2169 Commits

Author SHA1 Message Date
Steven Dake
bd9e8c22d7 drop root for glance
This uses the grouping feature of sudo to limit the amount of times
the base sudo file has to be modified to only once.  The container
contents always runs as the user root, except the software which is
controlled by Kolla.  This software may run as root, but it has
undergone a security audit and preserves permissions of the correct
files and does not permit the glance user to write any of the
set_config.py control files.

Change-Id: Ie3cd23edcde5b408a8f66970456279a1b15028e0
Partially-Implements: blueprint drop-root
2015-11-09 11:00:29 -05:00
Steven Dake
6cf5928ff1 Base image changes for drop-root
The reason we are doing drop root is so that a network exposed
software component (i.e. glance) cannot be used to affect the
immutability of the container which it runs in.  I have tried
several different approaches and this is the only approach which
puts glance in PID=1 while ensuring no files may be written by
the glance process in the container image except for the log files.

Change-Id: Ifd3c8c361b78d0e4791dade3afa6435290407c41
Partially-Implements: blueprint drop-root
2015-11-09 11:00:26 -05:00
Jenkins
44b5a8867e Merge "Finish implementation of spice" 2015-11-06 21:57:08 +00:00
David Moreau Simard
4a1db7a08d Switch to RDO untested master repository
RDO does not yet provide a CI tested Mitaka repository.
As such, the current-passed-ci repository is the last tested
repository before the stable/liberty branch was cut.

To be able to test against the latest packages, we need to
use the untested repositories until the CI tested repository
is in place.

TrivialFix

Change-Id: I4a125eb3c84fa790746a9a8eca19e4fb2d9ecf38
2015-11-06 12:30:18 -05:00
Jenkins
c2191b101f Merge "Make RHEL build properly" 2015-11-06 15:55:43 +00:00
Jenkins
b178ed2021 Merge "Few improvements in Kolla tools. Added Ubuntu support." 2015-11-06 12:22:35 +00:00
Kirill Proskurin
396014f8d1 Few improvements in Kolla tools. Added Ubuntu support.
pip install default prefix in Ubuntu is /usr/local, and Kolla tools scripts
didnt respect that. So I added few OS checks in this scripts.

I improve config path check in build.py. Added more verbose error if we can't
find config directory.

Change-Id: Ide521ed205b0dc1fc27e237a9a8f4da0168e664f
Closes-Bug: #1512302
2015-11-06 14:03:30 +03:00
Jenkins
a5c242f8d4 Merge "Update Centos7 docker commands" 2015-11-06 11:03:17 +00:00
Britt Houser
3733326fac Update Centos7 docker commands
The commands around installing docker on Centos7
in the quickstart guide needed a little tweaking
and a little spell checking.

Change-Id: Ia0367900ab9792a096f753d5fd943ffab0a005a4
2015-11-06 05:24:37 -05:00
Jenkins
886ebf63fd Merge "Add new gate for multinode" 2015-11-06 07:52:12 +00:00
Jenkins
e3eedfa168 Merge "Use the absoluate path" 2015-11-06 07:43:39 +00:00
Steven Dake
5eb15d2e4a Make RHEL build properly
build.py -b rhel -t [rdo|rhos|source|binary]

The last patch for this didn't quite fix the problem properly as
it only permitted RHOS builds.

backport: liberty

Change-Id: I27eed202560adce450c07d043cc224e7a6c6bbf6
Closes-Bug: #1513088
2015-11-06 02:33:21 -05:00
Jenkins
285d2db328 Merge "Add additional ntp information around ceph" 2015-11-06 07:28:09 +00:00
Jenkins
74d8c2d8b2 Merge "Remove mysql-devel cruft" 2015-11-06 07:24:42 +00:00
Jeffrey Zhang
27c3f6ff48 Use the absoluate path
Use the absoluate path rather than that with `..`. This will be
helpfull for end-user to see where is the folder/file.

Closes-Bug: #1513726
Change-Id: I7169952d874ddf14469605444044de0163b033d3
2015-11-06 15:10:41 +08:00
Martin André
2405110f3d Remove mysql-devel cruft
This was conflicting with Percona-Server-devel-55 and broke centos
source build for openstack-base image.

Backport: Liberty
Change-Id: Ia2bb2106038e8e2eadb6668f4ae1ad1d95710c09
Closes-Bug: #1513711
2015-11-06 15:07:55 +09:00
lin-hua-cheng
9d797017a1 fix typo in README.rst
Change-Id: I81d80c3bdb401a044d42abb568c35117f6ead51a
2015-11-05 21:47:33 -08:00
Sam Yaple
99932d650d Finish implementation of spice
Due bad rebases there is a huge section of the spice patch missing
from the implementation unfortunately. This patch finishes the rest
of this patch out properly.

Change-Id: I693c6745e9594fd91eb6453f6de9dfcbd410e89c
Paritally-Implements: blueprint nova-proxies
2015-11-06 03:48:07 +00:00
Jenkins
037bdca42d Merge "bootstrap takes place on the wrong node" 2015-11-06 03:32:36 +00:00
Jenkins
58a9759b84 Merge "Allow disabling of sysctl values" 2015-11-06 03:31:22 +00:00
Sam Yaple
4334c2adb9 Add new gate for multinode
Change-Id: I3e05e2d5c739794ae6ff0cc375dc6226f81bb542
Paritially-Implements: blueprint multinode-gate
2015-11-06 00:46:44 +00:00
Jenkins
2b02001e34 Merge "Remove vip for rabbitmq" 2015-11-05 23:49:09 +00:00
Jenkins
903de29919 Merge "Use kolla_internal_address in the example rc file" 2015-11-05 23:19:53 +00:00
David Moreau Simard
e8ac89b3d3 Fix documentation links in the README
- Remove ansible-deployment documentation link, it was moved
  to quickstart.
- Link to rendered documentation on docs.openstack.org instead

Change-Id: Ib97cfa23e7932c1d7012d1b36a26f32914431790
Closes-Bug: #1513582
2015-11-05 13:46:49 -05:00
Sam Yaple
e2bc9dcf79 bootstrap takes place on the wrong node
The bootstrap must occur on the nova-api node due to binding in the
nova-api directory (same goes for all other services)

Closes-Bug: #1513439
Backport: Liberty
Change-Id: Iab88b49712828085e4d7e7f85e6d8f0b7999a9bf
2015-11-05 16:30:44 +00:00
Sam Yaple
1efdf4574d Allow disabling of sysctl values
The main reason for this change is to allow the DinD stuff to work. It
has limited use outside of that use case, but it may still be useful
to others in the future.

Change-Id: Ib3a4639cfb3fc0d378d33fc8b9ff8eb597f818ab
Partially-Implements: blueprint multinode-gate
2015-11-05 16:29:25 +00:00
Sam Yaple
347730cec8 Remove vip for rabbitmq
Adjust all the configs to list all the rabbitmq hosts rather than
running rabbitmq through the VIP. This is made possible by clusterer
which has already merged.

Change-Id: I5db48f5f10ec68f4c8863a29bc13984f6845a4f9
Partially-Implements: blueprint rabbitmq-clusterer
2015-11-05 15:43:20 +00:00
David Moreau Simard
325bbde83d Update kollaglue docker repository URL
The URL scheme has changed and the link was broken.

Change-Id: Id5e293d6addf1a70b3af51129b66e1a406628f59
2015-11-05 10:36:41 -05:00
Jenkins
41f77da4db Merge "Clean up keystone httpd pid files for RPM distros" 2015-11-05 13:33:04 +00:00
Paul Bourke
7df3a0bea5 Clean up keystone httpd pid files for RPM distros
In some cases we're seeing httpd not cleaning up properly after itself,
which results in the keystone container failing to restart. This is
confirmed to happen on rpm based distros, but have not had any reports
on Ubuntu.

Change-Id: I58b006189e700f1c851601b4f64dd0fae931103c
Closes-Bug: #1489676
Co-Authored-By: Tim Potter <tpot@hpe.com>
2015-11-05 11:46:14 +00:00
Sam Yaple
3d7a0c6f55 Restrucutre gate scripts
So we can respect DRY and share as much code as possible I have broken
out the common code between the aio and multinode gate scripts.

Additionally, this lays the ground work for removing our policy on
root-everywhere by using sudo. Once we get the non-root stuff worked
out we can gate as non-root user.

Change-Id: I781c597ab10f2296b95f51ae27e0fa617ffe0a66
Partially-Implements: blueprint multinode-gate
2015-11-05 10:58:29 +00:00
Sam Yaple
6a9beb4a33 Add Docker in Docker container
Change-Id: I3c953125ed0105b7e8b62e62da56bf3fa30889d1
Partially-Implements: blueprint multinode-gate
2015-11-05 10:58:29 +00:00
Sam Yaple
fdb010e56b Add additional ntp information around ceph
Mention `chrony` since thats what docs.openstack.org recommends for
WAN connections. It does do better than ntpd
Change-Id: I28caade26492294bf12b092ff949003c7bf0bb8e
2015-11-05 10:01:45 +00:00
Jenkins
4beea51e75 Merge "Adjust gate btrfs setup" 2015-11-05 09:49:12 +00:00
Jenkins
0ee4b57e44 Merge "Fix RHEL builds" 2015-11-05 09:42:34 +00:00
Jenkins
15bcd372c5 Merge "Adjust package name for Ubuntu Ironic" 2015-11-05 09:20:35 +00:00
Jenkins
cf79c8a6f5 Merge "Tidy up quickstart.rst" 2015-11-05 09:14:14 +00:00
Jenkins
cf0ca61dc8 Merge "Remove unused setup_fedora.sh" 2015-11-05 08:45:41 +00:00
Steven Dake
8581fc8521 Tidy up quickstart.rst
Fix up some gramatical errors in the quickstart documentation.

TrivialFix

Change-Id: I82dada5b1fc24a48dee143447042861b106ceeed
2015-11-05 01:32:33 -07:00
Sam Yaple
e65392aefb Adjust gate btrfs setup
This is in preperation for the DinD gate.

Change-Id: I2d2489df00808824f957ed0e3aa3a44496ff7e3e
Partially-Implements: blueprint multinode-gate
2015-11-05 02:27:19 +00:00
Sam Yaple
e4b84fbeac Remove unused setup_fedora.sh
The Fedora code is no longer used and can be removed. Should it be needed in the
future the code is very similiar to CentOS. As is it will just become out of
date as the code is never excersied.

Change-Id: I7df832e5b0830ac8b4507f000ed8ed6e43d39463
Partially-Implements: blueprint multinode-gate
2015-11-05 02:27:19 +00:00
Ryan Hallisey
0340bc4043 Fix RHEL builds
Register with RHEL on the host machine and use yum to setup
the repos in the container.

Change-Id: I38aaf43fffaf7a235e69b330d5d9f0f1be31fe83
Backport: Liberty
Closes-Bug: #1513088
2015-11-04 09:32:08 -05:00
Jenkins
c2d2d7ec12 Merge "Use default disk image size for centos/7" 2015-11-04 12:18:42 +00:00
Sam Yaple
1a676a36e9 Adjust package name for Ubuntu Ironic
We target 14.04 which has the package name 'syslinux'
>14.04 has the package name 'pxelinux'

TrivialFix
Backport: Liberty
Change-Id: Id0f4f503257d62d9ce45be5eb8f4faa766244d0a
2015-11-04 07:43:57 +00:00
Jenkins
32006d8149 Merge "Ansible config for Spice console" 2015-11-03 20:48:36 +00:00
Jenkins
4063882151 Merge "Updated quickstart doc" 2015-11-03 20:18:49 +00:00
Jenkins
ae202c2fad Merge "Make nova-spice5htmlproxy build on RDO" 2015-11-03 18:29:05 +00:00
Jenkins
816da38605 Merge "Small refactor for site.yml" 2015-11-03 14:32:53 +00:00
Jenkins
2d8c7e3350 Merge "Use rabbitmq-clusterer when deploying" 2015-11-03 14:29:56 +00:00
Jenkins
fe90e26947 Merge "Download, install, and enable rabbitmq_cluster" 2015-11-03 14:29:41 +00:00