91 Commits

Author SHA1 Message Date
ZhongShengping
2042ad2850 Deprecate old auth parameters of ironic in nova.conf
The auth parameters `admin_username`, `admin_password`,
`admin_tenant_name` and `admin_url` of the [ironic] config
option group are now deprecated and will be removed in a
future release. Using these parameters will log a warning.
Please use `username`, `password`, `project_name `and
`auth_url` instead.

Change-Id: I9e383788e35b83888b3b5cf927f67b0f3b4ef54b
Closes-Bug: 1619266
2016-09-20 08:44:23 +08:00
Serguei Bezverkhi
134089d6cd Adding required check for Orchestration Kubernetes
Thgis PS add missing check for Kubernetes orchestration engine,
without these changes, running kolla-ansible genconfig fails
for Kubernetes environment.

TrivialFix

Change-Id: I25eeb7ae3ddba7c924f6d48aa24afdbe74227170
2016-09-12 15:32:42 -04:00
Jenkins
48ade16227 Merge "Updating ironic configurations in nova.conf" 2016-09-05 16:07:59 +00:00
Narasimha SV
2bf3ce5de8 Updating ironic configurations in nova.conf
Irnoic configurations in nova compute node have been changed with
respect to the master code of ironic and nova. admin_url
configuration is with v3 version but other details are with
respect to v2.0 version of keystone authentication.
Updated scheduler_host_manager, compute_driver and admin_url
values in the nova.conf template to support ironic master
branch code.

Change-Id: I78bee3fdf082bcd526507b479be3afaee80ba899
Closes-Bug: #1619211
2016-09-01 10:06:12 -04:00
Jeffrey Zhang
d255743601
Move to transport_url for rabbitmq configuration
rabbit_hosts, rabbit_userid and rabbit_password are deprecated for
removal.[0]

rpc_backend is deprecated for removal.[1]

rabbit_ha_queues is deprecated. it is useless when using RabbitMQ >= 3.0
[2]

[0] https://github.com/openstack/oslo.messaging/blob/master/oslo_messaging/_drivers/impl_rabbit.py#L112,#L134
[1] https://github.com/openstack/oslo.messaging/blob/master/oslo_messaging/transport.py#L46
[2] https://github.com/openstack/oslo.messaging/blob/master/oslo_messaging/_drivers/impl_rabbit.py#L163,L174

Closes-Bug: #1614082
Change-Id: I05d318ba6c11c5dbfa9fbf67d088a43ab465be30
2016-08-25 16:07:42 +08:00
Jenkins
63d448fe2e Merge "External Ceph - Implementation Nova" 2016-08-03 15:29:36 +00:00
Mathias Ewald
ffafebf87c External Ceph - Implementation Nova
Introduced nova backend selection flag for Ceph and priority if
multiple backends are configured

Add mechanism to deploy arbitrary ceph.conf and keyring files into
nova-compute and nova-libvirt containers

Added documentation

Change-Id: Id010ca9cc2d914e5358ef79edeb600a28220dd4b
Implements: blueprint external-ceph
2016-07-27 20:25:00 +00:00
ZhongShengping
823ab3f776 Remove notification_driver option
The Ceilometer integration for Nova uses notification_driver
parameter at the moment.
According to the logs this is deprecated:
Option "notification_driver" from group "DEFAULT" is deprecated.
Use option "driver" from group "oslo_messaging_notifications".

Change-Id: Ifb60a7a5945838bb8d12092d811956f84775df27
Closes-Bug: 1602667
2016-07-18 19:22:58 +08:00
Jenkins
7a82901ada Merge "Set the privsep_osbrick.helper_command in nova and cinder" 2016-07-18 08:46:18 +00:00
ZhongShengping
416028c85d Remove [neutron]/auth_strategy option in nova.conf
The [neutron]/auth_strategy has been removed,
read the information[1] to learn more.

[1] http://git.openstack.org/cgit/openstack/nova/tree/releasenotes/notes/remove-deprecated-neutron-options-5f3a782aa9082fb5.yaml

Closes-Bug: 1602171
Change-Id: Ide7ff9f36e89b8a091e5be3fb24ef210f9037e86
2016-07-12 17:14:31 +08:00
Jeffrey Zhang
5e90e90b11 Set the privsep_osbrick.helper_command in nova and cinder
os-brick starts using privsep, it will need to know how to invoke its
privileged half. This follow the how the devstack fixed in nova[1] and
cinder[2].

[1] https://review.openstack.org/#/c/277696/
[2] https://review.openstack.org/#/c/280031/

TrivialFix

Change-Id: I3761a5bde9766297127ad2011453ae4221ff5c2b
2016-06-25 18:04:11 +08:00
Jenkins
e48f68c82a Merge "Implement ceilometer ansible role" 2016-06-18 04:05:52 +00:00
Hui Kang
4108c6c6ec Implement ceilometer ansible role
Change-Id: I13c50a78b2dc7c98b720a4b2e7161104213bd295
Implements: bp ansible-ceilometer
2016-06-16 22:05:56 -04:00
Christian Berendt
c073b2d897 Remove EC2 API related configurations and tasks
The Nova EC2 API is disabled by default, the default value
of the enabled_apis parameter in nova.conf is "osapi_compute, metadata"
The EC2 API is marked as deprecated and will be removed from Nova in
the future.

Change-Id: I6b9d66017e066cde5749be45b367194d2192ead3
Closes-bug: #1586605
2016-06-16 12:16:07 +02:00
Mauricio Lima
2c34214388 Remove unecessary blank lines
TrivialFix

Change-Id: I1f03d428c380dfdbde5ef33e7ea43cbf5e9154ce
2016-05-02 07:44:29 -04:00
Steven Dake
a861450fd2 Fix failure to deploy with qemu.conf
Closes-Bug: #1572819

Change-Id: I1f2edb482af1e85708159a0dba44a79427dc5af3
2016-04-21 03:00:45 -04:00
Steven Dake
79627310aa Use proper protocol scheme with nova
Change-Id: I699d3fa4db897a25c31384b7dacf1c465aa4ea86
Closes-Bug: #1571129
2016-04-15 22:01:03 -04:00
Jenkins
9dafdd074f Merge "Set db connection retry to infinity" 2016-04-14 19:01:15 +00:00
Steven Dake
e37fa65f4f Use proper CentOS repositories for ceph and qemu
CentOS has a virtualization sig and storage sig which produces
udpated ceph and qemu images.  These images are then reused within
the rest of Red Hat packaging.  Install these repositories for
CentOS and make use of them.

This should work for OracleLinux as well.
Still testing centos.

Co-Authored-By: Vikram Hosakote <vhosakot@cisco.com>
Co-Authored-By: Paul Bourke <paul.bourke@oracle.com>

Change-Id: Iea21fc4f33bbfdb973cf354d492c372bd3360acb
Closes-Bug: #1566588
2016-04-14 10:50:38 +01:00
Ryan Hallisey
67333e4dd1 Set db connection retry to infinity
Make sure that all the sevices will attempt to
connect to the database an infinite about of times.
If the database ever disappears for some reason we
want the services to try and reconnect more than just
10 times.

Closes-bug: #1505636
Change-Id: I77abbf72ce5bfd68faa451bb9a72bd2544963f4b
2016-04-11 07:22:09 -04:00
Steven Dake
316eee3680 Increase max pool size so conductor doesn't implode
When horizon is used to launch 2000 VMs, nova-conductor is very
busy making database connections.  All 55 database connections are
in use, resulting in an inability to garbage collect database
connections.  Instead raise the max pool to 50 which will allow
50 concurrent database connections and the max overflow to 1000
which permits the database connections to finish the job at
large nodecount scales.

Closes-Bug: #1565105

Change-Id: I26dc2f7fda8760197888a1d61fbc45dfada2dd06
2016-04-08 03:21:41 -04:00
Steven Dake
8cdd8c4ec3 Increase max scheduling attempts to 10
At high scale, such as 64 nodes with 13TB ram and 2600 cores, nova
seems to struggle when scheduling 100+ VMs at the same time.  The
issue is unrelated to the database, as the error printed indicates
the max_scheduling_attempts have been reached.  Increase that value
to something more fitting of a 100 node cluster.

Change-Id: I8982d77c7c66db8f7c95b9fd73f58ceb66dbd723
Closes-Bug: #1563664
2016-04-06 01:58:37 -04:00
Jeffrey Zhang
42420830f6 Implement nova-ssh container
Add a nova-ssh container to handle the `nova migrate` and
`nova resize` case, in which the nova will use ssh to copy
files between machines.

Change-Id: Ie6675943f3aeabfbba8589d308d55b9c89d732db
Closes-Bug: #1562141
2016-04-03 07:21:17 +00:00
Vikram Hosakote
7af0ab9ba9 Make heka collect libvirtd.log in nova_libvirt container
Test results of this patch set are at:
http://paste.openstack.org/show/491382/

Change-Id: I1bc8bdb3180f30dc69af28a35fa057ac801bde0f
Closes-Bug: #1560298
2016-03-22 03:23:41 +00:00
SamYaple
7936b18a4d Enabled spice
spice used to default to enabled, it does not anymore

Closes-Bug: #1560205
Change-Id: I788f89587997f0d293ec57e0153592b0ed7b7aab
2016-03-21 20:32:25 +00:00
Jenkins
c14007578f Merge "Change deprecated options throughout Kolla" 2016-03-21 10:05:07 +00:00
Jenkins
059f708c5f Merge "Add memcached_servers to keystone_auth section" 2016-03-21 09:52:39 +00:00
SamYaple
56fd071bcb Change deprecated options throughout Kolla
These options have all be deprecated/removed. This switches all
options to thier proper mitaka values.

TrivialFix
Change-Id: Ica8d5ea0d48da01ee11672a32890431acd6a306d
2016-03-19 23:55:05 +00:00
SamYaple
d4535b6dc3 Add memcached_servers to keystone_auth section
The in-process cache for keystone tokens has been deprecated due to
"incosistent results and high memory usage" with the expectation we
switch to memcached_servers if we want to stay performant.

Add memcache_servers [cache] section to the appropriate servers as the
[DEFAULT]\memcache_servers options was deprecated.

TrivialFix
Related-Id: Ied2b88c8cefe5655a88d0c2f334de04e588fa75a

Change-Id: Ic971bdddc0be3338b15924f7cc0f97d4a3ad2440
2016-03-19 21:53:03 +00:00
SamYaple
45aafc724f Fix linuxbridge driver
We were specifying the wrong driver in our nova.conf

Change-Id: I37a3d366f2895b9d1281815ef85209feaa37b92d
Closes-Bug: #1559494
2016-03-19 16:32:41 +00:00
Allen Gao
9c739a7190 Fix the deprecated security_group_api and network_api_class
The security_group_api option is deprecated since
https://review.openstack.org/#/c/288602 , the security_group_api
will be detected through use_neutron.

TrivialFix

Change-Id: I4e4dd9397b67243ed7268529d9ed0d9b86c846dd
2016-03-08 17:50:08 +08:00
Dave McCowan
3daded6242 Add TLS protection on external API endpoints
TLS can be used to encrypt and authenticate the connection with
OpenStack endpoints.  This patch provides the necessary
parameters and changes the resulting service configurations to
enable TLS for the Kolla deployed OpenStack cloud.

The new input parameters are:

kolla_enable_tls_external: "yes" or "no" (default is "no")
kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem"
kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt"

Implements: blueprint kolla-ssl

Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
2016-03-03 14:44:37 -05:00
SamYaple
57124620ab Fix Keystone v3 and Horizon
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that

This also includes removal of unused variables (transforms them into
endpoint url variables)

TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
2016-03-03 15:44:53 +00:00
Jenkins
3aedf52489 Merge "Move ironic-discoverd to ironic-inspector" 2016-03-01 13:00:24 +00:00
SamYaple
f1bf9a4a1e Move shared variables to group_vars/all.yml
This follows the structure we have for Ironic and Nova

Closes-Bug: #1551316
Change-Id: I609e3dda40c65b73bb5e1208f702740416a042ed
2016-02-29 18:40:15 +00:00
Allen Gao
235e95885b Move ironic-discoverd to ironic-inspector
Closes-Bug: #1551052
Change-Id: Ic226287bbf1f1e8d5cc2e1d80ce2975448b1f95c
2016-02-29 11:47:52 +08:00
SamYaple
d3cfb2052a Change kolla_internal_address variable
Due to poor planning on our variable names we have a situation where
we have "internal_address" which must be a VIP, but "external_address"
which should be a DNS name. Now with two vips "external_vip_address"
is a new variable.

This corrects that issue by deprecating kolla_internal_address and
replacing it with 4 nicely named variables.

kolla_internal_vip_address
kolla_internal_fqdn
kolla_external_vip_address
kolla_external_fqdn

The default behaviour will remain the same, and the way the variable
inheritance is setup the kolla_internal_address variable can still be
set in globals.yml and propogate out to these 4 new variables like it
normally would, but all reference to kolla_internal_address has been
completely removed.

Change-Id: I4556dcdbf4d91a8d2751981ef9c64bad44a719e5
Partially-Implements: blueprint ssl-kolla
2016-02-26 20:00:09 +00:00
Dave McCowan
b770339534 Use passed client IP address in various audit logs
HAProxy: change to use option forwardfor to pass origin IP address
to backend via X-Forwarded-For header

Keystone: Apache does the audit logs for keystone.  Change the
LogFormat to display the passed address instead of the connection
address which is that of the load balancer.

Nova, Cinder, Glance: these services can make use of the address
passed in X-Forwarded-For.  With this setting the API logs for
these services include the client IP address.

Change-Id: Ia861ecc11a7c7d463d0366586926d1a842853f69
Closes-Bug: #1548935
2016-02-24 09:51:13 -05:00
xionglingfeng
64a3ac8433 Use external address in novncproxy and spice
Change-Id: I1e5fd00eb3978db950f008e740d3b8130964909f
Closes-Bug: 1548445
2016-02-22 14:43:12 -03:30
Éric Lemoine
511a758982 Make Heka collect Nova logs
Partially implements: blueprint heka
Change-Id: I67dfc5d762d74454e4a852dd61c57fe9cd4b78c8
2016-02-19 21:49:18 +00:00
Dave McCowan
1cedf77f19 Use variables to specify http or https when constructing URLs
To allow for TLS to protect the service endpoints, the protocol
in the URLs for the endpoints will be either http or https.

This patch removes the hardcoded values of http and replaces them
with variables that can be adjusted accordingly in future patches.

Change-Id: Ibca6f8aac09c65115d1ac9957410e7f81ac7671e
Partially-implements: blueprint ssl-kolla
2016-02-15 09:48:58 -05:00
SamYaple
e7dfd63bfc Create nova-api database
This is a required patch.

Kilo introduced a nova-api database but didn't use it. [1]
Mitaka now uses it and has broken booting instances. [2]

[1] https://wiki.openstack.org/wiki/ReleaseNotes/Kilo#OpenStack_Compute_.28Nova.29
[2] df0fca62cf/releasenotes/notes/request-spec-api-db-b9cc6e0624d563c5.yaml

Change-Id: If0a7f4ba4937fab8d60f5236ca00db06faa768c7
Closes-Bug: #1540579
2016-02-02 21:56:54 +00:00
SamYaple
e80b44da08 Remove the libvirt socket
We use tcp connection rather than socket so we can remove the config
options related to it.

Additionally adjust the _extremely_ verbose logging from INFO to
WARNING.

TrivialFix
Change-Id: I88bf660134192f11732d012985df5c4f688419ba
2016-01-27 20:04:13 +00:00
Jeffrey Zhang
3c3b0288b4 Use a lower number of the workers
Use a lower number of workers rather than the default value, which is
equal to the number of the cpu. Otherwise, in a multi cpu environment,
the number of the processes will very high.

In this PS, we use min(5, << number of cpu >>) as the default worker
count.

Closes-Bug: #1582254
Change-Id: I1c32cf0db794b43b8fb8be18f39190422ca5846f
2016-07-27 16:36:25 +08:00
Dave Walker (Daviey)
c3a6aa684a Add Watcher ansible roles and templates
Previous work on Watcher added the Docker images, this
change adds the ansible configuration.

There is support for HA, via haproxy to balance across the
Watcher API hosts.

There is also a hook into nova.conf to conditionally add
Nova compute Host metrics via Ceilometer if Watcher is enabled.

This defaults to enabled false.

Change-Id: I8763528bb6ff12943b810212c71396d2d7cf6836
Partial-bug: #1598929
Partially-implements: bp watcher
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
2016-07-22 11:45:19 +01:00
Jenkins
e410386e45 Merge "Fix deprecated parameter name in nova.conf" 2016-01-22 12:59:01 +00:00
Hui Kang
c9e9637651 Fix deprecated parameter name in nova.conf
rename auth_type to auth_plugin

Change-Id: Idc20cc6e61fe15e64ba5b49e874f1290b9ee685d
closes-Bug: #1536820
2016-01-21 17:50:58 -05:00
Ice Yao
83df0f8612 Add debug option in config file
Config file use *_logging_debug as debug default value

Change-Id: I41102fff9056a82f7307694252adff0aedcf2658
2016-01-20 15:44:27 +08:00
Wanlong Gao
66f5802daa Use driver instead of deprecated notification_driver in config
TrivialFix
https://review.openstack.org/#/c/249508/

Change-Id: Ie2732ee116b6b4b3e0210eb1f62fc72878d8c277
2016-01-19 17:09:19 +08:00
Allen Gao
3729755da0 remove option verbose from config files
Option "verbose" from group "DEFAULT" is deprecated for removal.
Its value may be silently ignored in the future.

If this option is not set explicitly, there is no such warning.
Furthermore, the default value of verbose is true, so there is
no need to set this value in config files.

TrivialFix

Change-Id: I3ec2a8900c984a64bc0645672ef89a63975f7f4e
2016-01-18 21:29:36 +08:00