This patch adds the ansible role to deploy the prometheus service which
can be used to collect performance metrics accross the environment
Partially-Implements: blueprint prometheus
Change-Id: I908b9c9dad63ab5c9b80be1e3a80a4fc8191cb9e
This patch allows configuration of the Infoblox
pluggable IPAM driver in neutron [0].
When 'infoblox' is chosen as the driver, an Infoblox
IPAM agent can be started as well. The agent
allows for enhanced DNS capabilities by listening
for neutron and nova notifications.
[0] https://github.com/openstack/networking-infoblox/blob/master/README.rst
Change-Id: I4f863750a7806a7b6eaf13900d44e5f063afe3de
Depends-On: Ia44f0e0d7a0d60cebf0857ad51700e02eba5099b
Partially-Implements: blueprint neutron-ipam-driver-infoblox
This patchset implements yamllint test to all *.yml
files.
Also fixes syntax errors to make jobs to pass.
Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
Add ansible role to deploy blazar
Add nova filters to allow use of blazar
Change-Id: I6742ddc9a4736f256491dd0cfd31904fa8eb5652
Implements: blueprint blazar-ansible-role
When using XenAPI as the virt driver, we need some XenAPI
specific configure options. This commit is to ensure nova's
configuration can be generated correctly for XenAPI. It
includes the folowing changes:
* Add XenAPI as one of the valid options for nova_compute_virt_type;
* Configure some options when XenAPI is chosen as the virt type.
This commit does NOT include the host and [vnc] configurations which
will be covered by a following commit.
References:
* XenServer (and other XAPI based Xen variants):
https://docs.openstack.org/nova/pike/admin/configuration/hypervisor-xen-api.html
* XenCenter HIMN plugin (adding HIMN network which is used by XenAPI driver to
communicate with XenServer):
https://github.com/citrix-openstack/xencenter-himn-plugin
* nova configuration options:
https://docs.openstack.org/nova/pike/configuration/config.html
Change-Id: Id34d247ab78976627f8e70685f27470b254cd418
blueprint: xenserver-support
As an operator I want to be able to monitor the status
of RabbitMQ by collecting metrics such as queue length,
message rates (globally and per channel), and information
about resource usage on the host, such as memory use,
open file descriptors and the state of the cluster. Whilst
it is possible to gather all of this information using
the OpenStack RabbitMQ user configured by Kolla Ansible,
this user has write access to the OpenStack vhost. This
feature adds a monitoring user which has access to all of
the information described above, but does not have write
access. An example of a service which may use the
monitoring user is the RabbitMQ plugin for the Monasca
Agent. As not all users will configure monitoring, by
default the monitoring user is disabled. To create it,
the user should override the rabbitmq_monitoring_user
variable.
Implements: blueprint add-monitoring-user-for-rabbit
Change-Id: Ie895ddc59dda1c38faab6305163d9bed6710ff9d
Rollout redis container in master/slave configuration
Deploy redis-sentinel and connect to redis cluster
Redis is needed for mistral coordination backend.
Partial-Bug: #1700591
Change-Id: Ic0269d0db10624925e7bcdbf0e33ae87b84a9cf2
Adding the role needed to run the qdrouterd as an infrastructure
component which provides a messaging backend for the
oslo.messaging AMQP 1.0 driver. The qdrouterd will provide direct
messaging capabilities for the RPC messaging pattern in support
of hybrid messaging deployments.
Implements: blueprint qdrouterd-role
Change-Id: I74c654b3c70f61f81c2c7efa87f076a62a4a2dd8
When using the simple_crypto plugin, barbican expects the
[simple_crypto_plugin] kek config value to be a base64-encoded 32 byte
value. However, kolla-ansible is providing a standard autogenerated
password.
There are two relevant variables in kolla-ansible -
barbican_crypto_password (a standard password) and barbican_crypto_key
(a HMAC-SHA256 key). There is no use of barbican_crypto_key other than
when it is generated. barbican_crypto_password is used to set the
[simple_crypto_plugin] kek config value but causes an error when the
simple_crypto plugin is used as the value is not in the expected format.
Using barbican_crypto_key instead resolves the error. Clearly there is a
naming issue here and we should be using barbican_crypto_key instead of
barbican_crypto_password.
This change removes the barbican_crypto_password variable and uses
barbican_crypto_key instead.
Change-Id: I63e2b381c260265e5901ee88ca0a649d96952bda
Closes-Bug: #1699014
Related-Bug: #1683216
Co-Authored-By: Stig Telfer <stig@stackhpc.com>
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-implements: bp add-zun-ansible-role
Booting from volume require cinder's ceph client secret now. Move cinder
before nova in site.yml, because nova depends on cinder ceph client key
now.
Change-Id: I01c9ed80843d98305b8963894c4917c21a35d3ac
Closes-Bug: #1670676
Implement ansible role to deploy designate
and dependencies. The backend used is bind9.
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>
Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>
Depends-On: 6d0dc3e0f931c7c50b64a4659900cc50b0d860a2
Implements: blueprint ansible-designate
Change-Id: I34d8126e0cd8d71d5ced9b62f3776cc354fbb549
Searchlight is an Openstack search and index service, this patch
implements the ansible role for searchlight.
Implement blueprint: support-searchlight-deployment
Change-Id: Ibf42d5b259a6740d6596041f896e1009657b7388
Added ansible role to deploy grafana
Added host group for grafana deployment
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>
Change-Id: I3dec4e8586b6f65fa7de66a48506d1c79de2fe1e
Partially-Implements: Blueprint performance-monitoring
Database-backed sessions are scalable (using an appropriate database
strategy), persistent, and can be made high-concurrency and
highly-available [0]
Default is off.
[0] http://docs.openstack.org/developer/horizon/topics/deployment.html#database
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Closes-Bug: 1618781
Change-Id: Ib68a21397dc020d20e07dcc51d3d0fdc1de102ff
