Age | Commit message (Collapse) | Author | Files | Lines |
|
The default (on RHEL/CentOS) is to use polkit but this is only useful
for GUI support or for fine grained API access control. As we don't
require either we can achieve identical control using plain old unix
filesystem permissions.
I've merged Sven's changes from https://review.openstack.org/484979
and https://review.openstack.org/487150.
As we need to be careful with the libvirtd option quoting I think it's
best to do this in puppet-tripleo instead of t-h-t yaml.
The option to override the settings from t-h-t remains.
Co-Authored-By: Sven Anderson <sven@redhat.com>
Reverts I91be1f1eacf8eed9017bbfef393ee2d66771e8d6
Closes-bug: 1696504
Change-Id: I507bdd8e3a461091562177403a2a55fcaf6694d2
Depends-On: I17f6c9b5a6e2120a53bae296042ece492210597a
|
|
|
|
|
|
This changes adds Dell EMC Unity backend as composable service
and matches the tripleo-heat-templates.
Change-Id: I015f7dfec4bedf72332d91b91cda3ef1dc8caf8c
|
|
This allows running Zaqar with SSL under Apache.
Change-Id: I4c68a662c2433398249f770ac50ba0791449fe71
|
|
When docker-puppet runs module tripleo::haproxy to generate haproxy
configuration file, and tripleo::firewall::manage_firewall is true,
iptables is called to set up firewall rules for the proxied services
and fails due to lack of NET_ADMIN capability.
Make the generation of firewall rule configurable by exposing a
new argument to the puppet module. That way, firewall management can
be temporarily disabled when being run through docker-puppet.
Change-Id: I2d6274d061039a9793ad162ed8e750bd87bf71e9
Partial-Bug: #1697921
|
|
The unit tests jobs are failing because of missing pre conditions for
the new shared class introduced by
Ib233689fdcdda391596d01a21f77bd8e1672ae04. Additionally this change
moved some classes around so that the tests are now failing due to
duplicate class declarations for nova::compute::libvirt::services. This
change moves the include that pulls in the declaration first prior to
the include that exists in tripleo::profile::base::nova::libvirt.
The selinux test was also failing due to a type issue with the fact
being used (boolean vs string)
Change-Id: I5bd4b61d6008820729d58f7743e7e61955dd6f51
Closes-Bug: #1707034
|
|
|
|
Having this run in step 4 causes a refresh (restart) for httpd, which
in turn is problematic for the gnocchi db upgrade command, since when
it runs httpd is not available at that point. This fixes the issue,
since the API configuration is now ran at the same time as the wsgi
bits.
Change-Id: Ie0ab389a4450bb940757e34d1964423911885fa3
|
|
puppet support for this is added in Id8d4d091da2611de75390e045ebd473caf2a8909
Change-Id: I3354b54571a1b9d0a9187698217628d273cd7d7e
|
|
|
|
|
|
|
|
Previously we had used an exec defined in puppet-tripleo to do
clustering with OpenDaylight docker containers. The clustering issue is
now fixed in puppet-opendaylight by:
https://git.opendaylight.org/gerrit/#/c/60491
So removing the custom function and class workaround. Also,
'ha_node_index' is deprecated for configuring clustering with
puppet-opendaylight so that is also removed.
Depends-On: I21c1eb2eff6d4cb855eff4a1122f55ad625d84cc
Change-Id: I7693b692c74071945fdcc08292542e9b458a540b
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
2017-07-20 15:09:38.571317 | manifests/glance/nfs_mount.pp:65:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571430 | manifests/pacemaker/haproxy_with_vip.pp:107:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571473 | manifests/pacemaker/haproxy_with_vip.pp:108:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571511 | manifests/pacemaker/haproxy_with_vip.pp:109:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571551 | manifests/pacemaker/resource_restart_flag.pp:44:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571590 | manifests/profile/base/cinder/volume/nfs.pp:72:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571625 | manifests/profile/base/docker.pp:188:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571661 | manifests/profile/base/docker.pp:210:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571699 | manifests/profile/base/logging/fluentd.pp:79:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571735 | manifests/profile/base/pacemaker.pp:107:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571773 | manifests/profile/base/swift/ringbuilder.pp:97:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571811 | manifests/profile/base/swift/ringbuilder.pp:125:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571850 | manifests/profile/base/swift/ringbuilder.pp:130:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571889 | manifests/profile/pacemaker/ceph/rbdmirror.pp:79:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571927 | manifests/profile/pacemaker/cinder/backup.pp:66:WARNING: arrow should be on the right operand's line
2017-07-20 15:09:38.571965 | manifests/profile/pacemaker/ovn_northd.pp:96:WARNING: arrow should be on the right operand's line
Change-Id: I9393c5e04310cf84695531df9bb16f33e7e15abb
|
|
|
|
Some of the tasks carried by nova::compute::rbd class apply libvirt.
Change-Id: Ib233689fdcdda391596d01a21f77bd8e1672ae04
Depends-On: I28557deb13b75922932cd3e86c3467a541c988d0
|
|
Added missing san_private_key parameter used for password less SSH
authentication.
Change-Id: Ia9857064692681172573e9092b53a352cd776cbd
Depends-On: 0743d42ed1ed66e08ab7f4355145b4c06c589801
|
|
|
|
|
|
|
|
|
|
For multi-node deployments of the dispatch router, a mesh of
inter-router links is created. Note that bi-directional links must
not be configured.
Example: For nodes A, B, C
Node Inter-Router Link
A: []
B: [A]
C: [A,B]
Change-Id: If43beea7a53c1f8f1dff062341c7ea81751c3122
|
|
When the ceilometer-upgrade command is run in step5, it talks to gnocchi
and keystone on all the controllers. Since these other nodes might have
httpd restarted mid-upgrade we should retry if we get a failure.
Change-Id: I874cf9c34b41d055a258704dabe9150eab0f7968
Closes-Bug: #1703444
|
|
|
|
|
|
The stores parameter should be set with the new parameters
as they are going to be deprecated in the old method.
Change-Id: If272345e96988778ceccb8f2f624db1c38aea365
Closes-Bug: 1704327
|
|
Add new hook in the keystone profile for Veritas HyperScale.
Add new hook in the rabbitmq profile for Veritas HyperScale.
Add new hook in the mysql profile for Veritas HyperScale.
Change-Id: I9168bffa5c73a205d1bb84b831b06081c40af549
Depends-On: I316b22f4f7f9f68fe5c46075dc348a70e437fb1d
Depends-On: Id188af5e2f7bf628a97a70b8f20bef28e42b372d
Signed-off-by: abhishek.kane <abhishek.kane@veritas.com>
Signed-off-by: Dnyaneshwar Pawar <dnyaneshwar.pawar@veritas.com>
|
|
|
|
|
|
This patch adds a new insecure_registry_address parameter
to the docker profile. This parameter is meant to replace two
deprecated parameters which did the same thing.
Co-Authored-By: Ian Main <imain@redhat.com>
Change-Id: I729fa00175cb36b02b882d729aae5ff06d0e3fbc
|
|
This is set via all_nodes_config in t-h-t, but it's a special case for
this service, so it'll be better if we handle the ipv6 transformation
in puppet instead of relying on the service specific list mangling in
t-h-t (one aspect of which has been identified as a potential performance
problem).
Related-Bug: #1684272
Change-Id: Iccb9089db4b382db3adb9340f18f6d2364ca7f58
|
|
|
|
When the tripleo::profile::base::database::mysql::client profile is
included by other openstack services, the file /etc/my.cnf.d/tripleo.cnf
is not generated because docker-puppet is configured to disregard the
exec tags.
Make the profile use either File or Exec resource based on how it's
being called, to make it work for both containerized and non-containerized
use cases.
Change-Id: I103baa02373f6713cc300ac039a6f173ff0bbf1c
|
|
This currently assumes nova-compute and iscsid run in the same context which
isn't true for a containerized deployment
Change-Id: I91f1ce7625c351745dbadd84b565d55598ea5b59
|
|
|
|
|
|
This has been replaced with bootstrap_nodeid which isn't hard-coded to
the Controller role and thus will work should this service be deployed
on any other role via composable services.
Change-Id: I0a9fced847caf344e5d26b452f1bd40afab8f029
|
|
It is not necessary to mangle libvirt_rbd_secret_key parameter as this
is now given by the templates.
Depends-On: Iff3dbcb0f1b4d2373570e184e636a71553cea708
Change-Id: I6b163ab102f505f0d0ce9eb1ad9d4274e4ff6348
|
|
The nova migration config has always been applied by the base::nova profile.
It assumed that libvirtd/nova-compute and are all running on the
same host.
Where this config didn't apply (e.g a nova api host) it was disabled by a flag.
This approach is not compatible with containers. Hieradata for all containers
are combined so per-host flags no longer work, and we can no longer assume
libvirtd and nova-compute run in the same context.
This change refactors the profiles out of the base nova profile and into
a client profile and a target profile that can be included where appropriate.
Change-Id: I063a84a8e6da64ae3b09125cfa42e48df69adc12
Implements: blueprint tripleo-cold-migration
|
|
This patch updates the Zaqar profile so that we have
support for configuring alternate versions of the messaging
and management backends.
In Pike instack-undercloud started using the swift/sqlalchemy
backends and the intent here is to update the new containers
undercloud to use a similar default (thus letting us drop Mongodb).
Change-Id: Ie6a56b9163950cee2c0341afa0c0ddce665f3704
|
|
|
|
Disabling udev usage from LVM seems to be the only observed working
way of running containerized cinder-volume with local LVM backend.
I didn't come across reports that not using udev would have negative
impact on the functionality.
Additional info at
https://groups.google.com/forum/#!topic/docker-user/n4Xtvsb4RAw
Change-Id: I1bf395a6228dba66fa6bf9b8bcc9f3ac3d922a49
Related-Bug: #1700140
|
|
Use augeas to modify only parameters' dedicated configuration.
Split options from insecure registry. Overlapping those params may
unschedule the docker service restarts for some cases, ending up with
a split brain state for the docker service run-time config vs changed
/etc/sysconfig/options config.
Change-Id: Ic5640061837b022f7175f0db0dc269f9a61e6023
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
For the TLS everywhere job, there are some apache vhosts set up that
serve as TLS proxies. These need to be started at the same time as the
rest of the apache vhosts too.
Change-Id: I15e67c7c04142cff01704e2590d3b2a6a949cc06
|
|
Puppet wipes out whatever is not in it's resource catalog each run for
httpd. This causes httpd to restart if in the next step there are
reasources added that were not there earlier.
This patch, thus changes the instances of httpd to start at the same
time: On step 3 for the bootstrap node, and on step 4 for every other
node.
Closes-Bug: #1699502
Change-Id: I3d29728c1ab7bd5b78100f89e00e5fa082f97b0c
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
|
|
|
|
Adds the ability to create an empty MySQL database for Zaqar
if zaqar is enabled and settings for the mysql backend are
also available in hiera. This should allow Zaqar's database to
get created when needed, but skipped if MongoDB is used
instead (per overcloud defaults).
Change-Id: I3598e39c0a3cdf80b96e728d9aa8a7e6505e0690
|
|
This forces the MySQL users to use SSL when connecting to MySQL.
bp tls-via-certmonger
Depends-On: I24e4c195a31109835739e78a6b53d36f661f9fd0
Change-Id: I98856955132b680a159144204da1d5b400fe9794
|
|
The swift-dispersion-populate command needs to be called when Swift and
Keystone are up and running, and therefore we need to ensure this is
running in step 5 or later.
Change-Id: I5b4c08c252b6083dace5a65367920c475de416ce
|