kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
* remove ceilometer-api and ceilometer-collector service
* use ceilometer-notification to publish message to proper backend
* remove useless ceilometer_database_type and ceilometer_event_type
variables
* sync event_definitions.yaml, event_pipeline.yaml and pipeline.yaml
file with upstream
Change-Id: Ib39053cb5f70bd11ee61d3f26d5b28accecd7190
timeout options are added to glance-api but not for glance_api_external,
it should be added there also.
Change-Id: Idbd3dabbe24a5c71e70154dfde96c5c70eeefc10
Partial-bug: 1675637
Haproxy fails to deploy if outward group is not
in inventory.
This change adds an optional outward setting for
haproxy
Change-Id: I351578582b1057bb48ac69859583a5db13f0bfb8
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
This patch introduces the ansible materials to deploy
the skydive service, that can be used to monitor and
troubleshoot networking in an openstack deployment.
Implements: blueprint skydive-service
Co-Authored-By: Nicolas Bouron <nicolas.bouron@gmail.com>
Signed-off-by: Mathieu Rohon <mathieu.rohon@gmail.com>
Change-Id: I53051a1b0c85380416288e17040a398b6efb62c0
Many of the templates use 600, remove unnecessary permission
on these templates to bring them in line with the others.
Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27
Source based routing is necessary for some services where we want the
same clients land to the same servers.
For exanmple, Keystone uses one of many memcached servers - if a client
gets a token from one but then lands on another api server on the next
request, that will bind to another cache and we get failed
authentication.
Other examples are horizon/murano where we upload a package in several
steps. If we don't balance client connections to the same host we will
end up with the package downloaded to one host but unsuccessfully
unpacked/imported on another host.
This option is commonly used in the official OpenStack docs [0]
[0] https://docs.openstack.org/ha-guide/controller-ha-haproxy.html
Co-Authored-By: James McCarthy <james.m.mccarthy@oracle.com>
Change-Id: I56f1e48f6dbe457e776a474222073bbefc48c92a
Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-implements: bp add-zun-ansible-role
With this fix operator can tune client/server timeouts of HAProxy
to avoid receiving '504' for lengthy requests by API clients.
Change-Id: I12611b34f99759e6b6527fea3768a971c9fbdd71
Closes-Bug: #1662506
Implement ansible role to deploy designate
and dependencies. The backend used is bind9.
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>
Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>
Depends-On: 6d0dc3e0f931c7c50b64a4659900cc50b0d860a2
Implements: blueprint ansible-designate
Change-Id: I34d8126e0cd8d71d5ced9b62f3776cc354fbb549
Haproxy often breaks mysql connections that results in
"MySQL server has gone away" or similar because of 1 minute
timeouts. Instead the timeouts should be not less than mysql
connections timeouts - in most cases set to 3600s by default
by OpenStack projects.
Change-Id: Ic364f6942cdc6c2f274a508ae548bf964b098da4
Closes-Bug: #1645098
Searchlight is an Openstack search and index service, this patch
implements the ansible role for searchlight.
Implement blueprint: support-searchlight-deployment
Change-Id: Ibf42d5b259a6740d6596041f896e1009657b7388
By default HAProxy send pre-4.1 authentication packets which are cause
warnings on server side. To use modern MySQl authentication mysql-check
configuration have to include post-41 option.
Change-Id: I88609d3a0cc3ce4a10e64ba65230ba4d97f34419
Closes-Bug: 1629911
- Add mistral in HAproxy
- Set mistral api to bind on api_interface
- Fix mistral endpoint
- Add database population on bootstraping
- Add mistral port prechecks
Change-Id: If1617fb9dcd8b3bbd4f94c68ca87c36e39711016
Closes-Bug: #1626570
