1c68ae389b
This addresses the ansible aspects of fernet key bootstrapping as well as distributed key rotation. - Bootstrapping is handled in the same way as keystone bootstrap. - A new keystone-fernet and keystone-ssh container is created to allow the nodes to communicate with each other (taken from nova-ssh). - The keystone-fernet is a keystone container with crontab installed. This will handle key rotations through keystone-manage and trigger an rsync to push new tokens to other nodes. - Key rotation is setup to be balanced across the keystone nodes using a round-robbin style. This ensures that any node failures will not stop the keys from rotating. This is configured by a desired token expiration time which then determines the cron scheduling for each node as well as the number of fernet tokens in rotation. - Ability for recovered node to resync with the cluster. When a node starts it will run sanity checks to ensure that its fernet tokens are not stale. If they are it will rsync with other nodes to ensure its tokens are up to date. The Docker component is implemented in: https://review.openstack.org/#/c/349366 Change-Id: I15052c25a1d1149d364236f10ced2e2346119738 Implements: blueprint keystone-fernet-token |
||
---|---|---|
ansible | ||
demos | ||
dev/vagrant | ||
doc | ||
docker | ||
etc | ||
kolla | ||
releasenotes | ||
specs | ||
tests | ||
tools | ||
.gitignore | ||
.gitreview | ||
.testr.conf | ||
LICENSE | ||
loc | ||
README.rst | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
Kolla Overview
The Kolla project is a member of the OpenStack Big Tent Governance. Kolla's mission statement is:
Kolla provides production-ready containers and deployment tools for
operating OpenStack clouds.
Kolla provides Docker containers and Ansible playbooks to meet Kolla's mission. Kolla is highly opinionated out of the box, but allows for complete customization. This permits operators with little experience to deploy OpenStack quickly and as experience grows modify the OpenStack configuration to suit the operator's exact requirements.
Getting Started
Learn about Kolla by reading the documentation online docs.openstack.org.
Get started by reading the Developer Quickstart.
Kolla provides images to deploy the following OpenStack projects:
- Aodh
- Ceilometer
- Cinder
- Designate
- Glance
- Gnocchi
- Heat
- Horizon
- Ironic
- Keystone
- Magnum
- Manila
- Mistral
- Murano
- Nova
- Neutron
- Swift
- Tempest
- Trove
- Zaqar
As well as these infrastructure components:
- Ceph implementation for Cinder, Glance and Nova
- Openvswitch and Linuxbridge backends for Neutron
- MongoDB as a database backend for Ceilometer and Gnocchi
- RabbitMQ as a messaging backend for communication between services.
- HAProxy and Keepalived for high availability of services and their endpoints.
- MariaDB and Galera for highly available MySQL databases
- Heka A distributed and scalable logging system for openstack services.
Docker Images
The Docker images are built by the Kolla project maintainers. A detailed process for contributing to the images can be found in the image building guide.
The Kolla developers build images in the kolla namespace for every tagged release and implement an Ansible deployment for many but not all of them.
You can view the available images on Docker Hub or with the Docker CLI:
$ sudo docker search kolla
Directories
- ansible - Contains Ansible playbooks to deploy Kolla in Docker containers.
- demos - Contains a few demos to use with Kolla.
- dev/heat - Contains an OpenStack-Heat based development environment.
- dev/vagrant - Contains a vagrant VirtualBox/Libvirt based development environment.
- doc - Contains documentation.
- etc - Contains a reference etc directory structure which requires configuration of a small number of configuration variables to achieve a working All-in-One (AIO) deployment.
- docker - Contains jinja2 templates for the docker build system.
- tools - Contains tools for interacting with Kolla.
- specs - Contains the Kolla communities key arguments about architectural shifts in the code base.
- tests - Contains functional testing tools.
Getting Involved
Need a feature? Find a bug? Let us know! Contributions are much appreciated and should follow the standard Gerrit workflow.
- We communicate using the #openstack-kolla irc channel.
- File bugs, blueprints, track releases, etc on Launchpad.
- Attend weekly meetings.
- Contribute code.
Contributors
Check out who's contributing code and contributing reviews.