Age | Commit message (Collapse) | Author | Files | Lines |
|
It was suggested by Nova team to not deploying Nova API in WSGI with
Apache in production.
It's causing some issues that we didn't catch until now (see in the bug
report). Until we figure out what was wrong, let's disable it so we can
move forward in the upgrade process.
Related-Bug: 1661360
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
|
|
|
|
I have ExtraConfig settings that need to be set in
ironic.conf. Adding the ::ironic::config module
to our base Ironic profile should allow users to
customize Ironic if needed.
Change-Id: I93e9b3b5d4def1d8fa42b77b611b7d9d6cb7963b
|
|
This reverts commit 3f7e74ab24bb43f9ad7e24e0efd4206ac6a3dd4e.
After identifying how to workaround the performance issues on the
undercloud, let's put this back in. Enabling innodb_file_per_table is
important for operators to be able to better manage their databases.
Change-Id: I435de381a0f0e3ef221e498f442335cdce3fb818
Depends-On: I77507c638237072e38d9888aff3da884aeff0b59
Closes-Bug: #1660722
|
|
Rabbitmq Password is set on the fresh deployment, but during
update, if the password is changed, it is modified in all config
files including rabbitmq config. But the rabbitmq connection fails
because the new password is not successful applied to rabbitmq.
Setting the rabbitmq_user will invoke 'rabbitmqctl change_password'.
Scenario: The password change is applied on Step1 when configuring
Rabbitmq. Other services may be updated on different Steps. Till
other services config is updated with new rabbitmq password, and
restarted, the connections will get Access Denied response. It has
cyclic dependency. So the passwords will be changes at Step1 and
once all services are updated, the connections will work as is.
Partial-Bug: #1611704
Change-Id: I44865af3d5eb2d37eb648ac7227277e86c8fbc54
|
|
|
|
|
|
|
|
This reverts commit 621ea892a299d2029348db2b56fea1338bd41c48.
We're getting performance problems on SATA disks.
Change-Id: I30312fd5ca3405694d57e6a4ff98b490de388b92
Closes-Bug: #1661396
Related-Bug: #1660722
|
|
|
|
InnoDB uses a single file by default which can grow to be
tens/hundreds of gigabytes, and is not shrinkable even
if data is deleted from the database.
Best practices are that innodb_file_per_table is set to ON
which instead stores each database table in its own file, each of
which is also shrinkable by the InnoDB engine.
Closes-Bug: #1660722
Change-Id: I59ee53f6462a2eeddad72b1d75c77a69322d5de4
|
|
These parameters are being deprecated, so we should be using the
transport_url format instead.
Change-Id: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
|
|
|
|
|
|
|
|
Since the commit this depends on sets it up via hieradata, the
conditionals here are no longer needed.
bp tls-via-certmonger
Depends-On: I9252512dbf9cf2e3eec50c41bf10629d36070bbd
Change-Id: I37275e42763e103b81878b6af07c750a524c5697
|
|
it's not required in Ocata, let's configure the basic setup for cells.
note: it also cleanup old code that is not valid anymore.
Change-Id: Iac5b2fbe1b03ec7ad4cb8cab2c7694547be6957d
|
|
This patch allows the management of the AuditD service and its associated
files (such as `audit.rules`)
This is achieved by means of the `puppet-auditd` puppet module.
Closes-Bug: #1640302
Co-Authored-By: Luke Hinds (lhinds@redhat.com)
Change-Id: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
|
|
|
|
|
|
|
|
|
|
Requiring the neutron mechanism driver from hiera is too rigid, if
Neutron is not deployed in the catalog.
Be more flexible so catalog won't fail if the value is not set in Hiera.
Change-Id: I1475687c4dc53c77e763f42a440355a7c8d014bc
Partial-Bug: #1659662
|
|
Follow up patch for I63da4f48da14534fd76265764569e76300534472
to support composable HA for the Ceph rbdmirror daemon.
Change-Id: I3767bee4b1c7849fa85e71bcc57534b393d2d415
|
|
This uses the tls_proxy resource added in a previous commit [1] in
front of the neutron server when internal TLS is enabled. Right
now values are passed quite manually, but a subsequent commit will use
t-h-t to pass the appropriate hieradata, and then we'll be able to
clean it up from here.
Note that the proxy is only deployed when internal TLS is enabled.
[1] I82243fd3acfe4f23aab373116b78e1daf9d08467
bp tls-via-certmonger
Change-Id: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e
|
|
|
|
Change-Id: Ic74ccd5fa7b3b04ca810416e5160463252f17474
Signed-off-by: Dan Radez <dradez@redhat.com>
|
|
Depends-On: I91b9959a6f71b4e6885e55a568116cc28cf16ddd
Change-Id: I1a152dd0a7e7949ee8d91a6f63425dba2406fcaf
|
|
Bring change of I53151d4f555d5d161a3e53ce5f022e3bf3b2ffbd into
puppet-tripleo.
Change-Id: I1227956a0389497eedc00e4ec817f52be608dc75
Related-Bug: #1643655
|
|
|
|
|
|
|
|
Initial profile files for Octavia services.
Partially-implements: blueprint octavia-service-integration
Change-Id: Ic6f945cdf36744382a4a63fcc374d5562964ca68
|
|
This commit implements composable HA for the pacemaker profiles.
- Everytime a pacemaker resource gets included on a node,
that node will add a node cluster property with the name of the resource
(e.g. galera-role=true)
- Add a location rule constraint to force running the resource only
on the nodes that have that property
- We also make sure that any pacemaker resource/property creation has a
predefined number of tries (20 by default). The reason for this is
that within composable HA, it might be possible to get "older CIB"
errors when another node changed the CIB while we were doing an
operation on it. Simply retrying fixes this.
- Also make sure that we use the newly introduced
pacemaker::constraint::order class instead of the older
pacemaker::constraint::base class. The former uses the push_cib()
function and hence behaves correctly in case multiple nodes try
to modify the CIB at the same time.
Change-Id: I63da4f48da14534fd76265764569e76300534472
Depends-On: Ib931adaff43dbc16220a90fb509845178d696402
Depends-On: I8d78cc1b14f0e18e034b979a826bf3cdb0878bae
Depends-On: Iba1017c33b1cd4d56a3ee8824d851b38cfdbc2d3
|
|
Change-Id: I3d6bbc05644e840395f87333ec80e3b844f69903
|
|
This class was being included in the same way in two different branches
of the code which could be joined in the initial branch (or if
statement).
Change-Id: Iee3c1663a2fe929b21a9c089d89b721600af66bd
|
|
Previously we missed to perform the basic Ceph client configuration
on a node where only the RBD mirror service was deployed.
Change-Id: Ie6a4284a88714bcee964a38636e12aa88bb95c9d
Co-Authored-By: Michele Baldessari <michele@acksyn.org>
Related-Bug: #1652177
|
|
There is a typo in the bootstrap check which will lead to:
Could not find data item ceph_rbdmirror_bootstrap_short_node_name in any
Hiera data file and no default supplied at
/etc/puppet/modules/tripleo/manifests/profile/pacemaker/ceph/rbdmirror.pp
We need to be using the correct one:
$ hiera ceph_rbdmirror_short_bootstrap_node_name
overcloud-remote-0
Change-Id: Ic343e5f99e48360bdd2d2989781a4b6ca484e8fc
|
|
|
|
|
|
|
|
Since the commit this depends on sets it up via hieradata, the
conditions here are no longer needed.
bp tls-via-certmonger
Change-Id: I66956f0b85e8e3bf1ab9562221d51d51c230b88e
Depends-On: I693213a1f35021b540202240e512d121cc1cd0eb
|
|
|
|
|
|
This support enables a base profile called pacemaker_remote which will
allow the operator to automatically configure the pacemaker_remote
service on such nodes. This manifest also automatically adds any
pacemaker_remote nodes to the pacemaker cluster.
Depends-On: I0c01ecb7df1a0f9856fdc866b9d06acf0283fa4f
Depends-On: Ic0488f4fc63e35b9aede60fae1e2cab34b1fbdd5
Change-Id: I92953afcc7d536d387381f08164cae8b52f41605
|
|
|
|
|
|
|
|
|
|
This uses the tls_proxy resource added in the previous commit [1] in
front of the Glance API server when internal TLS is enabled. Right
now values are passed quite manually, but a subsequent commit will use
t-h-t to pass the appropriate hieradata, and then we'll be able to clean
it up from here.
Note that the proxy is only deployed when internal TLS is enabled.
[1] I82243fd3acfe4f23aab373116b78e1daf9d08467
bp tls-via-certmonger
Depends-On: Id5dfb38852cf2420f4195a3c1cb98d5c47bbd45e
Change-Id: Id35a846d43ecae8903a0d58306d9803d5ea00bee
|