since we use chrony container to adjust time by default, we no need
to enable ntp service, this ps to disable it.
Change-Id: I2f1fd9269c9f8cfd0c98e0e903ba69de692473a0
In some cases we may want a configuration in which the kolla user's
primary group name is not the same as their username. Doing this
currently breaks the sudoers configuration, since user entries should
reference a user, or a group prefixed with a '%'.
There does not seem to be a good reason to give root privileges to the
entire group (which sometimes may be a shared group), so let's revert to
giving only the user root privileges.
See kayobe CI test [1] in which a different user and group were
configured, leading to permission denied when using kolla ansible.
[1] http://logs.openstack.org/53/581053/2/check/kayobe-overcloud-centos/a70168e
TrivialFix
Change-Id: I677778ebd0de58df0adfa2a8705f161ec5552283
In some environments it may not be desirable to modify the sudoers
configuration. This change makes this part of bootstrap-servers
optional, based on the create_kolla_user_sudoers variable.
Change-Id: I653403bfc5431741807edef57df58e05e679900b
This makes the bootstrap-servers command more idempotent, since without
the append argument set the kolla user will be removed from the docker
group before being added to it again in a later task.
TrivialFix
Change-Id: Iab0f6b5e18a103e9140631ee3ebbbb48c490bc24
In I86bf5e1df3d6568c4f1ca6f4757f08a3dd22754d, creation of the kolla user
was moved to after package installation to ensure the sudo package is
installed when required. This change does not work when python
dependencies are installed in a virtual environment however - when the
virtualenv variable is set.
This change moves the ownership change of the virtualenv to after the
kolla user has been created. It also uses the kolla_user and kolla_group
variables to set the user and group appropriately.
Change-Id: I320e5d611099ad162945a98d5505a79606da0eba
TrivialFix
By default, kolla configure docker to use an insecure connection
with the private registry. If we want to use SSL verification we need
to add an option.
Change-Id: Id1805c9cfeb499da9bb56c70028f14c6f8bb20b6
sudo package is required when we use ubuntu base on centos to deploy.
The following tasks belong to the environment check after
installation of environment-related software packages.
So, move to the post-install module.
Create kolla user
Add public key to kolla user authorized keys
Grant kolla user passwordless sudo
Ensure node_config_directory directory exists for user kolla
Ensure node_config_directory directory exists
Change-Id: I86bf5e1df3d6568c4f1ca6f4757f08a3dd22754d
Closes-Bug: #1777571
Some options can't be add in the daemon.json
The only way to configure daemon is to add option in the service file
Change-Id: I88697951ed6518f62bca30bb52288ad0e487ec03
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
This patchset implements yamllint test to all *.yml
files.
Also fixes syntax errors to make jobs to pass.
Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
Ansible recommends to use apt module instead of apt-get.
This patch fixes install.yml and pre-install.yml accordingly.
Change-Id: I3241ce332e7cf522786e78280643440a30a23875
Closes-Bug: #1747436
1.Fix the invalid value about selinux policy
2.Update description of task about selinux.The permissive mode
need enable selinux.The parameter named "disable_selinux" is not good.
In order to customize selinux modes, we need a new
parameter named "selinux_state".
Closes-Bug: #1749046
Change-Id: I20c084cf2e46cc0de149afbd34c6dcb77a1051f4
Installing python packages directly to the system site-packages can
cause various problems, in particular when pip overwrites a system
package. Python virtualenvs are one solution to this issue, as they
allow python packages to be installed in an isolated environment.
This change adds support to the baremetal role for installing python
dependencies in a virtualenv. Typically we will need to enable use of
system site-packages from within this virtualenv, to support the use of
modules such as yum, apt, and selinux, which are not available on PyPI.
The path to the virtualenv is configured via the 'virtualenv' variable,
and access to site-packages is controlled via
'virtualenv_site_packages'.
When executing other kolla-ansible commands, the variable
'ansible_python_interpreter' should be set to the python interpreter
installed in 'virtualenv'. Note that this variable cannot be templated.
Change-Id: I0741923065246f9c5b168059fcd66504f2753c41
Related-Bug: #1731026
Control the disk space used for Docker images, containers and
volumes is important for us.We need add configuration of
docker daemon to control the disk spaces used for docker images,
containers and volumes.
Change-Id: I3cf99f4e3f62c8406d37201b1cc24a83c68e3b27
Signed-off-by: pengdake <19921207pq@gmail.com>
Enable docker-ce on AArch64 platform in Debian.
Set the docker daemon name according to the existing of "dockerd" binary.
Closes-Bug: #1734255
Co-authored-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: Ie0b3bac72b408dccf3fb99912b4fe2d4788705e5
Signed-off-by: Tone.Zhang <tone.zhang@arm.com>
This patch includes three unrelated fixes.
Make qemu use nova user in centos
Libvirt 3.2.0 (latest version in centos) seems to
have changed behavior of dynamic_ownership.
Pin ansible to <2.4 to make ara work in gates
ARA does not work yet with ansible 2.4, this change
pins to lower version to make gates work.
Revert once ara works with 2.4
Disable selinux for oraclelinux and centos.
Co-Authored-By: wanghongxu <wang19930902@gmail.com>
Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Iac8bec19437192cd198d58f71c6ed0a65a76f820
Closes-bug: #1718541
Baremetal roles does not keep common sytax used
in rest of the roles, even it baremetal role some
tasks differs in syntax with each others.
Change-Id: Ib04fe123501e2a3e829176953f20719a253999d3
The pypi package 'docker-py' [1] has been renamed to 'docker' [2].
It is better to move to the new 'docker' package because the old
package will be deprecated and all the new features will go into
the new package only.
Package 'docker' has been added to requirements [3]. The old
package 'docker-py' is still allowed to be in the global requirements
during the transition period but it should be removed after all or
most of the projects finsih the migration.
[1] https://pypi.python.org/pypi/docker-py
[2] https://pypi.python.org/pypi/docker
[3] https://review.openstack.org/#/c/423715/
Change-Id: Ibcd5a57a1fbf55dcc5a690e41f20917f95b63da0
The bootstrapping process should remove the open-iscsi package.
Otherwise the iscsid startup will failed.
Change-Id: I0c31c84f4486bd44c467fbaf7a26563e4dbc5ccf
Removed code try to install Wily(15.10) kernel in case of Ubuntu
Trusty(14.04).
Last Openstack version supported on Ubuntu 14.04 is Mitaka.
Hence Ubuntu 14.04 related code can be safely remove from Ansible tasks
since Kolla Newton release.
Co-Authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
Change-Id: Ieca7975a69fb0ba8b49cc522f05e4beca1c2f526
When you add new nodes to existing cluster, docker will restart
all anyway and that will break a lot, including mariadb.
Change-Id: Ie46f99a141f99480a87218ead4b76ba65f2edae9
Closes-Bug: #1699335
When bootstrapping a host for kolla-ansible the 'kolla-ansible
bootstrap-servers' command can fail if for any of the hosts the
'api_interface' is invalid. This happen if the host does not have a
network interface matching 'api_interface'. This is possible on
a host running bifrost, as bifrost does not require the api_interface
variable to be set.
This change avoids adding a hosts entry for hosts in the bifrost group
that do not have a valid api_interface. It also avoids modifying the
hosts file on hosts in the bifrost group that do not have a valid
api_interface.
Change-Id: Ie111ef54130adf2556ce83c402cdbb5058ace4f6
Closes-bug: #1665364
This patches changes deploy_gate quite a bit so in reality all
deployments will now assume multinode (even if it's single node). After
that we will refactor it even further to enable easy addition of new
scenerios.
Change-Id: I1faada46e6a7aa026128b2f01d77eabb04759439
While is not an issue, just an style format,
etc/hosts generated by baremetal role have
some tabs where it shouldn't.
Change-Id: I90d82ea78b3dac7e8ec3f8cc546b67cc61c41536
Closes-Bug: #1692913
On RedHat libvirt is just a metapackage and it does
nothing with libvirt daemon itself if we remove it.
On Ubuntu the correct package name with libvirt daemon
is libvirt-bin.
Closes-Bug: #1690356
Change-Id: Ief8dfd8c038b10878621aefcc8f559aa20dc498b
Signed-off-by: Pavel Glushchak <pglushchak@virtuozzo.com>
Considering the safety, 644 is enough
other user is not necessary to having write permission.
adding 'su' in where needs writing permissions is a good practice
this operation is safer.
Change-Id: I45d0c6e5ef7338f93db21cf4ef58b4a4fd831210
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
I've seen issues with API versioning between docker 1.11 and docker-py
in containers. 1.12 seems fine. We should also pin docker-py version in
kolla-toolbox image.
Change-Id: I07d5f573176b79a3775dcab2748f428c114bd985
