Age | Commit message (Collapse) | Author | Files | Lines |
|
This reverts commit 3f7e74ab24bb43f9ad7e24e0efd4206ac6a3dd4e.
After identifying how to workaround the performance issues on the
undercloud, let's put this back in. Enabling innodb_file_per_table is
important for operators to be able to better manage their databases.
Change-Id: I435de381a0f0e3ef221e498f442335cdce3fb818
Depends-On: I77507c638237072e38d9888aff3da884aeff0b59
Closes-Bug: #1660722
|
|
This reverts commit 621ea892a299d2029348db2b56fea1338bd41c48.
We're getting performance problems on SATA disks.
Change-Id: I30312fd5ca3405694d57e6a4ff98b490de388b92
Closes-Bug: #1661396
Related-Bug: #1660722
|
|
6.2.0 will be Ocata RC1.
Change-Id: Ie26ab89ea9c90f6c5d01697459855fd8c32b075f
|
|
|
|
InnoDB uses a single file by default which can grow to be
tens/hundreds of gigabytes, and is not shrinkable even
if data is deleted from the database.
Best practices are that innodb_file_per_table is set to ON
which instead stores each database table in its own file, each of
which is also shrinkable by the InnoDB engine.
Closes-Bug: #1660722
Change-Id: I59ee53f6462a2eeddad72b1d75c77a69322d5de4
|
|
These parameters are being deprecated, so we should be using the
transport_url format instead.
Change-Id: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
|
|
|
|
Fixes a test failure caused by Ic38d4f9f9a8e69ffcee6ccc4bba9a9ab0f161d0e
which pulls in a class with a required parameter.
Change-Id: I0740290bff0ea7c4af6e3420775ac3e72871d372
|
|
|
|
|
|
|
|
This was wrongly set to service_name while it should have been
server_service_name.
Change-Id: Ia802857cc585bb9b057a02f6a13c16981baa5b76
|
|
|
|
|
|
Since the commit this depends on sets it up via hieradata, the
conditionals here are no longer needed.
bp tls-via-certmonger
Depends-On: I9252512dbf9cf2e3eec50c41bf10629d36070bbd
Change-Id: I37275e42763e103b81878b6af07c750a524c5697
|
|
it's not required in Ocata, let's configure the basic setup for cells.
note: it also cleanup old code that is not valid anymore.
Change-Id: Iac5b2fbe1b03ec7ad4cb8cab2c7694547be6957d
|
|
In current setup some Contrail services belong to the wrong roles.
The Contrail control plane can be impacted if the Analytics database has problems.
Furthermore contrail tripleo puppet modules are being refactored to conform to the
new interface of the puppet-contrail modules.
Closes-Bug: 1659560
Change-Id: Id0dd35b95c5fe9d0fcc1e16c4b7d6cc601f10818
|
|
This patch allows the management of the AuditD service and its associated
files (such as `audit.rules`)
This is achieved by means of the `puppet-auditd` puppet module.
Closes-Bug: #1640302
Co-Authored-By: Luke Hinds (lhinds@redhat.com)
Change-Id: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
|
|
Via bug https://bugs.launchpad.net/tripleo/+bug/1657108 we need
to zero out the default rules in /etc/sysconfig/ip{6}tables in
the image.
We have done this for ipv4, but when we will do it for ipv6 we
will also need to make sure we add a rule for dhcpv6 traffic
as it is shipped in the iptables rpm. (See
https://bugzilla.redhat.com/show_bug.cgi?id=1169036 for more info)
With this change we correctly get the rule present (aka the first
ACCEPT line. The second line is due to the stock ip6tables rule
I had in my testing):
[root@overcloud-controller-0 ~]# iptables -nvL |grep 546
[root@overcloud-controller-0 ~]# ip6tables -nvL |grep 546
0 0 ACCEPT udp * * ::/0 fe80::/64 multiport dports 546 /* 004 accept ipv6 dhcpv6 ipv6 */ state NEW
0 0 ACCEPT udp * * ::/0 fe80::/64 udp dpt:546 state NEW
Change-Id: If22080054b2b1fa7acfd101e8c34d2707e8e7864
Partial-Bug: #1657108
|
|
|
|
|
|
|
|
|
|
Requiring the neutron mechanism driver from hiera is too rigid, if
Neutron is not deployed in the catalog.
Be more flexible so catalog won't fail if the value is not set in Hiera.
Change-Id: I1475687c4dc53c77e763f42a440355a7c8d014bc
Partial-Bug: #1659662
|
|
Follow up patch for I63da4f48da14534fd76265764569e76300534472
to support composable HA for the Ceph rbdmirror daemon.
Change-Id: I3767bee4b1c7849fa85e71bcc57534b393d2d415
|
|
This uses the tls_proxy resource added in a previous commit [1] in
front of the neutron server when internal TLS is enabled. Right
now values are passed quite manually, but a subsequent commit will use
t-h-t to pass the appropriate hieradata, and then we'll be able to
clean it up from here.
Note that the proxy is only deployed when internal TLS is enabled.
[1] I82243fd3acfe4f23aab373116b78e1daf9d08467
bp tls-via-certmonger
Change-Id: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e
|
|
|
|
|
|
Change-Id: Ic74ccd5fa7b3b04ca810416e5160463252f17474
Signed-off-by: Dan Radez <dradez@redhat.com>
|
|
Bring change of I53151d4f555d5d161a3e53ce5f022e3bf3b2ffbd into
puppet-tripleo.
Change-Id: I1227956a0389497eedc00e4ec817f52be608dc75
Related-Bug: #1643655
|
|
|
|
|
|
|
|
This commit implements composable HA for the pacemaker profiles.
- Everytime a pacemaker resource gets included on a node,
that node will add a node cluster property with the name of the resource
(e.g. galera-role=true)
- Add a location rule constraint to force running the resource only
on the nodes that have that property
- We also make sure that any pacemaker resource/property creation has a
predefined number of tries (20 by default). The reason for this is
that within composable HA, it might be possible to get "older CIB"
errors when another node changed the CIB while we were doing an
operation on it. Simply retrying fixes this.
- Also make sure that we use the newly introduced
pacemaker::constraint::order class instead of the older
pacemaker::constraint::base class. The former uses the push_cib()
function and hence behaves correctly in case multiple nodes try
to modify the CIB at the same time.
Change-Id: I63da4f48da14534fd76265764569e76300534472
Depends-On: Ib931adaff43dbc16220a90fb509845178d696402
Depends-On: I8d78cc1b14f0e18e034b979a826bf3cdb0878bae
Depends-On: Iba1017c33b1cd4d56a3ee8824d851b38cfdbc2d3
|
|
Change-Id: I3d6bbc05644e840395f87333ec80e3b844f69903
|
|
This class was being included in the same way in two different branches
of the code which could be joined in the initial branch (or if
statement).
Change-Id: Iee3c1663a2fe929b21a9c089d89b721600af66bd
|
|
Previously we missed to perform the basic Ceph client configuration
on a node where only the RBD mirror service was deployed.
Change-Id: Ie6a4284a88714bcee964a38636e12aa88bb95c9d
Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Related-Bug: #1652177
|
|
For pacemaker we ensure netmask of virtual IP to 64bit for IPv6 and
32bit for IPv4. We should have feature parity in keepalived setup.[1]
The issue is that puppet picks first IP orf ifconfig output as and
interface IP. In case of IPv6 keepalived would add new IP to
interface with netmask 128 causing interface_for_ip to fail on
second puppet run.
[1] - https://github.com/openstack/puppet-tripleo/blob/master/manifests/pacemaker/haproxy_with_vip.pp
Closes-Bug: #1659309
Change-Id: Icb0c9a8d51a9bfcdc4b2caef9e52fdeb6f634cba
|
|
There is a typo in the bootstrap check which will lead to:
Could not find data item ceph_rbdmirror_bootstrap_short_node_name in any
Hiera data file and no default supplied at
/etc/puppet/modules/tripleo/manifests/profile/pacemaker/ceph/rbdmirror.pp
We need to be using the correct one:
$ hiera ceph_rbdmirror_short_bootstrap_node_name
overcloud-remote-0
Change-Id: Ic343e5f99e48360bdd2d2989781a4b6ca484e8fc
|
|
|
|
|
|
|
|
Since the commit this depends on sets it up via hieradata, the
conditions here are no longer needed.
bp tls-via-certmonger
Change-Id: I66956f0b85e8e3bf1ab9562221d51d51c230b88e
Depends-On: I693213a1f35021b540202240e512d121cc1cd0eb
|
|
|
|
|
|
This support enables a base profile called pacemaker_remote which will
allow the operator to automatically configure the pacemaker_remote
service on such nodes. This manifest also automatically adds any
pacemaker_remote nodes to the pacemaker cluster.
Depends-On: I0c01ecb7df1a0f9856fdc866b9d06acf0283fa4f
Depends-On: Ic0488f4fc63e35b9aede60fae1e2cab34b1fbdd5
Change-Id: I92953afcc7d536d387381f08164cae8b52f41605
|
|
|
|
|
|
|
|
|