First non-trivial scenario we'll be testing in gates will be cinder +
ceph. This patchset is supposed to create framework to easily add new
testing scenarios.
Change-Id: I6790eaf5cf3297af04a64e4169a39b6e2cd1890f
Neutron recommend as good practice to enable port_security
extension by default. Current networks will remain using
security groups, but will allow users to disable port_security
in their port or networks.
An example use case is nfv.
Change-Id: I69f2e3567fd00695cf1c4bcc9177c2b88e33c3ab
Neutron-server does not use br-tun at all,
this is only needed at compute and network nodes.
Change-Id: I0e11baa3fc8ee15c951cf4fc9aaa3a1d47819e81
Closes-Bug: #1642521
Haproxy fails to deploy if outward group is not
in inventory.
This change adds an optional outward setting for
haproxy
Change-Id: I351578582b1057bb48ac69859583a5db13f0bfb8
Ansible task support vars directive, no need implement another one in
merge_config. This patch remove the vars directive in merge_config
action plugin.
Change-Id: I33648a2b6e39b4d49ce76eb66fbf2522721f8c68
Implement an ansible role that adds Hyper-V as a compute node for
OpenStack using Kolla.
This will install and configure the Nova Compute service, the
Hyper-V Neutron agent and FreeRDP-WebConnect.
https://docs.openstack.org/ocata/config-reference/compute/hypervisor-hyper-v.html
Change-Id: I601835b0769c5ff173a980a05a752391ae8cc82f
Implements: blueprint hyperv-ansible-role
Co-Authored-By: Alessandro Pilotti <apilotti@cloudbasesolutions.com>
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
always_run is deprecated and removed in Ansible 2.4
check_mode is introduced in Ansible 2.2 and Kolla-ansible bump Ansible to
2.2.0 so it's safe to replace always_run by check_mode now.
Change-Id: Id1028d38b7bde30a6afe17b319dcdc77907914ab
Closes-Bug: #1643633
Implements: blueprint migrate-to-ansible-2-2-0
This reverts commit 94a882babe7210cdec0029f4796f2e1b83df116b.
Upstream has fix this issue by Ice89ad9dd486ad5fcac534ef5f7d8aae3b6b0f97
Change-Id: Ib17f93e4030c6f7da4e32ee84fcc5f7139e57895
Closes-Bug: #1694420
Kuryr need etcd on each compute node to store
network data.
Etcd is only deployed in controller nodes at this moment.
Also this change remove and useless bootstrap tasks.
Depends-On: I9c6c876773288c2f951966498db0ff8af090ac20
Change-Id: I8a84334e831fb15f6cbdd3bc34d2159638df6b85
Closes-Bug: #1697699
On many systems IPv6 related modules are not loaded by default.
Usually when one runs ip6tables-* commands required modules are
probed. In neutron_openvswitch_agent container /lib/modules
does not exist. The commands fail to process ip6 firewall
rules as consequence.
Change-Id: Ic4e72eb4f5304f013b7a09ddd31794cfafa67e0b
Closes-Bug: #1615715
Different Y stream version in Ansible is not compatible. Since ansible
2.2.0 is released for a while. It is time for kolla-ansible to bump the
min Ansible version. Then we can remove the annoying WARNING message
in deploying logs and use the new features.
Change-Id: I99f3c5678f6d2d1f93d61c660fbd166184ff6422
Cron is always restarting due dummy environment
variable is None.
This change adds a useless env value.
Change-Id: Iad435bb0671a25bc12c6a6d0d988d555faba76c3
Closes-Bug: #1697706
Zun made mandatory to use kuryr for networking.
This change update zun config to use kuryr.
Also updates documentation.
Change-Id: I9a55e390709b7e21d3efbd4be17a36db85cd8521
keystone-paste.ini file is introduced by
I3a3ca2e74c0ae341105d3481f97956c6da473046 for a security risk of
admin_token_auth middleware. Now this middleware is removed by
I57586ccfa0ad1309cc806d95377dc1ecad015914. So it is safe to use upstream
keystone-paste.ini file.
This patch also keep custom paste file feature. Just put the file to
/etc/kolla/config/keystone/keyston-paste.ini path.
Closes-Bug: #1695023
Partially-Implements: blueprint custom-paste
Change-Id: Ieb983b6a9edb6a156928f6b56a4bd2dbed4281e2
Since whole issue was related to check whether user wants to wipe
device, loopbacks can be opt out from this warnings
Change-Id: Idd823b282e3055457ed041a98c848deb8509cc30
Closes-Bug: #1667074
When bootstrapping a host for kolla-ansible the 'kolla-ansible
bootstrap-servers' command can fail if for any of the hosts the
'api_interface' is invalid. This happen if the host does not have a
network interface matching 'api_interface'. This is possible on
a host running bifrost, as bifrost does not require the api_interface
variable to be set.
This change avoids adding a hosts entry for hosts in the bifrost group
that do not have a valid api_interface. It also avoids modifying the
hosts file on hosts in the bifrost group that do not have a valid
api_interface.
Change-Id: Ie111ef54130adf2556ce83c402cdbb5058ace4f6
Closes-bug: #1665364
