Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This takes into use the cluster_host_map, which allows to give aliases
to the pacemaker nodes (which are FQDNs), and allows us to configure the
cluster using FQDNs.
We need FQDNs in order to request certificates, since the default CA
(FreeIPA) only allows certificates for FQDNs.
Change-Id: I2f146afdd32aef2d11cf25a65fa8d67428f621f5
|
|
|
|
|
|
|
|
Add the same footer to the README that most other TripleO projects
have. People new to TripleO might not know we use a single bug tracker
for all projects, or how to test puppet projects in OpenStack.
Change-Id: I6044ea98ec4480c8c1e431921df43ee425d9cba4
Closes-Bug: #1697091
|
|
|
|
In composable HA we bind resources to nodes that have special
node properties. We need to do this also for bundle resources
otherwise there is a potential race where the bundle might be
started on nodes where it is not supposed to during a small
window of time.
Tested with the depends-on and correctly obtained a containerized
composable HA deployment:
Docker container set: rabbitmq-bundle
[192.168.24.1:8787/tripleoupstream/centos-binary-rabbitmq:latest]
rabbitmq-bundle-0 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-0
rabbitmq-bundle-1 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-1
rabbitmq-bundle-2 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-2
Docker container set: galera-bundle
[192.168.24.1:8787/tripleoupstream/centos-binary-mariadb:latest]
galera-bundle-0 (ocf::heartbeat:galera): Master overcloud-galera-0
galera-bundle-1 (ocf::heartbeat:galera): Master overcloud-galera-1
galera-bundle-2 (ocf::heartbeat:galera): Master overcloud-galera-2
Docker container set: redis-bundle
[192.168.24.1:8787/tripleoupstream/centos-binary-redis:latest]
redis-bundle-0 (ocf::heartbeat:redis): Master overcloud-controller-0
redis-bundle-1 (ocf::heartbeat:redis): Slave overcloud-controller-1
redis-bundle-2 (ocf::heartbeat:redis): Slave overcloud-controller-2
ip-192.168.24.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0
ip-10.0.0.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1
ip-172.16.2.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2
ip-172.16.2.9 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0
ip-172.16.1.6 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1
ip-172.16.3.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2
Docker container set: haproxy-bundle
[192.168.24.1:8787/tripleoupstream/centos-binary-haproxy:latest]
haproxy-bundle-docker-0 (ocf::heartbeat:docker): Started overcloud-controller-0
haproxy-bundle-docker-1 (ocf::heartbeat:docker): Started overcloud-controller-1
haproxy-bundle-docker-2 (ocf::heartbeat:docker): Started overcloud-controller-2
Depends-On: I44449861cbfe56304b8829c9ca10fd648353b3ae
Change-Id: I48fb490040497ba08cae19937159c0efdf99e3f8
|
|
Change-Id: I097c494d3953b7d26d94aecc546ddef5225d1125
Depends-On: I2f0eb779b711e57f1532b1227896542d0ecffc89
|
|
|
|
The current order is broken if there were changes to the account and
container devices, but not to the object devices. In these cases it can
happen that the rebalance happens before modifying devices.
Change-Id: I15641c32266939c9a00936cc471cc59b1bb54eec
|
|
|
|
|
|
|
|
This sets up the CRL file to be triggered on the certmonger_user
resource. Furtherly, HAProxy uses this CRL file in the member options,
thus effectively enabling revocation for proxied nodes.
So, if a certificate has been revoked by the CA, HAProxy will not proxy
requests to it.
bp tls-via-certmonger
Change-Id: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
|
|
This will fetch the CRL file from the specified file or URL. Furtherly
it will set up a cron job to refresh the crl file once a week and notify
the needed services.
bp tls-via-certmonger
Change-Id: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
|
|
This module is used by tripleo-heat-templates to configure and deploy
Kolla-based cinder-volume containers managed by pacemaker.
We use short-lived containers that call pcs via puppet to create
the needed pacemaker resources, properties and constraints.
Co-Authored-By: Michele Baldesari <michele@acksyn.org>
Partial-Bug: #1668920
Change-Id: I95ad4dd89b47396bea672813d87de35e64c04b2d
|
|
This module is used by tripleo-heat-templates to configure and deploy
Kolla-based cinder-backup containers managed by pacemaker.
We use short-lived containers that call pcs via puppet to create
the needed pacemaker resources, properties and constraints.
Co-Authored-By: Michele Baldesari <michele@acksyn.org>
Partial-Bug: #1668920
Change-Id: If53495ff75d4832cc6be80dc0dc9bd540ab6583b
|
|
|
|
docker host"
|
|
|
|
It's a define, not a class. And it also needs the _spec suffix.
Change-Id: Ie5e0cf81d03379d8b791fd77a5c78d12048ebfef
|
|
Some of them didn't have it. So I added it to them for uniformity.
Change-Id: I2ea57d0ecfe151f9a14db9f7722a26f09aa8a506
|
|
Pin reno version to reno!=2.0.0,!=2.3.1,>=1.8.0
Pin sphinx version to sphinx!=1.6.1,>=1.5.1
reno=2.3.1 and sphinx=1.6.1 break releasenotes and doc tests.
Change-Id: I9daab4d970f387ae20ded1bf920ec3b98c7e4597
|
|
If the tripleo::profile::base::neutron::sriov is included it
is expected that the SR-IOV agent should be deployed and configured so
references to core plugin configuration is out of place and currently
breaks deployment.
Change-Id: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
|
|
The ring up- and downloading was never executed if run within a
containerized environment. This is due to the fact that this manifest
gets executed within step 6(5) only. There is also an ordering issue,
which actually tries to create the tarballs before rebalancing.
This patch fixes the step conditions and also chains the tarball
creation to the rebalance.
The check to query rings on all nodes can now be disabled. This is
required on containerized environments: the local ring will be modified
and rebalanced, but rings on the existing servers are not yet modified.
Therefore a recon-check will fail, and needs to be disabled.
Closes-Bug: 1694211
Change-Id: I51c5795b9893d797bd73e059910f17a98f04cdbe
|
|
host
The polkit rules are currently evaluated in the context of the docker host.
As a result the check fails for the kolla nova compute user, as the uids are not
consistent with the host uids (in fact we probably can't assume a nova user exists
on the docker host).
As a short-term workaround a 'docker_nova' user group is created on the docker host
and the polkit rule is updated to grant this user access to the libvirtd socket.
Longer term solution probably requires running polkitd in a container too.
Change-Id: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6
Related-bug: #1693844
|
|
|
|
|
|
|
|
Future work in the UI requires Apache to proxy for the
ironic-inspector service the same as it has for other
related services. This adds support for ironic-inspector
through Apache's mod_proxy
Closes-Bug: 1695202
Depends-On: Id395604f1dfbc4bf4f26adbe05f484a10227fd76
Change-Id: I9dcb0769ff90a2fc9561cb86bb822be8087ffe8e
|
|
This is needed in order to deploy novajoin in a containerized undercloud
environment.
Change-Id: Iea461f66b8f4e3b01a0498e566a2c3684144df80
|
|
Change-Id: I6306429e37a50fb30ec5704d8192a29e6da586ec
|
|
|
|
|
|
|
|
|
|
This module is used by tripleo-heat-templates to configure and deploy
Kolla-based mysql containers managed by pacemaker.
We use short-lived containers that call pcs via puppet to create
the needed pacemaker resources, properties and constraints.
Co-Authored-By: Michele Baldesari <michele@acksyn.org>
Partial-Bug: #1692842
Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f
Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f
Change-Id: I3b4d8ad2eec70080419882d5d822f78ebd3721ae
|
|
|
|
Change-Id: Id45ac93d482ff23c4c834e2d345a926fc408573f
|
|
|
|
|
|
If selinux is enabled the authlogin_nsswitch_use_ldap Boolean must
be enabled. This setting allows LDAP communications to the confined
LDAP/server port. This change includes a conditional for enabling this
Boolean only when selinux is in use.
Change-Id: If985f2434d28fcd33198929bf61f2a3a82e601fe
Closes-Bug: #1695002
|
|
|