When bootstrap compute hosts for XenAPI, it will generate a facts
file for each compute node. It contains some XenAPI specific variables
for both the compute host and the XenServer where the compute host
run on. This commit is to fetch the facts file into deployment host
and put it under a centralized directory - each compute host will
have a separate sub-dir which is named with its *inventory_hostname*.
In this way, the following tasks can use proper variable from the
proper facts file which exactly belongs to the host they running on.
Change-Id: I68d1a2d098d38c8e6bf4db76cdaf1f0465831822
blueprint: xenserver-support
- Keystone
- Glance
- Nova
- Cinder
This will copy only yaml or json policy file if they exist.
Change-Id: I4a9415d82322aed68c9b7650bdf346f58fa49e2a
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
This is to add a bootstrap task for XenAPI to bootstrap the compute
node. One compute node is composed with a XenServer and a DomU VM
running on the XenServer. Before it's ready for deploying OpenStack
sevices on it, we need bootstrap it firstly. The package of
python-os-xenapi contains a tool and some utils which were developed
to finish all of the needed bootstrap tasks
e.g.:
1. configure himn(host internal management network)
2. configure ipatables to allow traffic
3. install xapi plugins to dom0
4. gather XenAPI facts and save them into a file
...
The task added in this commit is to invoke that tool so that the
bootstrap tasks can be completed automatically during kolla deployment.
Depends-On: Ie2d7d40f2755580aac4a10f3d302190a8bd4fe6f
Change-Id: I1500535a1c9a085bcbfec5db5fbddcf040e6892d
blueprint: xenserver-support
through the database_address has beed defined in groups_vars/all.yml, we should
better use it, this way, if we want to use external database, we just need to
redefined in all.yml
refer to https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L83
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
Change-Id: Ie559301451954e16347ceaabf02f594c5c5cbe56
The envirenment variable LIBGUESTFS_BACKEND = direct
is not enabled by default in docker container.
Without it, GuestFS() init failed.
Closes-Bug: #1742029
Change-Id: I24330502df7abc8e8f952ebb41bd9ae5e4ba1168
Add ansible role to deploy blazar
Add nova filters to allow use of blazar
Change-Id: I6742ddc9a4736f256491dd0cfd31904fa8eb5652
Implements: blueprint blazar-ansible-role
Instance failed to spawn: libvirtError: unsupported configuration: CPU
mode 'host-model' for aarch64 kvm domain on aarch64 host is not
supported by hypervisor.
Change-Id: Iad530457aef24ee8f561a8f7d2c6c6150c55bc42
On AArch64 we run VMs without any graphics so nova console is not
available. For now we had to disable it by hand but it can be automated.
Change-Id: Ib903044493ca98c0dd29d3096f66272e130668b0
upgrade action no need to create endpoint, project, user, and role.
so the register.yml is unnecessary for upgrade.yml. this patch to
remove it.
Change-Id: I7e8d2c03cc596a551cd3e4b9b5214098d666f7ca
Closes-Bug: #1737071
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
When using XenAPI as the virt driver, we need some XenAPI
specific configure options. This commit is to ensure nova's
configuration can be generated correctly for XenAPI. It
includes the folowing changes:
* Add XenAPI as one of the valid options for nova_compute_virt_type;
* Configure some options when XenAPI is chosen as the virt type.
This commit does NOT include the host and [vnc] configurations which
will be covered by a following commit.
References:
* XenServer (and other XAPI based Xen variants):
https://docs.openstack.org/nova/pike/admin/configuration/hypervisor-xen-api.html
* XenCenter HIMN plugin (adding HIMN network which is used by XenAPI driver to
communicate with XenServer):
https://github.com/citrix-openstack/xencenter-himn-plugin
* nova configuration options:
https://docs.openstack.org/nova/pike/configuration/config.html
Change-Id: Id34d247ab78976627f8e70685f27470b254cd418
blueprint: xenserver-support
This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends
This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note
Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185
Add become to only neccesary tasks in roles:
- glance
- heat
- horizon
- keystone
- neutron
- nova
- openvswitch
Gate is also updated to use 'become' feature
Change-Id: I2f3f27306e9f384148e1ad4d54d8da2ebef34d00
Partial-Implements: blueprint ansible-specific-task-become
When deploying with tls enabled in public
endpoints, ansible modules fails due SSL certificates
are self-signed.
This change adds a new variable to allow customization
on which endpoints ansible should connect.
Defaults to admin because admin auth parameters defaults
to admin endpoint.
Change-Id: Ic3ed58cf9c9579cae08a11bbfe6fce983b5a9cbc
Closes-Bug: #1720995
The value set for "secure_proxy_ssl_header" should be
"HTTP_X_FORWARDED_PROTO" and not "X-Forwarded-Proto".
Change-Id: I7f4cc4871164ca9096a190101c179daa41e1ae9a
Closes-Bug: #1719325
This patch includes three unrelated fixes.
Make qemu use nova user in centos
Libvirt 3.2.0 (latest version in centos) seems to
have changed behavior of dynamic_ownership.
Pin ansible to <2.4 to make ara work in gates
ARA does not work yet with ansible 2.4, this change
pins to lower version to make gates work.
Revert once ara works with 2.4
Disable selinux for oraclelinux and centos.
Co-Authored-By: wanghongxu <wang19930902@gmail.com>
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Iac8bec19437192cd198d58f71c6ed0a65a76f820
Closes-bug: #1718541
Actually Openstack services configuration can be overriden using many
files:
- /etc/kolla/config/<< service name >>/<< config file >>
- /etc/kolla/config/<< service name >>/<<host>>/<< config file >>
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
Only per-service configuration is actually documented here:
https://github.com/openstack/kolla-ansible/blob/master/doc/advanced-configuration.rst#L164
Allowing to globally modify service configuration can be perform too,
but it can be done in 3 different manners, all not documented:
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
database.conf and messaging.conf seems redundant with global.conf.
In order to simplify codebase it seems logical to remove them.
Documentation has been added for overriding configuration globally and
release note has been added too.
Closes-Bug: #1682479
Change-Id: I5d922dfc0d938173bad34ac64e490b78db1b7e31
ipc_mode=host is required after enabled multipath in nova.
Closes-Bug: #1713639
Depends-On: I0a1d85597999415cab11feb71a7fdfd7af3f7148
Change-Id: Ib0b8961a47b686b6c35456768bbbccc741cb7adf
Existing defaults are setup for tcp, and set ca_file to an empty string.
'If you set this to an empty string, then no trusted CA certificate is loaded.'
libvirt may complain 'unsupported configuration: No server certificate path
set to match server key', as such tls should also be explicitly set to 0.
Change-Id: I49c64808cb236dab1d9fa2e699d0a2f2fc54cc99
Implements compute part of the blueprint.
Make virt_type of nova_compute configerable.
Change-Id: I0f37e49e09c4f14a64797506007bb55a6f534f0f
Partially-implements: blueprint kolla-ansible-support-vsphere
Co-Authored-By: shaofeng cheng <chengsf@winhong.com>
Currently nova.conf.j2 generates two compute_driver options for
nova_compute_ironic container like this:
compute_driver = ironic.IronicDriver
compute_driver = libvirt.LibvirtDriver
nova_compute_ironic container fails to start because the latter value
overrides the former one.
This patch fixes the issue recently introduced in [1].
[1] 63314ad6dd181a0e975438de2e99409238f1b775
Change-Id: Ibb661a5a594120be4195d331c38883c3b2886361
Closes-Bug: #1706534
Trace method is enabled in default for httpd. There is security risk
with trace enabled. So disable it in default. more info please check[0].
[0] https://security.stackexchange.com/a/7711
Change-Id: I4496a6d058d88e1abfb210085f189e7a610e0362
Closes-Bug: #1705160
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
