Merge branch 'stackhpc/2024.1' into 2024.1-ansible-lint-alex

.github/workflows/stackhpc-all-in-one.yml

@@ -214,22 +214,12 @@ jobs:
       - name: Write Terraform network config
         run: |
           cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/tf-networks.yml
-
-          admin_oc_net_name: admin
-          admin_cidr: "{{ access_cidr.value }}"
-          admin_allocation_pool_start: 0.0.0.0
-          admin_allocation_pool_end: 0.0.0.0
-          admin_gateway: "{{ access_gw.value }}"
-          admin_bootproto: dhcp
-          admin_ips:
+          admin_oc_net_name: ethernet
+          ethernet_cidr: "{{ access_cidr.value }}"
+          ethernet_allocation_pool_start: 0.0.0.0
+          ethernet_allocation_pool_end: 0.0.0.0
+          ethernet_ips:
             controller0: "{{ access_ip_v4.value }}"
-          admin_zone: admin
-          EOF
-
-      - name: Write Terraform network interface config
-        run: |
-          cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/inventory/group_vars/controllers/tf-network-interfaces
-          admin_interface: "{{ access_interface.value }}"
           EOF
 
       - name: Write all-in-one scenario config

etc/kayobe/environments/ci-aio/automated-setup.sh

@@ -76,10 +76,6 @@ fi
 sudo ip l set dummy1 up
 sudo ip l set dummy1 master breth1
 
-if type apt; then
-    sudo cp /run/systemd/network/* /etc/systemd/network
-fi
-
 export KAYOBE_VAULT_PASSWORD=$(cat $BASE_PATH/vault-pw)
 pushd $BASE_PATH/src/kayobe-config
 source kayobe-env --environment ci-aio

etc/kayobe/environments/ci-aio/controllers.yml

@@ -6,6 +6,9 @@
 # to setup the Kayobe user account. Default is {{ os_distribution }}.
 controller_bootstrap_user: "{{ os_distribution if os_distribution == 'ubuntu' else 'cloud-user' }}"
 
+controller_extra_network_interfaces:
+  - ethernet
+
 # Controller lvm configuration. See intentory/group_vars/controllers/lvm.yml
 # for the exact configuration.
 controller_lvm_groups:

etc/kayobe/environments/ci-aio/inventory/group_vars/controllers/network-interfaces

@@ -2,6 +2,11 @@
 ###############################################################################
 # Network interface definitions for the controller group.
 
+# Ethernet interface is the `primary` or `physical` interface associated
+# with the instance that the AIO deployment runs inside of. It is the interface used
+# to reach the instance.
+ethernet_interface: "{{ ansible_facts['default_ipv4']['interface'] }}"
+
 # Controller interface on all-in-one network.
 aio_interface: breth1
 # Use dummy1 if it exists, otherwise the bridge will have no ports.

etc/kayobe/environments/ci-aio/networks.yml

@@ -80,6 +80,12 @@ cleaning_net_name: aio
 ###############################################################################
 # Network definitions.
 
+# This network is required to be defined within `ci-aio` environment to ensure that
+# the network interface files are created appropriately and to provide easy inclusion
+# within the firewall configuration.
+ethernet_bootproto: dhcp
+ethernet_zone: trusted
+
 # All-in-one network.
 aio_cidr: 192.168.33.0/24
 aio_allocation_pool_start: 192.168.33.3

etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter

@@ -132,6 +132,45 @@ prometheus_blackbox_exporter_endpoints_default:
     enabled: "{{ enable_rabbitmq | bool }}"
   - endpoints: "{% set redis_endpoints = [] %}{% for host in groups.get('redis', []) %}{{ redis_endpoints.append('redis_' + host.replace('-', '') + ':tcp_connect:' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['redis_port']) }}{% endfor %}{{ redis_endpoints }}"
     enabled: "{{ enable_redis | bool }}"
+  # Backend endpoints
+  - endpoints: "{% set barbican_endpoints = [] %}{% for host in groups.get('barbican-api', []) %}{{ barbican_endpoints.append('barbican_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['barbican_api_port']) }}{% endfor %}{{ barbican_endpoints }}"
+    enabled: "{{ enable_barbican | bool }}"
+  - endpoints: "{% set blazar_endpoints = [] %}{% for host in groups.get('blazar-api', []) %}{{ blazar_endpoints.append('blazar_backend_' + host.replace('-', '') + ':os_endpoint:' +  'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['blazar_api_port']) }}{% endfor %}{{ blazar_endpoints }}"
+    enabled: "{{ enable_blazar | bool }}"
+  - endpoints: "{% set cinder_endpoints = [] %}{% for host in groups.get('cinder-api', []) %}{{ cinder_endpoints.append('cinder_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['cinder_api_port']) }}{% endfor %}{{ cinder_endpoints }}"
+    enabled: "{{ enable_cinder | bool }}"
+  - endpoints: "{% set designate_endpoints = [] %}{% for host in groups.get('designate-api', []) %}{{ designate_endpoints.append('designate_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['designate_api_port']) }}{% endfor %}{{ designate_endpoints }}"
+    enabled: "{{ enable_designate | bool }}"
+  - endpoints: "{% set glance_endpoints = [] %}{% for host in groups.get('glance-api', []) %}{{ glance_endpoints.append('glance_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if glance_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['glance_api_port']) }}{% endfor %}{{ glance_endpoints }}"
+    enabled: "{{ enable_glance | bool }}"
+  - endpoints: "{% set gnocchi_endpoints = [] %}{% for host in groups.get('gnocchi-api', []) %}{{ gnocchi_endpoints.append('gnocchi_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['gnocchi_api_port']) }}{% endfor %}{{ gnocchi_endpoints }}"
+    enabled: "{{ enable_gnocchi | bool }}"
+  - endpoints: "{% set heat_endpoints = [] %}{% for host in groups.get('heat-api', []) %}{{ heat_endpoints.append('heat_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['heat_api_port']) }}{% endfor %}{{ heat_endpoints }}"
+    enabled: "{{ enable_heat | bool }}"
+  - endpoints: "{% set heat_cfn_endpoints = [] %}{% for host in groups.get('heat-api-cfn', []) %}{{ heat_cfn_endpoints.append('heat_cfn_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['heat_api_cfn_port']) }}{% endfor %}{{ heat_cfn_endpoints }}"
+    enabled: "{{ enable_heat | bool }}"
+  - endpoints: "{% set horizon_endpoints = [] %}{% for host in groups.get('horizon', []) %}{{ horizon_endpoints.append('horizon_backend_' + host.replace('-', '') + ':http_2xx:' + ('https' if horizon_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['horizon_listen_port']) }}{% endfor %}{{ horizon_endpoints }}"
+    enabled: "{{ enable_horizon | bool }}"
+  - endpoints: "{% set keystone_endpoints = [] %}{% for host in groups.get('keystone-api', []) %}{{ keystone_endpoints.append('keystone_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['keystone_internal_port']) }}{% endfor %}{{ keystone_endpoints }}"
+    enabled: "{{ enable_keystone | bool }}"
+  - endpoints: "{% set magnum_endpoints = [] %}{% for host in groups.get('magnum-api', []) %}{{ magnum_endpoints.append('magnum_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['magnum_api_port']) }}{% endfor %}{{ magnum_endpoints }}"
+    enabled: "{{ enable_magnum | bool }}"
+  - endpoints: "{% set manila_endpoints = [] %}{% for host in groups.get('manila-api', []) %}{{ manila_endpoints.append('manila_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['manila_api_port']) }}{% endfor %}{{ manila_endpoints }}"
+    enabled: "{{ enable_manila | bool }}"
+  - endpoints: "{% set neutron_endpoints = [] %}{% for host in groups.get('neutron-server', []) %}{{ neutron_endpoints.append('neutron_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if neutron_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['neutron_server_port']) }}{% endfor %}{{ neutron_endpoints }}"
+    enabled: "{{ enable_neutron | bool }}"
+  - endpoints: "{% set nova_endpoints = [] %}{% for host in groups.get('nova-api', []) %}{{ nova_endpoints.append('nova_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['nova_api_port']) }}{% endfor %}{{ nova_endpoints }}"
+    enabled: "{{ enable_nova | bool }}"
+  - endpoints: "{% set octavia_endpoints = [] %}{% for host in groups.get('octavia-api', []) %}{{ octavia_endpoints.append('octavia_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['octavia_api_port']) }}{% endfor %}{{ octavia_endpoints }}"
+    enabled: "{{ enable_octavia | bool }}"
+  - endpoints: "{% set placement_endpoints = [] %}{% for host in groups.get('placement-api', []) %}{{ placement_endpoints.append('placement_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['placement_api_port']) }}{% endfor %}{{ placement_endpoints }}"
+    enabled: "{{ enable_placement | bool }}"
+  - endpoints: "{% set ironic_endpoints = [] %}{% for host in groups.get('ironic-api', []) %}{{ ironic_endpoints.append('ironic_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['ironic_api_port']) }}{% endfor %}{{ ironic_endpoints }}"
+    enabled: "{{ enable_ironic | bool }}"
+  - endpoints: "{% set ironic_inspector_endpoints = [] %}{% for host in groups.get('ironic-inspector', []) %}{{ ironic_inspector_endpoints.append('ironic_inspector_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['ironic_inspector_port']) }}{% endfor %}{{ ironic_inspector_endpoints }}"
+    enabled: "{{ enable_ironic | bool }}"
+  - endpoints: "{% set swift_endpoints = [] %}{% for host in groups.get('swift-api', []) %}{{ swift_endpoints.append('swift_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['swift_api_port']) }}{% endfor %}{{ swift_endpoints }}"
+    enabled: "{{ enable_swift | bool }}"
 
 # Ensure service endpoints are defined
 blazar_internal_base_endpoint: "{{ blazar_internal_fqdn | kolla_url(internal_protocol, blazar_api_port) }}"

etc/kayobe/pulp-repo-versions.yml

@@ -40,6 +40,6 @@ stackhpc_pulp_repo_rocky_9_4_extras_version: 20240816T002610
 stackhpc_pulp_repo_rocky_9_4_highavailability_version: 20240816T002610
 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20240718T001130
 stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20240911T041957
-stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240911T063424
-stackhpc_pulp_repo_ubuntu_jammy_version: 20240911T063424
+stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240924T064114
+stackhpc_pulp_repo_ubuntu_jammy_version: 20240924T064114
 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022

releasenotes/notes/blackbox-backend-4415919e10a1aa4e.yaml

@@ -0,0 +1,14 @@
+---
+features:
+  - |
+    Added Blackbox monitoring for backend endpoints by default. Note that this
+    configuration will only work if the Blackbox exporters have access to the
+    backend endpoints.
+issues:
+  - |
+    Backend Blackbox monitoring will not work if the exporter does not have
+    access to the backend OpenStack endpoints. This usually happens when
+    separate monitoring nodes are deployed. In this case, move the Blackbox
+    exporter to the Haproxy group, remove the endpoints from
+    `etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter`, or
+    silence the alerts permanently.