Merge "Remove chrony role from kolla"

This commit is contained in:
Zuul 2021-09-30 21:07:38 +00:00 committed by Gerrit Code Review
commit 3e04e0043f
32 changed files with 33 additions and 337 deletions

View File

@ -2,13 +2,32 @@
- name: Remove chrony container - name: Remove chrony container
gather_facts: false gather_facts: false
hosts: hosts:
- chrony-server - "{{ 'chrony-server' if 'chrony-server' in groups else 'all' }}"
- chrony - "{{ 'chrony' if 'chrony' in groups else 'all' }}"
serial: '{{ kolla_serial|default("0") }}' serial: '{{ kolla_serial|default("0") }}'
tags: tags:
- chrony - chrony
tasks: tasks:
- import_role: # NOTE(mgoddard): Running against the all group means that some hosts may
name: chrony # not have docker installed, which would break the kolla_docker module.
tasks_from: cleanup.yml # Avoid using service_facts which adds a large fact.
when: not enable_chrony | bool - name: Check if Docker is running # noqa command-instead-of-module
command:
cmd: "systemctl is-active docker.service"
register: systemctl_is_active
changed_when: false
failed_when: false
- block:
- name: Stop and remove chrony container
become: true
kolla_docker:
action: "stop_and_remove_container"
name: chrony
- name: Remove config for chrony
become: true
file:
path: "{{ node_config_directory }}/chrony"
state: "absent"
when: systemctl_is_active.rc == 0

View File

@ -85,15 +85,6 @@ container_proxy:
# to the api_interface. Allow the bind address to be an override. # to the api_interface. Allow the bind address to be an override.
api_interface_address: "{{ 'api' | kolla_address }}" api_interface_address: "{{ 'api' | kolla_address }}"
################
# Chrony options
################
# A list contains ntp servers
external_ntp_servers:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
#################### ####################
# Database options # Database options
@ -607,7 +598,6 @@ enable_cells: "no"
enable_central_logging: "no" enable_central_logging: "no"
enable_ceph_rgw: "no" enable_ceph_rgw: "no"
enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}" enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}"
enable_chrony: "no"
enable_cinder: "no" enable_cinder: "no"
enable_cinder_backup: "yes" enable_cinder_backup: "yes"
enable_cinder_backend_hnas_nfs: "no" enable_cinder_backend_hnas_nfs: "no"

View File

@ -28,16 +28,6 @@ compute
storage storage
monitoring monitoring
[chrony-server:children]
loadbalancer
[chrony:children]
control
network
compute
storage
monitoring
[collectd:children] [collectd:children]
compute compute

View File

@ -52,16 +52,6 @@ compute
storage storage
monitoring monitoring
[chrony-server:children]
loadbalancer
[chrony:children]
control
network
compute
storage
monitoring
[collectd:children] [collectd:children]
compute compute

View File

@ -70,13 +70,11 @@ ubuntu_pkg_removals:
- lxc - lxc
- libvirt-bin - libvirt-bin
- open-iscsi - open-iscsi
- "{% if enable_chrony | bool %}chrony{% endif %}"
redhat_pkg_removals: redhat_pkg_removals:
- libvirt - libvirt
- libvirt-daemon - libvirt-daemon
- iscsi-initiator-utils - iscsi-initiator-utils
- "{% if enable_chrony | bool %}chrony{% endif %}"
# Path to a virtualenv in which to install python packages. If None, a # Path to a virtualenv in which to install python packages. If None, a
# virtualenv will not be used. # virtualenv will not be used.

View File

@ -208,22 +208,6 @@
- apparmor_libvirtd_profile.stat.exists - apparmor_libvirtd_profile.stat.exists
- not apparmor_libvirtd_disable_profile.stat.exists - not apparmor_libvirtd_disable_profile.stat.exists
- name: Get stat of chronyd apparmor profile
stat:
path: /etc/apparmor.d/usr.sbin.chronyd
register: apparmor_chronyd_profile
when:
- ansible_facts.os_family == "Debian"
- enable_chrony | bool
- name: Remove apparmor profile for chrony
command: apparmor_parser -R /etc/apparmor.d/usr.sbin.chronyd
become: True
when:
- ansible_facts.os_family == "Debian"
- enable_chrony | bool
- apparmor_chronyd_profile.stat.exists
- name: Create docker group - name: Create docker group
group: group:
name: docker name: docker

View File

@ -1,31 +0,0 @@
---
project_name: "chrony"
chrony_services:
chrony:
container_name: "chrony"
group: "chrony"
image: "{{ chrony_image_full }}"
enabled: True
privileged: True
volumes: "{{ chrony_default_volumes + chrony_extra_volumes }}"
dimensions: "{{ chrony_dimensions }}"
chrony_bindaddress: "{{ kolla_internal_vip_address }}"
####################
# Docker
####################
chrony_install_type: "{{ kolla_install_type }}"
chrony_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ chrony_install_type }}-chrony"
chrony_tag: "{{ openstack_tag }}"
chrony_image_full: "{{ chrony_image }}:{{ chrony_tag }}"
chrony_dimensions: "{{ default_container_dimensions }}"
chrony_default_volumes:
- "{{ node_config_directory }}/chrony/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla"
chrony_extra_volumes: "{{ default_extra_volumes }}"

View File

@ -1,16 +0,0 @@
---
- name: Restart chrony container
vars:
service_name: "chrony"
service: "{{ chrony_services[service_name] }}"
become: true
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
privileged: "{{ service.privileged }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes }}"
dimensions: "{{ service.dimensions }}"
when:
- kolla_action != "config"

View File

@ -1,17 +0,0 @@
---
- name: Check chrony container
become: true
kolla_docker:
action: "compare_container"
common_options: "{{ docker_common_options }}"
name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}"
privileged: "{{ item.value.privileged }}"
volumes: "{{ item.value.volumes }}"
dimensions: "{{ item.value.dimensions }}"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ chrony_services }}"
notify:
- "Restart {{ item.key }} container"

View File

@ -1 +0,0 @@
---

View File

@ -1,12 +0,0 @@
---
- name: Stop and remove chrony container
become: true
kolla_docker:
action: "stop_and_remove_container"
name: chrony
- name: Remove config for chrony
become: true
file:
path: "{{ node_config_directory }}/chrony"
state: "absent"

View File

@ -1,53 +0,0 @@
---
- name: Ensuring config directories exist
vars:
service_name: "chrony"
service: "{{ chrony_services[service_name] }}"
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- "chrony"
- name: Copying over config.json files for services
vars:
service_name: "chrony"
service: "{{ chrony_services[service_name] }}"
template:
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- "chrony"
notify:
- Restart chrony container
- name: Copying over chrony.conf
vars:
service_name: "chrony"
service: "{{ chrony_services[service_name] }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/chrony/chrony.conf"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_first_found:
- "{{ node_custom_config }}/chrony/{{ inventory_hostname }}/chrony.conf"
- "{{ node_custom_config }}/chrony/chrony.conf"
- "chrony.conf.j2"
notify:
- Restart chrony container

View File

@ -1,2 +0,0 @@
---
- import_tasks: check-containers.yml

View File

@ -1,7 +0,0 @@
---
- import_tasks: config.yml
- import_tasks: check-containers.yml
- name: Flush handlers
meta: flush_handlers

View File

@ -1,7 +0,0 @@
---
- name: Warn about deprecation
debug:
msg: >
chrony role is deprecated and will be removed in Xena
- include_tasks: "{{ kolla_action }}.yml"

View File

@ -1,9 +0,0 @@
---
- import_role:
name: service-precheck
vars:
service_precheck_services: "{{ chrony_services }}"
service_name: "{{ project_name }}"
# TODO(Jeffrey4l), need check whether udp 123 port is used. But there is no
# module to do this now.

View File

@ -1,3 +0,0 @@
---
- import_role:
role: service-images-pull

View File

@ -1,2 +0,0 @@
---
- import_tasks: deploy.yml

View File

@ -1,6 +0,0 @@
---
- import_role:
name: service-stop
vars:
project_services: "{{ chrony_services }}"
service_name: "{{ project_name }}"

View File

@ -1,2 +0,0 @@
---
- import_tasks: deploy.yml

View File

@ -1,47 +0,0 @@
{% set keyfile = '/etc/chrony.keys' if kolla_base_distro in ['centos', 'redhat'] else '/etc/chrony/chrony.keys' %}
server {{ kolla_internal_vip_address }} iburst
{# NOTE(jeffrey4l): external_ntp_servers may be None here #}
{% if external_ntp_servers %}
{% for ntp_server in external_ntp_servers %}
server {{ ntp_server }} iburst
{% endfor %}
{% endif %}
user chrony
keyfile {{ keyfile }}
commandkey 1
driftfile /var/lib/chrony/chrony.drift
log tracking measurements statistics
logdir /var/log/kolla/chrony
makestep 3 3
maxupdateskew 100.0
dumponexit
dumpdir /var/lib/chrony
{% if inventory_hostname in groups['chrony-server'] %}
allow all
# prevent chrony sync from self
deny {{ kolla_internal_vip_address }}
deny {{ api_interface_address }}
local stratum 10
{% else %}
port 0
deny all
{% endif %}
bindaddress {{ chrony_bindaddress }}
logchange 0.5
hwclockfile /etc/adjtime
rtcsync

View File

@ -1,23 +0,0 @@
{
"command": "/usr/sbin/chronyd -d -f /etc/chrony/chrony.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/chrony.conf",
"dest": "/etc/chrony/chrony.conf",
"owner": "root",
"perm": "0644"
}
],
"permissions": [
{
"path": "/var/log/kolla/chrony",
"owner": "chrony:kolla",
"recurse": true
},
{
"path": "/var/lib/chrony",
"owner": "chrony:chrony",
"recurse": true
}
]
}

View File

@ -186,7 +186,6 @@
- { name: "barbican", enabled: "{{ enable_barbican | bool }}" } - { name: "barbican", enabled: "{{ enable_barbican | bool }}" }
- { name: "blazar", enabled: "{{ enable_blazar | bool }}" } - { name: "blazar", enabled: "{{ enable_blazar | bool }}" }
- { name: "ceilometer", enabled: "{{ enable_ceilometer | bool }}" } - { name: "ceilometer", enabled: "{{ enable_ceilometer | bool }}" }
- { name: "chrony", enabled: "{{ enable_chrony | bool }}" }
- { name: "cinder", enabled: "{{ enable_cinder | bool }}" } - { name: "cinder", enabled: "{{ enable_cinder | bool }}" }
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty | bool }}" } - { name: "cloudkitty", enabled: "{{ enable_cloudkitty | bool }}" }
- { name: "collectd", enabled: "{{ enable_collectd | bool }}" } - { name: "collectd", enabled: "{{ enable_collectd | bool }}" }

View File

@ -1,3 +0,0 @@
"/var/log/kolla/chrony/*.log"
{
}

View File

@ -6,7 +6,6 @@
- include_tasks: timesync_checks.yml - include_tasks: timesync_checks.yml
when: when:
- not enable_chrony | bool
- inventory_hostname not in groups['deployment']|default([]) - inventory_hostname not in groups['deployment']|default([])
- import_tasks: datetime_checks.yml - import_tasks: datetime_checks.yml

View File

@ -11,17 +11,12 @@
- name: Fail if chrony container is running - name: Fail if chrony container is running
fail: fail:
msg: >- msg: >-
A chrony container is running, but 'enable_chrony' is 'false'. The chrony A chrony container is running, but the chrony container is no longer
container is deprecated from the Wallaby release, and the default value supported from the Xena release.
of 'enable_chrony' was changed to 'false'.
The chrony container may be cleaned up via 'kolla-ansible The chrony container may be cleaned up via 'kolla-ansible
chrony-cleanup'. You should then install and configure a suitable host chrony-cleanup'. You should then install and configure a suitable host
NTP daemon before running these prechecks again. NTP daemon before running these prechecks again.
To continue running the chrony container, set 'enable_chrony' to 'true',
however note that this feature will be removed in the Xena release, so it
is not recommended for use.
when: when:
- "'chrony' in container_facts" - "'chrony' in container_facts"

View File

@ -47,10 +47,6 @@
[[inputs.system]] [[inputs.system]]
[[inputs.net]] [[inputs.net]]
interfaces = [] interfaces = []
{% if inventory_hostname in groups['chrony'] and enable_chrony | bool %}
[[inputs.chrony]]
dns_lookup = false
{% endif %}
{% if inventory_hostname in groups['loadbalancer'] and enable_haproxy | bool %} {% if inventory_hostname in groups['loadbalancer'] and enable_haproxy | bool %}
[[inputs.haproxy]] [[inputs.haproxy]]
servers = ["{{ haproxy_proto }}://{{ haproxy_user }}:{{ haproxy_password }}@{{ api_interface_address | put_address_in_context('url') }}:{{ haproxy_stats_port }}"] servers = ["{{ haproxy_proto }}://{{ haproxy_user }}:{{ haproxy_password }}@{{ api_interface_address | put_address_in_context('url') }}:{{ haproxy_stats_port }}"]

View File

@ -23,7 +23,6 @@
- enable_blazar_{{ enable_blazar | bool }} - enable_blazar_{{ enable_blazar | bool }}
- enable_ceilometer_{{ enable_ceilometer | bool }} - enable_ceilometer_{{ enable_ceilometer | bool }}
- enable_ceph_rgw_{{ enable_ceph_rgw | bool }} - enable_ceph_rgw_{{ enable_ceph_rgw | bool }}
- enable_chrony_{{ enable_chrony | bool }}
- enable_cinder_{{ enable_cinder | bool }} - enable_cinder_{{ enable_cinder | bool }}
- enable_cloudkitty_{{ enable_cloudkitty | bool }} - enable_cloudkitty_{{ enable_cloudkitty | bool }}
- enable_collectd_{{ enable_collectd | bool }} - enable_collectd_{{ enable_collectd | bool }}
@ -102,18 +101,6 @@
roles: roles:
- role: common - role: common
- name: Apply role chrony
gather_facts: false
hosts:
- chrony-server
- chrony
- '&enable_chrony_True'
serial: '{{ kolla_serial|default("0") }}'
roles:
- { role: chrony,
tags: chrony,
when: enable_chrony | bool }
- name: Apply role loadbalancer - name: Apply role loadbalancer
gather_facts: false gather_facts: false
hosts: hosts:

View File

@ -298,7 +298,6 @@
#enable_central_logging: "no" #enable_central_logging: "no"
#enable_ceph_rgw: "no" #enable_ceph_rgw: "no"
#enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}" #enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}"
#enable_chrony: "no"
#enable_cinder: "no" #enable_cinder: "no"
#enable_cinder_backup: "yes" #enable_cinder_backup: "yes"
#enable_cinder_backend_hnas_nfs: "no" #enable_cinder_backend_hnas_nfs: "no"

View File

@ -0,0 +1,4 @@
---
upgrade:
- |
Support for deployment of chrony has been removed.

View File

@ -33,7 +33,8 @@ enable_openstack_core: "{{ openstack_core_enabled }}"
enable_horizon: "{{ dashboard_enabled }}" enable_horizon: "{{ dashboard_enabled }}"
enable_heat: "{{ openstack_core_tested }}" enable_heat: "{{ openstack_core_tested }}"
{% if is_previous_release and scenario != "cephadm" %} # TODO(mgoddard): Remove when previous release is Xena.
{% if is_previous_release and previous_release == "wallaby" and scenario != "cephadm" %}
# NOTE(mnasiadka): Test chrony cleanup in upgrade jobs # NOTE(mnasiadka): Test chrony cleanup in upgrade jobs
enable_chrony: "yes" enable_chrony: "yes"
{% endif %} {% endif %}
@ -129,10 +130,6 @@ glance_backend_ceph: "yes"
cinder_backend_ceph: "yes" cinder_backend_ceph: "yes"
nova_backend_ceph: "yes" nova_backend_ceph: "yes"
# TODO(yoctozepto): Remove this in the Xena cycle.
# cephadm doesn't support chrony in a container (checks for chrony.service)
enable_chrony: "no"
enable_ceph_rgw: {{ not is_upgrade or previous_release != 'wallaby' }} enable_ceph_rgw: {{ not is_upgrade or previous_release != 'wallaby' }}
ceph_rgw_hosts: ceph_rgw_hosts:
{% for host in hostvars %} {% for host in hostvars %}

View File

@ -97,16 +97,6 @@ compute
storage storage
monitoring monitoring
[chrony-server:children]
loadbalancer
[chrony:children]
control
network
compute
storage
monitoring
[collectd:children] [collectd:children]
compute compute