Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Add an explicit tunnel timeout configuration option to increase the
tunnel timeout for persistent socket connections from two minutes (2m)
to one hour (3600s). A configuration was already present to apply a
tunnel timeout to the zaqar_ws endpoint, but that only applies to
connections made directly to the zaqar_ws endpoint directly. Since UI
now uses mod_proxy to proxy WebSocket connections for Zaqar, the timeout
is now applied for the same reasons to the ui haproxy server.
Change-Id: If749dc9148ccf8f2fa12b56b6ed6740f42e65aeb
Closes-Bug: 1672826
|
|
Add support for VMware NSX neutron plugin.
Change-Id: I9a50e608b08dce4e1409c89db1614974beb811f4
|
|
|
|
|
|
Ceilometer user is needed for other ceilometer services to
authenticate with keystone even when API is not present.
So the data can be dispatched to gnocchi. Lets keep these
separate so user always exists even when api is not.
Depends-On: Iffebd40752eafb1d30b5962da8b5624fb9df7d48
Closes-bug: #1677354
Change-Id: I8f4e543a7cef5e50a35a191fe20e276d518daf20
|
|
|
|
This patch moves fluentd deployment to step 4 (the same as openstack services)
and makes resource for user fluentd be dependent on all openstack packages,
so that we avoid errors such as "usermod: group 'cinder' does not exist".
Change-Id: Ibabd4688c00c6a12ea22055c95563d906716954d
|
|
|
|
|
|
Change-Id: I5173361818508849e5012a943a984af69d9d08cd
Depends-On: I2d28d9019e8bcf9f6b8ef5698958932d44321679
Closes-Bug: #1668978
|
|
Change-Id: I1e79407ec6f360a2b205cec6cf8e812a11b799ea
|
|
|
|
|
|
This adds the ability to manage the securetty file.
By allowing management of securetty, operators can limit root
console access and improve security through hardening.
Change-Id: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
Closes-Bug: #1665042
|
|
Change-Id: I5eed22ab0230a477d1629545b8ab1aeff33f4a35
|
|
Depends-On: I4b56417ce8ee7502ad32da578bdc29c46e459bd5
Change-Id: Idecbbabdd4f06a37ff0cfb34dc23732b1176a608
Author: John Eckersberg <jeckersb@redhat.com>
|
|
Implements: blueprint l2gw-service-integration
Change-Id: If1501c153b1b170b9550cb7e5a23be463fba1fe9
|
|
|
|
|
|
|
|
|
|
|
|
Change-Id: Id933276fab16eebd72751dca136ad805547e6291
Related-Bug: #1676491
|
|
Without this gnocchi resources types are not created
as they are skipped initially and the resources from
ceilometer wont make it to gnocchi.
Closes-bug: #1674421
Depends-On: I753f37e121b95813e345f200ad3f3e75ec4bd7e1
Change-Id: Ib45bf1b3e526a58f675d7555fe7bb5038dadeede
|
|
Introduce profile to configure l2 gateway Neutron
service plugin.
Implements: blueprint l2gw-service-integration
Change-Id: I01a8afdc51b2a077be1bbc7855892f68756e1fd3
Signed-off-by: Peng Liu <pliu@redhat.com>
|
|
This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.
Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
|
|
We attempt to use iscsi-iname in an exec for our nova compute profile
but we do not ensure that the package providing this command is
installed. This change adds the package definition for
iscsi-initiator-utils to ensure it is installed before trying to use
iscsi-iname.
Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d
Closes-Bug: #1675462
|
|
The rabbitmq user check is moved to step >= 2 from step >= 1. There is
no gaurantee that rabbitmq is running at step 1, especially if updating
a failed stack that never made it past step 1 to begin with.
Change-Id: I029193da4c180deff3ab516bc8dc2da14c279317
Closes-Bug: #1675194
|
|
Without balance source and hash-type consistent traffic to
Contrail Webui https is not correctly load-balanced
Change-Id: I05a5aeea7db801c1403ef3c4dd4f94480fd8692e
|
|
This submission moves the neutron profile
`::tripleo::profile::base::neutron`
our of step 4.
Change-Id: I4d0617b0d7801426ea6827e70f5f31f10bbcc038
|
|
Create a tripleo profile for the bigswitch neutron agent configuration
to be consumed by THT.
Change-Id: I7a8f7f73c9c8446e21c16a5c378bd7e0f0a4c94e
Partial-Bug: #1674791
|
|
This commit conditionally includes messaging amqp class for the
oslo.messaging AMQP 1.0 driver to support notifications.
This patch:
* include keystone::messaging::amqp class for oslo_messaging_amqp opts
Change-Id: I8eb23a21d2499795c3a76ae3197bda7773165a8c
|
|
|
|
|
|
Previously ODL was restricted to only running on the first node in an
tripleO HA deployment. This patches enables clustering for ODL and
allows multiple ODL instances (minimum 3 for HA).
Partially-implements: blueprint opendaylight-ha
Change-Id: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.
As a side effect, this change makes it possible to potentially enable
ironic-inspector support in the future (it's not enabled yet).
Change-Id: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #1661250
|
|
Setting cluster_enabled to false causes ETCD_INITIAL_ADVERTISE_PEER_URLS
to be unset, which will cause deployment failure when etcd is deployed
in a single node mode.
Closes-Bug: #1673188
Change-Id: Iadff36bf7beb247d0408913c89f83fa5c8ac6874
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
|
|
To deploy successfully the RadosGW service on a dedicated node
it is necessary to provision on the node a CephX keyring with the
needed permissions to import the RadosGW service keyring. This
change will provision any keyring passed via client_keys.
It makes possible to deploy the CephRgw service on any custom role
without including the CephClient service.
Change-Id: I5772eeb233ca241887226145a472c7a0363249cb
Closes-Bug: #1673288
|
|
Implements: blueprint fdio-integration-tripleo
Change-Id: I5af0b8bbfa3ea6ace9a5cce4aa2fc1fab49ab9f2
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
|
|
|
|
This profile will specifically be used to create all the certificates
required in the node. These are fetched from hiera and will be ran in
the first step of the overcloud deployment and in the undercloud.
The reasoning for this is that, with services moving to containers, we
can't yet do these requests for certificates within the containers for
the specific services. this is because the containers won't have
credentials to the CA, while the baremetal node does. So instead we
still do this on the baremetal node, and will subsequently bind mount
the certificates to the containers that need them. Also, this gives us
flexibility since this approach still works for the baremetal case.
There will be a subsequent commit removing the certificate requests from
the service-specific profiles.
Change-Id: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
|
|
Changes Include:
- Adds spec testing
- Only raise limits if nonha. puppet-systemd will restart the mariadb
service which breaks ha deployments. Hence we only want to do this
in noha.
- Minor fix to hiera value refrenced not as parameter to mysql.pp
Partial-Bug: #1648181
Related-Bug: #1524809
Co-Authored By: Feng Pan <fpan@redhat.com>
Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
We currently set the haproxy stat socket to /var/run/haproxy.sock.
On Centos/RHEL with selinux enabled this will break:
avc: denied { link } for pid=284010 comm="haproxy"
name="haproxy.sock" dev="tmpfs" ino=330803
scontext=system_u:system_r:haproxy_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
The blessed/correctly-labeled path is /var/lib/haproxy/stats
Note: I am setting only Partial-Bug because I would still like
to make this a parameter so other distros may just override the path.
But that change is more apt for pike and not for ocata.
Change-Id: I62aab6fb188a9103f1586edac1c2aa7949fdb08c
Patial-Bug: #1671119
|
|
This moves the certificate request bits to simplify the profile and move
the logic to the HAProxy/certmonger specific manifest.
This is a small iteration on the effort to separate the certificate
retrieval to its own manifest since this part won't be containerized
yet.
Change-Id: Ibb01cd9a59049e4728615cb4f37e5bfac5800a92
|
|
Currently tuned uses the wrong profile on compute nodes. This patch will
allow users to update their tuned profile.
Fixes bug 1667524
Change-Id: Ic67aca7f5338ea4bb2d3843201e122c72d97056e
|
|
|
|
Introduce profile to configure networking-bgpvpn service
Implements: blueprint bgpvpn-service-integration
Change-Id: I7c1686693a29cc1985f009bd7a3c268c0e211876
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|