Migrate to full variable syntax in with_ loop for
manila and tempest.
TrivialFix
Partial-Implements: bp ansible2
Change-Id: Ic68fd6123f0cd5bd0035e139e89f7b569574074c
* Inspected each error and fixed / added nosec where appropriate.
* build-swift-ring.py which was throwing sec errors is no longer used so
removed it.
* Removed the dev/ directory from being checked.
Closes-Bug: #1617713
Change-Id: I25664cabca4137e5c9f499c1af3f5ce78b86fb56
This patchset contains customization of Dockerfile of the MariaDB
container.
Change-Id: Id234f549376ec68c7f6120d058692aa64dc97de0
Partially-implements: blueprint third-party-plugin-support
rabbitmq's start task contains a precheck. This should be part of the
other prechecks for consistency
TrivialFix
Change-Id: I7728ec3f5be3248424d74a4387925b72114b8943
Directory /home/ansible/.ansible and file /var/log/kolla/ansible.log are
not created by default in toolbox image, so when ceph enabled, the directory
and file will be created with user 'root' instead of user 'ansible' after
running bootstrap osds because it using sudo when bootstraping osds,
this will cause permission denied issue for other commands not using sudo.
Fixes this issue by initializing ansible by running 'ansible localhost
--version' using user 'ansible'
TrivialFix
Change-Id: Ibac3f98b3b72cbe287ee1d3a69ed9cea7ae3cd9e
This patchset contains customization of Dockerfile of Ironic
containers.
Change-Id: If6ffb741111127886f754ddebd17059174387fc8
Partially-implements: blueprint third-party-plugin-support
This patchset contains customization of Dockerfile of the RabbitMQ
container.
Change-Id: I5b0120dc63586b3bf2312375de963fe8434a48b8
Partially-implements: blueprint third-party-plugin-support
This adds the docker aspects of fernet key bootstrapping as well as
distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
The Ansible component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: Id610e00e8c63c7f1bc0974c0aa1b3f44c18e1019
Partially-Implements: blueprint keystone-fernet-token
Partially-Implements: blueprint third-party-plugin-support
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
a round-robbin style. This ensures that any node failures will not
stop the keys from rotating. This is configured by a desired token
expiration time which then determines the cron scheduling for each
node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
starts it will run sanity checks to ensure that its fernet tokens
are not stale. If they are it will rsync with other nodes to ensure
its tokens are up to date.
The Docker component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
This ensures that the same client IP address will always reach the same
server as long as no server goes down or up. [0]
Prevents a situation where during Murano package upload - we end up
having zip file on one control node but the import continues on another
and ends up failing.
[0] http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#4-balance
TrivialFix
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Change-Id: I5f90d2757f31e8b24459a585153d5aa7fe6ad90a
Add Ansbile reconfigure playbook to Elasticsearch role.
Add run condition to start playbook in Elasticsearch role.
Change-Id: I7862089cae55d392eb2d922f89a382d392cf8b97
Closes-Bug: #1616005
The kolla-toolbox container contains ansible which has the mysql_db
module which helps on various mysql tasks such as db creation. The
mysql_db module requires certain mysql binaries in order to accomplish
tasks such as restoring a database from a dump.
This change adds those client libraries which weren't previously
included in the container.
Change-Id: I6516838381bf9327c8901fc4c32ebd5151fb053f
Signed-off-by: Stephan Michaud <michauds90@gmail.com>
Closes-Bug: #1616155
1.remove the # - it makes copy and paste very difficult
2.change "ubuntu" to "Ubuntu"
3.add "Restart docker by executing the following commands: "
TrivialFix
Change-Id: I0192d9fd7f597b0e2dc8d26d4fe5ba8b32483ce0
1、As mentioned in [1], we should avoid using six.iteritems/keys
achieve iterators. We can use dict.items/keys instead, as it
will return iterators in PY3 as well. And dict.items/keys will
more readable.
2、In py2, the performance about list should be negligible,
see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/
2015-June/066391.html
TrivialFix.
Change-Id: I0cbe8af3210233a58d25f0df187c3d085405aa2a
In ansible/roles/iscsi/tasks/pull.yml, there are references to
'iscsi', which should be 'iscsid' instead. This patchset
fixes this typo.
Change-Id: Id2c31bf69556ec8dcf66cc1d32d2bfe77f02367b
Closes-bug: #1602566
