add three actions used for reconfigure
* restart_container
* get_container_env
* get_container_state
Partially-implements: bp kolla-reconfig
Change-Id: I63609ce47f044926ff276ab1188b10f44270a0b5
Due to the fact COPY_ONCE is not how most people expect the container
to work, as well as causing additional delays in the reconfigure
process by needing to delete and recreate teh container, we should
default to COPY_ALWAYS. It is both how operators and deployers expect
things to work and allows a quick restart to pull in a new config.
TrivialFix
Change-Id: Ie5f043fc66aa85378f456017c9e31ddbbe6d8880
Admin token has been deprecated upstream. It will be removed in O. We
switch over to the new `keystone-manage bootstrap` method for creating
the initial admin user, role, and project.
Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: I6ca90e8d4c3b71009e24b049b2efbc08c05ebfbf
Use kolla_internal_vip_address for kolla_internal_fqdn in the all.yml
file. In this way, the global.yml no need set the old/deprecated
kolla_internal_address variable.
TrivialFix
Change-Id: I0768b9a2b615afb6a8b1f7c065189a495b8f9c9b
This runs first sanity check for swift. Once
swift is deployed it checks list()
Change-Id: I613bf9f2893d66814863893ec5acde5aa252548d
Partially-Implements: blueprint sanity-check-container
Run the keystone reconfigure only when inventory_hostname in
groups['keystone']
Partially-implements: bp kolla-reconfig
Change-Id: I9d4b5f39f2d68cfd2ae087e3f8a2ee4785eb9586
The path of the template file under the same role
can easily be omitted, and we are using this omitting
in most places except those this commit is fixing.
TrivialFix
Change-Id: I6d1563e235151669d9d9268d69555aae15e31926
When kolla-build is running, if there are network issues or if the
source's location (like http://tarballs.openstack.org) fails to
respond due to high number of concurrent requests, kolla-build just
hangs/blocks indefinitely.
This patch set resolves this issue by adding a timeout of 120
seconds for requests.get() in kolla/cmd/build.py, adds a unit test
for it in kolla/tests/test_build.py and also the "timeout" argument
in kolla/common/config.py.
Change-Id: I7c8745a20b9bd1c3f5d6a55c72a794f16fd7e513
Closes-Bug: #1548614
This runs first sanity check for cinder. Once
cinder is deployed it checks volumes.list()
Change-Id: I1b4cc57f21cf0fa52a391229c2c2b3fa995d32a8
Partially-Implements: blueprint sanity-check-container
Vagrant and Heat, while really cool tech, are not very well maintained
in Kolla. They are not always up to date, and as a result, are not
recommended for evaluation purposes by this change.
TrivialFix
Change-Id: Ic8b8519431ed5c50a9a46b2e8b8f822d0982b1cf
Due to poor planning on our variable names we have a situation where
we have "internal_address" which must be a VIP, but "external_address"
which should be a DNS name. Now with two vips "external_vip_address"
is a new variable.
This corrects that issue by deprecating kolla_internal_address and
replacing it with 4 nicely named variables.
kolla_internal_vip_address
kolla_internal_fqdn
kolla_external_vip_address
kolla_external_fqdn
The default behaviour will remain the same, and the way the variable
inheritance is setup the kolla_internal_address variable can still be
set in globals.yml and propogate out to these 4 new variables like it
normally would, but all reference to kolla_internal_address has been
completely removed.
Change-Id: I4556dcdbf4d91a8d2751981ef9c64bad44a719e5
Partially-Implements: blueprint ssl-kolla
The generic driver for manila need the neutron agents
and OVS / Linuxbridge running on the same node as manila_share.
This is necessary when the DHSS (Driver Handles Share Servers)
is the value "True", so that the manila_share can talk
with NFS manager.
Change-Id: I21904659b1789fa71118401bfb6ac2227ae564da
Partially-Implements: blueprint enable-manila-containers
Working towards the blueprint that will add TLS protection
for the external endpoints, kolla needs certificates.
When kolla deploys OpenStack, the external VIP will need
a server side certifcate. Clients that access those endpoints will
need the public CA certificate that signed that certificate.
This ansible script will create these two certificates to make
it easy to use TLS in a test environment. The generated
certificate files are:
/etc/kolla/certificates/haproxy.pem (server side certificate)
/etc/kolla/certificates/haproxy-ca.pem (CA certificate)
The generated certificates are not suitable for use in a
production environment, but will be useful for testing and
verifying operations.
Partially-implements: blueprint ssl-kolla
Change-Id: I208777f9e5eee3bfb06810c7b18a2727beda234d
Since openvswitch is handled in the kernel, it really is as simple as
upgrade the container since the container only has userspace tools in
it.
Partially-Implements: blueprint upgrade-kolla
Implements: blueprint upgrade-neutron
Change-Id: Iec57c67a1ccba8f48b752fe832cd714bcc658af0
Ceph is pretty easy to work with. Upgrade mons, then osds, then rgws
We want to eventually make these serial values configurable, but for
now due to cephs delicate distributed network nature it is safest to
only run 1 change at a time.
Change-Id: Icc721ab3651379c28fee853ca95f9e3ddf102998
Partially-Implements: blueprint upgrade-kolla
Implements: blueprint upgrade-ceph