)]}'
{"specs/nova_cells.rst":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"63dd857c18d4afc1109f4439b635c41f47c8009a","unresolved":false,"context_lines":[{"line_number":40,"context_line":"   deployment into \u0027cells\u0027 I can isolate failures."},{"line_number":41,"context_line":"3. As an operator of a small OpenStack deployment managed by Kolla-Ansible,"},{"line_number":42,"context_line":"   I want a clear path for scaling my deployment if I need to in the future."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Proposed change"},{"line_number":45,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":46,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_8ffa5441","line":43,"updated":"2018-11-09 15:45:11.000000000","message":"Would like to see an explicit use case about being able to perform operations on a cell-by-cell basis.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"e06c910bd0e900f2722706eb1e303dd5d32da944","unresolved":false,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"  * Support optionally using an external database per cell"},{"line_number":73,"context_line":"  * Support using mixtures of external databases and distinct clusters"},{"line_number":74,"context_line":""},{"line_number":75,"context_line":"* HAProxy / Keepalived"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_45c1834e","line":74,"updated":"2018-11-09 09:44:07.000000000","message":"not best option, but could be possible to also use same db cluster in different database, same as the rabbit vhosts","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"63dd857c18d4afc1109f4439b635c41f47c8009a","unresolved":false,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"* HAProxy / Keepalived"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":80,"context_line":"      traffic across the cell database cluster and the Nova cell services."}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_796f8692","line":77,"range":{"start_line":77,"start_character":4,"end_line":77,"end_character":54},"updated":"2018-11-09 15:45:11.000000000","message":"Would this be optional?","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"ec065b7d5749f280c0567d9e56b001c7377ac8f2","unresolved":false,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"* HAProxy / Keepalived"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":80,"context_line":"      traffic across the cell database cluster and the Nova cell services."}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_aa75be87","line":77,"range":{"start_line":77,"start_character":4,"end_line":77,"end_character":54},"in_reply_to":"3f79a3b5_796f8692","updated":"2018-11-09 16:32:16.000000000","message":"Given your point about Nova I think it should only be deployed if a DB cluster is deployed for the cell. For simplicity it seems easier to always deploy it in that case. I imagine most people would want a cluster?","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"84d229333dddd751c0fa55ddf77b24aaa5f9dfaa","unresolved":false,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"* HAProxy / Keepalived"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":80,"context_line":"      traffic across the cell database cluster and the Nova cell services."}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_89eeb887","line":77,"range":{"start_line":77,"start_character":4,"end_line":77,"end_character":54},"in_reply_to":"3f79a3b5_aa75be87","updated":"2018-11-12 12:17:40.000000000","message":"That makes sense.\n\nThe cost of a 3 node cluster per-cell might be deemed too high, IIRC CERN use a single DB node per-cell.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"63dd857c18d4afc1109f4439b635c41f47c8009a","unresolved":false,"context_lines":[{"line_number":77,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":80,"context_line":"      traffic across the cell database cluster and the Nova cell services."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"* Automatic deployment and registration of cells with the Nova API"},{"line_number":83,"context_line":"* Unique credentials per cell for database and message queues"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_d9549ac7","line":80,"range":{"start_line":80,"start_character":55,"end_line":80,"end_character":73},"updated":"2018-11-09 15:45:11.000000000","message":"All communication to these is via RabbitMQ.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"ec065b7d5749f280c0567d9e56b001c7377ac8f2","unresolved":false,"context_lines":[{"line_number":77,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":80,"context_line":"      traffic across the cell database cluster and the Nova cell services."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"* Automatic deployment and registration of cells with the Nova API"},{"line_number":83,"context_line":"* Unique credentials per cell for database and message queues"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_6a9326a5","line":80,"range":{"start_line":80,"start_character":55,"end_line":80,"end_character":73},"in_reply_to":"3f79a3b5_d9549ac7","updated":"2018-11-09 16:32:16.000000000","message":"Good point","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"e06c910bd0e900f2722706eb1e303dd5d32da944","unresolved":false,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":"* Automatic deployment and registration of cells with the Nova API"},{"line_number":83,"context_line":"* Unique credentials per cell for database and message queues"},{"line_number":84,"context_line":"* Dedicated Kolla CLI command for discovering new hosts in cells"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"Configuration"},{"line_number":87,"context_line":"-------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_a58bb71f","line":84,"updated":"2018-11-09 09:44:07.000000000","message":"this is already done by nova-manage, discovering of new hosts is made nova with a config option","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"63dd857c18d4afc1109f4439b635c41f47c8009a","unresolved":false,"context_lines":[{"line_number":94,"context_line":""},{"line_number":95,"context_line":"  cells:"},{"line_number":96,"context_line":"    - name: cell1"},{"line_number":97,"context_line":"      rabbitmq:"},{"line_number":98,"context_line":"\tgroup: cell1-infra"},{"line_number":99,"context_line":"      database:"},{"line_number":100,"context_line":"\tgroup: cell1-infra"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_0f05e478","line":97,"range":{"start_line":97,"start_character":6,"end_line":97,"end_character":14},"updated":"2018-11-09 15:45:11.000000000","message":"Will we infer the set of rabbitmq clusters to build from this list, or will they be defined separately? If the former, how would usernames and passwords be defined? I\u0027m thinking of the case where we have a single cluster specified multiple times with vhosts, and each cell uses a different user/password to access it.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"ec065b7d5749f280c0567d9e56b001c7377ac8f2","unresolved":false,"context_lines":[{"line_number":94,"context_line":""},{"line_number":95,"context_line":"  cells:"},{"line_number":96,"context_line":"    - name: cell1"},{"line_number":97,"context_line":"      rabbitmq:"},{"line_number":98,"context_line":"\tgroup: cell1-infra"},{"line_number":99,"context_line":"      database:"},{"line_number":100,"context_line":"\tgroup: cell1-infra"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_eaebb677","line":97,"range":{"start_line":97,"start_character":6,"end_line":97,"end_character":14},"in_reply_to":"3f79a3b5_0f05e478","updated":"2018-11-09 16:32:16.000000000","message":"The way that I imagined this would work was that only one cluster could be defined per cell. For the case when a cluster is used multiple times via vhosts then you just need to specify the vhost name as an option, along with credentials if you don\u0027t want to use defaults.\n\nI do wonder if this spec should focus on the minimum viable product and not bother with vhosts.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"84d229333dddd751c0fa55ddf77b24aaa5f9dfaa","unresolved":false,"context_lines":[{"line_number":94,"context_line":""},{"line_number":95,"context_line":"  cells:"},{"line_number":96,"context_line":"    - name: cell1"},{"line_number":97,"context_line":"      rabbitmq:"},{"line_number":98,"context_line":"\tgroup: cell1-infra"},{"line_number":99,"context_line":"      database:"},{"line_number":100,"context_line":"\tgroup: cell1-infra"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_29af642d","line":97,"range":{"start_line":97,"start_character":6,"end_line":97,"end_character":14},"in_reply_to":"3f79a3b5_eaebb677","updated":"2018-11-12 12:17:40.000000000","message":"I\u0027m certainly for keeping the initial version simple in order to get it done. It would be nice to have a solution that is open to extension for more exotic setups using vhosts etc. Perhaps we can discuss that in a separate \u0027future extensions\u0027 section in this spec.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"63dd857c18d4afc1109f4439b635c41f47c8009a","unresolved":false,"context_lines":[{"line_number":95,"context_line":"  cells:"},{"line_number":96,"context_line":"    - name: cell1"},{"line_number":97,"context_line":"      rabbitmq:"},{"line_number":98,"context_line":"\tgroup: cell1-infra"},{"line_number":99,"context_line":"      database:"},{"line_number":100,"context_line":"\tgroup: cell1-infra"},{"line_number":101,"context_line":"      haproxy:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_2f4780a6","line":98,"range":{"start_line":98,"start_character":1,"end_line":98,"end_character":19},"updated":"2018-11-09 15:45:11.000000000","message":"Would this use the default global username/password/port?","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"e06c910bd0e900f2722706eb1e303dd5d32da944","unresolved":false,"context_lines":[{"line_number":95,"context_line":"  cells:"},{"line_number":96,"context_line":"    - name: cell1"},{"line_number":97,"context_line":"      rabbitmq:"},{"line_number":98,"context_line":"\tgroup: cell1-infra"},{"line_number":99,"context_line":"      database:"},{"line_number":100,"context_line":"\tgroup: cell1-infra"},{"line_number":101,"context_line":"      haproxy:"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_65911f50","line":98,"range":{"start_line":98,"start_character":0,"end_line":98,"end_character":1},"updated":"2018-11-09 09:44:07.000000000","message":"unwanted tab chars, better spaces to keep consistency","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"63dd857c18d4afc1109f4439b635c41f47c8009a","unresolved":false,"context_lines":[{"line_number":96,"context_line":"    - name: cell1"},{"line_number":97,"context_line":"      rabbitmq:"},{"line_number":98,"context_line":"\tgroup: cell1-infra"},{"line_number":99,"context_line":"      database:"},{"line_number":100,"context_line":"\tgroup: cell1-infra"},{"line_number":101,"context_line":"      haproxy:"},{"line_number":102,"context_line":"\tgroup: cell1-infra"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_4f143c99","line":99,"range":{"start_line":99,"start_character":6,"end_line":99,"end_character":14},"updated":"2018-11-09 15:45:11.000000000","message":"Similar questions as for rabbitmq. Also, how would we differentiate config for external DBs from those provisioned by kolla-ansible? Currently I think a single flag configures whether the DB is external.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"ec065b7d5749f280c0567d9e56b001c7377ac8f2","unresolved":false,"context_lines":[{"line_number":96,"context_line":"    - name: cell1"},{"line_number":97,"context_line":"      rabbitmq:"},{"line_number":98,"context_line":"\tgroup: cell1-infra"},{"line_number":99,"context_line":"      database:"},{"line_number":100,"context_line":"\tgroup: cell1-infra"},{"line_number":101,"context_line":"      haproxy:"},{"line_number":102,"context_line":"\tgroup: cell1-infra"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_4a3bca34","line":99,"range":{"start_line":99,"start_character":6,"end_line":99,"end_character":14},"in_reply_to":"3f79a3b5_4f143c99","updated":"2018-11-09 16:32:16.000000000","message":"The idea was that if you define a group, then the cluster is managed by KA, and if you don\u0027t then it\u0027s taken to be external.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"e06c910bd0e900f2722706eb1e303dd5d32da944","unresolved":false,"context_lines":[{"line_number":161,"context_line":"Out of scope"},{"line_number":162,"context_line":"------------"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"The following are not part of this spec, but the implemenation should support"},{"line_number":165,"context_line":"adding them in the future:"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"* Deploying baremetal machines with Ironic"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_c57b5328","line":164,"range":{"start_line":164,"start_character":49,"end_line":164,"end_character":62},"updated":"2018-11-09 09:44:07.000000000","message":"typo","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"e06c910bd0e900f2722706eb1e303dd5d32da944","unresolved":false,"context_lines":[{"line_number":199,"context_line":"-----------"},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"Primary assignee:"},{"line_number":202,"context_line":"  \u003claunchpad-id or None\u003e"},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"Milestones"},{"line_number":205,"context_line":"----------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_e593ef4b","line":202,"range":{"start_line":202,"start_character":2,"end_line":202,"end_character":24},"updated":"2018-11-09 09:44:07.000000000","message":"someone should be assigned ,i\u0027d do it but not have enough HW resources to test","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"864588ae47b6190a58de33cc28f73f1410d95e4f","unresolved":false,"context_lines":[{"line_number":199,"context_line":"-----------"},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"Primary assignee:"},{"line_number":202,"context_line":"  \u003claunchpad-id or None\u003e"},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"Milestones"},{"line_number":205,"context_line":"----------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_0fc64416","line":202,"range":{"start_line":202,"start_character":2,"end_line":202,"end_character":24},"in_reply_to":"3f79a3b5_a8faae40","updated":"2018-11-09 15:43:03.000000000","message":"Depending on a future project we may be able to pick this up. Apparently Clint has left GoDaddy - not sure if he\u0027s still working with OpenStack. Perhaps there is someone else there who\u0027s interested.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"63dd857c18d4afc1109f4439b635c41f47c8009a","unresolved":false,"context_lines":[{"line_number":199,"context_line":"-----------"},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"Primary assignee:"},{"line_number":202,"context_line":"  \u003claunchpad-id or None\u003e"},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"Milestones"},{"line_number":205,"context_line":"----------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_54f5afc7","line":202,"range":{"start_line":202,"start_character":2,"end_line":202,"end_character":24},"in_reply_to":"3f79a3b5_a8faae40","updated":"2018-11-09 15:45:11.000000000","message":"They have proposed patches for some parts of nova, and rabbitmq.\n\nWhen I last spoke to Clint, don\u0027t plan on doing any other parts such as the database config.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"fbb380ef18e397df9c25177a4f636043d08fedca","unresolved":false,"context_lines":[{"line_number":199,"context_line":"-----------"},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"Primary assignee:"},{"line_number":202,"context_line":"  \u003claunchpad-id or None\u003e"},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"Milestones"},{"line_number":205,"context_line":"----------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_a8faae40","line":202,"range":{"start_line":202,"start_character":2,"end_line":202,"end_character":24},"in_reply_to":"3f79a3b5_e593ef4b","updated":"2018-11-09 10:57:57.000000000","message":"\u003e someone should be assigned ,i\u0027d do it but not have enough HW\n \u003e resources to test\n\nI think on the PTG there was a big interest from Clint Byrum and his team (GoDaddy) - maybe they would be interested.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"63dd857c18d4afc1109f4439b635c41f47c8009a","unresolved":false,"context_lines":[{"line_number":221,"context_line":""},{"line_number":222,"context_line":"* Support deploying HAProxy/Keepalived per cell"},{"line_number":223,"context_line":""},{"line_number":224,"context_line":"  * For simplicty follow the existing model in Kolla where even if a single"},{"line_number":225,"context_line":"    instance of a service is deployed it is made accessible via a VIP."},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"* Support deploying Nova compute and Nova conductor per cell"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_9474a738","line":224,"range":{"start_line":224,"start_character":14,"end_line":224,"end_character":15},"updated":"2018-11-09 15:45:11.000000000","message":"i","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"63dd857c18d4afc1109f4439b635c41f47c8009a","unresolved":false,"context_lines":[{"line_number":225,"context_line":"    instance of a service is deployed it is made accessible via a VIP."},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"* Support deploying Nova compute and Nova conductor per cell"},{"line_number":228,"context_line":"* Support automatic registration of cells with the Nova API"},{"line_number":229,"context_line":"* Document how cells are defined"},{"line_number":230,"context_line":""},{"line_number":231,"context_line":"Testing"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3f79a3b5_f485db0a","line":228,"range":{"start_line":228,"start_character":2,"end_line":228,"end_character":59},"updated":"2018-11-09 15:45:11.000000000","message":"Some work started here: https://review.openstack.org/#/c/585484/. However, that work is based on a nova patch (https://review.openstack.org/#/c/568987/) with a -2. Nova has decided to make the create/update cell command idempotent instead.","commit_id":"9f25d5c8ce0d0a2239f8e6bc483a0b2fa8ad9a6f"},{"author":{"_account_id":19779,"name":"Chason Chan","display_name":"chenxing","email":"chason.chan@foxmail.com","username":"chenxing"},"change_message_id":"bc6484c6dbb62ad3c8a1fbe5d9bf8779b5289d10","unresolved":false,"context_lines":[{"line_number":32,"context_line":"of the OpenStack deployments that it can manage."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Use cases"},{"line_number":35,"context_line":"---------"},{"line_number":36,"context_line":"1. As an operator, I want to manage a 10,000 node OpenStack deployment with"},{"line_number":37,"context_line":"   Kolla-Ansible."},{"line_number":38,"context_line":"2. As an operator, I do not want my entire control plane to go offline if"},{"line_number":39,"context_line":"   a central message queue or database cluster fails. By splitting the"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_3d40fa5d","line":36,"range":{"start_line":35,"start_character":0,"end_line":36,"end_character":21},"updated":"2018-11-12 15:49:27.000000000","message":"One blank line is needed.","commit_id":"9af8924194440b7e0d7f7a6eeb35c460954b6763"},{"author":{"_account_id":19779,"name":"Chason Chan","display_name":"chenxing","email":"chason.chan@foxmail.com","username":"chenxing"},"change_message_id":"bc6484c6dbb62ad3c8a1fbe5d9bf8779b5289d10","unresolved":false,"context_lines":[{"line_number":50,"context_line":"* Nova"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"  * Support deploying a cluster of Nova services for each cell. Initially"},{"line_number":53,"context_line":"    this will include nova-conductor and nova-compute."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"  * The existing Nova API, conductor, scheduler and the placement API can"},{"line_number":56,"context_line":"    remain on the control plane. The conductor will be promoted to a"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_5d2cd6b0","line":53,"range":{"start_line":53,"start_character":41,"end_line":53,"end_character":53},"updated":"2018-11-12 15:49:27.000000000","message":"``nova-compute``","commit_id":"9af8924194440b7e0d7f7a6eeb35c460954b6763"},{"author":{"_account_id":19779,"name":"Chason Chan","display_name":"chenxing","email":"chason.chan@foxmail.com","username":"chenxing"},"change_message_id":"bc6484c6dbb62ad3c8a1fbe5d9bf8779b5289d10","unresolved":false,"context_lines":[{"line_number":50,"context_line":"* Nova"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"  * Support deploying a cluster of Nova services for each cell. Initially"},{"line_number":53,"context_line":"    this will include nova-conductor and nova-compute."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"  * The existing Nova API, conductor, scheduler and the placement API can"},{"line_number":56,"context_line":"    remain on the control plane. The conductor will be promoted to a"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_fd55a21f","line":53,"range":{"start_line":53,"start_character":22,"end_line":53,"end_character":36},"updated":"2018-11-12 15:49:27.000000000","message":"``nova-conductor``","commit_id":"9af8924194440b7e0d7f7a6eeb35c460954b6763"},{"author":{"_account_id":19779,"name":"Chason Chan","display_name":"chenxing","email":"chason.chan@foxmail.com","username":"chenxing"},"change_message_id":"bc6484c6dbb62ad3c8a1fbe5d9bf8779b5289d10","unresolved":false,"context_lines":[{"line_number":94,"context_line":"be defined in the inventory. For example, the following may be"},{"line_number":95,"context_line":"defined in  ``group_vars/all.yml``:"},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"::"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"  cells:"},{"line_number":100,"context_line":"    - name: cell1"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_1d32de0e","line":97,"range":{"start_line":97,"start_character":0,"end_line":97,"end_character":2},"updated":"2018-11-12 15:49:27.000000000","message":".. code-block:: yaml","commit_id":"9af8924194440b7e0d7f7a6eeb35c460954b6763"},{"author":{"_account_id":19779,"name":"Chason Chan","display_name":"chenxing","email":"chason.chan@foxmail.com","username":"chenxing"},"change_message_id":"bc6484c6dbb62ad3c8a1fbe5d9bf8779b5289d10","unresolved":false,"context_lines":[{"line_number":130,"context_line":""},{"line_number":131,"context_line":"With the following example inventory:"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"::"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"  ################ Cell 1 ####################"},{"line_number":136,"context_line":"  [cell1-infra]"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_3d355af5","line":133,"range":{"start_line":133,"start_character":0,"end_line":133,"end_character":2},"updated":"2018-11-12 15:49:27.000000000","message":".. code-block:: none","commit_id":"9af8924194440b7e0d7f7a6eeb35c460954b6763"},{"author":{"_account_id":19779,"name":"Chason Chan","display_name":"chenxing","email":"chason.chan@foxmail.com","username":"chenxing"},"change_message_id":"bc6484c6dbb62ad3c8a1fbe5d9bf8779b5289d10","unresolved":false,"context_lines":[{"line_number":161,"context_line":"  compute5"},{"line_number":162,"context_line":"  ############################################"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"Out of scope"},{"line_number":166,"context_line":"------------"},{"line_number":167,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_fd1a827d","line":164,"updated":"2018-11-12 15:49:27.000000000","message":"remove this line","commit_id":"9af8924194440b7e0d7f7a6eeb35c460954b6763"},{"author":{"_account_id":19779,"name":"Chason Chan","display_name":"chenxing","email":"chason.chan@foxmail.com","username":"chenxing"},"change_message_id":"bc6484c6dbb62ad3c8a1fbe5d9bf8779b5289d10","unresolved":false,"context_lines":[{"line_number":233,"context_line":"* Document how cells are defined"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"Testing"},{"line_number":236,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":237,"context_line":"* Support deploying multiple Nova cells in the Kolla Vagrant development"},{"line_number":238,"context_line":"  environment. This will aid development and facilitate early testing."},{"line_number":239,"context_line":"* Add a feature test in Zuul"},{"line_number":240,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_5d15b64a","line":237,"range":{"start_line":236,"start_character":0,"end_line":237,"end_character":14},"updated":"2018-11-12 15:49:27.000000000","message":"One blank line is needed.","commit_id":"9af8924194440b7e0d7f7a6eeb35c460954b6763"},{"author":{"_account_id":19779,"name":"Chason Chan","display_name":"chenxing","email":"chason.chan@foxmail.com","username":"chenxing"},"change_message_id":"bc6484c6dbb62ad3c8a1fbe5d9bf8779b5289d10","unresolved":false,"context_lines":[{"line_number":239,"context_line":"* Add a feature test in Zuul"},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"Documentation Impact"},{"line_number":242,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":243,"context_line":"Documentation will be extended to explain how Nova cells can be enabled. This"},{"line_number":244,"context_line":"will include a diagram."},{"line_number":245,"context_line":""},{"line_number":246,"context_line":"References"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_7d18b281","line":243,"range":{"start_line":242,"start_character":0,"end_line":243,"end_character":9},"updated":"2018-11-12 15:49:27.000000000","message":"ditto","commit_id":"9af8924194440b7e0d7f7a6eeb35c460954b6763"},{"author":{"_account_id":19779,"name":"Chason Chan","display_name":"chenxing","email":"chason.chan@foxmail.com","username":"chenxing"},"change_message_id":"bc6484c6dbb62ad3c8a1fbe5d9bf8779b5289d10","unresolved":false,"context_lines":[{"line_number":244,"context_line":"will include a diagram."},{"line_number":245,"context_line":""},{"line_number":246,"context_line":"References"},{"line_number":247,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":248,"context_line":"[1] https://docs.openstack.org/nova/latest/user/cells.html"},{"line_number":249,"context_line":"[2] https://www.openstack.org/videos/sydney-2017/adding-cellsv2-to-your-existing-nova-deployment"},{"line_number":250,"context_line":"[3] https://docs.openstack.org/nova/latest/user/cellsv2-layout.htm"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3f79a3b5_1d0bbe2c","line":248,"range":{"start_line":247,"start_character":0,"end_line":248,"end_character":19},"updated":"2018-11-12 15:49:27.000000000","message":"ditto","commit_id":"9af8924194440b7e0d7f7a6eeb35c460954b6763"},{"author":{"_account_id":26285,"name":"wu.chunyang","email":"wchy1001@gmail.com","username":"wu.chunyang"},"change_message_id":"23718a54157fd04d468dafa1fa2b62e10fe7845f","unresolved":false,"context_lines":[{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Use cases"},{"line_number":35,"context_line":"---------"},{"line_number":36,"context_line":"1. As an operator, I want to manage a 10,000 node OpenStack deployment with"},{"line_number":37,"context_line":"   Kolla-Ansible."},{"line_number":38,"context_line":"2. As an operator, I do not want my entire control plane to go offline if"},{"line_number":39,"context_line":"   a central message queue or database cluster fails. By splitting the"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3f79a3b5_34532571","line":36,"range":{"start_line":36,"start_character":45,"end_line":36,"end_character":49},"updated":"2018-11-13 14:15:10.000000000","message":"nodes","commit_id":"eb37400a943348fc4e912ad93c1836da5b137c3d"},{"author":{"_account_id":23942,"name":"Matt Kucia","email":"maciej@kucia.net","username":"maciejkucia"},"change_message_id":"a27374681883a3d3b7dac945ef52d98e52e613f5","unresolved":false,"context_lines":[{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Use cases"},{"line_number":35,"context_line":"---------"},{"line_number":36,"context_line":"1. As an operator, I want to manage a 10,000 node OpenStack deployment with"},{"line_number":37,"context_line":"   Kolla-Ansible."},{"line_number":38,"context_line":"2. As an operator, I do not want my entire control plane to go offline if"},{"line_number":39,"context_line":"   a central message queue or database cluster fails. By splitting the"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3f79a3b5_c899b480","line":36,"range":{"start_line":36,"start_character":45,"end_line":36,"end_character":49},"in_reply_to":"3f79a3b5_34532571","updated":"2018-11-19 00:31:46.000000000","message":"This is a correct English. The sentence is not about 10000 nodes but a \u002710,000-node-openstack-deployment\u0027.","commit_id":"eb37400a943348fc4e912ad93c1836da5b137c3d"},{"author":{"_account_id":10343,"name":"Jim Rollenhagen","email":"jim@jimrollenhagen.com","username":"jimrollenhagen"},"change_message_id":"056b1f66487a686b4d2f4a7896aa973a16281b0c","unresolved":false,"context_lines":[{"line_number":114,"context_line":"        vhost: cell2"},{"line_number":115,"context_line":"        port: 4567"},{"line_number":116,"context_line":"        username: foo"},{"line_number":117,"context_line":"        password: bar"},{"line_number":118,"context_line":"      database:"},{"line_number":119,"context_line":"        name: cell2"},{"line_number":120,"context_line":"        address: https://10.0.0.1:1234"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3f79a3b5_e0b02b90","line":117,"updated":"2018-11-20 11:28:54.000000000","message":"Shouldn\u0027t this reference passwords.yaml? Or is it implied that deployers should do something like:\n\n    password: \"{{ cell2_rabbit_password }}\"","commit_id":"eb37400a943348fc4e912ad93c1836da5b137c3d"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"c99934723c2044161e43184f7f836e40db3d4fba","unresolved":false,"context_lines":[{"line_number":114,"context_line":"        vhost: cell2"},{"line_number":115,"context_line":"        port: 4567"},{"line_number":116,"context_line":"        username: foo"},{"line_number":117,"context_line":"        password: bar"},{"line_number":118,"context_line":"      database:"},{"line_number":119,"context_line":"        name: cell2"},{"line_number":120,"context_line":"        address: https://10.0.0.1:1234"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3f79a3b5_22d34e65","line":117,"in_reply_to":"3f79a3b5_3b465458","updated":"2018-11-23 11:29:27.000000000","message":"Done","commit_id":"eb37400a943348fc4e912ad93c1836da5b137c3d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"3e38d301a2f1d363d77add5605a83f6eedd3ac0a","unresolved":false,"context_lines":[{"line_number":114,"context_line":"        vhost: cell2"},{"line_number":115,"context_line":"        port: 4567"},{"line_number":116,"context_line":"        username: foo"},{"line_number":117,"context_line":"        password: bar"},{"line_number":118,"context_line":"      database:"},{"line_number":119,"context_line":"        name: cell2"},{"line_number":120,"context_line":"        address: https://10.0.0.1:1234"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3f79a3b5_3b465458","line":117,"in_reply_to":"3f79a3b5_e0b02b90","updated":"2018-11-20 11:37:42.000000000","message":"+1 for making the reference to a variable in passwords.yml explicit.","commit_id":"eb37400a943348fc4e912ad93c1836da5b137c3d"},{"author":{"_account_id":7488,"name":"Jeffrey Zhang","email":"zhang.lei.fly@gmail.com","username":"Jeffrey4l"},"change_message_id":"37354dab5cc4c99c0e6b63152cb502e0706f2956","unresolved":false,"context_lines":[{"line_number":125,"context_line":"      nova_compute:"},{"line_number":126,"context_line":"        group: cell2-nova-compute"},{"line_number":127,"context_line":"      nova_conductor:"},{"line_number":128,"context_line":"        group: cell2-nova-conductor"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"With the following example inventory:"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3f79a3b5_ce83ab4e","line":128,"updated":"2018-11-23 06:14:30.000000000","message":"another option is use different inventory and playbooks for deploying nova cell. for example\n\noperator should prepare a separate inventory file like \u0027nova-cell1\u0027 with following content\n\n```\n[cell-infra]\nnode1\nnode2\nnode3\n\n[haproxy:children]\ncell-infra\n\n[rabbitmq:children]\ncell-infra\n\n[mariadb:children]\ncell-infra\n\n[nova-compute]\ncompute[1:10]\n```\n\nand kolla provides another playbooks like \u0027deploy-nova-cell.yml\u0027 with following content:\n\n```\n- hosts: haproxy\n  roles:\n     - haproxy\n\n- hosts: mariadb\n  roles:\n     - mariadb\n\n- hosts: nova-compute\n  roles:\n     - nova\n```\n\nThen when user wanna to deploy a new cell, just create a new inventory from the example one and make some change. then run\n\nkolla-ansible -i nova-cell2 -p deploy-nova-cell.yml\n\n\nThe benefit for this is: \n\n1. no need maintain cell inventory file in groups/all.yml with a magic \"cells\" variables\n2. The current roles may not need a big changes.\n3. operators could deployment new cells without know the existing nodes. like \"facts\"","commit_id":"eb37400a943348fc4e912ad93c1836da5b137c3d"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"c99934723c2044161e43184f7f836e40db3d4fba","unresolved":false,"context_lines":[{"line_number":125,"context_line":"      nova_compute:"},{"line_number":126,"context_line":"        group: cell2-nova-compute"},{"line_number":127,"context_line":"      nova_conductor:"},{"line_number":128,"context_line":"        group: cell2-nova-conductor"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"With the following example inventory:"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3f79a3b5_6222a655","line":128,"in_reply_to":"3f79a3b5_ce83ab4e","updated":"2018-11-23 11:29:27.000000000","message":"Thanks Jeffrey, you raise some interesting points. I have proposed something not too dissimilar. I have a prototype where the roles are invoked against the cells from site.yml. By overriding group variables, the roles can run with minimal changes (so far I tested HAProxy, MariaDB and RabbitMQ). What do you think?","commit_id":"eb37400a943348fc4e912ad93c1836da5b137c3d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"5b2482152721e3e1714dc8df247fef36f26f5b0a","unresolved":false,"context_lines":[{"line_number":128,"context_line":"        group: cell2-nova-conductor"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"With the following example inventory:"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"::"},{"line_number":134,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"3f79a3b5_9b48c82b","line":131,"range":{"start_line":131,"start_character":0,"end_line":131,"end_character":37},"updated":"2018-11-20 11:48:03.000000000","message":"We need to consider how we\u0027ll execute playbooks against these hosts.\n\nThe current cells-rabbitmq patch uses a top-level cells-rabbitmq group that the play is targeted against. All cells rabbitmq hosts are added to this group:\n\n[cells-rabbitmq:children]\ncell1-rabbitmq\ncell2-rabbitmq\n\n[cell1-rabbitmq]\ncell1-rmq1\ncell1-rmq2\ncell1-rmq3\n\n[cell2-rabbitmq]\ncell2-rmq1\ncell2-rmq2\ncell2-rmq3\n\nThen the play does something like this:\n\n- hosts: cells-rabbitmq\n  tasks:\n    - include_role: rabbitmq\n      with_items: cells\n      vars:\n        rabbitmq_var: \"{{ item.rabbitmq.var }}\"\n\nThe downside of this approach is that RabbitMQ cluster creation is serialised for each cell, and that every cell iteration will have all hosts in cells-rabbitmq, with many just skipped. The upside is that it\u0027s conceptually quite simple, as only one cluster is deployed at a time, and you could deploy multiple rabbitmq services per host, if you desire.","commit_id":"eb37400a943348fc4e912ad93c1836da5b137c3d"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"c99934723c2044161e43184f7f836e40db3d4fba","unresolved":false,"context_lines":[{"line_number":128,"context_line":"        group: cell2-nova-conductor"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"With the following example inventory:"},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"::"},{"line_number":134,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"3f79a3b5_623b8699","line":131,"range":{"start_line":131,"start_character":0,"end_line":131,"end_character":37},"in_reply_to":"3f79a3b5_9b48c82b","updated":"2018-11-23 11:29:27.000000000","message":"Agreed - I have updated the spec to use a different approach where roles can be applied to cells directly from site.yml. This avoids the looping approach. As soon as you have a few cells defined the looping approach becomes confusing and inefficient. It isn\u0027t obvious if a task was skipped because a host wasn\u0027t in the current iteration of the loop, or for some other reason.","commit_id":"eb37400a943348fc4e912ad93c1836da5b137c3d"},{"author":{"_account_id":10343,"name":"Jim Rollenhagen","email":"jim@jimrollenhagen.com","username":"jimrollenhagen"},"change_message_id":"5b1fa05db23e30a05271864daacf18aa8458cdbc","unresolved":false,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Cells configuration will be defined in files saved in ``group_vars/`` and"},{"line_number":100,"context_line":"groups of nodes will be defined in the inventory. For example, the"},{"line_number":101,"context_line":"following files may be defined in  ``group_vars/``:"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":".. code-block:: yaml"},{"line_number":104,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"3f79a3b5_ec08d3d7","line":101,"updated":"2018-11-26 13:51:54.000000000","message":"Can we offer a way to include cell configuration without putting files in group_vars? I feel like we shouldn\u0027t be encouraging people to (essentially) edit the kolla-ansible source. With my deployer hat on, I certainly don\u0027t want to :)","commit_id":"7c9d1551f8ce5ca6940f9e9b97a15ffdbc330f36"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c84ca630145607a4647176cace4084bad4472ceb","unresolved":false,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Cells configuration will be defined in files saved in ``group_vars/`` and"},{"line_number":100,"context_line":"groups of nodes will be defined in the inventory. For example, the"},{"line_number":101,"context_line":"following files may be defined in  ``group_vars/``:"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":".. code-block:: yaml"},{"line_number":104,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"3f79a3b5_b5c69a40","line":101,"in_reply_to":"3f79a3b5_3274e09a","updated":"2018-11-26 16:14:43.000000000","message":"You can define group_vars and host_vars next to playbooks and your inventory. See https://docs.ansible.com/ansible/2.5/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable.\n\nSlightly annoyingly, playbook group_vars have higher precedence than inventory group_vars.\n\nAgreed that we shouldn\u0027t encourage anyone to modify the source, but we could encourage them to keep group_vars next to their inventory. The layout is as follows:\n\ninventory/\n  group_vars/\n  host_vars/\n  hosts\n\nYou can reference the inventory as -i inventory or -i hosts.\n\nTo add an inventory for each cell, we could do something like this:\n\ninventory/\n  group_vars/\n  host_vars/\n  cell0\n  cell1\n\nThen, -i inventory would include all cells, whereas -i cell0 would include only hosts in cell0.","commit_id":"7c9d1551f8ce5ca6940f9e9b97a15ffdbc330f36"},{"author":{"_account_id":10343,"name":"Jim Rollenhagen","email":"jim@jimrollenhagen.com","username":"jimrollenhagen"},"change_message_id":"9a937ab22c4718ee6ac2591b82ada4a956096a1c","unresolved":false,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Cells configuration will be defined in files saved in ``group_vars/`` and"},{"line_number":100,"context_line":"groups of nodes will be defined in the inventory. For example, the"},{"line_number":101,"context_line":"following files may be defined in  ``group_vars/``:"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":".. code-block:: yaml"},{"line_number":104,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"3f79a3b5_b33a2093","line":101,"in_reply_to":"3f79a3b5_3b9fdb64","updated":"2018-11-27 11:50:47.000000000","message":"Neat, I wasn\u0027t aware of the inventory directory structure. I\u0027m happy with this :)","commit_id":"7c9d1551f8ce5ca6940f9e9b97a15ffdbc330f36"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"f7d0c9fc1454c21e51aa71e4adf8ec732d28a8d0","unresolved":false,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Cells configuration will be defined in files saved in ``group_vars/`` and"},{"line_number":100,"context_line":"groups of nodes will be defined in the inventory. For example, the"},{"line_number":101,"context_line":"following files may be defined in  ``group_vars/``:"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":".. code-block:: yaml"},{"line_number":104,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"3f79a3b5_3b9fdb64","line":101,"in_reply_to":"3f79a3b5_b5c69a40","updated":"2018-11-26 17:43:05.000000000","message":"I think that it would be a smaller change to implement that approach (group_vars next to inventory). With the group vars in the inventory file, more variables need to be abstracted to override them due to the lower precedence of inventory group vars. I will create a summary of the various options.","commit_id":"7c9d1551f8ce5ca6940f9e9b97a15ffdbc330f36"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"a36bba51e152dbf3723be0c73e8bb7df92b40de2","unresolved":false,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Cells configuration will be defined in files saved in ``group_vars/`` and"},{"line_number":100,"context_line":"groups of nodes will be defined in the inventory. For example, the"},{"line_number":101,"context_line":"following files may be defined in  ``group_vars/``:"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":".. code-block:: yaml"},{"line_number":104,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"3f79a3b5_3274e09a","line":101,"in_reply_to":"3f79a3b5_ec08d3d7","updated":"2018-11-26 15:06:46.000000000","message":"Fair point - perhaps a better option is to define the vars in the inventory file for the cell. So each cell could be described by a single inventory file which contained all the hosts and settings. The inventory file could optionally contain multiple cells.","commit_id":"7c9d1551f8ce5ca6940f9e9b97a15ffdbc330f36"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e7d299b46a50f88cc8dab4b40863fcf16afcb088","unresolved":false,"context_lines":[{"line_number":38,"context_line":"   Kolla-Ansible."},{"line_number":39,"context_line":"2. As an operator, I do not want my entire control plane to go offline if"},{"line_number":40,"context_line":"   a central message queue or database cluster fails. By splitting the"},{"line_number":41,"context_line":"   deployment into \u0027cells\u0027 I can isolate failures."},{"line_number":42,"context_line":"3. As an operator of a small OpenStack deployment managed by Kolla-Ansible,"},{"line_number":43,"context_line":"   I want a clear path for scaling my deployment if I need to in the future."},{"line_number":44,"context_line":"4. As an operator of a large OpenStack deployment I want to be able to apply"}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_4a59c832","line":41,"updated":"2019-05-28 12:54:19.000000000","message":"So cells is really just nova.\n\nI think you should extend this to sharding DB and message queues per service.\n\nFor large deployments, neutron may need separate physical boxes for DB and Rabbit to any Nova API or cells.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"bfc24c1effef948bd00b2e8c1b698f75838fdae6","unresolved":false,"context_lines":[{"line_number":44,"context_line":"4. As an operator of a large OpenStack deployment I want to be able to apply"},{"line_number":45,"context_line":"   changes on a cell-by-cell basis so that I can reduce the risk of bringing"},{"line_number":46,"context_line":"   down all cells if something goes wrong."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Proposed change"},{"line_number":49,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":50,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_e5a30d9d","line":47,"updated":"2019-05-28 16:49:10.000000000","message":"Given this some more thought...\n\nMaybe we should add support for one or two specific scenarios.\n \nRough goals:\n\n* nice if we can add usually add extra compute nodes without resizing the API layer control plane (assuming a mix of pets and cattle)\n* ideally scale out API control plane as load increases on the API\n* it would be good to make efficient use of all three API control plane nodes\n\nNova specifics:\n* cells lightweight enough to not mix hardware types inside a cell (useful logical container)\n* loss of one cell DB (failover, etc) doesn\u0027t affect general API availability\n\nTarget configuration:\n* Three (+n) API controllers\n** as API load increases, add controllers\n** spread workers out between the nodes\n** remove data intensive stuff like Ceph RADOS, Glance.\n* Two (+m) Compute controllers\n** as you add more compute nodes, add controllers\n** glance (with cache), nova cell DBs, cell rabbits, etc\n* Separate monitoring\n** if monitoring traffic increases, don\u0027t kill API\n** thinking of log bursts, additional computes\n** future may have per compute moninting\n\nTo make the above work we could do something like:\n* map services to a service group, dedicated or shared\n* deploy multiple service groups, each group does:\n** deploys mariadb cluster, rabbit cluster, haproxy\n** have option of non haproxy, single rabbit with a master-slave DB setup\n\nSorry for the brain dump, kinda half way through, but hopefully useful points.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"c18990c953d6742ed651d79ea56403dc776134df","unresolved":false,"context_lines":[{"line_number":54,"context_line":"* Nova"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"  * Support deploying a cluster of Nova services for each cell. Initially"},{"line_number":57,"context_line":"    this will include ``nova-conductor`` and ``nova-compute``."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  * The existing Nova API, conductor, scheduler and the placement API can"},{"line_number":60,"context_line":"    remain on the control plane. The conductor will be promoted to a"}],"source_content_type":"text/x-rst","patch_set":9,"id":"3f79a3b5_8c01e6b6","line":57,"updated":"2018-12-11 14:35:28.000000000","message":"VNCs proxies should also go in the cells IIUC the cells split","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"6e6689461332dba50411d422ff719588f92e1e0e","unresolved":false,"context_lines":[{"line_number":54,"context_line":"* Nova"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"  * Support deploying a cluster of Nova services for each cell. Initially"},{"line_number":57,"context_line":"    this will include ``nova-conductor`` and ``nova-compute``."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  * The existing Nova API, conductor, scheduler and the placement API can"},{"line_number":60,"context_line":"    remain on the control plane. The conductor will be promoted to a"}],"source_content_type":"text/x-rst","patch_set":9,"id":"dfbec78f_828e3e76","line":57,"in_reply_to":"3f79a3b5_8c01e6b6","updated":"2019-05-06 19:07:31.000000000","message":"We do not run VNC (spice) proxies per cell.  We just run them at the top level cell.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e7d299b46a50f88cc8dab4b40863fcf16afcb088","unresolved":false,"context_lines":[{"line_number":54,"context_line":"* Nova"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"  * Support deploying a cluster of Nova services for each cell. Initially"},{"line_number":57,"context_line":"    this will include ``nova-conductor`` and ``nova-compute``."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  * The existing Nova API, conductor, scheduler and the placement API can"},{"line_number":60,"context_line":"    remain on the control plane. The conductor will be promoted to a"}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_6aea8c0f","line":57,"in_reply_to":"dfbec78f_828e3e76","updated":"2019-05-28 12:54:19.000000000","message":"I vote doing them at the top level to start with, to keep it simple to start with.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e7d299b46a50f88cc8dab4b40863fcf16afcb088","unresolved":false,"context_lines":[{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  * The existing Nova API, conductor, scheduler and the placement API can"},{"line_number":60,"context_line":"    remain on the control plane. The conductor will be promoted to a"},{"line_number":61,"context_line":"    superconductor."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"* Messaging"},{"line_number":64,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_4af548ec","line":61,"updated":"2019-05-28 12:54:19.000000000","message":"Maybe worth adding serial proxies into here.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e7d299b46a50f88cc8dab4b40863fcf16afcb088","unresolved":false,"context_lines":[{"line_number":64,"context_line":""},{"line_number":65,"context_line":"  * Support optionally deploying a RabbitMQ cluster per cell"},{"line_number":66,"context_line":"  * Support using a shared RabbitMQ cluster with vHosts"},{"line_number":67,"context_line":"  * Support using mixtures of both of the above"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"* Database"},{"line_number":70,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_aabc0406","line":67,"updated":"2019-05-28 12:54:19.000000000","message":"Maybe mention a separate rabbit for neutron?","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e7d299b46a50f88cc8dab4b40863fcf16afcb088","unresolved":false,"context_lines":[{"line_number":71,"context_line":"  * Support optionally deploying a database cluster per cell"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"    * Should not normally be hosted on the same nodes as the Nova compute"},{"line_number":74,"context_line":"      services for security reasons."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"  * Support optionally using an external database per cell"},{"line_number":77,"context_line":"  * Support optionally using an internal database per cell"}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_ea4bdc27","line":74,"updated":"2019-05-28 12:54:19.000000000","message":"Note: nova-compute doesn\u0027t contact the DB directly any more, it talks to nova-conductor which will in turn talk to the DB.\n\nWe should probably note that nova-conductor shouldn\u0027t be on a nova-compute node.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e7d299b46a50f88cc8dab4b40863fcf16afcb088","unresolved":false,"context_lines":[{"line_number":77,"context_line":"  * Support optionally using an internal database per cell"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    * For example a database cluster deployed for another cell, or the"},{"line_number":80,"context_line":"      database cluster deployed for the control plane"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"  * Support using mixtures of external databases and distinct clusters"},{"line_number":83,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_6a060cd1","line":80,"range":{"start_line":80,"start_character":40,"end_line":80,"end_character":53},"updated":"2019-05-28 12:54:19.000000000","message":"Would it be easier to consider database connection strings here? note that they may all point to the same database, or some may be segregated.\n\nThat way we talk about nova-api DB, cell zero DB, nova child cell dbs, neutron db, glance db, all in a similar way?","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e9c846ab71070935f3024690920f1d12f034854f","unresolved":false,"context_lines":[{"line_number":77,"context_line":"  * Support optionally using an internal database per cell"},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    * For example a database cluster deployed for another cell, or the"},{"line_number":80,"context_line":"      database cluster deployed for the control plane"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"  * Support using mixtures of external databases and distinct clusters"},{"line_number":83,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_c3d830f0","line":80,"range":{"start_line":80,"start_character":40,"end_line":80,"end_character":53},"in_reply_to":"bfb3d3c7_6a060cd1","updated":"2019-05-29 11:56:17.000000000","message":"I would like to see this decoupled. Define a set of databases to instantiate, then services reference which DB they want to use.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"c18990c953d6742ed651d79ea56403dc776134df","unresolved":false,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"* HAProxy / Keepalived"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":89,"context_line":"      traffic across the cell database cluster."}],"source_content_type":"text/x-rst","patch_set":9,"id":"3f79a3b5_6c248a1a","line":86,"range":{"start_line":86,"start_character":4,"end_line":86,"end_character":54},"updated":"2018-12-11 14:35:28.000000000","message":"Still not seeing why need an different HAproxy for each cell, cells are supposed to no be far from control plane, adding extra load balancers add a complexity to the architecture and much harder to maintain and understand.\n\nIf i would want to use geo distributed environments I\u0027d go to deploy several regions with single cell (likely allinone).\n\nIn cells i think is assumed are close to each others and to control plane, as storage, networks and auth will remain in the same place.\n\nMany deployments assume a single db and rabbitmq instance per cell, so no load balancing is needed.\n\nAlso, having separated keepalived requires different vrrp IDs for each cell, at least 2 new IPs (external and internal) and more sub-network hosts.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"6e6689461332dba50411d422ff719588f92e1e0e","unresolved":false,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"* HAProxy / Keepalived"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":89,"context_line":"      traffic across the cell database cluster."}],"source_content_type":"text/x-rst","patch_set":9,"id":"dfbec78f_c2c2f685","line":86,"range":{"start_line":86,"start_character":4,"end_line":86,"end_character":54},"in_reply_to":"3f79a3b5_6c248a1a","updated":"2019-05-06 19:07:31.000000000","message":"+1 Cells v2 only requires rabbitmq, nova-conductor, and a db.  We choose to run seperate instances of rmq and db for each cell.  But someone could pile on rmq \u0026\u0026 db everything into one rmq \u0026\u0026 db cluster.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":17669,"name":"Doug Szumski","email":"doug@stackhpc.com","username":"DougSzumski"},"change_message_id":"84ee9fd43812543c4d1a7f73c39ec725c177db6e","unresolved":false,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"* HAProxy / Keepalived"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":89,"context_line":"      traffic across the cell database cluster."}],"source_content_type":"text/x-rst","patch_set":9,"id":"3f79a3b5_7f5e6a78","line":86,"range":{"start_line":86,"start_character":4,"end_line":86,"end_character":54},"in_reply_to":"3f79a3b5_6c248a1a","updated":"2018-12-11 15:08:30.000000000","message":"The main reason for not sharing HAProxy was so that the cells don\u0027t share a single point of failure. In practice, it isn\u0027t *that* complicated to deploy separate instances (https://review.openstack.org/#/c/619756/), but I agree that it is *more* complex than what some (many?) users will need.\n\nApart from the management API, I don\u0027t think we need HAProxy at all for a RabbitMQ cluster as generally, services take a list of Rabbit endpoints. We can still scale Rabbit without HAProxy.\n\nIt would be interesting to hear if anyone uses a MariaDB cluster per cell? I don\u0027t think Cern do. Perhaps if you need a cluster per cell it could be provided as an external DB and not managed by Kolla-Ansible?","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":9076,"name":"Kris Lindgren","email":"klindgren@godaddy.com","username":"klindgren"},"change_message_id":"6e6689461332dba50411d422ff719588f92e1e0e","unresolved":false,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"* HAProxy / Keepalived"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":89,"context_line":"      traffic across the cell database cluster."}],"source_content_type":"text/x-rst","patch_set":9,"id":"dfbec78f_e2f29a06","line":86,"range":{"start_line":86,"start_character":4,"end_line":86,"end_character":54},"in_reply_to":"3f79a3b5_7f5e6a78","updated":"2019-05-06 19:07:31.000000000","message":"We run seperate database servers per cell.  But we also use external DB\u0027s.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"e9c846ab71070935f3024690920f1d12f034854f","unresolved":false,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"* HAProxy / Keepalived"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":89,"context_line":"      traffic across the cell database cluster."}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_439be016","line":86,"range":{"start_line":86,"start_character":4,"end_line":86,"end_character":54},"in_reply_to":"bfb3d3c7_ead0bc21","updated":"2019-05-29 11:56:17.000000000","message":"If we\u0027re not using DB clusters in the cells, it should be possible to communicate directly with them without haproxy. If we support DB clusters in the cells, we\u0027d need a way of balancing traffic between them. That sounds like a problem for the future (or never).","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"e7d299b46a50f88cc8dab4b40863fcf16afcb088","unresolved":false,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"* HAProxy / Keepalived"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"  * Support deploying HAProxy/Keepalived for each cell"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"    * Used for providing a single point of access to, and for load balancing"},{"line_number":89,"context_line":"      traffic across the cell database cluster."}],"source_content_type":"text/x-rst","patch_set":9,"id":"bfb3d3c7_ead0bc21","line":86,"range":{"start_line":86,"start_character":4,"end_line":86,"end_character":54},"in_reply_to":"dfbec78f_e2f29a06","updated":"2019-05-28 12:54:19.000000000","message":"I believe CERN go for non-clustered DBs for the child cells, so haproxy isn\u0027t required.\n\nWith cells v2, there is no per cell API as such, as the API always talks to the top level DB, regardless of any expected scope of the API.\n\nHowever, I think sharding of HAProxy is going to be crucial for DB traffic, assuming we continue to route that through HAProxy.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":19316,"name":"Eduardo Gonzalez","email":"dabarren@gmail.com","username":"egonzalez90"},"change_message_id":"1faa52124e6bf76df370b065878a90f207b488f0","unresolved":false,"context_lines":[{"line_number":229,"context_line":".. code-block:: bash"},{"line_number":230,"context_line":""},{"line_number":231,"context_line":"  kolla-ansible deploy -i inventory/cell2"},{"line_number":232,"context_line":""},{"line_number":233,"context_line":"An alternative approach is to use inventory vars in each cell inventory file."},{"line_number":234,"context_line":"In this approach each cell would be defined entirely by a single file, however"},{"line_number":235,"context_line":"due to the lower precedence of inventory vars, this approach would require"}],"source_content_type":"text/x-rst","patch_set":9,"id":"3f79a3b5_ff2fda86","line":232,"updated":"2018-12-11 14:38:58.000000000","message":"other option may be to create a file at /etc/kolla/cells_config.yml, there define all configs and adds as -e @cells_config during ansible-playbook\ncells:\n  - name: cell1\n    rabbit_group: rabbit_cell1_group\n    password: \"{{ cell1_passworkd }}\"\n  - name: cell2\n...","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":23717,"name":"Surya Prakash Singh","email":"singh.surya64mnnit@gmail.com","username":"SuryaPrakash"},"change_message_id":"47a52511f40df06937cd4d304fd978dda63ade8e","unresolved":false,"context_lines":[{"line_number":279,"context_line":"-----------"},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"Primary assignee:"},{"line_number":282,"context_line":"  \u003claunchpad-id or None\u003e"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"Milestones"},{"line_number":285,"context_line":"----------"}],"source_content_type":"text/x-rst","patch_set":9,"id":"5fc1f717_be7f4013","line":282,"range":{"start_line":282,"start_character":2,"end_line":282,"end_character":24},"updated":"2019-03-27 06:33:26.000000000","message":"would be good to add your username here.","commit_id":"8859c46486d9f7492a4938bcc7645652178e5063"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":89,"context_line":"    this will include ``nova-conductor`` and ``nova-compute``. It should"},{"line_number":90,"context_line":"    be possible to place ``nova-conductor`` and the cell database on a"},{"line_number":91,"context_line":"    separate node to the ``nova-compute`` service to provide isolation"},{"line_number":92,"context_line":"    from the database for security [4]."},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"  * The existing Nova API, conductor, scheduler, VNC/serial proxies and the"},{"line_number":95,"context_line":"    placement API can remain on the control plane. The conductor will be"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_c996d595","line":92,"updated":"2019-07-03 17:28:09.000000000","message":"I don\u0027t really undertand this bit here. Today we don\u0027t have nova-conductor running on hypervisors, it only runs on the control plane (nova-compute-ironic runs on the control plane, but that is a special case). So that means nova.conf files on the hypervisor should not contain any DB passwords (only the rabbit password), so in theory if you break out of the hypervisor somehow, due to a zero day or whatever, there is no way you get the DB password.\n\nI was expecting to see that we have the option of moving the cell database to a different mariaDB instance to the api-database and cell0 database. We also create a new rabbit vhost (or rabbit instance) for the child cell, so it has its own dedicated nova-conductor. That means the existing super conductor that we have no longer talks to compute nodes.\n\nOnce we have done all of the above, it now means we can easily add a new cell or two, each with its own DB and conductor and rabbit, etc.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":89,"context_line":"    this will include ``nova-conductor`` and ``nova-compute``. It should"},{"line_number":90,"context_line":"    be possible to place ``nova-conductor`` and the cell database on a"},{"line_number":91,"context_line":"    separate node to the ``nova-compute`` service to provide isolation"},{"line_number":92,"context_line":"    from the database for security [4]."},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"  * The existing Nova API, conductor, scheduler, VNC/serial proxies and the"},{"line_number":95,"context_line":"    placement API can remain on the control plane. The conductor will be"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_4ab5d730","line":92,"in_reply_to":"7faddb67_c996d595","updated":"2019-07-05 11:54:41.000000000","message":"I think that\u0027s what\u0027s being described. Maybe the \u0027should be\u0027 wording is to cover the all-in-one/testing case?","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":91,"context_line":"    separate node to the ``nova-compute`` service to provide isolation"},{"line_number":92,"context_line":"    from the database for security [4]."},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"  * The existing Nova API, conductor, scheduler, VNC/serial proxies and the"},{"line_number":95,"context_line":"    placement API can remain on the control plane. The conductor will be"},{"line_number":96,"context_line":"    promoted to a superconductor."},{"line_number":97,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_c93a55cc","line":94,"updated":"2019-07-03 17:28:09.000000000","message":"I would move this bit first in the Nova group, i.e. there is a bunch of stuff that you will keep at the API layer for the first version.\n\nI see the existing conductor as a superconductor that happens to also be on the same rabbit as the child cell, so also does the work for the one compute cell.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":112,"context_line":""},{"line_number":113,"context_line":"    * Any number of databases may be deployed, and services should be"},{"line_number":114,"context_line":"      configurable to use any one of them. For example there may be"},{"line_number":115,"context_line":"      a single database per cell which all services use, multiple"},{"line_number":116,"context_line":"      databases per cell, one of which is dedicated to Neutron, or a"},{"line_number":117,"context_line":"      single database used by all services across multiple cells."},{"line_number":118,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_e9c15182","line":115,"updated":"2019-07-03 17:28:09.000000000","message":"I know what you mean, I think, but I would be very clear on separate databases (what we already have) and separate database container (or service or instances).\n\ni.e. each service already has a unique connection string, but today there is only ever one DB cluster or DB instance I think?","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":117,"context_line":"      single database used by all services across multiple cells."},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"    * It should be possible to avoid co-locating databases with Nova compute"},{"line_number":120,"context_line":"      services for security reasons."},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"  * Support optionally using externally managed databases."},{"line_number":123,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_09f2ad07","line":120,"updated":"2019-07-03 17:28:09.000000000","message":"I don\u0027t understand how / why you can / would co-locate database with nova-compute, unless you try really really hard. I should probably look at the reference.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":117,"context_line":"      single database used by all services across multiple cells."},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"    * It should be possible to avoid co-locating databases with Nova compute"},{"line_number":120,"context_line":"      services for security reasons."},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"  * Support optionally using externally managed databases."},{"line_number":123,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_aacb2ba3","line":120,"in_reply_to":"7faddb67_09f2ad07","updated":"2019-07-05 11:54:41.000000000","message":"Mostly just for testing.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":125,"context_line":"    (deployed by Kolla Ansible) managed databases."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"  * Do not support deploying clustered databases for cells to reduce"},{"line_number":128,"context_line":"    complexity. This can be considered in later work."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"  * Support setting of the slave connection string to support master"},{"line_number":131,"context_line":"    /slave pairs in the future. Note that this is a lighter weight"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_e96f1190","line":128,"updated":"2019-07-03 17:28:09.000000000","message":"Not sure I get why this is easier, but I am fine with that, assuming it is easier.\n\nI had assumed we just have the idea of a database connection string, it is either external or a database on kolla-ansible deployed mariadb cluster or a single node mariadb. And you define that for each service and each nova-cell, and we default to one cluster for everything like we do today.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":125,"context_line":"    (deployed by Kolla Ansible) managed databases."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"  * Do not support deploying clustered databases for cells to reduce"},{"line_number":128,"context_line":"    complexity. This can be considered in later work."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"  * Support setting of the slave connection string to support master"},{"line_number":131,"context_line":"    /slave pairs in the future. Note that this is a lighter weight"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_6ac5338e","line":128,"in_reply_to":"7faddb67_e96f1190","updated":"2019-07-05 11:54:41.000000000","message":"Main difficulty is you need haproxy for a galera cluster.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":131,"context_line":"    /slave pairs in the future. Note that this is a lighter weight"},{"line_number":132,"context_line":"    alternative to a Galera cluster which allows for load to be"},{"line_number":133,"context_line":"    distributed across the master and the slave for services such as"},{"line_number":134,"context_line":"    Nova which support it."},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"  * Container names should be namespaced to avoid naming conflicts"},{"line_number":137,"context_line":"    if one or more databases are deployed on the same node."}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_e91dd10f","line":134,"updated":"2019-07-03 17:28:09.000000000","message":"I think what we can do is have a different HA proxy endpoint that spreads the read load between all servers. This can be used to help get better scale-out of the DB.\n\nWe should keep the current connection as the write connection, i.e. send all writes to only one of the galera nodes. Its a default oslo.db thing that just isn\u0027t used by all folks.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":131,"context_line":"    /slave pairs in the future. Note that this is a lighter weight"},{"line_number":132,"context_line":"    alternative to a Galera cluster which allows for load to be"},{"line_number":133,"context_line":"    distributed across the master and the slave for services such as"},{"line_number":134,"context_line":"    Nova which support it."},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"  * Container names should be namespaced to avoid naming conflicts"},{"line_number":137,"context_line":"    if one or more databases are deployed on the same node."}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_2a541bca","line":134,"in_reply_to":"7faddb67_e91dd10f","updated":"2019-07-05 11:54:41.000000000","message":"How would this work? Would need a frontend IP for each load balancer, plus the VIP?","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":137,"context_line":"    if one or more databases are deployed on the same node."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"* Automatic deployment and registration of cells with the Nova API"},{"line_number":140,"context_line":"* Unique credentials per cell for database and message queues"},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"Configuration"},{"line_number":143,"context_line":"-------------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_a9ecb9f3","line":140,"updated":"2019-07-03 17:28:09.000000000","message":"Hmm, we already have this for the database, as I understand it, there is a DB for the api, cell zero and child cell. I guess they may not all have different passwords, and they should.\n\nFor rabbit, its more that we move to different vhosts, and as such we get different credentails.\n\n... its probably a nit pick, it just confused me being separate, for some reason.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":142,"context_line":"Configuration"},{"line_number":143,"context_line":"-------------"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"Cell configuration will be defined in an inventory folder. To decouple"},{"line_number":146,"context_line":"the cell controllers from the cells, the cell controller will be"},{"line_number":147,"context_line":"defined separately. This will allow cells and their controllers to"},{"line_number":148,"context_line":"be managed in isolation, as well as an arbitrary mapping of cells"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_e0fce53f","line":145,"range":{"start_line":145,"start_character":41,"end_line":145,"end_character":57},"updated":"2019-07-05 11:54:41.000000000","message":"inventory - could be a single file. We can use --limit for isolation.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":142,"context_line":"Configuration"},{"line_number":143,"context_line":"-------------"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"Cell configuration will be defined in an inventory folder. To decouple"},{"line_number":146,"context_line":"the cell controllers from the cells, the cell controller will be"},{"line_number":147,"context_line":"defined separately. This will allow cells and their controllers to"},{"line_number":148,"context_line":"be managed in isolation, as well as an arbitrary mapping of cells"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_2003dd44","line":145,"range":{"start_line":145,"start_character":35,"end_line":145,"end_character":57},"updated":"2019-07-05 11:54:41.000000000","message":"via the inventory - could still be a single file","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":156,"context_line":"    ├── cell1"},{"line_number":157,"context_line":"    ├── cell2"},{"line_number":158,"context_line":"    ├── cell3"},{"line_number":159,"context_line":"    ├── shared_service_group"},{"line_number":160,"context_line":"    ├── group_vars"},{"line_number":161,"context_line":"    │   ├── cell1"},{"line_number":162,"context_line":"    │   ├── cell2"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_a99a796b","line":159,"updated":"2019-07-03 17:28:09.000000000","message":"this is often called the \"api_cell\" in Nova or \"top_cell\"... or is this something different?","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":156,"context_line":"    ├── cell1"},{"line_number":157,"context_line":"    ├── cell2"},{"line_number":158,"context_line":"    ├── cell3"},{"line_number":159,"context_line":"    ├── shared_service_group"},{"line_number":160,"context_line":"    ├── group_vars"},{"line_number":161,"context_line":"    │   ├── cell1"},{"line_number":162,"context_line":"    │   ├── cell2"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_aa59ebfe","line":159,"in_reply_to":"7faddb67_a99a796b","updated":"2019-07-05 11:54:41.000000000","message":"I think these are cell-level services that are shared between cells 2 and 3.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":158,"context_line":"    ├── cell3"},{"line_number":159,"context_line":"    ├── shared_service_group"},{"line_number":160,"context_line":"    ├── group_vars"},{"line_number":161,"context_line":"    │   ├── cell1"},{"line_number":162,"context_line":"    │   ├── cell2"},{"line_number":163,"context_line":"    │   ├── cell3"},{"line_number":164,"context_line":"    │   └── shared_service_group"},{"line_number":165,"context_line":"    └── host_vars"},{"line_number":166,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_29af6995","line":163,"range":{"start_line":161,"start_character":0,"end_line":163,"end_character":17},"updated":"2019-07-03 17:28:09.000000000","message":"For me, the key bit is that cells are all in separate groups.\n\n... and PS we can do that with having a separate inventory file for each cell","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":158,"context_line":"    ├── cell3"},{"line_number":159,"context_line":"    ├── shared_service_group"},{"line_number":160,"context_line":"    ├── group_vars"},{"line_number":161,"context_line":"    │   ├── cell1"},{"line_number":162,"context_line":"    │   ├── cell2"},{"line_number":163,"context_line":"    │   ├── cell3"},{"line_number":164,"context_line":"    │   └── shared_service_group"},{"line_number":165,"context_line":"    └── host_vars"},{"line_number":166,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_8a70af74","line":163,"range":{"start_line":161,"start_character":0,"end_line":163,"end_character":17},"in_reply_to":"7faddb67_29af6995","updated":"2019-07-05 11:54:41.000000000","message":"+1","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":165,"context_line":"    └── host_vars"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"The cell infrastructure will be described by inventory files defined in"},{"line_number":168,"context_line":"``inventory/``. In the following example, cell 1 is a monolithic cell meaning"},{"line_number":169,"context_line":"that it defines it\u0027s own database, message queue and controller. When"},{"line_number":170,"context_line":"configuring the cell, tags can be used to perform operations on different"},{"line_number":171,"context_line":"components."}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_a9c5995d","line":168,"range":{"start_line":168,"start_character":54,"end_line":168,"end_character":69},"updated":"2019-07-03 17:28:09.000000000","message":"hmm, I wasn\u0027t sure that is what other folks are calling monolithic cell... maybe call it something else?","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":177,"context_line":"  # This parent cell is defined so that all settings for the cell can be"},{"line_number":178,"context_line":"  # defined in a single group_vars file."},{"line_number":179,"context_line":"  [cell-1:children]"},{"line_number":180,"context_line":"  cell-1-controller"},{"line_number":181,"context_line":"  cell-1-compute"},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"  ###### Cell controller ######"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_c099a91f","line":180,"range":{"start_line":180,"start_character":9,"end_line":180,"end_character":19},"updated":"2019-07-05 11:54:41.000000000","message":"kolla convention is control","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":261,"context_line":"  $ cat inventory/group_vars/cell1"},{"line_number":262,"context_line":"  ---"},{"line_number":263,"context_line":"  # RabbitMQ service"},{"line_number":264,"context_line":"  cell_rabbitmq_instance_name: \"cell_1_rabbitmq\""},{"line_number":265,"context_line":"  cell_rabbitmq_user: \"admin\""},{"line_number":266,"context_line":"  cell_rabbitmq_password: \"{{ cell1_rabbitmq_password }}\""},{"line_number":267,"context_line":"  cell_rabbitmq_port: \"1057\""}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_ca5b072c","line":264,"updated":"2019-07-05 11:54:41.000000000","message":"How about defining a \u0027cell_name\u0027, then using that as the default for rmq and database name? Could be overridden for a shared setup.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":261,"context_line":"  $ cat inventory/group_vars/cell1"},{"line_number":262,"context_line":"  ---"},{"line_number":263,"context_line":"  # RabbitMQ service"},{"line_number":264,"context_line":"  cell_rabbitmq_instance_name: \"cell_1_rabbitmq\""},{"line_number":265,"context_line":"  cell_rabbitmq_user: \"admin\""},{"line_number":266,"context_line":"  cell_rabbitmq_password: \"{{ cell1_rabbitmq_password }}\""},{"line_number":267,"context_line":"  cell_rabbitmq_port: \"1057\""}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_6a40d336","line":264,"range":{"start_line":264,"start_character":16,"end_line":264,"end_character":24},"updated":"2019-07-05 11:54:41.000000000","message":"container_name?","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":269,"context_line":"  # MariaDB service"},{"line_number":270,"context_line":"  cell_mariadb_database_user: \"root\""},{"line_number":271,"context_line":"  cell_mariadb_database_password: \"{{ cell1_database_password }}\""},{"line_number":272,"context_line":"  cell_mariadb_database_port: 1234"},{"line_number":273,"context_line":""},{"line_number":274,"context_line":"  # Nova services"},{"line_number":275,"context_line":"  # cell_nova_api_database_connection: {{ api_database }}"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_4a47174d","line":272,"updated":"2019-07-05 11:54:41.000000000","message":"Need the container_name too?","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":272,"context_line":"  cell_mariadb_database_port: 1234"},{"line_number":273,"context_line":""},{"line_number":274,"context_line":"  # Nova services"},{"line_number":275,"context_line":"  # cell_nova_api_database_connection: {{ api_database }}"},{"line_number":276,"context_line":"  # cell_nova_database_connection: {{ cell1_database_connection }}"},{"line_number":277,"context_line":"  # cell_nova_transport_url: {{ cell1_rabbitmq_url }}"},{"line_number":278,"context_line":"  ..."}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_a04b4d85","line":275,"range":{"start_line":275,"start_character":4,"end_line":275,"end_character":57},"updated":"2019-07-05 11:54:41.000000000","message":"I think only nova-api and the superconductor require this?","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"7e413ef799fb06be464e709be44e30c63322e537","unresolved":false,"context_lines":[{"line_number":274,"context_line":"  # Nova services"},{"line_number":275,"context_line":"  # cell_nova_api_database_connection: {{ api_database }}"},{"line_number":276,"context_line":"  # cell_nova_database_connection: {{ cell1_database_connection }}"},{"line_number":277,"context_line":"  # cell_nova_transport_url: {{ cell1_rabbitmq_url }}"},{"line_number":278,"context_line":"  ..."},{"line_number":279,"context_line":""},{"line_number":280,"context_line":"Cell 2, which uses a shared infrastructure, might look like this:"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_ca26a7b8","line":277,"updated":"2019-07-05 11:54:41.000000000","message":"I\u0027m wondering if we could abstract this a little by just referencing the name of a group that contains the rmq or mariadb service? We would also potentially need a username, password and vhost or db name (or maybe those could come from the cell name?). Possibly something we could play with during implementation.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":351,"context_line":"* Deploying baremetal machines with Ironic"},{"line_number":352,"context_line":"* Registering externally managed cells"},{"line_number":353,"context_line":"* Deploying a separate RabbitMQ cluster for storing cell notifications in a"},{"line_number":354,"context_line":"  central repository"},{"line_number":355,"context_line":""},{"line_number":356,"context_line":"Security impact"},{"line_number":357,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_4913c5b9","line":354,"updated":"2019-07-03 17:28:09.000000000","message":"Do you mean having a separate rabbit for oslo_notifications vs the service communication?\n\nThis is going to be important for designate sync users.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":359,"context_line":"It will be possible to use a unique pass-phrase for each database and message"},{"line_number":360,"context_line":"queue cluster so that if an attacker gains access to one cluster, they will"},{"line_number":361,"context_line":"not automatically have access to all other clusters. Compared to a non-cells"},{"line_number":362,"context_line":"deployment this offers a modest improvement in security."},{"line_number":363,"context_line":""},{"line_number":364,"context_line":"Performance Impact"},{"line_number":365,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_291209b3","line":362,"updated":"2019-07-03 17:28:09.000000000","message":"The big risk here is someone escaping the hypervisor. You want to limit the damage they can do if they get root on that system. It helps if you only have access to rabbit for the child cell.","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"3df1f6b9922d289fda0987ad10df3117293eb6c3","unresolved":false,"context_lines":[{"line_number":422,"context_line":""},{"line_number":423,"context_line":"  * API controllers x3: APIs, super conductors, Galera, RabbitMQ, Keystone, etc"},{"line_number":424,"context_line":""},{"line_number":425,"context_line":"  * Cell controller: cell conductor, Galera, RabbitMQ, Glance, maybe Neutron?"},{"line_number":426,"context_line":""},{"line_number":427,"context_line":"  * Cell computes for 2 cells: Nova compute, Neutron agents"},{"line_number":428,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"7faddb67_095b8d87","line":425,"updated":"2019-07-03 17:28:09.000000000","message":"at least one conductor for each cell, as they have to listen on different rabbitmq vhosts, at a minimum (they have access only do the cell DB)\n\nNeutron wise... maybe just say neutron agents use a vhost on the cell controller rabbitmq? i.e. neutorn api still runs on API controller","commit_id":"ddd774141c3d31c2efa1a2b877ca3b190eeb6f8d"}]}