Merge pull request #1066 from stackhpc/zed-yoga-merge

zed: yoga merge

Author: markgoddard

.github/workflows/stackhpc-container-image-build.yml

@@ -253,7 +253,7 @@ jobs:
               if docker push $image; then
                 echo "Pushed $image"
                 break
-              elif $i == 5; then
+              elif [ $i -eq 5 ] ; then
                 echo "Failed to push $image"
                 echo $image >> image-build-logs/push-failed-images.txt
               else

doc/source/contributor/environments/ci-multinode.rst

@@ -2,65 +2,17 @@
 Multinode Test Environment
 ==========================
 
-.. warning::
-
-    This guide was written for the Yoga release and has not been validated for
-    Zed. Proceed with caution.
-
-
-
-Set up hosts
-============
-1. Create four baremetal instances with a centos 8 stream LVM image, and a
-   Centos 8 stream vm
-2. SSH into each baremetal and run ``sudo chown -R centos:.`` in the home
-   directory, then add the lines::
-
-      10.0.0.34 pelican pelican.service.compute.sms-lab.cloud
-      10.205.3.187 pulp-server pulp-server.internal.sms-cloud
-
-   to ``/etc/hosts`` (if you're waiting on them starting up, you can progress
-   until ``kayobe overcloud host configure`` without this step)
-
-Basic Kayobe Setup
-==================
-1. SSH into the VM
-2. ``sudo dnf install -y python3-virtualenv``
-3. ``mkdir src`` and ``cd src``
-4. Clone https://github.com/stackhpc/stackhpc-kayobe-config.git, then checkout
-   commit f31df6256f1b1fea99c84547d44f06c4cb74b161
-5. ``cd ..`` and ``mkdir venvs``
-6. ``virtualenv venvs/kayobe`` and source ``venvs/kayobe/bin/activate``
-7. ``pip install -U pip``
-8. ``pip install ./src/kayobe``
-9. Acquire the Ansible Vault password for this repository, and store a copy at
-   ``~/vault-pw``
-10. ``export KAYOBE_VAULT_PASSWORD=$(cat ~/vault-pw)``
-
-Config changes
-==============
-1. In etc/kayobe/ansible/requirements.yml remove version from vxlan
-2. In etc/kayobe/ansible/configure-vxlan.yml, change the group of
-   vxlan_interfaces so that the last octet is different e.g. 224.0.0.15
-3. Also under vxlan_interfaces, add vni:x where x is between 500 and 1000
-4. Also under vxlan_interfaces, check vxlan_dstport is not 4789 (this causes
-   conflicts, change to 4790)
-5. In etc/kayobe/environments/ci-multinode/tf-networks.yml, edit admin_ips so
-   that the compute and controller IPs line up with the
-   instances that were created earlier, remove the other IPs for seed and
-   cephOSD
-6. In etc/kayobe/environments/ci-multinode/network-allocation.yml, remove all
-   the entries and just assign ``aio_ips:`` an empty set ``[]``
-7. In etc/kayobe/environments/ci-multinode/inventory/hosts, remove the seed
-8. run stackhpc-kayobe-config/etc/kayobe/ansible/growroot.yml (if this fails,
-   manually increase the partition size on each host)
-
-Final steps
-===========
-1. ``source kayobe-env --environment ci-aio``
-2. Run ``kayobe overcloud host configure``
-3. Run ``kayobe overcloud service deploy``
-
+The ``ci-multinode`` environment provides a Kayobe configuration for multi-node
+clouds to be used for test and development purposes. It is designed to be used
+in combination with the `terraform-kayobe-multinode
+<https://github.com/stackhpc/terraform-kayobe-multinode>`__ repository. Follow
+the instructions in terraform-kayobe-multinode to deploy a cluster using this
+configuration. This documentation covers configuration of additional services
+beyond the defaults. This includes:
+
+* Manila
+* Magnum
+* Wazuh
 
 Manila
 ======

doc/source/operations/rabbitmq.rst

@@ -73,7 +73,7 @@ If you are running Wallaby or Xena, synchronise the Pulp containers.
 
 .. code-block:: console
 
-  kayobe playbook run etc/kayobe/ansible/pulp-container-sync.yml etc/kayobe/ansible/pulp-container-publish.yml -e stackhpc_pulp_images_kolla_filter=rabbitmq
+  kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-container-sync.yml $KAYOBE_CONFIG_PATH/ansible/pulp-container-publish.yml -e stackhpc_pulp_images_kolla_filter=rabbitmq
 
 Ensure that Kolla Ansible is up to date.
 

etc/kayobe/ansible/vault-generate-backend-tls.yml

@@ -1,8 +1,8 @@
 ---
 # Required for uri module to work with self-signed certificates and for systems to trust
 # the self-signed CA
-- name: Install CA on controllers
-  hosts: controllers
+- name: Install CA
+  hosts: controllers:network
   tasks:
     - name: Copy the intermediate CA
       copy:
@@ -16,7 +16,7 @@
       shell: "{{ 'update-ca-trust' if ansible_facts.os_family == 'RedHat' else 'update-ca-certificates' }}"
 
 - name: Generate backend API certificates
-  hosts: controllers
+  hosts: controllers:network
   vars:
     vault_api_addr: "https://{{ kolla_internal_fqdn }}:8200"
     vault_intermediate_ca_name: "OS-TLS-INT"

etc/kayobe/environments/ci-multinode/kolla/config/barbican.conf

@@ -7,7 +7,9 @@ enabled_secretstore_plugins=vault_plugin
 [vault_plugin]
 vault_url = https://{{ kolla_internal_vip_address }}:8200
 use_ssl = True
-ssl_ca_crt_file = {% raw %}{{ openstack_cacert }}{% endraw %}
+{% raw %}
+ssl_ca_crt_file = {{ openstack_cacert }}
+{% endraw %}
 approle_role_id = {{ secrets_barbican_approle_role_id }}
 approle_secret_id = {{ secrets_barbican_approle_secret_id }}
 kv_mountpoint = barbican

etc/kayobe/kolla/config/prometheus/ceph.rules

@@ -117,7 +117,7 @@ groups:
         requests.
 
   - alert: PgsUnclean
-    expr: ceph_pool_metadata * on(pool_id,instance) group_left() (ceph_pg_total - ceph_pg_clean) > 0
+    expr: ceph_pool_metadata * on(pool_id,instance) group_left() (ceph_pg_total - ceph_pg_clean - ceph_pg_backfilling - ceph_pg_backfill_wait) > 0
     for: 15m
     labels:
       severity: warning

releasenotes/notes/backend-tls-network-aa7b09008a2e1914.yaml

@@ -0,0 +1,6 @@
+---
+issues:
+  - |
+    Generate backend TLS files for network hosts. This fixes backend TLS
+    configuration for deployments where some API services are running on
+    network hosts.

releasenotes/notes/improve-ceph-pgs-unclean-alert-98306d397344b572.yaml

@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Prevents raising a Ceph ``PgsUnclean`` alert because of backfilling which
+    can frequently happen because of normal rebalancing activities, such as use
+    of the Ceph balancer or OSD addition.