309 Commits

Author SHA1 Message Date
Zuul
1151e5802b Merge "Fix the deploy guide build failed" 2019-06-07 13:16:10 +00:00
Carlos Goncalves
f427920daf Remove Neutron LBaaS support
The project has been retired and there will be no Train release [1].
This patch removes Neutron LBaaS support in Kolla.

[1] https://review.opendev.org/#/c/658494/

Change-Id: Ic0d3da02b9556a34d8c27ca21a1ebb3af1f5d34c
2019-06-07 13:50:19 +01:00
Zuul
629edf0a1c Merge "Fix the document of external ceph for gnocchi" 2019-06-07 09:08:14 +00:00
Zuul
069bdd0415 Merge "Fix docs - simply run the script instead of sourcing it" 2019-06-07 08:53:44 +00:00
Zuul
68a81d48ec Merge "Fix docs - do not mention the old, deprecated CLI clients" 2019-06-07 08:53:42 +00:00
Zuul
7d8569354e Merge "Update contributor guide" 2019-06-07 08:53:35 +00:00
Zuul
ff2b2f44ba Merge "Fix keystone fernet key rotation scheduling" 2019-06-06 16:33:03 +00:00
Radosław Piliszek
a4d7378009 Fix docs - do not mention the old, deprecated CLI clients
Change-Id: If4c78c5ccefc6ff987b70509379dd91588eeea70
Signed-off-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
2019-06-06 11:54:08 +02:00
Radosław Piliszek
824378b8e2 Fix docs - simply run the script instead of sourcing it
Script looks like it is meant to be run and docs mention
running it rather than sourcing, yet the examples sourced it.

Change-Id: Ib4492ae01bee11b562022099cee8b06b4e3ee3c1
Signed-off-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
2019-06-06 11:38:17 +02:00
Mark Goddard
68796d79fa Update contributor guide
... or "what I wish existed when I first became PTL"

Some general improvements to the contributor guide, plus new sections
for PTL duties and release management.

Change-Id: If2f3b7c18de2e6c8d9bac131a16c28c2eeb348f2
2019-06-06 08:59:22 +00:00
Gaetan Trellu
557193a7ec Improve Qinling documentation
- Remove trusted_cidrs that has just been removed from
Qinling code.
- Remove use_api_certificate because it's true by default
- Improve list syntax
- Add etcd section

Change-Id: I0426a9d61fbeaa23a1affbc7e981a78283e88263
2019-06-05 07:56:57 -04:00
chenxing
a02de6732e Fix the deploy guide build failed
Depends-On: https://review.opendev.org/662209
Co-authored-by: Stephen Finucane <stephenfin@redhat.com>
Closes-Bug: #1830586
Change-Id: I48d3f4c5f7c04b1ab41b3bad2a6c19e1e9a218fd
2019-06-04 17:06:31 +08:00
Zuul
2208b0214e Merge "Adds Qinling Ansible role" 2019-06-03 20:29:41 +00:00
Zuul
3d1b53f301 Merge "Make kolla-ansible support extra volumes" 2019-06-03 18:51:24 +00:00
Gaetan Trellu
edb3489820 Adds Qinling Ansible role
Qinling is an OpenStack project to provide "Function as a Service".
This project aims to provide a platform to support serverless functions.

Change-Id: I239a0130f8c8b061b531dab530d65172b0914d7c
Implements: blueprint ansible-qinling-support
Story: 2005760
Task: 33468
2019-05-31 10:25:28 -04:00
ZijianGuo
e87eb9e788 Fix the document of external ceph for gnocchi
Change-Id: I75955012a839e52281e9a409eeab4a2c8d778cd2
Signed-off-by: ZijianGuo <guozijn@gmail.com>
2019-05-30 21:42:26 +08:00
Mark Goddard
0b27baf3ce Fix quickstart for virtual environments
The etc_examples and inventory should be copied from the virtual
environment rather than the system.

Change-Id: I3ac1e057971b7481a0bce2a15351031e51bf97d6
Closes-Bug: #1829435
2019-05-21 10:29:24 +01:00
Mark Goddard
6c1442c385 Fix keystone fernet key rotation scheduling
Right now every controller rotates fernet keys. This is nice because
should any controller die, we know the remaining ones will rotate the
keys. However, we are currently over-rotating the keys.

When we over rotate keys, we get logs like this:

 This is not a recognized Fernet token <token> TokenNotFound

Most clients can recover and get a new token, but some clients (like
Nova passing tokens to other services) can't do that because it doesn't
have the password to regenerate a new token.

With three controllers, in crontab in keystone-fernet we see the once a day
correctly staggered across the three controllers:

ssh ctrl1 sudo cat /etc/kolla/keystone-fernet/crontab
0 0 * * * /usr/bin/fernet-rotate.sh
ssh ctrl2 sudo cat /etc/kolla/keystone-fernet/crontab
0 8 * * * /usr/bin/fernet-rotate.sh
ssh ctrl3 sudo cat /etc/kolla/keystone-fernet/crontab
0 16 * * * /usr/bin/fernet-rotate.sh

Currently with three controllers we have this keystone config:

[token]
expiration = 86400 (although, keystone default is one hour)
allow_expired_window = 172800 (this is the keystone default)

[fernet_tokens]
max_active_keys = 4

Currently, kolla-ansible configures key rotation according to the following:

   rotation_interval = token_expiration / num_hosts

This means we rotate keys more quickly the more hosts we have, which doesn't
make much sense.

Keystone docs state:

   max_active_keys =
     ((token_expiration + allow_expired_window) / rotation_interval) + 2

For details see:
https://docs.openstack.org/keystone/stein/admin/fernet-token-faq.html

Rotation is based on pushing out a staging key, so should any server
start using that key, other servers will consider that valid. Then each
server in turn starts using the staging key, each in term demoting the
existing primary key to a secondary key. Eventually you prune the
secondary keys when there is no token in the wild that would need to be
decrypted using that key. So this all makes sense.

This change adds new variables for fernet_token_allow_expired_window and
fernet_key_rotation_interval, so that we can correctly calculate the
correct number of active keys. We now set the default rotation interval
so as to minimise the number of active keys to 3 - one primary, one
secondary, one buffer.

This change also fixes the fernet cron job generator, which was broken
in the following cases:

* requesting an interval of more than 1 day resulted in no jobs
* requesting an interval of more than 60 minutes, unless an exact
  multiple of 60 minutes, resulted in no jobs

It should now be possible to request any interval up to a week divided
by the number of hosts.

Change-Id: I10c82dc5f83653beb60ddb86d558c5602153341a
Closes-Bug: #1809469
2019-05-17 14:05:48 +01:00
binhong.hua
12ff28a693 Make kolla-ansible support extra volumes
When integrating 3rd party component into openstack with kolla-ansible,
maybe have to mount some extra volumes to container.

Change-Id: I69108209320edad4c4ffa37dabadff62d7340939
Implements: blueprint support-extra-volumes
2019-05-17 11:55:04 +08:00
chenxing
fffb6678f1 Tiny fix of quickstart guide
Remove some unexpected indents.

Change-Id: I50b8239ab7270814ffc8be9affb3bd28ce1f855b
2019-05-14 17:23:41 +08:00
ZhongShengping
41f3a817ac Move to opendev
1.Use opendev.org instead of git.openstack.org.
2.Use review.opendev.org instead of review.openstack.org.

You can see the discussion below:
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html

Change-Id: Ice4509204df788a1a44a06fb89fb44cfe6b54b94
2019-04-23 13:28:39 +08:00
Zuul
c6ff5a93b5 Merge "Update Monasca docs to use enable_openstack_core flag" 2019-04-15 12:09:29 +00:00
Mark Goddard
b81a43418b Update quickstart instructions
* Recommend using a virtual environment
* Fix reference to multinode inventory
* Add explicit use of sudo where necessary
* Change ownership of /etc/kolla to current user

These changes should make it possible to copy/paste from the quickstart
to get a working deployment.

Change-Id: Ib3990f9e16eaa1e19a4ad5bfea5bdb2e4bc1c333
2019-04-09 19:12:52 +01:00
Doug Szumski
c86ab7cf41 Update Monasca docs to use enable_openstack_core flag
The recent addition of this flag make the configuration
of stand-alone Monasca slightly simpler.

Change-Id: Ib4c03926daa3f0f3de0fa4412cd785d87ed5500c
2019-04-08 15:56:01 +00:00
Zuul
e35c32c0d7 Merge "Support separate Swift storage networks" 2019-03-14 16:19:59 +00:00
Scott Solkhon
a781c64319 Support separate Swift storage networks
Adds support to seperate Swift access and replication traffic from other storage traffic.

In a deployment where both Ceph and Swift have been deployed,
this changes adds functionalality to support optional seperation
of storage network traffic. This adds two new network interfaces
'swift_storage_interface' and 'swift_replication_interface' which maintain
backwards compatibility.

The Swift access network interface is configured via 'swift_storage_interface',
which defaults to 'storage_interface'. The Swift replication network
interface is configured via 'swift_replication_interface', which
defaults to 'swift_storage_interface'.

If a separate replication network is used, Kolla Ansible now deploys separate
replication servers for the accounts, containers and objects, that listen on
this network. In this case, these services handle only replication traffic, and
the original account-, container- and object- servers only handle storage
user requests.

Change-Id: Ib39e081574e030126f2d08f51de89641ddb0d42e
2019-03-14 14:00:18 +00:00
Zuul
4b4fc498af Merge "Support customising Fluentd formatting" 2019-03-14 09:26:50 +00:00
Doug Szumski
c8a22f1090 Support customising Fluentd formatting
In some scenarios it may be useful to perform custom formatting of logs
before forwarding them. For example, the JSON formatter plugin can be
used to convert an event to JSON.

Change-Id: I3dd9240c5910a9477456283b392edc9566882dcd
2019-03-08 11:20:33 +00:00
Zuul
4dbbc0e7e0 Merge "Added ability to skip enabled backends pre-check" 2019-03-07 10:33:46 +00:00
Arkadiy Shinkarev
1d9f4f9ff1 Added ability to skip enabled backends pre-check
When using custom storage backends with cinder.conf overrides file,
precheck stage in kolla-ansible is fail. This commit adds option
'skip_cinder_backend_check' (default: False) to cinder role.

Change-Id: Ifee138ad8b281903ea2365441aada044c80c46f0
2019-03-07 10:27:41 +03:00
Mark Goddard
fba5e1ce7d Update links in docs to latest
To avoid links to OpenStack docs getting out of date in our docs, use
the latest version.

Ideally after cutting each stable branch we should change these links to
use the current release.

Co-Authored-By: Isaiah Inuwa
Change-Id: Ia1e3c720f4e688861b8f76874a3943b0f4e50b17
2019-02-28 09:29:46 +00:00
Christian Berendt
3a5ef38f3b Add elasticsearch_datadir_volume
Change-Id: Id8276448c6e779b2b4a0aafee45d953c4f009fc1
2019-02-25 19:30:33 +01:00
Zuul
23c439db0a Merge "Automate Monasca documentation for configuring Kafka" 2019-02-18 13:31:52 +00:00
Doug Szumski
ecf0009608 Automate Monasca documentation for configuring Kafka
Until the Monasca Kafka client fork is removed it is currently required
to run Kafka in compatibility mode. It is also necessary to disable
an optimisation in the Kafka brokers to clean up idle connections. This
is because the optimisation was added after the Monasca Kafka client was
forked, and the client hasn't been updated since. These settings are now
applied automatically when Monasca is enabled.

Change-Id: I6935f1fb29f4f731cf3c9a70a0adf4d5812ca55e
2019-02-14 18:10:52 +00:00
Pedro Alvarez
6c6759e9a0 Fix link to Manila Guide
Change-Id: I3defe0c38f41d7335e1cbafb75523c3cd44323ee
2019-02-14 13:50:23 +00:00
caowei
cce2c53ebb Option "scheduler_default_filters" from group "DEFAULT" is deprecated.
Use option "enabled_filters" from group "filter_scheduler".

Change-Id: I042f0b011c060f9dbc645dbdbb60068cb41c0cc8
2019-02-07 10:20:23 +00:00
Scott Solkhon
9dbd300786 updating Designate docs with Infoblox configuration
Change-Id: I12af64725c0beec2ece0367c3773230c57908254
2019-02-01 13:08:50 +00:00
Zuul
45ee749a6a Merge "Link kolla_log volume dir to /var/log/kolla" 2019-01-28 10:40:59 +00:00
binhong.hua
93e5e8e631 Link kolla_log volume dir to /var/log/kolla
The path /var/lib/docker/volumes/kolla_logs/_data/ is too long
shorter log path will help to debug from log.
The volume path is compatible with docker-engine and docker-ce.

Change-Id: I9195d5f24d938f5060fe748aac3ae58c79ec5abf
2019-01-24 11:02:48 +08:00
binhong.hua
3d3f5f1613 add ulimit support for kolla_docker
By default, docker containers inherit ulimit from limits of docker
deamon. On CentOS 7, docker daemon default NOFILE is 1048576.
It can found in /usr/lib/systemd/system/docker.service.
The big limit will cause many problem. we should control it in
production environment.

Change-Id: Iab962446a94ef092977728259d9818b86cfa7f68
2019-01-24 10:54:14 +08:00
zhangshj
199133a9cc Correct two wrong words
Change-Id: I89d9f7a90d72e6c5df7dde078ed7407eedd6f92f
2019-01-13 10:27:26 +00:00
Michal Nasiadka
03d27cb8d9 Add ceph docs note about rgw keystone integration.
Change-Id: If87cdb132875c4e2c5dff2cc427e00f7a95927de
2019-01-10 14:59:55 +01:00
tone.zhang
4ff993c45e Doc: Update Kolla Ceph document for mixed Ceph OSD deployment
Since Rocky release Kolla Ceph supports both bluestore and
filestore Ceph OSD. In multinode mode, users can overwrite
“ceph_osd_store_type” in the inventory file and deploy the mixed
Ceph OSD.

Change-Id: I4582861c81fdea5fb67114cf3ac1e48f7812f0d7
Signed-off-by: tone.zhang <tone.zhang@arm.com>
2019-01-08 16:28:07 +08:00
Mark Goddard
91e17b23d4 Add documentation for bootstrap-servers command
Change-Id: I3bd50cb1e7db85acbf8ab20fc7bdd945b5232aaa
2019-01-03 10:29:05 +00:00
Patrick O'Neill
f77cc87e81 Add support for Quobyte backend to Cinder and Nova
Add an enable_cinder_backend_quobyte option to etc/kolla/globals.yml to
enable use the Quobyte Cinder backend.
Change the bind mounts for /var/lib/nova/mnt to include the shared
propogation if Quobyte is enabled.
Update the documentation to include a section on configuring the Cinder.

Implements: blueprint cinder-quobyte-backend

Change-Id: I364939407ad244fe81cea40f880effdbcaa8a20d
2018-12-17 11:58:56 +00:00
Zuul
3f817d8adb Merge "Add note to external ceph docs for pools/keyrings" 2018-12-02 09:25:46 +00:00
Zuul
568fd4dcfd Merge "Use correct variable for default certificate paths" 2018-12-02 09:25:42 +00:00
João Feteira
f8f9748120 Option neutron_plugin_agent: "opendaylight" added
Added the missing option neutron_plugin_agent: "opendaylight" added to
the opendaylight documentation page. Without it the deployment would
not use the neutron_plugin_agent but the default one: openvswitch .

Change-Id: I56a377e1faab9a50f36383ea59b45bf5a9155bcf
2018-11-30 14:38:42 +00:00
Paul Bourke
a47f701035 Add note to external ceph docs for pools/keyrings
When using external Ceph the operator must create pools for each service
and configure keyrings with appropriate permissions. The official Ceph
docs describe this in detail so let operators know this.

Change-Id: Ic3e52e1fbbf09ec09ac21b5b3067092b195812f1
2018-11-30 09:41:17 +00:00
Asharam Meena
33ee196118 Update the reference of External MariaDB
Closes-Bug: #1804850
Change-Id: Icb7edbac5df316af68972cafa448a261c26747b0
2018-11-28 15:49:42 +00:00