Removed code try to install Wily(15.10) kernel in case of Ubuntu
Trusty(14.04).
Last Openstack version supported on Ubuntu 14.04 is Mitaka.
Hence Ubuntu 14.04 related code can be safely remove from Ansible tasks
since Kolla Newton release.
Co-Authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
Change-Id: Ieca7975a69fb0ba8b49cc522f05e4beca1c2f526
The static contents directory path of the openstack-dashboard
provided by Ubuntu Cloud Archive is different from RDO's.
This fixes the horizon.conf template to set the correct alias
when ubuntu+binary are specified.
Change-Id: I1b0c04cecc66b42bf764aa035e7ec24c37d805e3
Closes-Bug: #1700712
ResellerAdmin role should be created always when Swift is enabled
and not only for Ceilometer. The role is needed for normal users
to get administration rights for their Swift projects and is
required to pass DefCore (OpenStack Powered) certification.
Change-Id: I4faa63b8fae1814e382de2794301248cc0f4a90a
Closes-Bug: #1700729
In case of provider networks we need to configure external bridge
on compute nodes, like it is done in DVR. The only way to tell
if provider networks are to be used is a new flag.
Change-Id: I1aef197ee2b84e28f2131f058e6995551f873fe1
Closes-Bug: #1694726
No handler named "Restart tacker containers", and we should restart
the tacker container according to the context
Change-Id: Idad8843e85eeb536d7abf8332606801f5b6e78ce
Closes-Bug: #1700007
No handler named "Restart keystone containers", and we should restart
the keystone and the keystone-fernet container according to the context
Closes-Bug: #1699924
Change-Id: I62512dc022426cc762ff603d8554e48651fa621f
When you add new nodes to existing cluster, docker will restart
all anyway and that will break a lot, including mariadb.
Change-Id: Ie46f99a141f99480a87218ead4b76ba65f2edae9
Closes-Bug: #1699335
When using the simple_crypto plugin, barbican expects the
[simple_crypto_plugin] kek config value to be a base64-encoded 32 byte
value. However, kolla-ansible is providing a standard autogenerated
password.
There are two relevant variables in kolla-ansible -
barbican_crypto_password (a standard password) and barbican_crypto_key
(a HMAC-SHA256 key). There is no use of barbican_crypto_key other than
when it is generated. barbican_crypto_password is used to set the
[simple_crypto_plugin] kek config value but causes an error when the
simple_crypto plugin is used as the value is not in the expected format.
Using barbican_crypto_key instead resolves the error. Clearly there is a
naming issue here and we should be using barbican_crypto_key instead of
barbican_crypto_password.
This change removes the barbican_crypto_password variable and uses
barbican_crypto_key instead.
Change-Id: I63e2b381c260265e5901ee88ca0a649d96952bda
Closes-Bug: #1699014
Related-Bug: #1683216
Co-Authored-By: Stig Telfer <stig@stackhpc.com>
This patch add configuration options for tenant network types and type
drivers. Both lists are checked so that tenant types are listed in
drivers. For ironic 'flat' driver is mandatory and is added explicitly
into ironic prechecks.
Change-Id: Ie5775001165412910a258cbed2d2ebbb8ebbd879
Closes-Bug: #1694725
Sometimes Ansible is faster running tasks that haproxy tagging Keystone
services as UP. Keystone bootstrap uses SQL directly but the default
user role creation requires the API, and because of that it may fail.
Retry in case the backend is not yet available.
Change-Id: I9dfc030bbf92ca0a3dcb008d55e9fa2055f900ec
Closes-Bug: 1699096
Haproxy fails to deploy if outward group is not
in inventory.
This change adds an optional outward setting for
haproxy
Change-Id: I351578582b1057bb48ac69859583a5db13f0bfb8
Implement an ansible role that adds Hyper-V as a compute node for
OpenStack using Kolla.
This will install and configure the Nova Compute service, the
Hyper-V Neutron agent and FreeRDP-WebConnect.
https://docs.openstack.org/ocata/config-reference/compute/hypervisor-hyper-v.html
Change-Id: I601835b0769c5ff173a980a05a752391ae8cc82f
Implements: blueprint hyperv-ansible-role
Co-Authored-By: Alessandro Pilotti <apilotti@cloudbasesolutions.com>
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
always_run is deprecated and removed in Ansible 2.4
check_mode is introduced in Ansible 2.2 and Kolla-ansible bump Ansible to
2.2.0 so it's safe to replace always_run by check_mode now.
Change-Id: Id1028d38b7bde30a6afe17b319dcdc77907914ab
Closes-Bug: #1643633
Implements: blueprint migrate-to-ansible-2-2-0
On many systems IPv6 related modules are not loaded by default.
Usually when one runs ip6tables-* commands required modules are
probed. In neutron_openvswitch_agent container /lib/modules
does not exist. The commands fail to process ip6 firewall
rules as consequence.
Change-Id: Ic4e72eb4f5304f013b7a09ddd31794cfafa67e0b
Closes-Bug: #1615715
