rabbitmq's start task contains a precheck. This should be part of the
other prechecks for consistency
TrivialFix
Change-Id: I7728ec3f5be3248424d74a4387925b72114b8943
Directory /home/ansible/.ansible and file /var/log/kolla/ansible.log are
not created by default in toolbox image, so when ceph enabled, the directory
and file will be created with user 'root' instead of user 'ansible' after
running bootstrap osds because it using sudo when bootstraping osds,
this will cause permission denied issue for other commands not using sudo.
Fixes this issue by initializing ansible by running 'ansible localhost
--version' using user 'ansible'
TrivialFix
Change-Id: Ibac3f98b3b72cbe287ee1d3a69ed9cea7ae3cd9e
In order for Murano to be operational the core library package must be
imported [0]
Add Ansible tasks to do this idempotently.
[0] http://docs.openstack.org/developer/murano/install/manual.html
TrivialFix
Change-Id: I2c49e9d663595650b885267839012b543505337a
This patchset contains customization of Dockerfile of Ironic
containers.
Change-Id: If6ffb741111127886f754ddebd17059174387fc8
Partially-implements: blueprint third-party-plugin-support
This patchset contains customization of Dockerfile of the RabbitMQ
container.
Change-Id: I5b0120dc63586b3bf2312375de963fe8434a48b8
Partially-implements: blueprint third-party-plugin-support
This adds the docker aspects of fernet key bootstrapping as well as
distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
The Ansible component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: Id610e00e8c63c7f1bc0974c0aa1b3f44c18e1019
Partially-Implements: blueprint keystone-fernet-token
Partially-Implements: blueprint third-party-plugin-support
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
a round-robbin style. This ensures that any node failures will not
stop the keys from rotating. This is configured by a desired token
expiration time which then determines the cron scheduling for each
node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
starts it will run sanity checks to ensure that its fernet tokens
are not stale. If they are it will rsync with other nodes to ensure
its tokens are up to date.
The Docker component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
This ensures that the same client IP address will always reach the same
server as long as no server goes down or up. [0]
Prevents a situation where during Murano package upload - we end up
having zip file on one control node but the import continues on another
and ends up failing.
[0] http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#4-balance
TrivialFix
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Change-Id: I5f90d2757f31e8b24459a585153d5aa7fe6ad90a
The values for 'network_interface' and 'neutron_external_interface' are
missing from all.yml, meaning it is impossible to override them on a per
node / per group basis. (globals.yml get's top precedence).
Make these consistent with the rest of the variables and move the
defaults into all.yml. Operators can still override / update these in
globals.yml as before, but those wanting more flexibility now have it
via host / group variables.
Change-Id: I2575921f76a8e245106da765757c70353bd6762c
Closes-Bug: #1604129
Add Ansbile reconfigure playbook to Elasticsearch role.
Add run condition to start playbook in Elasticsearch role.
Change-Id: I7862089cae55d392eb2d922f89a382d392cf8b97
Closes-Bug: #1616005
The kolla-toolbox container contains ansible which has the mysql_db
module which helps on various mysql tasks such as db creation. The
mysql_db module requires certain mysql binaries in order to accomplish
tasks such as restoring a database from a dump.
This change adds those client libraries which weren't previously
included in the container.
Change-Id: I6516838381bf9327c8901fc4c32ebd5151fb053f
Signed-off-by: Stephan Michaud <michauds90@gmail.com>
Closes-Bug: #1616155
1.remove the # - it makes copy and paste very difficult
2.change "ubuntu" to "Ubuntu"
3.add "Restart docker by executing the following commands: "
TrivialFix
Change-Id: I0192d9fd7f597b0e2dc8d26d4fe5ba8b32483ce0
1、As mentioned in [1], we should avoid using six.iteritems/keys
achieve iterators. We can use dict.items/keys instead, as it
will return iterators in PY3 as well. And dict.items/keys will
more readable.
2、In py2, the performance about list should be negligible,
see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/
2015-June/066391.html
TrivialFix.
Change-Id: I0cbe8af3210233a58d25f0df187c3d085405aa2a
In ansible/roles/iscsi/tasks/pull.yml, there are references to
'iscsi', which should be 'iscsid' instead. This patchset
fixes this typo.
Change-Id: Id2c31bf69556ec8dcf66cc1d32d2bfe77f02367b
Closes-bug: #1602566
Updated vagrant doc to include
- package installs for CentOS
- add git and gcc required during install
Change-Id: Ic52350fb16f69cde87bd1a8177d4a76ef7fd4f5e
The /var/lib/nova/instances should be create if it do not exist
during starting nova-compute container. Rather than create it
at the bootstrap service stage.
Change-Id: Ibcc5fb8eec0b38cf2b4313f48d1beb3ba83b1e85
Closes-Bug: #1614970
Normally, when you launch a Docker container, the process you're
executing becomes PID 1, giving it the quirks and responsibilities that
come with being the init system for the container.
There are two common issues this presents:
* In most cases, signals won't be handled properly.
* Orphaned zombie processes aren't properly reaped.
the dumb-init acting like a simple init system. It launches a single
process and then proxies all received signals to a session rooted at
that child process.
Closes-Bug: #1614509
Change-Id: I9d3d04648e151ddc7c6732b92ffd3b6c9fe467ec
There were some problems in the documentaiton that
prevented tox -e docs from working. Also changed
attention to WARNING since attention was not as eye-grabbing
as I'd hoped during a previous review.
Change-Id: I2b661afa2cd4a4331bbcc99240d3e127a5d94a11
