otherwise, if the jinja2 blocks at the end of the line, it will remove
the last newline character and join two lines into one.
Change-Id: Ie710342fb034e477ff854eba3915dd845bddd257
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
Memcached do not support cluster. Then make it work in active-standby
mode. This will be helpful to implement high available when using memcached
as tooz backend.
Change-Id: I13722111d8b8d5b066e9a85d4c8d1679704c8caa
So it turns out that without 'mode http' redirects and rewrites
will not happen, and we're relying on it for multiple things.
Switch neutron to use http-tunnel mode instead which seems to work,
we've had no errors in our setup.
See:
https://www.haproxy.org/download/1.5/doc/configuration.txt
Quoute:
" - tunnel : only the first request and response are processed,
everything else is forwarded with no analysis."
Fixes: bba80acc8b78ab3a34d61b3d0b496551e5a9258e
Change-Id: I0d9abe9731fba1e4deb64932e859f991648bb1ec
In a HAProxy precheck task, the command module is used, and the results
inspected by checking the stdout attribute of the result. However, if
the command fails (non-zero exit code), in some cases there may not be a
stdout attribute in the result object. This causes an AttributeError and
prevents ansible's useful diagnostic output from being displayed.
Change-Id: Id502b5d0b71fe2150a29df43154c925dca96ef06
Trivial Fix
Close-Bug: 1734047
For ODL clustering, one should explicitly points switches to each
of the ODL instances. The openflowplugin logic will figure out
which controller should be the master, and which should be the
slave.
Kolla currently sets the manager to one of the specific ODL over
ptcp and another one through the VIP. The VIP is probably
forwarding the traffic to that same ODL so from ODL's perspective
it's getting two duplicated connection requests from the same OVS
which will cause re-connection problem.
This PS does:
1) Let OVS to connect to the individual IPs of each ODL node in
a ODL cluster instead of only connect to the representative over
VIP. Devstack is doing the same thing[1]. Further more, there is no
need for HAProxy to be frontend for ODL southbound.
2) Delete the unusd ptcp connection option.
[1] https://review.openstack.org/#/c/249484/
Change-Id: Ib57e6fbb5ce64a48be0506904d3c8397ed6f70d9
Signed-off-by: Zhijiang Hu <hu.zhijiang@zte.com.cn>
outward_rabbitmq is determined using enable_outward_rabbitmq
property rather than current haproxy_enable_external_vip
Change-Id: Iee096ab50fd4d9f5f3fe05880d0e0a7842c59d0a
Closes-Bug: 1722854
This change adds enable_fluentd option and enables some other log shippers
to be integrated. When enable_fluentd is "no", syslog server is also disabled.
Then, this change also adds syslog parameters to use a syslog server
prepared by users.
Change-Id: I7c83ef7fe30a6b9ab7385bcee953ad07e96b0a83
Implements: blueprint fluentd-enable-option
Add config_owner_user and config_owner_group to group_vars/all,
which is user and group of Kolla configuration files in /etc/kolla.
Add become to post-deploy playbook.
Add become to only neccesary tasks in roles:
- certificate
- common
- destroy
- haproxy
- mariadb
- memcached
- rabbitmq
Change-Id: I2aba745a6e3928c52642f64551470fd08cbfd058
Partial-Implements: blueprint ansible-specific-task-become
Console access for HyperV VMs is now done via Kolla VIP.
The VIP will point to each HyperV compute node IP on which
FreeRDP-WebConnect is installed.
Closes-Bug: #1714249
Change-Id: I3a5d23425996a5c347ff21df3f99c3f63dd35173
Currently, kolla_keepalived_running may be created and deleted in
parallel which causes prechecks failure. The solution is using
run_once = true.
Closes-Bug: #1714407
Change-Id: I2ec8fc2e867c87175157af8acc11f57313bfaabe
Signed-off-by: Zhijiang Hu <hu.zhijiang@zte.com.cn>
This reverts commit 91321ac8ff342ad8276c6874f85b7ad3a823a444.
The reasoning given in this commit is incorrect. Keystone/oslo.cache
uses memcached hosts based on a hashing of the key to determine which
memcached host to check. If you have different configured memcached
servers per keystone deployment you have a mis-configured deployment.
Any RESTapi should be capable of roundrobin load-balancing. I am not
familiar with the Murano case with uploading a package, but this change
also does not address Murano at all.
As far as Horizon goes, that hasn't had a problem with shared backends
since the beginning because we use memcached servers with a shared
secret key [1].
All this change has done is lowered the efficiency of loadbalancing
keystone.
[1] https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/horizon/templates/local_settings.j2#L149
Change-Id: Ic0b550e7c96d67c39153933b527ab3edf7d90f27
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
* remove ceilometer-api and ceilometer-collector service
* use ceilometer-notification to publish message to proper backend
* remove useless ceilometer_database_type and ceilometer_event_type
variables
* sync event_definitions.yaml, event_pipeline.yaml and pipeline.yaml
file with upstream
Change-Id: Ib39053cb5f70bd11ee61d3f26d5b28accecd7190
timeout options are added to glance-api but not for glance_api_external,
it should be added there also.
Change-Id: Idbd3dabbe24a5c71e70154dfde96c5c70eeefc10
Partial-bug: 1675637
Haproxy fails to deploy if outward group is not
in inventory.
This change adds an optional outward setting for
haproxy
Change-Id: I351578582b1057bb48ac69859583a5db13f0bfb8
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
always_run is deprecated and removed in Ansible 2.4
check_mode is introduced in Ansible 2.2 and Kolla-ansible bump Ansible to
2.2.0 so it's safe to replace always_run by check_mode now.
Change-Id: Id1028d38b7bde30a6afe17b319dcdc77907914ab
Closes-Bug: #1643633
Implements: blueprint migrate-to-ansible-2-2-0
This patch introduces the ansible materials to deploy
the skydive service, that can be used to monitor and
troubleshoot networking in an openstack deployment.
Implements: blueprint skydive-service
Co-Authored-By: Nicolas Bouron <nicolas.bouron@gmail.com>
Signed-off-by: Mathieu Rohon <mathieu.rohon@gmail.com>
Change-Id: I53051a1b0c85380416288e17040a398b6efb62c0
In Ansible 2.3.0 when statements should not include jinja2 templating
delimiters such as {{ }} or {% %}
This patchset fixes all condition in precheck task of haproxy.
Change-Id: I5ad234cf24133efe342956c1b7ab1b947f96b20f
Partial-Bug: #1695142
Many of the templates use 600, remove unnecessary permission
on these templates to bring them in line with the others.
Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27
At this moment prechecks pass even external_vip_interface
is not present or active.
This change adds such precheck into haproxy role.
Change-Id: I7a5ac4aca7002ff8376710ab536b975c88edebc6
Closes-Bug: #1668489
At this moment haproxy config.yml notifies
handlers that are not skipped when running
genconfig
Change-Id: I2eab18e3ba709075f21f8dce323fcb2acef43de5
Closes-Bug: #1664674
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
HAproxy always restart containers when doing reconfigure.
compare_container not evaluate privileged while the containers
are privileged.
compare_container always evaluates true because of this.
Closes-Bug: #1678122
Change-Id: Iaea80c1e09ef16a6d2530a75e6f37e6259bb4ca7
