This pull request adds support for the OpenID Connect authentication
flow in Keystone and enables both ID and access token authentication
flows. The ID token configuration is designed to allow users to
authenticate via Horizon using an identity federation; whereas the
Access token is used to allow users to authenticate in the OpenStack CLI
using a federated user.
Without this PR, if one wants to configure OpenStack to use identity
federation, he/she needs to do a lot of configurations in the keystone,
Horizon, and register quite a good number of different parameters using
the CLI such as mappings, identity providers, federated protocols, and
so on. Therefore, with this PR, we propose a method for operators to
introduce/present the IdP's metadata to Kolla-ansible, and based on the
presented metadata, Kolla-ansible takes care of all of the
configurations to prepare OpenStack to work in a federated environment.
Implements: blueprint add-openid-support
Co-Authored-By: Jason Anderson <jasonanderson@uchicago.edu>
Change-Id: I0203a3470d7f8f2a54d5e126d947f540d93b8210
If the Octavia/Amphora management network is created by Kolla, support
setting the IP address family and IPv6 address/RA mode.
Closes-Bug: 1913409
Change-Id: I9f2ef2196654c91596cb5c4b3c157bcee267226a
There are inconsitencies across the documentation and the source code files
when it comes to project's name (Kolla Ansible vs. Kolla-Ansible). This
commit aims at unifying it so that the naming becomes consistent everywhere.
Change-Id: I903b2e08f5458b1a1abc4af3abefe20b66c23a54
It is now possible to deploy either 1.x or 2.x version of Prometheus.
The new 2.x version introduces breaking changes in terms of storage
format and command line options.
Change-Id: I80cc6f1947f3740ef04b29839bfa655b14fae146
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Python virtual environment creation fails on a fresh system if
python3-venv is not installed (Debian/Ubuntu).
Installation instructions used to be in the Quick Start guide, but
were removed in kolla-ansible/+/735894
Change-Id: I867322ee43d509fe46b6afba9216586515fee0d5
* make each section independent
* move enable flags to specific sections
* move inventory changes to Cinder section
* move Nova config that is actually for Cinder volumes to Cinder section
* add an introduction about each integration
Change-Id: Ie8d82010bf8d5b8af2c039f285744e5ae67316dc
The multinode guide hints at how to setup the registry as a registry
mirror, however it does not provide all information necessary. This
change fixes that, and separates the local registry and registry mirror
cases.
Change-Id: I0790830e1c21520df2534d2f3b1ea96010064355
Closes-Bug: #1901768
Follows existing backends patterns to add support for the GlusterFS
NFS driver.
NFS server type used by the GlusterFS backend, Gluster or Ganesha,
currently supports Gluster.
The GlusterFS NFS driver needs to install the glusterfs-fuse package
in the kolla images manila share container in advance, which has been merged
in https://review.opendev.org/747510
Change-Id: I7fdb121b5bf9850d62246a24f9b17d226028c2ca
The openstack Ussuri and Victoria versions no longer support the
Centos7 and pyrhon2 environment packages. Correct the missing
problems in the latest document
Change-Id: I55fd1bf451d2bdae696ab32d1faffaba72701229
Nova has reversed their deprecation of the VMware driver, and the Kolla
community has shown an interest in it.
Change-Id: I82f1074da56ed16c08317d1f92ed7f0a6f4a149a
Add TLS support for backend Neutron API Server communication using
HAProxy to perform TLS termination. When used in conjunction with
enabling TLS for service API endpoints, network communication will be
encrypted end to end, from client through HAProxy to the Neutron
service.
Change-Id: Ib333a1f1bd12491df72a9e52d961161210e2d330
Partially-Implements: blueprint add-ssl-internal-network
It should be bumped by [1], but missing, this PS to
be supplement.
[1]: https://review.opendev.org/#/c/753776/2
Depends-On: I5befc72a4894d625ca352b27df9d3aa84a2f5b2c
Change-Id: I75742653cb62c27317abf297a0143399d6adc644
