252 Commits

Author SHA1 Message Date
Jenkins
b560b64e74 Merge "Add flag to allow provider networks" 2017-06-27 16:40:09 +00:00
Vladislav Belogrudov
f6eefdf388 Add flag to allow provider networks
In case of provider networks we need to configure external bridge
on compute nodes, like it is done in DVR. The only way to tell
if provider networks are to be used is a new flag.

Change-Id: I1aef197ee2b84e28f2131f058e6995551f873fe1
Closes-Bug: #1694726
2017-06-27 08:33:43 +00:00
Jenkins
be8f64492c Merge "Barbican simple_crypto plugin broken - invalid key" 2017-06-26 08:58:03 +00:00
Jenkins
87c860dbf9 Merge "Add upgrade release note for ovs split" 2017-06-22 14:54:49 +00:00
Mark Goddard
2e4359069e Barbican simple_crypto plugin broken - invalid key
When using the simple_crypto plugin, barbican expects the
[simple_crypto_plugin] kek config value to be a base64-encoded 32 byte
value. However, kolla-ansible is providing a standard autogenerated
password.

There are two relevant variables in kolla-ansible -
barbican_crypto_password (a standard password) and barbican_crypto_key
(a HMAC-SHA256 key). There is no use of barbican_crypto_key other than
when it is generated. barbican_crypto_password is used to set the
[simple_crypto_plugin] kek config value but causes an error when the
simple_crypto plugin is used as the value is not in the expected format.
Using barbican_crypto_key instead resolves the error. Clearly there is a
naming issue here and we should be using barbican_crypto_key instead of
barbican_crypto_password.

This change removes the barbican_crypto_password variable and uses
barbican_crypto_key instead.

Change-Id: I63e2b381c260265e5901ee88ca0a649d96952bda
Closes-Bug: #1699014
Related-Bug: #1683216
Co-Authored-By: Stig Telfer <stig@stackhpc.com>
2017-06-21 17:07:17 +01:00
Vladislav Belogrudov
296ddbeb03 Add possibility to configure tenant network types and type drivers
This patch add configuration options for tenant network types and type
drivers. Both lists are checked so that tenant types are listed in
drivers. For ironic 'flat' driver is mandatory and is added explicitly
into ironic prechecks.

Change-Id: Ie5775001165412910a258cbed2d2ebbb8ebbd879
Closes-Bug: #1694725
2017-06-21 17:14:25 +03:00
Eduardo Gonzalez
1f1d91b960 Move mDNS to network nodes
mDNS publish DNS services to designate service customers.
Only network node should be reachable by public networks.

Change-Id: Id2947df89d2d831d67e006a581ac88b4ecf8ce04
Closes-Bug: #1693918
2017-06-21 13:17:46 +00:00
Eduardo Gonzalez
112d632640 Enable port_security by default
Neutron recommend as good practice to enable port_security
extension by default. Current networks will remain using
security groups, but will allow users to disable port_security
in their port or networks.
An example use case is nfv.

Change-Id: I69f2e3567fd00695cf1c4bcc9177c2b88e33c3ab
2017-06-19 14:09:32 +02:00
Jenkins
f07515afe8 Merge "Add vhost to outward rabbitmq for Murano" 2017-06-16 11:28:33 +00:00
Paul Bourke
aff43f73e3 Add vhost to outward rabbitmq for Murano
Change-Id: I09654f29b59e0327ee1a7961e0990e4c6927e8fc
Closes-Bug: #1620374
2017-06-15 14:19:33 +01:00
Dan Ardelean
58ce2b54ea Add Hyper-V role
Implement an ansible role that adds Hyper-V as a compute node for
OpenStack using Kolla.

This will install and configure the Nova Compute service, the
Hyper-V Neutron agent and FreeRDP-WebConnect.
https://docs.openstack.org/ocata/config-reference/compute/hypervisor-hyper-v.html

Change-Id: I601835b0769c5ff173a980a05a752391ae8cc82f
Implements: blueprint hyperv-ansible-role
Co-Authored-By: Alessandro Pilotti <apilotti@cloudbasesolutions.com>
2017-06-15 16:12:31 +03:00
Paul Bourke
d8fe3ea780 Add a new 'outward' rabbitmq instance
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]

Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.

This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.

Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.

Based on the original work by bdaca[2]

[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525

Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
2017-06-15 11:12:22 +00:00
jimmygc
8d1b745f45 Add VMware NSXV support to neutron
Implements NSXV network part of  the blueprint.

Change-Id: I6b92b946667ebbbd2721a99fd299981cfc99693f
Partially-implements: blueprint kolla-ansible-support-vsphere
Co-Authored-By: shaofeng cheng <chengsf@winhong.com>
2017-06-12 09:51:23 +00:00
Paul Bourke
5cb375645c Add a Kolla 'devstack' mode
Add a new variable 'kolla_devmode', which when enabled, clones and
bindmounts service source code into the containers.

This commit adds the relevant changes for Heat, more services can be
added and built upon.

Usage:
* Set 'kolla_devmode: yes'

* Code is cloned to /opt/stack/{{ project_name }} on target
  node(s)

* Users can develop in these repos, and simply restart the container to
  pick up / test changes.

Debugging can be done from the host via 'remote_pdb'[0].

[0] https://pypi.python.org/pypi/remote-pdb

Implements: blueprint mount-sources
Change-Id: Ic0431b10d723bf84eeefc72039376fe0058dd902
2017-06-08 09:55:54 +01:00
Jenkins
1d5a7fcb83 Merge "Add release note to deprecate some config files" 2017-06-06 08:17:46 +00:00
Bertrand Lallau
a3aa0e8540 Add release note to deprecate some config files
Actually Openstack services configuration can be overriden using many
files:
- /etc/kolla/config/<< service name >>/<< config file >>
- /etc/kolla/config/<< service name >>/<<host>>/<< config file >>
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf

Only per-service configuration is actually documented here:
https://github.com/openstack/kolla-ansible/blob/master/doc/advanced-configuration.rst#L164

Allowing to globally modify service configuration can be perform too,
but it can be done in 3 different manners:
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf

database.conf and messaging.conf seems redundant with global.conf.
In order to simplify codebase it seems logical to deprecate them.

Change-Id: Ia632c207e4b0237ea813fcf53b44504b97a204e7
2017-06-05 11:26:24 +00:00
Jenkins
dd11b3f5a4 Merge "Support OSprofile usage" 2017-06-05 08:54:43 +00:00
Jenkins
77041db66e Merge "[Trivial] Fix two typos in kolla-ansible." 2017-06-04 14:55:34 +00:00
Eduardo Gonzalez
ab4b1ff785 Support OSprofile usage
OSprofile allows user/devs trace OpenStack requests.

Implements: blueprint enable-osprofiler
Co-Authored-By: Bertrand Lallau <bertrand.lallau@gmail.com>
Change-Id: I82ea85d726011ef6cbf99380f395452d6d7f8053
2017-06-02 22:41:33 +02:00
Jenkins
e8c0ed8b7e Merge "Add kolla-ansible bash completion script" 2017-06-02 11:05:44 +00:00
leiyashuai
e8e64f1c83 [Trivial] Fix two typos in kolla-ansible.
Change-Id: I9665338318f8ad4690e4908748065623d0537741
2017-05-16 19:32:36 -07:00
jimmygc
94c5cc570a Add kolla-ansible bash completion script
Make command line more friendly. :)

Change-Id: I8113c72aa00b1c07cb2b77c73e7dd8c7ee833bcc
2017-05-12 09:06:36 +08:00
Eduardo Gonzalez
ed72a0afb7 Add upgrade release note for ovs split
Openvswitch role has been splited from neutron role.
When upgrading is required to add openvswitch group in
inventory file. Add this statement into release notes.

Change-Id: If0fea2c550551a07b866b69166eda080263cf2f4
2017-05-10 10:49:35 +00:00
Jenkins
a8433495dd Merge "Add graceful_timeout argument to kolla_docker" 2017-05-10 08:40:36 +00:00
Jenkins
b236be7cb1 Merge "Remove all Ubuntu 14.04 related documentation" 2017-05-02 16:50:37 +00:00
Jenkins
118e1d8566 Merge "Add release note for versionless keystone endpoint" 2017-04-25 01:57:07 +00:00
Michal (inc0) Jastrzebski
92f9a7e640 OVS Role release note
We missed it in change, but this is important to note

Change-Id: I6abb4a963d0d9340f9e6e24c9abd9f99ec72867f
2017-04-13 16:41:24 +00:00
Duong Ha-Quang
d929359550 Add graceful_timeout argument to kolla_docker
Currently, when stoping/restarting container, Kolla uses default timeout value
between SIGTERM and SIGKILL provided by docker which is 10 sec. But some
services require more than it to finish graceful shutdown progress.

This patchset adds graceful_timeout to kolla_docker to override the default
one.

Partial Implements: bp signaling-to-container

Change-Id: Ica0b48a53c650cc23dfa1955027d2cf936a5932f
2017-04-13 16:53:14 +07:00
Paul Bourke
e27165edc5 Unmount Ceph OSD disks as part of destroy
This seems to have got lost during repo split. Adding it back in now.

Change-Id: Ic0b0f5efb12eab58e7872b30611a39640dc44cc2
Closes-Bug: #1629224
(cherry picked from commit e1a2f99014a1aeb3697e8ec3c999cdc12380376b)
2017-04-11 13:45:08 +00:00
Bertrand Lallau
0a95528da8 Remove all Ubuntu 14.04 related documentation
Last Openstack version supported on Ubuntu 14.04 is Mitaka. Hence Ubuntu
14.04 related documentation can be remove since Kolla Newton release.

Change-Id: Ibedd9dea659fc787660e44909573a59339b870c3
2017-04-10 16:30:08 +00:00
Eduardo Gonzalez
5ed07f9ffe Add release note for versionless keystone endpoint
Include an upgrade release note to make users know
that endpoint are going to be updated while upgrading
to Pike.

Change-Id: Iaa2bfce27e9d9cdbb574121147fc761810d7dd71
2017-04-05 12:53:36 +00:00
root
2364bee3cc Add zun ansible role
Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-implements: bp add-zun-ansible-role
2017-03-30 04:15:17 -04:00
Paul Bourke
b8c03263cc Add an extra network node for HA
Given keepalived runs on the network node, we should have a minimum of
two by default for high availability.

Change-Id: Ifbd68e456dc93319df8e85017fd9f4db09f05929
2017-03-22 10:39:44 +00:00
Jenkins
9ce2a9b5f4 Merge "Add neutron-bgp-dragent playbooks and sensible defaults." 2017-03-20 10:47:01 +00:00
Thomas O'Neill
94dec80705 Add neutron-bgp-dragent playbooks and sensible defaults.
Depends-On: If7f5c80eb10a1c418785d9c659ae18bfecfcfe33
Change-Id: I9c54f01193b4e12338e71cd1f0a4635dcbfa43fe
Implements: blueprint neutron-bgp-dragent
2017-03-16 10:03:17 +00:00
rcherrueau
dcdbe44190
Multi-regions Support
Add support for basic multiple regions, that is to say, many OpenStack
with a shared Keystone (same users) and Horizon. The shared Keystone
and Horizon are deployed into one region, for instance RegionOne.
Services of other regions have an access to this Keystone. This
support assumes that the operator knows the name of all OpenStack
regions in advance, and considers as many Kolla runs as there are
regions.

The new variable, multiple_regions_names, contains the name of
regions. It is needed by the region that includes Keystone and
Horizon. In register.yml, it specifies to create as many Keystone
endpoints as there are regiones, so that services of other regions can
connect to Keystone. In local_settings.j2, it changes the render to
support multiple regions in Horizon. The multi-regions.rst explains
how to perform a multiple regions deployment.

Implements: blueprint multi-kolla-config
Change-Id: Icab2aebfc4de0e3bc609950956e0af397705f403
2017-03-10 14:24:42 +01:00
Jenkins
9d0daa015a Merge "Enable sanity checks from kolla-ansible" 2017-03-09 17:31:51 +00:00
Paul Bourke
5418ada148 Enable sanity checks from kolla-ansible
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.

Add stub files to all services that don't currently have checks.

Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
2017-03-09 10:37:06 +00:00
Jenkins
d860cefd51 Merge "Disable running playbooks in serial by default" 2017-03-08 16:51:13 +00:00
Jenkins
a6da1bda59 Merge "Fix booting from volume failure" 2017-03-08 15:28:27 +00:00
Jeffrey Zhang
cad7fc35f7 Disable running playbooks in serial by default
Run playbooks in serial are unnecessary and may cause some issue. This
patch disables serial.

This patch also removes the serial for MariaDB playbook. MariaDB handle
this internally.

Partial-Bug: #1668185
Change-Id: I3b4216dd82607475e9bd9b44590b631be4abdbdd
2017-03-08 21:27:29 +08:00
Jeffrey Zhang
d06efcecc5 Fix booting from volume failure
Booting from volume require cinder's ceph client secret now. Move cinder
before nova in site.yml, because nova depends on cinder ceph client key
now.

Change-Id: I01c9ed80843d98305b8963894c4917c21a35d3ac
Closes-Bug: #1670676
2017-03-08 21:16:06 +08:00
Jenkins
2852af4376 Merge "Release note for reconfiguration optimizaiton" 2017-03-07 03:36:43 +00:00
Michal (inc0) Jastrzebski
283e9deee2 Release note for reconfiguration optimizaiton
That's a good feature to brag about!

Closes-bug: #1670467
Change-Id: If0235ffd1f3ac7fa8cdf7418957d50aa652fa386
2017-03-06 19:04:25 +00:00
09a0cc80c3 Update reno for stable/ocata
Change-Id: I99f2932fb74b399a93b3c6547b8d62a595ce6ce6
2017-02-15 17:36:36 +00:00
Jenkins
67d5407db8 Merge "Rename kolla namespace to kolla_ansible" 2017-02-15 15:50:12 +00:00
Jeffrey Zhang
177fbea79a Rename kolla namespace to kolla_ansible
* Rename kolla namespace to kolla_ansible
* remove oslo.config.opts entry points which is uesless
* delete useless tools/version-check.py script

Change-Id: I005dd7223ff23afbb2ce8cbfd0ebec0969102798
2017-02-15 16:34:51 +08:00
Duong Ha-Quang
f45fe3243f Change Barbican default secret store to pkcs11
Change-Id: I758eedb8569ce5ddbfb44f7dc79d622891997e84
Closes-Bug: #1625340
2017-02-09 13:40:13 +07:00
Michal (inc0) Jastrzebski
b12fd3ac65 Add release note regarding nova upgrade
There are steps that operator need to do if they have existing config
files.

Change-Id: Ie523db44a903bb50652d3cbaac111475cce7cc8b
2017-02-04 01:12:03 +00:00
caowei
9c82ed8071 Add freezer ansible role
Co-Authored-By: caoyuan <cao.yuan@99cloud.net>
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>

Change-Id: I419f7ceb219ea9643cfd225c130018f967ddd860
Partially-implements: bp freezer-ansible-role
2017-01-27 11:19:13 +00:00