18 Commits

Author SHA1 Message Date
Dai Dang Van
bf0bf04392 Mixing binary and source images for I* and K* projects
In case Kolla's users want to deploy with both of
binary and source image, we should have a variable
install type that define install type for each project.

We also add specific image tag for each Openstack project.

This commit is implemented for Ironic, Kabor,
Keystone project and iscsi as well.

Change-Id: I134d840b1c0e24171a32dec0c7daa6dc2e9ecd87
Implements: blueprint mixing-binary-and-source-image
2017-06-03 15:03:30 +07:00
Jeffrey Zhang
8155d74d8d Refactor register.yml files
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Change-Id: I9a4a6b6523dee4b388513386b7d85d421f2b7b89
2017-01-26 17:10:27 +00:00
Jeffrey Zhang
155ec962e3 Optimize reconfiguration for keystone
Partically-implements: blueprint better-reconfigure
Change-Id: Ieab308ea1ec90300e319db4e1bcf8bd0cfef7619
2017-01-05 14:15:20 +08:00
Shaun Smekel
1c68ae389b Add full support for fernet
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.

- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
  the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
  This will handle key rotations through keystone-manage and trigger
  an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
  a round-robbin style. This ensures that any node failures will not
  stop the keys from rotating. This is configured by a desired token
  expiration time which then determines the cron scheduling for each
  node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
  starts it will run sanity checks to ensure that its fernet tokens
  are not stale. If they are it will rsync with other nodes to ensure
  its tokens are up to date.

The Docker component is implemented in:
  https://review.openstack.org/#/c/349366

Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
2016-08-25 20:08:22 +10:00
Ken Wronkiewicz
a6d89f44e9 Horizon interface address and memcached override
Note: This should not result in any behavior changes in regular Kolla, just
Kolla-Kubernetes and only when you've overridden stuff in globals.yml

Allows override of interface address and memcached pools, so that Kubernetes
can do the right thing.

There are some significant architectural issues involved in memcached pooling
in the Kolla-kubernetes world.  Avoiding them right now.

Current working with this Kolla-Kubernetes globals.yml file:

api_interface_address: "0.0.0.0"

memcached_servers: "memcached"

keystone_database_address: "mariadb"
keystone_admin_url: "http://keystone-admin:35357/v3"
keystone_internal_url: "http://keystone-public:5000/v3"
keystone_public_url: "http://keystone-public:5000/v3"

Three tings to note:
 * In Kolla-Kubernetes, the service is not using net=host, so a
   0.0.0.0 interface address is totally OK.  That patch has been merged.
 * In Kolla-Kubernetes, the global.yml file doesn't do var substitution
   so you have to be explicit about the URLs, otherwise Keystone will
   look like it was provisioned but it won't quite be provisioned right.
 * In order to not duplicate tons of code, moved the keystone_admin_url /
   keystone_internal_url / keystone_public_url to the common defaults
   from the keystone defaults.

Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
Change-Id: I586ce1c6c3300254c4e2a398ff46645df576aeb0
Partially-implements: blueprint api-interface-bind-address-override
2016-08-02 12:39:22 -04:00
Patrick Powell
51504c3597 Keystones openstack_auth was undefined
Keystones openstack_auth is undefined for Keystones sanity check
closes-bug: #1601808

Change-Id: I445482ce32b924d9220e8c351363b6793558d3b4
2016-07-14 09:40:19 -04:00
Waldemar Znoinski
a2c2eba34f add support for non-default database_port in kolla/ansible
This change makes each step of the kolla deployment aware
of the port database was configured to listen on.
It defaults mariadb_port to database_port.

Change-Id: I8e85d5732015afc0a5481cb33e0b629fdfa84a1b
Closes-Bug: #1576151
DocImpact
2016-05-13 12:12:25 +00:00
SamYaple
57124620ab Fix Keystone v3 and Horizon
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that

This also includes removal of unused variables (transforms them into
endpoint url variables)

TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
2016-03-03 15:44:53 +00:00
SamYaple
4edd0baf8d Remove keystone admin token
Admin token has been deprecated upstream. It will be removed in O. We
switch over to the new `keystone-manage bootstrap` method for creating
the initial admin user, role, and project.

Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: I6ca90e8d4c3b71009e24b049b2efbc08c05ebfbf
2016-03-01 00:14:06 +00:00
SamYaple
d3cfb2052a Change kolla_internal_address variable
Due to poor planning on our variable names we have a situation where
we have "internal_address" which must be a VIP, but "external_address"
which should be a DNS name. Now with two vips "external_vip_address"
is a new variable.

This corrects that issue by deprecating kolla_internal_address and
replacing it with 4 nicely named variables.

kolla_internal_vip_address
kolla_internal_fqdn
kolla_external_vip_address
kolla_external_fqdn

The default behaviour will remain the same, and the way the variable
inheritance is setup the kolla_internal_address variable can still be
set in globals.yml and propogate out to these 4 new variables like it
normally would, but all reference to kolla_internal_address has been
completely removed.

Change-Id: I4556dcdbf4d91a8d2751981ef9c64bad44a719e5
Partially-Implements: blueprint ssl-kolla
2016-02-26 20:00:09 +00:00
venkatamahesh
70de590a11 Use uppercase 'S' in word "OpenStack"
Change-Id: I27ca0ea75f3d6a4371c91b3cb2c7a999ec90fbc4
2016-02-15 12:37:30 +00:00
Ice Yao
e1ff26612f remove option verbose define in defaults/main.yml
References: https://review.openstack.org/#/c/269042/

TrivialFix

Change-Id: Ief08781342a06f956fc4cf00ba4383759da8c897
2016-01-20 16:17:05 +08:00
Jeffrey Zhang
b766695f18 Move the admin account creation to register.yml
Create the admin project, user, role and keystone service info by
using ansible task rather than shell script

Closes-Bug: #1526251
Change-Id: Ieee215b9de1618b3d31f3d1a766a9d0ebafdee4d
2015-12-15 23:20:53 +08:00
Michal Jastrzebski
f632cfe878 Sanity check for keystone
This runs first sanity check for keystone. After keystone is deployed
it checks tenants.list()

Change-Id: Ie919ffe6124eb70428309404a434d9b0eb0b9f70
Partially-Implements: blueprint sanity-check-container
2015-12-02 10:27:36 -06:00
Sam Yaple
f2d575b9c6 Remove Ansible abstraction for Keystone
Change-Id: I0daf8b78f39b919d2b88336322203f1d643fc54b
Partial-Bug: #1482214
Partially-Implements: blueprint remove-abstraction-ansible
2015-08-08 06:01:44 +00:00
Sam Yaple
0fb09203d5 Removes unneeded variables
These variables are defined in the defaults.yml file

Change-Id: I45de4fbd41c50e2a8fe3233cdffc467c9a594aa5
Closes-Bug: #1480498
2015-08-01 00:40:28 +00:00
Vladislav Belogrudov
2887c6d2e4 Add missing slash if docker registry is specified
If user specifies registry a full image name is constructed by
concatenation of the registry, namespace and image. Currently
concatenation does not include '/' if registry is non-empty but
it should. If registry is empty '/' is not required.
This fix covers both use cases with help of Ansible filter.

Change-Id: I0588dd0da55d777e6caa7eb47d51b2435d38d5e0
Closes-Bug: #1479013
2015-07-31 18:38:16 +03:00
Sam Yaple
3ac7da64d1 Add initial config function and keystone support
Add set_configs function that implements the flow from the proposed
ansible-multi spec. Move start.sh to config-internal.sh to preserve existing
behaviour.

config-externall.sh copies the appropriate configs in from the bind'd
location and sets permissions and ownership appropriately.

Partially Implements: blueprint ansible-multi

Change-Id: I53fca0660451087f273fefc3c63e0d8cf1a2c096
2015-06-30 17:26:23 +00:00