Trace method is enabled in default for httpd. There is security risk
with trace enabled. So disable it in default. more info please check[0].
[0] https://security.stackexchange.com/a/7711
Change-Id: I4496a6d058d88e1abfb210085f189e7a610e0362
Closes-Bug: #1705160
In order to speed up deployment time some "local" actions should be run
only once using 'run_once: True'.
This will decrease deployment time in case of multihost configuration.
Change-Id: I6015d772d35c15e96c52f577013b6e41197cb41a
Ansible task support vars directive, no need implement another one in
merge_config. This patch remove the vars directive in merge_config
action plugin.
Change-Id: I33648a2b6e39b4d49ce76eb66fbf2522721f8c68
In case Kolla's users want to deploy with both of
binary and source image, we should have a variable
install type that define install type for each project.
We also add specific image tag for each Openstack project.
This commit is implemented for Designate, Gnocchi and Heat projects.
Change-Id: I07451750e70e0e6305dca451422e33cd31ce8a4c
Implements: blueprint mixing-binary-and-source-image
Many of the templates use 600, remove unnecessary permission
on these templates to bring them in line with the others.
Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
Usernames can be configured with variables in
configuration files, but user creation is hardcoded.
Change-Id: I057cfb921d776217db66f59226dcfa79f3eb7368
Closes-Bug: #1661587
gnocchi use auth_mode option to load the proper middleware. So no need
to change the api-paste.ini file anymore.
Change-Id: Id69a3301225b49c94951f6c33376ebb8d5362efb
At present, cinder/nova/glance/gnocchi relative containers's
ceph.conf aren't be merge from user custom's config.
In some condition, we should add extra parameter to custom's
ceph.conf, for example:rbd_default_features = 1.
So, it is necessary to use merge_configs instead of template.
Closes-Bug: #1656162
Change-Id: I824e0c68af270b85c52382ae35987213266fc6f6
Currently, policy.json is put in
"{{ node_config_directory }}/{{ service_name }}"
in target nodes.
Relocation policy.json to "{{ node_config_directory }}/{{ item }}"
with item is corresponding service compoment config directory.
Currently, the policy.json is copied to all services, but it
should be reviewed and left only in neccesary service
(at many cases, only API service needs that).
Redundant files will be removed in follow up patchset.
Change-Id: I0e997dccf4ec438c9c0436db71ec2fd06650f50d
Closes-Bug: #1639686
In destination path gnocchi keyring file, keyring spelling is
written as keryring.
Change-Id: I8e0ad26dec9a61206692b0f3f2de7b318ded172d
Closes-Bug: #1642621
Allow operators to use their custom policy files.
Avoid maintain policy files in kolla repos, only copying
the files when an operator add their custom config.
Implements: blueprint custom-policies
Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862
Add /etc/localtime:/etc/localtime:ro to volume for aodh, barbican, etcd,
gnocchi, kuryr and sahara.
All the containers are added in Netwon cycle, so no need to backport
Closes-Bug: #1633049
Change-Id: I9cdba54cf730af44fb1a9ff6f2c936d23dadbe9a
Gnocchi previously lacked high availability. We consider a lack of HA
in our a vast majority of operator oriented services to be a defective
design choice. this change integrates gnocchi with ceph to resolve the
the lack of HA.
Closes-Bug: #1626623
Change-Id: I71c5137842cb48bc4af0e50a2952df5631d0d6df
* mount gnocchi volume for gnocchi-api and gnocchi-statsd
* fix the failed of gnocchi-api
* use gnocchi user when running gnocchi-upgrade
* use the app.wsgi file in python path directly, rather than copy it to
/var/www/cgi-bin/gnocchi/app file
TrivialFix
Change-Id: Ie026b8f44cd8e9703bf115cebb4e2d50b114a3a2
do_reconfigure.yml is introduced to use serial directive. But we use
it in wrong. Now serial has moved to playbook file. So it is time to
remove the do_reconfigure.yml file
Closes-Bug: #1628152
Change-Id: I8d42d27e6bc302a0e575b0353956eaef9b2ca9fd
* Rename gnocchi-api-paste.ini to api-paste which is used in gnocchi
* Copy api-paste.ini to /etc/gnocchi in container
TrivialFix
Change-Id: I0ea5d947f3a4323e641a041fb190cae3031d36b2
Useful for upgrade etc., which is preferablly done serially.
Example usage: tools/kolla-ansible deploy OR tools/kolla-ansible upgrade
Closes-Bug: #1576708
DocImpact
Change-Id: I34b2e16f8ce53e472a4682a4738c4ac0f5abf00c
