stackhpc
diff --git a/‎ansible/group_vars/all/rabbitmq.yml‎
Lines changed: 1 addition & 1 deletion b/‎ansible/group_vars/all/rabbitmq.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ansible/module_utils/kolla_container_worker.py‎
Lines changed: 175 additions & 26 deletions b/‎ansible/module_utils/kolla_container_worker.py‎
Lines changed: 175 additions & 26 deletions
diff --git a/‎ansible/module_utils/kolla_docker_worker.py‎
Lines changed: 4 additions & 0 deletions b/‎ansible/module_utils/kolla_docker_worker.py‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎ansible/module_utils/kolla_podman_worker.py‎
Lines changed: 4 additions & 9 deletions b/‎ansible/module_utils/kolla_podman_worker.py‎
Lines changed: 4 additions & 9 deletions
diff --git a/‎ansible/roles/ironic/defaults/main.yml‎
Lines changed: 5 additions & 1 deletion b/‎ansible/roles/ironic/defaults/main.yml‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎ansible/roles/keystone/templates/keystone.conf.j2‎
Lines changed: 0 additions & 1 deletion b/‎ansible/roles/keystone/templates/keystone.conf.j2‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎ansible/roles/letsencrypt/defaults/main.yml‎
Lines changed: 1 addition & 1 deletion b/‎ansible/roles/letsencrypt/defaults/main.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ansible/roles/letsencrypt/templates/letsencrypt-webserver.json.j2‎
Lines changed: 8 additions & 0 deletions b/‎ansible/roles/letsencrypt/templates/letsencrypt-webserver.json.j2‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎ansible/roles/neutron/templates/fwaas_driver.ini.j2‎
Lines changed: 0 additions & 1 deletion b/‎ansible/roles/neutron/templates/fwaas_driver.ini.j2‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎ansible/roles/opensearch/tasks/post-config.yml‎
Lines changed: 27 additions & 0 deletions b/‎ansible/roles/opensearch/tasks/post-config.yml‎
Lines changed: 27 additions & 0 deletions
@@ -5,7 +5,7 @@ enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transpor
 # RabbitMQ options
 ####################
 rabbitmq_user: "openstack"
-rabbitmq_monitoring_user: ""
+rabbitmq_monitoring_user: "openstack-monitoring"
 # Whether to enable TLS encryption for RabbitMQ client-server communication.
 rabbitmq_enable_tls: false
 # CA certificate bundle in RabbitMQ container.
 
@@ -28,6 +28,9 @@ def __init__(self, module):
         self.changed = False
         # Use this to store arguments to pass to exit_json().
         self.result = {}
+        # Populated by compare_config() when config differs, so diff_config()
+        # can surface the output without running the exec a second time.
+        self._config_diff = None
 
         self.systemd = SystemdWorker(self.params)
 
@@ -57,36 +60,182 @@ def check_container(self):
 
     def compare_container(self):
         container = self.check_container()
-        if (not container or
-                self.check_container_differs() or
-                self.compare_config() or
-                self.systemd.check_unit_change()):
+        failures = []
+
+        if not container:
+            failures.append({'name': 'container_missing',
+                             'current': None,
+                             'desired': self.params.get('name')})
+        else:
+            container_info = self.get_container_info()
+            failures.extend(self.check_container_differs(container_info))
+            if self.compare_config():
+                failures.append({'name': 'config',
+                                 'current': self._config_diff,
+                                 'desired': 'up_to_date'})
+            if self.systemd.check_unit_change():
+                failures.append({'name': 'systemd_unit',
+                                 'current': 'out_of_date',
+                                 'desired': 'up_to_date'})
+
+        if failures:
             self.changed = True
+            self.result['comparison_failures'] = failures
+
         return self.changed
 
-    def check_container_differs(self):
-        container_info = self.get_container_info()
+    def check_container_differs(self, container_info=None):
+        """Return a list of dicts describing differences from the desired state
+
+        Each entry is a dict with keys:
+          - ``name``: the comparison that failed (e.g. ``'image'``)
+          - ``current``: the value found on the running container
+          - ``desired``: the value requested by the module parameters
+
+        An empty list means no differences were found.
+        """
+        if container_info is None:
+            container_info = self.get_container_info()
         if not container_info:
-            return True
+            return [{'name': 'container_info_missing',
+                     'current': None, 'desired': None}]
+
+        checks = [
+            'cap_add',
+            'security_opt',
+            'image',
+            'ipc_mode',
+            'labels',
+            'privileged',
+            'pid_mode',
+            'cgroupns_mode',
+            'tmpfs',
+            'volumes',
+            'volumes_from',
+            'environment',
+            'container_state',
+            'dimensions',
+            'command',
+            'healthcheck',
+        ]
+
+        failures = []
+        for name in checks:
+            if getattr(self, 'compare_' + name)(container_info):
+                diff = getattr(self, 'diff_' + name)(container_info)
+                failures.append({'name': name,
+                                 'current': diff[0],
+                                 'desired': diff[1]})
+        return failures
+
+    # ------------------------------------------------------------------
+    # diff_* methods: return (current, desired) for each comparison.
+    # These are only called when the corresponding compare_* has already
+    # returned True, so they can focus purely on extracting values.
+    # ------------------------------------------------------------------
+
+    def diff_ipc_mode(self, container_info):
+        current = container_info['HostConfig'].get('IpcMode') or None
+        return current, self.params.get('ipc_mode')
+
+    def diff_cap_add(self, container_info):
+        try:
+            current = container_info['HostConfig'].get('CapAdd') or []
+        except (KeyError, TypeError):
+            current = []
+        return sorted(current), sorted(self.params.get('cap_add', []))
 
-        return (
-            self.compare_cap_add(container_info) or
-            self.compare_security_opt(container_info) or
-            self.compare_image(container_info) or
-            self.compare_ipc_mode(container_info) or
-            self.compare_labels(container_info) or
-            self.compare_privileged(container_info) or
-            self.compare_pid_mode(container_info) or
-            self.compare_cgroupns_mode(container_info) or
-            self.compare_tmpfs(container_info) or
-            self.compare_volumes(container_info) or
-            self.compare_volumes_from(container_info) or
-            self.compare_environment(container_info) or
-            self.compare_container_state(container_info) or
-            self.compare_dimensions(container_info) or
-            self.compare_command(container_info) or
-            self.compare_healthcheck(container_info)
-        )
+    def diff_security_opt(self, container_info):
+        try:
+            current = container_info['HostConfig'].get('SecurityOpt') or []
+        except (KeyError, TypeError):
+            current = []
+        return sorted(current), sorted(self.params.get('security_opt', []))
+
+    def diff_image(self, container_info):
+        current = (container_info.get('Image') or
+                   container_info.get('Config', {}).get('Image'))
+        return current, self.params.get('image')
+
+    def diff_labels(self, container_info):
+        current = container_info['Config'].get('Labels', {})
+        desired = self.params.get('labels')
+        return current, desired
+
+    def diff_privileged(self, container_info):
+        current = container_info['HostConfig'].get('Privileged')
+        return current, self.params.get('privileged')
+
+    def diff_pid_mode(self, container_info):
+        current = container_info['HostConfig'].get('PidMode') or None
+        desired = self.params.get('pid_mode')
+        return current, desired
+
+    def diff_cgroupns_mode(self, container_info):
+        current = (container_info['HostConfig'].get('CgroupnsMode') or
+                   container_info['HostConfig'].get('CgroupMode') or 'host')
+        return current, self.params.get('cgroupns_mode')
+
+    def diff_tmpfs(self, container_info):
+        current = list(container_info['HostConfig'].get('Tmpfs') or [])
+        desired = list(self.generate_tmpfs() or [])
+        return sorted(current), sorted(desired)
+
+    def diff_volumes(self, container_info):
+        volumes, binds = self.generate_volumes()
+        current_vols = list(container_info['Config'].get('Volumes') or [])
+        current_binds = list(container_info['HostConfig'].get('Binds') or [])
+        desired_vols = list(volumes or [])
+        desired_binds = []
+        if binds:
+            for k, v in binds.items():
+                desired_binds.append('{}:{}:{}'.format(k,
+                                                       v['bind'],
+                                                       v['mode']))
+        return {'volumes': current_vols, 'binds': sorted(current_binds)}, \
+               {'volumes': desired_vols, 'binds': sorted(desired_binds)}
+
+    def diff_volumes_from(self, container_info):
+        current = list(container_info['HostConfig'].get('VolumesFrom') or [])
+        desired = list(self.params.get('volumes_from') or [])
+        return sorted(current), sorted(desired)
+
+    def diff_environment(self, container_info):
+        current_env = {}
+        for kv in container_info['Config'].get('Env', []):
+            k, v = kv.split('=', 1)
+            current_env[k] = v
+        desired_env = self.params.get('environment', {})
+        # Only show keys that are actually different
+        return sorted(current_env), sorted(desired_env)
+
+    def diff_container_state(self, container_info):
+        current = container_info['State'].get('Status')
+        desired = self.params.get('state')
+        return current, desired
+
+    def diff_dimensions(self, container_info):
+        new_dimensions = self.params.get('dimensions')
+        current_dimensions = container_info['HostConfig']
+        current = {k2: current_dimensions.get(k2)
+                   for k1, k2 in self.dimension_map.items()
+                   if k1 in new_dimensions}
+        desired = {self.dimension_map[k]: v
+                   for k, v in new_dimensions.items()
+                   if k in self.dimension_map}
+        return current, desired
+
+    def diff_command(self, container_info):
+        current = '{} {}'.format(
+            container_info.get('Path', ''),
+            ' '.join(container_info.get('Args', []))
+        ).strip()
+        return current, self.params.get('command')
+
+    def diff_healthcheck(self, container_info):
+        current = container_info['Config'].get('Healthcheck')
+        desired = self.params.get('healthcheck')
+        return current, desired
 
     def compare_ipc_mode(self, container_info):
         new_ipc_mode = self.params.get('ipc_mode')
@@ -172,7 +321,7 @@ def compare_labels(self, container_info):
             if k in new_labels:
                 if v != new_labels[k]:
                     return True
-            else:
+            elif k in current_labels:
                 del current_labels[k]
 
         if new_labels != current_labels:
 
@@ -158,6 +158,7 @@ def compare_config(self):
             # in the mean time) - assume config is stale = return True.
             # Else, propagate the server error back.
             if e.is_client_error():
+                self._config_diff = 'container unavailable for config check'
                 return True
             else:
                 raise
@@ -169,11 +170,14 @@ def compare_config(self):
         if exec_inspect['ExitCode'] == 0:
             return False
         elif exec_inspect['ExitCode'] == 1:
+            self._config_diff = (output.decode('utf-8') if
+                                 isinstance(output, bytes) else output)
             return True
         elif exec_inspect['ExitCode'] == 137:
             # NOTE(yoctozepto): This is Docker's command exit due to container
             # exit. It means the container is unstable so we are better off
             # marking it as requiring a restart due to config update.
+            self._config_diff = 'container exited abruptly during config check'
             return True
         else:
             raise Exception('Failed to compare container configuration: '
 
@@ -298,15 +298,6 @@ def get_container_info(self):
 
         return container.attrs
 
-    def compare_container(self):
-        container = self.check_container()
-        if (not container or
-                self.check_container_differs() or
-                self.compare_config() or
-                self.systemd.check_unit_change()):
-            self.changed = True
-        return self.changed
-
     def compare_cap_add(self, container_info):
         new_cap_add = self.params.get('cap_add', list()).copy()
 
@@ -526,6 +517,7 @@ def compare_config(self):
             container = self.pc.containers.get(self.params['name'])
             container.reload()
             if container.status != 'running':
+                self._config_diff = 'container not running during config check'
                 return True
 
             rc, raw_output = container.exec_run(COMPARE_CONFIG_CMD,
@@ -535,6 +527,7 @@ def compare_config(self):
         # expect that config is stale so we return True and recreate container
         except APIError as e:
             if e.is_client_error():
+                self._config_diff = 'container unavailable for config check'
                 return True
             else:
                 raise
@@ -545,6 +538,8 @@ def compare_config(self):
         if rc == 0:
             return False
         elif rc == 1:
+            self._config_diff = (raw_output.decode('utf-8') if
+                                 isinstance(raw_output, bytes) else raw_output)
             return True
         else:
             raise Exception('Failed to compare container configuration: '
 
@@ -54,7 +54,7 @@ ironic_services:
     # NOTE(mgoddard): This container is always enabled, since may be used by
     # the direct deploy driver.
     enabled: true
-    image: "{{ ironic_pxe_image_full }}"
+    image: "{{ ironic_http_image_full }}"
     volumes: "{{ ironic_http_default_volumes + ironic_http_extra_volumes }}"
     dimensions: "{{ ironic_http_dimensions }}"
     healthcheck: "{{ ironic_http_healthcheck }}"
@@ -146,6 +146,10 @@ ironic_prometheus_exporter_image: "{{ docker_image_url }}ironic-prometheus-expor
 ironic_prometheus_exporter_tag: "{{ ironic_tag }}"
 ironic_prometheus_exporter_image_full: "{{ ironic_prometheus_exporter_image }}:{{ ironic_prometheus_exporter_tag }}"
 
+ironic_http_image: "{{ docker_image_url }}httpd"
+ironic_http_tag: "{{ ironic_tag }}"
+ironic_http_image_full: "{{ ironic_http_image }}:{{ ironic_http_tag }}"
+
 ironic_api_dimensions: "{{ default_container_dimensions }}"
 ironic_conductor_dimensions: "{{ default_container_dimensions }}"
 ironic_tftp_dimensions: "{{ default_container_dimensions }}"
 
@@ -5,7 +5,6 @@ transport_url = {{ rpc_transport_url }}
 
 # NOTE(elemoine) log_dir alone does not work for Keystone
 log_file = /var/log/kolla/keystone/keystone.log
-use_stderr = true
 
 [oslo_middleware]
 enable_proxy_headers_parsing = true
 
@@ -25,7 +25,7 @@ letsencrypt_lego_image: "{{ docker_image_url }}letsencrypt-lego"
 letsencrypt_lego_tag: "{{ letsencrypt_tag }}"
 letsencrypt_lego_image_full: "{{ letsencrypt_lego_image }}:{{ letsencrypt_lego_tag }}"
 
-letsencrypt_webserver_image: "{{ docker_image_url }}letsencrypt-webserver"
+letsencrypt_webserver_image: "{{ docker_image_url }}httpd"
 letsencrypt_webserver_tag: "{{ letsencrypt_tag }}"
 letsencrypt_webserver_image_full: "{{ letsencrypt_webserver_image }}:{{ letsencrypt_webserver_tag }}"
 
 
@@ -1,5 +1,6 @@
 {% set letsencrypt_apache_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}
 {% set apache_binary = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}
+{% set apache_user = 'www-data' if kolla_base_distro in ['ubuntu', 'debian'] else 'apache' %}
 
 {
     "command": "/usr/sbin/{{ apache_binary }} -DFOREGROUND",
@@ -16,5 +17,12 @@
             "owner": "root",
             "perm": "0600"
         }{% endif %}
+    ],
+    "directories": [
+        {
+            "path": "/var/log/kolla/letsencrypt",
+            "owner": "{{ apache_user }}",
+            "perm": "0755"
+        }
     ]
 }
@@ -1,6 +1,5 @@
 [fwaas]
 enabled = true
-agent_version = v2
 driver = iptables_v2
 
 [service_providers]
 
@@ -87,3 +87,30 @@
   when:
     - not ansible_check_mode
     - opensearch_retention_policy_check.status == 404
+
+- name: Create OpenSearch Dashboards Index Pattern
+  become: true
+  kolla_toolbox:
+    container_engine: "{{ kolla_container_engine }}"
+    module_name: uri
+    module_args:
+      url: "{{ opensearch_dashboards_internal_endpoint }}/api/saved_objects/index-pattern/{{ opensearch_log_index_prefix }}-pattern"
+      method: POST
+      status_code: 200, 409
+      url_username: "{{ opensearch_dashboards_user }}"
+      url_password: "{{ opensearch_dashboards_password }}"
+      force_basic_auth: true
+      headers:
+        osd-xsrf: "true"
+      body:
+        attributes:
+          title: "{{ opensearch_log_index_prefix }}-*"
+          timeFieldName: "@timestamp"
+      body_format: json
+      ca_path: "{{ openstack_cacert }}"
+  register: opensearch_index_pattern_create
+  changed_when: opensearch_index_pattern_create.status == 200
+  delegate_to: "{{ groups['opensearch'][0] }}"
+  run_once: true
+  when:
+    - not ansible_check_mode
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`{% set letsencrypt_apache_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}`
`2`	`2`	`{% set apache_binary = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}`
	`3`	`+{% set apache_user = 'www-data' if kolla_base_distro in ['ubuntu', 'debian'] else 'apache' %}`
`3`	`4`
`4`	`5`	`{`
`5`	`6`	`"command": "/usr/sbin/{{ apache_binary }} -DFOREGROUND",`
`@@ -16,5 +17,12 @@`
`16`	`17`	`"owner": "root",`
`17`	`18`	`"perm": "0600"`
`18`	`19`	`}{% endif %}`
	`20`	`+ ],`
	`21`	`+ "directories": [`
	`22`	`+ {`
	`23`	`+ "path": "/var/log/kolla/letsencrypt",`
	`24`	`+ "owner": "{{ apache_user }}",`
	`25`	`+ "perm": "0755"`
	`26`	`+ }`
`19`	`27`	`]`
`20`	`28`	`}`