This change [0] reverted designate dashboard change because
designate was not finished, we forgot to enable again.
[0] https://review.openstack.org/#/c/408714/
Change-Id: Ibaf7e5a5dc8cbef619d86a0f2b240d384984e8bd
The external_ceph_cephx_enabled option is duplicated
in the global.yml. So one of them was deleted.
Change-Id: I2eff2f1d00b3344f90488bfe0477fe800bcaa85f
Closes-Bug: #1702395
Signed-off-by: jangseon ryu <jangseon.ryu@navercorp.com>
When using the simple_crypto plugin, barbican expects the
[simple_crypto_plugin] kek config value to be a base64-encoded 32 byte
value. However, kolla-ansible is providing a standard autogenerated
password.
There are two relevant variables in kolla-ansible -
barbican_crypto_password (a standard password) and barbican_crypto_key
(a HMAC-SHA256 key). There is no use of barbican_crypto_key other than
when it is generated. barbican_crypto_password is used to set the
[simple_crypto_plugin] kek config value but causes an error when the
simple_crypto plugin is used as the value is not in the expected format.
Using barbican_crypto_key instead resolves the error. Clearly there is a
naming issue here and we should be using barbican_crypto_key instead of
barbican_crypto_password.
This change removes the barbican_crypto_password variable and uses
barbican_crypto_key instead.
Change-Id: I63e2b381c260265e5901ee88ca0a649d96952bda
Closes-Bug: #1699014
Related-Bug: #1683216
Co-Authored-By: Stig Telfer <stig@stackhpc.com>
Implement an ansible role that adds Hyper-V as a compute node for
OpenStack using Kolla.
This will install and configure the Nova Compute service, the
Hyper-V Neutron agent and FreeRDP-WebConnect.
https://docs.openstack.org/ocata/config-reference/compute/hypervisor-hyper-v.html
Change-Id: I601835b0769c5ff173a980a05a752391ae8cc82f
Implements: blueprint hyperv-ansible-role
Co-Authored-By: Alessandro Pilotti <apilotti@cloudbasesolutions.com>
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
This patch introduces the ansible materials to deploy
the skydive service, that can be used to monitor and
troubleshoot networking in an openstack deployment.
Implements: blueprint skydive-service
Co-Authored-By: Nicolas Bouron <nicolas.bouron@gmail.com>
Signed-off-by: Mathieu Rohon <mathieu.rohon@gmail.com>
Change-Id: I53051a1b0c85380416288e17040a398b6efb62c0
If used external ceph for nova,the ceph storage not enable cephx.
So ceph keyring file not does not exist.
Task throw error of check ceph keyring files.
Change-Id: I6257c107b94abf4d363e854229aaab8301d1d694
Closes-Bug: #1684522
If used external ceph for cinder,the ceph storage not enable cephx.
So ceph keyring file not does not exist.
Task throw warning of copy over ceph keyring files.
Change-Id: Ibb3cd536c982ad9dede3c2a0ecfc02cdf6e4c1b9
Closes-Bug: #1684461
Designate options are uncommented in globals while in group_vars/all
are uncommented too.
This change comment designate options to maintain similar style
in globals.yml with other services.
TrivialFix
Change-Id: Iab36590e2eaa60580f438fe73dd5237b43b70ee9
Ceph is not able to determine the size of a cache pool automatically,
so the configuration on the absolute size is required here
otherwise the flush/evict will not work.
see
http://docs.ceph.com/docs/master/rados/operations/cache-tiering/
Change-Id: I4d4abb50787093a292e1ee6eb790c10ecf5ccb94
Closes-Bug: #1654375
Creates Openvswitch role and splits
openvswitch from Neutron role to enable
third party networking solutions that use
Openvswitch or customize Openvswitch.
For example Openvswitch with dpdk or
OpenDaylight.
Change-Id: I5a41c42c5ec0a5e6999b2570ddac0f5efc3102ee
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-Implements: blueprint opendaylight-support
Turns out this variable is not so useless...! In
I2c167bae6f34a102cd7fe66401d7defe13bf2bf7 we need to determine if a file
based backend is in use in order to determine how many api servers to
start. Without this variable these kind of checks would all need to be
updated every time a new shared storage backend is added.
This reverts commit 867c3bda39.
Change-Id: I335acc12b68b577b33d6cb28675225c40e6231cd
When glance_backend_ceph is not enabled, glance uses file as
backend store by default. Since glance_backend_file is useless
and not overriding glance backend when glance_backend_ceph is
enabled. I think it is good to remove it.
Change-Id: I94cbd8661e43ab296478470ed57d0effc5622ee5
Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-implements: bp add-zun-ansible-role
globals.yml have the highest var precedence in Ansible vars
as is added in kolla-ansible as -e @globals.yml
Setting openstack_release: "auto" causes error while
deploying/pulling as this var override the fact set in site.yml.
Value in globals.yml should be a real kolla version
(3.0.0, 4.0.0, etc)
Value in group_vars/all works fine with auto.
Change-Id: If99f7b4b1507909c6c2628b6d6fc6ce2519c9a24
Closes-Bug: #1671143
Booting from volume require cinder's ceph client secret now. Move cinder
before nova in site.yml, because nova depends on cinder ceph client key
now.
Change-Id: I01c9ed80843d98305b8963894c4917c21a35d3ac
Closes-Bug: #1670676
Integrate designate service with neutron to allow instances
and floatingip resolve designate dns.
MDNS service need to be reachable from nova instances
in order to resolve DNS queries.
Added new dns_interface to make this configurable.
Add designate guide.
Closes-Bug: #1661330
Change-Id: I5a2ac5cf2a9aa0977ae42d53dd64699623ddf3ed