Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch configures SSH tunneling for nova cold-migration and reuses the
tunnel for libvirt live-migration unless TLS has been enabled.
Change-Id: I367757cbe8757d11943af7e41af620f9ce919a06
Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
|
|
We configure apache in step 3 so horizon should be configured at the
same time or else updates will cause horizon to be unvailable during the
update process.
Change-Id: I4032f7c24edc0ff9ed637e213870cdd3beb9a54e
Closes-Bug: #1678338
|
|
Add an explicit tunnel timeout configuration option to increase the
tunnel timeout for persistent socket connections from two minutes (2m)
to one hour (3600s). A configuration was already present to apply a
tunnel timeout to the zaqar_ws endpoint, but that only applies to
connections made directly to the zaqar_ws endpoint directly. Since UI
now uses mod_proxy to proxy WebSocket connections for Zaqar, the timeout
is now applied for the same reasons to the ui haproxy server.
Change-Id: If749dc9148ccf8f2fa12b56b6ed6740f42e65aeb
Closes-Bug: 1672826
|
|
Ceilometer user is needed for other ceilometer services to
authenticate with keystone even when API is not present.
So the data can be dispatched to gnocchi. Lets keep these
separate so user always exists even when api is not.
Depends-On: Iffebd40752eafb1d30b5962da8b5624fb9df7d48
Closes-bug: #1677354
Change-Id: I8f4e543a7cef5e50a35a191fe20e276d518daf20
|
|
|
|
This adds the ability to manage the securetty file.
By allowing management of securetty, operators can limit root
console access and improve security through hardening.
Change-Id: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
Closes-Bug: #1665042
|
|
Change-Id: I5eed22ab0230a477d1629545b8ab1aeff33f4a35
|
|
Implements: blueprint l2gw-service-integration
Change-Id: If1501c153b1b170b9550cb7e5a23be463fba1fe9
|
|
|
|
|
|
Without this gnocchi resources types are not created
as they are skipped initially and the resources from
ceilometer wont make it to gnocchi.
Closes-bug: #1674421
Depends-On: I753f37e121b95813e345f200ad3f3e75ec4bd7e1
Change-Id: Ib45bf1b3e526a58f675d7555fe7bb5038dadeede
|
|
Introduce profile to configure l2 gateway Neutron
service plugin.
Implements: blueprint l2gw-service-integration
Change-Id: I01a8afdc51b2a077be1bbc7855892f68756e1fd3
Signed-off-by: Peng Liu <pliu@redhat.com>
|
|
Create a tripleo profile for the bigswitch neutron agent configuration
to be consumed by THT.
Change-Id: I7a8f7f73c9c8446e21c16a5c378bd7e0f0a4c94e
Partial-Bug: #1674791
|
|
This commit conditionally includes messaging amqp class for the
oslo.messaging AMQP 1.0 driver to support notifications.
This patch:
* include keystone::messaging::amqp class for oslo_messaging_amqp opts
Change-Id: I8eb23a21d2499795c3a76ae3197bda7773165a8c
|
|
Previously ODL was restricted to only running on the first node in an
tripleO HA deployment. This patches enables clustering for ODL and
allows multiple ODL instances (minimum 3 for HA).
Partially-implements: blueprint opendaylight-ha
Change-Id: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Implements: blueprint fdio-integration-tripleo
Change-Id: I5af0b8bbfa3ea6ace9a5cce4aa2fc1fab49ab9f2
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
|
|
Introduce profile to configure networking-bgpvpn service
Implements: blueprint bgpvpn-service-integration
Change-Id: I7c1686693a29cc1985f009bd7a3c268c0e211876
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|
|
|
|
authtoken class configures the keystone_authtoken parameters, required
to move to Keystone V3 auth.
Change-Id: Ibfd761fef813faa7bf13881c52c34e20d3eac9e5
|
|
There were some values that were passed to the classes manually, and
this takes the parameters from t-h-t instead. Also, the release note was
added.
bp tls-via-certmonger
Change-Id: I17c4b7041e16da6489f4b713fdeb28a6e1c5563c
Depends-On: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6
|
|
|
|
Change-Id: I89e544474b3f73a9e00d37dcddb605d5fe979ca8
|
|
This configures the docker service on the host, as an alternative
to the firstboot script in docker/firstboot/setup_docker_host.sh
Doing this via puppet will enable easier integration with e.g
the multinode jobs where no firstboot scripts run, and also
enables a better error path in the event the service fails to start
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
|
|
|
|
|
|
Adding release note for Ie72b96c76d7513f84003bc15b6527c97df7ba92f
Change-Id: Ie3dd31519a4a2cc7aa94a5fc7cd7e906482668f3
Related-Bug: #1629052
|
|
This patch will set neutron's dhcp_agents_per_network equal to the
number of deployed neutron DHCP agents unless otherwise explicitly set.
Partial-bug: #1632721
Change-Id: I5533e42c5ba9f72cc70d80489a07e30ee2341198
|
|
Ceilometer central, compute and ipmi agent classes are
deprecated. Instead we should be using polling agent
with relevant namespace.
Closes-bug: #1662685
Change-Id: I1ee50124bf8936e12414f984e1bcd4545d92e953
|
|
|
|
os_transport_url was updated to allow receiving
a string or an integer as parameter.
Fixes the workarounds in puppet-tripleo
Change-Id: I50993514048bf96b5a42b3425a7d6f98778fe694
Depends-On: I9e56f8e2de542b20fe9e6995506cff5bb435e220
|
|
|
|
|
|
Vector Packet Processing (VPP) is a high performance packet processing
stack that runs in user space in Linux. VPP is used as an alternative to
kernel networking stack for accelerated network data path.
Implements: blueprint fdio-integration-tripleo
Change-Id: I70a68a204a8b9d533fc2fa4fc33c39c3b1c366bf
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
Which language options to offer to the UI users is determined in the
configuration file. Let's show all possible languages by default,
unless specified otherwise.
Change-Id: I513303bf82dca53e2291ab66f2385a2985a1846e
Related-Bug: #1663279
|
|
Change-Id: I95f7b57a6cb0811af324996bd00580732503ed28
|
|
|
|
|
|
On compute nodes, instead of binding vnc server on 0.0.0.0, use the IP
address provided by libvirt's t-h-t profile (hiera).
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: Ie377c09734e9f6170daa519aed69c53fc67c366b
Change-Id: If6b116b238a52144aad5e76c9edc7df6aa15313c
Closes-Bug: #1660099
|
|
|
|
Add support to enable the UI to use paths via mod_proxy to access API
endpoints instead of connecting to each endpoint directly on a port
other than where the UI is served from. This is necessary to prevent
certificate acceptance errors from non-Chrome browsers which take
exception to connections made to other ports on the same hostname, using
one SSL certificate.
This change extends the UI's Apache configuration to create one
mod_proxy location for each of the API endpoints that UI calls upon.
These mod_proxy (using ProxyPass, ProxyPassReverse) endpoints are
configured using new heira variables provided in the dependent commit.
Additionally, this change modifies the default UI configuration file to
include endpoint URLs formatted to use the new endpoint paths that are
created.
Removed puppet variables which were previously used to generate the
contents of the tripleo_ui_config.js template, since they are no longer
used to generate this file, replaced with the new endpoint URLs
formatted to use the new endpoint paths that are created.
Change-Id: I55e375ad462fa98e181277ec0bd88658e620e8ad
Implements: blueprint proxy-undercloud-api-services
Depends-On: Ib20f4b0891563ae90ec80675635a64c39bd2fdb7
|
|
This reverts commit 3f7e74ab24bb43f9ad7e24e0efd4206ac6a3dd4e.
After identifying how to workaround the performance issues on the
undercloud, let's put this back in. Enabling innodb_file_per_table is
important for operators to be able to better manage their databases.
Change-Id: I435de381a0f0e3ef221e498f442335cdce3fb818
Depends-On: I77507c638237072e38d9888aff3da884aeff0b59
Closes-Bug: #1660722
|
|
Rabbitmq Password is set on the fresh deployment, but during
update, if the password is changed, it is modified in all config
files including rabbitmq config. But the rabbitmq connection fails
because the new password is not successful applied to rabbitmq.
Setting the rabbitmq_user will invoke 'rabbitmqctl change_password'.
Scenario: The password change is applied on Step1 when configuring
Rabbitmq. Other services may be updated on different Steps. Till
other services config is updated with new rabbitmq password, and
restarted, the connections will get Access Denied response. It has
cyclic dependency. So the passwords will be changes at Step1 and
once all services are updated, the connections will work as is.
Partial-Bug: #1611704
Change-Id: I44865af3d5eb2d37eb648ac7227277e86c8fbc54
|
|
|
|
This reverts commit 621ea892a299d2029348db2b56fea1338bd41c48.
We're getting performance problems on SATA disks.
Change-Id: I30312fd5ca3405694d57e6a4ff98b490de388b92
Closes-Bug: #1661396
Related-Bug: #1660722
|
|
InnoDB uses a single file by default which can grow to be
tens/hundreds of gigabytes, and is not shrinkable even
if data is deleted from the database.
Best practices are that innodb_file_per_table is set to ON
which instead stores each database table in its own file, each of
which is also shrinkable by the InnoDB engine.
Closes-Bug: #1660722
Change-Id: I59ee53f6462a2eeddad72b1d75c77a69322d5de4
|
|
|
|
it's not required in Ocata, let's configure the basic setup for cells.
note: it also cleanup old code that is not valid anymore.
Change-Id: Iac5b2fbe1b03ec7ad4cb8cab2c7694547be6957d
|
|
This patch allows the management of the AuditD service and its associated
files (such as `audit.rules`)
This is achieved by means of the `puppet-auditd` puppet module.
Closes-Bug: #1640302
Co-Authored-By: Luke Hinds (lhinds@redhat.com)
Change-Id: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
|
|
Initial profile files for Octavia services.
Partially-implements: blueprint octavia-service-integration
Change-Id: Ic6f945cdf36744382a4a63fcc374d5562964ca68
|