otherwise, if the jinja2 blocks at the end of the line, it will remove
the last newline character and join two lines into one.
Change-Id: Ie710342fb034e477ff854eba3915dd845bddd257
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
Haproxy keeps restarting due memcached servers
are writen in a single line. adds a empty line
in the for so each server is in its line
Change-Id: I763a23de7f70e9ebe543b935b175e675ec774f9a
Memcached do not support cluster. Then make it work in active-standby
mode. This will be helpful to implement high available when using memcached
as tooz backend.
Change-Id: I13722111d8b8d5b066e9a85d4c8d1679704c8caa
So it turns out that without 'mode http' redirects and rewrites
will not happen, and we're relying on it for multiple things.
Switch neutron to use http-tunnel mode instead which seems to work,
we've had no errors in our setup.
See:
https://www.haproxy.org/download/1.5/doc/configuration.txt
Quoute:
" - tunnel : only the first request and response are processed,
everything else is forwarded with no analysis."
Fixes: bba80acc8b78ab3a34d61b3d0b496551e5a9258e
Change-Id: I0d9abe9731fba1e4deb64932e859f991648bb1ec
Add ansible role to deploy blazar
Add nova filters to allow use of blazar
Change-Id: I6742ddc9a4736f256491dd0cfd31904fa8eb5652
Implements: blueprint blazar-ansible-role
Close-Bug: 1734047
For ODL clustering, one should explicitly points switches to each
of the ODL instances. The openflowplugin logic will figure out
which controller should be the master, and which should be the
slave.
Kolla currently sets the manager to one of the specific ODL over
ptcp and another one through the VIP. The VIP is probably
forwarding the traffic to that same ODL so from ODL's perspective
it's getting two duplicated connection requests from the same OVS
which will cause re-connection problem.
This PS does:
1) Let OVS to connect to the individual IPs of each ODL node in
a ODL cluster instead of only connect to the representative over
VIP. Devstack is doing the same thing[1]. Further more, there is no
need for HAProxy to be frontend for ODL southbound.
2) Delete the unusd ptcp connection option.
[1] https://review.openstack.org/#/c/249484/
Change-Id: Ib57e6fbb5ce64a48be0506904d3c8397ed6f70d9
Signed-off-by: Zhijiang Hu <hu.zhijiang@zte.com.cn>
outward_rabbitmq is determined using enable_outward_rabbitmq
property rather than current haproxy_enable_external_vip
Change-Id: Iee096ab50fd4d9f5f3fe05880d0e0a7842c59d0a
Closes-Bug: 1722854
This change adds enable_fluentd option and enables some other log shippers
to be integrated. When enable_fluentd is "no", syslog server is also disabled.
Then, this change also adds syslog parameters to use a syslog server
prepared by users.
Change-Id: I7c83ef7fe30a6b9ab7385bcee953ad07e96b0a83
Implements: blueprint fluentd-enable-option
Console access for HyperV VMs is now done via Kolla VIP.
The VIP will point to each HyperV compute node IP on which
FreeRDP-WebConnect is installed.
Closes-Bug: #1714249
Change-Id: I3a5d23425996a5c347ff21df3f99c3f63dd35173
This reverts commit 91321ac8ff342ad8276c6874f85b7ad3a823a444.
The reasoning given in this commit is incorrect. Keystone/oslo.cache
uses memcached hosts based on a hashing of the key to determine which
memcached host to check. If you have different configured memcached
servers per keystone deployment you have a mis-configured deployment.
Any RESTapi should be capable of roundrobin load-balancing. I am not
familiar with the Murano case with uploading a package, but this change
also does not address Murano at all.
As far as Horizon goes, that hasn't had a problem with shared backends
since the beginning because we use memcached servers with a shared
secret key [1].
All this change has done is lowered the efficiency of loadbalancing
keystone.
[1] https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/horizon/templates/local_settings.j2#L149
Change-Id: Ic0b550e7c96d67c39153933b527ab3edf7d90f27
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
* remove ceilometer-api and ceilometer-collector service
* use ceilometer-notification to publish message to proper backend
* remove useless ceilometer_database_type and ceilometer_event_type
variables
* sync event_definitions.yaml, event_pipeline.yaml and pipeline.yaml
file with upstream
Change-Id: Ib39053cb5f70bd11ee61d3f26d5b28accecd7190
timeout options are added to glance-api but not for glance_api_external,
it should be added there also.
Change-Id: Idbd3dabbe24a5c71e70154dfde96c5c70eeefc10
Partial-bug: 1675637
Haproxy fails to deploy if outward group is not
in inventory.
This change adds an optional outward setting for
haproxy
Change-Id: I351578582b1057bb48ac69859583a5db13f0bfb8
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]
Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.
This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.
Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.
Based on the original work by bdaca[2]
[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525
Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
This patch introduces the ansible materials to deploy
the skydive service, that can be used to monitor and
troubleshoot networking in an openstack deployment.
Implements: blueprint skydive-service
Co-Authored-By: Nicolas Bouron <nicolas.bouron@gmail.com>
Signed-off-by: Mathieu Rohon <mathieu.rohon@gmail.com>
Change-Id: I53051a1b0c85380416288e17040a398b6efb62c0
Source based routing is necessary for some services where we want the
same clients land to the same servers.
For exanmple, Keystone uses one of many memcached servers - if a client
gets a token from one but then lands on another api server on the next
request, that will bind to another cache and we get failed
authentication.
Other examples are horizon/murano where we upload a package in several
steps. If we don't balance client connections to the same host we will
end up with the package downloaded to one host but unsuccessfully
unpacked/imported on another host.
This option is commonly used in the official OpenStack docs [0]
[0] https://docs.openstack.org/ha-guide/controller-ha-haproxy.html
Co-Authored-By: James McCarthy <james.m.mccarthy@oracle.com>
Change-Id: I56f1e48f6dbe457e776a474222073bbefc48c92a
Change-Id: I13cf03d6a97fb94dd7cb309e99a417ad101dc21a
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-implements: bp add-zun-ansible-role
With this fix operator can tune client/server timeouts of HAProxy
to avoid receiving '504' for lengthy requests by API clients.
Change-Id: I12611b34f99759e6b6527fea3768a971c9fbdd71
Closes-Bug: #1662506
