Skip to content
Snippets Groups Projects
Select Git revision
  • deployment default
1 result
Search by author
  • Any Author
  • KANAPA SYLVERE p1919734 KANAPA SYLVERE p1919734 p1919734
1 author
  1. Jul 27, 2020
    • Michal Nasiadka's avatar
      fluentd: log to a file instead of stdout · 696533f2
      Michal Nasiadka authored 
      fluentd logs currently to stdout, which is known to produce big docker logs
in /var/lib/docker. This change makes fluentd to log to /var/log/kolla/fluentd.

Closes-Bug: #1888852
Change-Id: I8fe0e54cb764a26d26c6196cef68aadc6fd57b90
      696533f2
  3. Jul 21, 2020
    • Pierre Riteau's avatar
      Fix fluentd warnings caused by "type copy" · 5b057812
      Pierre Riteau authored 
      A "@type copy" statement is already present at the beginning of each
match element, so extra "type copy" are not needed. They are causing the
following warnings in fluentd logs:

[warn]: parameter 'type' in <match syslog.local0.**>
[warn]: parameter 'type' in <match syslog.local1.**>

This commit also harmonizes indentation of the Monasca config block.

Change-Id: I779c2b942d007acbdd43d999f2fc0cdc131d431f
Related-Bug: #1885873
      5b057812
    • Pierre Riteau's avatar
      Configure prometheus-openstack-exporter to use internal endpoints · cf97aeeb
      Pierre Riteau authored 
      Change-Id: Ia134a518b63bb59cfad631cc488181f5245160e6
      cf97aeeb
    • wu.chunyang's avatar
      fix deploy freezer failed when kolla_dev_mod enabled · 7dc47132
      wu.chunyang authored 
      we should clone freezer code before run bootstray,
otherwise, the directory /opt/stack/freezer which is empty will
mount into freezer_api container.

Closes-Bug: #1888242

Change-Id: I7c22dd380fd5b1dff7b421109c4ae37bab11834a
      7dc47132
    • likui's avatar
      Update trove config file · 712b27da
      likui authored 
      Option "trove_auth_url/os_region_name" from group "DEFAULT" is deprecated.
Use option "auth_url/region_name" from group service_credentials

Change-Id: I15d6891582c92c7fc813f280a2b47ebaaca77eba
      712b27da
  5. Jul 17, 2020
    • Radosław Piliszek's avatar
      Make /dev/kvm permissions handling more robust · 202365e7
      Radosław Piliszek authored 
      This makes use of udev rules to make it smarter and override
host-level packages settings.
Additionally, this masks Ubuntu-only service that is another
pain point in terms of /dev/kvm permissions.
Fingers crossed for no further surprises.

Change-Id: I61235b51e2e1325b8a9b4f85bf634f663c7ec3cc
Closes-bug: #1681461
      202365e7
  7. Jul 15, 2020
  9. Jul 09, 2020
  11. Jul 08, 2020
  13. Jul 07, 2020
    • Pierre Riteau's avatar
      Fix incorrect value of [storage]/ceph_keyring in gnocchi.conf · 9a0f8c31
      Pierre Riteau authored 
      The value should be the full path to the keyring file, not just the
name. Without this fix Gnocchi fails to connect to Ceph.

Change-Id: Iaa69b2096b09a448345de50911e21436875d48d6
Closes-Bug: #1886711
      9a0f8c31
    • Mark Goddard's avatar
      Performance: Run common role in a separate play · 56ae2db7
      Mark Goddard authored 
      The common role was previously added as a dependency to all other roles.
It would set a fact after running on a host to avoid running twice. This
had the nice effect that deploying any service would automatically pull
in the common services for that host. When using tags, any services with
matching tags would also run the common role. This could be both
surprising and sometimes useful.

When using Ansible at large scale, there is a penalty associated with
executing a task against a large number of hosts, even if it is skipped.
The common role introduces some overhead, just in determining that it
has already run.

This change extracts the common role into a separate play, and removes
the dependency on it from all other roles. New groups have been added
for cron, fluentd, and kolla-toolbox, similar to other services. This
changes the behaviour in the following ways:

* The common role is now run for all hosts at the beginning, rather than
  prior to their first enabled service
* Hosts must be in the necessary group for each of the common services
  in order to have that service deployed. This is mostly to avoid
  deploying on localhost or the deployment host
* If tags are specified for another service e.g. nova, the common role
  will *not* automatically run for matching hosts. The common tag must
  be specified explicitly

The last of these is probably the largest behaviour change. While it
would be possible to determine which hosts should automatically run the
common role, it would be quite complex, and would introduce some
overhead that would probably negate the benefit of splitting out the
common role.

Partially-Implements: blueprint performance-improvements

Change-Id: I6a4676bf6efeebc61383ec7a406db07c7a868b2a
      56ae2db7
  15. Jul 06, 2020
  17. Jul 05, 2020
  19. Jul 03, 2020
    • Pierre Riteau's avatar
      Remove policy file from nova-conductor config.json template · c40e8065
      Pierre Riteau authored 
      Change I810aad7d49db3f5a7fd9a2f0f746fd912fe03917 for supporting multiple
Nova cells updated the list of containers that require a policy file to
only include nova-api, nova-compute, and nova-compute-ironic.

The nova-conductor config.json template was left unchanged and fails to
copy the nova policy file into its container. This can be seen on a
fresh deployment, but might be missed on an upgrade if an older policy
file is still available in /etc/kolla/nova-conductor.

This commit removes the nova_policy_file block from the nova-conductor
config.json template, as it shouldn't be required.

Backport: ussuri, train
Change-Id: I17256b182d207aeba3f92c65a6d7cf3611180558
Closes-Bug: #1886170
      c40e8065
    • Stig Telfer's avatar
      Manila - adjust logic for Open vSwitch configuration generation · 78e8472c
      Stig Telfer authored 
      
Work was done to selectively enable Open vSwitch deployment for Manila
services as bug #1884939.  However this did not appear to catch all
cases.  This patch adds a couple more.

Change-Id: I6187997a00f908e87ceace6f79f5f7262ea78738
Closes-Bug: #1886166
Co-Authored-By: default avatarSebastian Luna Valero <sebastian.luna.valero@gmail.com>
      78e8472c
  21. Jul 02, 2020
  23. Jul 01, 2020
    • Radosław Piliszek's avatar
      Make ES Curator schedule multinode-friendly · b82eb1b3
      Radosław Piliszek authored 
      In the spirit of Kolla-Ansible, we generally try to provide
workable defaults.
The default for Elasticsearch curator schedule was fine except for
multinode deploys where it would cause all nodes to run at the
same time producing broken runs (race condition in the get-delete
cycle).
It is easy to improve this situation by embracing poor-man's
reimplementation of keystone's fernet key rotation schedule.
ES Curator does not need all the complexity of the former so it
can be handled very well by shifting by as many hours as the
instance's index dictates. It should rarely if ever need more time
(most likely still in minutes range rather than hours).

Change-Id: I9d6758c8550308d13d936de1a14afbe4124e593b
      b82eb1b3
    • Stig Telfer's avatar
      Syntax error in Fluentd Monasca output config · 6c1ce76b
      Stig Telfer authored 
      
Resolve trivial syntax error in Fluentd output config for Monasca.

Change-Id: I20b37bb83a76bfabb1126925a1b4f1f59767b7a3
Co-Authored-By: default avatarSebastian Luna Valero <sebastian.luna.valero@gmail.com>
Closes-Bug: #1885873
      6c1ce76b
    • Bharat Kunwar's avatar
      Use public interface for Magnum client and trustee Keystone interface · 78bb5942
      Bharat Kunwar authored 
      While all other clients should use internalURL, the Magnum client itself
and Keystone interface for trustee credentials should be publicly
accessible (upstream default when no config is specified) since
instances need to be able to reach them.

Closes-Bug: #1885420
Change-Id: I74359cec7147a80db24eb4aa4156c35d31a026bf
      78bb5942
  25. Jun 30, 2020
    • Radosław Piliszek's avatar
      Fix the Elasticsearch Curator cron schedule run · 852c7a32
      Radosław Piliszek authored 
      There were two issues with it. Lack of /usr/local/bin in PATH
for CentOS and wrong crontab path for Ubuntu/Debian.
This patch mirrors how it is handled in keystone.

Change-Id: Ib54b261e12c409d66b792648807646015826e83c
Closes-Bug: #1885732
      852c7a32
  27. Jun 29, 2020
  29. Jun 27, 2020
    • James Kirsch's avatar
      Fix etcd protocol configuration · a1584322
      James Kirsch authored 
      The etcd service protocol is currently configured with internal_protocol.
The etcd service is not load balanced by a HAProxy container, so
there is no proxy layer to do TLS termination when internal_protocol
is configured to be "https".

Until the etcd service is configured to deploy with native TLS
termination, the etcd uses should be independent of
internal_protocol, and "http" by default.

Change-Id: I730c02331514244e44004aa06e9399c01264c65d
Closes-Bug: 1884137
      a1584322
  31. Jun 26, 2020
  33. Jun 25, 2020
    • Michal Nasiadka's avatar
      openvswitch: Use ansible_hostname for system-id · cecdb6a1
      Michal Nasiadka authored 
      Currently openvswitch sets system-id based on inventory_hostname, but when
Ansible inventory contains ip addresses - then it will only take first ip
octet - resulting in multiple OVN chassis being named i.e. "10".
Then Neutron and OVN have problems functioning, because a chassis named "10"
will be created and deleted multiple times per second - this ends up in
ovsdb and neutron-server processes using up to 100% CPU.

Adding openvswitch role to ovn CI job triggers.

Change-Id: Id22eb3e74867230da02543abd93234a5fb12b31d
Closes-Bug: #1884734
      cecdb6a1
    • Mark Goddard's avatar
      Verify TLS by default for Kibana to Elasticsearch · e91fd969
      Mark Goddard authored 
      Currently, if internal TLS communication is enabled, Kibana to
Elasticsearch communication is unverified. This is because we set
elasticsearch.ssl.verificationMode to 'none' by default (via
kibana_elasticsearch_ssl_verify). This is poor a security
posture.

This change changes the default value of
'kibana_elasticsearch_ssl_verify' to 'true'.

Change-Id: Ie4fa8e3a60d69cf5c4bdd975030c92be8113ffb1
Closes-Bug: #1885110
      e91fd969
    • Mark Goddard's avatar
      Support CA certificate for fluentd & Elasticsearch · 31f3f848
      Mark Goddard authored 
      Currently there is no way to configure a CA certificate bundle file for
fluentd to Elasticsearch communication. This change adds a new variable,
'fluentd_elasticsearch_cacert' with a default value set to the value of
'openstack_cacert.

Closes-Bug: #1885109

Change-Id: I5bbf55a4dd4ccce9fa2635cee720139c088268e3
      31f3f848
    • Michal Nasiadka's avatar
      Change neutron-ovs-agent deploy only with manila generic backend · c4c3ceca
      Michal Nasiadka authored 
      Change openvswitch & neutron-openvswitch-agent to deploy only
with manila generic backend - which uses ovs-vsctl functionality
when configuring share servers.

Change-Id: I124108cda62b38ea498612ff9ddb07d6122a330c
Closes-Bug: #1884939
      c4c3ceca
    • Bharat Kunwar's avatar
      Use internalURL endpoint_type for all clients used by Magnum · eb24945d
      Bharat Kunwar authored 
      Magnum, Cinder and Octavia clients in Magnum now use endpoint_type of
internalURL by default consistent with other clients also used by the
conductor. Additionally, they also use the globally defined
`openstack_region_name` for region_name.

Closes-Bug: #1885096

Change-Id: Ibec511013760cc4f681a2ec1b769b532be3daf2d
      eb24945d
    • Pierre Riteau's avatar
      Fix Magnum trust operations in multi-region clouds · dda9a146
      Pierre Riteau authored 
      Change-Id: I7214ef38ea529f7585d7a0c75b8b0498ea4c58a2
Closes-Bug: #1885078
      dda9a146
  35. Jun 24, 2020
  37. Jun 22, 2020
    • wu.chunyang's avatar
      nova-cell role clone failed · a9c94aee
      wu.chunyang authored 
      when enable kolla_dev_mod, nova-cell role clones code failed,
because we use nova-cell repository which is not exists.
in fact, nova-cell role should use nova repository too

Change-Id: I7fa62726d0d5b0aeb3bd5fa06dc0e59667f94fa0
      a9c94aee
  39. Jun 20, 2020