-
Matt Crees authored
Regularly, we experience issues in Kolla Ansible deployments because we use wrong options in OpenStack configuration files. This is because OpenStack services ignore unknown options. We also need to keep on top of deprecated options that may be removed in the future. Integrating oslo-config-validator into Kolla Ansible will greatly help. Adds a shared role to run oslo-config-validator on each service. Takes into account that services have multiple containers, and these may also use multiple config files. Service roles are extended to use this shared role. Executed with the new command ``kolla-ansible validate-config``. Change-Id: Ic10b410fc115646d96d2ce39d9618e7c46cb3fbc
Matt Crees authoredRegularly, we experience issues in Kolla Ansible deployments because we use wrong options in OpenStack configuration files. This is because OpenStack services ignore unknown options. We also need to keep on top of deprecated options that may be removed in the future. Integrating oslo-config-validator into Kolla Ansible will greatly help. Adds a shared role to run oslo-config-validator on each service. Takes into account that services have multiple containers, and these may also use multiple config files. Service roles are extended to use this shared role. Executed with the new command ``kolla-ansible validate-config``. Change-Id: Ic10b410fc115646d96d2ce39d9618e7c46cb3fbc
main.yml 11.52 KiB
---
keystone_services:
keystone:
container_name: "keystone"
group: "keystone"
enabled: true
image: "{{ keystone_image_full }}"
volumes: "{{ keystone_default_volumes + keystone_extra_volumes }}"
dimensions: "{{ keystone_dimensions }}"
healthcheck: "{{ keystone_healthcheck }}"
haproxy:
keystone_internal:
enabled: "{{ enable_keystone }}"
mode: "http"
external: false
tls_backend: "{{ keystone_enable_tls_backend }}"
port: "{{ keystone_public_port }}"
listen_port: "{{ keystone_public_listen_port }}"
backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}"
keystone_external:
enabled: "{{ enable_keystone }}"
mode: "http"
external: true
tls_backend: "{{ keystone_enable_tls_backend }}"
port: "{{ keystone_public_port }}"
listen_port: "{{ keystone_public_listen_port }}"
backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}"
# NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility.
# TODO(yoctozepto): Remove after Zed.
keystone_admin:
enabled: "{{ enable_keystone and kolla_action == 'upgrade' }}"
mode: "http"
external: false
tls_backend: "{{ keystone_enable_tls_backend }}"
port: "{{ keystone_admin_port }}"
listen_port: "{{ keystone_admin_listen_port }}"
keystone-ssh:
container_name: "keystone_ssh"
group: "keystone"
enabled: true
image: "{{ keystone_ssh_image_full }}"
volumes:
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
dimensions: "{{ keystone_ssh_dimensions }}"
healthcheck: "{{ keystone_ssh_healthcheck }}"
keystone-fernet:
container_name: "keystone_fernet"
group: "keystone"
enabled: true
image: "{{ keystone_fernet_image_full }}"
volumes:
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
dimensions: "{{ keystone_fernet_dimensions }}"
healthcheck: "{{ keystone_fernet_healthcheck }}"
####################
# Config Validate
####################
keystone_config_validation:
- generator: "/keystone/config-generator/keystone.conf"
config: "/etc/keystone/keystone.conf"