The auth parameters `admin_username`, `admin_password`,
`admin_tenant_name` and `admin_url` of the [ironic] config
option group are now deprecated and will be removed in a
future release. Using these parameters will log a warning.
Please use `username`, `password`, `project_name `and
`auth_url` instead.
Change-Id: I9e383788e35b83888b3b5cf927f67b0f3b4ef54b
Closes-Bug: 1619266
Irnoic configurations in nova compute node have been changed with
respect to the master code of ironic and nova. admin_url
configuration is with v3 version but other details are with
respect to v2.0 version of keystone authentication.
Updated scheduler_host_manager, compute_driver and admin_url
values in the nova.conf template to support ironic master
branch code.
Change-Id: I78bee3fdf082bcd526507b479be3afaee80ba899
Closes-Bug: #1619211
Introduced nova backend selection flag for Ceph and priority if
multiple backends are configured
Add mechanism to deploy arbitrary ceph.conf and keyring files into
nova-compute and nova-libvirt containers
Added documentation
Change-Id: Id010ca9cc2d914e5358ef79edeb600a28220dd4b
Implements: blueprint external-ceph
The Ceilometer integration for Nova uses notification_driver
parameter at the moment.
According to the logs this is deprecated:
Option "notification_driver" from group "DEFAULT" is deprecated.
Use option "driver" from group "oslo_messaging_notifications".
Change-Id: Ifb60a7a5945838bb8d12092d811956f84775df27
Closes-Bug: 1602667
The Nova EC2 API is disabled by default, the default value
of the enabled_apis parameter in nova.conf is "osapi_compute, metadata"
The EC2 API is marked as deprecated and will be removed from Nova in
the future.
Change-Id: I6b9d66017e066cde5749be45b367194d2192ead3
Closes-bug: #1586605
CentOS has a virtualization sig and storage sig which produces
udpated ceph and qemu images. These images are then reused within
the rest of Red Hat packaging. Install these repositories for
CentOS and make use of them.
This should work for OracleLinux as well.
Still testing centos.
Co-Authored-By: Vikram Hosakote <vhosakot@cisco.com>
Co-Authored-By: Paul Bourke <paul.bourke@oracle.com>
Change-Id: Iea21fc4f33bbfdb973cf354d492c372bd3360acb
Closes-Bug: #1566588
Make sure that all the sevices will attempt to
connect to the database an infinite about of times.
If the database ever disappears for some reason we
want the services to try and reconnect more than just
10 times.
Closes-bug: #1505636
Change-Id: I77abbf72ce5bfd68faa451bb9a72bd2544963f4b
When horizon is used to launch 2000 VMs, nova-conductor is very
busy making database connections. All 55 database connections are
in use, resulting in an inability to garbage collect database
connections. Instead raise the max pool to 50 which will allow
50 concurrent database connections and the max overflow to 1000
which permits the database connections to finish the job at
large nodecount scales.
Closes-Bug: #1565105
Change-Id: I26dc2f7fda8760197888a1d61fbc45dfada2dd06
At high scale, such as 64 nodes with 13TB ram and 2600 cores, nova
seems to struggle when scheduling 100+ VMs at the same time. The
issue is unrelated to the database, as the error printed indicates
the max_scheduling_attempts have been reached. Increase that value
to something more fitting of a 100 node cluster.
Change-Id: I8982d77c7c66db8f7c95b9fd73f58ceb66dbd723
Closes-Bug: #1563664
Add a nova-ssh container to handle the `nova migrate` and
`nova resize` case, in which the nova will use ssh to copy
files between machines.
Change-Id: Ie6675943f3aeabfbba8589d308d55b9c89d732db
Closes-Bug: #1562141
These options have all be deprecated/removed. This switches all
options to thier proper mitaka values.
TrivialFix
Change-Id: Ica8d5ea0d48da01ee11672a32890431acd6a306d
The in-process cache for keystone tokens has been deprecated due to
"incosistent results and high memory usage" with the expectation we
switch to memcached_servers if we want to stay performant.
Add memcache_servers [cache] section to the appropriate servers as the
[DEFAULT]\memcache_servers options was deprecated.
TrivialFix
Related-Id: Ied2b88c8cefe5655a88d0c2f334de04e588fa75a
Change-Id: Ic971bdddc0be3338b15924f7cc0f97d4a3ad2440
The security_group_api option is deprecated since
https://review.openstack.org/#/c/288602 , the security_group_api
will be detected through use_neutron.
TrivialFix
Change-Id: I4e4dd9397b67243ed7268529d9ed0d9b86c846dd
TLS can be used to encrypt and authenticate the connection with
OpenStack endpoints. This patch provides the necessary
parameters and changes the resulting service configurations to
enable TLS for the Kolla deployed OpenStack cloud.
The new input parameters are:
kolla_enable_tls_external: "yes" or "no" (default is "no")
kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem"
kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt"
Implements: blueprint kolla-ssl
Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that
This also includes removal of unused variables (transforms them into
endpoint url variables)
TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
Due to poor planning on our variable names we have a situation where
we have "internal_address" which must be a VIP, but "external_address"
which should be a DNS name. Now with two vips "external_vip_address"
is a new variable.
This corrects that issue by deprecating kolla_internal_address and
replacing it with 4 nicely named variables.
kolla_internal_vip_address
kolla_internal_fqdn
kolla_external_vip_address
kolla_external_fqdn
The default behaviour will remain the same, and the way the variable
inheritance is setup the kolla_internal_address variable can still be
set in globals.yml and propogate out to these 4 new variables like it
normally would, but all reference to kolla_internal_address has been
completely removed.
Change-Id: I4556dcdbf4d91a8d2751981ef9c64bad44a719e5
Partially-Implements: blueprint ssl-kolla
HAProxy: change to use option forwardfor to pass origin IP address
to backend via X-Forwarded-For header
Keystone: Apache does the audit logs for keystone. Change the
LogFormat to display the passed address instead of the connection
address which is that of the load balancer.
Nova, Cinder, Glance: these services can make use of the address
passed in X-Forwarded-For. With this setting the API logs for
these services include the client IP address.
Change-Id: Ia861ecc11a7c7d463d0366586926d1a842853f69
Closes-Bug: #1548935
To allow for TLS to protect the service endpoints, the protocol
in the URLs for the endpoints will be either http or https.
This patch removes the hardcoded values of http and replaces them
with variables that can be adjusted accordingly in future patches.
Change-Id: Ibca6f8aac09c65115d1ac9957410e7f81ac7671e
Partially-implements: blueprint ssl-kolla
We use tcp connection rather than socket so we can remove the config
options related to it.
Additionally adjust the _extremely_ verbose logging from INFO to
WARNING.
TrivialFix
Change-Id: I88bf660134192f11732d012985df5c4f688419ba
Use a lower number of workers rather than the default value, which is
equal to the number of the cpu. Otherwise, in a multi cpu environment,
the number of the processes will very high.
In this PS, we use min(5, << number of cpu >>) as the default worker
count.
Closes-Bug: #1582254
Change-Id: I1c32cf0db794b43b8fb8be18f39190422ca5846f
Previous work on Watcher added the Docker images, this
change adds the ansible configuration.
There is support for HA, via haproxy to balance across the
Watcher API hosts.
There is also a hook into nova.conf to conditionally add
Nova compute Host metrics via Ceilometer if Watcher is enabled.
This defaults to enabled false.
Change-Id: I8763528bb6ff12943b810212c71396d2d7cf6836
Partial-bug: #1598929
Partially-implements: bp watcher
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
Option "verbose" from group "DEFAULT" is deprecated for removal.
Its value may be silently ignored in the future.
If this option is not set explicitly, there is no such warning.
Furthermore, the default value of verbose is true, so there is
no need to set this value in config files.
TrivialFix
Change-Id: I3ec2a8900c984a64bc0645672ef89a63975f7f4e