Ceph is pretty easy to work with. Upgrade mons, then osds, then rgws
We want to eventually make these serial values configurable, but for
now due to cephs delicate distributed network nature it is safest to
only run 1 change at a time.
Change-Id: Icc721ab3651379c28fee853ca95f9e3ddf102998
Partially-Implements: blueprint upgrade-kolla
Implements: blueprint upgrade-ceph
This is single task to upgrade both haproxy and keepalived. It stops
slave nodes of keepalived and upgrades them separately to avoid
VIP migration and allow nearly no-downtime upgrade
Change-Id: I06124635a3f3553a4e8e91013cefbf897dd7179f
Implements: blueprint upgrade-haproxy
Implements: blueprint upgrade-keepalived
Partially-implements: blueprint upgrade-kolla
HAProxy: change to use option forwardfor to pass origin IP address
to backend via X-Forwarded-For header
Keystone: Apache does the audit logs for keystone. Change the
LogFormat to display the passed address instead of the connection
address which is that of the load balancer.
Nova, Cinder, Glance: these services can make use of the address
passed in X-Forwarded-For. With this setting the API logs for
these services include the client IP address.
Change-Id: Ia861ecc11a7c7d463d0366586926d1a842853f69
Closes-Bug: #1548935
To improve security, operators have asked for two VIPs for
their cloud.
VIP 1 is the internal VIP that can reach internal and admin endpoints.
In addition, the internal VIP can also reach other internal services,
such as the database and message services.
VIP 2 is the external VIP that can only reach public endpoints.
With one VIP only, all services are reached at the same address.
To add a second VIP, this patch adds two new configuration parameters.
kolla_external_vip_address: is an IPv4 address to use for created VIP
kolla_external_vip_interface: is the network interface to use for VIP
In this scenario, the first VIP (the internal VIP), is defined by
the original parameters (kolla_internal address and network_interface).
When using two VIPs, the existing kolla_external_address parameter
should be/point to/resolve to the kolla_external_vip_address.
Closes-bug: 1535333
Change-Id: I5bfcefaf7899298455cdade8209c34324aebfecb
This bootstrap was non-idempotent. This patch follows the style
first implemented with nova to make this idempotent.
TrivialFix
Change-Id: Id04e59c5274a7d8a5bffd3ce018f3bbb84839d75
This should be later replaced with actual upgrade logic
Change-Id: I1c386a7f3bc0d15ebe4a47d2628833172a15f89b
Partially-implements: blueprint upgrade-kolla
Partially-implements: blueprint upgrade-elasticseatch
Swift uses Syslog, but it uses a custom log format. So this commit
adds a specific Heka decoder for Swift.
It also increases the log level from "warning" to "info" to make
Swift more verbose. Note that "info" is the default log level in
Swift.
And it disables the Heka configuration for Swift when "enable_swift"
is set to "no". This prevents Heka from creating 15 empty Swift log
files in the logs volume.
Partially implements: blueprint heka
Change-Id: If7a7d0707e71be2957178e2d45b5de51b788232e
New playbook for glance service upgrade.
Change-Id: I759e4eddf669112f752fe07d6b99a4bb9593d97f
Implements: blueprint upgrade-glance
Partially-Implements: blueprint upgrade-kolla
In order to avoid the neutron-dhcp-agent container from
failing, you need to change 'MountFlags' to 'shared' in
/var/lib/systemd/system/docker.serivce. Add a precheck
so that this issue will not happen as often.
Closes-bug: #1546681
Change-Id: I339b5e93e870534fe16c6610f299ca789e5ada62
The new heka changed log path. It is necessary to change
the dnsmasq log path as well.
Change-Id: Iaffecb8baf87961931727ce653f6c72740896a8f
Closes-Bug: 1548199
Based on the Nova upgrade patch and recommendations from Swift PTL John
Dickinson at
https://swiftstack.com/blog/2013/12/20/upgrade-openstack-swift-no-downtime/
Notes:
As part of this upgrade I have chosen to *not* migrate any data from the
old style swift_data container. This is because it was never intended to
be used in production; this fact is made clear in the docs.
In regards to testing, as of this patch we do not yet have an upgrade
task for the common containers (rsyslog and kolla-toolbox), so
attempting to upgrade swift will result in it failing to find the
kolla-toolbox. This will be true of any other upgrade until upgrade for
common is added. It can be worked around by deploying another role such
as keystone which will drag in the common role and start up
kolla-toolbox, after which Swift can be successfully upgraded.
Change-Id: I138556932e9bddcd595d94a3dcb69603268880ff
Partially-Implements: blueprint upgrade-kolla
Implements: blueprint upgrade-swift
The Ansible logs are currently not collected by Heka. This can be
done later, with an Ansible-specific decoder for Heka.
Partially implements: blueprint heka
Change-Id: I8d3ba4edb527f61c0a8234024b4be953c6e6c565
