In kolla/ansible/group_vars/all.yml config_strategy is COPY_ALWAYS
In kolla/etc/kolla/globals.yml the default value shown is COPY_ONCE
TrivialFix
Change-Id: If7000b811715c6cb84af3539cb522c22d31dc03b
Ubuntu did not have mod_headers enabled by default
Remove unused variable and adjust 'when' conditional positioning
TrivialFix
Change-Id: I82b8724526c24f4481a80165520d624f6a02c336
TLS can be used to encrypt and authenticate the connection with
OpenStack endpoints. This patch provides the necessary
parameters and changes the resulting service configurations to
enable TLS for the Kolla deployed OpenStack cloud.
The new input parameters are:
kolla_enable_tls_external: "yes" or "no" (default is "no")
kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem"
kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt"
Implements: blueprint kolla-ssl
Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
Admin token has been deprecated upstream. It will be removed in O. We
switch over to the new `keystone-manage bootstrap` method for creating
the initial admin user, role, and project.
Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: I6ca90e8d4c3b71009e24b049b2efbc08c05ebfbf
Due to poor planning on our variable names we have a situation where
we have "internal_address" which must be a VIP, but "external_address"
which should be a DNS name. Now with two vips "external_vip_address"
is a new variable.
This corrects that issue by deprecating kolla_internal_address and
replacing it with 4 nicely named variables.
kolla_internal_vip_address
kolla_internal_fqdn
kolla_external_vip_address
kolla_external_fqdn
The default behaviour will remain the same, and the way the variable
inheritance is setup the kolla_internal_address variable can still be
set in globals.yml and propogate out to these 4 new variables like it
normally would, but all reference to kolla_internal_address has been
completely removed.
Change-Id: I4556dcdbf4d91a8d2751981ef9c64bad44a719e5
Partially-Implements: blueprint ssl-kolla
To improve security, operators have asked for two VIPs for
their cloud.
VIP 1 is the internal VIP that can reach internal and admin endpoints.
In addition, the internal VIP can also reach other internal services,
such as the database and message services.
VIP 2 is the external VIP that can only reach public endpoints.
With one VIP only, all services are reached at the same address.
To add a second VIP, this patch adds two new configuration parameters.
kolla_external_vip_address: is an IPv4 address to use for created VIP
kolla_external_vip_interface: is the network interface to use for VIP
In this scenario, the first VIP (the internal VIP), is defined by
the original parameters (kolla_internal address and network_interface).
When using two VIPs, the existing kolla_external_address parameter
should be/point to/resolve to the kolla_external_vip_address.
Closes-bug: 1535333
Change-Id: I5bfcefaf7899298455cdade8209c34324aebfecb
Update the group_vars and globals docuementation as well.
Change-Id: I3ffd49b8d99667425596a2753845767a62e05bf1
Partially-Implements: blueprint kolla-docker-module
* Use oslo.config library
* kolla-build section is deprecated in favor of DEFAULT section
* Remove the deprecated `--template` option
* `--no-cache` is deprecated in favor of `--cache` and `--nocache`
options, which are using oslo BoolOpt inverse feature[0]
[0] https://github.com/openstack/oslo.config/blob/master/oslo_config/cfg.py#L1074
Closes-Bug: #1528542
Change-Id: I62c5ca3c8e057917d2798256e9d9efc8f6578f60
- Removed hardcoded yum repository configuration in favor of
commands dynamically generated based on repo-url and repo-file
arguments. We maintain a sane default set of repositories.
- Added generic rpm_setup_config parameter to add support for
installing .rpm or .repo files before building containers.
Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
Implements: blueprint custom-repos
Change-Id: I1b3a7647a9e7239de3cd162cb6f464f05632bde1
Convert config creation from a playbook to an action_plugin. This
reduces the complexity and confusion while retaining the same augment
structure and flexibility.
This allows us to remove the 0-byte files as requirements. They will
still be used if they are present (this means we require additional
documentation around them).
DocImpact
Closes-Bug: #1528430
Change-Id: I2c789f6be9f195c7771ca093a6d59499564b4740
This changes default behaviour of build.py to instad of putting latest
tag on it, it puts current kolla version as found in setup.cfg
Change-Id: I4d6e9a0159c6a5598abd58072594df4204427308
Partially-Implements: blueprint upgrade-nova
Partially-Implements: blueprint record-version
Note, this image is slightly different to most others in Kolla in that
it's not a service designed to be deployed via Ansible. It's more a
'tool' type image that is spun up when needed.
Partially-Implements: blueprint tempest-gate
Change-Id: I1877c03d0804e57d274044aecb1055f847025bec
Due bad rebases there is a huge section of the spice patch missing
from the implementation unfortunately. This patch finishes the rest
of this patch out properly.
Change-Id: I693c6745e9594fd91eb6453f6de9dfcbd410e89c
Paritally-Implements: blueprint nova-proxies
Introduces a new flag to bootstrap cache devices
DocImpact
Partially-Implements: blueprint ceph-improvements
Change-Id: I09b5a0d5c61b3465237e5f01dc10120725561cd3