When integrating 3rd party component into openstack with kolla-ansible,
maybe have to mount some extra volumes to container.
Change-Id: I69108209320edad4c4ffa37dabadff62d7340939
Implements: blueprint support-extra-volumes
The flush_handlers clause doesn't honour conditional clauses.
Instead, it prints a warning and runs anyway:
[WARNING]: flush_handlers task does not support when conditional
See: https://github.com/ansible/ansible/pull/41126
TrivialFix
Change-Id: Iaf70c2e932ae6dfb723bdb2ba658acdbfe74ebe2
Since Ansible 2.5, the use of jinja tests as filters has been
deprecated.
I've run the script provided by the ansible team to 'fix' the
jinja filters to conform to the newer syntax.
This fixes the deprecation warnings.
Change-Id: I844ecb7bec94e561afb09580f58b1bf83a6d00bd
Closes-bug: #1827370
Because kolla-ansible not have cyborg so should add it.
Implements: blueprint add-cyborg-to-kolla-ansible
Depend-On: I497e67e3a754fccfd2ef5a82f13ccfaf890a6fcd
Change-Id: I6f7ae86f855c5c64697607356d0ff3161f91b239
This change allows usage of IPv6 as public address
Change-Id: Ie82ec5fb0ac9106b39948c67d34d5ef611a8fa21
Signed-off-by: Maciej Kucia <m.kucia@partner.samsung.com>
With this change, an operator may be able to stop a
service container without stopping all services in a host.
This change is the starting point to start
fast-forward upgrades support.
In next changes new flags will be introducced to disable
stop dataplane services during upgrades.
Change-Id: Ifde7a39d7d8596ef0d7405ecf1ac1d49a459d9ef
Implements: blueprint support-stop-containers
The Monasca Grafana fork allows users to log into Grafana with their
OpenStack user credentials and see metrics associated with their
OpenStack project. The long term goal is to enable Keystone support
in upstream Grafana, but this work seems to have stalled.
Partially-Implements: blueprint monasca-grafana
Change-Id: Icc04613b2571c094ae23b66d0bcc38b58c0ee4e1
Having all services in one giant haproxy file makes altering
configuration for a service both painful and dangerous. Each service
should be configured with a simple set of variables and rendered with a
single unified template.
Available are two new templates:
* haproxy_single_service_listen.cfg.j2: close to the original style, but
only one service per file
* haproxy_single_service_split.cfg.j2: using the newer haproxy syntax
for separated frontend and backend
For now the default will be the single listen block, for ease of
transition.
Change-Id: I6e237438fbc0aa3c89a3c8bd706a53b74e71904b
In some cases a deployer may want to use haproxy for SSL termination but
has external infrastructure for load balancing, and thus no need for
keepalived to manage the VIP.
Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Change-Id: I451d7e33f1e631038a8d198dbc33c9a8850571b7
Since glance_api only start one container when using file
backend, the haproxy should follow this rule.
See: https://review.openstack.org/#/c/448654
Closes-Bug: #1722422
Change-Id: Id3519581e0f54509dacd24d0dd542c630342c771
This commit is to apply resource-constraints only to few OpenStack services.
Commit to apply constraints to other services will be made in coming commits.
Partially-Implements: blueprint resource-constraints
Change-Id: Icafa54baca24d2de64238222a5677b9d8b90e2aa
This patch extends the prometheus role for being able
to deploy the prometheus-alertmanager[0] container.
The variable enable_prometheus_alertmanager
decides if the container should be deployed and enabled.
If enabled, the following configuration and actions are performed:
- The alerting section on the prometheus-server configuration
is added pointing the prometheus-alertmanager host group as targets.
- HAProxy is configured to load-balance over the prometheus-alertmanager
host group. (external/internal).
Please note that a default (dummy) configuration is provided, that
allows the service to start, the operator should extend it via a node custom config
[0] https://github.com/openstack/kolla/tree/master/docker/prometheus/prometheus-alertmanager
Change-Id: I3a13342c67744a278cc8d52900a913c3ccc452ae
Closes-Bug: 1774725
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
Some Murano applications require much longer time than default
1 hour to be deployed.
Change-Id: I395e9e3e8cccf70f316f313847648841822e639a
Closes-Bug: #1777670
Add become to all tasks that use the module "kolla_docker"
Change-Id: I4309c4011687b88ec31d739fd8f834fe2326ff10
Partial-Implements: blueprint ansible-specific-task-become
Introduce new option "haproxy_defaults_balance" to set balance in
defaults section.
Change-Id: Iaf12717ffac94ac2308758bd8ec87f088af26b69
Closes-Bug: #1773178
Deploys the Monasca API with mod_wsgi + Apache.
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Partially-Implements: blueprint monasca-roles
Change-Id: I3e03762217fbef1fb0cbff6239abb109cbec226b
This patch enables 3 new configuration options for haproxy.cfg
global section.
- haproxy_processes: number of haproxy processes (default:1).
- haproxy_max_connections: number of concurrent connections (default:4000)
- haproxy_process_cpu_map: enforces 1:1 mapping/affinity between
process and core. (default: no).
Closes-Bug: #1770060
Change-Id: I33fc499b083c7bcc548133498e44406a479389f1
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
If user enables TLS it also is necessary to create
a certificate. This precheck ensures the certificate
file exists before starting deployment.
Change-Id: I772d52e228ed012b9f8ccb5b616f9b188d3d340c
Closes-Bug: #1765677
This patch adds the ansible role to deploy the prometheus service which
can be used to collect performance metrics accross the environment
Partially-Implements: blueprint prometheus
Change-Id: I908b9c9dad63ab5c9b80be1e3a80a4fc8191cb9e
If SSL is enabled, api of multiple services returns
wrong external URL without https prefix.
Removal of condition for deletion of http header.
Change-Id: I4264e04d0d6b9a3e11ef7dd7add6c5e166cf9fb4
Closes-Bug: #1749155
Closes-Bug: #1717491
This change allows access to InfluxDB via HAProxy on the internal
network.
If HA is required the Enterprise version of InfluxDB will need to
be installed. This could be implemented by customising the InfluxDB
Docker file.
There are other alternatives to HA, such as the InfluxDB Relay [1].
Support for this is considered to be outside of the scope of this
bugfix.
[1] https://docs.openstack.org/developer/performance-docs/
methodologies/monitoring/influxha.html
Closes-Bug: #1751283
Change-Id: I4624efbd99c0cddd1361f2438866ad3a82e5557b
This commit provides operators with the ability to specify additional
options per HTTP or TCP listener stanza.
Change-Id: I66cc5372f2a686213b6748a8260cfe84f789ad8e
Implements: blueprint haproxy-listener-extra-options
timeout tunnel is use for WebSocket and CONNECT protocol. Need use a
larger number for it. Otherwise, novnc will be auto disconnected if no
action happend in a short time on browser.
Change-Id: If37623e8fda5260ab0b38d2203f5266777dba063
Closes-Bug: #1759774
Clients usually have sophisticated logic for handling
key redistribution on node failure; so going under the
covers and messing with that is bad (because then the
clients and their sophisticated logic is unaware of
what is going on).
Change-Id: Ica12240440d28f930b917d5d6202f4f9e6675b2a
This patchset implements yamllint test to all *.yml
files.
Also fixes syntax errors to make jobs to pass.
Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
In some data centers multicast traffic is prohibited. Additionally
VRRP id needs to be unique within broadcast domain when keepalived
operates in multicast mode, otherwise it fails to start.
However keepalived can be configured to use unicast traffic [1].
In unicast mode VRRP id doesn't make sense, but needs to be
the same among peers.
[1] http://manpages.ubuntu.com/manpages/zesty/man5/keepalived.conf.5.html
Change-Id: I692ecbb0aa750baf20c013b53b57f88b474b63cc
Signed-off-by: Pavel Glushchak <pglushchak@virtuozzo.com>
