upgrade action no need to create endpoint, project, user, and role.
so the register.yml is unnecessary for upgrade.yml. this patch to
remove it.
Change-Id: I7e8d2c03cc596a551cd3e4b9b5214098d666f7ca
Closes-Bug: #1737071
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
When using XenAPI as the virt driver, we need some XenAPI
specific configure options. This commit is to ensure nova's
configuration can be generated correctly for XenAPI. It
includes the folowing changes:
* Add XenAPI as one of the valid options for nova_compute_virt_type;
* Configure some options when XenAPI is chosen as the virt type.
This commit does NOT include the host and [vnc] configurations which
will be covered by a following commit.
References:
* XenServer (and other XAPI based Xen variants):
https://docs.openstack.org/nova/pike/admin/configuration/hypervisor-xen-api.html
* XenCenter HIMN plugin (adding HIMN network which is used by XenAPI driver to
communicate with XenServer):
https://github.com/citrix-openstack/xencenter-himn-plugin
* nova configuration options:
https://docs.openstack.org/nova/pike/configuration/config.html
Change-Id: Id34d247ab78976627f8e70685f27470b254cd418
blueprint: xenserver-support
This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends
This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note
Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185
Add become to only neccesary tasks in roles:
- glance
- heat
- horizon
- keystone
- neutron
- nova
- openvswitch
Gate is also updated to use 'become' feature
Change-Id: I2f3f27306e9f384148e1ad4d54d8da2ebef34d00
Partial-Implements: blueprint ansible-specific-task-become
When deploying with tls enabled in public
endpoints, ansible modules fails due SSL certificates
are self-signed.
This change adds a new variable to allow customization
on which endpoints ansible should connect.
Defaults to admin because admin auth parameters defaults
to admin endpoint.
Change-Id: Ic3ed58cf9c9579cae08a11bbfe6fce983b5a9cbc
Closes-Bug: #1720995
The value set for "secure_proxy_ssl_header" should be
"HTTP_X_FORWARDED_PROTO" and not "X-Forwarded-Proto".
Change-Id: I7f4cc4871164ca9096a190101c179daa41e1ae9a
Closes-Bug: #1719325
This patch includes three unrelated fixes.
Make qemu use nova user in centos
Libvirt 3.2.0 (latest version in centos) seems to
have changed behavior of dynamic_ownership.
Pin ansible to <2.4 to make ara work in gates
ARA does not work yet with ansible 2.4, this change
pins to lower version to make gates work.
Revert once ara works with 2.4
Disable selinux for oraclelinux and centos.
Co-Authored-By: wanghongxu <wang19930902@gmail.com>
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Iac8bec19437192cd198d58f71c6ed0a65a76f820
Closes-bug: #1718541
Actually Openstack services configuration can be overriden using many
files:
- /etc/kolla/config/<< service name >>/<< config file >>
- /etc/kolla/config/<< service name >>/<<host>>/<< config file >>
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
Only per-service configuration is actually documented here:
https://github.com/openstack/kolla-ansible/blob/master/doc/advanced-configuration.rst#L164
Allowing to globally modify service configuration can be perform too,
but it can be done in 3 different manners, all not documented:
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
database.conf and messaging.conf seems redundant with global.conf.
In order to simplify codebase it seems logical to remove them.
Documentation has been added for overriding configuration globally and
release note has been added too.
Closes-Bug: #1682479
Change-Id: I5d922dfc0d938173bad34ac64e490b78db1b7e31
ipc_mode=host is required after enabled multipath in nova.
Closes-Bug: #1713639
Depends-On: I0a1d85597999415cab11feb71a7fdfd7af3f7148
Change-Id: Ib0b8961a47b686b6c35456768bbbccc741cb7adf
Existing defaults are setup for tcp, and set ca_file to an empty string.
'If you set this to an empty string, then no trusted CA certificate is loaded.'
libvirt may complain 'unsupported configuration: No server certificate path
set to match server key', as such tls should also be explicitly set to 0.
Change-Id: I49c64808cb236dab1d9fa2e699d0a2f2fc54cc99
Implements compute part of the blueprint.
Make virt_type of nova_compute configerable.
Change-Id: I0f37e49e09c4f14a64797506007bb55a6f534f0f
Partially-implements: blueprint kolla-ansible-support-vsphere
Co-Authored-By: shaofeng cheng <chengsf@winhong.com>
Currently nova.conf.j2 generates two compute_driver options for
nova_compute_ironic container like this:
compute_driver = ironic.IronicDriver
compute_driver = libvirt.LibvirtDriver
nova_compute_ironic container fails to start because the latter value
overrides the former one.
This patch fixes the issue recently introduced in [1].
[1] 63314ad6dd181a0e975438de2e99409238f1b775
Change-Id: Ibb661a5a594120be4195d331c38883c3b2886361
Closes-Bug: #1706534
Trace method is enabled in default for httpd. There is security risk
with trace enabled. So disable it in default. more info please check[0].
[0] https://security.stackexchange.com/a/7711
Change-Id: I4496a6d058d88e1abfb210085f189e7a610e0362
Closes-Bug: #1705160
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
In order to speed up deployment time some "local" actions should be run
only once using 'run_once: True'.
This will decrease deployment time in case of multihost configuration.
Change-Id: I6015d772d35c15e96c52f577013b6e41197cb41a
Some roles have a symlink to deploy.yml file
for reconfigure. This is causing some issues.
"included task files must contain a list of tasks"
Change-Id: Ie7ade52900a61bc1c5b867fa7a8f75fc541a6426
Closes-Bug: #1694251
RDO packages a distribution configuration file
/usr/share/nova/nova-dist.conf which contains the following setting:
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
This causes the nova-compute-ironic service to fail to start as the
nova ironic virt driver attempts and fails to create a firewall driver
using this class.
This change reinstates the explicit setting of the [DEFAULT]
firewall_driver option to the noop driver which resolves this issue.
This comes at the cost of a WARN log message due to the option being
deprecated (see
6d831db687).
Change-Id: I41bd9d0671118ff256e7ada766e8653bb4b2b376
Closes-Bug: #1701564
