- This change adds support for building and deploying
a bifrost container for baremetal provisioning.
- This change documents how to manually deploy and bootstrap
the bifrost container.
Implements: blueprint bifrost-support
Change-Id: I7d895839b11cbf916be33225875465c3358b5aa4
Collectd-ceilometer-plugin is essential for further
more detailed metrics collection, smarter scheduling and service
assurance.
Change-Id: I3a926d9bee592a9bff31a90fa1ffeb0a58f5025a
Partially-Implements: blueprint collectd-ceilometer-plugin
Retry once when removing or upgrading nova_libvirt to ensure it is
removed
Closes-Bug: #1617741
Change-Id: I8b5046a438c0ef3599a4333bbe77333f0af323ff
Signed-off-by: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Is a best practice in Unix/Linux scripts to use dots
instead of source command.
Using dots will avoid issues with non BASH shells
TrivialFix
Change-Id: Ie6480a1954f853f79faffa093452715ebd9f7d90
Signed-off-by: Eduardo Gonzalez <dabarren@gmail.com>
* Inspected each error and fixed / added nosec where appropriate.
* build-swift-ring.py which was throwing sec errors is no longer used so
removed it.
* Removed the dev/ directory from being checked.
Closes-Bug: #1617713
Change-Id: I25664cabca4137e5c9f499c1af3f5ce78b86fb56
This patchset contains customization of Dockerfile of the MariaDB
container.
Change-Id: Id234f549376ec68c7f6120d058692aa64dc97de0
Partially-implements: blueprint third-party-plugin-support
rabbitmq's start task contains a precheck. This should be part of the
other prechecks for consistency
TrivialFix
Change-Id: I7728ec3f5be3248424d74a4387925b72114b8943
Directory /home/ansible/.ansible and file /var/log/kolla/ansible.log are
not created by default in toolbox image, so when ceph enabled, the directory
and file will be created with user 'root' instead of user 'ansible' after
running bootstrap osds because it using sudo when bootstraping osds,
this will cause permission denied issue for other commands not using sudo.
Fixes this issue by initializing ansible by running 'ansible localhost
--version' using user 'ansible'
TrivialFix
Change-Id: Ibac3f98b3b72cbe287ee1d3a69ed9cea7ae3cd9e
This patchset contains customization of Dockerfile of Ironic
containers.
Change-Id: If6ffb741111127886f754ddebd17059174387fc8
Partially-implements: blueprint third-party-plugin-support
This patchset contains customization of Dockerfile of the RabbitMQ
container.
Change-Id: I5b0120dc63586b3bf2312375de963fe8434a48b8
Partially-implements: blueprint third-party-plugin-support
This adds the docker aspects of fernet key bootstrapping as well as
distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
The Ansible component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: Id610e00e8c63c7f1bc0974c0aa1b3f44c18e1019
Partially-Implements: blueprint keystone-fernet-token
Partially-Implements: blueprint third-party-plugin-support
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
a round-robbin style. This ensures that any node failures will not
stop the keys from rotating. This is configured by a desired token
expiration time which then determines the cron scheduling for each
node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
starts it will run sanity checks to ensure that its fernet tokens
are not stale. If they are it will rsync with other nodes to ensure
its tokens are up to date.
The Docker component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
This ensures that the same client IP address will always reach the same
server as long as no server goes down or up. [0]
Prevents a situation where during Murano package upload - we end up
having zip file on one control node but the import continues on another
and ends up failing.
[0] http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#4-balance
TrivialFix
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Change-Id: I5f90d2757f31e8b24459a585153d5aa7fe6ad90a
Add Ansbile reconfigure playbook to Elasticsearch role.
Add run condition to start playbook in Elasticsearch role.
Change-Id: I7862089cae55d392eb2d922f89a382d392cf8b97
Closes-Bug: #1616005
The kolla-toolbox container contains ansible which has the mysql_db
module which helps on various mysql tasks such as db creation. The
mysql_db module requires certain mysql binaries in order to accomplish
tasks such as restoring a database from a dump.
This change adds those client libraries which weren't previously
included in the container.
Change-Id: I6516838381bf9327c8901fc4c32ebd5151fb053f
Signed-off-by: Stephan Michaud <michauds90@gmail.com>
Closes-Bug: #1616155
