- This change extend the genpwd.py
command to generate an ssh key pair
bifrost.
- This change bifrost config and bootstrap
task to install the generated keys.
- This change updates the bifrost guide to
discribe how to provide your own key.
Change-Id: I05243f58843d9195cace253dff5628fae89c78e8
Implements: blueprint bifrost-support
New option enable_neutron_agent_ha added to enable/disable dhcp/l3 agent
high availability, dhcp_agents_per_network is default to 2 and it's
configurable.
Implement blueprint: support-network-ha
Change-Id: Id4742aa67c80584634b923195545bf2b654172f3
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
a round-robbin style. This ensures that any node failures will not
stop the keys from rotating. This is configured by a desired token
expiration time which then determines the cron scheduling for each
node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
starts it will run sanity checks to ensure that its fernet tokens
are not stale. If they are it will rsync with other nodes to ensure
its tokens are up to date.
The Docker component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
The values for 'network_interface' and 'neutron_external_interface' are
missing from all.yml, meaning it is impossible to override them on a per
node / per group basis. (globals.yml get's top precedence).
Make these consistent with the rest of the variables and move the
defaults into all.yml. Operators can still override / update these in
globals.yml as before, but those wanting more flexibility now have it
via host / group variables.
Change-Id: I2575921f76a8e245106da765757c70353bd6762c
Closes-Bug: #1604129
This adds:
- AIO and multinode inventory samples
- Password (blank) fields for default password.yml
- Default to not enabled, in globals.yml
This is the last changeset in the series to add basic
Watcher functionality to Kolla.
Change-Id: I9daec0eadc8dad3d37e03e7d69783af003af0916
Closes-bug: #1598929
Partially-implements: blueprint watcher
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
Introduced nova backend selection flag for Ceph and priority if
multiple backends are configured
Add mechanism to deploy arbitrary ceph.conf and keyring files into
nova-compute and nova-libvirt containers
Added documentation
Change-Id: Id010ca9cc2d914e5358ef79edeb600a28220dd4b
Implements: blueprint external-ceph
Remove the unnecessary option in the group_vars/all.yml file.
* removed some cinder.conf options like volume_backend_name,
iscsi_helper, iscsi_protocol etc. these value can be configured by
custom cinder.conf file, no need export as global variables.
* remove meaningless iscsi_ip_addess, which is not used in LVM driver
* force start iscsi relate when enable_cinder_backend_lvm is yes
TrivialFix
Change-Id: Ifcbfdad15e4d68bc5f20fc77e0315a09983ef022
This patch adds support for external Ceph clusters for Cinder.
For clean integration the backend configuration mechanism had to be
slightly adjusted.
We now have the option to enable multiple backends for Cinder
independently.
Currently, the flags cinder_backend_iscsi and cinder_backend_ceph are
used to toggle backends.
Documentation on how to use external ceph was added.
Change-Id: I7e0267b90d62d6d881f24f063cdb894422ec8618
Partially-Implements: Blueprint: external-ceph
Most simple implementation of external ceph support.
We use INI merge to configure RBD backend for Glance and copy
ceph.conf and keyring provided by the user into the container.
Set_configs.py had to be extended to support globbing (wildcards) in
order to copy ceph keyring file which is named depending on the cephx
user name.
Partially-Implements Blueprint: external-ceph
Partially-Implements Blueprint: selectable-ceph
Change-Id: Iacadbd8ec9956e9f075206ea03b28f044cb6ffb8
To use Cinder LVM2 backend with iSCSI,
add enable_iscsi option and fix document.
Change-Id: I286733508b5582c311c313c172b3c3a774be993c
Closes-Bug: #1599088
This introduces a new configuration parameter neutron_enable_qos to
be able to enable the Neutron QoS service plugin.
More details about the Neutron QoS service plugin are available at:
http://docs.openstack.org/liberty/networking-guide/adv-config-qos.html
Change-Id: I8525bf4dce5f1e225f72a4e1c3760b64a36b17f6
Closes-bug: #1593183
Implements: bp netowrking-qos
Previously, kolla did not support neutron lbaas functionality.
Only Lbaasv2 is supported in Mitaka. Additional information can
be found here:
http://docs.openstack.org/mitaka/networking-guide/adv-config-lbaas.html
Magnum uses Neutron Lbaas to provide high availability to COE API
and Etcd endpoints within a bay. Therefore, Neutron Lbaas is required
for Kolla to support Magnum.
Co-Authored-By: Serguei Bezverkhi <sbezverk@cisco.com>
Partial-Bug: #1551992
Change-Id: I05360b7c447c601fcb3c2b6b2a913ef5cc0f3a1b
This fix adds several variables required for Cinder iSCSI backend
configutation.
Change-Id: I2f709f8589fdbf62e3d0b265452fd58f413bee65
Closes-Bug: #1579800
The nova_ssh_private_key and nova_ssh_public_key is useless, and
they should not be merged.
Change-Id: I7e7178398242060a78fe7caee6e14fa77f2ffe35
Closes-Bug: #1576199
Add a nova-ssh container to handle the `nova migrate` and
`nova resize` case, in which the nova will use ssh to copy
files between machines.
Change-Id: Ie6675943f3aeabfbba8589d308d55b9c89d732db
Closes-Bug: #1562141
To be kolla deploy multiple clouds, we need to be able to configure
virtual_router_id other wise haproxy will fail setup the VIP for the
second cloud.
Partially-Implements: blueprint multiple-cloud
Closes-Bug: #1564547
Change-Id: I9eb27dd6fba61205841eadafc96601e235d2fe6d
As with all tools, this is a first pass at the generation. Perhaps we
even want to move this into kolla/kolla/cmd and be generated with tox
itself in the future.
This tool, when run, will only populate empty fields that have no
values meaning that it is safe to run repeatedly on the same file.
Of note, there is no way to preserve comments in the file after it has
been processed by the yaml parser in python. Comments and sections
will remain in the passwords.yml template for additional documentation
if the user wishes to populate the file themselves.
Use SystemRandom and clean up the docs a bit to not use pronouns.
Co-Authored-By: Steven Dake <stdake@cisco.com>
Closes-Bug: #1559266
Change-Id: I2932d592df8871f1b7811059206d0b4d0553a687
The user variable was incorrectly in passwords.yml
The naming was inconsistent, it should be prefixed with manila_*
Removed old unused variable
TrivialFix
Change-Id: I182797fcc6d62d35174403d78d71c8ad7ddcbc43
