Some ID provider configurations do not require a certificate file.
Change the logic to allow this, and update documentation accordingly.
Change-Id: I2c34a6b5894402bbebeb3fb96768789bc3c7fe84
This is a docs amendment to let users know that calling
init-runonce is not a required deployment step and it may not work
for them if they modified the defaults.
Change-Id: Ia3922b53d91a1a820447fec6a8074b941edc2ee9
Nova provides a mechanism to set static vendordata via a file [1].
This patch provides support in Kolla Ansible for using this
feature.
Arguably this could be part of a generic mechansim for copying
arbitrary config, but:
- It's not clear if there is anything else that would take
advantage of this
- One size might not fit all
[1] https://docs.openstack.org/nova/latest/configuration/config.html#api.vendordata_jsonfile_path
Change-Id: Id420376d96d0c40415c369ae8dd36e845a781820
Implement simple global variables system in docs and add global variables
KOLLA_OPENSTACK_RELEASE, KOLLA_ANSIBLE_MAJOR_VERSION and
KOLLA_BRANCH_NAME.
Closes-Bug: #1844710
Change-Id: I2c131463eaf1c51eb8768f6d90e9697c77a7833b
Signed-off-by: Adrian Andreias <adrian@fleio.com>
This change updates documentation, examples and tests to support
Ironic inspection through DHCP-relay. The dnsmasq service should be
configured with more specific format set in the variable
``ironic_dnsmasq_dhcp_range``. See the dnsmasq manual page [1].
[1] https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Change-Id: I9488a72db588e31289907668f1997596a8ccdec6
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
* Register Swift-compatible endpoints in Keystone
* Load balance across RadosGW API servers using HAProxy
The support is exercised in the cephadm CI jobs, but since RGW is
not currently enabled via cephadm, it is not yet tested.
https://docs.ceph.com/en/latest/radosgw/keystone/
Implements: blueprint ceph-rgw
Change-Id: I891c3ed4ed93512607afe65a42dd99596fd4dbf9
A system-scoped token implies the user has authorization to act on the
deployment system. These tokens are useful for interacting with
resources that affect the deployment as a whole, or exposes resources
that may otherwise violate project or domain isolation.
Since Queens, the keystone-manage bootstrap command assigns the admin
role to the admin user with system scope, as well as in the admin
project. This patch transitions the Keystone admin user from
authenticating using project scoped tokens to system scoped tokens.
This is a necessary step towards being able to enable the updated oslo
policies in services that allow finer grained access to system-level
resources and APIs.
An etherpad with discussion about the transition to the new oslo
service policies is:
https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible
Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585
Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>
This patch adding option to control weight of haproxy
backends per service via host variable.
Example:
[control]
server1 haproxy_nova_api_weight=10
server2 haproxy_nova_api_weight=2 haproxy_keystone_internal_weight=10
server3 haproxy_keystone_admin_weight=50
If weight is not defined, everything is working as before.
Change-Id: Ie8cc228198651c57f8ffe3eb060875e45d1f0700
This change bumps up max supported Ansible version
to 4.x (ansible-core 2.11.x) and minimum to 2.10.
Change-Id: I8b9212934dfab3831986e8db55671baee32f4bbd
Docs adapted to match.
Removed the unsupported-for-quay option to set up
a pull-through cache.
Closes-Bug: #1942134
Change-Id: If5a26b1ba4bf35bc29306c24f608396dbf5e3371
