Useful for upgrade etc., which is preferablly done serially.
Example usage: tools/kolla-ansible deploy OR tools/kolla-ansible upgrade
Closes-Bug: #1576708
DocImpact
Change-Id: I34b2e16f8ce53e472a4682a4738c4ac0f5abf00c
Note: This should not result in any behavior changes in regular Kolla, just
Kolla-Kubernetes and only when you've overridden stuff in globals.yml
Allows override of interface address, memcached pools, and glance registry
host so that Kubernetes can do the right thing.
There are some significant architectural issues involved in memcached pooling
in the Kolla-kubernetes world. Avoiding them right now.
Current working with this Kolla-Kubernetes globals.yml file:
api_interface_address: "0.0.0.0"
memcached_servers: "memcached"
keystone_database_address: "mariadb"
keystone_admin_url: "http://keystone-admin:35357/v3"
keystone_internal_url: "http://keystone-public:5000/v3"
keystone_public_url: "http://keystone-public:5000/v3"
glance_registry_host: "glance-registry"
Two tings to note:
* This depends on a kolla-kubernetes patch, so that it won't be merged
until it's safe for glance to bind to 0.0.0.0. It's OK to bind to
0.0.0.0 in the Kubernetes world because the network fabric controls
access.
* In Kolla-Kubernetes, the global.yml file doesn't do var substitution
so you have to be explicit about the URLs, otherwise Keystone will
look like it was provisioned but it won't quite be provisioned right.
Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
Change-Id: Ic87566118a1d4f552748392ff394b9b121c91887
Partially-implements: blueprint api-interface-bind-address-override
Depends-On: I586ce1c6c3300254c4e2a398ff46645df576aeb0
Use a lower number of workers rather than the default value, which is
equal to the number of the cpu. Otherwise, in a multi cpu environment,
the number of the processes will very high.
In this PS, we use min(5, << number of cpu >>) as the default worker
count.
Closes-Bug: #1582254
Change-Id: I1c32cf0db794b43b8fb8be18f39190422ca5846f
When making snapshot for instance with ceph enabled, nova will use
upate image api to create the snapshot directly. with the patchset
I7284dee828bc8ca00747bc7668b37fa7176afc85 in Glance, the
show_multiple_locations must be True.
Change-Id: Ic9612566e2ab8f641030fef97b519f11d942a915
Closes-Bug: #1604464
Changed the order of the 'when' statements in "remove/restart
containers" tasks. It will fix the reconfiguration problem when
deploying different components on different hosts.
Change-Id: Ibee9dd56b6128b664144deb1d9eb7ec32e39fd5c
Closes-Bug: #1603943
Most simple implementation of external ceph support.
We use INI merge to configure RBD backend for Glance and copy
ceph.conf and keyring provided by the user into the container.
Set_configs.py had to be extended to support globbing (wildcards) in
order to copy ceph keyring file which is named depending on the cephx
user name.
Partially-Implements Blueprint: external-ceph
Partially-Implements Blueprint: selectable-ceph
Change-Id: Iacadbd8ec9956e9f075206ea03b28f044cb6ffb8
Currently, if ceilometer is enabled with glance then the
rabbitmq is non-functional, causing various glance failures
including image upload.
This is caused because:
The generated config fails to have a carriage return at the
end of the rabbit_host line, causing the following line to
be added to this entry.
rabbit_host is used rather than rabbit_hosts, where the
fromer expects a string, rather than the list that is
provided.
This also adds rabbit HA support, to be in-line with the
other services using rabbitmq.
This is resolved, by pushing the rabbit_hosts entry to be
last, meaning that a carriage return is not required.
Change-Id: I89f26d542565b98025fd9b84fc4beb5cbed364e5
Closes-Bug: 1596244
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
An operator may want to specify the location of custom config
files so that kolla can detect their location and merge
them with the default configs generated.
Partially implements: blueprint multi-project-config
Change-Id: Ibfb38d07a36dfa7fe25381adc34cc1d3cbe7d1e1
This change makes each step of the kolla deployment aware
of the port database was configured to listen on.
It defaults mariadb_port to database_port.
Change-Id: I8e85d5732015afc0a5481cb33e0b629fdfa84a1b
Closes-Bug: #1576151
DocImpact
Make sure that all the sevices will attempt to
connect to the database an infinite about of times.
If the database ever disappears for some reason we
want the services to try and reconnect more than just
10 times.
Closes-bug: #1505636
Change-Id: I77abbf72ce5bfd68faa451bb9a72bd2544963f4b
Add a glance_service_groups variable containers the container name,
service name and group name. In this way, we can remove lots of
duplicated lines.
TrivialFix
Change-Id: I9beb7509ad7221cd495e3211a2e67d986486aac6
Only copy the necessary config files when it _really_ needed. This
will make the config file safer
Partial-Bug: #1559122
Change-Id: I5f5df54c688fb4f6b0ee68815116e2418d5742f7
The in-process cache for keystone tokens has been deprecated due to
"incosistent results and high memory usage" with the expectation we
switch to memcached_servers if we want to stay performant.
Add memcache_servers [cache] section to the appropriate servers as the
[DEFAULT]\memcache_servers options was deprecated.
TrivialFix
Related-Id: Ied2b88c8cefe5655a88d0c2f334de04e588fa75a
Change-Id: Ic971bdddc0be3338b15924f7cc0f97d4a3ad2440
This type of per node configuration is required to support things like
availability zones for nova. As always, if this file doesnt exist it
doesnt get used so this change is safe.
TrivialFix
Change-Id: Iff8172af522c2c96e5f2c173b24a5dfd4d522ed2
When using separate networks for external APIs and internal
APIs, services need to be configured to use the internal APIs.
The default is typically publicURL.
TrivialFix
Change-Id: I24da63220a65e210c37d9f24b6d76a0031d66f3d
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that
This also includes removal of unused variables (transforms them into
endpoint url variables)
TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
Due to poor planning on our variable names we have a situation where
we have "internal_address" which must be a VIP, but "external_address"
which should be a DNS name. Now with two vips "external_vip_address"
is a new variable.
This corrects that issue by deprecating kolla_internal_address and
replacing it with 4 nicely named variables.
kolla_internal_vip_address
kolla_internal_fqdn
kolla_external_vip_address
kolla_external_fqdn
The default behaviour will remain the same, and the way the variable
inheritance is setup the kolla_internal_address variable can still be
set in globals.yml and propogate out to these 4 new variables like it
normally would, but all reference to kolla_internal_address has been
completely removed.
Change-Id: I4556dcdbf4d91a8d2751981ef9c64bad44a719e5
Partially-Implements: blueprint ssl-kolla
HAProxy: change to use option forwardfor to pass origin IP address
to backend via X-Forwarded-For header
Keystone: Apache does the audit logs for keystone. Change the
LogFormat to display the passed address instead of the connection
address which is that of the load balancer.
Nova, Cinder, Glance: these services can make use of the address
passed in X-Forwarded-For. With this setting the API logs for
these services include the client IP address.
Change-Id: Ia861ecc11a7c7d463d0366586926d1a842853f69
Closes-Bug: #1548935
New playbook for glance service upgrade.
Change-Id: I759e4eddf669112f752fe07d6b99a4bb9593d97f
Implements: blueprint upgrade-glance
Partially-Implements: blueprint upgrade-kolla
The extend_start.sh script for rsyslog is removed as it is no longer
needed. Docker no longer binds to /dev/log or /run/kolla/log
Closes-Bug: #1544545
Change-Id: Ic0a323a26ee4e9e15baf4598285844a8a4955f23
To allow for TLS to protect the service endpoints, the protocol
in the URLs for the endpoints will be either http or https.
This patch removes the hardcoded values of http and replaces them
with variables that can be adjusted accordingly in future patches.
Change-Id: Ibca6f8aac09c65115d1ac9957410e7f81ac7671e
Partially-implements: blueprint ssl-kolla
Docker 1.10 has broken the gate and this patch will correct that
breakage.
The issue comes with rsyslog. Due to a commit in Docker 1.10 [1] we
must change the way we get the log socket for rsyslog. The /dev/
folder will no longer populate as we used it. So instead we simply
make a new socket in a path we control and share that to the correct
location in the containers.
Additionally, adjust the gate for new Docker daemon.
[1] https://github.com/docker/docker/pull/16639
Partially-Implements: blueprint kolla-upgrade
Change-Id: I881a2ecdf6d7b35991e1d38a3f3e60d022d6577f
This change is needed for clarity. We have a kolla-ansible script.
We have a kolla-mesos repo. We plan to have a kolla-ansible repo.
Already we have had far too much confusion about whether we are
talking about the container or the project. Naming this kolla-toolbox
eliminates all of that confusion and its probably a bit more accurate
of a name too.
Closes-Bug: #1541053
Change-Id: I8fd1f49d5a22b36ede5b10f46b9fe02ddda9007e
Add bootstrap label to all bootstrap containers to ensure that when
the a new container is launched a difference is seen between it and
the bootstrap container since we cannot rely on ENV variables for
this. This only affects mariadb at this stage, but it is needed to
ensure rabbitmq works when we switch to named volumes.
Change-Id: Ia022af26212d2e5445c06149848831037a508407
Closes-Bug: #1538136
After introduction of pull action and turing every main.yml into
{{action}}.yml we lost ability to perform upgrade
Change-Id: Ie9fa2cd083b061033abc733fba53d54f9c55e393
Fixes-Bug: #1538210
