HAProxy: change to use option forwardfor to pass origin IP address
to backend via X-Forwarded-For header
Keystone: Apache does the audit logs for keystone. Change the
LogFormat to display the passed address instead of the connection
address which is that of the load balancer.
Nova, Cinder, Glance: these services can make use of the address
passed in X-Forwarded-For. With this setting the API logs for
these services include the client IP address.
Change-Id: Ia861ecc11a7c7d463d0366586926d1a842853f69
Closes-Bug: #1548935
This bootstrap was non-idempotent. This patch follows the style
first implemented with nova to make this idempotent.
TrivialFix
Change-Id: Id04e59c5274a7d8a5bffd3ce018f3bbb84839d75
Swift uses Syslog, but it uses a custom log format. So this commit
adds a specific Heka decoder for Swift.
It also increases the log level from "warning" to "info" to make
Swift more verbose. Note that "info" is the default log level in
Swift.
And it disables the Heka configuration for Swift when "enable_swift"
is set to "no". This prevents Heka from creating 15 empty Swift log
files in the logs volume.
Partially implements: blueprint heka
Change-Id: If7a7d0707e71be2957178e2d45b5de51b788232e
The Ansible logs are currently not collected by Heka. This can be
done later, with an Ansible-specific decoder for Heka.
Partially implements: blueprint heka
Change-Id: I8d3ba4edb527f61c0a8234024b4be953c6e6c565
This one is simple, simply start the services with new images!
Change-Id: Ia29cfa136856e8413dac1edee38a55d9f5a45c3e
Partially-Implements: blueprint upgrade-kolla
The extend_start.sh script for rsyslog is removed as it is no longer
needed. Docker no longer binds to /dev/log or /run/kolla/log
Closes-Bug: #1544545
Change-Id: Ic0a323a26ee4e9e15baf4598285844a8a4955f23
To allow for TLS to protect the service endpoints, the protocol
in the URLs for the endpoints will be either http or https.
This patch removes the hardcoded values of http and replaces them
with variables that can be adjusted accordingly in future patches.
Change-Id: Ibca6f8aac09c65115d1ac9957410e7f81ac7671e
Partially-implements: blueprint ssl-kolla
Docker 1.10 has broken the gate and this patch will correct that
breakage.
The issue comes with rsyslog. Due to a commit in Docker 1.10 [1] we
must change the way we get the log socket for rsyslog. The /dev/
folder will no longer populate as we used it. So instead we simply
make a new socket in a path we control and share that to the correct
location in the containers.
Additionally, adjust the gate for new Docker daemon.
[1] https://github.com/docker/docker/pull/16639
Partially-Implements: blueprint kolla-upgrade
Change-Id: I881a2ecdf6d7b35991e1d38a3f3e60d022d6577f
This change is needed for clarity. We have a kolla-ansible script.
We have a kolla-mesos repo. We plan to have a kolla-ansible repo.
Already we have had far too much confusion about whether we are
talking about the container or the project. Naming this kolla-toolbox
eliminates all of that confusion and its probably a bit more accurate
of a name too.
Closes-Bug: #1541053
Change-Id: I8fd1f49d5a22b36ede5b10f46b9fe02ddda9007e
After introduction of pull action and turing every main.yml into
{{action}}.yml we lost ability to perform upgrade
Change-Id: Ie9fa2cd083b061033abc733fba53d54f9c55e393
Fixes-Bug: #1538210
By default, if the same role is called in ansible it will only run
once per node. Due to how we have the inventory setup ansible views
every service as a different node and will try to run the common role
tasks again. This causes slowdown in all cases but is particularly
noticable when pulling images. A small change will ensure these tasks
only run once per node per run as originally intended.
TrivialFix
Change-Id: I20b9c46991d10176c8f8645a335eb7a9ed750ee3
This intentionally leaves out rabbitmq from this patchset. It will
require additional work to remove its data container
UpgradeImpact
Partially-Implements: blueprint docker-named-volumes
Change-Id: Id68b8e43a3c077ef4f4f4d67ea34d0692e66eef7
Throughout the project overtime some of these file permissions have
changed to have an executable bit. They should not have this bit set.
TrivialFix
Change-Id: I1748b5bde813a0fcac36aeecdfd83245b8ee5be3
The CMD command for data causes docker to launch it with /bin/sh which
is ugly when viewing the containers statuses. Additionally for
kolla_ansible we were not specifying the CMD at all, forcing us to use
the 'command' param to set the sleep command.
This patch brings the kolla_ansible launch inline with the rest of the
project.
TrivialFix
Change-Id: Ic87a89921674802c15596756526e07f52a782f32
Convert config creation from a playbook to an action_plugin. This
reduces the complexity and confusion while retaining the same augment
structure and flexibility.
This allows us to remove the 0-byte files as requirements. They will
still be used if they are present (this means we require additional
documentation around them).
DocImpact
Closes-Bug: #1528430
Change-Id: I2c789f6be9f195c7771ca093a6d59499564b4740
sudo requires a tty to function by default on centos. Instead of
tweaking the sudo conf we can just add a tty. This has the added
advantage of making the containers more friendly if you have to
`docker exec -i <container> bash` into them.
Change-Id: If97a02ca1d37c243a787d98ade54bde8d641aecd
backport: liberty
Partially-Implements: blueprint functional-testing-gate
Ansible 1.9.2 contains the fix needed for docker-py >1.2.0
This is needed for some gate reasons, but it is also a good version
bump because it fixes a few issues with delegate_to.
Change-Id: Iafbabb3b0232620849d0548c5cd9d8d316c2b0f3
backport: liberty
Partially-Implements: blueprint functional-testing-gate
