Age | Commit message (Collapse) | Author | Files | Lines |
|
Glance supports the http_proxy_to_wsgi middlware, and it was recently
enabled in the overcloud [1]. However, for it to work properly, we
need to add the X-Forwarded-Proto header which was missing from the
HAProxy configuration.
[1] I4a8f7fc079ca93c50aa0ef7b0548dc64f6c5cfa0
Change-Id: I82e2db1145b0476cec27676fdfbb97e86cbd8182
|
|
|
|
|
|
|
|
|
|
Remove unused parameter in sahara
Change-Id: I46c033b410ab850289b798ee93990b6fb10c80ea
|
|
|
|
|
|
See discussion at https://review.openstack.org/#/c/342961/8
Change-Id: I571b65a5402c1028418476a573ebeb9450ed00c9
|
|
The original intent of this manifest was to set the defaults for the
CA and some other values when requesting certificates via certmonger.
However, this approach doesn't work and in the undercloud we ended up
doing this via hieradata instead. So this file is not used.
Change-Id: I552d504091acc0d5588e30d14bc2fc85d7b7ecea
|
|
This change moves the cinder-volume/cinder-scheduler constraints in the
cinder-scheduler profile as these can't be applied by the cinder-volume
service when cinder-scheduler isn't managed by Pacemaker.
Blueprint:
https://blueprints.launchpad.net/tripleo/+spec/ha-lightweight-architecture
Change-Id: I5e7585c08675d8a4bd071523b94210d325d79b59
Implements: blueprint ha-lightweight-architecture
Co-Author: cmsj@tenshu.net
|
|
Change-Id: I278dfee01ed24713dec29aae55d2c7bdcb7e74bc
|
|
Before haproxy tries to use the TLS certificates it should already
trust the CA. So it's necessary for the local CA-related manifest to
notify the ::tripleo::haproxy class.
This works for newly set deployments. deployments that have already
ran the ca-trust section will already trust the CA and thus won't
need that part.
Change-Id: I32ded4e33abffd51f220fb8a7dc6263aace72acd
|
|
The openstack-core-then-httpd constraint needs to live in the apache
pacemaker manifest and not in the main controller manifest file.
The same goes for those specific vsm/cisco neutron resources.
Change-Id: I2041d4d163f051427b62eec07b8345ad7006cc1d
|
|
|
|
|
|
|
|
Currently we are still creating all the pacemaker constraints for nova
in the main overcloud_controller_pacemaker.pp manifest file.
Let's move those to each role where they belong. Note that given
that a constraint depends on two separate pacemaker resources it is
a bit arbitrary in which file they end up being (the one of the first
resource or the second one).
Change-Id: I96a3a313d15fac820b020feae0568437c2cbade3
|
|
The openstack-core resource is not needed by the NG Pacemaker
architecture. It was moved into an isolated role by [1] so that
it could optionally be enabled when wanting the older architecture.
This submission removes the old openstack-core global resource.
1. I74a62973146c0261385ecf5fd3d06db51e079caa
Change-Id: I16a786ce167c57848551c7245f4344c382c55b3d
|
|
Change-Id: I74a62973146c0261385ecf5fd3d06db51e079caa
|
|
Nova {} workaround is not working correctly, we need to merge this patch
so we can move out ::nova from THT completely.
Also we need to use nova::cache to configure memcached parameters.
Co-Authorized-By: Giulio Fidente <gfidente@redhat.com>
Co-Authorized-By: Sven Anderson <sven@redhat.com>
Co-Authorized-By: Emilien Macchi <emilien@redhat.com>
Depends-On: I52d5badb9960124bb8fcb54983db2853c4185e77
Depends-On: I3e400a5f64b85f0d374fc02cc5e4080d19d0f2e4
Depends-On: Iee5f8015cbf40ca0e9a435a7de919ebdb74cf93f
Change-Id: Ie4e72e765f6a8ade48d4b2b766f067872554d1a2
|
|
|
|
|
|
|
|
|
|
This class will be used on the undercloud to deploy os_net_config.
Change-Id: I507c237a35250b660b37ea8cfc4e8e7f97ae21e2
|
|
|
|
|
|
In some profiles, we were looking up the $step by using Hiera
again, while we already do it in the parameter definition.
When using this class outside THT, it will fail but with this patch, we
could use just set the $step parameter and the rest of the manifest will
work.
Change-Id: I7082f47204fb4e529b164e4c4f1032e7bdd88f02
|
|
This gives the option to generate the service certificate(s) that
HAProxy will use. This will be used for both the overcloud and the
undercloud.
bp tls-via-certmonger
Change-Id: I3d0b729d0bad5252c1ae8852109c3a70c0c6ba7d
|
|
|
|
|
|
This patch updates the tripleo::firewall class so that it will
support loading firewall rules defined in composable services
via the following hiera keys (for nova-api for example):
tripleo.nova_api.firewall_rules
This patch relies on a new 'service_names' hiera array that should be
provided on all TripleO overcloud nodes.
Depends-On: I60861c5aa760534db3e314bba16a13b90ea72f0c
Change-Id: Id370362ab57347b75b1ab25afda877885b047263
|
|
|
|
service"
|
|
|
|
Deploy Keystone and Gnocchi API with the new Apache/Pacemaker profile.
Change-Id: Id28c618133e53e28dfac7e3e9cf9f5f5a6b2421a
|
|
Change-Id: I6ba962c682dc2ab8c6ee5238e0c176d9ae05d696
|
|
|
|
This class extracts the certificate and adds it to the trusted certs.
bp tls-via-certmonger
Change-Id: I6dc1e0469cd7dbbb51659c8f29975d25b2941ec3
|
|
Change I67a15dc83a754fb6f5fe25c64ae9e7d29c58fcec removed the
gnocchi configuration completely from non-bootstrap nodes. This
changes it so the configuration is included on all nodes, but the
db sync is only included on bootstrap.
Change-Id: If402becc900c175f5b3bb95c3413276e5a04b4f7
Closes-Bug: 1604708
|
|
Deploy Apache with Pacemaker in a new profile.
Change-Id: I9ae6cee2bfb0f8974d41d700454cfde2df06c2d1
|
|
Currently if we manually restart the cluster saometimes gnocchi statsd
doesnt comeup as galera is not up yet. This should tie the metrics to
core and follow the order.
Closes-bug: #1604860
Change-Id: I5ec29622938336410b91785ca49b410bcdd30cdd
|
|
Heat needs stack_user_domain_id or stack_user_domain_name config
options set in the heat.conf before starting. The domain itself
doesn't need to exist until a stack is actually created, but the
value needs to be there. This patch ensures that the heat domain
parameters are configured before starting the heat-engine service
with Pacemaker at step3 and 4, and at step5, Pacemaker will start
the services and Puppet will create the domains.
(note: commit message copied from
https://review.openstack.org/#/c/331652/ to mitaka tht, which came
first)
Change-Id: I58fa53357265c1607d2df1b04cc2296083212ab7
Closes-Bug: 1599232
|
|
|
|
|
|
Configures a nova-compute instance to use Ironic.
Change-Id: I4f817aba542cfaa386b3c0617feae90c61579b43
Partially-Implements: blueprint ironic-integration
|
|
Including ::ironic runs ironic-dbsync by default, so we end up with
ironic-dbsync run before the database is created. This patch fixes it.
Change-Id: I6fef1de18e52b68caaf4cbd55c0408b98b5c26e0
Partially-Implements: blueprint ironic-integration
|
|
|
|
The gnocchi db sync is being run from multiple controllers causing errors in
CI. See the bug for more details.
Change-Id: I67a15dc83a754fb6f5fe25c64ae9e7d29c58fcec
Closes-Bug: #1604624
|