Merge pull request #192 from stackhpc/stable/wallaby

Wallaby: sync upstream

Author: cityofships

.ansible-lint

@@ -19,3 +19,9 @@ skip_list:
   # [unnamed-task] All tasks should be named
   # FIXME(mgoddard): Add names to all tasks
   - unnamed-task
+  # disable experimental rules
+  - experimental
+  # Package installs should not use latest
+  - package-latest
+  # Most files should not contain tabs
+  - no-tabs

ansible/group_vars/all.yml

@@ -10,7 +10,7 @@ container_config_directory: "/var/lib/kolla/config_files"
 node_config: "{{ CONFIG_DIR | default('/etc/kolla') }}"
 
 # The directory to merge custom config files the kolla's config files
-node_custom_config: "/etc/kolla/config"
+node_custom_config: "{{ node_config }}/config"
 
 # The directory to store the config files on the destination node
 node_config_directory: "/etc/kolla"

ansible/roles/baremetal/tasks/install.yml

@@ -7,7 +7,7 @@
 
 # TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
 - block:
-    - name: Set firewall default policy
+    - name: Set firewall default policy  # noqa ignore-errors
       become: True
       ufw:
         state: disabled

ansible/roles/baremetal/tasks/post-install.yml

@@ -201,7 +201,11 @@
   when: ansible_facts.distribution == "Ubuntu"
 
 - name: Remove apparmor profile for libvirt
-  command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
+  shell: |
+    apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
+    ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
+  args:
+    executable: /bin/bash
   become: True
   when:
     - ansible_facts.distribution == "Ubuntu"

ansible/roles/certificates/tasks/generate-backend.yml

@@ -39,6 +39,8 @@
     -CA "{{ root_dir }}/root.crt"
     -CAkey "{{ root_dir }}/root.key"
     -CAcreateserial
+    -extensions v3_req
+    -extfile "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
     -out "{{ backend_dir }}/backend.crt"
     -days 500
     -sha256

ansible/roles/certificates/tasks/generate.yml

@@ -46,6 +46,8 @@
         -CA "{{ root_dir }}/root.crt"
         -CAkey "{{ root_dir }}/root.key"
         -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla.cnf"
         -out "{{ external_dir }}/external.crt"
         -days 365
         -sha256
@@ -114,6 +116,8 @@
         -CA "{{ root_dir }}/root.crt"
         -CAkey "{{ root_dir }}/root.key"
         -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla-internal.cnf"
         -out "{{ internal_dir }}/internal.crt"
         -days 365
         -sha256

ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2

@@ -8,14 +8,12 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_internal_fqdn }}
 
 [v3_req]
 subjectAltName = @alt_names
 
 [alt_names]
 {% if kolla_internal_fqdn != kolla_internal_vip_address %}
 DNS.1 = {{ kolla_internal_fqdn }}
-{% else %}
-IP.1 = {{ kolla_internal_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_internal_vip_address }}

ansible/roles/certificates/templates/openssl-kolla.cnf.j2

@@ -8,14 +8,12 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_external_fqdn }}
 
 [v3_req]
 subjectAltName = @alt_names
 
 [alt_names]
 {% if kolla_external_fqdn != kolla_external_vip_address %}
 DNS.1 = {{ kolla_external_fqdn }}
-{% else %}
-IP.1 = {{ kolla_external_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_external_vip_address }}

ansible/roles/cloudkitty/defaults/main.yml

@@ -174,7 +174,7 @@ cloudkitty_collector_backend: "gnocchi"
 cloudkitty_monasca_interface: "internal"
 
 # Set prometheus collector URL.
-cloudkitty_prometheus_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ prometheus_port }}"
+cloudkitty_prometheus_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ prometheus_port }}/api/v1"
 
 # Path of the CA certificate to trust for HTTPS connections.
 # cloudkitty_prometheus_cafile: "{{ openstack_cacert }}"

ansible/roles/common/defaults/main.yml

@@ -70,6 +70,30 @@ syslog_haproxy_facility: "local1"
 syslog_glance_tls_proxy_facility: "local2"
 syslog_neutron_tls_proxy_facility: "local4"
 
+syslog_facilities:
+  - name: "swift"
+    enabled: "{{ enable_swift | bool and (inventory_hostname in groups['swift-proxy-server'] or inventory_hostname in groups['swift-account-server'] or inventory_hostname in groups['swift-container-server'] or inventory_hostname in groups['swift-object-server']) }}"
+    facility: "{{ syslog_swift_facility }}"
+    logdir: "swift"
+    logfile: "swift_latest"
+    output_tag: true
+    output_time: true
+  - name: "haproxy"
+    enabled: "{{ enable_haproxy | bool and inventory_hostname in groups['haproxy'] }}"
+    facility: "{{ syslog_haproxy_facility }}"
+    logdir: "haproxy"
+    logfile: "haproxy_latest"
+  - name: "glance_tls_proxy"
+    enabled: "{{ glance_enable_tls_backend | bool and inventory_hostname in groups['glance-api'] }}"
+    facility: "{{ syslog_glance_tls_proxy_facility }}"
+    logdir: "glance-tls-proxy"
+    logfile: "glance-tls-proxy"
+  - name: "neutron_tls_proxy"
+    enabled: "{{ neutron_enable_tls_backend | bool and inventory_hostname in groups['neutron-server'] }}"
+    facility: "{{ syslog_neutron_tls_proxy_facility }}"
+    logdir: "neutron-tls-proxy"
+    logfile: "neutron-tls-proxy"
+
 kolla_toolbox_default_volumes:
   - "{{ node_config_directory }}/kolla-toolbox/:{{ container_config_directory }}/:ro"
   - "/etc/localtime:/etc/localtime:ro"