kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
* remove ceilometer-api and ceilometer-collector service
* use ceilometer-notification to publish message to proper backend
* remove useless ceilometer_database_type and ceilometer_event_type
variables
* sync event_definitions.yaml, event_pipeline.yaml and pipeline.yaml
file with upstream
Change-Id: Ib39053cb5f70bd11ee61d3f26d5b28accecd7190
timeout options are added to glance-api but not for glance_api_external,
it should be added there also.
Change-Id: Idbd3dabbe24a5c71e70154dfde96c5c70eeefc10
Partial-bug: 1675637
Haproxy fails to deploy if outward group is not
in inventory.
This change adds an optional outward setting for
haproxy
Change-Id: I351578582b1057bb48ac69859583a5db13f0bfb8
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
always_run is deprecated and removed in Ansible 2.4
check_mode is introduced in Ansible 2.2 and Kolla-ansible bump Ansible to
2.2.0 so it's safe to replace always_run by check_mode now.
Change-Id: Id1028d38b7bde30a6afe17b319dcdc77907914ab
Closes-Bug: #1643633
Implements: blueprint migrate-to-ansible-2-2-0
This patch introduces the ansible materials to deploy
the skydive service, that can be used to monitor and
troubleshoot networking in an openstack deployment.
Implements: blueprint skydive-service
Co-Authored-By: Nicolas Bouron <nicolas.bouron@gmail.com>
Signed-off-by: Mathieu Rohon <mathieu.rohon@gmail.com>
Change-Id: I53051a1b0c85380416288e17040a398b6efb62c0
In Ansible 2.3.0 when statements should not include jinja2 templating
delimiters such as {{ }} or {% %}
This patchset fixes all condition in precheck task of haproxy.
Change-Id: I5ad234cf24133efe342956c1b7ab1b947f96b20f
Partial-Bug: #1695142
Many of the templates use 600, remove unnecessary permission
on these templates to bring them in line with the others.
Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27
At this moment prechecks pass even external_vip_interface
is not present or active.
This change adds such precheck into haproxy role.
Change-Id: I7a5ac4aca7002ff8376710ab536b975c88edebc6
Closes-Bug: #1668489
At this moment haproxy config.yml notifies
handlers that are not skipped when running
genconfig
Change-Id: I2eab18e3ba709075f21f8dce323fcb2acef43de5
Closes-Bug: #1664674
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
HAproxy always restart containers when doing reconfigure.
compare_container not evaluate privileged while the containers
are privileged.
compare_container always evaluates true because of this.
Closes-Bug: #1678122
Change-Id: Iaea80c1e09ef16a6d2530a75e6f37e6259bb4ca7
Source based routing is necessary for some services where we want the
same clients land to the same servers.
For exanmple, Keystone uses one of many memcached servers - if a client
gets a token from one but then lands on another api server on the next
request, that will bind to another cache and we get failed
authentication.
Other examples are horizon/murano where we upload a package in several
steps. If we don't balance client connections to the same host we will
end up with the package downloaded to one host but unsuccessfully
unpacked/imported on another host.
This option is commonly used in the official OpenStack docs [0]
[0] https://docs.openstack.org/ha-guide/controller-ha-haproxy.html
Co-Authored-By: James McCarthy <james.m.mccarthy@oracle.com>
Change-Id: I56f1e48f6dbe457e776a474222073bbefc48c92a
Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-implements: bp add-zun-ansible-role
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
* Move the tasks to the role
* Skip the task when container is already running
Change-Id: I1990d4dd2a02efa2b3766329000aa23419e0ff17
Closes-Bug: #1670286
- remove the unnecessary blank
- add "ironic_inspector" into its own prechecks and haproxy prechecks
Change-Id: Id542971057a9116eef679f1eb0827266eb18ba30
Closes-bug: #1668178
With this fix operator can tune client/server timeouts of HAProxy
to avoid receiving '504' for lengthy requests by API clients.
Change-Id: I12611b34f99759e6b6527fea3768a971c9fbdd71
Closes-Bug: #1662506
Unify order on all precheck tasks to use the same.
Add the missing solum condition prchecks and keep the
location by alphabet.
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Co-Authored-By: Francisco Edigleison Barbosa <barbosaedigleison@gmail.com>
Co-Authored-By: caoyuan <cao.yuan@99cloud.net>
Change-Id: I8f48cc269b0ee8092b36b310baf4680c046c53a5
Partially-implements: blueprint condition-pre-check
