Migrate to full variable syntax in with_ loop for
manila and tempest.
TrivialFix
Partial-Implements: bp ansible2
Change-Id: Ic68fd6123f0cd5bd0035e139e89f7b569574074c
rabbitmq's start task contains a precheck. This should be part of the
other prechecks for consistency
TrivialFix
Change-Id: I7728ec3f5be3248424d74a4387925b72114b8943
Directory /home/ansible/.ansible and file /var/log/kolla/ansible.log are
not created by default in toolbox image, so when ceph enabled, the directory
and file will be created with user 'root' instead of user 'ansible' after
running bootstrap osds because it using sudo when bootstraping osds,
this will cause permission denied issue for other commands not using sudo.
Fixes this issue by initializing ansible by running 'ansible localhost
--version' using user 'ansible'
TrivialFix
Change-Id: Ibac3f98b3b72cbe287ee1d3a69ed9cea7ae3cd9e
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
a round-robbin style. This ensures that any node failures will not
stop the keys from rotating. This is configured by a desired token
expiration time which then determines the cron scheduling for each
node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
starts it will run sanity checks to ensure that its fernet tokens
are not stale. If they are it will rsync with other nodes to ensure
its tokens are up to date.
The Docker component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
This ensures that the same client IP address will always reach the same
server as long as no server goes down or up. [0]
Prevents a situation where during Murano package upload - we end up
having zip file on one control node but the import continues on another
and ends up failing.
[0] http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#4-balance
TrivialFix
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Change-Id: I5f90d2757f31e8b24459a585153d5aa7fe6ad90a
Add Ansbile reconfigure playbook to Elasticsearch role.
Add run condition to start playbook in Elasticsearch role.
Change-Id: I7862089cae55d392eb2d922f89a382d392cf8b97
Closes-Bug: #1616005
In ansible/roles/iscsi/tasks/pull.yml, there are references to
'iscsi', which should be 'iscsid' instead. This patchset
fixes this typo.
Change-Id: Id2c31bf69556ec8dcf66cc1d32d2bfe77f02367b
Closes-bug: #1602566
Add the following prechecks for network_interface:
* Check it exists on the node
* Check its up
* Check it has an IP associated
TrivialFix
Change-Id: I86f1d79d8592a3b108822e7d19541f91a1c0d716
Co-Authored-By: James McCarthy <james.m.mccarthy@oracle.com>
Notification driver should be configured to avoid timeout failures of
murano app deployments while waiting notifications which will never be
sent.
The required driver is "messagingv2".
TrivialFix
Change-Id: Id0c753f50d93c81eedb2455a7323d86c08873c5f
Migrate to full variable syntax in with_ loop
instead of bare variables for:
- cinder
- haproxy
- ironic
- magnum
- mistral
- mongodb
- murano
- swift
- watcher
TrivialFix
Change-Id: I3ef2e79053cf609aaa710e43ffd0adbc5a97565b
This PS switches to use orchestration_engine variable to differentiate
between ansible and kubernetes when generating configs.
TrivialFix
Change-Id: I8e566a9995f49e924614331458d0c81b9925e543
keystone_*_url are cross role variables. They are used in multi roles.
Move them from the common role to the group vars
TrivialFix
Change-Id: If451823ed7612bfec7bc797ec9dd2597164c6804
When ironic is deployed using kolla, in ironic.conf file
there is no configuration option of enabled_drivers present.
Change-Id: I5c9e7533e8ca139addee8cf4cc4084e856ae0306
Closes-Bug: 1610272
When setting multi memcached servers, the value should be a list
rather then a comma joined string
This patch set I586ce1c6c3300254c4e2a398ff46645df576aeb0 set it in
wrong
TrivialFix
Change-Id: Ic612658ab0310c6764310bbca92c925da6d47f6c
Note: This should not result in any behavior changes in regular Kolla,
just Kolla-Kubernetes and only when you've overridden stuff in globals.yml
Allows override of interface address and memcached pools, so that
Kubernetes can do the right thing.
There are some significant architectural issues involved in
memcached pooling in the Kolla-kubernetes world. Avoiding them right
now.
Current working Kolla-Kubernetes globals.yml file, assuming that your
memcached servers are available under the DNS alias "memcached":
api_interface_address: "0.0.0.0"
memcached_servers: "memcached"
keystone_database_address: "mariadb"
keystone_admin_url: "{{ admin_protocol }}://keystone-admin:{{ keystone_admin_port }}/v3"
keystone_internal_url: "{{ internal_protocol }}://keystone-public:{{ keystone_public_port }}/v3"
keystone_public_url: "{{ public_protocol }}://keystone-public:{{ keystone_public_port }}/v3"
Co-authored-by: Ryan Hallisey <rhallise@redhat.com>
Change-Id: I5126f81da7b4d48001b87f73d58bbbfad658209c
Partially-implements: blueprint api-interface-bind-address-override
Note: This should not result in any behavior changes in regular Kolla, just Kolla-Kubernetes and only when you've overridden stuff in globals.yml
Binds to the api_interface_address variable and uses the keystone and memcached facts we defined in earlier patches.
Co-authored-by: Ryan Hallisey <rhallise@redhat.com>
Change-Id: I8610f4adaa557a21fedd05601e10f5c308fd7ce3
Partially-implements: blueprint api-interface-bind-address-override
enable_rabbitmq_cluster is now a "yes" by default but you can set it
to "no" if you want to disable clustering under any circumstances.
The agreement made at OpenStack in Austin was that Kolla-Kubernetes
would concentrate on RabbitMQ and MariaDB without clustering but
with persistent storage and workload migration, then examine how to
do proper distributed functionality as the project progresses, so I
am just following what we'd already agreed upon.
First, it helps us deal with issues of version upgrades without
dealing with clustered version upgrades and the synchronization
thereof.
Second, it provides an alternative model for durability when used in
Kubernetes. Understand that, if we disable RabbitMQ's clustering,
Kubernetes is still able to re-schedule the queue off of a failed node
in ways that Kolla-Ansible is not. There are known issues with
RabbitMQ clustering, especially with auto-heal turned on. For many
small-to-mid-sized clusters, it's going to provide for a better
operator experience to have the known potential for a 30 second blip
after RabbitMQ node failure than it is to have the known potential
for partition and data loss and/or manual operations after you've
turned off auto-heal.
Kolla-kubernetes has already turned off host networking for the
RabbitMQ pod; it's safe to set the interface address in the
Kubernetes context.
The question was asked why don't I just set the RabbitMQ cluster to be
a single instance. It's unlikely that Kubernetes RabbitMQ with a
PetSet will be clustered in the same declaritive fashion as the
rabbitmq-clusterer plugin. Easier to just disable it and worry about
how to configure the kube-friendly clustered RabbitMQ at a later point
in time. Furthermore, it's an entirely valid case for many OpenStack
control planes hosted atop Kolla-Kubernetes to accept the possibility
of a 30-60 second blip in lieu of the long and questionable history
of RabbitMQ clustering in production.
Co-authored-by: Ryan Hallisey <rhallise@redhat.com>
Change-Id: I7f0cb22d29a418fce4af8d69f63739859173d746
Partially-implements: blueprint api-interface-bind-address-override
The reason for introducing this script is to be able
to launch ovsdb-server and initialize it (create external bridge and plug
external interface) in one shot. It is applicable ONLY to Kubernetes environment
and it is required for Kubernetes DaemonSet usage. The behavior in classical
Kolla has not been changed.
TrivialFix
Change-Id: I54897cc2c0f2bcaaf0411822f3409bf96e92833d
