Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I035c26e0f50e4b3fc0f6085fa5a4bf524e4852b7
|
|
These are now passed via the heat profiles in t-h-t (via
heat-base.yaml and heat-engine.yaml) and use the actual names of
keystone parameters instead.
Change-Id: Id0f5dd03b6757df989339c93b58a5b7eac3402a2
Depends-On: I0e5124d57fdc519262fdec2dbeaaac85afaeebdf
|
|
Prepare the first release of Ocata.
Change-Id: Ib8173d1ce26752216aeaab835f483503cf82b217
|
|
|
|
Change-Id: I35f283bdf8dd0ed979c65633724f0464695130a4
|
|
|
|
This optionally enables TLS for Barbican API in the internal network.
If internal TLS is enabled, each node that is serving the Barbican API
service will use certmonger to request its certificate.
bp tls-via-certmonger
Change-Id: I1c1d3dab9bba7bec6296a55747e9ade242c47bd9
|
|
|
|
|
|
|
|
The civetweb binding format is IP:PORT; this change ensures the IP
is enclosed in brackets if IPv6.
To do so we add the bind_ip and bind_port parameters to the
rgw service class.
Change-Id: Ib84fa3479c2598bff7e89ad60a1c7d5f2c22c18c
Co-Authored-By: Lukas Bezdicka <social@v3.sk>
Related-Bug: #1636515
|
|
When a physical function that was allocated to a guest is released back
the system, it is not automatically brought "up" and the VF
configuration is not restored. This patch creates a file containing some
udev rules to force the VF configuration.
Note: we may find that the ifup-local script is no longer required but
this will require further testing.
Change-Id: Ie6e78730aa0a748b3b5100ab7c7bc007d8ab176d
Partial-Bug: #1639901
|
|
this looks like a copy/paste error. Let barbican use its own
hiera data.
Change-Id: I84118c1a561c3db2f18504b55c5a8c4f042e7e3b
|
|
I'm not sure how this merged, but it's causing failures in other
patches to puppet-tripleo.
Change-Id: Ib20d349fa9abd6347739190bb29a02b6e3eb839d
|
|
These are features that are typically enabled by default
in any swift cluster.
Change-Id: Ie323f68255a73d46e774cbf49d9353c3bf90c35e
Signed-off-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
|
|
|
|
If os-collect-config/config.json is updated before an upgrade/update,
then the os-net-config run will automatically erase the keepalived
managed ips.
This is a hackish way to ensure that keepalived is restarted during the
next phase in order to have the ip recreated.
It basically adds a comment line to the keepalived.conf file (making it
different than the puppet one) if it's there. This will force a puppet
restart of the keepalive service puting the ips back on the undercloud.
Change-Id: I56b706ff44ba31aa87a63f870940831ce02a6e77
Closes-Bug: #1640213
Related-Bug: #1638029
|
|
|
|
The lastest patchset of https://review.openstack.org/393361 was actually
not working.
The `if defined` idiom depends on *evaluation* order.
At the time it's red in the haproxy.pp class, the line that loads the
class 'haproxy' has still not yet been reached and thus the `defined`
result is false. The constraint is not added.
For this reason, the use of `defined` in module is not advised by
puppetlabs[1].
[1] https://docs.puppet.com/puppet/latest/reference/function.html#defined
Change-Id: Ibd352cb313f8863d62db8987419378bed5b87256
Relates-To: #1638029
|
|
|
|
|
|
Update default doc default for bind_host to match previous change
http://review.openstack.org/386817/
Change-Id: Iff048ba7152c1b7e945f284311215c8f872c1409
Closes-bug: #1640104
|
|
aodh, ceilometer, gnocchi and neutron need the X-Forwarded-Proto in
order to return links with the correct protocol when SSL is enabled.
This enables it in HAProxy
Change-Id: Icceab92f86b1cc40d42195fa4ba0c75f302795b8
Closes-Bug: #1640126
|
|
In HA deployments, we now check mysql nodes every 1s and removed them
immediately if they are failed. Previously we would check every 2s and
allow them to fail 5 checks before being removed, producing errors from
other OpenStack services for 10s, which causes confusion and delay for
operators.
Additionally, these check options are now also a class parameter so can
be overridden by operators.
Closes-Bug: #1639189
Change-Id: I0b915f790ae5a4b018a212d3aa83cca507be05e9
|
|
In order for the browser to trust the certificate served by HAProxy
we need to include the CA cert in the PEM file that the endpoints
serve.
Change-Id: Ibce76c1aa04bd3cb09a804c6e9789c55d8f2b417
Closes-Bug: #1639807
|
|
This patch changes the rabbit_hosts config generation to work properly
with IPv6 addresses.
Closes-Bug: #1639881
Change-Id: I07cd983880a4a75a051e081dcb96134cb5c6f5e8
|
|
It's been proposed this may help with the
('Connection aborted.', BadStatusLine("''",)) errors.
This patch increase queue, server and client timeouts to 2m (default is 1m)
Related-Bug: #1638908
Change-Id: Ie4f059f3fad2271bb472697e85ede296eee91f5d
|
|
Use rabbitmq_node_ips to find out where rabbitmq nodes are, and have
correct ipv6 syntax if required.
Closes-Bug: 1637443
Change-Id: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d
|
|
|
|
|
|
http://logs.openstack.org/08/393008/1/check/gate-puppet-openstack-integration-4-scenario002-tempest-ubuntu-xenial/283f87f/logs/puppet-version.txt.gz
Change-Id: Iae209b40bae184a9eee8f7bdbaa86140c08e74c5
|
|
Rather than use the heat::keystone::domain class which also includes the
configuration options, we should just create the user for heat in
keystone independently of the configuration.
Change-Id: I7d42d04ef0c53dc1e62d684d8edacfed9fd28fbe
Related-Bug: #1638350
Closes-Bug: #1638626
|
|
This optionally enables TLS for Cinder API in the internal network.
If internal TLS is enabled, each node that is serving the Cinder API
service will use certmonger to request its certificate.
bp tls-via-certmonger
Change-Id: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863
|
|
Change-Id: Id4dc2379b0c423012a0b3aaf49d1e1a7d633a03b
|
|
|
|
|
|
|
|
|
|
This optionally enables TLS for Nova API in the internal network.
If internal TLS is enabled, each node that is serving the Nova API
service will use certmonger to request its certificate.
Note that this doesn't enable internal TLS for the nova metadata
service since it doesn't run over httpd. This will be handled in
a later commit.
bp tls-via-certmonger
Change-Id: I88380a1ed8fd597a1a80488cbc6ce357f133bd70
|
|
When using SSL setup for undercloud, the admin and public vip required
for ssl binding by haproxy are created by keepalived.
This makes sure that keepalived is started before haproxy and thus that
the interfaces are indeed present.
This patch also ensures this is happening for overcloud ssl
configuration. The case where another load-balancing technology other
than haproxy is used is not covered.
Closes-Bug: #1638029
Change-Id: I98cb0dcd7f389a1dd38ec8324429bfef4979aa66
|
|
|
|
|
|
|
|
|
|
New Newton release
Change-Id: I152fbd1dcaac37474183d60654db15a9a4918209
|
|
|
|
ODL was missing transparent binding mode, which causes HA deployments to
fail since HA Proxy will try to come up on every node (even without
VIP).
Closes-Bug: 1637833
Change-Id: I0bb7839cdcfeacb4ca1a9fc6f878e8b51330be92
Signed-off-by: Tim Rozet <trozet@redhat.com>
|