diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 4478e6fe5..106ef5373 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -253,7 +253,7 @@ jobs: if docker push $image; then echo "Pushed $image" break - elif $i == 5; then + elif [ $i -eq 5 ] ; then echo "Failed to push $image" echo $image >> image-build-logs/push-failed-images.txt else diff --git a/doc/source/contributor/environments/ci-multinode.rst b/doc/source/contributor/environments/ci-multinode.rst index f7ffdffc8..bc60d4365 100644 --- a/doc/source/contributor/environments/ci-multinode.rst +++ b/doc/source/contributor/environments/ci-multinode.rst @@ -2,65 +2,17 @@ Multinode Test Environment ========================== -.. warning:: - - This guide was written for the Yoga release and has not been validated for - Zed. Proceed with caution. - - - -Set up hosts -============ -1. Create four baremetal instances with a centos 8 stream LVM image, and a - Centos 8 stream vm -2. SSH into each baremetal and run ``sudo chown -R centos:.`` in the home - directory, then add the lines:: - - 10.0.0.34 pelican pelican.service.compute.sms-lab.cloud - 10.205.3.187 pulp-server pulp-server.internal.sms-cloud - - to ``/etc/hosts`` (if you're waiting on them starting up, you can progress - until ``kayobe overcloud host configure`` without this step) - -Basic Kayobe Setup -================== -1. SSH into the VM -2. ``sudo dnf install -y python3-virtualenv`` -3. ``mkdir src`` and ``cd src`` -4. Clone https://github.com/stackhpc/stackhpc-kayobe-config.git, then checkout - commit f31df6256f1b1fea99c84547d44f06c4cb74b161 -5. ``cd ..`` and ``mkdir venvs`` -6. ``virtualenv venvs/kayobe`` and source ``venvs/kayobe/bin/activate`` -7. ``pip install -U pip`` -8. ``pip install ./src/kayobe`` -9. Acquire the Ansible Vault password for this repository, and store a copy at - ``~/vault-pw`` -10. ``export KAYOBE_VAULT_PASSWORD=$(cat ~/vault-pw)`` - -Config changes -============== -1. In etc/kayobe/ansible/requirements.yml remove version from vxlan -2. In etc/kayobe/ansible/configure-vxlan.yml, change the group of - vxlan_interfaces so that the last octet is different e.g. 224.0.0.15 -3. Also under vxlan_interfaces, add vni:x where x is between 500 and 1000 -4. Also under vxlan_interfaces, check vxlan_dstport is not 4789 (this causes - conflicts, change to 4790) -5. In etc/kayobe/environments/ci-multinode/tf-networks.yml, edit admin_ips so - that the compute and controller IPs line up with the - instances that were created earlier, remove the other IPs for seed and - cephOSD -6. In etc/kayobe/environments/ci-multinode/network-allocation.yml, remove all - the entries and just assign ``aio_ips:`` an empty set ``[]`` -7. In etc/kayobe/environments/ci-multinode/inventory/hosts, remove the seed -8. run stackhpc-kayobe-config/etc/kayobe/ansible/growroot.yml (if this fails, - manually increase the partition size on each host) - -Final steps -=========== -1. ``source kayobe-env --environment ci-aio`` -2. Run ``kayobe overcloud host configure`` -3. Run ``kayobe overcloud service deploy`` - +The ``ci-multinode`` environment provides a Kayobe configuration for multi-node +clouds to be used for test and development purposes. It is designed to be used +in combination with the `terraform-kayobe-multinode +`__ repository. Follow +the instructions in terraform-kayobe-multinode to deploy a cluster using this +configuration. This documentation covers configuration of additional services +beyond the defaults. This includes: + +* Manila +* Magnum +* Wazuh Manila ====== diff --git a/doc/source/operations/rabbitmq.rst b/doc/source/operations/rabbitmq.rst index 12fd5a789..8556ff32e 100644 --- a/doc/source/operations/rabbitmq.rst +++ b/doc/source/operations/rabbitmq.rst @@ -73,7 +73,7 @@ If you are running Wallaby or Xena, synchronise the Pulp containers. .. code-block:: console - kayobe playbook run etc/kayobe/ansible/pulp-container-sync.yml etc/kayobe/ansible/pulp-container-publish.yml -e stackhpc_pulp_images_kolla_filter=rabbitmq + kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-container-sync.yml $KAYOBE_CONFIG_PATH/ansible/pulp-container-publish.yml -e stackhpc_pulp_images_kolla_filter=rabbitmq Ensure that Kolla Ansible is up to date. diff --git a/etc/kayobe/ansible/vault-generate-backend-tls.yml b/etc/kayobe/ansible/vault-generate-backend-tls.yml index fec20d157..1833a4f45 100644 --- a/etc/kayobe/ansible/vault-generate-backend-tls.yml +++ b/etc/kayobe/ansible/vault-generate-backend-tls.yml @@ -1,8 +1,8 @@ --- # Required for uri module to work with self-signed certificates and for systems to trust # the self-signed CA -- name: Install CA on controllers - hosts: controllers +- name: Install CA + hosts: controllers:network tasks: - name: Copy the intermediate CA copy: @@ -16,7 +16,7 @@ shell: "{{ 'update-ca-trust' if ansible_facts.os_family == 'RedHat' else 'update-ca-certificates' }}" - name: Generate backend API certificates - hosts: controllers + hosts: controllers:network vars: vault_api_addr: "https://{{ kolla_internal_fqdn }}:8200" vault_intermediate_ca_name: "OS-TLS-INT" diff --git a/etc/kayobe/environments/ci-multinode/kolla/config/barbican.conf b/etc/kayobe/environments/ci-multinode/kolla/config/barbican.conf index 165deb04a..62e7b86ac 100644 --- a/etc/kayobe/environments/ci-multinode/kolla/config/barbican.conf +++ b/etc/kayobe/environments/ci-multinode/kolla/config/barbican.conf @@ -7,7 +7,9 @@ enabled_secretstore_plugins=vault_plugin [vault_plugin] vault_url = https://{{ kolla_internal_vip_address }}:8200 use_ssl = True -ssl_ca_crt_file = {% raw %}{{ openstack_cacert }}{% endraw %} +{% raw %} +ssl_ca_crt_file = {{ openstack_cacert }} +{% endraw %} approle_role_id = {{ secrets_barbican_approle_role_id }} approle_secret_id = {{ secrets_barbican_approle_secret_id }} kv_mountpoint = barbican diff --git a/etc/kayobe/kolla/config/prometheus/ceph.rules b/etc/kayobe/kolla/config/prometheus/ceph.rules index 112013709..25eadcd8e 100644 --- a/etc/kayobe/kolla/config/prometheus/ceph.rules +++ b/etc/kayobe/kolla/config/prometheus/ceph.rules @@ -117,7 +117,7 @@ groups: requests. - alert: PgsUnclean - expr: ceph_pool_metadata * on(pool_id,instance) group_left() (ceph_pg_total - ceph_pg_clean) > 0 + expr: ceph_pool_metadata * on(pool_id,instance) group_left() (ceph_pg_total - ceph_pg_clean - ceph_pg_backfilling - ceph_pg_backfill_wait) > 0 for: 15m labels: severity: warning diff --git a/releasenotes/notes/backend-tls-network-aa7b09008a2e1914.yaml b/releasenotes/notes/backend-tls-network-aa7b09008a2e1914.yaml new file mode 100644 index 000000000..69cb215f9 --- /dev/null +++ b/releasenotes/notes/backend-tls-network-aa7b09008a2e1914.yaml @@ -0,0 +1,6 @@ +--- +issues: + - | + Generate backend TLS files for network hosts. This fixes backend TLS + configuration for deployments where some API services are running on + network hosts. diff --git a/releasenotes/notes/improve-ceph-pgs-unclean-alert-98306d397344b572.yaml b/releasenotes/notes/improve-ceph-pgs-unclean-alert-98306d397344b572.yaml new file mode 100644 index 000000000..cbf008554 --- /dev/null +++ b/releasenotes/notes/improve-ceph-pgs-unclean-alert-98306d397344b572.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Prevents raising a Ceph ``PgsUnclean`` alert because of backfilling which + can frequently happen because of normal rebalancing activities, such as use + of the Ceph balancer or OSD addition.