From 3f0402e68802692c5083b665f2f6bab1bab98fb8 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Tue, 10 Dec 2024 14:39:20 +0100 Subject: [PATCH 1/6] Fix ironic-inspector blackbox backend endpoint The ironic-inspector service does not support backend TLS. --- .../kolla/inventory/group_vars/prometheus-blackbox-exporter | 2 +- .../ironic-inspector-blackbox-backend-ff1bd68297435a36.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/ironic-inspector-blackbox-backend-ff1bd68297435a36.yaml diff --git a/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter b/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter index 6683d9c56..5cb4de99e 100644 --- a/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter +++ b/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter @@ -167,7 +167,7 @@ prometheus_blackbox_exporter_endpoints_default: enabled: "{{ enable_placement | bool }}" - endpoints: "{% set ironic_endpoints = [] %}{% for host in groups.get('ironic-api', []) %}{{ ironic_endpoints.append('ironic_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['ironic_api_port']) }}{% endfor %}{{ ironic_endpoints }}" enabled: "{{ enable_ironic | bool }}" - - endpoints: "{% set ironic_inspector_endpoints = [] %}{% for host in groups.get('ironic-inspector', []) %}{{ ironic_inspector_endpoints.append('ironic_inspector_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['ironic_inspector_port']) }}{% endfor %}{{ ironic_inspector_endpoints }}" + - endpoints: "{% set ironic_inspector_endpoints = [] %}{% for host in groups.get('ironic-inspector', []) %}{{ ironic_inspector_endpoints.append('ironic_inspector_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['ironic_inspector_port']) }}{% endfor %}{{ ironic_inspector_endpoints }}" enabled: "{{ enable_ironic | bool }}" - endpoints: "{% set swift_endpoints = [] %}{% for host in groups.get('swift-api', []) %}{{ swift_endpoints.append('swift_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['swift_api_port']) }}{% endfor %}{{ swift_endpoints }}" enabled: "{{ enable_swift | bool }}" diff --git a/releasenotes/notes/ironic-inspector-blackbox-backend-ff1bd68297435a36.yaml b/releasenotes/notes/ironic-inspector-blackbox-backend-ff1bd68297435a36.yaml new file mode 100644 index 000000000..bc23a3e60 --- /dev/null +++ b/releasenotes/notes/ironic-inspector-blackbox-backend-ff1bd68297435a36.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes the Prometheus Blackbox Exporter backend endpoint for + ironic-inspector, as this service does not support backend TLS. From acf832b2cdbac17186ca5993caf0540b270c6794 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Tue, 10 Dec 2024 15:32:10 +0100 Subject: [PATCH 2/6] docs: Synchronise TEMPEST_CONCURRENCY with reality --- doc/source/operations/tempest.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/operations/tempest.rst b/doc/source/operations/tempest.rst index 922f309d3..1f6dd43cd 100644 --- a/doc/source/operations/tempest.rst +++ b/doc/source/operations/tempest.rst @@ -132,7 +132,7 @@ The most common variables to override are: - ``TEMPEST_CONCURRENCY`` - The maximum number of tests to run in parallel at one time. Higher values are faster but increase the risk of timeouts. 1-2 is safest in CI/Tenks/Multinode/AIO etc. 8-32 is typical in production. Default - value is 2. + value is 16. - ``KAYOBE_AUTOMATION_TEMPEST_LOADLIST``: the filename of a load list in the ``load-lists`` directory. Default value is ``default`` (symlink to refstack). - ``KAYOBE_AUTOMATION_TEMPEST_SKIPLIST``: the filename of a load list in the From 3d049fcb77200f5f9c99832b5ac1bbb86372e93b Mon Sep 17 00:00:00 2001 From: Piotr Parczewski Date: Fri, 6 Dec 2024 11:00:58 +0100 Subject: [PATCH 3/6] Update Let's Encrypt images --- etc/kayobe/kolla-image-tags.yml | 3 +++ .../notes/add-letsencrypt-eab-support-807bdc4078d3114d.yaml | 4 ++++ 2 files changed, 7 insertions(+) create mode 100644 releasenotes/notes/add-letsencrypt-eab-support-807bdc4078d3114d.yaml diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index 97e965e0e..4f23304aa 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -42,3 +42,6 @@ kolla_image_tags: ironic_neutron_agent: rocky-9: 2024.1-rocky-9-20241023T143407 ubuntu-jammy: 2024.1-ubuntu-jammy-20241023T143407 + letsencrypt: + rocky-9: 2024.1-rocky-9-20241206T090120 + ubuntu-jammy: 2024.1-ubuntu-jammy-20241206T090120 diff --git a/releasenotes/notes/add-letsencrypt-eab-support-807bdc4078d3114d.yaml b/releasenotes/notes/add-letsencrypt-eab-support-807bdc4078d3114d.yaml new file mode 100644 index 000000000..ff0ec922b --- /dev/null +++ b/releasenotes/notes/add-letsencrypt-eab-support-807bdc4078d3114d.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Adds support for Let's Encrypt external account binding (EAB). From 6e37530fe34f8e5af95a5aea308087eb5ddbbc9e Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Tue, 10 Dec 2024 16:50:48 +0000 Subject: [PATCH 4/6] Add cherry-pick-bot.yml --- .github/cherry-pick-bot.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .github/cherry-pick-bot.yml diff --git a/.github/cherry-pick-bot.yml b/.github/cherry-pick-bot.yml new file mode 100644 index 000000000..0b570eccc --- /dev/null +++ b/.github/cherry-pick-bot.yml @@ -0,0 +1,2 @@ +--- +enabled: true From 3aa0fb82031fd6f138118b696744fb560123b677 Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Tue, 10 Dec 2024 17:03:38 +0000 Subject: [PATCH 5/6] Enable preservePullRequestTitle for cherry bot --- .github/cherry-pick-bot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/cherry-pick-bot.yml b/.github/cherry-pick-bot.yml index 0b570eccc..4e1570437 100644 --- a/.github/cherry-pick-bot.yml +++ b/.github/cherry-pick-bot.yml @@ -1,2 +1,3 @@ --- enabled: true +preservePullRequestTitle: true From 65baf666b12ae6e1acecc6248805e576b65e6b23 Mon Sep 17 00:00:00 2001 From: Matt Crees Date: Thu, 12 Dec 2024 15:55:18 +0000 Subject: [PATCH 6/6] Document Heat removal in 2024.1 OpenStack upgrade --- doc/source/operations/upgrading-openstack.rst | 39 ++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/doc/source/operations/upgrading-openstack.rst b/doc/source/operations/upgrading-openstack.rst index 9923f3cc2..1c4324474 100644 --- a/doc/source/operations/upgrading-openstack.rst +++ b/doc/source/operations/upgrading-openstack.rst @@ -52,7 +52,44 @@ driver. Instructions for enabling the driver can be found `here <../configuration/magnum-capi.rst>`_. Enable the driver, recreate any clusters using Heat, and disable the service. -TODO: guide for disabling Heat +After the upgrade (so that alerts don't fire) you can remove Heat with the +following: + +.. code-block:: console + + kayobe overcloud host command run --command "rm /etc/kolla/haproxy/services.d/heat-api.cfg" -l network -b + kayobe overcloud host command run --command "rm /etc/kolla/haproxy/services.d/heat-api-cfn.cfg" -l network -b + + kayobe overcloud host command run --command "systemctl restart kolla-haproxy-container.service" -l network[0] -b + kayobe overcloud host command run --command "systemctl restart kolla-haproxy-container.service" -l network[1] -b + kayobe overcloud host command run --command "systemctl restart kolla-haproxy-container.service" -l network[2] -b + + kayobe overcloud host command run --command "systemctl stop kolla-heat_api-container.service kolla-heat_api_cfn-container.service kolla-heat_engine-container.service" -l controllers -b + kayobe overcloud host command run --command "systemctl disable kolla-heat_api-container.service kolla-heat_api_cfn-container.service kolla-heat_engine-container.service" -l controllers -b + kayobe overcloud host command run --command "rm /etc/systemd/system/kolla-heat_api-container.service" -l controllers -b + kayobe overcloud host command run --command "rm /etc/systemd/system/kolla-heat_api_cfn-container.service" -l controllers -b + kayobe overcloud host command run --command "rm /etc/systemd/system/kolla-heat_engine-container.service" -l controllers -b + + kayobe overcloud host command run --command "docker rm heat_api heat_api_cfn heat_engine" -l controllers + + kayobe overcloud host command run --command "rm -rf /etc/kolla/heat-api /etc/kolla/heat-api-cfn /etc/kolla/heat-engine" --limit controllers -b + +Then from the OpenStack CLI: + +.. code-block:: console + + openstack service delete heat + openstack user delete heat + openstack domain set --disable heat_user_domain + openstack domain delete heat_user_domain + +You can drop the ``heat`` database too, unless you want to keep historical content. + +.. code-block:: console + + docker exec -it mariadb mysql -u root -p + Enter the database password when prompted. + drop database heat; Designate sink disabled by default ----------------------------------