Merge "Remove chrony role from kolla"
This commit is contained in:
Zuul
Gerrit Code Review
commit
3e04e0043f
@ -2,13 +2,32 @@
|
||||
- name: Remove chrony container
|
||||
gather_facts: false
|
||||
hosts:
|
||||
- chrony-server
|
||||
- chrony
|
||||
- "{{ 'chrony-server' if 'chrony-server' in groups else 'all' }}"
|
||||
- "{{ 'chrony' if 'chrony' in groups else 'all' }}"
|
||||
serial: '{{ kolla_serial|default("0") }}'
|
||||
tags:
|
||||
- chrony
|
||||
tasks:
|
||||
- import_role:
|
||||
name: chrony
|
||||
tasks_from: cleanup.yml
|
||||
when: not enable_chrony | bool
|
||||
# NOTE(mgoddard): Running against the all group means that some hosts may
|
||||
# not have docker installed, which would break the kolla_docker module.
|
||||
# Avoid using service_facts which adds a large fact.
|
||||
- name: Check if Docker is running # noqa command-instead-of-module
|
||||
command:
|
||||
cmd: "systemctl is-active docker.service"
|
||||
register: systemctl_is_active
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- block:
|
||||
- name: Stop and remove chrony container
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "stop_and_remove_container"
|
||||
name: chrony
|
||||
|
||||
- name: Remove config for chrony
|
||||
become: true
|
||||
file:
|
||||
path: "{{ node_config_directory }}/chrony"
|
||||
state: "absent"
|
||||
when: systemctl_is_active.rc == 0
|
||||
|
||||
@ -85,15 +85,6 @@ container_proxy:
|
||||
# to the api_interface. Allow the bind address to be an override.
|
||||
api_interface_address: "{{ 'api' | kolla_address }}"
|
||||
|
||||
################
|
||||
# Chrony options
|
||||
################
|
||||
# A list contains ntp servers
|
||||
external_ntp_servers:
|
||||
- 0.pool.ntp.org
|
||||
- 1.pool.ntp.org
|
||||
- 2.pool.ntp.org
|
||||
- 3.pool.ntp.org
|
||||
|
||||
####################
|
||||
# Database options
|
||||
@ -607,7 +598,6 @@ enable_cells: "no"
|
||||
enable_central_logging: "no"
|
||||
enable_ceph_rgw: "no"
|
||||
enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}"
|
||||
enable_chrony: "no"
|
||||
enable_cinder: "no"
|
||||
enable_cinder_backup: "yes"
|
||||
enable_cinder_backend_hnas_nfs: "no"
|
||||
|
||||
@ -28,16 +28,6 @@ compute
|
||||
storage
|
||||
monitoring
|
||||
|
||||
[chrony-server:children]
|
||||
loadbalancer
|
||||
|
||||
[chrony:children]
|
||||
control
|
||||
network
|
||||
compute
|
||||
storage
|
||||
monitoring
|
||||
|
||||
[collectd:children]
|
||||
compute
|
||||
|
||||
|
||||
@ -52,16 +52,6 @@ compute
|
||||
storage
|
||||
monitoring
|
||||
|
||||
[chrony-server:children]
|
||||
loadbalancer
|
||||
|
||||
[chrony:children]
|
||||
control
|
||||
network
|
||||
compute
|
||||
storage
|
||||
monitoring
|
||||
|
||||
[collectd:children]
|
||||
compute
|
||||
|
||||
|
||||
@ -70,13 +70,11 @@ ubuntu_pkg_removals:
|
||||
- lxc
|
||||
- libvirt-bin
|
||||
- open-iscsi
|
||||
- "{% if enable_chrony | bool %}chrony{% endif %}"
|
||||
|
||||
redhat_pkg_removals:
|
||||
- libvirt
|
||||
- libvirt-daemon
|
||||
- iscsi-initiator-utils
|
||||
- "{% if enable_chrony | bool %}chrony{% endif %}"
|
||||
|
||||
# Path to a virtualenv in which to install python packages. If None, a
|
||||
# virtualenv will not be used.
|
||||
|
||||
@ -208,22 +208,6 @@
|
||||
- apparmor_libvirtd_profile.stat.exists
|
||||
- not apparmor_libvirtd_disable_profile.stat.exists
|
||||
|
||||
- name: Get stat of chronyd apparmor profile
|
||||
stat:
|
||||
path: /etc/apparmor.d/usr.sbin.chronyd
|
||||
register: apparmor_chronyd_profile
|
||||
when:
|
||||
- ansible_facts.os_family == "Debian"
|
||||
- enable_chrony | bool
|
||||
|
||||
- name: Remove apparmor profile for chrony
|
||||
command: apparmor_parser -R /etc/apparmor.d/usr.sbin.chronyd
|
||||
become: True
|
||||
when:
|
||||
- ansible_facts.os_family == "Debian"
|
||||
- enable_chrony | bool
|
||||
- apparmor_chronyd_profile.stat.exists
|
||||
|
||||
- name: Create docker group
|
||||
group:
|
||||
name: docker
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
---
|
||||
project_name: "chrony"
|
||||
|
||||
chrony_services:
|
||||
chrony:
|
||||
container_name: "chrony"
|
||||
group: "chrony"
|
||||
image: "{{ chrony_image_full }}"
|
||||
enabled: True
|
||||
privileged: True
|
||||
volumes: "{{ chrony_default_volumes + chrony_extra_volumes }}"
|
||||
dimensions: "{{ chrony_dimensions }}"
|
||||
|
||||
chrony_bindaddress: "{{ kolla_internal_vip_address }}"
|
||||
|
||||
####################
|
||||
# Docker
|
||||
####################
|
||||
chrony_install_type: "{{ kolla_install_type }}"
|
||||
chrony_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ chrony_install_type }}-chrony"
|
||||
chrony_tag: "{{ openstack_tag }}"
|
||||
chrony_image_full: "{{ chrony_image }}:{{ chrony_tag }}"
|
||||
|
||||
chrony_dimensions: "{{ default_container_dimensions }}"
|
||||
|
||||
chrony_default_volumes:
|
||||
- "{{ node_config_directory }}/chrony/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
||||
- "kolla_logs:/var/log/kolla"
|
||||
chrony_extra_volumes: "{{ default_extra_volumes }}"
|
||||
@ -1,16 +0,0 @@
|
||||
---
|
||||
- name: Restart chrony container
|
||||
vars:
|
||||
service_name: "chrony"
|
||||
service: "{{ chrony_services[service_name] }}"
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
privileged: "{{ service.privileged }}"
|
||||
name: "{{ service.container_name }}"
|
||||
image: "{{ service.image }}"
|
||||
volumes: "{{ service.volumes }}"
|
||||
dimensions: "{{ service.dimensions }}"
|
||||
when:
|
||||
- kolla_action != "config"
|
||||
@ -1,17 +0,0 @@
|
||||
---
|
||||
- name: Check chrony container
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "compare_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
name: "{{ item.value.container_name }}"
|
||||
image: "{{ item.value.image }}"
|
||||
privileged: "{{ item.value.privileged }}"
|
||||
volumes: "{{ item.value.volumes }}"
|
||||
dimensions: "{{ item.value.dimensions }}"
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ chrony_services }}"
|
||||
notify:
|
||||
- "Restart {{ item.key }} container"
|
||||
@ -1 +0,0 @@
|
||||
---
|
||||
@ -1,12 +0,0 @@
|
||||
---
|
||||
- name: Stop and remove chrony container
|
||||
become: true
|
||||
kolla_docker:
|
||||
action: "stop_and_remove_container"
|
||||
name: chrony
|
||||
|
||||
- name: Remove config for chrony
|
||||
become: true
|
||||
file:
|
||||
path: "{{ node_config_directory }}/chrony"
|
||||
state: "absent"
|
||||
@ -1,53 +0,0 @@
|
||||
---
|
||||
- name: Ensuring config directories exist
|
||||
vars:
|
||||
service_name: "chrony"
|
||||
service: "{{ chrony_services[service_name] }}"
|
||||
file:
|
||||
path: "{{ node_config_directory }}/{{ item }}"
|
||||
state: "directory"
|
||||
owner: "{{ config_owner_user }}"
|
||||
group: "{{ config_owner_group }}"
|
||||
mode: "0770"
|
||||
become: true
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
with_items:
|
||||
- "chrony"
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
vars:
|
||||
service_name: "chrony"
|
||||
service: "{{ chrony_services[service_name] }}"
|
||||
template:
|
||||
src: "{{ item }}.json.j2"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/config.json"
|
||||
mode: "0660"
|
||||
become: true
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
with_items:
|
||||
- "chrony"
|
||||
notify:
|
||||
- Restart chrony container
|
||||
|
||||
- name: Copying over chrony.conf
|
||||
vars:
|
||||
service_name: "chrony"
|
||||
service: "{{ chrony_services[service_name] }}"
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ node_config_directory }}/chrony/chrony.conf"
|
||||
mode: "0660"
|
||||
become: true
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
with_first_found:
|
||||
- "{{ node_custom_config }}/chrony/{{ inventory_hostname }}/chrony.conf"
|
||||
- "{{ node_custom_config }}/chrony/chrony.conf"
|
||||
- "chrony.conf.j2"
|
||||
notify:
|
||||
- Restart chrony container
|
||||
@ -1,2 +0,0 @@
|
||||
---
|
||||
- import_tasks: check-containers.yml
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
- import_tasks: config.yml
|
||||
|
||||
- import_tasks: check-containers.yml
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
- name: Warn about deprecation
|
||||
debug:
|
||||
msg: >
|
||||
chrony role is deprecated and will be removed in Xena
|
||||
|
||||
- include_tasks: "{{ kolla_action }}.yml"
|
||||
@ -1,9 +0,0 @@
|
||||
---
|
||||
- import_role:
|
||||
name: service-precheck
|
||||
vars:
|
||||
service_precheck_services: "{{ chrony_services }}"
|
||||
service_name: "{{ project_name }}"
|
||||
|
||||
# TODO(Jeffrey4l), need check whether udp 123 port is used. But there is no
|
||||
# module to do this now.
|
||||
@ -1,3 +0,0 @@
|
||||
---
|
||||
- import_role:
|
||||
role: service-images-pull
|
||||
@ -1,2 +0,0 @@
|
||||
---
|
||||
- import_tasks: deploy.yml
|
||||
@ -1,6 +0,0 @@
|
||||
---
|
||||
- import_role:
|
||||
name: service-stop
|
||||
vars:
|
||||
project_services: "{{ chrony_services }}"
|
||||
service_name: "{{ project_name }}"
|
||||
@ -1,2 +0,0 @@
|
||||
---
|
||||
- import_tasks: deploy.yml
|
||||
@ -1,47 +0,0 @@
|
||||
{% set keyfile = '/etc/chrony.keys' if kolla_base_distro in ['centos', 'redhat'] else '/etc/chrony/chrony.keys' %}
|
||||
|
||||
server {{ kolla_internal_vip_address }} iburst
|
||||
{# NOTE(jeffrey4l): external_ntp_servers may be None here #}
|
||||
{% if external_ntp_servers %}
|
||||
{% for ntp_server in external_ntp_servers %}
|
||||
server {{ ntp_server }} iburst
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
user chrony
|
||||
|
||||
keyfile {{ keyfile }}
|
||||
|
||||
commandkey 1
|
||||
|
||||
driftfile /var/lib/chrony/chrony.drift
|
||||
|
||||
log tracking measurements statistics
|
||||
logdir /var/log/kolla/chrony
|
||||
|
||||
makestep 3 3
|
||||
|
||||
maxupdateskew 100.0
|
||||
|
||||
dumponexit
|
||||
|
||||
dumpdir /var/lib/chrony
|
||||
|
||||
{% if inventory_hostname in groups['chrony-server'] %}
|
||||
allow all
|
||||
# prevent chrony sync from self
|
||||
deny {{ kolla_internal_vip_address }}
|
||||
deny {{ api_interface_address }}
|
||||
local stratum 10
|
||||
{% else %}
|
||||
port 0
|
||||
deny all
|
||||
{% endif %}
|
||||
|
||||
bindaddress {{ chrony_bindaddress }}
|
||||
|
||||
logchange 0.5
|
||||
|
||||
hwclockfile /etc/adjtime
|
||||
|
||||
rtcsync
|
||||
@ -1,23 +0,0 @@
|
||||
{
|
||||
"command": "/usr/sbin/chronyd -d -f /etc/chrony/chrony.conf",
|
||||
"config_files": [
|
||||
{
|
||||
"source": "{{ container_config_directory }}/chrony.conf",
|
||||
"dest": "/etc/chrony/chrony.conf",
|
||||
"owner": "root",
|
||||
"perm": "0644"
|
||||
}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/log/kolla/chrony",
|
||||
"owner": "chrony:kolla",
|
||||
"recurse": true
|
||||
},
|
||||
{
|
||||
"path": "/var/lib/chrony",
|
||||
"owner": "chrony:chrony",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -186,7 +186,6 @@
|
||||
- { name: "barbican", enabled: "{{ enable_barbican | bool }}" }
|
||||
- { name: "blazar", enabled: "{{ enable_blazar | bool }}" }
|
||||
- { name: "ceilometer", enabled: "{{ enable_ceilometer | bool }}" }
|
||||
- { name: "chrony", enabled: "{{ enable_chrony | bool }}" }
|
||||
- { name: "cinder", enabled: "{{ enable_cinder | bool }}" }
|
||||
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty | bool }}" }
|
||||
- { name: "collectd", enabled: "{{ enable_collectd | bool }}" }
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
"/var/log/kolla/chrony/*.log"
|
||||
{
|
||||
}
|
||||
@ -6,7 +6,6 @@
|
||||
|
||||
- include_tasks: timesync_checks.yml
|
||||
when:
|
||||
- not enable_chrony | bool
|
||||
- inventory_hostname not in groups['deployment']|default([])
|
||||
|
||||
- import_tasks: datetime_checks.yml
|
||||
|
||||
@ -11,17 +11,12 @@
|
||||
- name: Fail if chrony container is running
|
||||
fail:
|
||||
msg: >-
|
||||
A chrony container is running, but 'enable_chrony' is 'false'. The chrony
|
||||
container is deprecated from the Wallaby release, and the default value
|
||||
of 'enable_chrony' was changed to 'false'.
|
||||
A chrony container is running, but the chrony container is no longer
|
||||
supported from the Xena release.
|
||||
|
||||
The chrony container may be cleaned up via 'kolla-ansible
|
||||
chrony-cleanup'. You should then install and configure a suitable host
|
||||
NTP daemon before running these prechecks again.
|
||||
|
||||
To continue running the chrony container, set 'enable_chrony' to 'true',
|
||||
however note that this feature will be removed in the Xena release, so it
|
||||
is not recommended for use.
|
||||
when:
|
||||
- "'chrony' in container_facts"
|
||||
|
||||
|
||||
@ -47,10 +47,6 @@
|
||||
[[inputs.system]]
|
||||
[[inputs.net]]
|
||||
interfaces = []
|
||||
{% if inventory_hostname in groups['chrony'] and enable_chrony | bool %}
|
||||
[[inputs.chrony]]
|
||||
dns_lookup = false
|
||||
{% endif %}
|
||||
{% if inventory_hostname in groups['loadbalancer'] and enable_haproxy | bool %}
|
||||
[[inputs.haproxy]]
|
||||
servers = ["{{ haproxy_proto }}://{{ haproxy_user }}:{{ haproxy_password }}@{{ api_interface_address | put_address_in_context('url') }}:{{ haproxy_stats_port }}"]
|
||||
|
||||
@ -23,7 +23,6 @@
|
||||
- enable_blazar_{{ enable_blazar | bool }}
|
||||
- enable_ceilometer_{{ enable_ceilometer | bool }}
|
||||
- enable_ceph_rgw_{{ enable_ceph_rgw | bool }}
|
||||
- enable_chrony_{{ enable_chrony | bool }}
|
||||
- enable_cinder_{{ enable_cinder | bool }}
|
||||
- enable_cloudkitty_{{ enable_cloudkitty | bool }}
|
||||
- enable_collectd_{{ enable_collectd | bool }}
|
||||
@ -102,18 +101,6 @@
|
||||
roles:
|
||||
- role: common
|
||||
|
||||
- name: Apply role chrony
|
||||
gather_facts: false
|
||||
hosts:
|
||||
- chrony-server
|
||||
- chrony
|
||||
- '&enable_chrony_True'
|
||||
serial: '{{ kolla_serial|default("0") }}'
|
||||
roles:
|
||||
- { role: chrony,
|
||||
tags: chrony,
|
||||
when: enable_chrony | bool }
|
||||
|
||||
- name: Apply role loadbalancer
|
||||
gather_facts: false
|
||||
hosts:
|
||||
|
||||
@ -298,7 +298,6 @@
|
||||
#enable_central_logging: "no"
|
||||
#enable_ceph_rgw: "no"
|
||||
#enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}"
|
||||
#enable_chrony: "no"
|
||||
#enable_cinder: "no"
|
||||
#enable_cinder_backup: "yes"
|
||||
#enable_cinder_backend_hnas_nfs: "no"
|
||||
|
||||
@ -0,0 +1,4 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
Support for deployment of chrony has been removed.
|
||||
@ -33,7 +33,8 @@ enable_openstack_core: "{{ openstack_core_enabled }}"
|
||||
enable_horizon: "{{ dashboard_enabled }}"
|
||||
enable_heat: "{{ openstack_core_tested }}"
|
||||
|
||||
{% if is_previous_release and scenario != "cephadm" %}
|
||||
# TODO(mgoddard): Remove when previous release is Xena.
|
||||
{% if is_previous_release and previous_release == "wallaby" and scenario != "cephadm" %}
|
||||
# NOTE(mnasiadka): Test chrony cleanup in upgrade jobs
|
||||
enable_chrony: "yes"
|
||||
{% endif %}
|
||||
@ -129,10 +130,6 @@ glance_backend_ceph: "yes"
|
||||
cinder_backend_ceph: "yes"
|
||||
nova_backend_ceph: "yes"
|
||||
|
||||
# TODO(yoctozepto): Remove this in the Xena cycle.
|
||||
# cephadm doesn't support chrony in a container (checks for chrony.service)
|
||||
enable_chrony: "no"
|
||||
|
||||
enable_ceph_rgw: {{ not is_upgrade or previous_release != 'wallaby' }}
|
||||
ceph_rgw_hosts:
|
||||
{% for host in hostvars %}
|
||||
|
||||
@ -97,16 +97,6 @@ compute
|
||||
storage
|
||||
monitoring
|
||||
|
||||
[chrony-server:children]
|
||||
loadbalancer
|
||||
|
||||
[chrony:children]
|
||||
control
|
||||
network
|
||||
compute
|
||||
storage
|
||||
monitoring
|
||||
|
||||
[collectd:children]
|
||||
compute
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user