3467 Commits

Author SHA1 Message Date
Jeffrey Zhang
0e453c1bd9 Use higher max memory for items in memcached
The default max memory is 64MB, which is too small for production
environment.

Change-Id: I72d87cd29762fe49ae4f711f092df655cea954a9
Closes-Bug: #1758286
2018-03-24 23:01:25 +08:00
Zuul
b42b1361ee Merge "New murano_auth section in Murano config" 2018-03-16 08:23:13 +00:00
Zuul
a4991c6973 Merge "Security reinforce for apache server" 2018-03-16 08:06:29 +00:00
ellen
62db01caa0 New murano_auth section in Murano config
Add the new murano_auth section to the Murano config
file so that Murano will deploy application packages.

Change-Id: I8ea7264759742e7af038b4cec346fc7ef7f7edcb
2018-03-15 10:09:44 -04:00
Zuul
e655430857 Merge "Specify 'become' for only necessary tasks (Queens roles)" 2018-03-14 17:15:24 +00:00
Jeffrey Zhang
f8cb527f78 Security reinforce for apache server
Disable ServerSignature and Hide apache related infromation.

Change-Id: I9188ddb85988539087c922117bb9f53454b7507c
2018-03-14 18:14:26 +08:00
Zuul
7dc385577f Merge "Add a configuration about docker runtime directory" 2018-03-14 07:14:46 +00:00
Zuul
01ccd0d394 Merge "Fix telegraf output for influxdb" 2018-03-13 13:55:04 +00:00
Duong Ha-Quang
542e1f87d1 Specify 'become' for only necessary tasks (Queens roles)
Add become to only neccesary tasks in roles:

- blazar
- opendaylight
- redis
- tempest
- vitrage

Change-Id: Ib3a48c1c21a19a23e87d2e465fd7012e3eee7565
Partial-Implements: blueprint ansible-specific-task-become
2018-03-13 15:55:31 +07:00
Zuul
ee00e3eeb3 Merge "Use www-data user for bifrost nginx log directory" 2018-03-13 08:24:31 +00:00
Zuul
e160734abc Merge "Workaround for Bifrost being unable to write to /etc/hosts" 2018-03-13 08:24:23 +00:00
Zuul
3b27a9fe20 Merge "Don't set mysql_service_name for bifrost" 2018-03-13 08:21:19 +00:00
Zuul
fde4f2112d Merge "Handle external ceph configs as templates" 2018-03-13 07:42:28 +00:00
Zuul
08b4930e29 Merge "Homogenize the topics conf variable on templates" 2018-03-13 07:35:49 +00:00
Zuul
d4057c5aa4 Merge "murano internal authentication needs /v3" 2018-03-13 07:29:00 +00:00
Zuul
fd6e1c045a Merge "Specify 'become' for only neccesary tasks (all other roles)" 2018-03-13 04:38:09 +00:00
Zuul
9275ba878f Merge "FIX inject password error" 2018-03-12 14:27:32 +00:00
Vladislav Belogrudov
ed583e1ca4 murano internal authentication needs /v3
Missing [murano_auth] with auth_uri ending in '/v3' leads to
keystone authentication failures - murano uses old v2 keystone.

Change-Id: I41846ac4fa78da90e02d91e8d1cec7405178f7df
Closes-Bug: #1753480
2018-03-12 16:53:01 +03:00
Zuul
46ae8d3feb Merge "Remove policy.json" 2018-03-12 13:04:01 +00:00
Zuul
b6777c983c Merge "XenAPI: centralize the facts files" 2018-03-12 03:04:30 +00:00
Duong Ha-Quang
9965cc46ff Specify 'become' for only neccesary tasks (all other roles)
Add become to only neccesary tasks in roles:

- aodh
- barbican
- bifrost
- ceilometer
- ceph
- chrony
- cinder
- cloudkitty
- collectd
- congress
- designate
- elasticsearch
- etcd
- freezer
- gnocchi
- grafana
- influxdb
- ironic
- iscsi
- karbor
- kibana
- kuryr
- magnum
- manila
- mistral
- mongodb
- multipathd
- murano
- octavia
- panko
- qdrouterd
- rally
- sahara
- searchlight
- senlin
- skydive
- solum
- swift
- swift
- tacker
- telegraf
- tempest
- trove
- vmtp
- watcher
- zun

Change-Id: I6e32d94d4172dd96d09d8609e8a5221ab5586a31
Partial-Implements: blueprint ansible-specific-task-become
2018-03-12 09:37:43 +07:00
Zuul
6092391357 Merge "Skydive: Fix endpoint for keystone (analyser)" 2018-03-11 03:49:00 +00:00
Zuul
2fb5e939d2 Merge "Duplicated [oslo_policy]" 2018-03-11 03:45:42 +00:00
Kevin TIBI
2c8160b17d Skydive: Fix endpoint for keystone (analyser)
Skydive need to use internal endpoint
for join keystone like other service.

Change-Id: I6fd76a035ab316f21d483a28a25bfb94c9ed6b95
Closes-Bug: #1747401
2018-03-09 18:06:33 +01:00
Zuul
4512508545 Merge "Optimize reconfiguration for mongodb" 2018-03-09 15:54:34 +00:00
Zuul
a9f20f82c0 Merge "Optimise the destroy role by script module" 2018-03-09 15:50:10 +00:00
ZhongShengping
af87ad7c06 Duplicated [oslo_policy]
Remove duplicated [oslo_policy] in magnum.conf.

Change-Id: I69c82e31d7041d7e8f9c31ba1bf54f0906f2a6dc
Closes-Bug: #1754593
2018-03-09 16:36:53 +08:00
ZhongShengping
0b58fb52ca Remove policy.json
Change-Id: Iad449b35c1e947a0187c5cbf8348d6e9e1b3d597
Closes-bug: #1751976
2018-03-09 16:34:23 +08:00
Zuul
6efc505530 Merge "Use Elasticsearch via HAProxy in Kibana" 2018-03-08 02:56:05 +00:00
Zuul
8ea57fe726 Merge "Security memcached: disable UDP" 2018-03-07 17:25:03 +00:00
caoyuan
8f2256d299 Optimise the destroy role by script module
Ansible provide script module to run shell script, The local script at
path will be transferred to the remote node and then executed, so no
need to copy script to remote node and use shell moulde to run it.
this patch optimise it.

Change-Id: If774502b66652f25593cda137cc8a5baefbd9695
2018-03-07 01:46:25 +00:00
Christian Berendt
fcf755c8ce Handle external ceph configs as templates
Change-Id: Ice5b058fe17ad7d648f21d1ddacaa339c6f7102f
2018-03-06 18:47:42 +01:00
Zuul
83573ca16e Merge "Use kolla_user variable to setting kolla user name" 2018-03-06 13:27:27 +00:00
Mark Goddard
2f8c9f83fa Use www-data user for bifrost nginx log directory
Bifrost uses the www-data user for nginx on debian/ubuntu, and nginx on
other platforms. Kolla-ansible currently uses the nginx user for all
platforms when creating a log directory. This change uses the www-data
user on debian/ubuntu when setting ownership of the bifrost nginx log
directory.

Change-Id: I142a158b6f2e8f8a46b684267f6fbb2a6e22a259
Closes-Bug: #1753750
2018-03-06 13:25:16 +00:00
Kevin TIBI
7764ed9894 Fix telegraf output for influxdb
Kolla add multiple url in one outputs.influxdb.
This configuration is when influxdb is in cluster mode.
We need to write one conf by influxdb server.

Change-Id: I1c788b3c8400e74d50cace5a334311408989c5e1
2018-03-06 09:36:12 +00:00
Mark Goddard
376c607f37 Workaround for Bifrost being unable to write to /etc/hosts
Bifrost cannot modify /etc/hosts from within a container, so add a
host entry during bootstrap.

This was previously fixed by Ied378b4dd755788e75ad1814cecb5700732ba83e
but the logic in bifrost was changed [1], making it out of sync with
kolla-ansible, and triggering a write to /etc/hosts. This change applies
the new logic in bifrost to kolla-ansible, ensuring that the file will
not need to change in the container.

Longer term we should look at ways to make bifrost less eager to modify
/etc/hosts, accepting any file that will work for RabbitMQ.

[1]
60b9a9917e

Change-Id: I0ee05feae3630435b2ec52cfeddf33647a974ee0
Closes-Bug: #1661009
2018-03-05 18:34:20 +00:00
Mark Goddard
6b1ef3ffcb Don't set mysql_service_name for bifrost
Bifrost will determine the name of the service for MySQL based on the OS
distro if mysql_service_name is not set. Setting it explicitly in
extra-vars was causing problems on systems that use mariadb.

Change-Id: I892b1c9cf636b9dfc1bacc92e1e2f0d066018260
Closes-Bug: #1753522
2018-03-05 16:00:55 +00:00
Jianghua Wang
65fa37fb84 XenAPI: centralize the facts files
When bootstrap compute hosts for XenAPI, it will generate a facts
file for each compute node. It contains some XenAPI specific variables
for both the compute host and the XenServer where the compute host
run on. This commit is to fetch the facts file into deployment host
and put it under a centralized directory - each compute host will
have a separate sub-dir which is named with its *inventory_hostname*.

In this way, the following tasks can use proper variable from the
proper facts file which exactly belongs to the host they running on.

Change-Id: I68d1a2d098d38c8e6bf4db76cdaf1f0465831822
blueprint: xenserver-support
2018-03-05 13:57:15 +00:00
Kevin TIBI
87036f357e Security memcached: disable UDP
CVE-2018-1000115

Change-Id: I30acb41f1209c0d07eb58f4feec91bc53146dcea
Closes-Bug: #1753425
2018-03-05 10:40:40 +01:00
xiaoxu780
a4ac90d723 Fix disable haproxy causes the neutron service connection error
Change-Id: I31969667ab86f61d38752954cb0e565ad7e41970
Closes-Bug: #1752760
2018-03-01 21:57:20 -05:00
Sylvain Baubeau
84724b5462 Fix skydive agent openvswitch configuration
Change-Id: I1f721a3e9ad3d1a937e05f1d0d53c810b9f2ac39
2018-02-28 15:34:51 +01:00
zhubingbing
83fe717837 Use kolla_user variable to setting kolla user name
Change-Id: I653e16270aab539edcec6d8622f0a1c06d04b492
2018-02-27 15:39:27 +08:00
Doug Szumski
e3fa6d5454 Use Elasticsearch via HAProxy in Kibana
The original code assumes that ElasticSearch will be deployed
on the same node as Kibana. This isn't always the case. When
they are not on the same node, Kibana will not be able to
connect to ElasticSearch and deployment will fail on the task:
'kibana : Wait for kibana to register in elasticsearch'.

A second advantage of making this change is that Kibana won't
break if ElasticSearch goes down on the node that it's running on
when there are additional ElasticSearch instances on other nodes.

A disadvantage of this change is that queries from Kibana to
ElasticSearch will no longer be local.

Closes-Bug: 1751817
Change-Id: I02ab2e7b1eb963b33e29c8f649cc9db0d63316f7
2018-02-26 15:49:28 +00:00
Zuul
dd694b2362 Merge "Fix the warning when reload the docker" 2018-02-26 09:46:17 +00:00
caoyuan
37ef38b6a3 Fix the warning when reload the docker
use systemd module to reload the docker service, rather than
command

Change-Id: I2e3b2299365701a08de4025d6ad34cb492b33fda
Closes-Bug: #1751690
2018-02-26 03:24:24 +00:00
Zuul
28d5e07869 Merge "Use rpc_transport_url in blazar" 2018-02-25 08:45:44 +00:00
zhubingbing
c887c93a36 Use rpc_transport_url in blazar
Change-Id: Ifc0f1e356dd6a5c194d00ab20f3122d17c7223cc
2018-02-24 19:48:22 +08:00
Zuul
1886cff420 Merge "Fix fernet deploy on gate" 2018-02-24 06:42:45 +00:00
zhubingbing
72b84b01cf Use rpc_transport_url in vitrage.conf
Change-Id: I1d24d4a90a6ab4abc6a3b24c0334b380d53e896a
2018-02-23 23:12:27 +08:00
Jeffrey Zhang
2bbd5399de Fix fernet deploy on gate
keystone-ssh is required by keystone-fernet. So start keystone-ssh
container before keystone-fernet.

Closes-Bug: #1751224
Change-Id: Ie1c8ae185549acc3dd87a2c5f0356443ea7924a5
2018-02-23 08:51:53 +00:00