Add a new variable 'kolla_devmode', which when enabled, clones and
bindmounts service source code into the containers.
This commit adds the relevant changes for Heat, more services can be
added and built upon.
Usage:
* Set 'kolla_devmode: yes'
* Code is cloned to /opt/stack/{{ project_name }} on target
node(s)
* Users can develop in these repos, and simply restart the container to
pick up / test changes.
Debugging can be done from the host via 'remote_pdb'[0].
[0] https://pypi.python.org/pypi/remote-pdb
Implements: blueprint mount-sources
Change-Id: Ic0431b10d723bf84eeefc72039376fe0058dd902
In case Kolla's users want to deploy with both of
binary and source image, we should have a variable
install type that define install type for each project.
We also add specific image tag for each Openstack project.
This commit is implemented for Designate, Gnocchi and Heat projects.
Change-Id: I07451750e70e0e6305dca451422e33cd31ce8a4c
Implements: blueprint mixing-binary-and-source-image
The Orchestration service automatically assigns the heat_stack_user
role to users that it creates during stack deployment.
To avoid conflicts, do not add this role to users with the heat_stack_owner role.
Closes-Bug: #1690975
Change-Id: I7a4cb7f4a13de7be4fc9ce9c24057ece6a0ced5c
Heat-api-cfn need to point to keystone v3 version.
Otherwise heat fail while authenticating for scaling policies.
``AWS authentication failure.``
Change-Id: I1950cd7359d8ad589feced870de76f02ef2c8a76
Closes-Bug: #1672431
Wait conditions are commonly used by instances to signal various events
back to heat. These instances are unlikely to have access to the
internal API endpoints. OpenStack-Ansible had a similar issue[1] back in
juno and changed to use the public endpoint[2]. The code has now moved
but the default is still in place[3].
This change configures heat to advertise the public API as the endpoint
for wait conditions.
[1] https://bugs.launchpad.net/openstack-ansible/+bug/1459414
[2] https://review.openstack.org/#/c/186221/
[3] b1721a7460/defaults/main.yml (L48)
Change-Id: Id1d66aaa298efa8407db579a899a5aacebe1e6c7
Closes-Bug: #1688331
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
While in openstack deployment guides use Orchestration as
heat-cfn description, heat devstack plugin uses CloudFormation.
I think is more accurate and easier to know which service is.
Change-Id: I760c7e7baa46da57fd2fca9d5409f370a0c9065c
Closes-Bug: #1673421
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
heat-api kept redirecting clients to use http:// instead of https://
when communicating with our https:// only loadbalancer
Please examine the logic for enabling it carefully, it's hard to know
if it should be enabled or not, potenitially it could be a security
risk.
Based on openstack-ansible-os_heat:
commit 4033a0f854cba6719c61812ef5b553e932a6c6c2
Author: Kyle L. Henderson <kyleh@us.ibm.com>
Enable oslo_middleware proxy header parsing
"Heat has moved to using oslo_middleware for the http proxy header
parsing, however the default is to not parse the headers. When
the external protocol differs from the internal protocol this
parsing is required in order for heat to work properly since it
will return 302 redirects to the client during some operations
(such as delete stack).
An example of this is when using haproxy with https configured
for the external protocol and http for the internal protocol.
If the oslo_middleware does not parse the headers, then any
302 redirects would specify a url with http rather than
correctly specifying https and the heat client would fail to
connect on the redirect url."
Change-Id: I38661a0bc2163a7f72febd98b7ae6f51c5d45ad5
Usernames can be configured with variables in
configuration files, but user creation is hardcoded.
Change-Id: I057cfb921d776217db66f59226dcfa79f3eb7368
Closes-Bug: #1661587
A config generation check was added to a few services but the action
name checked was "genconfig" where the kolla-ansible genconfig command
actually uses the action name "config".
Stop run the handlers when action is "config".
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Partially-implements: blueprint better-reconfigure
Change-Id: I9d3be2f674087f340108b176c8e8e2209ffa8806
Making variable name "works" to "workers" for correct configuration
as followed in other services
Closes-Bug: #1655081
Change-Id: I333b7a7a98770e640db49e8103900957c629bad5
Currently, policy.json is put in
"{{ node_config_directory }}/{{ service_name }}"
in target nodes.
Relocation policy.json to "{{ node_config_directory }}/{{ item }}"
with item is corresponding service compoment config directory.
Currently, the policy.json is copied to all services, but it
should be reviewed and left only in neccesary service
(at many cases, only API service needs that).
Redundant files will be removed in follow up patchset.
Change-Id: I0e997dccf4ec438c9c0436db71ec2fd06650f50d
Closes-Bug: #1639686
Allow operators to use their custom policy files.
Avoid maintain policy files in kolla repos, only copying
the files when an operator add their custom config.
Implements: blueprint custom-policies
Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862
This will solve the following issue:
WARNING oslo_config.cfg [-] Option "auth_plugin" from group "trustee"
is deprecated. Use option "auth_type" from group "trustee".
Change-Id: I7343a4a28555495d22a7960bf4d585152505a79c
Closes-bug: #1632064
"project_domain_id" and "project_name"
cannot be specified [trustee] section or keystone will throw a
"cannot be scoped to multiple targets" error when we attempt to get
a token scoped to a trust.
Change-Id: I167c0e31835d05b8069fd931ef76fb337dd99207
Closes-Bug: #1628353
do_reconfigure.yml is introduced to use serial directive. But we use
it in wrong. Now serial has moved to playbook file. So it is time to
remove the do_reconfigure.yml file
Closes-Bug: #1628152
Change-Id: I8d42d27e6bc302a0e575b0353956eaef9b2ca9fd
Useful for upgrade etc., which is preferablly done serially.
Example usage: tools/kolla-ansible deploy OR tools/kolla-ansible upgrade
Closes-Bug: #1576708
DocImpact
Change-Id: I34b2e16f8ce53e472a4682a4738c4ac0f5abf00c
