- This change adds support for building and deploying
a bifrost container for baremetal provisioning.
- This change documents how to manually deploy and bootstrap
the bifrost container.
Implements: blueprint bifrost-support
Change-Id: I7d895839b11cbf916be33225875465c3358b5aa4
* Inspected each error and fixed / added nosec where appropriate.
* build-swift-ring.py which was throwing sec errors is no longer used so
removed it.
* Removed the dev/ directory from being checked.
Closes-Bug: #1617713
Change-Id: I25664cabca4137e5c9f499c1af3f5ce78b86fb56
This adds the docker aspects of fernet key bootstrapping as well as
distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
The Ansible component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: Id610e00e8c63c7f1bc0974c0aa1b3f44c18e1019
Partially-Implements: blueprint keystone-fernet-token
Partially-Implements: blueprint third-party-plugin-support
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
a round-robbin style. This ensures that any node failures will not
stop the keys from rotating. This is configured by a desired token
expiration time which then determines the cron scheduling for each
node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
starts it will run sanity checks to ensure that its fernet tokens
are not stale. If they are it will rsync with other nodes to ensure
its tokens are up to date.
The Docker component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
1、As mentioned in [1], we should avoid using six.iteritems/keys
achieve iterators. We can use dict.items/keys instead, as it
will return iterators in PY3 as well. And dict.items/keys will
more readable.
2、In py2, the performance about list should be negligible,
see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/
2015-June/066391.html
TrivialFix.
Change-Id: I0cbe8af3210233a58d25f0df187c3d085405aa2a
Added a condition to skip debug message during image build, when the
base image is dependent on image of other service
Closes-Bug: #1513904.
Change-Id: I68d568981cebf442b34c958e125b0f921b883247
- Adds debian_package_install method to the jinja environment
that will return the necessary set of commands needed to
install packages via apt-get and/or URLs to .deb packages
- Updates install_packages macro to make use of the method
above
Change-Id: Ie9318a7def54b5034ba91375fd8fd3b589d18349
Partially-implements: blueprint third-party-plugin-support
Github is just a mirror of the OpenStack git-repo.
Changed from Github to OpenStack git url wherever possible.
Change-Id: I7941ef86967de4efe7f23ff9fb11ec86c793901e
Networking-SFC is a neutron big-tent project
Kolla does not have Networking-SFC agent support for now. This
is essential for Service Function Chaining use case. Build Networking-SFC
Container.
Change-Id: I67b4d6e061dbe31e2211cd3210726ab4c30cd087
Partially-Implements: blueprint enable-networking-sfc-support
As we known, Exceptions are raised by the sys.exit() function. When they
are not handled, no stack traceback is printed in the Python interpreter.
In this patch we have known main() got return values(eg:0, 1), but
it can't specifies exit status when terminate the main thread by
unusing sys.exit(). So when using sys.exit(main()) instead of main()
may be more readable and reasonable.
TrivialFix.
Change-Id: I184289d28b92a7e345907247c045535a0c42c974
The dict.values()[0] will raise a TypeError in PY3
as dict.values() doesn't return a list any more in PY3
but a view of list.
TrivialFix.
Change-Id: I01297bb68e45db4d15800d2d42e08560da7346bd
Watcher is part of the OpenStack big-tent and is formally
known as "OpenStack Infrastructure Optimization service".
Whilst it provides a range of default goals and strategies,
the most relevant case is to enable re-balancing of the
compute hosts by taking CPU usage (data from Ceilometer)
into account and live migrating instances as required.
Currently this only builds the Docker images for type source
but binary builds are gracefully ignored.
The ansible configurations will be part of a later commit.
Change-Id: I9bb81ee625d9fcf6513e44e2ed20384e34da2adc
Partial-bug: #1598929
Partially-implements: bp watcher
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
It's sorta required to actually build the image
list (and strucutre) to make any of these commands
do anything.
TrivalFix
Change-Id: Ib601bd4d2cc84af6d35a8623b77f9b512124d2ad
Instead of having the program sys.exit when a docker
client object can not be created (which kills all the threads
and messes up the program and its associated state) have a
exception be raised when this (for whatever reason) fails.
Also refactor so that there is a docker task that the docker
client using tasks can all inherit from.
TrivalFix
Change-Id: Ie81aff10cfe6f2fc5c65d53402200e3928fb460c
To correctly customize lists, we need to specify *_append, *_remove or
*_override variable in customization file.
Change-Id: I18d67ab89089e2696399ff1b99c1047a2f554442
Partially-implements: blueprint third-party-plugin-support
Instead of using the same logger for all the things
which makes it incredibly hard to figure out what the images
and there builds are doing; instead have it so that each
image gets its own logger which is then used by tasks that
process that image.
Each images logs now will (optionally) go to a logs directory
that can be more easily read and looked over and leaves
the main logger for informational/task kind of
output only.
Closes-Bug: #1586478
Change-Id: I939e073a2bc5ed8b5a1e969888fc743d80f468c9
Instead of trying to use a signal handler to stop
when ctrl-c is triggered use technique that cooperates
better with the threads that are running and lets
them die a happy death vs being forced to die in
unpleasant ways.
Closes-Bug: #1586476
Change-Id: I7fdb6a77a144bdd02276cca07b616bbb0c2f1957
The things in self.images are images, not items so
reflect these to use the shared 'image' name vs
having a one-off that uses 'item'.
TrivalFix
Change-Id: I781514d3e116de32b4fe61a7f55455282680fec1
