Till now we've been flusing iptables in the gates to allow cross node
communication in the multi node ceph jobs. This raised security
concerns, in particular it exposed memcached to the external net.
This patch uses the infra provided role 'multi-node-firewall' in order
to correctly configure iptables. Thanks to Jeremy Stanley and Jeffrey
for help with this.
Closes-Bug: #1749326
Change-Id: Iafaf1cf1d9b0227b0f869969d0bd52fbde3791a0
Ansible provide script module to run shell script, The local script at
path will be transferred to the remote node and then executed, so no
need to copy script to remote node and use shell moulde to run it.
this patch optimise it.
Change-Id: If774502b66652f25593cda137cc8a5baefbd9695
The original code assumes that ElasticSearch will be deployed
on the same node as Kibana. This isn't always the case. When
they are not on the same node, Kibana will not be able to
connect to ElasticSearch and deployment will fail on the task:
'kibana : Wait for kibana to register in elasticsearch'.
A second advantage of making this change is that Kibana won't
break if ElasticSearch goes down on the node that it's running on
when there are additional ElasticSearch instances on other nodes.
A disadvantage of this change is that queries from Kibana to
ElasticSearch will no longer be local.
Closes-Bug: 1751817
Change-Id: I02ab2e7b1eb963b33e29c8f649cc9db0d63316f7
keystone-ssh is required by keystone-fernet. So start keystone-ssh
container before keystone-fernet.
Closes-Bug: #1751224
Change-Id: Ie1c8ae185549acc3dd87a2c5f0356443ea7924a5
We have pin keyston to queens release which supports UUID token through
https://review.openstack.org/546475, let us use UUID in queens and
migrate to fernet in rocky cycle.
This reverts commit df0bf1903febd124343ffb7fae398f44b9986422.
Change-Id: Ifb0112315b5047461ce0bf02c754cc0beac52d9a
The grafana local admin username can be configured by overriding
the admin user field in the grafana.ini file. However, this will
fail when kolla-ansible attempts to configure any enabled
datasources for grafana because the local admin password is
hardcoded to 'admin'. This change allows the grafana local admin
password to be configured via group vars so that the correct
username is used when configuring datasources.
Closes-Bug: #1750408
Change-Id: I0962200894f7a0452da1c249a68f9230b6fab13f
Murano failed to deploy due to outdated options - it tried to
issue v2.0 Keystone requests instead of v3. With new options that
are similar to other projects deployment succeeds.
Change-Id: I1970641e47fa6f94c2c6427ef49b3160d64c33ed
Closes-Bug: #1750373
