diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index 0e98113f7..83e6d793b 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -214,22 +214,12 @@ jobs: - name: Write Terraform network config run: | cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/tf-networks.yml - - admin_oc_net_name: admin - admin_cidr: "{{ access_cidr.value }}" - admin_allocation_pool_start: 0.0.0.0 - admin_allocation_pool_end: 0.0.0.0 - admin_gateway: "{{ access_gw.value }}" - admin_bootproto: dhcp - admin_ips: + admin_oc_net_name: ethernet + ethernet_cidr: "{{ access_cidr.value }}" + ethernet_allocation_pool_start: 0.0.0.0 + ethernet_allocation_pool_end: 0.0.0.0 + ethernet_ips: controller0: "{{ access_ip_v4.value }}" - admin_zone: admin - EOF - - - name: Write Terraform network interface config - run: | - cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/inventory/group_vars/controllers/tf-network-interfaces - admin_interface: "{{ access_interface.value }}" EOF - name: Write all-in-one scenario config diff --git a/etc/kayobe/environments/ci-aio/automated-setup.sh b/etc/kayobe/environments/ci-aio/automated-setup.sh index 84e738247..cbb1e814f 100644 --- a/etc/kayobe/environments/ci-aio/automated-setup.sh +++ b/etc/kayobe/environments/ci-aio/automated-setup.sh @@ -76,10 +76,6 @@ fi sudo ip l set dummy1 up sudo ip l set dummy1 master breth1 -if type apt; then - sudo cp /run/systemd/network/* /etc/systemd/network -fi - export KAYOBE_VAULT_PASSWORD=$(cat $BASE_PATH/vault-pw) pushd $BASE_PATH/src/kayobe-config source kayobe-env --environment ci-aio diff --git a/etc/kayobe/environments/ci-aio/controllers.yml b/etc/kayobe/environments/ci-aio/controllers.yml index 8972187df..12fe3afcb 100644 --- a/etc/kayobe/environments/ci-aio/controllers.yml +++ b/etc/kayobe/environments/ci-aio/controllers.yml @@ -6,6 +6,9 @@ # to setup the Kayobe user account. Default is {{ os_distribution }}. controller_bootstrap_user: "{{ os_distribution if os_distribution == 'ubuntu' else 'cloud-user' }}" +controller_extra_network_interfaces: + - ethernet + # Controller lvm configuration. See intentory/group_vars/controllers/lvm.yml # for the exact configuration. controller_lvm_groups: diff --git a/etc/kayobe/environments/ci-aio/inventory/group_vars/controllers/network-interfaces b/etc/kayobe/environments/ci-aio/inventory/group_vars/controllers/network-interfaces index 2f8d30103..85f318f42 100644 --- a/etc/kayobe/environments/ci-aio/inventory/group_vars/controllers/network-interfaces +++ b/etc/kayobe/environments/ci-aio/inventory/group_vars/controllers/network-interfaces @@ -2,6 +2,11 @@ ############################################################################### # Network interface definitions for the controller group. +# Ethernet interface is the `primary` or `physical` interface associated +# with the instance that the AIO deployment runs inside of. It is the interface used +# to reach the instance. +ethernet_interface: "{{ ansible_facts['default_ipv4']['interface'] }}" + # Controller interface on all-in-one network. aio_interface: breth1 # Use dummy1 if it exists, otherwise the bridge will have no ports. diff --git a/etc/kayobe/environments/ci-aio/networks.yml b/etc/kayobe/environments/ci-aio/networks.yml index e3cc4d43d..4bf4e96cd 100644 --- a/etc/kayobe/environments/ci-aio/networks.yml +++ b/etc/kayobe/environments/ci-aio/networks.yml @@ -80,6 +80,12 @@ cleaning_net_name: aio ############################################################################### # Network definitions. +# This network is required to be defined within `ci-aio` environment to ensure that +# the network interface files are created appropriately and to provide easy inclusion +# within the firewall configuration. +ethernet_bootproto: dhcp +ethernet_zone: trusted + # All-in-one network. aio_cidr: 192.168.33.0/24 aio_allocation_pool_start: 192.168.33.3 diff --git a/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter b/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter index cc4990334..6683d9c56 100644 --- a/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter +++ b/etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter @@ -132,6 +132,45 @@ prometheus_blackbox_exporter_endpoints_default: enabled: "{{ enable_rabbitmq | bool }}" - endpoints: "{% set redis_endpoints = [] %}{% for host in groups.get('redis', []) %}{{ redis_endpoints.append('redis_' + host.replace('-', '') + ':tcp_connect:' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['redis_port']) }}{% endfor %}{{ redis_endpoints }}" enabled: "{{ enable_redis | bool }}" + # Backend endpoints + - endpoints: "{% set barbican_endpoints = [] %}{% for host in groups.get('barbican-api', []) %}{{ barbican_endpoints.append('barbican_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['barbican_api_port']) }}{% endfor %}{{ barbican_endpoints }}" + enabled: "{{ enable_barbican | bool }}" + - endpoints: "{% set blazar_endpoints = [] %}{% for host in groups.get('blazar-api', []) %}{{ blazar_endpoints.append('blazar_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['blazar_api_port']) }}{% endfor %}{{ blazar_endpoints }}" + enabled: "{{ enable_blazar | bool }}" + - endpoints: "{% set cinder_endpoints = [] %}{% for host in groups.get('cinder-api', []) %}{{ cinder_endpoints.append('cinder_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['cinder_api_port']) }}{% endfor %}{{ cinder_endpoints }}" + enabled: "{{ enable_cinder | bool }}" + - endpoints: "{% set designate_endpoints = [] %}{% for host in groups.get('designate-api', []) %}{{ designate_endpoints.append('designate_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['designate_api_port']) }}{% endfor %}{{ designate_endpoints }}" + enabled: "{{ enable_designate | bool }}" + - endpoints: "{% set glance_endpoints = [] %}{% for host in groups.get('glance-api', []) %}{{ glance_endpoints.append('glance_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if glance_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['glance_api_port']) }}{% endfor %}{{ glance_endpoints }}" + enabled: "{{ enable_glance | bool }}" + - endpoints: "{% set gnocchi_endpoints = [] %}{% for host in groups.get('gnocchi-api', []) %}{{ gnocchi_endpoints.append('gnocchi_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['gnocchi_api_port']) }}{% endfor %}{{ gnocchi_endpoints }}" + enabled: "{{ enable_gnocchi | bool }}" + - endpoints: "{% set heat_endpoints = [] %}{% for host in groups.get('heat-api', []) %}{{ heat_endpoints.append('heat_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['heat_api_port']) }}{% endfor %}{{ heat_endpoints }}" + enabled: "{{ enable_heat | bool }}" + - endpoints: "{% set heat_cfn_endpoints = [] %}{% for host in groups.get('heat-api-cfn', []) %}{{ heat_cfn_endpoints.append('heat_cfn_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['heat_api_cfn_port']) }}{% endfor %}{{ heat_cfn_endpoints }}" + enabled: "{{ enable_heat | bool }}" + - endpoints: "{% set horizon_endpoints = [] %}{% for host in groups.get('horizon', []) %}{{ horizon_endpoints.append('horizon_backend_' + host.replace('-', '') + ':http_2xx:' + ('https' if horizon_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['horizon_listen_port']) }}{% endfor %}{{ horizon_endpoints }}" + enabled: "{{ enable_horizon | bool }}" + - endpoints: "{% set keystone_endpoints = [] %}{% for host in groups.get('keystone-api', []) %}{{ keystone_endpoints.append('keystone_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['keystone_internal_port']) }}{% endfor %}{{ keystone_endpoints }}" + enabled: "{{ enable_keystone | bool }}" + - endpoints: "{% set magnum_endpoints = [] %}{% for host in groups.get('magnum-api', []) %}{{ magnum_endpoints.append('magnum_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['magnum_api_port']) }}{% endfor %}{{ magnum_endpoints }}" + enabled: "{{ enable_magnum | bool }}" + - endpoints: "{% set manila_endpoints = [] %}{% for host in groups.get('manila-api', []) %}{{ manila_endpoints.append('manila_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['manila_api_port']) }}{% endfor %}{{ manila_endpoints }}" + enabled: "{{ enable_manila | bool }}" + - endpoints: "{% set neutron_endpoints = [] %}{% for host in groups.get('neutron-server', []) %}{{ neutron_endpoints.append('neutron_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if neutron_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['neutron_server_port']) }}{% endfor %}{{ neutron_endpoints }}" + enabled: "{{ enable_neutron | bool }}" + - endpoints: "{% set nova_endpoints = [] %}{% for host in groups.get('nova-api', []) %}{{ nova_endpoints.append('nova_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['nova_api_port']) }}{% endfor %}{{ nova_endpoints }}" + enabled: "{{ enable_nova | bool }}" + - endpoints: "{% set octavia_endpoints = [] %}{% for host in groups.get('octavia-api', []) %}{{ octavia_endpoints.append('octavia_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['octavia_api_port']) }}{% endfor %}{{ octavia_endpoints }}" + enabled: "{{ enable_octavia | bool }}" + - endpoints: "{% set placement_endpoints = [] %}{% for host in groups.get('placement-api', []) %}{{ placement_endpoints.append('placement_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['placement_api_port']) }}{% endfor %}{{ placement_endpoints }}" + enabled: "{{ enable_placement | bool }}" + - endpoints: "{% set ironic_endpoints = [] %}{% for host in groups.get('ironic-api', []) %}{{ ironic_endpoints.append('ironic_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['ironic_api_port']) }}{% endfor %}{{ ironic_endpoints }}" + enabled: "{{ enable_ironic | bool }}" + - endpoints: "{% set ironic_inspector_endpoints = [] %}{% for host in groups.get('ironic-inspector', []) %}{{ ironic_inspector_endpoints.append('ironic_inspector_backend_' + host.replace('-', '') + ':os_endpoint:' + ('https' if kolla_enable_tls_backend | bool else 'http') + '://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['ironic_inspector_port']) }}{% endfor %}{{ ironic_inspector_endpoints }}" + enabled: "{{ enable_ironic | bool }}" + - endpoints: "{% set swift_endpoints = [] %}{% for host in groups.get('swift-api', []) %}{{ swift_endpoints.append('swift_backend_' + host.replace('-', '') + ':os_endpoint:' + 'http://' + ('api' | kolla_address(host) | put_address_in_context('url')) + ':' + hostvars[host]['swift_api_port']) }}{% endfor %}{{ swift_endpoints }}" + enabled: "{{ enable_swift | bool }}" # Ensure service endpoints are defined blazar_internal_base_endpoint: "{{ blazar_internal_fqdn | kolla_url(internal_protocol, blazar_api_port) }}" diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index e8f88104c..57966370d 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -40,6 +40,6 @@ stackhpc_pulp_repo_rocky_9_4_extras_version: 20240816T002610 stackhpc_pulp_repo_rocky_9_4_highavailability_version: 20240816T002610 stackhpc_pulp_repo_rocky_9_sig_security_common_version: 20240718T001130 stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20240911T041957 -stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240911T063424 -stackhpc_pulp_repo_ubuntu_jammy_version: 20240911T063424 +stackhpc_pulp_repo_ubuntu_jammy_security_version: 20240924T064114 +stackhpc_pulp_repo_ubuntu_jammy_version: 20240924T064114 stackhpc_pulp_repo_ceph_reef_debian_version: 20240925T152022 diff --git a/releasenotes/notes/blackbox-backend-4415919e10a1aa4e.yaml b/releasenotes/notes/blackbox-backend-4415919e10a1aa4e.yaml new file mode 100644 index 000000000..a16b40622 --- /dev/null +++ b/releasenotes/notes/blackbox-backend-4415919e10a1aa4e.yaml @@ -0,0 +1,14 @@ +--- +features: + - | + Added Blackbox monitoring for backend endpoints by default. Note that this + configuration will only work if the Blackbox exporters have access to the + backend endpoints. +issues: + - | + Backend Blackbox monitoring will not work if the exporter does not have + access to the backend OpenStack endpoints. This usually happens when + separate monitoring nodes are deployed. In this case, move the Blackbox + exporter to the Haproxy group, remove the endpoints from + `etc/kayobe/kolla/inventory/group_vars/prometheus-blackbox-exporter`, or + silence the alerts permanently.