TLS can be used to encrypt and authenticate the connection with
OpenStack endpoints. This patch provides the necessary
parameters and changes the resulting service configurations to
enable TLS for the Kolla deployed OpenStack cloud.
The new input parameters are:
kolla_enable_tls_external: "yes" or "no" (default is "no")
kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem"
kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt"
Implements: blueprint kolla-ssl
Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that
This also includes removal of unused variables (transforms them into
endpoint url variables)
TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
Ansible is pinned to single commit in devel branch to pull in the
latest shade module we need (domain control). It will be available in
ansible 2.1
TrivialFix
Change-Id: I4c21fa1d2cec30d4aeb80e050ef4a62332f9ed45
Every now and then people ask about plugins for Kolla. This conversation
may need to be revisted in more detail soon, but till then it's worth
highlighting what we do currently support in Kolla.
Right now adding the block as shown in this patch will make the plugin
archive available in the image, but currently only Neutron has
Dockerfile directives to automatically install them if present. The same
can be added very easily for other commonly pluggable services such as
Horizon.
Change-Id: Ia52d5ccf753667c5452b19fcaf4bf5b893a59fd0
Libvirt is trying to create a port on br-int and is
failing because ovs is not installed.
Co-authored-by: Ian Main <imain@redhat.com>
Closes-bug: 1552717
Change-Id: I6ed0c1ae5b27b58e4c22bcbe7e674f66cde48990
Neutron containers share the same log directory. So all containers
should use same username to create directories.
Change-Id: Id95a3205b53dd87ba21d55ebecada89d9f86d37b
Closes-Bug: #1551829
add three actions used for reconfigure
* restart_container
* get_container_env
* get_container_state
Partially-implements: bp kolla-reconfig
Change-Id: I63609ce47f044926ff276ab1188b10f44270a0b5
Due to the fact COPY_ONCE is not how most people expect the container
to work, as well as causing additional delays in the reconfigure
process by needing to delete and recreate teh container, we should
default to COPY_ALWAYS. It is both how operators and deployers expect
things to work and allows a quick restart to pull in a new config.
TrivialFix
Change-Id: Ie5f043fc66aa85378f456017c9e31ddbbe6d8880
Admin token has been deprecated upstream. It will be removed in O. We
switch over to the new `keystone-manage bootstrap` method for creating
the initial admin user, role, and project.
Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: I6ca90e8d4c3b71009e24b049b2efbc08c05ebfbf
Use kolla_internal_vip_address for kolla_internal_fqdn in the all.yml
file. In this way, the global.yml no need set the old/deprecated
kolla_internal_address variable.
TrivialFix
Change-Id: I0768b9a2b615afb6a8b1f7c065189a495b8f9c9b
This runs first sanity check for swift. Once
swift is deployed it checks list()
Change-Id: I613bf9f2893d66814863893ec5acde5aa252548d
Partially-Implements: blueprint sanity-check-container
Run the keystone reconfigure only when inventory_hostname in
groups['keystone']
Partially-implements: bp kolla-reconfig
Change-Id: I9d4b5f39f2d68cfd2ae087e3f8a2ee4785eb9586
The path of the template file under the same role
can easily be omitted, and we are using this omitting
in most places except those this commit is fixing.
TrivialFix
Change-Id: I6d1563e235151669d9d9268d69555aae15e31926
