Qinling is an OpenStack project to provide "Function as a Service".
This project aims to provide a platform to support serverless functions.
Change-Id: I239a0130f8c8b061b531dab530d65172b0914d7c
Implements: blueprint ansible-qinling-support
Story: 2005760
Task: 33468
Several services inherited [service_credentials] config sections which
they don't use in their code.
Change-Id: Iccf4358e85fb3d7ed25bc1762ff532b2c32bea4a
"Create default control plane organisation if it doesn't exist" task
fails when organisation already exists.
The list organisation task currently returns project domain id.
The create organisation task currently provides project domain name.
Change the create task to use default_project_domain_id instead.
TrivialFix
Change-Id: Ice70d55e6729fe55164dcf85e98acdc1d7925209
Add options for configuring TLS and authentication for elasticsearch
connections in in fluentd.
Change-Id: I936adc2aeaa3c87081be1c44aa0221caf2124e23
Closes-Bug: #1831078
Merged config files outputs to python_path which is incorrect. Changing it
to node_config_directory.
Change-Id: If801f54709114b931677adb605dffb75cfab25cd
Closes-Bug: #1830346
As described in document [1], the service_provider should be set to
'FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.
agents.agents.FirewallAgentDriver:default' for FWaaS v2.
[1] https://docs.openstack.org/neutron/stein/admin/fwaas-v2-scenario.html#enable-fwaas-v2
Change-Id: Iad3e906af325ba3209a77a91ab2061e515b4a219
Signed-off-by: ZijianGuo <guozijn@gmail.com>
According ceilometer commit: 9db5c6c9bfc66018aeb78c4a262e1bfa9b326798
ceilometer was removed transformer support
so, remove about transformers config.
Change-Id: I47fc90aa6dff6d0843c90b27a785e0c6b3d2961e
Close-bug: #1830601
ARA 1.0 will be released in the near future and isn't backwards
compatible. Pin it so it doesn't break things unexpectedly.
ARA ships simple setup modules to help figure out the paths
to where things are located.
These are backwards compatible from ARA 1.0 to 0.x.
Change-Id: I3fe3f4082279c2fd9a629605619a97aa5f5b0b73
Change I0ca38f2cc7d63b9b47eedb304ba7b00a94816f9a removed the roles
middleware from the example paste pipeline.
Change-Id: Ie9a3b0fef395aaf414407f6bae1ac4bca158240d
Let the Monasca Fluentd output plugin handle mapping of the log
message.
Change-Id: I4a74a91b9b38d5c172397a7e7204e626bcedcfac
Closes-Bug: #1830184
Depends-On: https://review.opendev.org/#/c/660988/
This file can be modified to adjust polling intervals or other configurations.
We can add a custom 'pipeline.yaml' file to override it.
Change-Id: I325523edc4f7e37db55a2e21fe52e76138e6d114
Signed-off-by: ZijianGuo <guozijn@gmail.com>
Stop showing the task has having made changes and silence warning about
not using the yum module (which we could use for the check, but not as
easily).
Change-Id: I9e3608b5db521930409a29981767f468ea234679
* event_definitions.yaml:
This file provides a standard set of events and corresponding traits
that may be of interest.
* event_pipeline.yaml:
This file can be modified to adjust which notifications to capture and
where to publish the events.
Change-Id: I9c1698e07b65102af9b3ee448ad07f8fa6428b74
Signed-off-by: ZijianGuo <guozijn@gmail.com>
Kolla-Ansible populates /etc/hosts with overcloud hosts using their API
interface IP address. When configured correctly, this allows Nova to use
the API interface for live migration of instances between compute hosts.
The hostname used is from the `ansible_hostname` variable, which is a
short hostname generated by Ansible using the first dot as a delimiter.
However, Nova defaults to use the result of socket.gethostname() to
register nova-compute services.
In deployments where hostnames are set to FQDNs, for example when using
FreeIPA, nova-compute would try to reach the other compute node using
its FQDN (as registered in the Nova database), which was absent from
/etc/hosts. This can result in failures to live migrate instances if
DNS entries don't match.
This commit populates /etc/hosts with `ansible_nodename` (hostname as
reported by the system) in addition to `ansible_hostname`, if they are
different.
Change-Id: Id058aa1db8d60c979680e6a41f7f3e1c39f98235
Closes-Bug: #1830023
Similar to what we did here: https://review.opendev.org/#/c/655276 but,
for ceilometer/data/meters.d/meters.yaml file.
The idea is to create a method for operators to manage custom meters
YAML files via Kolla-ansible. To do that, we enable them (operators)
to use a folder called by default "meters.d" in their local
ceilometer configurations, where all of the custom meters YAML files
will be read from. If this folder exist and has YAML files in it, we
copy them for the default "/etc/ceilometer/meters.d" path in the
containers. We do not inject things in the container though. We copy
the files for the control node, and then we map them via
ceilometer*.json container configuration files.
Change-Id: I712edcf39bfdb64887e25437f0aff30a45a829dd
Signed-off-by: Rafael Weingärtner <rafael@apache.org>
The etc_examples and inventory should be copied from the virtual
environment rather than the system.
Change-Id: I3ac1e057971b7481a0bce2a15351031e51bf97d6
Closes-Bug: #1829435
backport: stein, rocky
During startup of nova-compute, we see the following error message:
Error gathering result from cell 00000000-0000-0000-0000-000000000000:
DBNotAllowed: nova-compute
This issue was observed in devstack [1], and fixed [2] by removing
database configuration from the compute service.
This change takes the same approach, removing DB config from nova.conf
in the nova-compute* containers.
[1] https://bugs.launchpad.net/devstack/+bug/1812398
[2] 8253787137
Change-Id: I18c99ff4213ce456868e64eab63a4257910b9b8e
Closes-Bug: #1829705
Add the ability to Kolla-ansible to manage the 'max_workers' parameter
in Cloudkitty. We will use the 'openstack_service_workers' variable
to control the number of workers that Cloudkitty is able to use.
Change-Id: I2f4e7e5c45d71a7e01d1b743d2eb4850cc339419
Signed-off-by: Rafael Weingärtner <rafael@apache.org>
Right now every controller rotates fernet keys. This is nice because
should any controller die, we know the remaining ones will rotate the
keys. However, we are currently over-rotating the keys.
When we over rotate keys, we get logs like this:
This is not a recognized Fernet token <token> TokenNotFound
Most clients can recover and get a new token, but some clients (like
Nova passing tokens to other services) can't do that because it doesn't
have the password to regenerate a new token.
With three controllers, in crontab in keystone-fernet we see the once a day
correctly staggered across the three controllers:
ssh ctrl1 sudo cat /etc/kolla/keystone-fernet/crontab
0 0 * * * /usr/bin/fernet-rotate.sh
ssh ctrl2 sudo cat /etc/kolla/keystone-fernet/crontab
0 8 * * * /usr/bin/fernet-rotate.sh
ssh ctrl3 sudo cat /etc/kolla/keystone-fernet/crontab
0 16 * * * /usr/bin/fernet-rotate.sh
Currently with three controllers we have this keystone config:
[token]
expiration = 86400 (although, keystone default is one hour)
allow_expired_window = 172800 (this is the keystone default)
[fernet_tokens]
max_active_keys = 4
Currently, kolla-ansible configures key rotation according to the following:
rotation_interval = token_expiration / num_hosts
This means we rotate keys more quickly the more hosts we have, which doesn't
make much sense.
Keystone docs state:
max_active_keys =
((token_expiration + allow_expired_window) / rotation_interval) + 2
For details see:
https://docs.openstack.org/keystone/stein/admin/fernet-token-faq.html
Rotation is based on pushing out a staging key, so should any server
start using that key, other servers will consider that valid. Then each
server in turn starts using the staging key, each in term demoting the
existing primary key to a secondary key. Eventually you prune the
secondary keys when there is no token in the wild that would need to be
decrypted using that key. So this all makes sense.
This change adds new variables for fernet_token_allow_expired_window and
fernet_key_rotation_interval, so that we can correctly calculate the
correct number of active keys. We now set the default rotation interval
so as to minimise the number of active keys to 3 - one primary, one
secondary, one buffer.
This change also fixes the fernet cron job generator, which was broken
in the following cases:
* requesting an interval of more than 1 day resulted in no jobs
* requesting an interval of more than 60 minutes, unless an exact
multiple of 60 minutes, resulted in no jobs
It should now be possible to request any interval up to a week divided
by the number of hosts.
Change-Id: I10c82dc5f83653beb60ddb86d558c5602153341a
Closes-Bug: #1809469
Before making changes to this script, document its behaviour with a unit
test.
There are two major issues:
* requesting an interval of more than 1 day results in no jobs
* requesting an interval of more than 60 minutes, unless an exact
multiple of 60 minutes, results in no jobs
Change-Id: I655da1102dfb4ca12437b7db0b79c9a61568f79e
Related-Bug: #1809469
When integrating 3rd party component into openstack with kolla-ansible,
maybe have to mount some extra volumes to container.
Change-Id: I69108209320edad4c4ffa37dabadff62d7340939
Implements: blueprint support-extra-volumes
Cloudkitty has a default (built-in the container) metrics.yml file
in the /etc/cloudkitty/metrics.yml files. We would like to be able
to overwrite/customize these metrics configurations via kolla-ansible.
Cloudkitty is able to use a custom metric file via "metrics_conf".
Therefore, we are enabling this configuration via Kolla-ansible.
Change-Id: Id9019298482c040be05f540e71dacfdf0bd77469
Signed-off-by: Rafael Weingärtner <rafael@apache.org>
When using the the default domain name there are issues authenticating
with Keystone. For example, you can only log in on the second attempt
and the Monasca datasource fails to authenticate. Switching to the
default domain id resolves these issues.
Change-Id: I2cb4b2608c74dd853c97e4fc27078930bc72fdf8
The flush_handlers clause doesn't honour conditional clauses.
Instead, it prints a warning and runs anyway:
[WARNING]: flush_handlers task does not support when conditional
See: https://github.com/ansible/ansible/pull/41126
TrivialFix
Change-Id: Iaf70c2e932ae6dfb723bdb2ba658acdbfe74ebe2
This fixes a deprecation warning that gets displayed when running
the kibana/post_config 'Get kibana default indexes' task.
HEADERS_ has been deprecated since ansible 2.1 and will be
removed in 2.9.
https://docs.ansible.com/ansible/latest/modules/uri_module.html
TrivialFix
Change-Id: I177113c606119505c6cb69c66a326f7cbdaf2196
Since Ansible 2.5, the use of jinja tests as filters has been
deprecated.
I've run the script provided by the ansible team to 'fix' the
jinja filters to conform to the newer syntax.
This fixes the deprecation warnings.
Change-Id: I844ecb7bec94e561afb09580f58b1bf83a6d00bd
Closes-bug: #1827370
'Bootstrapping' was spelt with one p - added the second p so the
word becomes a verb nicely.
TrivialFix
Change-Id: I126a5c253408af70d6d0a3be6e59270f385a00e3
