f306e9ca88
consider this a security hardening as it would be possible to write to host owned private tmp files e.g. of systemd-logind when you are able to highjack the apache2 process inside the horizon container, which runs as root. see the bug report for a demonstration of this. I checked the horizon code, it only facilitates python tempfiles module for temp file usage. I also checked the horizon container we build via `kolla-build -b ubuntu horizon`, which has a /tmp/ directory. So no mountpoint should be needed. Closes-Bug: #2068126 Signed-off-by: Sven Kieske <kieske@osism.tech> Change-Id: I7ae1db8d42c83b773047bb01e846d4abee02710a
Kolla Ansible
The Kolla Ansible is a deliverable project separated from Kolla project.
Kolla Ansible deploys OpenStack services and infrastructure components in Docker containers.
Kolla's mission statement is:
To provide production-ready containers and deployment tools for operating
OpenStack clouds.Kolla is highly opinionated out of the box, but allows for complete customization. This permits operators with little experience to deploy OpenStack quickly and as experience grows modify the OpenStack configuration to suit the operator's exact requirements.
Getting Started
Learn about Kolla Ansible by reading the documentation online Kolla Ansible.
Get started by reading the Developer Quickstart.
OpenStack services
Kolla Ansible deploys containers for the following OpenStack projects:
- Aodh
- Barbican
- Bifrost
- Blazar
- Ceilometer
- Cinder
- CloudKitty
- Cyborg
- Designate
- Glance
- Heat
- Horizon
- Ironic
- Keystone
- Kuryr
- Magnum
- Manila
- Masakari
- Mistral
- Neutron
- Nova
- Octavia
- Skyline (APIServer and Console)
- Swift
- Tacker
- Trove
- Venus
- Watcher
- Zun
Infrastructure components
Kolla Ansible deploys containers for the following infrastructure components:
- Collectd, Telegraf, InfluxDB, Prometheus, and Grafana for performance monitoring.
- OpenSearch and OpenSearch Dashboards to search, analyze, and visualize log messages.
- Etcd a distributed reliable key-value store.
- Fluentd as an open source data collector for unified logging layer.
- Gnocchi A time-series storage database.
- HAProxy and Keepalived for high availability of services and their endpoints.
- MariaDB and Galera Cluster for highly available MySQL databases.
- Memcached a distributed memory object caching system.
- Open vSwitch for use with Neutron.
- RabbitMQ as a messaging backend for communication between services.
- Redis an in-memory data structure store.
Directories
ansible- Contains Ansible playbooks to deploy OpenStack services and infrastructure components in Docker containers.contrib- Contains demos scenarios for Heat, Magnum and Tacker and a development environment for Vagrantdoc- Contains documentation.etc- Contains a reference etc directory structure which requires configuration of a small number of configuration variables to achieve a working All-in-One (AIO) deployment.kolla_ansible- Contains password generation script.releasenotes- Contains releasenote of all features added in Kolla Ansible.specs- Contains the Kolla Ansible communities key arguments about architectural shifts in the code base.tests- Contains functional testing tools.tools- Contains tools for interacting with Kolla Ansible.zuul.d- Contains project gate job definitions.
Getting Involved
Need a feature? Find a bug? Let us know! Contributions are much appreciated and should follow the standard Gerrit workflow.
- We communicate using the #openstack-kolla irc channel.
- File bugs, blueprints, track releases, etc on Launchpad.
- Attend weekly meetings.
- Contribute code.
Contributors
Check out who's contributing code and contributing reviews.
Notices
Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries. Docker, Inc. and other parties may also have trademark rights in other terms used herein.