3fe4a747c5f20290c726b0f9. Related-Bug: #1915527 Change-Id: I2827a657c8716a9c40391c6bdb7ff1a2a9c1260e Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/793570 (cherry picked from commit 1ea9914)
The host list order seen during Ansible handlers may differ to the usual play host list order, due to race conditions in notifying handlers. This means that restart_services.yml for RabbitMQ may be included in a different order than the rabbitmq group, resulting in a node other than the 'first' being restarted first. This can cause some nodes to fail to join the cluster. The include_tasks loop was introduced in [1]. This change fixes the issue by splitting the handler into two tasks, and restarting the first node before all others. [1] https://review.opendev.org/c/openstack/kolla-ansible/+/763137 Change-Id: I1823301d5889589bfd48326ed7de03c6061ea5ba Closes-Bug: #1930293 (cherry picked from commit 0cd5b02)
This bug has been accidentally fixed in Victoria by [1]. [1]: https://review.opendev.org/c/openstack/kolla-ansible/+/742627 Closes-Bug: #1923467 Change-Id: Ie09beb79938ffbcdb5193299511e6eef0b98a258 (cherry picked from commit 6f3b611)
An editable installation allows changes to be made to the source code
directly, and have those changes applied immediately without having to
reinstall.
pip install -e /path/to/kolla-ansible
Above is currently working only in virtualenv, but there is no reason to
not allow in all cases. This is usefull for example when user is
building his own docker container with editable kolla-ansible installed
from git without virtualenv.
Change-Id: I185f7c09c3f026fd6926a26001393f066ff1860d
(cherry picked from commit 22a6765)
Kolla Ansible runs iscsid in the foreground (-f) and a recent change to iscsid in CentOS 8 (both Linux and Stream) caused it to reject setting pid file in such a case. PID file is irrelevant in this scenario so this commit removes its parameter. Closes-Bug: #1933033 Change-Id: Ic0c4beae0c812f3ca68a6ee5cc4daa2fee0f277d (cherry picked from commit 18a0af6)
docker-ce on Debian/Ubuntu gets started just after installation, before baremetal role configures daemon.json - which results in iptables rules being implemented - but not removed on docker engine restart. Closes-Bug: #1923203 Change-Id: Ib1faa092e0b8f0668d1752490a34d0c2165d58d2 (cherry picked from commit bc96179)
Zuul 4.6.0 does not allow to set ansible_python_interpreter. [1] Instead, with the current Zuul and Ansible, this should be automatically set to the proper python. This patch is required to restore the jobs which are ignored otherwise. [2] [3] Additionally, this change avoids the use of Ansible's pip module because it tries to use setuptools from the ansible_python_interpreter first even if another executable is set. [1] http://lists.openstack.org/pipermail/openstack-discuss/2021-June/023291.html [2] http://lists.openstack.org/pipermail/openstack-discuss/2021-June/023326.html [3] http://lists.openstack.org/pipermail/openstack-discuss/2021-June/023321.html Change-Id: I53e666d59d0cce26e38c6f66a39eb204bda502d3
…into stable/train
When supported_policy_files gets set under python 3.7 [1], the regex '(.*)'
matches twice, once for the policy file name and once more for the empty string
that follows the policy file name. This is new behavior under python
3.7. [2]
This leads to the replacement string being written out twice resulting
in something like this: "nova_policy.yamlnova_".
This patch changes the regex to '(.+)' ensuring there is no match success
against the empty string.
[1]:
- set_fact:
supported_policy_files: "{{ supported_policy_format_list | map('regex_replace', '(.*)', '{{ project_name }}_\\1') | list }}"
[2]: https://docs.python.org/3/library/re.html#re.sub
Change-Id: Ie5278832e293364c66d53ddb07dff9c5409f0cc6
Closes-Bug: 1851249
(cherry picked from commit 9d0ccad)
Docker is using 172.17.0.0/16 by default for bridge networking on docker0, and this might cause routing problems for operator networks. This change introduces docker_disable_default_network to disable the bridge networking by putting "bridge: none"[1] to daemon.json Bridge networking does not work without iptables, so we set the default for docker_disable_default_network to docker_disable_default_iptables_rules. For better defaults, this feature will be enabled by default in Wallaby. [1] https://docs.docker.com/engine/reference/commandline/dockerd/ Change-Id: Ic745300b27e50132d80d03787fa4abfada2d0173 Closes-Bug: #1848249 Related-Bug: #1849275 (cherry picked from commit 4053a0a)
With the new default since Wallaby, starting Docker makes it enable forwarding and not filter it at all. This may pose a security risk and should be mitigated. Closes-Bug: #1931615 Change-Id: I5129136c066489fdfaa4d93741c22e5010b7e89d (cherry picked from commit 0fa4ee5)
According the documentation [1] there need to configure auth_uri in the [filter:s3token] section instead of www_authenticate_uri which cause an error 'swift.common.wsgi.ConfigFileError: Invalid auth_uri; must include scheme and host' during start the swift-proxy-server container. 1. https://docs.openstack.org/swift/ussuri/middleware.html#s3-token-middleware Change-Id: I6b8f5807ebb746428a501dca13eae30763dede8d Closes-Bug: 1862765 Signed-off-by: Maksim Malchuk <[email protected]> (cherry picked from commit 8359207) (cherry picked from commit a473d35)
ara<1.0.0 fails to install because it requires SQLAlchemy<1.3.0 which is not compatible with train upper constraints. Since this branch is not actively used we can remove it. Change-Id: Ieb9f8f197f588dd2a4191bff777d510258f5bd6d
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.