9 Commits

Author SHA1 Message Date
zhubingbing
89392f4f6a Add gnocchi ansible role
Partially-Implements: blueprint ansible-gnocchi

Change-Id: I8dd0460bd21ac0a233fab0142ec7b6079459bdc2
2016-09-06 13:17:47 +00:00
Sean Mooney
538dbac24a adds bifrost ssh key generation
- This change extend the genpwd.py
  command to generate an ssh key pair
  bifrost.
- This change bifrost config and bootstrap
  task to install the generated keys.
- This change updates the bifrost guide to
  discribe how to provide your own key.

Change-Id: I05243f58843d9195cace253dff5628fae89c78e8
Implements: blueprint bifrost-support
2016-08-31 13:12:20 +00:00
Jenkins
1fd2d434b1 Merge "Fix bandit gate jobs" 2016-08-28 15:51:00 +00:00
Paul Bourke
fc30d583f9 Fix bandit gate jobs
* Inspected each error and fixed / added nosec where appropriate.
* build-swift-ring.py which was throwing sec errors is no longer used so
  removed it.
* Removed the dev/ directory from being checked.

Closes-Bug: #1617713
Change-Id: I25664cabca4137e5c9f499c1af3f5ce78b86fb56
2016-08-28 08:52:44 +00:00
Shaun Smekel
1c68ae389b Add full support for fernet
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.

- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
  the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
  This will handle key rotations through keystone-manage and trigger
  an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
  a round-robbin style. This ensures that any node failures will not
  stop the keys from rotating. This is configured by a desired token
  expiration time which then determines the cron scheduling for each
  node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
  starts it will run sanity checks to ensure that its fernet tokens
  are not stale. If they are it will rsync with other nodes to ensure
  its tokens are up to date.

The Docker component is implemented in:
  https://review.openstack.org/#/c/349366

Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
2016-08-25 20:08:22 +10:00
Sean Mooney
3e8f9986d1 add baremetal role to install kolla deps.
Change-Id: Ie70db1b18a73528b1194e4fbcf53d09fed20f4a0
Implements: blueprint kolla-host
2016-08-10 16:03:08 +00:00
Swapnil Kulkarni (coolsvap)
e1b5b149f2 Make passwords.yml file generation configurable
partially implements blueprint multiple-clouds

Change-Id: I676c4245e6f058ffbed345970ee78d1750dd0f2f
2016-05-21 01:51:17 +00:00
Jeffrey Zhang
42420830f6 Implement nova-ssh container
Add a nova-ssh container to handle the `nova migrate` and
`nova resize` case, in which the nova will use ssh to copy
files between machines.

Change-Id: Ie6675943f3aeabfbba8589d308d55b9c89d732db
Closes-Bug: #1562141
2016-04-03 07:21:17 +00:00
SamYaple
f03e06e09b Add generate_passwords.py to generate passwords
As with all tools, this is a first pass at the generation. Perhaps we
even want to move this into kolla/kolla/cmd and be generated with tox
itself in the future.

This tool, when run, will only populate empty fields that have no
values meaning that it is safe to run repeatedly on the same file.

Of note, there is no way to preserve comments in the file after it has
been processed by the yaml parser in python. Comments and sections
will remain in the passwords.yml template for additional documentation
if the user wishes to populate the file themselves.

Use SystemRandom and clean up the docs a bit to not use pronouns.

Co-Authored-By: Steven Dake <stdake@cisco.com>

Closes-Bug: #1559266
Change-Id: I2932d592df8871f1b7811059206d0b4d0553a687
2016-03-21 17:02:23 +00:00