Add become to all tasks that use the module "kolla_docker"
Change-Id: I4309c4011687b88ec31d739fd8f834fe2326ff10
Partial-Implements: blueprint ansible-specific-task-become
Deploys the Monasca API with mod_wsgi + Apache.
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Partially-Implements: blueprint monasca-roles
Change-Id: I3e03762217fbef1fb0cbff6239abb109cbec226b
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
Projects which may use Kafka include Monasca and Oslo
messaging. Initially it will be possible to
deploy a single Kafka cluster which may be shared
among clients. Support for running multiple Kafka
clusters may be added in a future change. This
change also configures logging for Kafka server,
state-change and controller logs.
Partially-Implements: blueprint monasca-roles
Change-Id: Iab8d200c2450238f3c0c708d1f4184490f6e6284
As rest of the files are follow the same pattern
So in same manner following the same for fluentd format config
Change-Id: I114e3a09e9747085adcc06caa419d5ebe61cec7b
Fluentd custom output and filter configs target directory can have unknown
permissions, so copy these configs as root.
Change-Id: I1649f8cd4a5066245e8f79e8e71b6bbf04dbcb62
Closes-Bug: #1760213
This picks up the abandoned review:
https://review.openstack.org/#/c/412423
Co-Authored-By: Sam Yaple <sam@yaple.net>
Partially-Implements: blueprint monasca-roles
Change-Id: Idc01afcb125271181ee5e15d327d0929f07b49e9
Add ansible role to deploy blazar
Add nova filters to allow use of blazar
Change-Id: I6742ddc9a4736f256491dd0cfd31904fa8eb5652
Implements: blueprint blazar-ansible-role
Although there is an option "enable_fluentd", but there are still
some tasks that make fluentd not configurable.
Change-Id: Ic0a9deb36fce154022925d26411e01a8ffe18b50
Signed-off-by: Xinliang Liu <xinliang.liu@linaro.org>
The owner and permission check for config directories
should be executed only when the service is enabled.
Change-Id: I6dd2a8fcce83cba8a9a79b1c302d6b1ef4305144
Closes-Bug: #1734789
In some scenarios it may be useful to apply custom filters to logs
before forwarding them. This may be useful to add additional tags to
the messages or to modify the tags to conform to a log format that
differs from the one defined by kolla-ansible.
Configuration of custom fluentd filters is possible by placing filter
configuration files in ``/etc/kolla/config/fluentd/filter/*.conf`` on
the ansible control host.
Change-Id: I29a20efb0df4bf3564ef009616c786e928aa26d9
Implements: blueprint fluentd-custom-filters
The current syntax of Ubuntu fluentd rewrite rules are not supported
anymore, reference to this commit[1].
According to the build of this patch[2], The Centos has no such isuue.
Only Ubuntu needs to be upgrade to use the <rule> section.
* Centos use 01-rewrite-0.12.conf.j2
* Ubuntu use 01-rewrite-0.14.conf.j2
backport: pike
[1] 248ed8e97d
[2] https://review.openstack.org/#/c/517907
Depends-on: I47985113fe732569d640a262ca832c6edc8c2bb6
Change-Id: I0b131c2f65652cf3c61b33d8162097b047603923
Closes-Bug: #1730664
Become option is missed in patch #398682, this patchset fix this issue.
Change-Id: I228c31486210ef1de76601d3ea4ee955a628ca73
Partial-Implements: blueprint ansible-specific-task-become
This change adds enable_fluentd option and enables some other log shippers
to be integrated. When enable_fluentd is "no", syslog server is also disabled.
Then, this change also adds syslog parameters to use a syslog server
prepared by users.
Change-Id: I7c83ef7fe30a6b9ab7385bcee953ad07e96b0a83
Implements: blueprint fluentd-enable-option
Add config_owner_user and config_owner_group to group_vars/all,
which is user and group of Kolla configuration files in /etc/kolla.
Add become to post-deploy playbook.
Add become to only neccesary tasks in roles:
- certificate
- common
- destroy
- haproxy
- mariadb
- memcached
- rabbitmq
Change-Id: I2aba745a6e3928c52642f64551470fd08cbfd058
Partial-Implements: blueprint ansible-specific-task-become
In some scenarios it may be useful to configure custom fluentd outputs
to forward logs to a logging service other than elasticsearch.
This change supports configuration of fluentd outputs by placing
output configuration files in /etc/kolla/config/fluentd/output/*.conf.
Change-Id: I3c0b271d88dbb307ba3a23546e29c72e8baeca55
Implements: blueprint fluentd-custom-outputs
Libvirt logs are not managed by Fluentd. It can be very helpful to
debug 'booting' issue on KVM.
Change-Id: Ie04322adec0482f4d586d2f8564a1a77f2da2605
Closes-Bug: #1713429
Actual Fluentd config doesn't manage multiline log pattern like:
2017-08-16 21:41:03.097 7 WARNING oslo_config.cfg [-] Option "firewall_driver" from group "DEFAULT" is deprecated for removal (
nova-network is deprecated, as are any related configuration options.
). Its value may be silently ignored in the future.
This log will generate 1 Fluentd event for each line (in previous
example 3 events).
This is really a wrong behaviour and made Kibana interface not friendly.
This patch uses a multiline parser.
Change-Id: Iee337645d1dc42876ec79be08ee3715f11a53d87
Closes-Bug: #1711399
Actually a unique 'tail' source is used for all logs files in
kolla/*/*.log.
So log files from services like: chrony, elasticsearch, etcd, grafana,
influxdb, kibana, mongodb... are actually processed by our Fluentd
config, but should not cause all following config will failed to parse
them. It just uses CPU for nothing cause they will
never match the following filters:
* record_transformer => add Hostname, Logger, programname field
* rewrite_tag_filter => rewrite 'programname' TAG if needed
Hence these filters should only be applied to Openstack services logs to
avoid CPU usage.
Furthermore WGI and Apache logs files must be treated differently.
Change-Id: I425979160291e1123e3775e39243bca06ed22c2f
Closes-Bug: #1711390
Logrotate configuration is missing for ironic-inspector. Prior to [1],
ironic-inspector logs were stored in
kolla_logs/ironic/ironic-inspector.log. After [1], the logs
are stored in kolla_logs/ironic-inspector/ironic-inspector.log
but the logrotate config was not updated.
[1]
07453f3460
Change-Id: I7e78faea361cd67069c1a96aaf0a2ffffc0e8666
Closes-Bug: #1701578
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
It should be removed during Heka cleanup made in the following review:
https://review.openstack.org/#/c/384122/
Change-Id: I4cb808e4f607f582bd143ca9c6e355ec44d1b961
Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-implements: bp add-zun-ansible-role
Haproxy binds the elasticsearch service to kolla_internal_vip_address but
the output templates for fluentd (td-agent) point to a non-existent
kolla_external_vip_address.
Output should also be able to be sent to an external elasticsearch
instance (as per the documentation regarding overriding
elasticsearch_address)
Change these settings so that fluentd outputs to either
the default elasticsearch_address (i.e. kolla_internal_vip_address) or to
the external elasticsearch instance.
Closes-Bug: #1673990
Change-Id: I081533ae8ea9aad186e9c44e1dee069729931453
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
Implement ansible role to deploy designate
and dependencies. The backend used is bind9.
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>
Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>
Depends-On: 6d0dc3e0f931c7c50b64a4659900cc50b0d860a2
Implements: blueprint ansible-designate
Change-Id: I34d8126e0cd8d71d5ced9b62f3776cc354fbb549
