Till now we've been flusing iptables in the gates to allow cross node
communication in the multi node ceph jobs. This raised security
concerns, in particular it exposed memcached to the external net.
This patch uses the infra provided role 'multi-node-firewall' in order
to correctly configure iptables. Thanks to Jeremy Stanley and Jeffrey
for help with this.
Closes-Bug: #1749326
Change-Id: Iafaf1cf1d9b0227b0f869969d0bd52fbde3791a0
Ansible provide script module to run shell script, The local script at
path will be transferred to the remote node and then executed, so no
need to copy script to remote node and use shell moulde to run it.
this patch optimise it.
Change-Id: If774502b66652f25593cda137cc8a5baefbd9695
Bifrost uses the www-data user for nginx on debian/ubuntu, and nginx on
other platforms. Kolla-ansible currently uses the nginx user for all
platforms when creating a log directory. This change uses the www-data
user on debian/ubuntu when setting ownership of the bifrost nginx log
directory.
Change-Id: I142a158b6f2e8f8a46b684267f6fbb2a6e22a259
Closes-Bug: #1753750
Bifrost cannot modify /etc/hosts from within a container, so add a
host entry during bootstrap.
This was previously fixed by Ied378b4dd755788e75ad1814cecb5700732ba83e
but the logic in bifrost was changed [1], making it out of sync with
kolla-ansible, and triggering a write to /etc/hosts. This change applies
the new logic in bifrost to kolla-ansible, ensuring that the file will
not need to change in the container.
Longer term we should look at ways to make bifrost less eager to modify
/etc/hosts, accepting any file that will work for RabbitMQ.
[1]
60b9a9917e
Change-Id: I0ee05feae3630435b2ec52cfeddf33647a974ee0
Closes-Bug: #1661009
Bifrost will determine the name of the service for MySQL based on the OS
distro if mysql_service_name is not set. Setting it explicitly in
extra-vars was causing problems on systems that use mariadb.
Change-Id: I892b1c9cf636b9dfc1bacc92e1e2f0d066018260
Closes-Bug: #1753522
When bootstrap compute hosts for XenAPI, it will generate a facts
file for each compute node. It contains some XenAPI specific variables
for both the compute host and the XenServer where the compute host
run on. This commit is to fetch the facts file into deployment host
and put it under a centralized directory - each compute host will
have a separate sub-dir which is named with its *inventory_hostname*.
In this way, the following tasks can use proper variable from the
proper facts file which exactly belongs to the host they running on.
Change-Id: I68d1a2d098d38c8e6bf4db76cdaf1f0465831822
blueprint: xenserver-support
The original code assumes that ElasticSearch will be deployed
on the same node as Kibana. This isn't always the case. When
they are not on the same node, Kibana will not be able to
connect to ElasticSearch and deployment will fail on the task:
'kibana : Wait for kibana to register in elasticsearch'.
A second advantage of making this change is that Kibana won't
break if ElasticSearch goes down on the node that it's running on
when there are additional ElasticSearch instances on other nodes.
A disadvantage of this change is that queries from Kibana to
ElasticSearch will no longer be local.
Closes-Bug: 1751817
Change-Id: I02ab2e7b1eb963b33e29c8f649cc9db0d63316f7
