TLS can be used to encrypt and authenticate the connection with
OpenStack endpoints. This patch provides the necessary
parameters and changes the resulting service configurations to
enable TLS for the Kolla deployed OpenStack cloud.
The new input parameters are:
kolla_enable_tls_external: "yes" or "no" (default is "no")
kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem"
kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt"
Implements: blueprint kolla-ssl
Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that
This also includes removal of unused variables (transforms them into
endpoint url variables)
TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
Ansible is pinned to single commit in devel branch to pull in the
latest shade module we need (domain control). It will be available in
ansible 2.1
TrivialFix
Change-Id: I4c21fa1d2cec30d4aeb80e050ef4a62332f9ed45
This patch set implements reconfiguring the neutron service.
Change-Id: I028a91761de2ff7c6dee563259181b946e8312ea
Partially-implements: bp kolla-reconfig
add three actions used for reconfigure
* restart_container
* get_container_env
* get_container_state
Partially-implements: bp kolla-reconfig
Change-Id: I63609ce47f044926ff276ab1188b10f44270a0b5
Due to the fact COPY_ONCE is not how most people expect the container
to work, as well as causing additional delays in the reconfigure
process by needing to delete and recreate teh container, we should
default to COPY_ALWAYS. It is both how operators and deployers expect
things to work and allows a quick restart to pull in a new config.
TrivialFix
Change-Id: Ie5f043fc66aa85378f456017c9e31ddbbe6d8880
Admin token has been deprecated upstream. It will be removed in O. We
switch over to the new `keystone-manage bootstrap` method for creating
the initial admin user, role, and project.
Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: I6ca90e8d4c3b71009e24b049b2efbc08c05ebfbf
Use kolla_internal_vip_address for kolla_internal_fqdn in the all.yml
file. In this way, the global.yml no need set the old/deprecated
kolla_internal_address variable.
TrivialFix
Change-Id: I0768b9a2b615afb6a8b1f7c065189a495b8f9c9b
This runs first sanity check for swift. Once
swift is deployed it checks list()
Change-Id: I613bf9f2893d66814863893ec5acde5aa252548d
Partially-Implements: blueprint sanity-check-container
Run the keystone reconfigure only when inventory_hostname in
groups['keystone']
Partially-implements: bp kolla-reconfig
Change-Id: I9d4b5f39f2d68cfd2ae087e3f8a2ee4785eb9586
The path of the template file under the same role
can easily be omitted, and we are using this omitting
in most places except those this commit is fixing.
TrivialFix
Change-Id: I6d1563e235151669d9d9268d69555aae15e31926
This runs first sanity check for cinder. Once
cinder is deployed it checks volumes.list()
Change-Id: I1b4cc57f21cf0fa52a391229c2c2b3fa995d32a8
Partially-Implements: blueprint sanity-check-container
