Fixes a bug where the Baremetal Introspection service's public endpoint
registered in the Identity service referenced the internal API endpoint.
Also updates keystone endpoints for the Baremetal and Baremetal
Introspection services during reconfigure and upgrade operations.
Previously this was only done during deploy.
Change-Id: I32d475f288bb4a3834c13cc86f0c53b5437c3d25
Closes-Bug: #1738418
Using Docker volumes for persistent data in the bifrost container is
necessary for upgrading the bifrost services.
This change adds the following volumes:
* bifrost_httpboot
* bifrost_ironic
* bifrost_mariadb
* bifrost_rabbitmq
* bifrost_tftpboot
Ironic creates hardlinks between the TFTP master image store and the
HTTP root path when iPXE is enabled. With different Docker volumes
used for these locations we run into
https://bugs.launchpad.net/ironic/+bug/1507894 during deployment. If
we use a directory under /httpboot to store the master images this
issue is avoided.
Change-Id: I8653268d3598e7a59d2eb45c8750d45b6fc9e35f
Partially-implements: blueprint bifrost-upgrade
Using a kolla_logs volume ensures that logs are persistent beyond the
lifespan of the bifrost_deploy container. This is necessary to support
upgrading the bifrost services. It also opens the possibility of log
forwarding, although we do not currently deploy a fluentd container on
the bifrost host.
Change-Id: If3118cd75ccc87b0d003d5f382695aeaa43ed0f8
Partially-implements: blueprint bifrost-upgrade
Kolla-ansible typically configures services to access the internal API
endpoint of other services, rather than the default public endpoint.
This change ensures that this is the case for ironic inspector.
Change-Id: I998f12435fc1bd306444f9a68bd7f99f5b78f6f8
Closes-Bug: #1740591
ceph-mgr service is mandatory in ceph luminous
Depends-On: I875f84012a92d4f8b9dcb212d917cf61167270b8
Change-Id: I9418bf40a4bc3dcfc07c8b2eae17cb5779f5b444
Implements: blueprint ceph-luminous
Added ``horizon_keystone_domain_choices`` hash. It can be used to set the
available domains to choose from on the horizon login page. This feature
was introduced in pike release.
Change-Id: Ia7d2bc45e518848a04ce78e7833e1cf9a0ef21ce
This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends
This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note
Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185
This patch introduces inner-compute and external-compute nodes
group to distinguish compute nodes which do not have external
reachability from compute nodes which can reach outside.
Co-Authored-By: jinke <jin.ke@99cloud.net>
Co-Authored-By: yong sheng gong <gong.yongsheng@99cloud.net>
Change-Id: I45b945f7885e8243b017cf8607cbd7f9827cb6e9
Closes-bug: #1722026
The service listening port of MDNS can be override by dns_interface.
If so, the pool conf use the wrong IP for join mdns service.
Change-Id: I8a3678955ecf5f769da7090fe5dad68e027c102b
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.
Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.
This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html
.
Change-Id: I72537ef7a9c56221fb13d11b4fc5aef9c7446601
1- Expand and migrate database in first keystone node
2- Upgrade all nodes sequentially along with updation of each node's
configuration file with latest release version
3- Last keystone node, contract database
With this patch, there is small downtime when all containers are
restarted. It will be fixed in other patch.
[1] http://docs.openstack.org/developer/keystone/upgrading.html#upgrading-without-downtime
Co-Authored-By: Surya Prakash Singh <surya.singh@nectechnologies.in>
Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>
Co-Authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
Partially-Implements: blueprint ks-rolling-upgrade-role
Change-Id: I2159af567c40848840ff5e483e7d1f6de760b435
As an operator I want to be able to monitor the status
of RabbitMQ by collecting metrics such as queue length,
message rates (globally and per channel), and information
about resource usage on the host, such as memory use,
open file descriptors and the state of the cluster. Whilst
it is possible to gather all of this information using
the OpenStack RabbitMQ user configured by Kolla Ansible,
this user has write access to the OpenStack vhost. This
feature adds a monitoring user which has access to all of
the information described above, but does not have write
access. An example of a service which may use the
monitoring user is the RabbitMQ plugin for the Monasca
Agent. As not all users will configure monitoring, by
default the monitoring user is disabled. To create it,
the user should override the rabbitmq_monitoring_user
variable.
Implements: blueprint add-monitoring-user-for-rabbit
Change-Id: Ie895ddc59dda1c38faab6305163d9bed6710ff9d
Add become to only neccesary tasks in roles:
- glance
- heat
- horizon
- keystone
- neutron
- nova
- openvswitch
Gate is also updated to use 'become' feature
Change-Id: I2f3f27306e9f384148e1ad4d54d8da2ebef34d00
Partial-Implements: blueprint ansible-specific-task-become
This allows for skipping tasks which match the provided tags, using
the ansible-playbook argument of the same name.
This can be useful in combination with --tags, to skip reconfiguration
of the common tasks:
kolla-ansible reconfigure --tags nova --skip-tags common
Change-Id: I766552f7ae4099da3d174759f4a609ffe8b4d89f
For a deployment behind a firewall/proxy server some additional
environment settings should be passed along, for containers
such as magnum
This commit adds three new properties;
container_http_proxy
container_https_proxy
container_no_proxy
In particular, the user will want to set container_http_proxy
and container_https_proxy properties with the proxy server
details.
Closes-Bug: #1628335
Change-Id: I0950a0467b4b68c38b13875eaf9cd433e64363cf
Added horizon_keystone_multidomain flag. It can be now overriden
in globals.yml. Default set to False.
Change-Id: I6f8f261cf4b9779e57c2443ac219cdddb1731f52
Add config_owner_user and config_owner_group to group_vars/all,
which is user and group of Kolla configuration files in /etc/kolla.
Add become to post-deploy playbook.
Add become to only neccesary tasks in roles:
- certificate
- common
- destroy
- haproxy
- mariadb
- memcached
- rabbitmq
Change-Id: I2aba745a6e3928c52642f64551470fd08cbfd058
Partial-Implements: blueprint ansible-specific-task-become
kolla designate DNSaaS makes use of containerised bind9 servers
as it's default designate_backend. These can be disabled by
setting designate_backend to "no". default: "bind9"
This commit adds two new properties:
1) designate_backend_external
which can be enabled by setting it to 'bind9'. default: "no"
and
2) designate_backend_external_bind9_nameservers, which can
accept a csv list of all the external server addresses.
(default: "")
The following attributes should either be set:
'internal' (the default)
designate_backend: "bind9"
designate_backend_external: "no"
(designate_backend_external_bind9_nameservers is ignored)
or
'external'
designate_backend: "no"
designate_backend_external: "bind9"
(designate_backend_external_bind9_nameservers must be populated)
Configuration override files to align with external bind9
dns servers must be supplied manually,
/etc/kolla/config/designate/rndc.key
/etc/kolla/config/designate/rndc.conf
Change-Id: I8dbe6fd4fe7820b9143604d89e8399b07e07c3fd
