29 Commits

Author SHA1 Message Date
Mark Giles
a4906506db Verify external VIP set when TLS enabled.
The documentation states that kolla_internal_vip_address and
kolla_external_vip_address must be different when TLS is enabled.
If this is not true, the deploy will be successful but will not
function correctly.  This change adds a precheck to catch this
configuration problem prior to deployment.

Change-Id: I6c9e5fd5f434f7225bd0390aff116fa12da96934
2018-03-28 11:29:41 -04:00
Zuul
e720e10fee Merge "Fix the Prechecks failed while checking docker version" 2018-02-14 14:13:38 +00:00
chenxing
d1ddeddb67 Fix the Prechecks failed while checking docker version
In Docker version 18.01.0-ce, "docker version" command uses the
"\t" to format the result, which will cause the prechecks failed.
There is a workaround that using "docker --version" command
instead of "docker version" can get everything running.
Also, using "docker --version" to check the version of docker is
more specific and effective.

backport: pike ocata

Change-Id: Ie5efe1888afc3be11441a88d627db62e1575f3ed
Closes-Bug: #1742869
2018-01-22 16:58:48 +08:00
Paul Bourke
8a2048906d Add a precheck to ensure nscd is not running
The 'name service caching daemon (nscd)' seems to effectively disable
Docker's user namespace when '/run' is bind mounted. This can cause
issues with Kolla containers that use this mount, if the uid the
container runs as exists on the system, they clash and container will
either fail to start, have sudo issues, etc.

Change-Id: I9ac6bdb193f1520d025251d3abfa761700481cc9
Closes-Bug: #1723934
2018-01-15 17:47:27 +00:00
Mark Goddard
be4568334c Fix failure handling in prechecks
In a HAProxy precheck task, the command module is used, and the results
inspected by checking the stdout attribute of the result. However, if
the command fails (non-zero exit code), in some cases there may not be a
stdout attribute in the result object. This causes an AttributeError and
prevents ansible's useful diagnostic output from being displayed.

Change-Id: Id502b5d0b71fe2150a29df43154c925dca96ef06
Trivial Fix
2017-12-14 14:05:39 +00:00
Jenkins
641a7f2790 Merge "Fix prechecks fail with docker not in deployment host" 2017-09-20 16:33:43 +00:00
Bertrand Lallau
a9113fc466 Avoid launching "local" actions too many times
In order to speed up deployment time some "local" actions should be run
only once using 'run_once: True'.
This will decrease deployment time in case of multihost configuration.

Change-Id: I6015d772d35c15e96c52f577013b6e41197cb41a
2017-07-05 15:55:39 +02:00
Eduardo Gonzalez
3b7ab63a19 Fix prechecks fail with docker not in deployment host
This changes only evaluates baremetal host group
to look for docker versions.

Change-Id: I64a7314b332958d003f88a00aa73ba79a760a051
Closes-Bug: #1700986
2017-06-29 09:18:33 +01:00
Jeffrey Zhang
47762d4850 Fix the failure when running precheck after deploy
* Move the tasks to the role
* Skip the task when container is already running

Change-Id: I1990d4dd2a02efa2b3766329000aa23419e0ff17
Closes-Bug: #1670286
2017-03-07 06:57:16 +00:00
Ethan Lynn
e237319965 Always check enable_* variables first
Check enable_* variables first, then check inventory_host in
group, will help to avoid configuration errors.

Change-Id: Icdb1f50e5c911203b92ac431723620756b15f3c6
Closes-Bug: #1648376
2016-12-08 17:59:48 +08:00
Paul Bourke
43517f48f5 Make service_checks easier to run independently of kolla-ansible
Set a default for CONFIG_DIR in service_checks to more easily allow
consumers not using the kolla-ansible tool to run the prechecks.

Change-Id: I78bc5dd6f37e6a60ecc6a86d43e56b05803a4fd5
Closes-Bug: #1629893
2016-11-16 12:24:18 +00:00
bjolo
ffa6c118e4 fixed kestone fernet prechecks for multinode deployments
command fails since it is a compound command. Changed to a single awk
command instead.

Closes-Bug: #1629206

Change-Id: Id7963b15c3321eca6f891a625b1ba140dc57aa22
2016-10-03 10:14:04 +00:00
bjolo
c28a0cff7e run_once Checking mongodb backend for ceilometer
TrivialFix

Change-Id: I54151df7f869e0a7915ce6361eda8dfefe5d1870
2016-09-19 21:07:44 +02:00
bjolo
10bfda6240 Checking valid fernet expiry only need to run once
TrivialFix

Change-Id: I4e84ac4e51a976ad132aa78b175855bed1d4bb20
2016-09-19 15:21:57 +00:00
Paul Bourke
233090300e Check volume group exists for Cinder in prechecks
Add a service check for Cinder when using iscsi/LVM, that the
appropriate volume group exists.

TrivialFix

Change-Id: I54e01911709db73549334760498b4246fe6271d7
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
2016-09-13 16:39:56 +01:00
Paul Bourke
82f6d3f44b Allow mysql to be used as a database for Ceilometer
MongoDB is still default.

Refer to
http://docs.openstack.org/developer/ceilometer/install/dbreco.html for
more info on Ceilometer database backends.

Closes-Bug: #1622532

Change-Id: Iaf84f9efe0537f42797f4bb7ba2a3611835cc84e
2016-09-12 11:41:35 +00:00
liyingjun
c6dd71411a Add precheck for ceilometer backend
Currently when set enable_ceilometer: true and enable_mongodb: no,
the deploy will fail with ceilometer database creating error.
Add a precheck to avoid this situation in both prechecks and bootstrap.

Change-Id: I2d46ef9adeb8e028f3c18e6bc2d3752cc39bcb29
Closes-bug: #1605522
2016-09-01 23:23:28 +08:00
liyingjun
c5668bd50a Add option to support dhcp/l3 agent ha
New option enable_neutron_agent_ha added to enable/disable dhcp/l3 agent
high availability, dhcp_agents_per_network is default to 2 and it's
configurable.

Implement blueprint: support-network-ha

Change-Id: Id4742aa67c80584634b923195545bf2b654172f3
2016-08-31 16:31:07 +08:00
Shaun Smekel
1c68ae389b Add full support for fernet
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.

- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
  the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
  This will handle key rotations through keystone-manage and trigger
  an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
  a round-robbin style. This ensures that any node failures will not
  stop the keys from rotating. This is configured by a desired token
  expiration time which then determines the cron scheduling for each
  node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
  starts it will run sanity checks to ensure that its fernet tokens
  are not stale. If they are it will rsync with other nodes to ensure
  its tokens are up to date.

The Docker component is implemented in:
  https://review.openstack.org/#/c/349366

Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
2016-08-25 20:08:22 +10:00
Sean Mooney
3e8f9986d1 add baremetal role to install kolla deps.
Change-Id: Ie70db1b18a73528b1194e4fbcf53d09fed20f4a0
Implements: blueprint kolla-host
2016-08-10 16:03:08 +00:00
Swapnil Kulkarni (coolsvap)
47894bb05f Remove check for config files to verify MountFlags
Check MountFlags option with systemd rather than with
configuration files which can be overriden with
different ones.

Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Ifa4ce62372af3fe75a66b45c8e7cf9ac9f9c2415
Closes-Bug: #1571281
2016-04-20 10:15:34 +05:30
Steven Dake
3238373ab7 Revert "check /e/s/s/docker.service in ubuntu"
going to merge Swapnil's patch instead of this patch as it relies on real system output rather then looking in files on the filesystem which differ between distributions.

This reverts commit 5c5e903973a9db4541196fbe9fcb99ce66c5cfa4.

Change-Id: I3e474620c90c1f7b2f5e16106f2c18b2058e169c
2016-04-20 03:24:15 +00:00
Kuo-tung Kao
5c5e903973 check /e/s/s/docker.service in ubuntu
check "/etc/systemd/system/docker.service" instead of
"/lib/systemd/system/docker.service" in ubuntu.

In Ubuntu,
the settings in "/etc/systemd/system/docker.service"
will overwrite the settings in "/lib/systemd/system/docker.service"

Change-Id: Idd5b99643b4fb9a4800f5d450e9aaeb22210aa8b
Closes-Bug: #1569644
2016-04-13 10:30:47 +08:00
Vikram Hosakote
8595707a25 Check empty passwords in $CONFIG_DIR/passwords.yml
Co-Authored-By: Carlos Cesario <carloscesario@gmail.com>

Change-Id: Ic2ea835cf38be64a590d3f6b022683081aeb363b
Closes-Bug: #1566150
2016-04-05 04:48:35 +00:00
Vikram Hosakote
c7e261c8c2 Check empty passwords in /etc/kolla/passwords.yml in prechecks
This patch set makes "kolla-ansible prechecks" flag an error if
any password is empty in /etc/kolla/passwords.yml.

Change-Id: I87dee25b79c97be64ca49a5638c7f5a30d4cf464
Closes-Bug: #1563506
2016-04-04 04:56:24 +00:00
Jeffrey Zhang
d7495b1d39 Fix the prechecks role idempotent
the prechecks role should be idempotent and should changed nothing when
running.

TrivialFix

Change-Id: Ib5063d879e0f5f414d607bd9b6493a7499fc5652
2016-03-21 00:10:15 +08:00
Ryan Hallisey
9438b2bf56 Add a precheck for MountFlags=shared
In order to avoid the neutron-dhcp-agent container from
failing, you need to change 'MountFlags' to 'shared' in
/var/lib/systemd/system/docker.serivce.  Add a precheck
so that this issue will not happen as often.

Closes-bug: #1546681
Change-Id: I339b5e93e870534fe16c6610f299ca789e5ada62
2016-02-22 04:06:07 -05:00
Allen Gao
7609cc2428 prechecks: remove the docker max version check
Remove the docker max version check since we are not pinning
docker version any more.

Partially-Implements: blueprint precheck-tasks
Change-Id: Icfa10e72c56092931aae016afaeed4c6ce8cb337
2016-01-20 06:43:25 +00:00
Vladislav Belogrudov
3bd4c2a607 Add playbook for hosts pre-deployment checks (ports, files)
This playbook runs on hosts before deployment to be sure we don't
have any conflicting services running and systems are in expected
state.

DocImpact

Change-Id: If5f288b7fbdf269697ca834da4eb969b61683ca0
Partially-implements: blueprint precheck-tasks
2015-11-13 16:35:33 +03:00