Age | Commit message (Collapse) | Author | Files | Lines |
|
The service profile in HAProxy has the capability of creating
certificates based on a map. The idea is to standardize this, as
some of those certificates should match certain networks the services
are listening on (with the exception of the external network which is
handled differently and the tenant network which doesn't need a
certificate). So, based on which network a certain service is
listening on, we fetch the appropriate certificate.
bp tls-via-certmonger
Change-Id: I89001ae32f46c9682aecc118753ef6cd647baa62
|
|
Back in the Mitaka cycle via the change If6b43982c958f63bc78ad997400bf1279c23df7e
we made sure that the default start and stop timeouts for pacemaker
systemd resources is 200s (>= twice the default 90s DefaultTimeoutStopSec
in systemd). We did this change by setting puppet resource defaults for
the Pacemaker::Resource::Service class:
Pacemaker::Resource::Service {
op_params => 'start timeout=200s stop timeout=200s',
}
The problem is that after the composable services rework, this does not
work anymore and the pacemaker systemd resources that still exist do not
have these timeouts set.
We want to move away from resource defaults for this because its results
are dependent on the inclusion order which in tripleo is not guaranteed
any longer (https://docs.puppet.com/puppet/latest/reference/lang_scope.html#scope-lookup-rules)
The only services affected in Newton are: cinder-volume,
cinder-backup, manila-share, haproxy. I preferred fixing all the
pacemaker resources because it seems the cleanest and most logical
commit.
Change-Id: If89a95706514e536a7a2949871a0002c79b6046e
Closes-Bug: #1629366
|
|
|
|
|
|
Normalize coordination_url for Telemetry services, so we can deploy them
with IPv6.
Change-Id: Ic6de09acf0d36ca90cc2041c0add1bc2b4a369a5
Partial-Bug: #1629279
Depends-On: I038e2bac22e3bfa5047d2e76e23cff664546464d
|
|
This patch moves the various DB syncs into the MySQL role.
Database creation needs to occur on the MySQL server to
avoid permission issues.
This patch also moves database creation to step 2 so we can
guarantee that all per-service databases exist at this time.
This avoids complex ordering needed during step 3 where
services, on different hosts, can run their own db sync's
in a distributed fashion.
Change-Id: I05cc0afa9373429a3197c194c3e8f784ae96de5f
Partial-bug: #1620595
|
|
|
|
|
|
|
|
It used to be hardcoded that the bind-address was always coming from
the $::hostname fact. This is wrong, as it disregards where we have
configured the mysql address. This commit actually makes it
configurable, so we'll be able to set it via hieradata.
On the other hand, we use the hiera key that we already set
'mysql_bind_host' as a default; if, for some reason, that's
unavailable then we fall back to $::hostname.
Related-Bug: #1627060
Change-Id: I316acfd514aac63b84890e20283c4ca611ccde8b
|
|
swift proxy has already been updated to use updated
ceilometermiddleware as indicated here [1]. Include
it in the proxy class.
[1] https://github.com/openstack/puppet-swift/commit/e8ad981eff0f97c24a53197c42caf350627d3c9f
Change-Id: Ie49f4a750368ff174b23b8d6baa743d0956d727e
|
|
In puppet-manila it is the api service performing db sync, not
scheduler. This change moves ::manila::db::mysql (which creates
the empty database and users) in the tripleo manila/api profile.
Also moves rabbit config into a general manila base profile as
that would be needed by the scheduler service as well.
Change-Id: I2b537f735b8d1be8f39e8c274be3872b193c1014
|
|
The mistral puppet did not have support for configuring the rabbit hosts.
This change adds that support.
Change-Id: I6cb2cbf4a2abf494668d24b8c36b0d525643f0af
|
|
|
|
1) swift/ringbuilder: seed must be a String
Because we use validate_re in puppet-swift and puppet4 requires the
regex to be a string, not an integer.
2) Fix Swift package name
In puppet4, we need the resource title, not the resource name.
Change-Id: I50cea96d45e0eb46c19040d9a7105ab72c2dbef7
|
|
In the case of memcache servers are IPv6, make sure brackets set in the
way we construct the list of memcache server + memcache port parameter.
Also add unit-tests to test that the output is what we want in the
configuration.
Depends-On: I8d361ce9cfcfe6a3f8592b2b7991971a3c748c75
Closes-Bug: 1625335
Change-Id: I9fb8168d8fb56c9d8465d58a45fd8c6edfee6fdd
|
|
|
|
|
|
Sometimes the mongodb_replset resource fails with:
Could not evaluate: Can't find master host for replicaset tripleo.
This issue is intermittent so the fix cannot be perfectly verified, but
the assumption is that if we wait for MongoDB to be reachable on all
nodes, it will assure that the members will appear to the puppet module
as alive when creating or verifying the replset. If the validation
fails, it should help us uncover which of the members was causing
trouble.
Change-Id: I0bcd0d063a7a766483426fdd5ea81cbe1dfaa348
Closes-Bug: #1624420
|
|
Add brackets to IPv6 addresses before forming $object from $base
Change-Id: I4568d538561a0102b69f331a122d4989333a3bfa
Closes-Bug: #1623096
|
|
This commit ensures the tripleo-ui configuration files are present and
are matching the environment.
Change-Id: I0deeffa9026b1f5cd36a9810aaee7832e31c3c93
|
|
Installing the undercloud with generate_service_certificate=True
fails if HAProxy is not pre-installed. This is due to missing
dependency setting on our puppet manifests. We need to specify that
the PEM file needs to be written only if the haproxy user and group
exist (which comes from the package) and that the haproxy frontend
configuration needs to be notified if there are changes in the
certificates.
Change-Id: Iba3030e4489eb31f9c07ab49913687d8b595a91b
Closes-Bug: #1623805
|
|
This adds the tripleo::profile::base::validations profile which sets up
the `validations` user and installs the openstack-tripleo-validations
package.
Change-Id: Ib2b1ddcda3a41cb7263171d3024f05ba8bfd2f28
|
|
|
|
This patch allows to spefify the iscsi_protocol in the iSCSI cinder
backend when we want to use iSCSI Extensions for RDMA (iSER).
The default value remains 'iscsi'.
Change-Id: I6d2c4d71fb3ab1f7749d6e1defb59e86b9364cc1
|
|
Gnocchi statsd and metricd require Keystone resources to be in place
when using Swift backend, because those services will try to access to
Swift containers.
To do so, we want to move the service start at step 5 instead of 4 and
also require Keystone resource to be managed before starting the
services.
Change-Id: Ie5bc1481a8700c7cd080a76d0978146a84825767
Closes-Bug: #1621164
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configure drac, ilo and ssh drivers out of box.
Remove deprecated ironic::drivers::deploy.
This change brings the default driver list closer to one of undercloud.
Change-Id: I8b9a136a0ff22916d7c468bbb0df7248bc35a5c2
Partially-Implements: blueprint ironic-integration
|
|
|
|
|
|
|
|
Extra settings that need to be applied for plumgrid where compute
nodes are running.
Change-Id: Ided5483f0f36f0efd5a09112832d07f028a2a7f9
|
|
Currently we have some hard-coded mangling in t-h-t but we
instead need to build the array based on the nodes running swift
storage, combined with the SwiftRawDisks parameter.
This will enable running SwiftStorage on nodes other than Controller
and SwiftStorage roles, and is required for custom-roles due to
the hard-coded stuff in the role templates and overcloud.yaml
Change-Id: I11deed1df712ecccf85d36a75b3bd2e9d226af36
Partially-Implements: blueprint custom-roles
|
|
|
|
Instead of hard-coded yaml aliases in t-h-t, make each service
profile that requires rabbit default to the list of rabbit ips.
Note this could still be extended in future to e.g enable per
service rabbit clusters, but the default is to lookup the
hiera which should be logically equivalent to current t-h-t.
Change-Id: Ie53c93456529420588eb1927703ea91b54095d87
Partially-Implements: blueprint custom-roles
|
|
|
|
|
|
Instead of mangling this list in t-h-t, generate the list derived
from memcached_node_ips, which is now always set when memcached
is deployed, regardless of the role.
Note the port default is hard-coded as this is already hard-coded
(in two places) in t-h-t, but we can override it if this changes
in future.
We need this to remove the swift specific stuff out of overcloud.yaml
to enable custom-roles.
Change-Id: Ic8872e5e51732874ca5b93bff5efd3e7ed75bc31
Partially-Implements: blueprint custom-roles
|
|
This patch adds tripleo::profile::base::ceph::rgw
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Ib69b8171321284bb64e348d45b7eea2f00f8d506
|
|
Change-Id: I787becce343b38e6c27c9a1b937b47c0aefb034d
Related-Bug: 1618930
|
|
Update neutron parameter to lookup the right variable in Hiera.
Change-Id: I7b93e8d308f2ff2fb3a2083af75140dfa62b3ad8
|
|
|
|
Shares the same (ssl)port with Swift Proxy
Change-Id: I2e1de1a3fa6ad62895a1e972e43858f23c08bbea
|
|
Change-Id: Icb9633134114041bbd497e7652482dd5d34c9327
Depends-On: I8b83eff694316755e4dd2dbcde7b569472893bc5
Partially-Implements: blueprint ironic-integration
|
|
|