This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends
This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note
Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185
When deploying with tls enabled in public
endpoints, ansible modules fails due SSL certificates
are self-signed.
This change adds a new variable to allow customization
on which endpoints ansible should connect.
Defaults to admin because admin auth parameters defaults
to admin endpoint.
Change-Id: Ic3ed58cf9c9579cae08a11bbfe6fce983b5a9cbc
Closes-Bug: #1720995
Actually Openstack services configuration can be overriden using many
files:
- /etc/kolla/config/<< service name >>/<< config file >>
- /etc/kolla/config/<< service name >>/<<host>>/<< config file >>
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
Only per-service configuration is actually documented here:
https://github.com/openstack/kolla-ansible/blob/master/doc/advanced-configuration.rst#L164
Allowing to globally modify service configuration can be perform too,
but it can be done in 3 different manners, all not documented:
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
database.conf and messaging.conf seems redundant with global.conf.
In order to simplify codebase it seems logical to remove them.
Documentation has been added for overriding configuration globally and
release note has been added too.
Closes-Bug: #1682479
Change-Id: I5d922dfc0d938173bad34ac64e490b78db1b7e31
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
According to [1], Ansible variable names should not include hyphens.
Kolla-Ansible fails with a wrong variable name 'barbican-api' when
deploying Barbican.
This patch fixes the issue that was recently introduced in [2].
[1] http://docs.ansible.com/ansible/playbooks_variables.html#id15
[2] 08ab3d8e739fc5b499a4cb565cdbcccd6e1c97a1
Change-Id: Ib962e31ad93316e56130c9fc38dabfc918de17ce
Closes-Bug: #1703287
In order to speed up deployment time some "local" actions should be run
only once using 'run_once: True'.
This will decrease deployment time in case of multihost configuration.
Change-Id: I6015d772d35c15e96c52f577013b6e41197cb41a
Kolla-ansible actually bring it's own barbican-api-paste.ini file to
enable Keystone authentication, in order to fix this
https://bugs.launchpad.net/kolla/+bug/1625337
auth_token middleware is actually managed by Barbican.
Furthermore barbican-api-paste.ini brings by Kolla-ansible is outdated:
* http_proxy_to_wsgi middleware is missing
Hence this file should not be managed statically by kolla-ansible.
This patch keep custom paste file feature. Just put the file to
/etc/kolla/config/barbican/barbican-api.ini path.
Change-Id: Ia50237f7df7f89526a976575b017145c71b11ec0
Closes-bug: #1695026
When using the simple_crypto plugin, barbican expects the
[simple_crypto_plugin] kek config value to be a base64-encoded 32 byte
value. However, kolla-ansible is providing a standard autogenerated
password.
There are two relevant variables in kolla-ansible -
barbican_crypto_password (a standard password) and barbican_crypto_key
(a HMAC-SHA256 key). There is no use of barbican_crypto_key other than
when it is generated. barbican_crypto_password is used to set the
[simple_crypto_plugin] kek config value but causes an error when the
simple_crypto plugin is used as the value is not in the expected format.
Using barbican_crypto_key instead resolves the error. Clearly there is a
naming issue here and we should be using barbican_crypto_key instead of
barbican_crypto_password.
This change removes the barbican_crypto_password variable and uses
barbican_crypto_key instead.
Change-Id: I63e2b381c260265e5901ee88ca0a649d96952bda
Closes-Bug: #1699014
Related-Bug: #1683216
Co-Authored-By: Stig Telfer <stig@stackhpc.com>
Ansible task support vars directive, no need implement another one in
merge_config. This patch remove the vars directive in merge_config
action plugin.
Change-Id: I33648a2b6e39b4d49ce76eb66fbf2522721f8c68
In case Kolla's users want to deploy with both of
binary and source image, we should have a variable
install type that define install type for each project.
We also add specific image tag for each Openstack project.
This commit is implemented for Aodh, Barbican and Bifrost projects.
Change-Id: I926c9631c860b527941c40addc68896dd27bd1cc
Implements: blueprint mixing-binary-and-source-image
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
The default roles used by Barbican are missing.
According to the policy.json the Key Manager
comes with, four roles have to be defined.
Change-Id: I8882c2cf328b62e68797e383b26908540d669629
Closes-Bug: #1657742
Usernames can be configured with variables in
configuration files, but user creation is hardcoded.
Change-Id: I057cfb921d776217db66f59226dcfa79f3eb7368
Closes-Bug: #1661587
The barbican service should use the external fqdn as value for the
host_href parameter. Typically this is the endpoint that clients
would use to connect to barbican from outside.
Change-Id: I075acb6335354a61f935d57a7b84f0f92978c9bd
Closes-Bug: #1660282
Currently, policy.json is put in
"{{ node_config_directory }}/{{ service_name }}"
in target nodes.
Relocation policy.json to "{{ node_config_directory }}/{{ item }}"
with item is corresponding service compoment config directory.
Currently, the policy.json is copied to all services, but it
should be reviewed and left only in neccesary service
(at many cases, only API service needs that).
Redundant files will be removed in follow up patchset.
Change-Id: I0e997dccf4ec438c9c0436db71ec2fd06650f50d
Closes-Bug: #1639686
PyMySQL is prefered to PythonMySQL for Sqlalchemy, as it provides
python3 support and is actively maintained, and is therefore the
currently recommended lib for db connections.
* https://wiki.openstack.org/wiki/PyMySQL_evaluation
Kolla currently uses PyMySQL for all connections bar Barbican
(which works fine with PyMySQL): once this commit is merged it will
be possible to remove the PythonMySQL libs, and mysql libs for kolla
images (except kolla-toolbox).
TrivialFix
Change-Id: Id256387134ca551a181c5e49c9b6d63f62b72523
This fixes a race condition when starting barbican processes,
as by default they attempt to manage the db schema on startup.
TrivialFix
Change-Id: Ic168211880709a3279511ce519756e4cbdd57fe8
Allow operators to use their custom policy files.
Avoid maintain policy files in kolla repos, only copying
the files when an operator add their custom config.
Implements: blueprint custom-policies
Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862
