This patch extends the prometheus role for being able
to deploy the prometheus-alertmanager[0] container.
The variable enable_prometheus_alertmanager
decides if the container should be deployed and enabled.
If enabled, the following configuration and actions are performed:
- The alerting section on the prometheus-server configuration
is added pointing the prometheus-alertmanager host group as targets.
- HAProxy is configured to load-balance over the prometheus-alertmanager
host group. (external/internal).
Please note that a default (dummy) configuration is provided, that
allows the service to start, the operator should extend it via a node custom config
[0] https://github.com/openstack/kolla/tree/master/docker/prometheus/prometheus-alertmanager
Change-Id: I3a13342c67744a278cc8d52900a913c3ccc452ae
Closes-Bug: 1774725
Signed-off-by: Jorge Niedbalski <jorge.niedbalski@linaro.org>
There are cases when we can lost original timestamp field given from
logs, like when we send our logs to the next fluentd forwarder in chain
of forwarders, it will rewrite our timestamp by default. Save
`Timestamp` field explicitly to avoid such situation and be able to
reconstruct messages date and time.
Closes-Bug: #1781046
Change-Id: I2b4486aedacbe16dc4c0fb2e4e4984bd80e59f2d
Ironic creates hardlinks between the TFTP master image store and the
HTTP root path when iPXE is enabled. With Docker volumes used for these
locations we run into https://bugs.launchpad.net/ironic/+bug/1507894
during deployment. If we use a directory under /httpboot to store the
master images this issue is avoided.
This change uses the new bifrost config variable,
ironic_tftp_master_path added in [1] to configure the path, rather than
the existing hacked approach of modifying the ironic.conf config file
after the bifrost_deploy container has started.
[1] https://review.openstack.org/#/c/577071
Change-Id: I5c62999c4956bebd0d3920d756ce67ba194b0ebe
In some cases we may want a configuration in which the kolla user's
primary group name is not the same as their username. Doing this
currently breaks the sudoers configuration, since user entries should
reference a user, or a group prefixed with a '%'.
There does not seem to be a good reason to give root privileges to the
entire group (which sometimes may be a shared group), so let's revert to
giving only the user root privileges.
See kayobe CI test [1] in which a different user and group were
configured, leading to permission denied when using kolla ansible.
[1] http://logs.openstack.org/53/581053/2/check/kayobe-overcloud-centos/a70168e
TrivialFix
Change-Id: I677778ebd0de58df0adfa2a8705f161ec5552283
In some environments it may not be desirable to modify the sudoers
configuration. This change makes this part of bootstrap-servers
optional, based on the create_kolla_user_sudoers variable.
Change-Id: I653403bfc5431741807edef57df58e05e679900b
This makes the bootstrap-servers command more idempotent, since without
the append argument set the kolla user will be removed from the docker
group before being added to it again in a later task.
TrivialFix
Change-Id: Iab0f6b5e18a103e9140631ee3ebbbb48c490bc24
In I86bf5e1df3d6568c4f1ca6f4757f08a3dd22754d, creation of the kolla user
was moved to after package installation to ensure the sudo package is
installed when required. This change does not work when python
dependencies are installed in a virtual environment however - when the
virtualenv variable is set.
This change moves the ownership change of the virtualenv to after the
kolla user has been created. It also uses the kolla_user and kolla_group
variables to set the user and group appropriately.
Change-Id: I320e5d611099ad162945a98d5505a79606da0eba
TrivialFix
The Monasca Log Transformer takes raw, unstandardised logs from one
Kafka topic, standardises them with whatever rules the operator wants
to use, and then writes them to a standardised logs topic in Kafka. It
is currently implemented as a Logstash config file.
Since Kolla does a fairly good job of standardising logs, this service
does very little processing. However, when other sources of logs
are used, it may be useful to add rules to the Transformer, particularly
if it's not possible to standardise the logs at source.
Ingesting the logs from this service with Fluentd will be covered under
a different commit.
Change-Id: I31cbb7e9a40a848391f517a56a67e3fd5bc12529
Partially-Implements: blueprint monasca-roles
The authtoken config variable delay_auth_decision must be set to True.
The default is False, but that breaks public access, StaticWeb, FormPost,
TempURL, and authenticated capabilities requests (using Discoverability).
Change-Id: I420a95f5f9fda3321a4acfc5846e40294a8bd588
Closes-Bug: #1768795
User can use custom directory for nova instance.
For example using a shared file system as backend.
Change-Id: I11fe4891719a2e2a34888d8b798df5602e294e4f
Other lists of servers have the postfix _servers. To be consistent
this change uses the same format for Kafka.
Change-Id: Ia595f2ab485904e76fb76211f6715a7c019886ea
Partially-Implements: blueprint monasca-roles
As of the Queens release, Keystone solely implements the Identity
API v3. Support for Identity API v2.0 has been removed since Queens
in favor of the Identity API v3.
Change-Id: If65b26935e8bd1e6655d84259499f4013762e4e3
Closes-Bug: #1778846
Skydive recently splitted the OpenStack configuration:
one for the authentication - on the analyzer - 'auth.keystone'
and an other one for the Neutron probe on the agent
'agent.topology.neutron'.
Change-Id: Idce277d30f01e7a36499b1aee24c54779c54a807
It is not always convenient to use the the given
admin project and admin user; especially when some clouds
use different user and project for there keystone 'admin'
This allows setting the variables for these users to something
else, and defaults them to there current values of 'admin'.
Change-Id: I22b79a30f01c90a92ecc0974886edf3791518f2f
By default, kolla configure docker to use an insecure connection
with the private registry. If we want to use SSL verification we need
to add an option.
Change-Id: Id1805c9cfeb499da9bb56c70028f14c6f8bb20b6
1. Add the role enabled check for some projects
2. adjust the file created positon for keystone to keep
consistence with others
Change-Id: Id2b893ba546b3adf41d97927f8d20dca403a0457
As reported in the bug, these can grow to 10s to 100s of GB
in a month. To reduce the chance of filling the disk and
bringing down the control plane this change defines
an expiry time.
Closes-Bug: 1720113
Change-Id: I508aad1f515d5108a3d08c90318b70d0a918908c
This reverts commit f8fd06011aed5cd9028a8c1e206762a78e137df7.
Based on the code, overall uses service_credentials, but looks like a
few parts is using keystonemiddleware.auth_*
Closes-Bug: #1775956
Change-Id: I766a5624737cae892fe77fa8151b20e0972ed5b2
Both the driver and the enabled_drivers options are being removed
this week. Stop setting them to avoid breakages.
Change-Id: I0e0bf851424b8f5839b159ef83f1cc65c30e2fb3
