When integrating 3rd party component into openstack with kolla-ansible,
maybe have to mount some extra volumes to container.
Change-Id: I69108209320edad4c4ffa37dabadff62d7340939
Implements: blueprint support-extra-volumes
Several config file permissions are incorrect on the host. In general,
files should be 0660, and directories and executables 0770.
Change-Id: Id276ac1864f280554e98b937f2845bb424d521de
Closes-Bug: #1821579
This allows designate service endpoints to use custom hostnames, and adds
the
following variables:
* designate_internal_fqdn
* designate_external_fqdn
These default to the old values of kolla_internal_fqdn or
kolla_external_fqdn.
This also adds a designate_api_listen_port option, which defaults to
designate_api_port for backward compatibility.
This option allow the user to differentiate between the port the
service listens on, and the port the service is reachable on. This is
useful for external load balancers which live on the same host as the
service itself.
Change-Id: I654bb3d1109b96cbaff6f450655cd65f349a94e6
Implements: blueprint service-hostnames
We're duplicating code to build the keystone URLs in nearly every
config, where we've already done it in group_vars. Replace the
redundancy with a variable that does the same thing.
Change-Id: I207d77870e2535c1cdcbc5eaf704f0448ac85a7a
'in' expresion matches substrings, therefore it is possible
that following expression will fail:
inventory_hostname in groups['groupname'][0]
for example when:
inventory_hostname = 'my-host-a'
groups['groupname'][0] = 'my-host-a1'
The result is running task on multiple hosts rather than single one.
Such action might result in playbook failure
Change-Id: Ibe2d5ca2f9502a8140a895ab3ac7abc5076ce2ff
Signed-off-by: Maciej Kucia <m.kucia@partner.samsung.com>
Update the template so that if 'dns_interface' is set, named listens on
this interface as well as the 'api_interface'.
Change-Id: I986ca46e5599e4767800fcc7f34a1c6e682efb55
Closes-Bug: 1808829
With this change, an operator may be able to stop a
service container without stopping all services in a host.
This change is the starting point to start
fast-forward upgrades support.
In next changes new flags will be introducced to disable
stop dataplane services during upgrades.
Change-Id: Ifde7a39d7d8596ef0d7405ecf1ac1d49a459d9ef
Implements: blueprint support-stop-containers
At the moment the "databases user and setting permissions" task for
designate and nova leaks the database_password because of the use
of with_items:
---snip---
TASK [nova : Creating Nova databases user and setting permissions] *********************************************************
ok: [x -> y] => (item={u'database_password': u'password', u'database_name': u'nova', u'database_username': u'nova'})
ok: [x -> y] => (item={u'database_password': u'password', u'database_name': u'nova_cell0', u'database_username': u'nova'})
ok: [x -> y] => (item={u'database_password': u'password', u'database_name': u'nova_api', u'database_username': u'nova_api'})
---snap---
Change-Id: I141e4153223c8772c82a31d81e58057ce266c0b9
Co-authored-by: Bernd Müller <mueller@b1-systems.de>
Having all services in one giant haproxy file makes altering
configuration for a service both painful and dangerous. Each service
should be configured with a simple set of variables and rendered with a
single unified template.
Available are two new templates:
* haproxy_single_service_listen.cfg.j2: close to the original style, but
only one service per file
* haproxy_single_service_split.cfg.j2: using the newer haproxy syntax
for separated frontend and backend
For now the default will be the single listen block, for ease of
transition.
Change-Id: I6e237438fbc0aa3c89a3c8bd706a53b74e71904b
When deploying designate if no designate_forwarders_addresses
is provided, bind9 container keeps restarting due an invalid(empty)
forwarder addresses is set in named.conf
Change-Id: I7d309eb077243435dd2038629074251abec7d3e1
Closes-Bug: #1787092
Now kolla dev mode only support clone master branch from git,
add version tag to support clone dedicated branch.
Change-Id: I88de238e5dc7461ba0662a3ecea9a2d80fd0db60
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Co-Authored-By: confi-surya <singh.surya64mnnit@gmail.com>
Change-Id: Ifd8527d404f1df807ae8196eac2b3849911ddc26
Closes-Bug: #1761907
This commit is to apply resource-constraints only to few OpenStack services.
Commit to apply constraints to other services will be made in coming commits.
Partially-Implements: blueprint resource-constraints
Change-Id: Icafa54baca24d2de64238222a5677b9d8b90e2aa
To get forwarding to work in the kolla implementaion of designate,
I'm adding parameters to the named.conf.j2 template. I'm adding
the ability to change the default values for dnssec-validation and
recursion and creating a new paramater for forwarders.
Change-Id: Ideef39034d75a0d99e8a3dc2a5f1a7203ccf51d5
Closes-Bug: #1781196
Provide support for kolla dev mode in designate. When
'kolla_dev_mode' or 'designate_dev_mode' variables are
enabled, source code of designate project is cloned
and bindmounted.
Partially implements: blueprint mount-sources
Co-Authored-By: zhulingjie <easyzlj@gmail.com>
Change-Id: Ib23fbd3d5ebc7e3ac372e0db1e0048d333eb95c0
Add become to all tasks that use the module "kolla_docker"
Change-Id: I4309c4011687b88ec31d739fd8f834fe2326ff10
Partial-Implements: blueprint ansible-specific-task-become
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
If SSL is enabled, api of multiple services returns
wrong external URL without https prefix.
Removal of condition for deletion of http header.
Change-Id: I4264e04d0d6b9a3e11ef7dd7add6c5e166cf9fb4
Closes-Bug: #1749155
Closes-Bug: #1717491
- remove uesless module_extra_vars, this is a historical issue. In the
past, we use 'docker exec kolla_toolbox ansible xxx' to run module on
target node, so complex data have to pass through extra_vars. Now we
are using kolla_toolbox module, no need to use extra_vars anymore.
- Remove some useless until.
Change-Id: I72ed28001202917f9a82a1c3ea33cd6319911ec8
This patchset implements yamllint test to all *.yml
files.
Also fixes syntax errors to make jobs to pass.
Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
- Barbican
- Ceilometer
- Cloudkitty
- Congress
- Designate
This will copy only yaml or json policy file if they exist.
Change-Id: Iaa19f64073d8bdee948bc2de58e095ca72afc092
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
through the database_address has beed defined in groups_vars/all.yml, we should
better use it, this way, if we want to use external database, we just need to
redefined in all.yml
refer to https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L83
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
Change-Id: Ie559301451954e16347ceaabf02f594c5c5cbe56
Designate communicate on publicURL (Default) endpoint with Neutron.
When TLS is enabled it generates errors (Missing certificate). We
need to ensure designate communicate with neutron on internalURL.
Change-Id: Ie969fc2d1a2d4241371b459af2fc5b7bdf236bf0
Closes-Bug: #1742625
This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends
This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note
Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185
The service listening port of MDNS can be override by dns_interface.
If so, the pool conf use the wrong IP for join mdns service.
Change-Id: I8a3678955ecf5f769da7090fe5dad68e027c102b
When deploying with tls enabled in public
endpoints, ansible modules fails due SSL certificates
are self-signed.
This change adds a new variable to allow customization
on which endpoints ansible should connect.
Defaults to admin because admin auth parameters defaults
to admin endpoint.
Change-Id: Ic3ed58cf9c9579cae08a11bbfe6fce983b5a9cbc
Closes-Bug: #1720995
kolla designate DNSaaS makes use of containerised bind9 servers
as it's default designate_backend. These can be disabled by
setting designate_backend to "no". default: "bind9"
This commit adds two new properties:
1) designate_backend_external
which can be enabled by setting it to 'bind9'. default: "no"
and
2) designate_backend_external_bind9_nameservers, which can
accept a csv list of all the external server addresses.
(default: "")
The following attributes should either be set:
'internal' (the default)
designate_backend: "bind9"
designate_backend_external: "no"
(designate_backend_external_bind9_nameservers is ignored)
or
'external'
designate_backend: "no"
designate_backend_external: "bind9"
(designate_backend_external_bind9_nameservers must be populated)
Configuration override files to align with external bind9
dns servers must be supplied manually,
/etc/kolla/config/designate/rndc.key
/etc/kolla/config/designate/rndc.conf
Change-Id: I8dbe6fd4fe7820b9143604d89e8399b07e07c3fd
Actually Openstack services configuration can be overriden using many
files:
- /etc/kolla/config/<< service name >>/<< config file >>
- /etc/kolla/config/<< service name >>/<<host>>/<< config file >>
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
Only per-service configuration is actually documented here:
https://github.com/openstack/kolla-ansible/blob/master/doc/advanced-configuration.rst#L164
Allowing to globally modify service configuration can be perform too,
but it can be done in 3 different manners, all not documented:
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
database.conf and messaging.conf seems redundant with global.conf.
In order to simplify codebase it seems logical to remove them.
Documentation has been added for overriding configuration globally and
release note has been added too.
Closes-Bug: #1682479
Change-Id: I5d922dfc0d938173bad34ac64e490b78db1b7e31
designate-api service is launched using dns_interface instead of api_interface.
Haproxy is using the good interface (api_interface), hence designate_api
can't be accessed.
Change-Id: I24e356c167c931a6b69a283efba12117fcff936a
Closes-Bug: #1703425
