Commit Graph

78 Commits

Author SHA1 Message Date
Jenkins
6f17a71d7f Merge "add support for non-default database_port in kolla/ansible" 2016-05-26 09:24:56 +00:00
Ryan Hallisey
2da010a7b9 Make configurable the location where config files are merged
An operator may want to specify the location of custom config
files so that kolla can detect their location and merge
them with the default configs generated.

Partially implements: blueprint multi-project-config

Change-Id: Ibfb38d07a36dfa7fe25381adc34cc1d3cbe7d1e1
2016-05-23 03:23:06 -04:00
Waldemar Znoinski
a2c2eba34f add support for non-default database_port in kolla/ansible
This change makes each step of the kolla deployment aware
of the port database was configured to listen on.
It defaults mariadb_port to database_port.

Change-Id: I8e85d5732015afc0a5481cb33e0b629fdfa84a1b
Closes-Bug: #1576151
DocImpact
2016-05-13 12:12:25 +00:00
Jenkins
1011b7cd24 Merge "map the host localtime to the container" 2016-05-03 19:12:15 +00:00
Jeffrey Zhang
0fcee87549 map the host localtime to the container
Closes-Bug: #1577148
Change-Id: I636cefc63cf532434a41af3898b63dffa711e280
2016-05-03 09:27:51 +08:00
Mauricio Lima
2c34214388 Remove unecessary blank lines
TrivialFix

Change-Id: I1f03d428c380dfdbde5ef33e7ea43cbf5e9154ce
2016-05-02 07:44:29 -04:00
Paul Bourke
e2452906f3 Disable tty for keystone register script
There seems to be a bug regarding the interaction between the Red Hat
based images and docker exec, where output is missed when attaching a
tty. This can be replicated using the following:

$ docker run -d --name test centos /bin/sleep infinity
$ docker exec -t test echo hi

Repeat the second command over and over, "hi" will only be printed out
every couple of runs.

This affects the keystone register task as sometimes it will not print
it's final json result to stdout, causing ansible to fall over with a
difficult to diagnose error (despite the register having run
successfully).

Disabling the tty fixes this for me, it should not be needed in this
case regardless.

Change-Id: Ie7eb7c01c34ee3c59bd843651195fbcb7259d2c8
Closes-Bug: #1572082
2016-04-19 15:59:51 +01:00
Ryan Hallisey
67333e4dd1 Set db connection retry to infinity
Make sure that all the sevices will attempt to
connect to the database an infinite about of times.
If the database ever disappears for some reason we
want the services to try and reconnect more than just
10 times.

Closes-bug: #1505636
Change-Id: I77abbf72ce5bfd68faa451bb9a72bd2544963f4b
2016-04-11 07:22:09 -04:00
Carlos Cesario
493650aa5e Change keystone log dir
Proposed patch to change keystone and heka log dir
from /var/log/kolla/apache2/ to /var/log/kolla/keystone/

Closes-Bug: #1560620
Change-Id: I70c65ceba5a301cc56880313ca86f01bd35676cb
2016-03-28 08:51:35 -03:00
SamYaple
d4535b6dc3 Add memcached_servers to keystone_auth section
The in-process cache for keystone tokens has been deprecated due to
"incosistent results and high memory usage" with the expectation we
switch to memcached_servers if we want to stay performant.

Add memcache_servers [cache] section to the appropriate servers as the
[DEFAULT]\memcache_servers options was deprecated.

TrivialFix
Related-Id: Ied2b88c8cefe5655a88d0c2f334de04e588fa75a

Change-Id: Ic971bdddc0be3338b15924f7cc0f97d4a3ad2440
2016-03-19 21:53:03 +00:00
SamYaple
1f371e2717 Allow per node configuration with augments
This type of per node configuration is required to support things like
availability zones for nova. As always, if this file doesnt exist it
doesnt get used so this change is safe.

TrivialFix

Change-Id: Iff8172af522c2c96e5f2c173b24a5dfd4d522ed2
2016-03-17 17:18:00 +00:00
Dave McCowan
3daded6242 Add TLS protection on external API endpoints
TLS can be used to encrypt and authenticate the connection with
OpenStack endpoints.  This patch provides the necessary
parameters and changes the resulting service configurations to
enable TLS for the Kolla deployed OpenStack cloud.

The new input parameters are:

kolla_enable_tls_external: "yes" or "no" (default is "no")
kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem"
kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt"

Implements: blueprint kolla-ssl

Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
2016-03-03 14:44:37 -05:00
SamYaple
57124620ab Fix Keystone v3 and Horizon
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that

This also includes removal of unused variables (transforms them into
endpoint url variables)

TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
2016-03-03 15:44:53 +00:00
Jeffrey Zhang
b694408abc Add kolla_docker action for reconfigure
add three actions used for reconfigure

* restart_container
* get_container_env
* get_container_state

Partially-implements: bp kolla-reconfig

Change-Id: I63609ce47f044926ff276ab1188b10f44270a0b5
2016-03-02 01:35:55 +08:00
SamYaple
4edd0baf8d Remove keystone admin token
Admin token has been deprecated upstream. It will be removed in O. We
switch over to the new `keystone-manage bootstrap` method for creating
the initial admin user, role, and project.

Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: I6ca90e8d4c3b71009e24b049b2efbc08c05ebfbf
2016-03-01 00:14:06 +00:00
Jeffrey Zhang
ac4c3bb69a Run the keystone reconfigure only on keystone group host
Run the keystone reconfigure only when inventory_hostname in
groups['keystone']

Partially-implements: bp kolla-reconfig
Change-Id: I9d4b5f39f2d68cfd2ae087e3f8a2ee4785eb9586
2016-02-29 11:46:15 +08:00
Jenkins
a238fb5d3e Merge "Reconfigure keystone service" 2016-02-28 19:39:46 +00:00
Jeffrey Zhang
72ac7a5541 Reconfigure keystone service
Partially-implements: bp kolla-reconfig

Change-Id: Ied293e59bf4531e88a0e5e5bf9a5f5f495d2a0e7
2016-02-27 02:15:48 +00:00
SamYaple
d3cfb2052a Change kolla_internal_address variable
Due to poor planning on our variable names we have a situation where
we have "internal_address" which must be a VIP, but "external_address"
which should be a DNS name. Now with two vips "external_vip_address"
is a new variable.

This corrects that issue by deprecating kolla_internal_address and
replacing it with 4 nicely named variables.

kolla_internal_vip_address
kolla_internal_fqdn
kolla_external_vip_address
kolla_external_fqdn

The default behaviour will remain the same, and the way the variable
inheritance is setup the kolla_internal_address variable can still be
set in globals.yml and propogate out to these 4 new variables like it
normally would, but all reference to kolla_internal_address has been
completely removed.

Change-Id: I4556dcdbf4d91a8d2751981ef9c64bad44a719e5
Partially-Implements: blueprint ssl-kolla
2016-02-26 20:00:09 +00:00
Jenkins
c79174012c Merge "Add the default empty reconfigure.yml file to all roles" 2016-02-25 21:58:56 +00:00
Jeffrey Zhang
d26c259754 Add the default empty reconfigure.yml file to all roles
DocImpact

Partially-implements: bp kolla-reconfig
Change-Id: I9738e80960bcfbef18d1ef1b7942f81c45684e85
2016-02-25 09:32:53 +08:00
Dave McCowan
b770339534 Use passed client IP address in various audit logs
HAProxy: change to use option forwardfor to pass origin IP address
to backend via X-Forwarded-For header

Keystone: Apache does the audit logs for keystone.  Change the
LogFormat to display the passed address instead of the connection
address which is that of the load balancer.

Nova, Cinder, Glance: these services can make use of the address
passed in X-Forwarded-For.  With this setting the API logs for
these services include the client IP address.

Change-Id: Ia861ecc11a7c7d463d0366586926d1a842853f69
Closes-Bug: #1548935
2016-02-24 09:51:13 -05:00
Éric Lemoine
684873b89b Make Heka collect Keystone logs
Partially implements: blueprint heka
Change-Id: I940143876981a04464af67aff65c09a06926701d
2016-02-19 21:49:21 +00:00
Jenkins
6e622fa534 Merge "Move socket binding to named_volume" 2016-02-17 02:06:26 +00:00
Jenkins
c6da765b49 Merge "Use variables to specify http or https when constructing URLs" 2016-02-16 22:37:27 +00:00
SamYaple
690e6853de Move socket binding to named_volume
The extend_start.sh script for rsyslog is removed as it is no longer
needed. Docker no longer binds to /dev/log or /run/kolla/log

Closes-Bug: #1544545
Change-Id: Ic0a323a26ee4e9e15baf4598285844a8a4955f23
2016-02-16 14:42:41 +00:00
Jenkins
84f43146dc Merge "Use uppercase 'S' in word "OpenStack"" 2016-02-15 16:23:37 +00:00
Dave McCowan
1cedf77f19 Use variables to specify http or https when constructing URLs
To allow for TLS to protect the service endpoints, the protocol
in the URLs for the endpoints will be either http or https.

This patch removes the hardcoded values of http and replaces them
with variables that can be adjusted accordingly in future patches.

Change-Id: Ibca6f8aac09c65115d1ac9957410e7f81ac7671e
Partially-implements: blueprint ssl-kolla
2016-02-15 09:48:58 -05:00
venkatamahesh
70de590a11 Use uppercase 'S' in word "OpenStack"
Change-Id: I27ca0ea75f3d6a4371c91b3cb2c7a999ec90fbc4
2016-02-15 12:37:30 +00:00
SamYaple
e8d66766f0 Fix gate for docker 1.10
Docker 1.10 has broken the gate and this patch will correct that
breakage.

The issue comes with rsyslog. Due to a commit in Docker 1.10 [1] we
must change the way we get the log socket for rsyslog. The /dev/
folder will no longer populate as we used it. So instead we simply
make a new socket in a path we control and share that to the correct
location in the containers.

Additionally, adjust the gate for new Docker daemon.

[1] https://github.com/docker/docker/pull/16639
Partially-Implements: blueprint kolla-upgrade
Change-Id: I881a2ecdf6d7b35991e1d38a3f3e60d022d6577f
2016-02-06 06:48:53 +00:00
SamYaple
80b7266ed1 Rename kolla_ansible to kolla_toolbox
This change is needed for clarity. We have a kolla-ansible script.
We have a kolla-mesos repo. We plan to have a kolla-ansible repo.
Already we have had far too much confusion about whether we are
talking about the container or the project. Naming this kolla-toolbox
eliminates all of that confusion and its probably a bit more accurate
of a name too.

Closes-Bug: #1541053
Change-Id: I8fd1f49d5a22b36ede5b10f46b9fe02ddda9007e
2016-02-02 18:12:15 +00:00
SamYaple
6d8959a962 Update all bootstraps to use Label
Add bootstrap label to all bootstrap containers to ensure that when
the a new container is launched a difference is seen between it and
the bootstrap container since we cannot rely on ENV variables for
this. This only affects mariadb at this stage, but it is needed to
ensure rabbitmq works when we switch to named volumes.

Change-Id: Ia022af26212d2e5445c06149848831037a508407
Closes-Bug: #1538136
2016-01-28 20:26:41 +00:00
Ice Yao
e1ff26612f remove option verbose define in defaults/main.yml
References: https://review.openstack.org/#/c/269042/

TrivialFix

Change-Id: Ief08781342a06f956fc4cf00ba4383759da8c897
2016-01-20 16:17:05 +08:00
Allen Gao
3729755da0 remove option verbose from config files
Option "verbose" from group "DEFAULT" is deprecated for removal.
Its value may be silently ignored in the future.

If this option is not set explicitly, there is no such warning.
Furthermore, the default value of verbose is true, so there is
no need to set this value in config files.

TrivialFix

Change-Id: I3ec2a8900c984a64bc0645672ef89a63975f7f4e
2016-01-18 21:29:36 +08:00
Michal Jastrzebski
26524c7475 Playbook for keystone upgrade
New playbook for keystone release upgrade.

Co-Authored-By: SamYaple <sam@yaple.net>
Change-Id: I387abb30e5ead0033430848164d250fce739d2fd
Implements: blueprint upgrade-keystone
Partially-Implements: blueprint upgrade-kolla
2016-01-13 18:48:55 +00:00
SamYaple
9efc593c8f Allow keystone role to pull images
Change-Id: I64aff93368da7580b6cc1369a42be0904a670f98
Partially-Implements: blueprint pre-pull-images
2016-01-06 04:23:28 +00:00
SamYaple
bc1cc939d2 Convert Keystone to kolla_docker
Change-Id: Ia1beaf8205317f8c628fa1efcb65be90a9ad8237
Partially-Implements: blueprint kolla-docker-module
2015-12-31 16:38:56 +00:00
Jenkins
027e70f9a2 Merge "Simplify config creation" 2015-12-23 13:19:08 +00:00
SamYaple
74e9126fdb Remove unneeded variables passed into keystone
During the bootstrap we no longer need to pass in this info

TrivialFix
Related-Bug: #1526251
Related-Id: Ieee215b9de1618b3d31f3d1a766a9d0ebafdee4d

Change-Id: I82460cf11dea4692c0469bf2b9afddd794a30ec1
2015-12-22 22:19:13 +00:00
Jenkins
4a2e728688 Merge "Convert to pymysql" 2015-12-22 15:47:02 +00:00
SamYaple
026942e9c5 Convert to pymysql
Closes-Bug: #1528432
Change-Id: I6e56f283521b29678964cb655ac3cff2d13b8246
2015-12-22 04:30:32 +00:00
SamYaple
ed82afa8e9 Simplify config creation
Convert config creation from a playbook to an action_plugin. This
reduces the complexity and confusion while retaining the same augment
structure and flexibility.

This allows us to remove the 0-byte files as requirements. They will
still be used if they are present (this means we require additional
documentation around them).

DocImpact
Closes-Bug: #1528430
Change-Id: I2c789f6be9f195c7771ca093a6d59499564b4740
2015-12-22 04:28:53 +00:00
Jeffrey Zhang
b766695f18 Move the admin account creation to register.yml
Create the admin project, user, role and keystone service info by
using ansible task rather than shell script

Closes-Bug: #1526251
Change-Id: Ieee215b9de1618b3d31f3d1a766a9d0ebafdee4d
2015-12-15 23:20:53 +08:00
Michal Jastrzebski
aab1bd36c8 Sanity check for glance
This runs first sanity check for glance. After glance is deployed
it checks images.list(). Also consist few fixes for previous patches

Change-Id: I03d05d246302d8411b2e94c94ca7fe046c00d735
Partially-Implements: blueprint sanity-check-container
2015-12-02 14:19:01 -06:00
Michal Jastrzebski
f632cfe878 Sanity check for keystone
This runs first sanity check for keystone. After keystone is deployed
it checks tenants.list()

Change-Id: Ie919ffe6124eb70428309404a434d9b0eb0b9f70
Partially-Implements: blueprint sanity-check-container
2015-12-02 10:27:36 -06:00
Michal Rostecki
febcb600f1 Source installation in virtualenv
Use virtualenv for installation of OpenStack projects and
dependencies to avoid conflicts with Python libraries installed
by non-OpenStack binary packages.

Change-Id: I21ecd673b2e93335b1d3dd4e279e940c9d694c3c
Implements: blueprint virtualenv
2015-11-27 10:22:17 +01:00
Sam Yaple
97a8ba6fd7 Fix incorrect ansible variable
Change-Id: Ic6755dfe5c3741e4a945c8353f643bbf1479c172
Closes-Bug: #1519040
2015-11-23 17:37:04 +00:00
Sam Yaple
970617b80a Make the database json variable more readable
Additionally remove tty from the container cleanup docker section. It
was added in a sed in a previous patchset by serves no purpose.

Change-Id: Ib617870616bca687f72ffaa44b2e9a3a11ef1011
Partially-Implements: blueprint cleanup-playbooks
2015-11-23 17:24:22 +00:00
Hui Kang
790bf336d5 Fix bootstrap for services
The bootstrap tasks could be started on any node listed in the
site.yml

The issue is that all the tasks must run on the same node, and the
only node that all the tasks can run on is the 'api' node due to
needing to start the bootstrap container which binds in the configs.

delegate_to is required to ensure that the proper node gets the task.

Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: Ica04ab366777a571a92212ac22c482f1881d4ecd
Closes-Bug: #1513598
Related-Bug: #1513439
2015-11-23 17:09:36 +00:00
akwasniewska
206455120f Fixed log error messages from keystone to syslog.
Rsyslog adapted to filter keystone error log messages.

Related bug: 1516462

Change-Id: I4d8d4280dc8fef870d56d8466ed466241ee18e64
2015-11-17 20:27:08 +01:00