| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This allows for several SubjectAltNames which will subsequently be
used for the replication traffic as well.
bp tls-via-certmonger
Change-Id: Ic68266eaf39d6803f7c3e299095578bbcfd63b88
|
|
|
|
Ignore failures if nf_conntrack_proto_sctp module failed to load.
Since RHEL 7.4, nf_conntrack_proto_sctp module is compiled into the
kernel instead of as a module as the sctp support.
TripleO will still try to load the module to support RHEL 7.3, but
in the future will remove the module management and rely on the kernel
provided in newer versions of RHEL.
Co-Authored-By: Or Idgar <oidgar@redhat.com>
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Change-Id: I8f1c841a7c0f3b1247aba2b959b6dfbe43d8cd79
Closes-Bug: 1695885
|
|
|
|
Some people might or might not want to enable it. So this makes it
configurable. It defaults to true as we were always deploying it before.
Change-Id: I8d2a08cdaf3e5ec3d1a69d4f95e57522508c8610
|
|
Allows configurability of maxconn as applies to
the MySQL section of the HAProxy config, both
for clustercheck and single node.
Also adds a new test for the haproxy class
overall to exercise options.
Change-Id: I023682dd5e85cc78d6dd3e5214a53863acc4f303
|
|
|
|
This file is not needed anymore.
Change-Id: I904443624c18cc5116bc6027c016b9ccdd5e10aa
Closes-bug: 1698105
Depends-On: Ie20ecabea91ca4c2040c5ef3bf6c71b2b53d26ef
|
|
Quickstart is failing with this error:
Error: Cannot create /var/www/openstack-tripleo-ui/dist;
parent directory /var/www/openstack-tripleo-ui does not exist
Error: /Stage[main]/Tripleo::Ui/Apache::Vhost[tripleo-ui]/File[/var/www/openstack-tripleo-ui/dist]
ensure: change from absent to directory
failed: Cannot create /var/www/openstack-tripleo-ui/dist; parent directory /var/www/openstack-tripleo-ui does not exist
Puppet cant create the folders tree by itself.
Closes-bug: 1698105
Change-Id: I5cce963a6225552f4b7253cb34edc72b392b9dda
|
|
|
|
|
|
|
|
|
|
|
|
If public TLS is enabled, this sets as default that services should
always redirect to https.
Change-Id: I19b9d07ac8925366ed27fefcaca4fdb9a9ab1b37
|
|
The bootstrap_nodeid comparison should be case insensitive.
Change-Id: I1e6672bb0219c1cf56ab21dd911c6f33e2436cc3
Closes-Bug: #1698190
|
|
gnocchi upgrade requires storage sacks to be initialized. This means
we need to ensure the storage backends are up before running the
upgrade and starting the api. Lets move the api to step 4 so we can
ensure other dependencies are in place.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: Ibfa9fb39f60c1e4a802d189b32ff4c34476c93d3
Change-Id: If2ae48b21389e76fd638c0b48c148a5d4f227630
|
|
Adding Nuage as mechanism driver where ML2 is the neutron
core plugin. ML2 base profile includes Nuage when mechanism
driver is Nuage. Added Nuage neutron ML2 profile for tripleo.
Change-Id: Ib56a7ad8f43fc6274eebc83bd2a62e68c030599d
|
|
|
|
|
|
It makes little sense to enforce the stonith property on remote nodes and/or
all cluster nodes. We can just enforce it once on the pacemaker_master
node as it is a cluster-wide property anyway. We can also remove the
tripleo::fencing -> pacemaker::stonith constraint in the pacemaker
remote profile now as the fencing stuff happens on step 5 anyway and
the property is set at step 1.
While this works in general it creates extra CIB changes for nothing and
slows down the deployment.
Change-Id: Ifef08033043a4cc90a6261e962d2fdecdf275650
Closes-Bug: #1696336
|
|
The step is typically set with the hieradata setting an integer value:
{"step": 1}
However it would be useful for the value to be a string so that
substitutions are possible, for example:
{"step": "%{::step}"}
This change ensures the step parameter defaults to an integer by
calling Integer(hiera('step'))
This change was made by manually removing the undef defaults from
fluentd.pp, uchiwa.pp, and sensu.pp then bulk updating with:
find ./ -type f -print0 |xargs -0 sed -i "s/= hiera('step')/= Integer(hiera('step'))/"
Change-Id: I8a47ca53a7dea8391103abcb8960a97036a6f5b3
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_netdev mount option helps fix a timing issue when rebooting.
This looks like we're hitting an issue where we're using
network instead of NetworkManager and that systemd doesn't
unmount the NFS shares before stopping network.
Change-Id: I5d2c89db29ef75aaf371b3c9dd561587d7b6f87b
Closes-Bug: #1697752
|
|
|
|
|
|
|
|
This takes into use the cluster_host_map, which allows to give aliases
to the pacemaker nodes (which are FQDNs), and allows us to configure the
cluster using FQDNs.
We need FQDNs in order to request certificates, since the default CA
(FreeIPA) only allows certificates for FQDNs.
Change-Id: I2f146afdd32aef2d11cf25a65fa8d67428f621f5
|
|
|
|
|
|
|
|
Changed author to OpenStack
Change-Id: I5f8806d1a765a1b5ae823b9e537e0ba672d81545
|
|
Add the same footer to the README that most other TripleO projects
have. People new to TripleO might not know we use a single bug tracker
for all projects, or how to test puppet projects in OpenStack.
Change-Id: I6044ea98ec4480c8c1e431921df43ee425d9cba4
Closes-Bug: #1697091
|
|
The horizon proxy should redirect all HTTP requests to HTTPS,
regardless of the 'Host' field in the header. The current rule will
cause haproxy to redirect HTTP requests if the 'Host' field contains
the public virtual IP address. It will not redirect if the 'Host'
field contains a hostname, FQDN, etc.
Change-Id: I6c8f58a30f97cdf4c668734793197ea976297733
Signed-off-by: Ryan O'Hara <rohara@redhat.com>
|
|
Add environment variable {toxinidir} in tox.ini
Change-Id: Iee0e6e1f5ea49a7307bdfd493b4203df17369d75
|
|
|
|
The commit with change id [1], added the pacemaker HA support
for OVN DB servers. That commit created a new VIP which is
really not required.
This patch removes the code to create a new ip resource. Instead
it expects the pacemaker ip resource (with the ip address in the
'ovn_dbs_vip' parameter and with the name "ip-$ovn_dbs_vip") to be
created before ovn_northd class is called, which is the case anyway
if 'ovn_dbs_vip' is taken from the ServiceNetMapDefaults (in t-h-t).
[1] - I9dc366002ef5919339961e5deebbf8aa815c73db
Change-Id: I94d3960e6c5406e3af309cc8c787ac0a6c9b1756
Partial-bug: #1670564
|
|
In composable HA we bind resources to nodes that have special
node properties. We need to do this also for bundle resources
otherwise there is a potential race where the bundle might be
started on nodes where it is not supposed to during a small
window of time.
Tested with the depends-on and correctly obtained a containerized
composable HA deployment:
Docker container set: rabbitmq-bundle
[192.168.24.1:8787/tripleoupstream/centos-binary-rabbitmq:latest]
rabbitmq-bundle-0 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-0
rabbitmq-bundle-1 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-1
rabbitmq-bundle-2 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-2
Docker container set: galera-bundle
[192.168.24.1:8787/tripleoupstream/centos-binary-mariadb:latest]
galera-bundle-0 (ocf::heartbeat:galera): Master overcloud-galera-0
galera-bundle-1 (ocf::heartbeat:galera): Master overcloud-galera-1
galera-bundle-2 (ocf::heartbeat:galera): Master overcloud-galera-2
Docker container set: redis-bundle
[192.168.24.1:8787/tripleoupstream/centos-binary-redis:latest]
redis-bundle-0 (ocf::heartbeat:redis): Master overcloud-controller-0
redis-bundle-1 (ocf::heartbeat:redis): Slave overcloud-controller-1
redis-bundle-2 (ocf::heartbeat:redis): Slave overcloud-controller-2
ip-192.168.24.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0
ip-10.0.0.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1
ip-172.16.2.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2
ip-172.16.2.9 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0
ip-172.16.1.6 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1
ip-172.16.3.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2
Docker container set: haproxy-bundle
[192.168.24.1:8787/tripleoupstream/centos-binary-haproxy:latest]
haproxy-bundle-docker-0 (ocf::heartbeat:docker): Started overcloud-controller-0
haproxy-bundle-docker-1 (ocf::heartbeat:docker): Started overcloud-controller-1
haproxy-bundle-docker-2 (ocf::heartbeat:docker): Started overcloud-controller-2
Depends-On: I44449861cbfe56304b8829c9ca10fd648353b3ae
Change-Id: I48fb490040497ba08cae19937159c0efdf99e3f8
|
|
Change-Id: I097c494d3953b7d26d94aecc546ddef5225d1125
Depends-On: I2f0eb779b711e57f1532b1227896542d0ecffc89
|
|
|
|
The current order is broken if there were changes to the account and
container devices, but not to the object devices. In these cases it can
happen that the rebalance happens before modifying devices.
Change-Id: I15641c32266939c9a00936cc471cc59b1bb54eec
|
|
|
|
|
|
|
|
This sets up the CRL file to be triggered on the certmonger_user
resource. Furtherly, HAProxy uses this CRL file in the member options,
thus effectively enabling revocation for proxied nodes.
So, if a certificate has been revoked by the CA, HAProxy will not proxy
requests to it.
bp tls-via-certmonger
Change-Id: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
|
Juan Antonio Osorio Robles
Jenkins
Or Idgar
Mike Bayer
Carlos Camacho
Alex Schultz
Pradeep Kilambi
lokesh-jain
Michele Baldessari
Steve Baker
Marc Methot
Luong Anh Tuan
Julie Pichon
Ryan O'Hara
ZhongShengping
Numan Siddique
Dmitry Tantsur
Christian Schwede