If user enables TLS it also is necessary to create
a certificate. This precheck ensures the certificate
file exists before starting deployment.
Change-Id: I772d52e228ed012b9f8ccb5b616f9b188d3d340c
Closes-Bug: #1765677
This patch adds the ansible role to deploy the prometheus service which
can be used to collect performance metrics accross the environment
Partially-Implements: blueprint prometheus
Change-Id: I908b9c9dad63ab5c9b80be1e3a80a4fc8191cb9e
If SSL is enabled, api of multiple services returns
wrong external URL without https prefix.
Removal of condition for deletion of http header.
Change-Id: I4264e04d0d6b9a3e11ef7dd7add6c5e166cf9fb4
Closes-Bug: #1749155
Closes-Bug: #1717491
This change allows access to InfluxDB via HAProxy on the internal
network.
If HA is required the Enterprise version of InfluxDB will need to
be installed. This could be implemented by customising the InfluxDB
Docker file.
There are other alternatives to HA, such as the InfluxDB Relay [1].
Support for this is considered to be outside of the scope of this
bugfix.
[1] https://docs.openstack.org/developer/performance-docs/
methodologies/monitoring/influxha.html
Closes-Bug: #1751283
Change-Id: I4624efbd99c0cddd1361f2438866ad3a82e5557b
This commit provides operators with the ability to specify additional
options per HTTP or TCP listener stanza.
Change-Id: I66cc5372f2a686213b6748a8260cfe84f789ad8e
Implements: blueprint haproxy-listener-extra-options
timeout tunnel is use for WebSocket and CONNECT protocol. Need use a
larger number for it. Otherwise, novnc will be auto disconnected if no
action happend in a short time on browser.
Change-Id: If37623e8fda5260ab0b38d2203f5266777dba063
Closes-Bug: #1759774
Clients usually have sophisticated logic for handling
key redistribution on node failure; so going under the
covers and messing with that is bad (because then the
clients and their sophisticated logic is unaware of
what is going on).
Change-Id: Ica12240440d28f930b917d5d6202f4f9e6675b2a
This patchset implements yamllint test to all *.yml
files.
Also fixes syntax errors to make jobs to pass.
Change-Id: I3186adf9835b4d0cada272d156b17d1bc9c2b799
In some data centers multicast traffic is prohibited. Additionally
VRRP id needs to be unique within broadcast domain when keepalived
operates in multicast mode, otherwise it fails to start.
However keepalived can be configured to use unicast traffic [1].
In unicast mode VRRP id doesn't make sense, but needs to be
the same among peers.
[1] http://manpages.ubuntu.com/manpages/zesty/man5/keepalived.conf.5.html
Change-Id: I692ecbb0aa750baf20c013b53b57f88b474b63cc
Signed-off-by: Pavel Glushchak <pglushchak@virtuozzo.com>
This PS does:
1) Let haproxy to be ODL websocket's frontend and listen on port 8185.
2) Add 10-rest-connector.xml config file template for ODL container.
3) ODL websocket backend listen only on api interface, port is also
8185.
Closes-Bug: #1745323
Change-Id: Id330d610c7cd8a239b0f77c8f5f47422d48b9977
Signed-off-by: Zhijiang Hu <hu.zhijiang@zte.com.cn>
otherwise, if the jinja2 blocks at the end of the line, it will remove
the last newline character and join two lines into one.
Change-Id: Ie710342fb034e477ff854eba3915dd845bddd257
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
Haproxy keeps restarting due memcached servers
are writen in a single line. adds a empty line
in the for so each server is in its line
Change-Id: I763a23de7f70e9ebe543b935b175e675ec774f9a
Memcached do not support cluster. Then make it work in active-standby
mode. This will be helpful to implement high available when using memcached
as tooz backend.
Change-Id: I13722111d8b8d5b066e9a85d4c8d1679704c8caa
So it turns out that without 'mode http' redirects and rewrites
will not happen, and we're relying on it for multiple things.
Switch neutron to use http-tunnel mode instead which seems to work,
we've had no errors in our setup.
See:
https://www.haproxy.org/download/1.5/doc/configuration.txt
Quoute:
" - tunnel : only the first request and response are processed,
everything else is forwarded with no analysis."
Fixes: bba80acc8b78ab3a34d61b3d0b496551e5a9258e
Change-Id: I0d9abe9731fba1e4deb64932e859f991648bb1ec
Add ansible role to deploy blazar
Add nova filters to allow use of blazar
Change-Id: I6742ddc9a4736f256491dd0cfd31904fa8eb5652
Implements: blueprint blazar-ansible-role
In a HAProxy precheck task, the command module is used, and the results
inspected by checking the stdout attribute of the result. However, if
the command fails (non-zero exit code), in some cases there may not be a
stdout attribute in the result object. This causes an AttributeError and
prevents ansible's useful diagnostic output from being displayed.
Change-Id: Id502b5d0b71fe2150a29df43154c925dca96ef06
Trivial Fix
Close-Bug: 1734047
For ODL clustering, one should explicitly points switches to each
of the ODL instances. The openflowplugin logic will figure out
which controller should be the master, and which should be the
slave.
Kolla currently sets the manager to one of the specific ODL over
ptcp and another one through the VIP. The VIP is probably
forwarding the traffic to that same ODL so from ODL's perspective
it's getting two duplicated connection requests from the same OVS
which will cause re-connection problem.
This PS does:
1) Let OVS to connect to the individual IPs of each ODL node in
a ODL cluster instead of only connect to the representative over
VIP. Devstack is doing the same thing[1]. Further more, there is no
need for HAProxy to be frontend for ODL southbound.
2) Delete the unusd ptcp connection option.
[1] https://review.openstack.org/#/c/249484/
Change-Id: Ib57e6fbb5ce64a48be0506904d3c8397ed6f70d9
Signed-off-by: Zhijiang Hu <hu.zhijiang@zte.com.cn>
outward_rabbitmq is determined using enable_outward_rabbitmq
property rather than current haproxy_enable_external_vip
Change-Id: Iee096ab50fd4d9f5f3fe05880d0e0a7842c59d0a
Closes-Bug: 1722854
This change adds enable_fluentd option and enables some other log shippers
to be integrated. When enable_fluentd is "no", syslog server is also disabled.
Then, this change also adds syslog parameters to use a syslog server
prepared by users.
Change-Id: I7c83ef7fe30a6b9ab7385bcee953ad07e96b0a83
Implements: blueprint fluentd-enable-option
Add config_owner_user and config_owner_group to group_vars/all,
which is user and group of Kolla configuration files in /etc/kolla.
Add become to post-deploy playbook.
Add become to only neccesary tasks in roles:
- certificate
- common
- destroy
- haproxy
- mariadb
- memcached
- rabbitmq
Change-Id: I2aba745a6e3928c52642f64551470fd08cbfd058
Partial-Implements: blueprint ansible-specific-task-become
Console access for HyperV VMs is now done via Kolla VIP.
The VIP will point to each HyperV compute node IP on which
FreeRDP-WebConnect is installed.
Closes-Bug: #1714249
Change-Id: I3a5d23425996a5c347ff21df3f99c3f63dd35173
Currently, kolla_keepalived_running may be created and deleted in
parallel which causes prechecks failure. The solution is using
run_once = true.
Closes-Bug: #1714407
Change-Id: I2ec8fc2e867c87175157af8acc11f57313bfaabe
Signed-off-by: Zhijiang Hu <hu.zhijiang@zte.com.cn>
This reverts commit 91321ac8ff342ad8276c6874f85b7ad3a823a444.
The reasoning given in this commit is incorrect. Keystone/oslo.cache
uses memcached hosts based on a hashing of the key to determine which
memcached host to check. If you have different configured memcached
servers per keystone deployment you have a mis-configured deployment.
Any RESTapi should be capable of roundrobin load-balancing. I am not
familiar with the Murano case with uploading a package, but this change
also does not address Murano at all.
As far as Horizon goes, that hasn't had a problem with shared backends
since the beginning because we use memcached servers with a shared
secret key [1].
All this change has done is lowered the efficiency of loadbalancing
keystone.
[1] https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/horizon/templates/local_settings.j2#L149
Change-Id: Ic0b550e7c96d67c39153933b527ab3edf7d90f27
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
* remove ceilometer-api and ceilometer-collector service
* use ceilometer-notification to publish message to proper backend
* remove useless ceilometer_database_type and ceilometer_event_type
variables
* sync event_definitions.yaml, event_pipeline.yaml and pipeline.yaml
file with upstream
Change-Id: Ib39053cb5f70bd11ee61d3f26d5b28accecd7190
