Age | Commit message (Collapse) | Author | Files | Lines |
|
Enables configuration for Service Function Chaining plugin with neutron.
Implements: blueprint networking-sfc-support
Change-Id: Icd433ddc6ae7de19a09f9e33b410a362c317138a
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit e90cac5dcb7ae039920f626bca0c6d0f53798ff6)
|
|
- Skip lookup for tap interfaces
- Update l3_hosts field in vpp ml2 section
Change-Id: I231054a433eb7e598a6e24f6eaea02d476e776de
Signed-off-by: Feng Pan <fpan@redhat.com>
(cherry picked from commit 4d88340cb582a0fda9b6ac9174a41c7b4c28d655)
|
|
Change-Id: I472879b8f67e64b571638a0385943597a9120e6c
Signed-off-by: Feng Pan <fpan@redhat.com>
(cherry picked from commit f409f083d2c63e7ec2f484a77b2229613252de5e)
|
|
Puppet module is at: https://github.com/opnfv/barometer/tree/master/puppet-barometer
Change-Id: I95698d69c58e0c36ae88cc2687073a05b514592c
Signed-off-by: Maryam Tahhan <maryam.tahhan@intel.com>
Signed-off-by: jhinman1 <john.hinman@intel.com>
|
|
|
|
By default keystone sends notifications to the 'notifications'
topic. This is consumed by default by ceilometer. However, when
ceilometer is not enabled, rabbitmq accumulates these notifications
since nothing is consuming them. This results in the queue consuming
rabbitmq's memory.
With this capability, we can now dynamically configure notification
topics depending on the 'keystone_notification_topics' hiera key.
Related-Bug: #1729293
Change-Id: I4dcce73446633c08ea37ba567610eec398094036
(cherry picked from commit bbe7d9effe51324ef5fa75e40f9d0ca74544d484)
|
|
This profile has multiple purposes:
- group common httpd configurations/instructions
- correct a small issue with the "status" mod
Until now, only Horizon was specifically including this mode, and as
httpd wasn't listening on localhost, it wasn't in use at all.
With this commit, all API using apache will be able to provide the httpd
server status on 127.0.0.1/server-status.
Change-Id: If6d64f807c244d7e56852a67ac7dbad26c4c002f
Closes-Bug: 1724751
(cherry picked from commit 0933bc5fd896ac2474872bb1b4b217ad8f430885)
|
|
|
|
Required to allow bind propegation options to be set on individual bind-mounts.
See https://github.com/moby/moby/issues/19625.
Also https://access.redhat.com/articles/2938171 for rational for using this
option in RHEL/CentOS 7.3.
Change-Id: I8a63c044e15d7ca0f54654e9fc9c5d878461aa25
Related-bug: 1730533
(cherry picked from commit 2366b5b2fe3bc97d11aa9c3a65660ff78a6dc6f7)
|
|
The default docker0 address conflicts with the InternalApiNetCidr value
set in environments/network-environment.yaml. We should provide a way
to make the docker network configurable.
Change-Id: Ie803b33c93b931f7fefb87b6833eb22fd59cd92d
Related-Bug: #1726773
(cherry picked from commit 4462260182b5b6a8922193aff3ff603bbb93cf00)
|
|
|
|
The tripleo container do not yet have the required packages to run
mistral-api on top of apache so we're looking for a way to disable it.
Change-Id: I54627f1c5a8867738a55bee42075bb6087830c61
Related-Bug: #1724607
(cherry picked from commit 5eb571c4053f40d74aa5e6d136ab10c08094ddb9)
|
|
With https://review.openstack.org/#/c/511509 we start erroring out
properly on puppet errors. One of the jobs that is now failing is:
http://logs.openstack.org/09/511509/7/check/legacy-tripleo-ci-centos-7-undercloud-containers/5d3fecc/logs/var/log/undercloud_install.txt.gz
Reason for this is that we include the tripleo::base::tuned profile which has:
exec { 'tuned-adm':
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
command => "tuned-adm profile ${profile}",
unless => "tuned-adm active | grep -q '${profile}'"
}
So if the tuned package is not installed by other means we get:
"Error: /Stage[main]/Tripleo::Profile::Base::Tuned/Exec[tuned-adm]: Could not evaluate: Could not find command 'tuned-adm'",
Let's add the package here in the profile instead of installing it
via tripleo.sh, that way also a split stack deployment is covered.
Change-Id: I130cdc59000e0c5e5fa7c542fbe6b782651a7eb7
Closes-Bug: #1724518
(cherry picked from commit 32ef340901027926ed3f77ae37d8e0d20e38e15d)
|
|
Allow 'cinder' as a valid Glance backend. This value is already supported
by puppet-glance.
Change-Id: I850047e32f3608b3ce490e52e2e540695cb1a4ff
(cherry picked from commit edd7621f1db83d9b71ce3a168d2813880a660444)
|
|
Port status was already disabled in HA deployments pending a fix for:
https://bugs.opendaylight.org//show_bug.cgi?id=9147
However even in noha deployments port status will not work because ODL
is unable to bind to a specific IP for websocket, meaning it binds to
all IPs and haproxy cannot bind the VIP. Therefore we need to disable
it for all deployments until also this bug is fixed:
https://bugs.opendaylight.org//show_bug.cgi?id=9256
Related-Bug: 1718508
Change-Id: I2f2dc3ece97c97fc8477d4129d69719866a7f0c1
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 2471a8669d35f8b35ed00e9365623b37e335cd79)
|
|
Expose a new Puppet parameter to snmp profile, ``snmpd_config`` which
is an array definded to undef by default.
It can be used to override all snmpd configuration for advanced
deployments.
If used, all parameters have to be configured included users and
passwords, which should be the same as given to snmpd_password
and snmpd_user. There is no logic that will verify the content
of ``snmpd_config``.
Example of hieradata which configures snmpd_config:
snmpd_config:
- 'createUser ro_snmp_user MD5 "secrete"',
- 'rouser ro_snmp_user'
- 'proc neutron-server'
- 'proc nova-api'
Change-Id: Ief2518d5e47137215a34e9ae3b35c27c87fa6e08
Closes-Bug: #1720868
(cherry picked from commit c211ba78cabde54be2e3a6672f6e1d33d1d580f0)
|
|
ODL enables a feature by default to communicate port state to Neutron
via a websocket connection. The current implementation does not work in
HA, but does work with a noHA deployment. Therefore this patch disables
port status for HA deployments only until there is proper support.
Depends-On: I7eb752ad692e5522051f8393376890fcac9a09fe
Closes-Bug: 1718508
Change-Id: I13b5b72285d3c70cdee4d81678470d52be385aaf
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 228d7b456c6d5c4958c9add8f9021a83a4360510)
|
|
Logs in a containerized deployment are not in the same location as on
a baremetal deployment. This commit adds the $fluentd_path_transform
paramter to the fluentd glue module. This is a regular expression that
is used to transform log paths. To use this feature, include in your
hiera configuration something like:
tripleo::profile::base::logging::fluentd::fluentd_path_transform:
- /var/log/
- /var/log/containers/
Change-Id: I585b6877074353b5de62e5efaabfbe62432c473d
Partial-bug: #1716427
(cherry picked from commit 1ff0903a3950bc4adbc8c84b5153df6ca0fb6a3d)
|
|
In Ocata all live-migration over ssh is performed on the default ssh port (22).
In Pike the containerized live-migration over ssh is on port 2022 as the
docker host's sshd is using port 22.
To allow live migration during upgrade we need to temporarily pin the Pike
computes to port 22 and in the final converge we can switch over to port 2022.
This patch make the necessary puppet-tripleo change to allow this:
- Adds support in sshd profile for listening on multiple ports.
- Adds a profile to allow proxying to the containerized sshd from the
baremetal sshd
Change-Id: I0b80b81711f683be539939e7d084365ff63546d3
Related-bug: 1714171
(cherry picked from commit 05a413c34fa1266d38bf991a1f5ed2795631f0b7)
|
|
There is no reason to keep backend configuration in pacemaker-specific
manifest. This configuration is used no matter whether pacemaker is
used or not.
Change-Id: I63b53d230372a323db1d35a3774283ad2e29fbb1
Closes-Bug: #1714310
(cherry picked from commit 7327cc88246abe6473b7b29703af408adeccc88d)
|
|
|
|
|
|
|
|
This patch changes references from nsx_v3 to nsx since the nsx_v3 functionality
is the only one supported at this time.
Change-Id: Id73f675844b0df2eafa45507d1c28f16cd0b15b2
Closes-Bug: #1713191
(cherry picked from commit f27c45a0925546f3b9627fce7d223a1bba140ce0)
|
|
This uses the tls_proxy resource in front of the Redis server when
internal TLS is enabled.
bp tls-via-certmonger
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit 2d1d7875aa6f0b68005c84189627bc0716a7693f)
|
|
This follows the RabbitMQ docs [1] for enabling TLS for the replication
traffic. It reuses the certificate that rabbitmq already has.
Unfortunately, pacemaker uses the shortname for the rabbitmq nodes, so
we are not able to do proper verification of the certificates, since we
can't allocate a certificate for shortnames. So, until pacemaker can
track the rabbit nodes through their FQDNs, we don't set any verification
options.
[1] https://www.rabbitmq.com/clustering-ssl.html
Depends on: https://github.com/voxpupuli/puppet-rabbitmq/pull/574
bp tls-via-certmonger
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Change-Id: I265c89cb8898a6da78a606664a22c50f5e57a847
(cherry picked from commit 52404b85dc140d9ddc4605365454df0e052ee2cb)
|
|
This changes adds Dell EMC VNX backend as composable service
and matches the tripleo-heat-templates.
Change-Id: Iab80dc636913610704e1ceb2642ce738b68bb827
Implements: blueprint support-dellemc-vnx-manila
(cherry picked from commit eca5b4dfb22a9e9476cd835d2e211def4c9bd5c9)
|
|
The zaqar service name switched to zaqar-api[1], so the hieradata key
is zaqar_api_enabled now instead of zaqar_enabled.
[1] I9b451eac4427a52ad8eec62ff89acc6c6d3ab799
Closes-Bug: #1714213
Change-Id: I692658337e7afc9d0a99b245f8b0b4f76a076bc4
(cherry picked from commit bc6a526f91c156e1cecfb9226ae3686102e655d4)
|
|
This changes adds Dell EMC Unity backend as composable service
and matches the tripleo-heat-templates.
Change-Id: I0df1e16db89cd53e4f16cd08ccb975d8e7e9a470
Implements: blueprint dellemc-unity-manila
(cherry picked from commit 2f93b4fc3aa63d99b7dcb0302e9ee48bda1f4282)
|
|
This changes adds Dell EMC Isilon backend as composable service
and matches the tripleo-heat-templates.
Change-Id: I30f6b4c4ebe0a708a5eb34cd016544f4d2b9c2bb
Implements: blueprint dellemc-isilon-manila
(cherry picked from commit 75ee7f12f165d4ef6e47600d8c0ec93dff3b610d)
|
|
Exposes a way to configure the docker daemon with debug enabled.
Change-Id: I654a70c8bb7753679be83d78ca653ed44c3a7395
Related-Bug: #1710533
(cherry picked from commit 44b90c9a79146139cbcbe7f560bd1df667cca780)
|
|
|
|
This is requires for when libvirt is running over a container, since
we shouldn't try to restart the libvirt process, but the container
itself.
bp tls-via-certmonger-containers
Change-Id: I26a7748b37059ea37f460d8c70ef684cc41b16d3
|
|
Change Ifef08033043a4cc90a6261e962d2fdecdf275650 moved the stonith
property definition to the pacemaker_master node. This means that the
Class['tripleo::fencing'] -> Class['pacemaker::stonith'] ordering
breaks on non-boostrap pacemaker nodes because the pacemaker::stonith
property is not defined there any longer.
Let's fix this by simply using a resource collector and set the ordering
on that instead of adding yet anoth if statement. Ordering on
enablement of stonith is actually more correct formally.
Tested this on a broken setup successfully.
Closes-Bug: #1712605
Change-Id: I616d340bdf75da9d9eb8b83b2e804dff3d07d58e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We need to make it configurable since these commands don't apply for
containerized environments. This way we can restart containers or
disable restarting and rely on other means.
This stems from the issue that some services get accidentally started by
certmonger on containerized environments, which makes the container
initialization fail.
bp tls-via-certmonger-containers
Change-Id: I62ff89362cfcc80e6e62fad09110918c36802813
|
|
|
|
|
|
This adds a TLS proxy in front of it so it serves TLS in the internal
network.
bp tls-via-certmonger
Change-Id: I97ac2da29be468c75713fe2fae7e6d84cae8f67c
|
|
If we're using local registries, we may want to use different
registries e.g. for Ceph and for OpenStack. We allow multiple
registries in general for this purpose, and we should also allow it in
the insecure registry configuration.
Change-Id: I5cddd20a123a85516577bde1b793a30d43171285
Related-Bug: #1709310
|
|
|
|
This enables the usage of TLS by the apache vhost that hosts horizon.
bp tls-via-certmonger
Change-Id: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e
|
|
This makes sure that the database creation is only executed on the mysql
profile (or container if that's enabled), and stops the conflicts and
errors that were happening when barbican was deployed in containerized
environments.
Change-Id: Ib5c99482f62397fc5fb79a9dc537dfb06ee7f4df
Closes-Bug: #1710928
|
|
Generate a cron job and a config for logrotate
to be run against containerized services logs.
Related-bug: #1700912
Change-Id: Ib9d5d8ca236296179182613e1ff625deea168614
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|