| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This solves a problem with bind-mounts when the containers are holding
files descriptors open.
At the same time this makes the template more robust to puppet changes
since new config files will be available in the containers without
needing to update the templates.
Closes-Bug: #1698323
Change-Id: I857c94ba5f7f064d7c58df621ec5d477654b9166
Depends-On: I78dcec741a941dc21adba33ba33a6dc6ff1d217c
|
|
When the tripleo::profile::base::database::mysql::client profile is
included by other openstack services, the file /etc/my.cnf.d/tripleo.cnf
is not generated because docker-puppet is configured to disregard the
exec tags.
Make the profile use either File or Exec resource based on how it's
being called, to make it work for both containerized and non-containerized
use cases.
Change-Id: I103baa02373f6713cc300ac039a6f173ff0bbf1c
|
|
|
|
This currently assumes nova-compute and iscsid run in the same context which
isn't true for a containerized deployment
Change-Id: I91f1ce7625c351745dbadd84b565d55598ea5b59
|
|
When SSL configuration is enabled, haproxy expects to load a SSL
certificate file at startup.
Update the bundle configuration to always bind-mount the cert
file, to support both SSL and non SSL HAproxy bundle deployments.
Change-Id: I6f4d3a5abae8f1781cfe6f69ff960aad500061e3
|
|
|
|
|
|
The innodb_flush_log_at_trx_commit flag changes the timing
of when the log buffer is written to disk for writes.
At its default of 1, transactions are written to disk
and the buffer flushed on a per-transaction basis; but when
set to 2, the flush of the buffer proceeds only once per
second. This removes the durability guarantee for the
single node. However the central concept of Galera is
that durability is achieved via the cluster as a whole,
in that transactions are replicated to other nodes before
the commit succeeds (though not necessarily written to disk
unless wsrep_causal_reads is set). In this model,
data would only be lost of all nodes of the Galera cluster
were killed within one second of each other. Percona's
blog post at https://www.percona.com/blog/2014/11/17/typical-misconceptions-on-galera-for-mysql/
recommends that the value of 2 should be considered "safe"
for a Galera cluster unless you are in fact worried that
all three nodes will be powered off simultaneously.
The value here is added as an option only, defaulting
to the usual default of "1", flush per transaction.
Change-Id: Id5a30f1daf978e094a74db2d284febbc9ae64bb3
|
|
This has been replaced with bootstrap_nodeid which isn't hard-coded to
the Controller role and thus will work should this service be deployed
on any other role via composable services.
Change-Id: I0a9fced847caf344e5d26b452f1bd40afab8f029
|
|
This patch will move the Contrail roles communication towards
OpenStack APIs from the public/external network to the
internal_api network. I will also add the option to enable
dpdk for Contrail.
Change-Id: Ia835df656031cdf28de20f41ec6ab1c028dced23
Closes-Bug: 1698422
|
|
|
|
It is not necessary to mangle libvirt_rbd_secret_key parameter as this
is now given by the templates.
Depends-On: Iff3dbcb0f1b4d2373570e184e636a71553cea708
Change-Id: I6b163ab102f505f0d0ce9eb1ad9d4274e4ff6348
|
|
The nova migration config has always been applied by the base::nova profile.
It assumed that libvirtd/nova-compute and are all running on the
same host.
Where this config didn't apply (e.g a nova api host) it was disabled by a flag.
This approach is not compatible with containers. Hieradata for all containers
are combined so per-host flags no longer work, and we can no longer assume
libvirtd and nova-compute run in the same context.
This change refactors the profiles out of the base nova profile and into
a client profile and a target profile that can be included where appropriate.
Change-Id: I063a84a8e6da64ae3b09125cfa42e48df69adc12
Implements: blueprint tripleo-cold-migration
|
|
See the docs[0] how to use it. Also add the variables for the bug
log feature.
[0]https://docs.openstack.org/openstackdocstheme/latest/
Change-Id: I11b183986a389291d9ab02cb1d0be36c3d73bdb0
|
|
|
|
This patch updates the Zaqar profile so that we have
support for configuring alternate versions of the messaging
and management backends.
In Pike instack-undercloud started using the swift/sqlalchemy
backends and the intent here is to update the new containers
undercloud to use a similar default (thus letting us drop Mongodb).
Change-Id: Ie6a56b9163950cee2c0341afa0c0ddce665f3704
|
|
Fixes a problem where SR-IOV VF count configuration will fail if a
physical function is in use by a guest when 'puppet apply' is executed.
This change substitutes warnings for failures and skips complaints if a
PCI device is unavailable.
Note: this patch has the side-effect of allowing the same configuration
data on hosts that may *not* or *ever* have PCI SR-IOV devices on the
hardware. Time will tell how evil this is in practice.
Closes-Bug: #1701284
Change-Id: I71edc135432ab2193741c37ce977dd11172401e6
|
|
This makes sure that we set the necessary options so HAProxy uses TLS
to contact nova. It was commented out when nova was moved to not run
over httpd. Since that is no longer the case we can re-enable it.
Change-Id: I026a7dab30b00a4e93966f650f098c570b0b624b
Depends-On: Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3
|
|
|
|
|
|
Disabling udev usage from LVM seems to be the only observed working
way of running containerized cinder-volume with local LVM backend.
I didn't come across reports that not using udev would have negative
impact on the functionality.
Additional info at
https://groups.google.com/forum/#!topic/docker-user/n4Xtvsb4RAw
Change-Id: I1bf395a6228dba66fa6bf9b8bcc9f3ac3d922a49
Related-Bug: #1700140
|
|
Use augeas to modify only parameters' dedicated configuration.
Split options from insecure registry. Overlapping those params may
unschedule the docker service restarts for some cases, ending up with
a split brain state for the docker service run-time config vs changed
/etc/sysconfig/options config.
Change-Id: Ic5640061837b022f7175f0db0dc269f9a61e6023
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
For the TLS everywhere job, there are some apache vhosts set up that
serve as TLS proxies. These need to be started at the same time as the
rest of the apache vhosts too.
Change-Id: I15e67c7c04142cff01704e2590d3b2a6a949cc06
|
|
Puppet wipes out whatever is not in it's resource catalog each run for
httpd. This causes httpd to restart if in the next step there are
reasources added that were not there earlier.
This patch, thus changes the instances of httpd to start at the same
time: On step 3 for the bootstrap node, and on step 4 for every other
node.
Closes-Bug: #1699502
Change-Id: I3d29728c1ab7bd5b78100f89e00e5fa082f97b0c
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
|
|
|
|
Adds the ability to create an empty MySQL database for Zaqar
if zaqar is enabled and settings for the mysql backend are
also available in hiera. This should allow Zaqar's database to
get created when needed, but skipped if MongoDB is used
instead (per overcloud defaults).
Change-Id: I3598e39c0a3cdf80b96e728d9aa8a7e6505e0690
|
|
The default CA issues CRLs for 4 hours by default. So we need to change
these values to reflect this, else we'll get verification issues due to
the CRL having expired before its refreshed.
However, the nextupdate value for the CRLs might not be aligned with the
cron job. And getting this alignment is not entirely trivial. So I opted
for updating every 2 hours to address this.
Change-Id: I732b400462c5cabd7c6c18c007fc9e8c87b700d3
|
|
This forces the MySQL users to use SSL when connecting to MySQL.
bp tls-via-certmonger
Depends-On: I24e4c195a31109835739e78a6b53d36f661f9fd0
Change-Id: I98856955132b680a159144204da1d5b400fe9794
|
|
As part of the docs migration work[0] for Pike we need to switch to use the
openstackdocstheme.
[0]https://review.openstack.org/#/c/472275/
Change-Id: Ic82c4a2ec9fe26c8621ab2c7c9598b1582f73156
|
|
The swift-dispersion-populate command needs to be called when Swift and
Keystone are up and running, and therefore we need to ensure this is
running in step 5 or later.
Change-Id: I5b4c08c252b6083dace5a65367920c475de416ce
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This change will make possible to set collectd to log to file
(/var/log/collectd.log by default).
Change-Id: I50289ad6657852d37abbf12938128ff9ab9e3bac
|
|
Change-Id: I952c86db88dcd611722a3feaea88f618eee17620
|
|
|
|
|
|
This enables the options so Galera can use TLS for the replication
traffic.
bp tls-via-certmonger
Depends-On: I9252303b92a2805ba83f86a85770db2551a014d3
Change-Id: I2ee3bf4bbda3f65f5b03440ecbc75f14225a2428
|
|
This allows for several SubjectAltNames which will subsequently be
used for the replication traffic as well.
bp tls-via-certmonger
Change-Id: Ic68266eaf39d6803f7c3e299095578bbcfd63b88
|
|
|
|
Ignore failures if nf_conntrack_proto_sctp module failed to load.
Since RHEL 7.4, nf_conntrack_proto_sctp module is compiled into the
kernel instead of as a module as the sctp support.
TripleO will still try to load the module to support RHEL 7.3, but
in the future will remove the module management and rely on the kernel
provided in newer versions of RHEL.
Co-Authored-By: Or Idgar <oidgar@redhat.com>
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Change-Id: I8f1c841a7c0f3b1247aba2b959b6dfbe43d8cd79
Closes-Bug: 1695885
|
|
|
|
Some people might or might not want to enable it. So this makes it
configurable. It defaults to true as we were always deploying it before.
Change-Id: I8d2a08cdaf3e5ec3d1a69d4f95e57522508c8610
|
|
Allows configurability of maxconn as applies to
the MySQL section of the HAProxy config, both
for clustercheck and single node.
Also adds a new test for the haproxy class
overall to exercise options.
Change-Id: I023682dd5e85cc78d6dd3e5214a53863acc4f303
|
|
|
|
This file is not needed anymore.
Change-Id: I904443624c18cc5116bc6027c016b9ccdd5e10aa
Closes-bug: 1698105
Depends-On: Ie20ecabea91ca4c2040c5ef3bf6c71b2b53d26ef
|
Jenkins
Martin André
Damien Ciabrini
Oliver Walsh
Mike Bayer
Steven Hardy
Michael Henkel
Keith Schincke
ZhongShengping
Dan Prince
Brent Eagles
Rob Crittenden
Jiri Stransky
Bogdan Dobrelya
Juan Antonio Osorio Robles
Christian Schwede
Martin Mágr
Dmitry Tantsur
Or Idgar
Mike Bayer
Carlos Camacho