If upgrading the nova, cinder or manila services via 'kolla-ansible
upgrade', the Ceph config files are not generated. Users will expect
that these files are generated, to pull in any changes from their
configuration or the base kolla configuration.
This change moves Ceph tasks inside config.yml to ensure that they are
performed during deploy, reconfigure and upgrade. This has been done for
nova, cinder, gnocchi and manila - glance already does this.
Change-Id: Ic75692c2bcba9b81dee922ff6fbbccd160e7fa19
Closes-Bug: #1794275
Various ceph-related tasks were missing a 'become' that would allow them
to work as a non-root user. This seems to only cause a problem after an
initial deployment, perhaps due to the recursive ownership & permissions
changes at the end of the ceph.yml and external_ceph.yml files.
This change adds the necessary becomes.
Change-Id: I887c7b3bdef49db1dd1bf9e5bdbf5dc47b7f41af
Closes-Bug: #1795125
Having all services in one giant haproxy file makes altering
configuration for a service both painful and dangerous. Each service
should be configured with a simple set of variables and rendered with a
single unified template.
Available are two new templates:
* haproxy_single_service_listen.cfg.j2: close to the original style, but
only one service per file
* haproxy_single_service_split.cfg.j2: using the newer haproxy syntax
for separated frontend and backend
For now the default will be the single listen block, for ease of
transition.
Change-Id: I6e237438fbc0aa3c89a3c8bd706a53b74e71904b
Since glance_api only start one container when using file
backend, the haproxy should follow this rule.
See: https://review.openstack.org/#/c/448654
Closes-Bug: #1722422
Change-Id: Id3519581e0f54509dacd24d0dd542c630342c771
Now kolla dev mode only support clone master branch from git,
add version tag to support clone dedicated branch.
Change-Id: I88de238e5dc7461ba0662a3ecea9a2d80fd0db60
With the more recent versions of ansible, we should now use
"is" instead of the "|"
This should update it.
Change-Id: I6fba56fca182349972e8b0ee5452b37aa4090e0c
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Co-Authored-By: confi-surya <singh.surya64mnnit@gmail.com>
Change-Id: Ifd8527d404f1df807ae8196eac2b3849911ddc26
Closes-Bug: #1761907
This commit is to apply resource-constraints only to few OpenStack services.
Commit to apply constraints to other services will be made in coming commits.
Partially-Implements: blueprint resource-constraints
Change-Id: Icafa54baca24d2de64238222a5677b9d8b90e2aa
It is possible to have an accessible swift API that is not managed by
kolla-ansible -- for example, ceph exposes a swift API, and using that
requires setting swift as the glance backend.
So, we should loosen the requirement that using the swift backend for
glance requires swift be enabled in kolla-ansible.
Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Change-Id: I17076d5412d2b1e1f13bb0badceaca85a5cee108
In this patch, the glance-registry service was disabled:
https://review.openstack.org/#/c/566804/
However, the config task still tries to copy files for it, which will
break due to path errors.
Change-Id: If39bb12bf830e6559342037ae2a2b99a784ee503
Adding the capability to configure settings for http_proxy https_proxy
and no_proxy inside glance_api container. This is required when import
images from external http resources behind a proxy.
Co-Authored-By: Paul Bourke <paul.bourke@oracle.com>
Closes-bug: #1775815
Change-Id: I85661f04311d5671adecc84c470f2e4db07cfe1d
Add become to all tasks that use the module "kolla_docker"
Change-Id: I4309c4011687b88ec31d739fd8f834fe2326ff10
Partial-Implements: blueprint ansible-specific-task-become
Currently osprofiler only choose elasticsearch,
which is only supported on x86.
On other platform like aarch64 osprofiler can
not be used since no elasticsearch package.
Enable osprofiler by enable_osprofiler: "yes",
which choose elasticsearch by default.
Choose redis by enable_redis: "yes" & osprofiler_backend: "redis"
On platform without elasticsearch support like aarch64
set enable_elasticsearch: "no"
Change-Id: I68fe7a33e11d28684962fc5d0b3d326e90784d78
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
If SSL is enabled, api of multiple services returns
wrong external URL without https prefix.
Removal of condition for deletion of http header.
Change-Id: I4264e04d0d6b9a3e11ef7dd7add6c5e166cf9fb4
Closes-Bug: #1749155
Closes-Bug: #1717491
- remove uesless module_extra_vars, this is a historical issue. In the
past, we use 'docker exec kolla_toolbox ansible xxx' to run module on
target node, so complex data have to pass through extra_vars. Now we
are using kolla_toolbox module, no need to use extra_vars anymore.
- Remove some useless until.
Change-Id: I72ed28001202917f9a82a1c3ea33cd6319911ec8
This makes it so that the file copied has the same perms
as the other copied files and that become is used so that the
copy works (otherwise it does not).
Change-Id: I22f39ef30760701e174f304de6ff959ff60607ad
This patchset implements yamllint test to all *.yml
files.
Also fixes syntax errors to make jobs to pass.
Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
This is currently using the full path for the destination
which doesn't appear to be what is wanted; instead the
actual file name should be used.
Closes-Bug: 1757532
Change-Id: If85e98097a0d0e0b55d0b2993185c8591e6dd10e
Currently glance has a very simplistic ability to configure
notifications which seems different than nova and neutron which
both allow for selecting the topics used. In order to make glance
work like the others just have glance be configured like the other
projects notifications are being configured.
Change-Id: Ia12993e1b86d040c2705e72b32f93b874fe4adc6
This change makes it so that if preconfigured database users are used,
the attempt to change the log_bin_trust_function_creators mysql
variable isn't made anymore.
Also updated the upgrade docs
Change-Id: I356313952d435de6d3b5444c0dd8a71f45aee452
Closes-Bug: 1748269
- Keystone
- Glance
- Nova
- Cinder
This will copy only yaml or json policy file if they exist.
Change-Id: I4a9415d82322aed68c9b7650bdf346f58fa49e2a
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
through the database_address has beed defined in groups_vars/all.yml, we should
better use it, this way, if we want to use external database, we just need to
redefined in all.yml
refer to https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L83
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
Change-Id: Ie559301451954e16347ceaabf02f594c5c5cbe56
show_multiple_locations is missing for external ceph, and it will
cause tempest run failed.
it means the conditon for show_multiple_locations is
glance_backend_ceph but not enable_ceph, this patch it fix it.
Change-Id: I3c95c3b0a7e34639b376bdfd0205f3930b06e2cd
Closes-Bug: #1741022
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
To fix it we change the default param to True.
'show_image_direct_url' will be overridden.
Currently glance v2 doesn't allow to specify custom
locations for image by default, it returns 403.
Closes-Bug: #1740223
Related to https://review.openstack.org/#/c/279630/2
Change-Id: Ib4dd54c69830ab8f3f9812877b026f81c23c224a
