This fix utilizes the urandom method in the os mmodule and provides
more randomness in our generation tool.
Closes-bug: 1732295
Change-Id: I060976d243dfc4ddc7fd67aff36f3a888a0a363e
The requirements.txt contents do not need to be
installed on to the host. The majority of the
requirements are for ansible, or for release
and management tooling which needs to use the
Ansible runtime venv.
Rather than forcing the installation of pip on
the host, we only install virtualenv via distro
packages (where possible). With virtualenv in
place we can create the runtime venv and install
pip, etc and all requirements into there.
Doing this keeps the system python libraries as
clean as possible, preventing clashes with other
packages (eg: ceph) which try to install other
python libraries which conflict on CentOS.
Change-Id: I0db786645c11649764680697518c97ddf9610cfa
The ansible runtime python needs to be used when running local scripts
so that our libs cared for. Presently when the pw-token-gen script is
run it stacktraces on a new 16.04 host when py3.5 and py2.7 are present
on the same host. The traceback indicates that the Crypto lib is missing
which is true for py2.7 as we now prefer py3.5.
Additionally the pw-token-gen script needs two updates to be py3.5
compatible.
Change-Id: I5535c2076ebb3fa5b2a5d5fc42bdc5095871c7d5
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Currently the playbooks do not allow Ceph to be configured as a backend
for Cinder, Glance or Nova. This commit adds a new role called
ceph_client to do the required configuration of the hosts and updates
the service roles to include the required configuration file changes.
This commit requires that a Ceph cluster already exists and does not
make any changes to that cluster.
ceph_client role, run on the OpenStack service hosts
- configures the Ceph apt repo
- installs any required Ceph dependencies
- copies the ceph.conf file and appropriate keyring file to /etc/ceph
- creates the necessary libvirt secrets
os_glance role
glance-api.conf will set the following variables for Ceph:
- [DEFAULT]/show_image_direct_url
- [glance_store]/stores
- [glance_store]/rbd_store_pool
- [glance_store]/rbd_store_user
- [glance_store]/rbd_store_ceph_conf
- [glance_store]/rbd_store_chunk_size
os_nova role
nova.conf will set the following variables for Ceph:
- [libvirt]/rbd_user
- [libvirt]/rbd_secret_uuid
- [libvirt]/images_type
- [libvirt]/images_rbd_pool
- [libvirt]/images_rbd_ceph_conf
- [libvirt]/inject_password
- [libvirt]/inject_key
- [libvirt]/inject_partition
- [libvirt]/live_migration_flag
os_cinder is not updated because ceph is defined as a backend and that
is generated from a dictionary of the config, for an example backend
config, see etc/openstack_deploy/openstack_user_config.yml.example
pw-token-gen.py is updated so that variables ending in uuid are assigned
a UUID.
DocImpact
Implements: blueprint ceph-block-devices
Closes-Bug: #1455238
Change-Id: Ie484ce0bbb93adc53c30be32f291aa5058b20028
The permissions on the user_secrets file are too open, adjust this so that
after using pw-token-gen.py it sets the file to be 0600 for
user_secrets.yml and the backup tar file that is created. Additionally,
add a note in the README to recommend adjusting the permissions when not
utilising the pw-token-gen.py
Change-Id: I90ffacd83a89a92f48cf160e5b351e1254e9c73a
Closes-Bug: #1461997
The `pw-token-gen.py` script will fail if used against an empty file.
This change adds a None type check and returns an exit error and
messaage if the loaded value is None.
Closes-Bug: 1446338
Change-Id: I83cb9d1ef312f870f555c6de5f42815ba40e895e
This patch removes and/or renames anything that is Rackspace specific
from the playbooks, roles and variables.
It also removes items which appear to be orphaned/unused and flattens
the playbooks into a single directory in order to better match ansible
best practise (and remove some horrible fiddles we were doing).
The following have been removed due to RAX/RPC naming or RAX/RPC
specific usage:
- playbooks/monitoring
- playbooks/rax*
- playbooks/rpc*
- roles/maas*
- roles/rax*
- roles/rpc*
- scripts/f5-*
- scripts/maas*
- scripts/rpc*
- scripts/*lab*
- vars/repo_packages/rackspace*
- vars/repo_packages/rax*
- vars/repo_packages/rpc*
- vars/repo_packages/holland.yml
The following have been removed as they are unused:
- playbooks/setup/host-network-setup.yml
- roles/openssl_pem_request
- roles/host_interfaces
- scripts/elsa*
- ssh/
- vars/repo_packages/turbolift.yml
The following directories have been renamed:
- etc/rpc_deploy > etc/openstack_deploy
- rpc_deployment > playbooks
The playbooks have all been moved into a single directory:
- rpc_deployment/playbooks/infrastructure/* > playbooks/
- rpc_deployment/playbooks/openstack/* > playbooks/
- rpc_deployment/playbooks/setup/* > playbooks/
The following files have been renamed:
- lxc-rpc > lxc-openstack
- lxc-rpc.conf > lxc-openstack.conf
- rpc_environment > openstack_environment
- rpc_release > openstack_release (etc and pip)
- rpc_tempest_gate.sh > openstack_tempest_gate.sh
- rpc_user_config > openstack_user_config
The following variables have been renamed:
- rpc_release > openstack_release
- rpc_repo_url > openstack_repo_url
The following variables have been introduced:
- openstack_code_name: The code name of the upstream OpenStack release
(eg: Juno)
Notable variable/template value changes:
- rabbit_cluster_name: rpc > openstack
- wsrep_cluster_name: rpc_galera_cluster > openstack_galera_cluster
DocImpact
Closes-Bug: #1403676
Implements: blueprint rackspace-namesake
Change-Id: Ib480fdad500b03c7cb90684aa444da9946ba8032
