* add if orchestration_engine == 'KUBERNETES' for host_in_groups
* use the same indent for host_in_groups variable, otherwise YAML will
add a '\n' character for each line.
Change-Id: Idf6eecb451281d5cdc16df318bcd8ae9f5561b02
Usernames can be configured with variables in
configuration files, but user creation is hardcoded.
Change-Id: I057cfb921d776217db66f59226dcfa79f3eb7368
Closes-Bug: #1661587
Integrate designate service with neutron to allow instances
and floatingip resolve designate dns.
MDNS service need to be reachable from nova instances
in order to resolve DNS queries.
Added new dns_interface to make this configurable.
Add designate guide.
Closes-Bug: #1661330
Change-Id: I5a2ac5cf2a9aa0977ae42d53dd64699623ddf3ed
Leaved vagrant and documentation harcoded
/etc/kolla paths due the nature of the files.
Change-Id: Id316980d3d4e8f3de98672d7ed258e0652ed7213
Closes-Bug: #1659771
Lbaas should make a call to Barbican with the neutron-service-user.
Moreover, it is needed to set up the region as well as
endpoint_type in order to overwrite the defaults.
Change-Id: I13105d092cb4397db1bc6481c5ca6677b4d4c048
Closes-Bug: #1659249
The [service_auth] section in neutron_lbaas.conf should be set
no matter which driver is going to be used for the service provider.
Change-Id: I0339f8e5f68135aad4289dcbaed18d6bae24eda9
Closes-Bug: #1657702
LBaaS v2 agent is starting without the config file neutron_lbaas.conf.
Added the file to lbaas' container config directory in order to
initialize a Keystone session for the creation of a TLS listener.
Change-Id: I2f47590af0421f4c8f1c8fd25e599e446ad1c0f1
Closes-Bug: #1656777
Implement ansible role to deploy designate
and dependencies. The backend used is bind9.
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>
Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>
Depends-On: 6d0dc3e0f931c7c50b64a4659900cc50b0d860a2
Implements: blueprint ansible-designate
Change-Id: I34d8126e0cd8d71d5ced9b62f3776cc354fbb549
interface_driver configuration was updated to use stevedore aliases.
This patch is to change devstack scripts to now use the aliases
instead of the previous class imports.
Change-Id: Ida10765f89c07205837e46f8cb445391f0e15373
Closes-Bug: #1504536
Check enable_* variables first, then check inventory_host in
group, will help to avoid configuration errors.
Change-Id: Icdb1f50e5c911203b92ac431723620756b15f3c6
Closes-Bug: #1648376
Currently, policy.json is put in
"{{ node_config_directory }}/{{ service_name }}"
in target nodes.
Relocation policy.json to "{{ node_config_directory }}/{{ item }}"
with item is corresponding service compoment config directory.
Currently, the policy.json is copied to all services, but it
should be reviewed and left only in neccesary service
(at many cases, only API service needs that).
Redundant files will be removed in follow up patchset.
Change-Id: I0e997dccf4ec438c9c0436db71ec2fd06650f50d
Closes-Bug: #1639686
The current redhat derived bases that Kolla ships use libreswan instead
of openswan (even running 'yum install openswan' on these bases results
in libreswan being installed).
This means we need to use this device_driver in vpnaas_agent.ini. Also
/lib/modules is required from the host for the ipsec driver.
Change-Id: I94480cda06718ab4aa10250520fa58956151e33a
Closes-Bug: #1644518
This patch adds optional support for neutron-fwaas. To enable,
set:
enable_neutron_fwaas: yes
Change-Id: I2d434586807d7a008d2ee1d3ef8d7dc7fab47ca7
Implements: kolla-neutron-fwaas
Depends-On: I9ca36012cff2e17ea877a775e8e1ca5837a2bcb1
Option "external_network_bridge" from group "DEFAULT" is deprecated
for removal. Its value may be silently ignored in the future.
Change-Id: I2752fca275dd7b340c0ff97bfa3eecc0d3358e63
Closes-Bug: #1637808
Allow operators to use their custom policy files.
Avoid maintain policy files in kolla repos, only copying
the files when an operator add their custom config.
Implements: blueprint custom-policies
Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862
Horizon and Neutron mistakenly were using keystone_public_url
for authentication. This works without error in deployments
when the internal services happen to have access to the
public network, but it is still wrong. This fails to work
when the internal services can not access the public URLs,
for example when TLS is enabled on the public endppoints.
This patches corrects horizon and neutron to use
keystone_internal_url for auth.
Change-Id: I59b9094364bef375036028ba86a771dabf28c963
Closes-bug: #1625648
When using both /run and /run/netns in docker container, mount
propagation won't work when delete namespace after the containers are
restarted. This PS makes /run mount as shared.
Closes-Bug: #1616268
Change-Id: Ie16699e1b193b2bf1263d89ea634e89ea69add9e
If enable_neutron_dvr is set, it leads to a failure of the
'Copying over l3_agent.ini' task due to parsing errors.
TrivialFix
Closes-bug: #1633488
Change-Id: Ia30970d65cf7b09fff336fe878d2be02e934b082
