The documentation states that kolla_internal_vip_address and
kolla_external_vip_address must be different when TLS is enabled.
If this is not true, the deploy will be successful but will not
function correctly. This change adds a precheck to catch this
configuration problem prior to deployment.
Change-Id: I6c9e5fd5f434f7225bd0390aff116fa12da96934
In Docker version 18.01.0-ce, "docker version" command uses the
"\t" to format the result, which will cause the prechecks failed.
There is a workaround that using "docker --version" command
instead of "docker version" can get everything running.
Also, using "docker --version" to check the version of docker is
more specific and effective.
backport: pike ocata
Change-Id: Ie5efe1888afc3be11441a88d627db62e1575f3ed
Closes-Bug: #1742869
The 'name service caching daemon (nscd)' seems to effectively disable
Docker's user namespace when '/run' is bind mounted. This can cause
issues with Kolla containers that use this mount, if the uid the
container runs as exists on the system, they clash and container will
either fail to start, have sudo issues, etc.
Change-Id: I9ac6bdb193f1520d025251d3abfa761700481cc9
Closes-Bug: #1723934
In a HAProxy precheck task, the command module is used, and the results
inspected by checking the stdout attribute of the result. However, if
the command fails (non-zero exit code), in some cases there may not be a
stdout attribute in the result object. This causes an AttributeError and
prevents ansible's useful diagnostic output from being displayed.
Change-Id: Id502b5d0b71fe2150a29df43154c925dca96ef06
Trivial Fix
In order to speed up deployment time some "local" actions should be run
only once using 'run_once: True'.
This will decrease deployment time in case of multihost configuration.
Change-Id: I6015d772d35c15e96c52f577013b6e41197cb41a
This changes only evaluates baremetal host group
to look for docker versions.
Change-Id: I64a7314b332958d003f88a00aa73ba79a760a051
Closes-Bug: #1700986
* Move the tasks to the role
* Skip the task when container is already running
Change-Id: I1990d4dd2a02efa2b3766329000aa23419e0ff17
Closes-Bug: #1670286
Check enable_* variables first, then check inventory_host in
group, will help to avoid configuration errors.
Change-Id: Icdb1f50e5c911203b92ac431723620756b15f3c6
Closes-Bug: #1648376
Set a default for CONFIG_DIR in service_checks to more easily allow
consumers not using the kolla-ansible tool to run the prechecks.
Change-Id: I78bc5dd6f37e6a60ecc6a86d43e56b05803a4fd5
Closes-Bug: #1629893
command fails since it is a compound command. Changed to a single awk
command instead.
Closes-Bug: #1629206
Change-Id: Id7963b15c3321eca6f891a625b1ba140dc57aa22
Add a service check for Cinder when using iscsi/LVM, that the
appropriate volume group exists.
TrivialFix
Change-Id: I54e01911709db73549334760498b4246fe6271d7
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Currently when set enable_ceilometer: true and enable_mongodb: no,
the deploy will fail with ceilometer database creating error.
Add a precheck to avoid this situation in both prechecks and bootstrap.
Change-Id: I2d46ef9adeb8e028f3c18e6bc2d3752cc39bcb29
Closes-bug: #1605522
New option enable_neutron_agent_ha added to enable/disable dhcp/l3 agent
high availability, dhcp_agents_per_network is default to 2 and it's
configurable.
Implement blueprint: support-network-ha
Change-Id: Id4742aa67c80584634b923195545bf2b654172f3
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
a round-robbin style. This ensures that any node failures will not
stop the keys from rotating. This is configured by a desired token
expiration time which then determines the cron scheduling for each
node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
starts it will run sanity checks to ensure that its fernet tokens
are not stale. If they are it will rsync with other nodes to ensure
its tokens are up to date.
The Docker component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
Check MountFlags option with systemd rather than with
configuration files which can be overriden with
different ones.
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Ifa4ce62372af3fe75a66b45c8e7cf9ac9f9c2415
Closes-Bug: #1571281
going to merge Swapnil's patch instead of this patch as it relies on real system output rather then looking in files on the filesystem which differ between distributions.
This reverts commit 5c5e903973a9db4541196fbe9fcb99ce66c5cfa4.
Change-Id: I3e474620c90c1f7b2f5e16106f2c18b2058e169c
check "/etc/systemd/system/docker.service" instead of
"/lib/systemd/system/docker.service" in ubuntu.
In Ubuntu,
the settings in "/etc/systemd/system/docker.service"
will overwrite the settings in "/lib/systemd/system/docker.service"
Change-Id: Idd5b99643b4fb9a4800f5d450e9aaeb22210aa8b
Closes-Bug: #1569644
This patch set makes "kolla-ansible prechecks" flag an error if
any password is empty in /etc/kolla/passwords.yml.
Change-Id: I87dee25b79c97be64ca49a5638c7f5a30d4cf464
Closes-Bug: #1563506
In order to avoid the neutron-dhcp-agent container from
failing, you need to change 'MountFlags' to 'shared' in
/var/lib/systemd/system/docker.serivce. Add a precheck
so that this issue will not happen as often.
Closes-bug: #1546681
Change-Id: I339b5e93e870534fe16c6610f299ca789e5ada62
Remove the docker max version check since we are not pinning
docker version any more.
Partially-Implements: blueprint precheck-tasks
Change-Id: Icfa10e72c56092931aae016afaeed4c6ce8cb337
This playbook runs on hosts before deployment to be sure we don't
have any conflicting services running and systems are in expected
state.
DocImpact
Change-Id: If5f288b7fbdf269697ca834da4eb969b61683ca0
Partially-implements: blueprint precheck-tasks