Recently a feature was merged to support pulling in multiple
configuration files from a globals.d directory. However, if this
directory does not exist, we get the following error when executing
kolla-ansible:
find: '/etc/kolla/globals.d': No such file or directory
This change addresses this by redirecting find command stderr to
/dev/null.
TrivialFix
Change-Id: Ie5aa511a5ebf3355817a7c3bb65b09ac5dcf2b67
The etcd service protocol is currently configured with internal_protocol.
The etcd service is not load balanced by a HAProxy container, so
there is no proxy layer to do TLS termination when internal_protocol
is configured to be "https".
Until the etcd service is configured to deploy with native TLS
termination, the etcd uses should be independent of
internal_protocol, and "http" by default.
Change-Id: I730c02331514244e44004aa06e9399c01264c65d
Closes-Bug: 1884137
Currently openvswitch sets system-id based on inventory_hostname, but when
Ansible inventory contains ip addresses - then it will only take first ip
octet - resulting in multiple OVN chassis being named i.e. "10".
Then Neutron and OVN have problems functioning, because a chassis named "10"
will be created and deleted multiple times per second - this ends up in
ovsdb and neutron-server processes using up to 100% CPU.
Adding openvswitch role to ovn CI job triggers.
Change-Id: Id22eb3e74867230da02543abd93234a5fb12b31d
Closes-Bug: #1884734
Currently, if internal TLS communication is enabled, Kibana to
Elasticsearch communication is unverified. This is because we set
elasticsearch.ssl.verificationMode to 'none' by default (via
kibana_elasticsearch_ssl_verify). This is poor a security
posture.
This change changes the default value of
'kibana_elasticsearch_ssl_verify' to 'true'.
Change-Id: Ie4fa8e3a60d69cf5c4bdd975030c92be8113ffb1
Closes-Bug: #1885110
Currently there is no way to configure a CA certificate bundle file for
fluentd to Elasticsearch communication. This change adds a new variable,
'fluentd_elasticsearch_cacert' with a default value set to the value of
'openstack_cacert.
Closes-Bug: #1885109
Change-Id: I5bbf55a4dd4ccce9fa2635cee720139c088268e3
Change openvswitch & neutron-openvswitch-agent to deploy only
with manila generic backend - which uses ovs-vsctl functionality
when configuring share servers.
Change-Id: I124108cda62b38ea498612ff9ddb07d6122a330c
Closes-Bug: #1884939
Magnum, Cinder and Octavia clients in Magnum now use endpoint_type of
internalURL by default consistent with other clients also used by the
conductor. Additionally, they also use the globally defined
`openstack_region_name` for region_name.
Closes-Bug: #1885096
Change-Id: Ibec511013760cc4f681a2ec1b769b532be3daf2d
when enable kolla_dev_mod, nova-cell role clones code failed,
because we use nova-cell repository which is not exists.
in fact, nova-cell role should use nova repository too
Change-Id: I7fa62726d0d5b0aeb3bd5fa06dc0e59667f94fa0
Added a spec file for this blueprint.
Changed the kolla-ansible script to accept more than one
globals.yml file. That will still be the main one but operators
will be able to create more, under the /etc/kolla/globals.d
directory.
Also added some paragraphs in the quickstart documentation
about this.
Finally, Adding a release note
Change-Id: I34eb91d0e2ed80694594b8fc6801cf8ad77da754
Implements: blueprint multiple-globals-files
I9b6bf5b6690f4b4b3445e7d15a40e45dd42d2e84 was updated to use the original
config file name during review, but the config file was not renamed
accordingly. The result is that an empty config file is written out.
TrivialFix
Change-Id: I5d0384b38ddb38133e5e11df85d8cf76f4044a64
