By default HAProxy send pre-4.1 authentication packets which are cause
warnings on server side. To use modern MySQl authentication mysql-check
configuration have to include post-41 option.
Change-Id: I88609d3a0cc3ce4a10e64ba65230ba4d97f34419
Closes-Bug: 1629911
- Add mistral in HAproxy
- Set mistral api to bind on api_interface
- Fix mistral endpoint
- Add database population on bootstraping
- Add mistral port prechecks
Change-Id: If1617fb9dcd8b3bbd4f94c68ca87c36e39711016
Closes-Bug: #1626570
do_reconfigure.yml is introduced to use serial directive. But we use
it in wrong. Now serial has moved to playbook file. So it is time to
remove the do_reconfigure.yml file
Closes-Bug: #1628152
Change-Id: I8d42d27e6bc302a0e575b0353956eaef9b2ca9fd
Useful for upgrade etc., which is preferablly done serially.
Example usage: tools/kolla-ansible deploy OR tools/kolla-ansible upgrade
Closes-Bug: #1576708
DocImpact
Change-Id: I34b2e16f8ce53e472a4682a4738c4ac0f5abf00c
Manila endpoints (internal and external) should be created in
haproxy configuration just like other services.
Change-Id: I5dbc6ca94a118b9655e1c5a87b0a5163153ab5af
Closes-Bug: #1621556
This ensures that the same client IP address will always reach the same
server as long as no server goes down or up. [0]
Prevents a situation where during Murano package upload - we end up
having zip file on one control node but the import continues on another
and ends up failing.
[0] http://cbonte.github.io/haproxy-dconv/configuration-1.7.html#4-balance
TrivialFix
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Change-Id: I5f90d2757f31e8b24459a585153d5aa7fe6ad90a
Migrate to full variable syntax in with_ loop
instead of bare variables for:
- cinder
- haproxy
- ironic
- magnum
- mistral
- mongodb
- murano
- swift
- watcher
TrivialFix
Change-Id: I3ef2e79053cf609aaa710e43ffd0adbc5a97565b
This changed introduces 4 new parameters to be able to use an existing
elasticsearch service for central logging.
* elasticsearch_address - address of elasticsearch server
* elasticsearch_protocol - protocol (HTTP/HTTPS) used by elasticsearch server
* enable_elasticsearch - deploy elasticsearch container
* enable_kibana - deploy kibana container
Closes-bug: #1584861
Change-Id: Ia1ff9ae8b6d9929c3826da02693d1e2fc9ea2522
Previous work on Watcher added the Docker images, this
change adds the ansible configuration.
There is support for HA, via haproxy to balance across the
Watcher API hosts.
There is also a hook into nova.conf to conditionally add
Nova compute Host metrics via Ceilometer if Watcher is enabled.
This defaults to enabled false.
Change-Id: I8763528bb6ff12943b810212c71396d2d7cf6836
Partial-bug: #1598929
Partially-implements: bp watcher
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
Added pipeline.yaml, event_pipeline.yaml and event_definitions.yaml
based on sample files in OpenStack documentation
Edited haproxy.cfg for ceilometer support
Edited ceilometer-base dockerfile for missing dependency
Change-Id: I6ade05255e7e1aa7dbcffd026fad5869036d0d32
Closes-Bug: #1604004
The forwardfor option cannot be used in certain modes
such as TCP. To resolve that create a special default
section for MariaDB
Change-Id: I743bbbfb732b04f115d1a878a0dfc22e29d2623d
Closes-Bug: #1549746
The Nova EC2 API is disabled by default, the default value
of the enabled_apis parameter in nova.conf is "osapi_compute, metadata"
The EC2 API is marked as deprecated and will be removed from Nova in
the future.
Change-Id: I6b9d66017e066cde5749be45b367194d2192ead3
Closes-bug: #1586605
This change makes each step of the kolla deployment aware
of the port database was configured to listen on.
It defaults mariadb_port to database_port.
Change-Id: I8e85d5732015afc0a5481cb33e0b629fdfa84a1b
Closes-Bug: #1576151
DocImpact
It's impossible to drop root for the HAProxy container.
But HAProxy provides a possibility to use a chroot jail.
When attaching to the HAProxy container, we see that
the root directory is changed:
$ sudo docker exec -ti haproxy bash
(haproxy)[root@operator /]# ls -di /
259 /
Co-Authored-By: Vikram Hosakote <vhosakot@cisco.com>
Closes-Bug: #1552289
Change-Id: I9d55e9b741b8560cac53dc8b837a24a3029a4dc0
Use HAProxy to terminate a TLS connection on port 5601 for the
Kibana dashboard when TLS is enabled for Kolla. x-forwarded-for
and x-forwarded-proto headers are set to give Kibana the info it
needs to write returned URLs.
Change-Id: I03a2dd3a8e2513d38281b30bf4bae6449fec0316
Closes-bug: #1566117
To be kolla deploy multiple clouds, we need to be able to configure
virtual_router_id other wise haproxy will fail setup the VIP for the
second cloud.
Partially-Implements: blueprint multiple-cloud
Closes-Bug: #1564547
Change-Id: I9eb27dd6fba61205841eadafc96601e235d2fe6d
When a node uses two physical interfaces for its two VIPs, these
physical interfaces should be tied together, so both VIPs will
be taken out of scheduling if either one fails. Without this change,
if a request comes into one interface that needs access to the
second interface to process the request, the original request
unnecessarily fails. Repeating this results in a black hole where
a failing server keeps getting new requests.
Change-Id: Ic51e6584c1fbda3eb7821cb47f759c77e562cc65
Closes-Bug: #1550455
haproxy-system-wrapper is a solution for systemd from upstream. it can
handle the reload graceful.
Change-Id: I6a3d141af065e429bd1be1b7252f5c6df1fda3bb
Closes-Bug: #1559238
These values are optional only when the services are not enabled.
If the file does not exist we should not warn, but rather inform.
Ceph-mon is an exception here since its bootstrap process means
the files may or may not exist initially.
TrivialFix
Change-Id: Ic02bece76d480e99deecf612036f37abb5604135
Without this option the vip will always bounce to the highest priority
node that is up. So if you reboot the highest priority node the vip
will fail to the second highest. When the highest priority node
recovers it will claim the vip again leaving you will two fail overs
rather than one.
TrivialFix
Change-Id: I4a3c6c10eee391cdbdd80c44a71a9fafd1069944
haproxy 1.6+ does not allow the formatting that was used for stats
listener. We need to adjust it to the correct syntax
TrivialFix
Change-Id: I5f0111c756d40a0cf7385e6963ebbb57adb36b35
