diff --git a/ansible/chrony-cleanup.yml b/ansible/chrony-cleanup.yml index 1742a1207f..fe5f0eade8 100644 --- a/ansible/chrony-cleanup.yml +++ b/ansible/chrony-cleanup.yml @@ -2,13 +2,32 @@ - name: Remove chrony container gather_facts: false hosts: - - chrony-server - - chrony + - "{{ 'chrony-server' if 'chrony-server' in groups else 'all' }}" + - "{{ 'chrony' if 'chrony' in groups else 'all' }}" serial: '{{ kolla_serial|default("0") }}' tags: - chrony tasks: - - import_role: - name: chrony - tasks_from: cleanup.yml - when: not enable_chrony | bool + # NOTE(mgoddard): Running against the all group means that some hosts may + # not have docker installed, which would break the kolla_docker module. + # Avoid using service_facts which adds a large fact. + - name: Check if Docker is running # noqa command-instead-of-module + command: + cmd: "systemctl is-active docker.service" + register: systemctl_is_active + changed_when: false + failed_when: false + + - block: + - name: Stop and remove chrony container + become: true + kolla_docker: + action: "stop_and_remove_container" + name: chrony + + - name: Remove config for chrony + become: true + file: + path: "{{ node_config_directory }}/chrony" + state: "absent" + when: systemctl_is_active.rc == 0 diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 07887764f9..15dea35c9f 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -85,15 +85,6 @@ container_proxy: # to the api_interface. Allow the bind address to be an override. api_interface_address: "{{ 'api' | kolla_address }}" -################ -# Chrony options -################ -# A list contains ntp servers -external_ntp_servers: - - 0.pool.ntp.org - - 1.pool.ntp.org - - 2.pool.ntp.org - - 3.pool.ntp.org #################### # Database options @@ -607,7 +598,6 @@ enable_cells: "no" enable_central_logging: "no" enable_ceph_rgw: "no" enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}" -enable_chrony: "no" enable_cinder: "no" enable_cinder_backup: "yes" enable_cinder_backend_hnas_nfs: "no" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index ac95fc2ef1..66e17b40e6 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -28,16 +28,6 @@ compute storage monitoring -[chrony-server:children] -loadbalancer - -[chrony:children] -control -network -compute -storage -monitoring - [collectd:children] compute diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 045610a818..63247ff37e 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -52,16 +52,6 @@ compute storage monitoring -[chrony-server:children] -loadbalancer - -[chrony:children] -control -network -compute -storage -monitoring - [collectd:children] compute diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml index ac11091dbd..d646658b33 100644 --- a/ansible/roles/baremetal/defaults/main.yml +++ b/ansible/roles/baremetal/defaults/main.yml @@ -70,13 +70,11 @@ ubuntu_pkg_removals: - lxc - libvirt-bin - open-iscsi - - "{% if enable_chrony | bool %}chrony{% endif %}" redhat_pkg_removals: - libvirt - libvirt-daemon - iscsi-initiator-utils - - "{% if enable_chrony | bool %}chrony{% endif %}" # Path to a virtualenv in which to install python packages. If None, a # virtualenv will not be used. diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml index abfa465b91..74c006ae1c 100644 --- a/ansible/roles/baremetal/tasks/post-install.yml +++ b/ansible/roles/baremetal/tasks/post-install.yml @@ -208,22 +208,6 @@ - apparmor_libvirtd_profile.stat.exists - not apparmor_libvirtd_disable_profile.stat.exists -- name: Get stat of chronyd apparmor profile - stat: - path: /etc/apparmor.d/usr.sbin.chronyd - register: apparmor_chronyd_profile - when: - - ansible_facts.os_family == "Debian" - - enable_chrony | bool - -- name: Remove apparmor profile for chrony - command: apparmor_parser -R /etc/apparmor.d/usr.sbin.chronyd - become: True - when: - - ansible_facts.os_family == "Debian" - - enable_chrony | bool - - apparmor_chronyd_profile.stat.exists - - name: Create docker group group: name: docker diff --git a/ansible/roles/chrony/defaults/main.yml b/ansible/roles/chrony/defaults/main.yml deleted file mode 100644 index e74cb135a0..0000000000 --- a/ansible/roles/chrony/defaults/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -project_name: "chrony" - -chrony_services: - chrony: - container_name: "chrony" - group: "chrony" - image: "{{ chrony_image_full }}" - enabled: True - privileged: True - volumes: "{{ chrony_default_volumes + chrony_extra_volumes }}" - dimensions: "{{ chrony_dimensions }}" - -chrony_bindaddress: "{{ kolla_internal_vip_address }}" - -#################### -# Docker -#################### -chrony_install_type: "{{ kolla_install_type }}" -chrony_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ chrony_install_type }}-chrony" -chrony_tag: "{{ openstack_tag }}" -chrony_image_full: "{{ chrony_image }}:{{ chrony_tag }}" - -chrony_dimensions: "{{ default_container_dimensions }}" - -chrony_default_volumes: - - "{{ node_config_directory }}/chrony/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" - - "kolla_logs:/var/log/kolla" -chrony_extra_volumes: "{{ default_extra_volumes }}" diff --git a/ansible/roles/chrony/handlers/main.yml b/ansible/roles/chrony/handlers/main.yml deleted file mode 100644 index 3c800c7d28..0000000000 --- a/ansible/roles/chrony/handlers/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Restart chrony container - vars: - service_name: "chrony" - service: "{{ chrony_services[service_name] }}" - become: true - kolla_docker: - action: "recreate_or_restart_container" - common_options: "{{ docker_common_options }}" - privileged: "{{ service.privileged }}" - name: "{{ service.container_name }}" - image: "{{ service.image }}" - volumes: "{{ service.volumes }}" - dimensions: "{{ service.dimensions }}" - when: - - kolla_action != "config" diff --git a/ansible/roles/chrony/tasks/check-containers.yml b/ansible/roles/chrony/tasks/check-containers.yml deleted file mode 100644 index a9e937b684..0000000000 --- a/ansible/roles/chrony/tasks/check-containers.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Check chrony container - become: true - kolla_docker: - action: "compare_container" - common_options: "{{ docker_common_options }}" - name: "{{ item.value.container_name }}" - image: "{{ item.value.image }}" - privileged: "{{ item.value.privileged }}" - volumes: "{{ item.value.volumes }}" - dimensions: "{{ item.value.dimensions }}" - when: - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - with_dict: "{{ chrony_services }}" - notify: - - "Restart {{ item.key }} container" diff --git a/ansible/roles/chrony/tasks/check.yml b/ansible/roles/chrony/tasks/check.yml deleted file mode 100644 index ed97d539c0..0000000000 --- a/ansible/roles/chrony/tasks/check.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/ansible/roles/chrony/tasks/cleanup.yml b/ansible/roles/chrony/tasks/cleanup.yml deleted file mode 100644 index 79ef11602a..0000000000 --- a/ansible/roles/chrony/tasks/cleanup.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Stop and remove chrony container - become: true - kolla_docker: - action: "stop_and_remove_container" - name: chrony - -- name: Remove config for chrony - become: true - file: - path: "{{ node_config_directory }}/chrony" - state: "absent" diff --git a/ansible/roles/chrony/tasks/config.yml b/ansible/roles/chrony/tasks/config.yml deleted file mode 100644 index 73d80b03ae..0000000000 --- a/ansible/roles/chrony/tasks/config.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Ensuring config directories exist - vars: - service_name: "chrony" - service: "{{ chrony_services[service_name] }}" - file: - path: "{{ node_config_directory }}/{{ item }}" - state: "directory" - owner: "{{ config_owner_user }}" - group: "{{ config_owner_group }}" - mode: "0770" - become: true - when: - - inventory_hostname in groups[service.group] - - service.enabled | bool - with_items: - - "chrony" - -- name: Copying over config.json files for services - vars: - service_name: "chrony" - service: "{{ chrony_services[service_name] }}" - template: - src: "{{ item }}.json.j2" - dest: "{{ node_config_directory }}/{{ item }}/config.json" - mode: "0660" - become: true - when: - - inventory_hostname in groups[service.group] - - service.enabled | bool - with_items: - - "chrony" - notify: - - Restart chrony container - -- name: Copying over chrony.conf - vars: - service_name: "chrony" - service: "{{ chrony_services[service_name] }}" - template: - src: "{{ item }}" - dest: "{{ node_config_directory }}/chrony/chrony.conf" - mode: "0660" - become: true - when: - - inventory_hostname in groups[service.group] - - service.enabled | bool - with_first_found: - - "{{ node_custom_config }}/chrony/{{ inventory_hostname }}/chrony.conf" - - "{{ node_custom_config }}/chrony/chrony.conf" - - "chrony.conf.j2" - notify: - - Restart chrony container diff --git a/ansible/roles/chrony/tasks/deploy-containers.yml b/ansible/roles/chrony/tasks/deploy-containers.yml deleted file mode 100644 index eb24ab5c7a..0000000000 --- a/ansible/roles/chrony/tasks/deploy-containers.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- import_tasks: check-containers.yml diff --git a/ansible/roles/chrony/tasks/deploy.yml b/ansible/roles/chrony/tasks/deploy.yml deleted file mode 100644 index 49edff81e3..0000000000 --- a/ansible/roles/chrony/tasks/deploy.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- import_tasks: config.yml - -- import_tasks: check-containers.yml - -- name: Flush handlers - meta: flush_handlers diff --git a/ansible/roles/chrony/tasks/main.yml b/ansible/roles/chrony/tasks/main.yml deleted file mode 100644 index 1ad1760bd5..0000000000 --- a/ansible/roles/chrony/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Warn about deprecation - debug: - msg: > - chrony role is deprecated and will be removed in Xena - -- include_tasks: "{{ kolla_action }}.yml" diff --git a/ansible/roles/chrony/tasks/precheck.yml b/ansible/roles/chrony/tasks/precheck.yml deleted file mode 100644 index 13b37e2ef2..0000000000 --- a/ansible/roles/chrony/tasks/precheck.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- import_role: - name: service-precheck - vars: - service_precheck_services: "{{ chrony_services }}" - service_name: "{{ project_name }}" - -# TODO(Jeffrey4l), need check whether udp 123 port is used. But there is no -# module to do this now. diff --git a/ansible/roles/chrony/tasks/pull.yml b/ansible/roles/chrony/tasks/pull.yml deleted file mode 100644 index 53f9c5fda1..0000000000 --- a/ansible/roles/chrony/tasks/pull.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- import_role: - role: service-images-pull diff --git a/ansible/roles/chrony/tasks/reconfigure.yml b/ansible/roles/chrony/tasks/reconfigure.yml deleted file mode 100644 index 5b10a7e111..0000000000 --- a/ansible/roles/chrony/tasks/reconfigure.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- import_tasks: deploy.yml diff --git a/ansible/roles/chrony/tasks/stop.yml b/ansible/roles/chrony/tasks/stop.yml deleted file mode 100644 index db8c758016..0000000000 --- a/ansible/roles/chrony/tasks/stop.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- import_role: - name: service-stop - vars: - project_services: "{{ chrony_services }}" - service_name: "{{ project_name }}" diff --git a/ansible/roles/chrony/tasks/upgrade.yml b/ansible/roles/chrony/tasks/upgrade.yml deleted file mode 100644 index 5b10a7e111..0000000000 --- a/ansible/roles/chrony/tasks/upgrade.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- import_tasks: deploy.yml diff --git a/ansible/roles/chrony/templates/chrony.conf.j2 b/ansible/roles/chrony/templates/chrony.conf.j2 deleted file mode 100644 index a6c95d7aba..0000000000 --- a/ansible/roles/chrony/templates/chrony.conf.j2 +++ /dev/null @@ -1,47 +0,0 @@ -{% set keyfile = '/etc/chrony.keys' if kolla_base_distro in ['centos', 'redhat'] else '/etc/chrony/chrony.keys' %} - -server {{ kolla_internal_vip_address }} iburst -{# NOTE(jeffrey4l): external_ntp_servers may be None here #} -{% if external_ntp_servers %} -{% for ntp_server in external_ntp_servers %} -server {{ ntp_server }} iburst -{% endfor %} -{% endif %} - -user chrony - -keyfile {{ keyfile }} - -commandkey 1 - -driftfile /var/lib/chrony/chrony.drift - -log tracking measurements statistics -logdir /var/log/kolla/chrony - -makestep 3 3 - -maxupdateskew 100.0 - -dumponexit - -dumpdir /var/lib/chrony - -{% if inventory_hostname in groups['chrony-server'] %} -allow all -# prevent chrony sync from self -deny {{ kolla_internal_vip_address }} -deny {{ api_interface_address }} -local stratum 10 -{% else %} -port 0 -deny all -{% endif %} - -bindaddress {{ chrony_bindaddress }} - -logchange 0.5 - -hwclockfile /etc/adjtime - -rtcsync diff --git a/ansible/roles/chrony/templates/chrony.json.j2 b/ansible/roles/chrony/templates/chrony.json.j2 deleted file mode 100644 index a5c5f35461..0000000000 --- a/ansible/roles/chrony/templates/chrony.json.j2 +++ /dev/null @@ -1,23 +0,0 @@ -{ - "command": "/usr/sbin/chronyd -d -f /etc/chrony/chrony.conf", - "config_files": [ - { - "source": "{{ container_config_directory }}/chrony.conf", - "dest": "/etc/chrony/chrony.conf", - "owner": "root", - "perm": "0644" - } - ], - "permissions": [ - { - "path": "/var/log/kolla/chrony", - "owner": "chrony:kolla", - "recurse": true - }, - { - "path": "/var/lib/chrony", - "owner": "chrony:chrony", - "recurse": true - } - ] -} diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index c2878cc246..94d6d63e59 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -186,7 +186,6 @@ - { name: "barbican", enabled: "{{ enable_barbican | bool }}" } - { name: "blazar", enabled: "{{ enable_blazar | bool }}" } - { name: "ceilometer", enabled: "{{ enable_ceilometer | bool }}" } - - { name: "chrony", enabled: "{{ enable_chrony | bool }}" } - { name: "cinder", enabled: "{{ enable_cinder | bool }}" } - { name: "cloudkitty", enabled: "{{ enable_cloudkitty | bool }}" } - { name: "collectd", enabled: "{{ enable_collectd | bool }}" } diff --git a/ansible/roles/common/templates/cron-logrotate-chrony.conf.j2 b/ansible/roles/common/templates/cron-logrotate-chrony.conf.j2 deleted file mode 100644 index 42d184b06e..0000000000 --- a/ansible/roles/common/templates/cron-logrotate-chrony.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -"/var/log/kolla/chrony/*.log" -{ -} diff --git a/ansible/roles/prechecks/tasks/main.yml b/ansible/roles/prechecks/tasks/main.yml index c3b72c41e6..a38f7c550c 100644 --- a/ansible/roles/prechecks/tasks/main.yml +++ b/ansible/roles/prechecks/tasks/main.yml @@ -6,7 +6,6 @@ - include_tasks: timesync_checks.yml when: - - not enable_chrony | bool - inventory_hostname not in groups['deployment']|default([]) - import_tasks: datetime_checks.yml diff --git a/ansible/roles/prechecks/tasks/timesync_checks.yml b/ansible/roles/prechecks/tasks/timesync_checks.yml index 8e4a7a844d..0264baf9d8 100644 --- a/ansible/roles/prechecks/tasks/timesync_checks.yml +++ b/ansible/roles/prechecks/tasks/timesync_checks.yml @@ -11,17 +11,12 @@ - name: Fail if chrony container is running fail: msg: >- - A chrony container is running, but 'enable_chrony' is 'false'. The chrony - container is deprecated from the Wallaby release, and the default value - of 'enable_chrony' was changed to 'false'. + A chrony container is running, but the chrony container is no longer + supported from the Xena release. The chrony container may be cleaned up via 'kolla-ansible chrony-cleanup'. You should then install and configure a suitable host NTP daemon before running these prechecks again. - - To continue running the chrony container, set 'enable_chrony' to 'true', - however note that this feature will be removed in the Xena release, so it - is not recommended for use. when: - "'chrony' in container_facts" diff --git a/ansible/roles/telegraf/templates/telegraf.conf.j2 b/ansible/roles/telegraf/templates/telegraf.conf.j2 index de3ab69a8a..0e7a0bb251 100644 --- a/ansible/roles/telegraf/templates/telegraf.conf.j2 +++ b/ansible/roles/telegraf/templates/telegraf.conf.j2 @@ -47,10 +47,6 @@ [[inputs.system]] [[inputs.net]] interfaces = [] -{% if inventory_hostname in groups['chrony'] and enable_chrony | bool %} -[[inputs.chrony]] - dns_lookup = false -{% endif %} {% if inventory_hostname in groups['loadbalancer'] and enable_haproxy | bool %} [[inputs.haproxy]] servers = ["{{ haproxy_proto }}://{{ haproxy_user }}:{{ haproxy_password }}@{{ api_interface_address | put_address_in_context('url') }}:{{ haproxy_stats_port }}"] diff --git a/ansible/site.yml b/ansible/site.yml index ca177a6d77..dc0be8eb26 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -23,7 +23,6 @@ - enable_blazar_{{ enable_blazar | bool }} - enable_ceilometer_{{ enable_ceilometer | bool }} - enable_ceph_rgw_{{ enable_ceph_rgw | bool }} - - enable_chrony_{{ enable_chrony | bool }} - enable_cinder_{{ enable_cinder | bool }} - enable_cloudkitty_{{ enable_cloudkitty | bool }} - enable_collectd_{{ enable_collectd | bool }} @@ -102,18 +101,6 @@ roles: - role: common -- name: Apply role chrony - gather_facts: false - hosts: - - chrony-server - - chrony - - '&enable_chrony_True' - serial: '{{ kolla_serial|default("0") }}' - roles: - - { role: chrony, - tags: chrony, - when: enable_chrony | bool } - - name: Apply role loadbalancer gather_facts: false hosts: diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 001576e9b8..d7c89b774e 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -298,7 +298,6 @@ #enable_central_logging: "no" #enable_ceph_rgw: "no" #enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}" -#enable_chrony: "no" #enable_cinder: "no" #enable_cinder_backup: "yes" #enable_cinder_backend_hnas_nfs: "no" diff --git a/releasenotes/notes/remove-chrony-role-90f164df8090f916.yaml b/releasenotes/notes/remove-chrony-role-90f164df8090f916.yaml new file mode 100644 index 0000000000..e82fde4257 --- /dev/null +++ b/releasenotes/notes/remove-chrony-role-90f164df8090f916.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - | + Support for deployment of chrony has been removed. diff --git a/tests/templates/globals-default.j2 b/tests/templates/globals-default.j2 index 3aa8f2793e..94ef7683d3 100644 --- a/tests/templates/globals-default.j2 +++ b/tests/templates/globals-default.j2 @@ -33,7 +33,8 @@ enable_openstack_core: "{{ openstack_core_enabled }}" enable_horizon: "{{ dashboard_enabled }}" enable_heat: "{{ openstack_core_tested }}" -{% if is_previous_release and scenario != "cephadm" %} +# TODO(mgoddard): Remove when previous release is Xena. +{% if is_previous_release and previous_release == "wallaby" and scenario != "cephadm" %} # NOTE(mnasiadka): Test chrony cleanup in upgrade jobs enable_chrony: "yes" {% endif %} @@ -129,10 +130,6 @@ glance_backend_ceph: "yes" cinder_backend_ceph: "yes" nova_backend_ceph: "yes" -# TODO(yoctozepto): Remove this in the Xena cycle. -# cephadm doesn't support chrony in a container (checks for chrony.service) -enable_chrony: "no" - enable_ceph_rgw: {{ not is_upgrade or previous_release != 'wallaby' }} ceph_rgw_hosts: {% for host in hostvars %} diff --git a/tests/templates/inventory.j2 b/tests/templates/inventory.j2 index e323a78b72..bef80fbb80 100644 --- a/tests/templates/inventory.j2 +++ b/tests/templates/inventory.j2 @@ -97,16 +97,6 @@ compute storage monitoring -[chrony-server:children] -loadbalancer - -[chrony:children] -control -network -compute -storage -monitoring - [collectd:children] compute