Commit Graph

103 Commits

Author SHA1 Message Date
Kevin Carter
f379c6abd4 Implement base configuration for independent repository
Change-Id: I91826d92a1c4bf30a9be77d538ffaa45b3bf7c8e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-03-02 00:07:37 +00:00
Jenkins
1c959d6bec Merge "Only update apt cache if necessary" 2016-02-17 10:51:09 +00:00
Ryan Moore
88c354d4ae Style - Not in YAML dictionary format
Depends-On: I2271fe8468840884f19f41abba37e696c6296350
Change-Id: I5829e60e85c8c5671edfcd28f5be0c0912dd30a0
2016-02-12 15:26:42 +00:00
Jimmy McCrory
322dbe437e Resolve ansible-lint ANSIBLE0008
ansible-lint 2.3.7 added a rule checking for use of the deprecated
'sudo' and 'sudo_user' directives. They have been replaced with 'become'
and 'become_user' respectively.

Change-Id: I2271fe8468840884f19f41abba37e696c6296350
2016-02-11 07:40:09 -08:00
Jean-Philippe Evrard
c677ad7b84 Only update apt cache if necessary
Workarounding the upstream ansible apt module bug
documented here:
https://github.com/ansible/ansible-modules-core/pull/1517

For the next versions of ansible we'll be using, we should
check if the apt bug is fixed. When it's fixed, we could
abandon this change and use the standard apt module
with correct cache handling.

Change-Id: I2aaf00da175f31d0157bbc4ae30a4e176b055078
2016-02-09 16:46:22 +01:00
Logan V
6b6863b317 Add ssl deployment to novnc console type
Deploy user SSL keys for novnc console containers so users viewing
the console in Horizon will be able to access the console over https.

Example configuration:
nova_console_type: novnc
nova_novncproxy_proto: https
nova_console_user_ssl_cert: ~/certs/horizon.pem
nova_console_user_ssl_key: ~/certs/horizon.key
nova_console_user_ssl_ca_cert: "{{ ssl_ca_cert }}"

Change-Id: Icb66631ac0b00afe12519fd742e3198e828a10cc
2016-02-04 11:29:16 +00:00
Jenkins
915b6217ba Merge "Re-deploy the Nova venv if it mismatches the repo" 2016-01-29 03:00:19 +00:00
Jenkins
01cce979b3 Merge "Always include nova_virt_detect.yml" 2016-01-28 18:34:47 +00:00
Matt Thompson
1159ee3341 Always include nova_virt_detect.yml
Currently, if you run the os-nova-install.yml playbook with the
nova-config or nova-install tags, the run will fail as nova_virt_type
is not defined anywhere.  This commit updates os_nova/tasks/main.yml by
adding the always tag so that nova_virt_detect.yml is always included.

Change-Id: Id0fdd12aecc63c066da985fbb058cb85926b2ff3
2016-01-28 10:04:57 +00:00
Matt Thompson
9b073b6594 Re-deploy the Nova venv if it mismatches the repo
We currently have two issues with venvs:

- if you update your venv on the repo server, it is not possible for
  that updated venv to land on the service's container as the get_url
  task always skips if the file exists (even if the file is different)
- if you have an updated venv on the repo server and forcefully delete
  the cached venv tarball on the service's container, the new tarball
  will get unarchived over top of the existing venv

This commit does the following:

- gets the checksum of the /var/cache tarball and downloads checksum
  file from repo server
- updates "Attempt venv download" to only download the venv if the
  cache doesn't exist or if the local and remote checksums differ
- adds a "force: true" to "Attempt venv download" task so that the venv
  tarball will get re-downloaded when the when condition is true (this
  is necessary otherwise the download will get skipped since the
  destination already exists)
- adds a new task "Remove existing venv" so we can first remove the
  venv before we unarchive the potentially new venv from the repo
  server
- updates "Create nova venv dir" and "Unarchive pre-built venv"
  tasks to only proceed if "nova_get_venv | changed", which
  prevents these tasks from running when they the venv tarball hasn't
  changed
- adds multiple service restarts to
  os_nova/tasks/nova_install.yml so that nova will restart
  correctly should the venv/packages update without any associated
  config changes

NOTE: The reason why we compare local and remote checksum is to avoid
      unnecessarily downloading the venv when the checksums are in fact
      the same.  On small deploys this is more or less a non-issue but
      if a deploy w/ thousands of compute nodes re-runs playbooks we
      want to limit the venv downloads when it's unnecessary.

Change-Id: Ibe25126ee38f51fb71f877a54d32dd56d2a8a74d
2016-01-28 09:05:10 +00:00
Jenkins
a38fa93c16 Merge "Update nova_rpc_backend to correct setting" 2016-01-27 04:34:24 +00:00
Jenkins
0ca2f30c4f Merge "Make all install actions consistently use with_items" 2016-01-26 23:49:29 +00:00
Jenkins
a6b366952b Merge "Remove use of role_name variable" 2016-01-26 14:07:04 +00:00
Jesse Pretorius
b4a9dfb10e Use slurp to collect the nova ssh keys
Extracting the ssh public key using cat and storing the result in a
fact has resulted in periodic failures in the collection of the key,
and thereafter the failure to appropriately place that key into the
authorised_keys file.

This patch changes the collection method to use the Ansible slurp
module which has been found to be more reliable.

Closes-Bug: #1531783
Change-Id: I26340a0c69064f84d9d87f19ce015ba44b6ffa8b
2016-01-26 09:36:38 +00:00
Andrei Kukharenka
ca78a07e01 Update nova_rpc_backend to correct setting
The nova_rpc_backend variable is currently set to the value that
applies for Kilo and has not been updated to the new Liberty
setting.

This patch corrects that.

Closes-Bug: #1537039
Change-Id: I6a946a5ce56a90e9ef1aebdba0350076cdb9ad2c
2016-01-22 13:37:27 +00:00
Ian Cordasco
6480e149ee Make all install actions consistently use with_items
This is primarily a style fix, not a functional one.

Related-Bug: #1495748
Change-Id: Ia34e01bced2d0287dab5353f975f36f9323cd205
2016-01-21 15:59:49 +00:00
Kevin Carter
8a8ad448fe Update Master SHAs - 17 Jan 2016
This patch does the following:
- updates the Master SHAs for new development work.
- includes updates to policy, paste and rootwrap files as required
- moves the Aodh repository to openstack_services as it now has
  implemented a stable branch
- Updated the keystone-wsgi file as it was still running the code from
  liberty
- add 2 package requirements to keystone which must be present for the
  new wsgi file.
- updates tempest.conf.j2 to replace ssh_auth_method with auth_method,
  and change auth_method to 'keypair' (configured is no longer an
  a valid option)

Change-Id: I933c24c03518865d9d40519dafb2ba46769a5453
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-01-18 23:58:48 +00:00
You Wei Wang
fe8d516b76 Trivial: Remove vim header from source files
Change-Id: I68a7d910d45ef5bbbc8b59d9bc363fa68c6a8663
2016-01-14 10:52:17 +00:00
Jimmy McCrory
a5331e2f62 Remove use of role_name variable
`role_name` is a reserved variable name. Instead, use the explicit
service_role_name variables when adding roles to users.

Change-Id: Ia5fa0e400aeec6d808891c5dd793ee8177d9b5f3
2016-01-10 12:46:29 -08:00
Jimmy McCrory
cb5e6cfff3 Fix command used to auto-detect virt type
If egrep is not located at /usr/bin/egrep, the os_nova "Get virt type
value and store as var" task will silently fail causing the
nova_virt_type to always default to qemu.
Update the command to include a lookup for the correct path to egrep.

Change-Id: I378b555d157ee3f39d682c3ddadb6e3ffd933503
Closes-Bug: #1531670
2016-01-06 16:27:03 -08:00
Xia Bing Yao
dc0da5c6e9 remove repeat var define in nova/defaults/main.yml
Change-Id: I340209c686e57f26d2e9caf9011bfdd360ae83ad
2016-01-05 17:55:47 +00:00
Bjoern Teipel
e9fd86ef00 Adding multipath-tools package for nova hosts
This fix adds the multipath-tools package to all nova
nodes in order to support iscsi-multipath inside nova.

In order to enable this feature in nova the following override
needs to be configured:

nova_nova_conf_overrides:
  libvirt:
    iscsi_use_multipath: true

DocImpact
Closes-Bug: #1524957

Change-Id: I36da282043ce864c8a1fb69a1ee02e3a273c14e4
2015-12-10 14:08:41 -06:00
Kevin Carter
9dc95792dd Fixes playbook runtime issues with ldap
When using an LDAP backend the plabooks fail when "ensuring.*"
which is a keystone client action. The reason for the failure is
related to how ldap backend, and is triggered when the service
users are within the ldap and not SQL. To resolve the issue a boolean
conditional was created on the various OS_.* roles to skip specific
tasks when the service users have already been added into LDAP.

Change-Id: I64a8d1e926c54b821f8bfb561a8b6f755bc1ed93
Closes-Bug: #1518351
Closes-Bug: #1519174
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-12-07 08:59:05 -06:00
Jenkins
e7503ad873 Merge "Fix nova_virt_type auto-detection" 2015-12-03 13:30:02 +00:00
Hugh Saunders
1f63049542 Use PyPi packages for ceph python bindings
Ceph python bindings are now available from pypi, so they can be
installed within a venv. Previously we were relying on the bindings
being installed via an apt package and symlinking out of the relevant
venvs into site packages.

This commit also includes a revert for the commit that introduced the
symlinks:

Revert "Symlink ceph libraries out of venv"

This reverts commit a0ab6f7a6efea1dabf5ac006f766c17596a0d10b.

Ceph Bug: http://tracker.ceph.com/issues/5900
Related-Bug: #1509837
Package URL: https://pypi.python.org/pypi/python-cephlibs/0.94.5.post1

Change-Id: Id8a0b8ea810fd9e43f9743bb2572e2b6b0985230
2015-12-02 22:24:19 +00:00
Jesse Pretorius
79192de310 Fix nova_virt_type auto-detection
In https://review.openstack.org/243098 nova_virt_type auto-detection
was implemented, but the default nova_virt_type value of kvm was left
in place, resulting in the auto-detection never happening.

This patch implements the auto-detection if nova-virt_type is not set
and removes the default value for nova-virt_type.

Change-Id: Ic1c8f042bc6bbee542373d335f338866efa06dc7
2015-12-02 14:46:12 +00:00
Jenkins
84adf9dbf1 Merge "Adjust default nova_force_config_drive to be False" 2015-11-29 07:39:20 +00:00
Andy McCrae
a68b84b451 Adjust default nova_force_config_drive to be False
The default for nova_force_config_drive upstream is "false" there is a
TODO to adjust this in Liberty.

This patch completes that TODO and sets the var (removing the TODO
comment).

Change-Id: I2159464c852b72685ee1a81d169ab64b6a1cc4b9
Closes-Bug: #1520628
2015-11-27 15:40:51 +00:00
Xia Bing Yao
10da9205b4 Add some comments about nova variable definition
Add comments in playbooks/roles/os_nova/defaults/main.yml,
mainly about nova_virt_type and nova_virt_autodetect.

Change-Id: I51ddfb44adc582c3c0ea47c7a4162881dfa2f7c3
2015-11-14 18:04:46 +08:00
Xia Bing Yao
989191607f Choose virt type automatically
If nova_virt_type variable is not defined in defaults/main.yml,
Using command "egrep -c '(vmx|svm)' /proc/cpuinfo" in
deploy environment, it can easily tell us what the right
virt_type is according to the return value.

If this command returns a value of one or greater, your
compute node supports hardware acceleration and just set
virt_type = kvm.

If this command returns a value of zero, your compute node
does not support hardware acceleration and you must configure
virt_type = qemu instead of kvm.

Change-Id: I6e36ffcb56d50556df0803aea9f4cd7850fada5a
2015-11-11 09:58:04 +08:00
Jenkins
505d457833 Merge "Ensure that the vnc console is disabled when spice is enabled" 2015-10-20 12:08:19 +00:00
Jenkins
4f0be0c76f Merge "Removed deprecated vif driver" 2015-10-20 10:38:40 +00:00
Kevin Carter
2e81466d88 Removed deprecated vif driver
This removes the deprecated vif driver in Juno.

Change-Id: I3ae8e9be51e0290b74e1f660f9f8d15326efca22
Closes-bug: #1501029
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-10-19 20:06:34 -05:00
Jesse Pretorius
113a4be0f2 Ensure that the vnc console is disabled when spice is enabled
The spice and vnc consoles are mutually exclusive with Horizon set
to auto-detect the console type. It is also clear from the
configuration method that the designed implementation is to deploy
only one of them.

This patch ensures that only one is enabled at a time by explicitly
disabling the vnc console (which defaults to enabled).

Change-Id: Ib0368d3d6125e4abe7f9a9c40748457fc0d349f2
2015-10-19 20:23:08 +01:00
Matt Thompson
8d218253fd Standardise ownership of *_venv_bin directories
This review standardises the ownership of the *_venv_dir directories by
ensuring all are created as root instead of using the service's user.
This behaviour already exists in the following roles:

- os_aodh
- os_glance
- os_swift

Change-Id: Idab42b83bece3624271780105f6a937eb88c7491
2015-10-19 14:45:06 +01:00
Jenkins
e4dfa35be4 Merge "Implement nova venv support" 2015-10-19 12:49:53 +00:00
Kevin Carter
0d8a6c888d Implement nova venv support
This commit conditionally allows the os_nova role to
install build and deploy within a venv. This is the new
default behavior of the role however the functionality
can be disabled.

Implements: blueprint enable-venv-support-within-the-roles

Change-Id: I13cf36058d08934a41b24ccf4f1700321ab00547
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-10-17 00:44:03 -05:00
Byron McCollum
177ab6777b Ensure git clones discard local modifications
If a cloned repo contains local modifications, the clone task will
fail. This ensures any local modifications are discarded, ensuring a
successful clone.

Change-Id: Ic5799fe07e15739cc11acabba803e3be47606f94
Closes-Bug: #1506590
2015-10-15 13:31:25 -05:00
Jesse Pretorius
4eb840a924 Update Nova Configuration for Liberty
This patch includes the following updates based on the updated
source in Nova's Liberty release:
 - api-paste.ini
 - policy.json
 - rootwrap.d/compute.filters
 - rootwrap.d/network.filters

The Nova S3 and v3 API's have been removed in Liberty, so all
related variables and configuration file entries have been
removed.

The Nova EC2 API is deprecated in Liberty. All related variables in
OpenStack-Ansible and configuration files have been removed as all
deployers are recommended to make use of the actively developed
replacement: https://github.com/stackforge/ec2-api

The Nova v2 and v1.1 API's are enabled using the upstream default
compatibility layer. Neither of these versions will be registered in
the service catalog.

The default API version is set to v2.1. For new environments, no
other API versions are registered in the service catalog.

The following variables have been removed:
 - S3 API
   - nova_s3_service_name
   - nova_s3_service_type
   - nova_s3_service_proto
   - nova_s3_service_publicuri_proto
   - nova_s3_service_adminuri_proto
   - nova_s3_service_internaluri_proto
   - nova_s3_service_port
   - nova_s3_service_description
   - nova_s3_service_publicuri
   - nova_s3_service_publicurl
   - nova_s3_service_adminuri
   - nova_s3_service_adminurl
   - nova_s3_service_internaluri
   - nova_s3_service_internalurl
   - nova_s3_program_name
   - nova_s3_deprecated_but_enabled
 - EC2 API
   - nova_ec2_service_name
   - nova_ec2_service_type
   - nova_ec2_service_proto
   - nova_ec2_service_publicuri_proto
   - nova_ec2_service_adminuri_proto
   - nova_ec2_service_internaluri_proto
   - nova_ec2_service_port
   - nova_ec2_service_description
   - nova_ec2_service_publicuri
   - nova_ec2_service_publicurl
   - nova_ec2_service_adminuri
   - nova_ec2_service_adminurl
   - nova_ec2_service_internaluri
   - nova_ec2_service_internalurl
   - nova_ec2_program_name
   - nova_ec2_deprecated_but_enabled
 - v3 API
   - nova_v3_service_name
   - nova_v3_service_type
   - nova_v3_service_proto
   - nova_v3_service_publicuri_proto
   - nova_v3_service_adminuri_proto
   - nova_v3_service_internaluri_proto
   - nova_v3_service_port
   - nova_v3_service_description
   - nova_v3_service_publicuri
   - nova_v3_service_publicurl
   - nova_v3_service_adminuri
   - nova_v3_service_adminurl
   - nova_v3_service_internaluri
   - nova_v3_service_internalurl
   - nova_v3_deprecated_but_enabled
 - v2.1 API
   - nova_v21_service_name              -> nova_service_name
   - nova_v21_service_type              -> nova_service_type
   - nova_v21_service_proto             -> nova_service_proto
   - nova_v21_service_publicuri_proto   -> nova_service_publicuri_proto
   - nova_v21_service_adminuri_proto    -> nova_service_adminuri_proto
   - nova_v21_service_internaluri_proto -> nova_service_internaluri_proto
   - nova_v21_service_port              -> nova_service_port
   - nova_v21_service_description       -> nova_service_description
   - nova_v21_service_publicuri         -> nova_service_publicuri
   - nova_v21_service_publicurl         -> nova_service_publicurl
   - nova_v21_service_adminuri          -> nova_service_adminuri
   - nova_v21_service_adminurl          -> nova_service_adminurl
   - nova_v21_service_internaluri       -> nova_service_internaluri
   - nova_v21_service_internalurl       -> nova_service_internalurl
   - nova_v21_enabled

DocImpact
UpgradeImpact
Implements: blueprint liberty-release
Change-Id: Ie5a42059c10e7fd0bfc4dba8d87dea3f32db968e
2015-10-15 10:39:29 +01:00
Jenkins
7e0ff5705a Merge "Fix to correctly set the nova_management_address" 2015-10-15 04:00:08 +00:00
Bjoern Teipel
e771983f2c Adding missing vfat packages for the nova config_drive
This patch add the packages necessary to allow for
the nova config_drive_format vfat

Change-Id: I304b25f68914d032e6aee0e62338c72165c6e62f
Closes-Bug: #1489225
2015-10-14 12:18:57 -05:00
Jesse Pretorius
3509364c0c Switch from MySQL-python to PyMySQL
As part of the cross-project effort [1] to prepare OpenStack for
Python3 as the primary Python version used, the decision has been
made to switch from using MySQL-python to PyMySQL [2].

This patch switches all OpenStack Services to use the PyMySQL
library.

[1] https://etherpad.openstack.org/p/liberty-cross-project-python3
[2] https://review.openstack.org/184388

UpgradeImpact
Implements: blueprint liberty-release
Change-Id: I7532b5dd72cd2f682f1e4ffdf290b741c2185cb3
2015-10-14 06:18:30 +00:00
Kevin Carter
3b4a1929df Fix to correctly set the nova_management_address
This change sets the nova management address based on the
facts the play is able to set about the environment.

This will correct configure the nova to use a specific
management network which is not always the default
container address.

Closes-Bug: #1504226
Change-Id: Ib6d84072d379118ebfc560f4594c28e1fecf3b40
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-10-08 12:00:58 -05:00
Jimmy McCrory
35545452bf Install spice-html5 from source
'ws://' is currently hardcoded within the spice_auto.html file included
in the packaged release of spice-html5, raising a security error when
accessing consoles over HTTPS.

Remove the existing apt package and install spice-html5 from source
instead since this issue has been corrected as of spice-html5-0.1.6.

Change-Id: Ie308a477143037963f903f2ac21b2b1f0328fcb3
Partial-Bug: #1424797
2015-10-07 16:18:23 +00:00
Kevin Carter
8b296911bb Add novnc console support
This change adds in support for the novnc console type in Nova.

* The change adds in a few new variables to the defaults which allow
  for the novnc console to be configued.
* A port entry was added to haproxy to support the console type.
* noVNC is being installed from source in the nova_console container.
  The git repo has been added to the openstack_other.yml repo-package file
  which allows for the repo to be cloned into the repo containers and then
  distributed out where needed from within the environment.

Closes-Bug: 1428833

Change-Id: I221557aad77bf266b4e2fae23007ffa210aa1f75
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-10-07 06:35:41 +00:00
Jesse Pretorius
25a6798416 Remove unused libvirt-bin file
Change-Id: Ib3f95497549d8d5f341a5caed02d703570a2b6c8
2015-10-05 11:16:46 +00:00
Jesse Pretorius
46d38acfb8 Allow pip extra arguments to be passed to playbooks
This patch adds the variable 'pip_install_options' which is passed to the pip
install module as extra arguments in order to allow the use of options like
'--force-reinstall' when executing playbooks.

eg: openstack-ansible -e pip_install_options="--force-reinstall" \
        setup-openstack.yml

This is required due to constant upstream changes in dependencies which
result in python wheel version upgrades and downgrades between tagged
versions of openstack-ansible.

The intention is that this can be used whenever a deployer switches between
tags for both upgrades and downgrades.

DocImpact
Closes-Bug: #1489251
Closes-Bug: #1499451
Related-Bug: #1501114
Change-Id: I996185e009a4c4af4f23798619bdbd0d490360c9
2015-09-30 15:18:31 +00:00
Kevin Carter
7bca4ab1a5 adds the config_template to nova
The change modifies the nova template tasks such that it's now
using the config_template action plugin. This change will make so that
config files can be dynamically updated, by a deployer, at run time,
without requiring the need to modify the in tree templates or defaults.

Partially implements: blueprint tunable-openstack-configuration

Change-Id: I9842ed3fcb2cc4aa379a582359b1ca5d0747f714
2015-09-21 11:12:49 +00:00
Jenkins
fd67602bd6 Merge "Install nfs-common with nova-compute" 2015-09-15 11:18:24 +00:00
Jenkins
70825817bf Merge "Compartmentalizing RabbitMQ" 2015-09-12 23:24:07 +00:00