openstack/openstack-ansible-os_nova - openstack-ansible-os_nova - OpenDev: Free Software Needs Free Tools

In order to reflect upstream nova variable change [1] we rename
nova_enabled_vgpu_types to nova_enabled_mdev_types.
[1] https://docs.openstack.org/nova/latest/configuration/config.html#devices.enabled_mdev_types
Change-Id: I7fcc6f6fbfd8e6e358036e72a82348b9cefe74ef

This always existed as a default value but was only used for service
setup, never in the runtime db connection url. Update the URL and
database connection template to include the port.
Change-Id: Ie404c117146c6bbd7eea79300f7c85515fa4e27d

Change-Id: Ibe24bf754bd56d6e518b93f05f47d163454e169d

Bunch of variables that were related to nova consoles were missused or
unneded at all.
Here we deprecate and remove them, along with
fixing behaviour to disable spice agent functionality.
Change-Id: I28f6d733db689eab879ae5939d1236e7c0d5f521
Closes-Bug: #1923184 

It still makes sense to carry a variable for defining dns_domain
since deployers will be able to control them with single variable
for all services.
Closes-Bug: #1922703
Change-Id: I2be47100ce701e71dda2fe4e8ca58a7b6cad529c

When Nova and/or Cinder are using Ceph as backend, qemu will need
to open a connection and two threads for each and every Ceph OSD.
Since all connections occur in the same qemu process, this may result
in hitting default max open files limit.
Thus in case of more then 10 volumes are attached
to the same instance and are used actively can end up in blocked
IO operations inside VMs.
We increase these limits by default when RBD backend is used.
Change-Id: Ib3081280cdbae1eb2235083c95c27e2efd0b413e

All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I4a68549bf85fd322ea344139869916aae3275377

Currently, the list of supported vGPUs is populated automatically
within the Nova playbook when the /sys/class/mdev_bus folder is
present. This will populate the `enabled_vgpu_types` variable with
the full list of vGPUs that are supported by default, with only
the first one listed being used.
This change provides the ability to define a new variable
`nova_enabled_vgpu_types` that will populate the enabled_vgpu_types
config option. It also adds the ability to map vgpu types to PCI
addresses in line with Ussuri updates to provide multi-vGPU support.
Change-Id: Icc0c2cd896d4c9a01601d4d733f38443ad8400d4

See https://github.com/ansible/ansible/issues/73654
Change-Id: I3cf2a30e0929835a84f0502bc4e87522b688b538

nova_libvirt_images_rbd_pool is a string, so applying bool filter always
results to false, which ends up in incorrect behaviour and nova does
not use ceph storage for ephemeral drives.
Change-Id: I66decd266655680172c3e272df61313bde652479
Closes-Bug: #1914272 

Warning message is:
Option "image_cache_manager_interval" from group "DEFAULT" is
deprecated. Use option "manager_interval" from group "image_cache".
Change-Id: Ieabd209733ea640d0776f7d2ee96efe3f3c49ec4

This patch corrects a templating issue with nova.conf related to
a newline and conditional.
Change-Id: I81f03573c4fe9b7a4b112cdd9e89b0c601481c49

This patch changes the listener address for spicehtml5proxy from 0.0.0.0
(default) to the nova_management_address to avoid "Address already in use"
errors.
Change-Id: I952998f3c6dd7db218b572c057149352c41c1d65

While we don't test all these virt types, see no reason in explicitly
limiting list of them, considering that they are supported by nova and
libvirt itself [1]
[1] https://docs.openstack.org/nova/latest/configuration/config.html#libvirt.virt_type
Change-Id: Iebea20e8344c21137f1e1e5f23174d3b9b688495

Change-Id: I4953ee9de704c90dac67a70f9296062e5a071a77

Add 'nova_scheduler_extra_filters' to allow operators to enable
additional scheduler filters without overriding the entire list of
filters as in [0].
This also reduces the burden on ops to maintain the list of overridden
default schedulers because of things like [1].
[0] 3886dbc40d/openstack_deploy/user_variables.yml (L51-L69)
[1] https://review.openstack.org/#/c/596502/
Change-Id: I9ab6bcbef2b496df7f6ecf11a7d8f5f7891aeeca

Checking if nova_libvirt_images_rbd_pool is defined leaves us without
an opportunity to disable ceph usage for specific node.
Instead of that we will use bool filter, which will be true if line
is not empty, and false if it is. That way by setting variable to empty
string in host_vars we can disable all relevant options for specific node
Change-Id: Id7c03399bd54ac790dcfc28ad1dcd7f6d48979db

These were previously the defaults and resulted in the novncproxy port
not being adustable by the expected variable, and the novncproxy process
always bound to 0.0.0.0
Change-Id: Ic4cd75ff8fa88b3bfa37fea0f8ce0438611ba1db

Our installation uses separate networks for deployment and for
OpenStack management. By default, live migrations depend upon a
hostname, which resolves to an IP on our (lower speed) deployment
network. Dependent on the deployment, the hostname may not be a
reliable mechanism for determining the correct network for live
migrations.
Nova exposes a live_migration_inbound_addr which can be used to
correct this. This patch defaults the inbound_addr to match the
Nova service bind address, but provides the option for it to be
overwritten through variables.
Whilst the Nova docs suggest that live_migration_inbound_addr
is ignored when live_migration_tunnelled is enabled this appears
to be inaccurate from our testing.
Change-Id: Iff6326f72971364d275ea999418d476007690ef8
Related-Bug: #1576724 

This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: Ie50f529975e8f2ae1bf66136240b3901f08b51a4

Change-Id: I58e1dac857b2a9c0474b78220d9d3ae29f2428c0

Without auth_type, nova cannot authenticate to keystone to see
available ironic hypervisors/create new baremetal boots.
Change-Id: I709230061de4a743e1efc50ee3dd8d3c3465f10b

In openSUSE 15.x genisoimage was replaced by mkisofs. Although
some projects have added autodetection, nova needs to be explicitly
told.
Also remove deprecated qemu-kvm (wrapper around qemu-system-x86_64).
Change-Id: If0cbd60790935141d52465abe61b40058f1829b1

Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Depends-On: https://review.opendev.org/678200/
Depends-On: https://review.opendev.org/678055/
Change-Id: If5aeeefb93c8ba3c1368970de61ea1300218f637

This patch reduces the number of configuration defaults that we
ship with no functional changes for users that were not overriding
them.
Change-Id: Iec7e7b0ca13e2503344d23095c0f1c30b46bb702

[DEFAULT]/use_stderr: matching default[1]
[DEFAULT]/rootwrap_config: matching default[2]
[DEFAULT]/instance_name_template: matching default[3]
[DEFAULT]/libvirt_vif_type: zero reference in nova code
[libvirt]/use_virtio_for_bridges: matching default[4]
[api]/auth_strategy: matching default[5]
[1]: https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.use_stderr
[2]: https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.rootwrap_config
[3]: https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.instance_name_template
[4]: https://docs.openstack.org/nova/latest/configuration/config.html#libvirt.use_virtio_for_bridges
[5]: https://docs.openstack.org/nova/latest/configuration/config.html#api.auth_strategy
Change-Id: I5bffb58cba2caafc020c726e9741878361c96497

This driver has been retired [1] and tests are now failing becasue the
nova-lxd repo master branch is now empty.
[1] https://review.opendev.org/#/c/672283/
Change-Id: I9906ede54f6b41972a03bfa1d39ba5f99c6235ed

We are currently pushing out notifications even if Ceilometer is
not enabled resulting in huge queues. Let's not do that.
Change-Id: I0f8f5e3beaf9eca9127f1a37ffa93e0a5dac2974

This patch refactors a variable to determine if we RBD is in
use (either directly or via cinder-volume).
It also uses this to make sure to always set rbd_user and the
rbd_secret_uuid both are set so booting from Cinder with local
storage works.
Change-Id: I052f50cd527ea222e74fdc3684613499f2b55d8e

This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: If1eda4d803661a0b924941aecd1867302391a5f4

This patch brings the available defaults into line with the rest of
the roles, introducing default settings for nova_service_bind_address
and nova_metadata_bind_address.
Change-Id: If79cd21ed0266bd3445db0c3dadf092ffebbb3f1

This patch removes the option of valid_interfaces, as we're
pretty ok with the default value which is "internal,public"
Change-Id: I203d9df49db69c8e493a000df9cb003c4b60a19d

The debian packages for individual nova services provide service
configs which automatically start after install, leading to all nova
services running on each compute host. Instead only install the
python3-nova library package and rely on the service files OSA manages.
The nova_service_distro_packages can be cleaned up further since most
packages are provided as dependencies. uwsgi packages are only required
on hosts running nova-api-os-compute or nova-api-metadata, so an
additional key, 'nova_api' has been added for these hosts under
'nova_service_extra_distro_packages'.
Beginning in the Stein release, Ubuntu distro packages are now using
Python3. This requires additionally installing and using the uwsgi python3
plugin.
Change-Id: Id0c7b57f0119c5213abdf3505e4644680a78d55e

The PowerVM driver has been untested for a few years as well
as broken due to using the wrong driver as well. It's not possible
to test it within our infrastructure neither has there been any
contributions to improve/fix it.
This patch drops the support for it.
Change-Id: Iea84648c7ff65b5a4d8b97957fb92716578f714d

When nova is connecting to another service's API, ex. neutron,
it should use its own credentials to obtain an authtoken when
accessing the other service's API as a client. Only the other
service (eg. neutron) should use its own service credentials
when obtaining auth tokens.
Change-Id: I021f85fd4d08e49876377f87a5cd2fddf54a236f

Placement is now a separate service and has been removed from nova[1]
and implemented as a separate service in OSA[2]. As such, the nova
in-tree placement API is now disabled and can be removed.
[1] https://review.opendev.org/#/c/618215/
[2] https://review.opendev.org/#/c/656891/
Depends-On: I01df855d8b9255d24efe16ab053ffa491fda351f
Depends-On: I25ce79b9e3492cb075c50beed90ea2b78055e474
Change-Id: I2f5d4c2f1fc1418bc4f4c4baa1ce3c90b88208fc

The placement service is required, nova cannot start without it,
so we must always configure the authtoken even if the flag to deploy
the integrated nova-placement-api is disabled. This will enable the
ability to move placement into a separate service, disable the
nova-placement-api deployment, yet still configure the required
authtoken in nova.conf.
Depends-On: I58788af6f02a4b339a270dff69a86ce7cdea41d3
Change-Id: I4619d333187a0e96c1b60fe2f203df0838c12059

With the new oslo-privsep library, there is now a
privsep-helper command that is used to escalate
privledges.
This command needs to be runnable by the nova user
via sudo without a password. The old rootwrap command
is still used as well, so for now we need to have
both.
Change-Id: I3bf334bf9498f67a1e91041d1d50870964e6141c

We are setting these values to False and 10 seconds
respectively and by default it is set to True and 300
seconds, which is the desirable because we don't want
and instance to boot if there was timeout to plug in a
VIF. Also, 10 seconds is a really short timeout for this
Change-Id: I4698d04e08fd0aa162c81d4a4af37a42e938d4f1

While it works as is, the output does not match nova docs.
nova_pci_passthrough_whitelist:
 '{ "vendor_id": "10de", "product_id": "15f7" }'
outputting
passthrough_whitelist = "{ "vendor_id": "10de", "product_id": "15f7" }"
instead of the following as expected
passthrough_whitelist = { "vendor_id": "10de", "product_id": "15f7" }
same thing happens with the alias lines. This hits all release back to
at least pike.
Change-Id: I5fc34689eb12e6bd9b4f8977f2b9eebe637f11ec