1.Fix the invalid value about selinux policy
2.Update description of task about selinux.The permissive mode
need enable selinux.The parameter named "disable_selinux" is not good.
In order to customize selinux modes, we need a new
parameter named "selinux_state".
Closes-Bug: #1749046
Change-Id: I20c084cf2e46cc0de149afbd34c6dcb77a1051f4
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
Fixes a bug where the Baremetal Introspection service's public endpoint
registered in the Identity service referenced the internal API endpoint.
Also updates keystone endpoints for the Baremetal and Baremetal
Introspection services during reconfigure and upgrade operations.
Previously this was only done during deploy.
Change-Id: I32d475f288bb4a3834c13cc86f0c53b5437c3d25
Closes-Bug: #1738418
Add ansible role to deploy blazar
Add nova filters to allow use of blazar
Change-Id: I6742ddc9a4736f256491dd0cfd31904fa8eb5652
Implements: blueprint blazar-ansible-role
Using Docker volumes for persistent data in the bifrost container is
necessary for upgrading the bifrost services.
This change adds the following volumes:
* bifrost_httpboot
* bifrost_ironic
* bifrost_mariadb
* bifrost_rabbitmq
* bifrost_tftpboot
Ironic creates hardlinks between the TFTP master image store and the
HTTP root path when iPXE is enabled. With different Docker volumes
used for these locations we run into
https://bugs.launchpad.net/ironic/+bug/1507894 during deployment. If
we use a directory under /httpboot to store the master images this
issue is avoided.
Change-Id: I8653268d3598e7a59d2eb45c8750d45b6fc9e35f
Partially-implements: blueprint bifrost-upgrade
Using a kolla_logs volume ensures that logs are persistent beyond the
lifespan of the bifrost_deploy container. This is necessary to support
upgrading the bifrost services. It also opens the possibility of log
forwarding, although we do not currently deploy a fluentd container on
the bifrost host.
Change-Id: If3118cd75ccc87b0d003d5f382695aeaa43ed0f8
Partially-implements: blueprint bifrost-upgrade
Kolla-ansible typically configures services to access the internal API
endpoint of other services, rather than the default public endpoint.
This change ensures that this is the case for ironic inspector.
Change-Id: I998f12435fc1bd306444f9a68bd7f99f5b78f6f8
Closes-Bug: #1740591
ceph-mgr service is mandatory in ceph luminous
Depends-On: I875f84012a92d4f8b9dcb212d917cf61167270b8
Change-Id: I9418bf40a4bc3dcfc07c8b2eae17cb5779f5b444
Implements: blueprint ceph-luminous
Added ``horizon_keystone_domain_choices`` hash. It can be used to set the
available domains to choose from on the horizon login page. This feature
was introduced in pike release.
Change-Id: Ia7d2bc45e518848a04ce78e7833e1cf9a0ef21ce
In some scenarios it may be useful to apply custom filters to logs
before forwarding them. This may be useful to add additional tags to
the messages or to modify the tags to conform to a log format that
differs from the one defined by kolla-ansible.
Configuration of custom fluentd filters is possible by placing filter
configuration files in ``/etc/kolla/config/fluentd/filter/*.conf`` on
the ansible control host.
Change-Id: I29a20efb0df4bf3564ef009616c786e928aa26d9
Implements: blueprint fluentd-custom-filters
This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends
This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note
Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185
This patch introduces inner-compute and external-compute nodes
group to distinguish compute nodes which do not have external
reachability from compute nodes which can reach outside.
Co-Authored-By: jinke <jin.ke@99cloud.net>
Co-Authored-By: yong sheng gong <gong.yongsheng@99cloud.net>
Change-Id: I45b945f7885e8243b017cf8607cbd7f9827cb6e9
Closes-bug: #1722026
The service listening port of MDNS can be override by dns_interface.
If so, the pool conf use the wrong IP for join mdns service.
Change-Id: I8a3678955ecf5f769da7090fe5dad68e027c102b
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.
Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.
This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html
.
Change-Id: I72537ef7a9c56221fb13d11b4fc5aef9c7446601
1- Expand and migrate database in first keystone node
2- Upgrade all nodes sequentially along with updation of each node's
configuration file with latest release version
3- Last keystone node, contract database
With this patch, there is small downtime when all containers are
restarted. It will be fixed in other patch.
[1] http://docs.openstack.org/developer/keystone/upgrading.html#upgrading-without-downtime
Co-Authored-By: Surya Prakash Singh <surya.singh@nectechnologies.in>
Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>
Co-Authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
Partially-Implements: blueprint ks-rolling-upgrade-role
Change-Id: I2159af567c40848840ff5e483e7d1f6de760b435
As an operator I want to be able to monitor the status
of RabbitMQ by collecting metrics such as queue length,
message rates (globally and per channel), and information
about resource usage on the host, such as memory use,
open file descriptors and the state of the cluster. Whilst
it is possible to gather all of this information using
the OpenStack RabbitMQ user configured by Kolla Ansible,
this user has write access to the OpenStack vhost. This
feature adds a monitoring user which has access to all of
the information described above, but does not have write
access. An example of a service which may use the
monitoring user is the RabbitMQ plugin for the Monasca
Agent. As not all users will configure monitoring, by
default the monitoring user is disabled. To create it,
the user should override the rabbitmq_monitoring_user
variable.
Implements: blueprint add-monitoring-user-for-rabbit
Change-Id: Ie895ddc59dda1c38faab6305163d9bed6710ff9d
Add become to only neccesary tasks in roles:
- glance
- heat
- horizon
- keystone
- neutron
- nova
- openvswitch
Gate is also updated to use 'become' feature
Change-Id: I2f3f27306e9f384148e1ad4d54d8da2ebef34d00
Partial-Implements: blueprint ansible-specific-task-become
