Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
On many systems IPv6 related modules are not loaded by default.
Usually when one runs ip6tables-* commands required modules are
probed. In neutron_openvswitch_agent container /lib/modules
does not exist. The commands fail to process ip6 firewall
rules as consequence.
Change-Id: Ic4e72eb4f5304f013b7a09ddd31794cfafa67e0b
Closes-Bug: #1615715
Different Y stream version in Ansible is not compatible. Since ansible
2.2.0 is released for a while. It is time for kolla-ansible to bump the
min Ansible version. Then we can remove the annoying WARNING message
in deploying logs and use the new features.
Change-Id: I99f3c5678f6d2d1f93d61c660fbd166184ff6422
Cron is always restarting due dummy environment
variable is None.
This change adds a useless env value.
Change-Id: Iad435bb0671a25bc12c6a6d0d988d555faba76c3
Closes-Bug: #1697706
keystone-paste.ini file is introduced by
I3a3ca2e74c0ae341105d3481f97956c6da473046 for a security risk of
admin_token_auth middleware. Now this middleware is removed by
I57586ccfa0ad1309cc806d95377dc1ecad015914. So it is safe to use upstream
keystone-paste.ini file.
This patch also keep custom paste file feature. Just put the file to
/etc/kolla/config/keystone/keyston-paste.ini path.
Closes-Bug: #1695023
Partially-Implements: blueprint custom-paste
Change-Id: Ieb983b6a9edb6a156928f6b56a4bd2dbed4281e2
Since whole issue was related to check whether user wants to wipe
device, loopbacks can be opt out from this warnings
Change-Id: Idd823b282e3055457ed041a98c848deb8509cc30
Closes-Bug: #1667074
With the following configuration in globals.yml:
enable_ceilometer="no"
enable_designate="no"
enable_searchlight="yes"
neutron.conf is generated like following:
[oslo_messaging_notifications]
driver = messagingv2
topics =
=> topics value is missing.
This patch fix it.
Closes-Bug: #1671940
Change-Id: I28ab60c61882caaba823bab84f30f77e270f29b4
With the following configuration in globals.yml
enable_ceilometer="no"
enable_designate="no"
enable_searchlight="yes"
nova.conf is generated like following:
[oslo_messaging_notifications]
driver = messagingv2
topics =
topics value is missing.
Change-Id: I27145c0da8b864b2614091933c33d83bdec8b9be
Closes-Bug: #1671935
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Currently TCMalloc's default tc size is 32MB.
This causes poor performance in ceph storage.
A new ceph_tcmalloc_tc_bytes option has been added
with a default of 128MB.
128 MB is default TC size at above jewel version.
and if we don't set this config,
osd daemon will running with 32 MB.
because 32MB is default size in TCmalloc 2.4 version.
32MB and 128MB are twice the performance difference.
- reference : https://www.slideshare.net/Red_Hat_Storage/
ceph-performance-projects-leading-up-to-jewel-61050682
Closes-Bug: #1693692
Change-Id: I0d25c92917b11a29bcfd18f9c129cae328fa2d3e
Signed-off-by: jangseon ryu <jangseon.ryu@navercorp.com>
Add a new variable 'kolla_devmode', which when enabled, clones and
bindmounts service source code into the containers.
This commit adds the relevant changes for Heat, more services can be
added and built upon.
Usage:
* Set 'kolla_devmode: yes'
* Code is cloned to /opt/stack/{{ project_name }} on target
node(s)
* Users can develop in these repos, and simply restart the container to
pick up / test changes.
Debugging can be done from the host via 'remote_pdb'[0].
[0] https://pypi.python.org/pypi/remote-pdb
Implements: blueprint mount-sources
Change-Id: Ic0431b10d723bf84eeefc72039376fe0058dd902
The default value of default_boot_option configuration will
change eventually from "netboot" to "local".
It is recommended to set an explicit value for it during the
transition period
Change-Id: Ic42b84e82d4ad27e371536ad9915b5a32118012d
Closes-Bug: #1696636
If we don't use cirros image, ``image_ssh_user = cirros`` is wrong,
so we should make it be variable.
Change-Id: I0a1d6999d1dbc8ce319f4bd504455dfd1fb5fceb
Closes-Bug: #1696088
Normally chronyd will cause the system to gradually correct any time offset, by slowing down or speeding up the clock as required.
In certain situations, the system clock might be so far adrift
that this slewing process would take a very long time to correct the system clock
Change-Id: I939b6aae1dbeb133203085ec68bdb9f7936ee9ef
Closes-Bug: #1696056
This patch introduces the ansible materials to deploy
the skydive service, that can be used to monitor and
troubleshoot networking in an openstack deployment.
Implements: blueprint skydive-service
Co-Authored-By: Nicolas Bouron <nicolas.bouron@gmail.com>
Signed-off-by: Mathieu Rohon <mathieu.rohon@gmail.com>
Change-Id: I53051a1b0c85380416288e17040a398b6efb62c0
gnocchi have archive policy rule feature, which can control metric's
archive_policy. gnocchi also have a default archive policy rule which
is using low archive policy.
On the other hand, archive_policy is marked as deprecated and will be
removed in the feature in ceilometer[0].
So should better remove archive_policy ceilometer.conf.
[0] https://review.openstack.org/#/c/448586/
Change-Id: I0aa726f6420d628bda3fb4c4eba86b55fe1e2699
Closes-Bug: #1696038
