Age | Commit message (Collapse) | Author | Files | Lines |
|
This change will make the global cluster-check property configurable
and will pick a lower default (60s) in case a pacemaker remote node
is deployed.
The cluster-recheck-interval is set to default to 15minutes by
pacemaker. This value is too high when a pacemaker remote service
is deployed. With this default value a reboot of a pacemaker remote
node will be reported as offline by pacemaker for up to 15minutes.
With this change we do the following:
1) Do nothing in case pacemaker remote is not deployed
2) When pacemaker remote is deployed and the operator has not
specified otherwise, we set the recheck interval to 60s.
3) When the operator specifies the recheck interval we set that.
Change-Id: I900952b33317b7998a1f26a65f4d70c1726df19c
Closes-Bug: #1679753
(cherry picked from commit f464e9f703b824f8971ade50c32884748caffefc)
|
|
|
|
So we avoid useless apache restart and save time during the deployment.
Note: the backport is not 100% clean as Heat API was not deployed in
WSGI during Ocata cycle, so now, it's only for Aodh.
Related-Bug: #1664418
Change-Id: Ie00b717a6741e215e59d219710154f0d2ce6b39e
(cherry picked from commit 2272bcabba8752cd1876f85b1f9b83b0c7592c94)
|
|
|
|
This causes issues in deployments that is not using ML2
ComputeNeutronCorePlugin or OVS agent on the compute nodes.
Closes-Bug: 1679202
Change-Id: I9cdfd115add8c0d2d3ae6802e7bde007c1677c67
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 1b93ca14c4d58c360424fbf34f669014b34d3b4b)
|
|
Ceilometer user is needed for other ceilometer services to
authenticate with keystone even when API is not present.
So the data can be dispatched to gnocchi. Lets keep these
separate so user always exists even when api is not.
Depends-On: Iffebd40752eafb1d30b5962da8b5624fb9df7d48
Closes-bug: #1677354
Change-Id: I8f4e543a7cef5e50a35a191fe20e276d518daf20
(cherry picked from commit 38e4976b7b80487e26c75ece20bab631597240a3)
|
|
We configure apache in step 3 so horizon should be configured at the
same time or else updates will cause horizon to be unvailable during the
update process.
Change-Id: I4032f7c24edc0ff9ed637e213870cdd3beb9a54e
Closes-Bug: #1678338
(cherry picked from commit e2928717412242faa4eb15d778f1b5c0952edc08)
|
|
The eqlx_use_chap, eqlx_chap_login and eqlx_chap_password were
previously deprecated and are scheduled to be removed in Pike. This
change updates these parameters to use the replacement params.
See I295d8388ba17dd60e83995e7c82f64f02a3c4258 for more details.
Change-Id: I0f229ed2e7bb65d9da81c5caa69dbe1a4aded814
(cherry picked from commit 9cd4ddce32b4f14e7f6168416fcaee26a64f7a90)
|
|
The rabbitmq user check is moved to step >= 2 from step >= 1. There is
no gaurantee that rabbitmq is running at step 1, especially if updating
a failed stack that never made it past step 1 to begin with.
Change-Id: I029193da4c180deff3ab516bc8dc2da14c279317
Closes-Bug: #1675194
(cherry picked from commit aa9af086f05e466e88ac2a85ecc9d39f5a6d1e2f)
|
|
|
|
|
|
Change-Id: Id933276fab16eebd72751dca136ad805547e6291
Related-Bug: #1676491
(cherry picked from commit f137661aa178a6b390976470ddec7ed77eb05cf5)
|
|
Without this gnocchi resources types are not created
as they are skipped initially and the resources from
ceilometer wont make it to gnocchi.
Closes-bug: #1674421
Depends-On: I753f37e121b95813e345f200ad3f3e75ec4bd7e1
Change-Id: Ib45bf1b3e526a58f675d7555fe7bb5038dadeede
(cherry picked from commit aec471a78d46d839e98026c4cb98acb412a7b424)
|
|
We attempt to use iscsi-iname in an exec for our nova compute profile
but we do not ensure that the package providing this command is
installed. This change adds the package definition for
iscsi-initiator-utils to ensure it is installed before trying to use
iscsi-iname.
Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d
Closes-Bug: #1675462
(cherry picked from commit 2102a610c14d357f99a531250e676d6366559212)
|
|
services" into stable/ocata
|
|
|
|
The db_sync from panko comes from the panko-api package; So we move the
db_sync to be done in the api manifest as it's done for other services
such as barbican.
This is necessary since in cases where the overcloud deploy requires
puppet to do the installations, with the previous setup it failed since
the command wasn't available in the step it was being done.
Change-Id: I20a549cbaa2ee4b2c762dbae97f5cbf4d0b517c8
Closes-Bug: #1671716
(cherry picked from commit d73c2630b534b277122db68620be8923c4d3a6b4)
|
|
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.
As a side effect, this change makes it possible to potentially enable
ironic-inspector support in the future (it's not enabled yet).
Change-Id: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #1661250
(cherry picked from commit ffe6ae2c24f82df620df14ee4be8bd292cb95075)
|
|
Changes Include:
- Adds spec testing
- Only raise limits if nonha. puppet-systemd will restart the mariadb
service which breaks ha deployments. Hence we only want to do this
in noha.
- Minor fix to hiera value refrenced not as parameter to mysql.pp
Partial-Bug: #1648181
Related-Bug: #1524809
Co-Authored By: Feng Pan <fpan@redhat.com>
Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Feng Pan <fpan@redhat.com>
(cherry picked from commit c9acf8a687ea64686c1ecceeff45add014752121)
|
|
Since the norpm provider can prevent the chronyd package from actually
getting purged, we need to make sure the chronyd service is stopped and
disabled so that it does not conflict with ntpd.
Change-Id: I7a697aba7aa5a27ba4ab6e46018057f7f01dfab2
Closes-Bug: #1665426
(cherry picked from commit 37ba3a8db5e38955469e8bc9158388379d64abc8)
|
|
stable/ocata
|
|
Systemd starts mariadb as user mysql, so in order to allow a large
number of connections (e.g. max_connections=4096) it is necessary to
raise the file descriptor limit via a system drop-in file.
When installing an undercloud, such drop-in file is currently
generated by instack-undercloud (in file puppet-stack-config.pp). But
non-HA overcloud also need such drop-in to be generated.
In order to avoid duplicating code, the drop-in creation code should
be provided by puppet-tripleo. By default, no drop-in is generated;
it has to be enabled by instack-undercloud or tripleo-heat-template
once they will use it (resp. to create undercloud or non-HA overcloud).
This patch does not aim at generating a dynamic file limit based on
the number of connections, this should land in another dedicated
patch. Instead, it just reuses the limit currently set for undercloud
and HA-overclouds.
Also, the generation of the drop-in does not force a mysql restart
like it currently does in instack-undercloud, to avoid unexpected
service disruption on a non-HA overcloud after a minor update.
Co-Authored-By: Tim Rozet <trozet@redhat.com>
Depends-On: I7ca7b5f7614971455cae2bf7c4bf8264b642b0dc
Change-Id: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6
Partial-Bug: #1648181
Related-Bug: #1524809
(cherry picked from commit 09665170f6d0f4536a48dd4d1444e07aa064bed7)
|
|
This patch will set neutron's dhcp_agents_per_network equal to the
number of deployed neutron DHCP agents unless otherwise explicitly set.
Conflicts:
manifests/profile/base/neutron.pp
Note: spec/classes/tripleo_profile_base_neutron_spec.rb removed from
backport as it required defining the neutron class as a precondition to
satisfy a requirement for a rabbit password. This leads to a duplicate
definition.
Partial-bug: #1632721
Change-Id: I5533e42c5ba9f72cc70d80489a07e30ee2341198
(cherry picked from commit 52a68ffc8f060e1961458a524e5861cea02d1c1c)
|
|
stable/ocata
|
|
By default Puppet does virtual package matching if precise name matching
fails. Docker-distribution RPM "provides" docker-registry:
bash-4.2# rpm -q --whatprovides docker-registry
docker-distribution-2.5.1-1.el7.x86_64
This means that when we wanted to make docker-registry package absent,
we were actually removing docker-distribution instead. This is now fixed
by allow_virtual => false. Only name matching is performed.
Change-Id: I1f93b404085f0bc2b6c063f573c801db6409c0bb
Closes-Bug: #1666459
(cherry picked from commit d12c004bc9c630c756a6b0df351916b9e04b9778)
|
|
When fixing LP#1643487 we added ?bind_address to all DB URIs.
Since this clashes with Cellsv2 due to the URIs becoming host
dependent, we need a new approach to pass bind_address to pymysql
that leaves the DB URIs host-independent.
We first create a /etc/my.cnf.d/tripleo.cnf file with a [tripleo]
section and in this section we add the correct bind-address option.
Note that we use the puppet augeas lens and not the mysql one
because the mysql one does not support custom sections *and* there
are older versions around which do not like the /etc/my.cnf.d/* path.
The reason for not reusing an existing mariadb file (my.cnf or
galera.cnf) is that pymysql's ini file support is not robust
enough at the moment: https://github.com/PyMySQL/PyMySQL/issues/548
The reason for putting this file creation code only on the controller
nodes the following: The slow VIP failover only happens if a
service runs where the VIPs exist. The VIPs get created in the
haproxy profile and that is why in order to have fast VIP failovers
the MySQLClient profile must live where the Haproxy service is running.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Partial-Bug: #1663181
Change-Id: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
(cherry picked from commit f6116ff0f350aeecdaa346e4e49d208be49ce6b9)
|
|
1. Manage Keystone resources only at step 3. Don't verify them
at step 4 and 5, it's a huge loss of time.
2. Don't require Keystone resources for Gnocchi services, they are
already ready at Step 5.
Related-Bug: #1664418
Change-Id: I9879718a1a86b862e5eb97e6f938533c96c9f5c8
|
|
|
|
nova placement credentials in nova.conf need to be configured at step 3
so Nova services can use them as soon as they start.
Change-Id: I0abdd305b7e6c8d83f23e25b3872e98eb56dd299
|
|
|
|
|
|
|
|
|
|
|
|
- transform nova_api_wsgi_enabled in a parameter
- update rspec tests
- fix TLS to run at step 1
Change-Id: I4d3f9c92f0717ae8c3bc8d71065fab281de82008
|
|
We need to run nova-cell_v2-discover_hosts at the very end of the
deployment because nova database needs to be aware of all registred
compute hosts.
1. Move keystone resources management at step 3.
2. Move nova-compute service at step 4.
3. Move nova-placement-api at step 3.
5. Run nova-cell_v2-discover_hosts at step 5 on one nova-api node.
6. Run neutron-ovs-agent at step 5 to avoid racy deployments where
it starts before neutron-server when doing HA deployments.
With that change, we expect Nova aware of all compute services deployed
in TripleO during an initial deployment.
Depends-On: If943157b2b4afeb640919e77ef0214518e13ee15
Change-Id: I6f2df2a83a248fb5dc21c2bd56029eb45b66ceae
Related-Bug: #1663273
Related-Bug: #1663458
|
|
|
|
Also adds an initial spec file for basic testing of the module.
Change-Id: I5534aab53b70de215336a076d25263c73b8d7b5b
Partial-Bug: #1661316
|
|
This changes rebrands Dell Eqlx to Dell PS series
and matches the tripleo-heat-templates.
Change-Id: I3536147a06b426ace18cf415e99361c47b4cf5d9
|
|
1. Move keystone resources management at step 4.
2. Move nova-compute startup at step 5.
That way, we make sure nova-compute will start when all Keystone
resources are ready.
Change-Id: I6e153e11b8519254d2a67b9142bf774a25bce69d
Closes-Bug: #1663273
|
|
Cleanup patch once the THT patch is merged.
Change-Id: Iba439a4758a4728197d7620b764a4f0f2648ee0f
Depends-On: I09b73476762593642a0e011f83f0233de68f2c33
|
|
|
|
On compute nodes, instead of binding vnc server on 0.0.0.0, use the IP
address provided by libvirt's t-h-t profile (hiera).
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: Ie377c09734e9f6170daa519aed69c53fc67c366b
Change-Id: If6b116b238a52144aad5e76c9edc7df6aa15313c
Closes-Bug: #1660099
|
|
It was suggested by Nova team to not deploying Nova API in WSGI with
Apache in production.
It's causing some issues that we didn't catch until now (see in the bug
report). Until we figure out what was wrong, let's disable it so we can
move forward in the upgrade process.
Related-Bug: 1661360
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
|
|
|
|
I have ExtraConfig settings that need to be set in
ironic.conf. Adding the ::ironic::config module
to our base Ironic profile should allow users to
customize Ironic if needed.
Change-Id: I93e9b3b5d4def1d8fa42b77b611b7d9d6cb7963b
|
|
This reverts commit 3f7e74ab24bb43f9ad7e24e0efd4206ac6a3dd4e.
After identifying how to workaround the performance issues on the
undercloud, let's put this back in. Enabling innodb_file_per_table is
important for operators to be able to better manage their databases.
Change-Id: I435de381a0f0e3ef221e498f442335cdce3fb818
Depends-On: I77507c638237072e38d9888aff3da884aeff0b59
Closes-Bug: #1660722
|
|
Rabbitmq Password is set on the fresh deployment, but during
update, if the password is changed, it is modified in all config
files including rabbitmq config. But the rabbitmq connection fails
because the new password is not successful applied to rabbitmq.
Setting the rabbitmq_user will invoke 'rabbitmqctl change_password'.
Scenario: The password change is applied on Step1 when configuring
Rabbitmq. Other services may be updated on different Steps. Till
other services config is updated with new rabbitmq password, and
restarted, the connections will get Access Denied response. It has
cyclic dependency. So the passwords will be changes at Step1 and
once all services are updated, the connections will work as is.
Partial-Bug: #1611704
Change-Id: I44865af3d5eb2d37eb648ac7227277e86c8fbc54
|
|
|
|
|