213 Commits

Author SHA1 Message Date
Christian Berendt
8f6bd4e735 Enable CADF events in Keystone and introduce enable_cadf_notifications
Change-Id: I0a40867ae65011fbfd53308b9d7f42d10435f5fa
Closes-bug: #1607905
2016-09-16 12:19:53 +00:00
Hui Kang
0d28b311eb Add Kuryr ansible role
Change-Id: I7134bffab940ee780e5f5010d639af56f97b41d6
Co-authored-by: Mohammad Banikazemi <mb@us.ibm.com>
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>
Co-Authored-By: Antoni Segura Puimedon <antonisp@celebdor.com>
Partially-implements: bp kuryr-docker-plugin
2016-09-15 23:47:22 +00:00
Jenkins
97c99a9214 Merge "Add etcd ansible role" 2016-09-15 22:21:27 +00:00
Jenkins
ca623efa5b Merge "Integrate neutron-vpnaas-agent into the neutron Ansible role" 2016-09-15 21:11:57 +00:00
Christian Berendt
be0fcb5b99 Integrate neutron-vpnaas-agent into the neutron Ansible role
Implements: blueprint neutron-vpnaas-agent
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>
Change-Id: I1fae21f48d5beef47934aef7c23910536955f2b8
2016-09-15 05:07:46 +00:00
Hui Kang
a5b53f3a70 Add etcd ansible role
Change-Id: If8351ab3000006323a05924e907f1e3745768304
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>>
Partially-implements: bp kuryr-docker-plugin
2016-09-15 03:33:57 +00:00
Jenkins
d2b64b4473 Merge "Add ansible role for vmtp container" 2016-09-15 02:44:38 +00:00
Jenkins
37ec5ecb52 Merge "Add Networking-SFC role" 2016-09-14 20:03:12 +00:00
Jenkins
d438e1ca13 Merge "Added grafana role" 2016-09-14 18:14:58 +00:00
Jenkins
ad2d6567a6 Merge "Added telegraf role" 2016-09-14 17:14:26 +00:00
Jenkins
a063ecb692 Merge "Allow Neutron to be run in DVR mode" 2016-09-14 16:05:36 +00:00
Mathias Ewald
56af4ef202 Added telegraf role
Added ansible role to deploy telegraf

Roll out telegraf to all nodes

Introduce parameter to toggle deployment of performance monitoring

Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>

Change-Id: Ia09b20ce65bf557c1a1030eda99df5cc88debd01
Partially-Implements: Blueprint performance-monitoring
2016-09-14 15:43:04 +00:00
Tin Lam
4b3d8116ce Add ansible role for vmtp container
Add vmtp ansible role to kolla.

Co-Authored-By: Larry Rensing <lr699s@att.com>
Co-Authored-By: Tin Lam <tinlam@gmail.com>
Partially implements: bp vmtp-container

Change-Id: Ib3945e0a94cca9f3a8c4f55953b40674c88ac8e4
2016-09-14 10:12:08 -05:00
Paul Bourke
95c916aa5e Allow Neutron to be run in DVR mode
Introduces a new property "enable_neutron_dvr", along with the
appropriate service and template changes to allow DVR.

Closes-Bug: #1623463
DocImpact: dvr changes network data paths and adds requirements for NICs
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Change-Id: I87a26e9258228ae2ccb76be1e5f0bb44fac128df
2016-09-14 12:58:47 +01:00
Mathias Ewald
fe61591a7c Added grafana role
Added ansible role to deploy grafana

Added host group for grafana deployment

Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>

Change-Id: I3dec4e8586b6f65fa7de66a48506d1c79de2fe1e
Partially-Implements: Blueprint performance-monitoring
2016-09-14 09:36:34 +00:00
prithiv
8a01ed3270 Add Networking-SFC role
Networking-SFC is a neutron big-tent project support Service Function
Chaining in Neutron.

* Rename the image from neutron-networking-sfc-agent to
  neutron-sfc-agent.
* Add networking-sfc role in playbooks.

Co-Authored-by: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Change-Id: I1f99650eed85f59929d4ab6b2226603c54f29577
Implements: blueprint enable-networking-sfc-support
2016-09-14 15:41:03 +08:00
Eduardo Gonzalez
abf83650a1 Add Senlin Ansible role
Change-Id: Ic941a396b5cd9abfb5e9941218e91b784f8bba0a
Implements: bp senlin-container
2016-09-14 07:20:22 +02:00
Jenkins
6b3456bf36 Merge "Add Barbican ansible role" 2016-09-13 05:14:32 +00:00
zhubingbing
e0537385d0 Add Barbican ansible role
Partially-Implements: blueprint barbican-ansible

Change-Id: Id6be35b1d0527d5c38d4ea8576b233ebcc404718
2016-09-13 02:56:27 +00:00
Jenkins
a9c41a3821 Merge "Fix manila_share container isn't up after deploy" 2016-09-12 20:11:05 +00:00
Jenkins
7ad4249ead Merge "Allow mysql to be used as a database for Ceilometer" 2016-09-12 18:18:08 +00:00
Mauricio Lima
3091f94a07 Fix manila_share container isn't up after deploy
Change-Id: Ia5ece5f02841aebc1bdb0950b3f827e1cee359e5
Closes-Bug: #1620721
Closes-Bug: #1614033
2016-09-12 13:42:12 -04:00
Jenkins
87b4b3c19f Merge "Use delorean rabbitmq" 2016-09-12 12:56:18 +00:00
Paul Bourke
82f6d3f44b Allow mysql to be used as a database for Ceilometer
MongoDB is still default.

Refer to
http://docs.openstack.org/developer/ceilometer/install/dbreco.html for
more info on Ceilometer database backends.

Closes-Bug: #1622532

Change-Id: Iaf84f9efe0537f42797f4bb7ba2a3611835cc84e
2016-09-12 11:41:35 +00:00
Steven Dake
99f355e145 Use delorean rabbitmq
For centos, we should be using the RDO repositories to provide
rabbitmq-server.  This version is updated with bug fixes and provides
a more stable experience then using rabbitmq.com builds.

Co-Authored-by: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Co-Authored-by: Michal (inc0) Jastrzebski <inc007@gmail.com>
Closes-Bug: #1621460
Change-Id: Ib0eafc5da4397756fbdd837520b15543180ce229
2016-09-12 09:58:57 +00:00
prithiv
4af9bbe2e3 Ansible roles for collectd Container
Collectd-ceilometer-plugin is essential for further
more detailed metrics collection, smarter scheduling and service
assurance.

Change-Id: I8da572980de370517ec120d745ad1d36e316b465
Implements: blueprint collectd-ceilometer-plugin
2016-09-09 10:20:18 +01:00
Jenkins
15228232e1 Merge "Added influxdb role" 2016-09-08 14:06:16 +00:00
Paul Bourke
d3f65a812f Allow use of database for Horizon sessions
Database-backed sessions are scalable (using an appropriate database
strategy), persistent, and can be made high-concurrency and
highly-available [0]

Default is off.

[0] http://docs.openstack.org/developer/horizon/topics/deployment.html#database

Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Closes-Bug: 1618781

Change-Id: Ib68a21397dc020d20e07dcc51d3d0fdc1de102ff
2016-09-08 12:49:02 +01:00
Jenkins
2da0aa8ffc Merge "Fix keytone options in all.yml/globals.yml" 2016-09-08 07:09:37 +00:00
Christian Berendt
77f565e527 Fix keytone options in all.yml/globals.yml
* merge keystone sections in all.yml
* move keystone parameters in globals.yml into its own section

TrivialFix

Change-Id: I72893a44dabd515243175098d5c4da3f8191597b
2016-09-07 15:33:25 +00:00
zhubingbing
0c9debe893 Add sahara ansible role
Change-Id: I75b58248bfc4e86cace75faa82526d55a9ebbdbf
Partially-Implements: blueprint sahara-role
2016-09-07 15:29:02 +00:00
Jenkins
5d8878de6d Merge "Add cloudkitty ansible role" 2016-09-07 15:21:44 +00:00
Christian Berendt
5f62c22959 Add cloudkitty ansible role
Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>

Change-Id: Id83c852e32c3dd583e6128e888ac511634e8eabb
Partially-Implements: blueprint cloudkitty
2016-09-07 14:10:06 +00:00
zhubingbing
d3d3472326 Implement Ansible rally role
Change-Id: I647c38adbfd00c70874cf51c0bfcb68d243e26cc
Partially-Implements: blueprint rally-role
2016-09-07 02:07:04 +00:00
zhubingbing
89392f4f6a Add gnocchi ansible role
Partially-Implements: blueprint ansible-gnocchi

Change-Id: I8dd0460bd21ac0a233fab0142ec7b6079459bdc2
2016-09-06 13:17:47 +00:00
Mathias Ewald
49f7359b0c Added influxdb role
Added ansible role for influxdb

Introduced host groups for monitoring and influxdb and assign role

Monitoring is deployed on a separate node called monitoring01 by
default

Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>

Change-Id: If2465a14b18c6c3fd657af587a0b85f6b7a0191a
Partially-Implements: Blueprint performance-monitoring
2016-09-02 05:30:08 +00:00
mail2nadeem92
4b39d056ad Added Ansible playbook for congress deploy
Change-Id: Id04fe7a8f30ed0dae292933662036f4775e394a2
Partially-Implements: blueprint enable-congress-container
2016-09-01 10:43:03 +05:30
Jenkins
3fa38c80c5 Merge "generate bifrost yaml configs" 2016-08-31 15:30:23 +00:00
Jenkins
730086bfd1 Merge "Add option to support dhcp/l3 agent ha" 2016-08-31 13:44:13 +00:00
Sean Mooney
d7dfae75b2 generate bifrost yaml configs
- This change indroduces a merge_yaml action_plugin
- This change generates bifrost yaml configs.

Change-Id: I9814e6a5d55cbd46c4b60c06ed70ed54a575bd2f
Implements: blueprint bifrost-support
2016-08-31 13:06:41 +00:00
Jenkins
b29357e70c Merge "Add aodh role" 2016-08-31 12:52:58 +00:00
Jenkins
76f94f8d18 Merge "Add a check before wiping Ceph disks in bootstrap" 2016-08-31 09:15:19 +00:00
liyingjun
c5668bd50a Add option to support dhcp/l3 agent ha
New option enable_neutron_agent_ha added to enable/disable dhcp/l3 agent
high availability, dhcp_agents_per_network is default to 2 and it's
configurable.

Implement blueprint: support-network-ha

Change-Id: Id4742aa67c80584634b923195545bf2b654172f3
2016-08-31 16:31:07 +08:00
zhubingbing
7ce05f9782 Add aodh role
Partially-Implements: blueprint ansible-aodh

Change-Id: I9e20f4bf5e7d8f37f243ae15746e2b7bb49eb20c
2016-08-31 03:54:35 +00:00
Jenkins
b17027564c Merge "Add defaults for interfaces to all.yml" 2016-08-30 22:26:10 +00:00
Paul Bourke
ec40ed3cbb Add a check before wiping Ceph disks in bootstrap
An unwitting user may apply the KOLLA_CEPH_OSD[_CACHE]_BOOTSTRAP label
to a partition assuming it will only use that partition for Ceph, and
end up wiping out their disk.

This change adds a layer of checking to this scenario to try and help
avoid a disaster scenario.

Closes-Bug: 1599103
DocImpact

Change-Id: Ibb9fb42f87a76bc02165ec0b93b60234bad8747a
2016-08-29 14:34:01 +01:00
Shaun Smekel
1c68ae389b Add full support for fernet
This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.

- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
  the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
  This will handle key rotations through keystone-manage and trigger
  an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
  a round-robbin style. This ensures that any node failures will not
  stop the keys from rotating. This is configured by a desired token
  expiration time which then determines the cron scheduling for each
  node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
  starts it will run sanity checks to ensure that its fernet tokens
  are not stale. If they are it will rsync with other nodes to ensure
  its tokens are up to date.

The Docker component is implemented in:
  https://review.openstack.org/#/c/349366

Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token
2016-08-25 20:08:22 +10:00
Paul Bourke
158a852998 Add defaults for interfaces to all.yml
The values for 'network_interface' and 'neutron_external_interface' are
missing from all.yml, meaning it is impossible to override them on a per
node / per group basis. (globals.yml get's top precedence).

Make these consistent with the rest of the variables and move the
defaults into all.yml. Operators can still override / update these in
globals.yml as before, but those wanting more flexibility now have it
via host / group variables.

Change-Id: I2575921f76a8e245106da765757c70353bd6762c
Closes-Bug: #1604129
2016-08-24 14:45:14 +00:00
Jeffrey Zhang
3d6344d800 Move the keystone_*_url variable from common role to group vars
keystone_*_url are cross role variables. They are used in multi roles.
Move them from the common role to the group vars

TrivialFix

Change-Id: If451823ed7612bfec7bc797ec9dd2597164c6804
2016-08-17 16:53:40 +08:00
Ken Wronkiewicz
cc4150292c Fix intf address for RabbitMQ and disable cluster for Kube
enable_rabbitmq_cluster is now a "yes" by default but you can set it
to "no" if you want to disable clustering under any circumstances.

The agreement made at OpenStack in Austin was that Kolla-Kubernetes
would concentrate on RabbitMQ and MariaDB without clustering but
with persistent storage and workload migration, then examine how to
do proper distributed functionality as the project progresses, so I
am just following what we'd already agreed upon.

First, it helps us deal with issues of version upgrades without
dealing with clustered version upgrades and the synchronization
thereof.

Second, it provides an alternative model for durability when used in
Kubernetes.  Understand that, if we disable RabbitMQ's clustering,
Kubernetes is still able to re-schedule the queue off of a failed node
in ways that Kolla-Ansible is not.  There are known issues with
RabbitMQ clustering, especially with auto-heal turned on.  For many
small-to-mid-sized clusters, it's going to provide for a better
operator experience to have the known potential for a 30 second blip
after RabbitMQ node failure than it is to have the known potential
for partition and data loss and/or manual operations after you've
turned off auto-heal.

Kolla-kubernetes has already turned off host networking for the
RabbitMQ pod; it's safe to set the interface address in the
Kubernetes context.

The question was asked why don't I just set the RabbitMQ cluster to be
a single instance.  It's unlikely that Kubernetes RabbitMQ with a
PetSet will be clustered in the same declaritive fashion as the
rabbitmq-clusterer plugin. Easier to just disable it and worry about
how to configure the kube-friendly clustered RabbitMQ at a later point
in time.  Furthermore, it's an entirely valid case for many OpenStack
control planes hosted atop Kolla-Kubernetes to accept the possibility
of a 30-60 second blip in lieu of the long and questionable history
of RabbitMQ clustering in production.

Co-authored-by: Ryan Hallisey <rhallise@redhat.com>
Change-Id: I7f0cb22d29a418fce4af8d69f63739859173d746
Partially-implements: blueprint api-interface-bind-address-override
2016-08-10 09:40:54 -04:00