summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-02-09Merge "nova: disable API in WSGI by default"Jenkins1-1/+3
2017-02-09start nova-compute when keystone resources are createdEmilien Macchi3-8/+9
1. Move keystone resources management at step 4. 2. Move nova-compute startup at step 5. That way, we make sure nova-compute will start when all Keystone resources are ready. Change-Id: I6e153e11b8519254d2a67b9142bf774a25bce69d Closes-Bug: #1663273
2017-02-09nova: disable API in WSGI by defaultEmilien Macchi1-1/+3
Cleanup patch once the THT patch is merged. Change-Id: Iba439a4758a4728197d7620b764a4f0f2648ee0f Depends-On: I09b73476762593642a0e011f83f0233de68f2c33
2017-02-08Disable midonet unit testsEmilien Macchi2-63/+1
'https://github.com/midonet/puppet-midonet' doesn't exist anymore, we need to migrate to 'https://github.com/openstack/puppet-midonet' but tests will fail. We need to work with Midokura to get them fixed. In the meantime, let's disable it. Change-Id: Id39bc5a8cd229df3e9b597a0a0f3eada838f4953
2017-02-07Merge "Proxy API endpoints that UI uses"Jenkins5-64/+160
2017-02-06Merge "nova/libvirt: switch vnc server binding"Jenkins2-12/+8
2017-02-06nova/libvirt: switch vnc server bindingEmilien Macchi2-12/+8
On compute nodes, instead of binding vnc server on 0.0.0.0, use the IP address provided by libvirt's t-h-t profile (hiera). Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: Ie377c09734e9f6170daa519aed69c53fc67c366b Change-Id: If6b116b238a52144aad5e76c9edc7df6aa15313c Closes-Bug: #1660099
2017-02-06Stop deploying Nova API in WSGI with ApacheEmilien Macchi3-24/+25
It was suggested by Nova team to not deploying Nova API in WSGI with Apache in production. It's causing some issues that we didn't catch until now (see in the bug report). Until we figure out what was wrong, let's disable it so we can move forward in the upgrade process. Related-Bug: 1661360 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
2017-02-06Merge "Revert "Revert "set innodb_file_per_table to ON for MySQL / Galera"""Jenkins3-7/+29
2017-02-03Proxy API endpoints that UI usesDan Trainor5-64/+160
Add support to enable the UI to use paths via mod_proxy to access API endpoints instead of connecting to each endpoint directly on a port other than where the UI is served from. This is necessary to prevent certificate acceptance errors from non-Chrome browsers which take exception to connections made to other ports on the same hostname, using one SSL certificate. This change extends the UI's Apache configuration to create one mod_proxy location for each of the API endpoints that UI calls upon. These mod_proxy (using ProxyPass, ProxyPassReverse) endpoints are configured using new heira variables provided in the dependent commit. Additionally, this change modifies the default UI configuration file to include endpoint URLs formatted to use the new endpoint paths that are created. Removed puppet variables which were previously used to generate the contents of the tripleo_ui_config.js template, since they are no longer used to generate this file, replaced with the new endpoint URLs formatted to use the new endpoint paths that are created. Change-Id: I55e375ad462fa98e181277ec0bd88658e620e8ad Implements: blueprint proxy-undercloud-api-services Depends-On: Ib20f4b0891563ae90ec80675635a64c39bd2fdb7
2017-02-03Revert "Revert "set innodb_file_per_table to ON for MySQL / Galera""Alex Schultz3-7/+29
This reverts commit 3f7e74ab24bb43f9ad7e24e0efd4206ac6a3dd4e. After identifying how to workaround the performance issues on the undercloud, let's put this back in. Enabling innodb_file_per_table is important for operators to be able to better manage their databases. Change-Id: I435de381a0f0e3ef221e498f442335cdce3fb818 Depends-On: I77507c638237072e38d9888aff3da884aeff0b59 Closes-Bug: #1660722
2017-02-03Merge "Use transport_url for rabbitmq connection parameters in heat"Jenkins1-12/+43
2017-02-03Merge "Add initial profiles for rest of Octavia services"Jenkins4-0/+105
2017-02-03Merge "add cache to object-expirer pipeline"Jenkins1-0/+1
2017-02-03Merge "Delete the unnecessary word in numvfs_persistence.pp"Jenkins1-1/+1
2017-02-03Merge "Fix style nits in contrail manifests"Jenkins4-85/+47
2017-02-02Revert "set innodb_file_per_table to ON for MySQL / Galera"Alex Schultz3-29/+7
This reverts commit 621ea892a299d2029348db2b56fea1338bd41c48. We're getting performance problems on SATA disks. Change-Id: I30312fd5ca3405694d57e6a4ff98b490de388b92 Closes-Bug: #1661396 Related-Bug: #1660722
2017-02-02Prepare 6.2.0 releaseEmilien Macchi2-3/+3
6.2.0 will be Ocata RC1. Change-Id: Ie26ab89ea9c90f6c5d01697459855fd8c32b075f
2017-02-02Merge "set innodb_file_per_table to ON for MySQL / Galera"Jenkins3-7/+29
2017-02-01set innodb_file_per_table to ON for MySQL / GaleraMike Bayer3-7/+29
InnoDB uses a single file by default which can grow to be tens/hundreds of gigabytes, and is not shrinkable even if data is deleted from the database. Best practices are that innodb_file_per_table is set to ON which instead stores each database table in its own file, each of which is also shrinkable by the InnoDB engine. Closes-Bug: #1660722 Change-Id: I59ee53f6462a2eeddad72b1d75c77a69322d5de4
2017-02-01Fix style nits in contrail manifestsCarlos Camacho4-85/+47
There are some style nits in the recently merged contrail puppet manifests. Change-Id: Ice5935105e0323cb55e0d018190e6471ade7324a
2017-02-01Use transport_url for swift-proxy instead of rabbitmq paramsJuan Antonio Osorio Robles1-25/+52
These parameters are being deprecated, so we should be using the transport_url format instead. Change-Id: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
2017-01-31Merge "Re-organizes Contrail services to the correct roles"Jenkins11-318/+1857
2017-01-31Fix test failure caused by change to puppet-octaviaBrent Eagles1-0/+3
Fixes a test failure caused by Ic38d4f9f9a8e69ffcee6ccc4bba9a9ab0f161d0e which pulls in a class with a required parameter. Change-Id: I0740290bff0ea7c4af6e3420775ac3e72871d372
2017-01-27Merge "Fix MySQL service name parameter"Jenkins1-3/+3
2017-01-27Merge "Add a default rule for dhcpv6 traffic"Jenkins1-0/+6
2017-01-27Merge "Clean TLS proxy-related setup for neutron-server profile"Jenkins2-16/+21
2017-01-27Fix MySQL service name parameterJuan Antonio Osorio Robles1-3/+3
This was wrongly set to service_name while it should have been server_service_name. Change-Id: Ia802857cc585bb9b057a02f6a13c16981baa5b76
2017-01-27Merge "Rename controller_admin_vip to controller_admin_host"Jenkins1-8/+9
2017-01-27Merge "Add AuditD Profile"Jenkins2-0/+34
2017-01-27Clean TLS proxy-related setup for neutron-server profileJuan Antonio Osorio Robles2-16/+21
Since the commit this depends on sets it up via hieradata, the conditionals here are no longer needed. bp tls-via-certmonger Depends-On: I9252512dbf9cf2e3eec50c41bf10629d36070bbd Change-Id: I37275e42763e103b81878b6af07c750a524c5697
2017-01-27nova: deploy basic setup for cellsEmilien Macchi3-24/+7
it's not required in Ocata, let's configure the basic setup for cells. note: it also cleanup old code that is not valid anymore. Change-Id: Iac5b2fbe1b03ec7ad4cb8cab2c7694547be6957d
2017-01-27Re-organizes Contrail services to the correct rolesMichael Henkel11-318/+1857
In current setup some Contrail services belong to the wrong roles. The Contrail control plane can be impacted if the Analytics database has problems. Furthermore contrail tripleo puppet modules are being refactored to conform to the new interface of the puppet-contrail modules. Closes-Bug: 1659560 Change-Id: Id0dd35b95c5fe9d0fcc1e16c4b7d6cc601f10818
2017-01-27Add AuditD ProfileSteven Hardy2-0/+34
This patch allows the management of the AuditD service and its associated files (such as `audit.rules`) This is achieved by means of the `puppet-auditd` puppet module. Closes-Bug: #1640302 Co-Authored-By: Luke Hinds (lhinds@redhat.com) Change-Id: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
2017-01-27Add a default rule for dhcpv6 trafficMichele Baldessari1-0/+6
Via bug https://bugs.launchpad.net/tripleo/+bug/1657108 we need to zero out the default rules in /etc/sysconfig/ip{6}tables in the image. We have done this for ipv4, but when we will do it for ipv6 we will also need to make sure we add a rule for dhcpv6 traffic as it is shipped in the iptables rpm. (See https://bugzilla.redhat.com/show_bug.cgi?id=1169036 for more info) With this change we correctly get the rule present (aka the first ACCEPT line. The second line is due to the stock ip6tables rule I had in my testing): [root@overcloud-controller-0 ~]# iptables -nvL |grep 546 [root@overcloud-controller-0 ~]# ip6tables -nvL |grep 546 0 0 ACCEPT udp * * ::/0 fe80::/64 multiport dports 546 /* 004 accept ipv6 dhcpv6 ipv6 */ state NEW 0 0 ACCEPT udp * * ::/0 fe80::/64 udp dpt:546 state NEW Change-Id: If22080054b2b1fa7acfd101e8c34d2707e8e7864 Partial-Bug: #1657108
2017-01-27Merge "horizon: be more flexible in hiera neutron"Jenkins1-1/+1
2017-01-27Merge "Use TLS proxy for neutron server's internal TLS"Jenkins3-13/+82
2017-01-26Merge "Support composable HA for the Ceph rbdmirror daemon"Jenkins1-1/+21
2017-01-26Merge "Adding congress service"Jenkins4-0/+122
2017-01-26horizon: be more flexible in hiera neutronEmilien Macchi1-1/+1
Requiring the neutron mechanism driver from hiera is too rigid, if Neutron is not deployed in the catalog. Be more flexible so catalog won't fail if the value is not set in Hiera. Change-Id: I1475687c4dc53c77e763f42a440355a7c8d014bc Partial-Bug: #1659662
2017-01-26Support composable HA for the Ceph rbdmirror daemonGiulio Fidente1-1/+21
Follow up patch for I63da4f48da14534fd76265764569e76300534472 to support composable HA for the Ceph rbdmirror daemon. Change-Id: I3767bee4b1c7849fa85e71bcc57534b393d2d415
2017-01-26Use TLS proxy for neutron server's internal TLSJuan Antonio Osorio Robles3-13/+82
This uses the tls_proxy resource added in a previous commit [1] in front of the neutron server when internal TLS is enabled. Right now values are passed quite manually, but a subsequent commit will use t-h-t to pass the appropriate hieradata, and then we'll be able to clean it up from here. Note that the proxy is only deployed when internal TLS is enabled. [1] I82243fd3acfe4f23aab373116b78e1daf9d08467 bp tls-via-certmonger Change-Id: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e
2017-01-26Merge "Ensure basic Ceph configuration is performed by RBD mirror"Jenkins1-0/+1
2017-01-26Merge "[keepalived] fix netmask for vip"Jenkins1-4/+24
2017-01-26Adding congress serviceDan Radez4-0/+122
Change-Id: Ic74ccd5fa7b3b04ca810416e5160463252f17474 Signed-off-by: Dan Radez <dradez@redhat.com>
2017-01-26Use transport_url for rabbitmq connection parameters in heatCarlos Camacho1-12/+43
Depends-On: I91b9959a6f71b4e6885e55a568116cc28cf16ddd Change-Id: I1a152dd0a7e7949ee8d91a6f63425dba2406fcaf
2017-01-26Rename controller_admin_vip to controller_admin_hostMartin André1-8/+9
Bring change of I53151d4f555d5d161a3e53ce5f022e3bf3b2ffbd into puppet-tripleo. Change-Id: I1227956a0389497eedc00e4ec817f52be608dc75 Related-Bug: #1643655
2017-01-25Merge "Adding tacker service"Jenkins4-0/+122
2017-01-25Merge "Composable HA"Jenkins9-59/+250
2017-01-25Merge "Remove double include of neutron::server class"Jenkins1-8/+1