OpenDaylight support has been deprecated by Neutron team in 2023.2 [1]. We remove support from
our code to address that decision.
[1] 517df91c9e
Change-Id: Iaaf87b6d5400fe88c7edf86995ea9ba891866678
In an LXB environment, the neutron_ovn_controller group still
contains all of the compute nodes, which causes this task to
fail.
Change-Id: I7a63a79e8b9012c9f32b9316d9590ccd9e641c01
The OVS bridge creation logic for OVN deployments may fail
when the provider bridge has not been defined. This patch uses
logic that exists in the OVS deployment scenario to check the
length of neutron_provider_networks.network_mappings to ensure
a value has been set before attempting to create the bridge.
Change-Id: I34256e4ad22169ae6907a3c40270cb714cf33466
Accidentally condition was to check a group against `group_name`,
while this should be `group_names`. Right now in case of definition
neutron_vpnaas_custom_config role will fail with undefined variable.
Change-Id: Ia5b44729858dd9f742f1094f46e3cde1ceb70495
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I3905e334cfbeb7ccb976358016f81c5edd6cd284
This task runs immediately after one which may start the OVN
services and the unix socket files may not yet be present
when the command is run to configure the connection settings.
Introduce retires to the task to give time for the services to
start and the sockets to exist.
See https://paste.opendev.org/show/bPgVSIHyVPY5MwC373Zj/
Change-Id: I286169ca9ec493ef9ff1923249336cdc168619d0
This reverts commit 74b0884fc232aa96f601b4c24c3e36f3fba4f1bb.
Reason for revert: UCA and OVS SIG have updated package and marked corresponding bugs as resolved.
Change-Id: Idbb9f4ee84a075bfa6e7e63c8d5b81951ce0ae65
Right now we are not using any constraints for docs and releasenotes builds.
This has resulted in docs job failures once Sphinx 7.2.0 has been released.
The patch will ensure that constraints are used an we should not face
simmilar issue again.
TOX_CONSTRAINTS_FILE is updated by Release bot once new branch is created,
so it should always track relevant constraints.
Some extra syntax-related changes can apply, since patch is being passed
through ConfigParser, that does not preserve comments and align indenting.
Change-Id: I877b57ba117a820be7ca05d01037069295099f06
While <service>_galera_port is defined and used for db_setup
role, it's not in fact used in a connection string for oslo.db.
Change-Id: I74735ad2f127a4c62d4e5c4d24dd1af76e5b76a3
Allow configuration of `inactivity_probe` in Connection table in NB and
SB for new installations.
Issues, which successfully resolve by using this as a workaround:
1. https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg07431.html
2. https://bugs.launchpad.net/kolla-ansible/+bug/1917484
According to the OVN ML, specifically this part [1], there is no other
way to set `inactivity_probe` other than using Connection table. And the
only valid option for it would be `0.0.0.0`, so that it could be applied
to all connections.
`ovn-ctl` forces `ovsdb-server` to look for addresses to listen on in
Connection table with `db-nb-use-remote-in-db` and
`db-sb-use-remote-in-db` options which are enabled by default.
If `db-nb-create-insecure-remote` and `db-sb-create-insecure-remote` are
set to `yes` (when `neutron_ovn_ssl` is `False`), this would result in
flooding OVN logs with `Address already in use` errors.
So we will rely on default value `no` for them from now on and only
listen on and with whatever options are provided in Connection tables.
[1] https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg07476.html
Change-Id: If87cf7cfa1788d68c9a4013d7f4877692f2bb11c
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/875399
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/873618
Change-Id: I43840a397ea6da6c3187291a74591c2205e1dca1
We're dropping Ubuntu Focal support early in 2023.2 release,
so we need to switch all jobs to Jammy before this happens.
Change-Id: I677494ad02d58f891b376b44230ce9d137ca34a9
OVN packages are isntalled as a part of common package installation
as they're appended during neutron_package_list population. So
there should be no need in having another set of tasks that install
these packages.
Change-Id: I119dd30b6e11e9ba373367a1b65d56d723ef0b45
By overriding the variable `neutron_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the neutron backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I9f16f916d1ef3e5937c91f6b09a3d4073594ecb4
In UCA repo for Antelope OVS version to 3.1.0 is used that is affected
by the bug [1]. Until that is fixed, we're masking ovs-record-hostname
service.
[1] https://bugs.launchpad.net/cloud-archive/+bug/2017757
Change-Id: Iead62b464a68bbfcffb0e79a4db004760287e89b
When import is used ansible loads imported role or tasks which
results in plenty of skipped tasks which also consume time. With
includes ansible does not try to load play so time not wasted on
skipping things.
Change-Id: I50b99306a52f1a2379e55f390653b274afd5885f
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: I831f6d62f0d31384258571e01a4e7cdd75b73e2c
After RDO bumped OVS version to 3.1 from 2.17 CentOS/Rocky fails
tempest testing due to systemd unit calling adding hostname [1]
while ovs-vsctl add in 3.1 actually behaves exactly as `set` which
simply resets defined hostname on each service restart. To avoid that
we're adding `--no-record-hostname` flag that will prevent such
behaviour.
[1] https://github.com/openvswitch/ovs/blob/branch-3.1/utilities/ovs-ctl.in#L51
Change-Id: I8bee1850e3a120f7b76f586909e6d74361696e32
Related-Bug: #2013189
At the moment systemd-udev package is being resolved to
systemd-boot-unsigned due to CentOS packaging issue. Resolution to this
issue would be providing a full path to any of file that is not provided
but systemd-boot-unsigned but provided by systemd-udev
which does not have a really clean and good workaround.
So we're disabling CentOS LXC jobs for now and waiting for CentOS
waiting to fix this. There're bunch of bug reports and all systemd there
in quite a messy state overall.
Change-Id: I6e744d1e708df11204b3436c53ea6ed723683b18
Previously only /etc/neutron/neutron.conf was passed, this patch
uses the uwsgi pyargv option to pass multiple instances of
--config-file to the service.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/872195
Change-Id: Ifa1645a9585360e15142cac929e671e60e301bdc
Closes-Bug: 1987405
At the moment we're generating OVN certificates regardless of
the scenario which produces unnecesary changes.
Change-Id: Ie870aa656c467b21441a38cebf7c6a075342d50f
Since LXB was installed by default, we never had it described
explicitly as all other examples were reffering to it. Now when we've
switched to OVN as default driver, we should describe path for LXB
as well as make adjustments to reflect new defaults for neutron role.
Change-Id: I98011dbbe3a3c2f6992e1a150e5ec97642398fc0
Existing docs are missing mention of network-northd_hosts, which
is a required grouping for a successful OVN deployment. This patch
addresses that.
Change-Id: Ie532573cc04722d18915996c5148eecb180ee7ec
root user/group ownership of the neutron-ovn-metadata service caused
the neutron lock dir to be owned by root:root, which caused issues
with neutron-server's ability to write the OVN hash ring lock file
to /run/lock/neutron and prevented the creation of networks.
It appears neutron-ovn-metadata-agent needs access to the OVS DB
schema via unix:/var/run/openvswitch/db.sock, which is owned by root,
so a separate lock path has been created for the metadata agent to
workaround this.
FWIW, this issue manifested with upstream Neutron commit
536498a29a4e7662a4d0b1bb923e2521509ad77a.
Change-Id: Ib6d69bb2ce340b50140216e2abf236a1da93e46b
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I533256a64b09248d3bacdb69c30b411928940182
With [1] we merged not installing neutron venv and packages
when it's not required, for example on ovn_northd. At the same
time we still try to provision config files that are not needed there.
Moreover, role is failing as smart_sources bits are relying on neutron venv
existance.
[1] https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/863546
Change-Id: I59050f09577df790119e552e39cd38463755b36f
This patch aims for the following:
- Update docs for OVN to expand on supported scenarios
- Split out the OVN gateway chassis from the OVN controller group.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/862924
Change-Id: I14859a19f386676fd687ea601f2d31298cf35e84
