Horizon and Neutron mistakenly were using keystone_public_url
for authentication. This works without error in deployments
when the internal services happen to have access to the
public network, but it is still wrong. This fails to work
when the internal services can not access the public URLs,
for example when TLS is enabled on the public endppoints.
This patches corrects horizon and neutron to use
keystone_internal_url for auth.
Change-Id: I59b9094364bef375036028ba86a771dabf28c963
Closes-bug: #1625648
kolla genconfig is pointing at cinder v1, not v2. nova pointing
at v1 is now broken. At least when cinder is backed by ceph and
the release is >= mitaka.
Closes-Bug: #1633758
Change-Id: Idf4a26b37587f1dabe2de0c1ffbddb8c08ee3bdb
If enable_neutron_dvr is set, it leads to a failure of the
'Copying over l3_agent.ini' task due to parsing errors.
TrivialFix
Closes-bug: #1633488
Change-Id: Ia30970d65cf7b09fff336fe878d2be02e934b082
bootstrap_service in ceilometer should only be ran once during multi
deployment to keep idempotent
Partial-Bug: #1633463
Change-Id: Ic5d256e2e887661b4679c4518e8c3865b85189bf
Perform the interface specific checks first, then do the network
related checks (not the other way around)
TrivialFix
Change-Id: Iae2c9fb9491060f1e33f067c08d22479108c3c98
This change adds copying iscsid logrotate
conf file for config task in common role.
Closes-bug: #1633127
Change-Id: I7da1f9ff794ed62f1baf70c04a2f6d0ca8d426aa
This patch [1] adds support to config multiple physical networks for
ovs neutron plugin, but it missed to change ml2_conf.ini.j2
correspondingly.
[1]: https://review.openstack.org/#/c/373455/
Change-Id: I1937e1e5986657470add07d4bcf8587642aa45ec
Closes-bug: #1631903
Add /etc/localtime:/etc/localtime:ro to volume for aodh, barbican, etcd,
gnocchi, kuryr and sahara.
All the containers are added in Netwon cycle, so no need to backport
Closes-Bug: #1633049
Change-Id: I9cdba54cf730af44fb1a9ff6f2c936d23dadbe9a
* enable iscsid when ironic is enabled
* update sample inventory files with above
* add logrotate conf template for iscsid
* add 'common' role dependency for iscsi role
Change-Id: I3054b9139a43542febf26c3ce9a71b65f2fcdd84
Closes-bug: #1632850
cinder_volume_group property is not seen by precheck tasks -
moving it to common group variables.
Change-Id: Id7614bb428bb0bf7217eab71b3ec28189e4032b5
Closes-Bug: #1631569
Currently, when there are some qemu processes which may be some useful
virtual machines running by the operator running on non compute node, the
cleanup script will fail the cleanup operation for that node. We need to
ignore the qemu process check for non compute nodes.
Change-Id: If49a1a30764063935b2a65312de8f3b2357c7fbc
Closes-bug: 1633005
During the upgrade from Mitaka to Newton, the uid/gid may change for the
same image. Especially on Ubuntu, we moved to Ubuntu Xenial in Newton
and it added systemd related user which break all the uid/gid during an
upgrade. It will the permissions in all docker named volumes.
This fix extends set_config.py to set the proper permission during
container start. This is super light then add commands in
extend_start.sh file or add ansible tasks.
This patch just fixes rabbitmq case. Other services will be fixed in
following patches.
Partial-Bug: #1631503
Change-Id: Ib17027b97abbc9bf4e3cd503601b8010325b5c5b
* install openssh client in keystone-fernet container
* install rsync in keystone-ssh container
* fix syntax issue in ssh configuration
* copy ssh configuration into keystone-fernet container
* copy id_rsa.pub into keystone-ssh container
* copy id_rsa into keystone-fernet container
* use full path to ssh binary in used scripts
* add missing newlines at EOF
* when using type source set /var/lib/keystone as home
directory for the user keystone
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Id6b41030056a69f6516a054beb2fc0e08226e876
Closes-bug: #1623013
The correct variable is ceilometer_database_mongodb_address rather than
ceilometer_database_address
TrivialFix
Change-Id: I1d5331b5b9e1433c7b271a999ce47941d9a447eb
The swift-object-expirer is provided by the 'openstack-swift-proxy'
package and thus it is unavailable on swift-object image. This change
adds a new Docker image to fulfill this requirement and stop using
swift-object image in this case.
This image is needed while RDO does not fix the packaging. The issue
is being tracked in:
https://bugzilla.redhat.com/show_bug.cgi?id=1382921
Change-Id: Idc7ee92d756d8923da2198ede33abf5ed1142041
Closes-Bug: 1630425
