diff options
| -rw-r--r-- | extraconfig/pre_network/host_config_and_reboot.yaml | 26 | ||||
| -rw-r--r-- | network/external.yaml | 2 | ||||
| -rw-r--r-- | network/external_v6.yaml | 2 | ||||
| -rw-r--r-- | network/internal_api.yaml | 2 | ||||
| -rw-r--r-- | network/internal_api_v6.yaml | 2 | ||||
| -rw-r--r-- | network/management_v6.yaml | 2 | ||||
| -rw-r--r-- | network/ports/net_ip_map.yaml | 1 | ||||
| -rw-r--r-- | network/storage.yaml | 2 | ||||
| -rw-r--r-- | network/storage_mgmt.yaml | 2 | ||||
| -rw-r--r-- | network/storage_mgmt_v6.yaml | 2 | ||||
| -rw-r--r-- | network/storage_v6.yaml | 2 | ||||
| -rw-r--r-- | network/tenant.yaml | 2 | ||||
| -rw-r--r-- | network/tenant_v6.yaml | 2 | ||||
| -rw-r--r-- | puppet/controller-role.yaml | 7 | ||||
| -rw-r--r-- | puppet/services/ceph-mon.yaml | 4 | ||||
| -rw-r--r-- | puppet/services/haproxy.yaml | 5 | ||||
| -rw-r--r-- | puppet/services/neutron-ovs-agent.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/qdr.yaml | 6 | ||||
| -rw-r--r-- | releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml | 6 |
19 files changed, 55 insertions, 25 deletions
diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 6c46133a..31d0c1e0 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -193,6 +193,32 @@ resources: template: | #!/bin/bash set -x + + # OvS Permission issue temporary workaround + # https://bugzilla.redhat.com/show_bug.cgi?id=1459436 + # Actual solution from openvswitch - https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333423.html + ovs_service_path="/usr/lib/systemd/system/ovs-vswitchd.service" + + if grep -q 'RuntimeDirectoryMode' $ovs_service_path; then + sed -i 's/RuntimeDirectoryMode=.*/RuntimeDirectoryMode=0775/' $ovs_service_path + else + echo "RuntimeDirectoryMode=0775" >> $ovs_service_path + fi + + if ! grep -Fxq "Group=qemu" $ovs_service_path ; then + echo "Group=qemu" >> $ovs_service_path + fi + + if ! grep -Fxq "UMask=0002" $ovs_service_path ; then + echo "UMask=0002" >> $ovs_service_path + fi + + ovs_ctl_path='/usr/share/openvswitch/scripts/ovs-ctl' + if ! grep -q "umask 0002 \&\& start_daemon \"\$OVS_VSWITCHD_PRIORITY\"" $ovs_ctl_path ; then + sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path + fi + + # DO NOT use --detailed-exitcodes puppet apply --logdest console \ --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \ diff --git a/network/external.yaml b/network/external.yaml index 277c7614..5b1023d7 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -15,7 +15,7 @@ parameters: type: json ExternalNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean ExternalNetEnableDHCP: default: false diff --git a/network/external_v6.yaml b/network/external_v6.yaml index e577c1ca..29930bbb 100644 --- a/network/external_v6.yaml +++ b/network/external_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json ExternalNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean ExternalNetShared: default: false diff --git a/network/internal_api.yaml b/network/internal_api.yaml index 563e6d41..554b900e 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -15,7 +15,7 @@ parameters: type: json InternalApiNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean InternalApiNetEnableDHCP: default: false diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 05a740b3..a089aa79 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json InternalApiNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean InternalApiNetShared: default: false diff --git a/network/management_v6.yaml b/network/management_v6.yaml index a44d34d3..e2527c42 100644 --- a/network/management_v6.yaml +++ b/network/management_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json ManagementNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean ManagementNetShared: default: false diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index 75818bf0..a6971b0f 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -64,6 +64,7 @@ parameters: ManagementIpSubnet: default: '' type: string + description: IP address/subnet on the management network ManagementIpUri: default: '' type: string diff --git a/network/storage.yaml b/network/storage.yaml index 0fb9cc00..5c68c4c7 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -15,7 +15,7 @@ parameters: type: json StorageNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean StorageNetEnableDHCP: default: false diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index 9869f0da..23c5b4b7 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -15,7 +15,7 @@ parameters: type: json StorageMgmtNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean StorageMgmtNetEnableDHCP: default: false diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index d6b1652a..ea60b5e7 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json StorageMgmtNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean StorageMgmtNetShared: default: false diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml index 0ec34add..52bd42a4 100644 --- a/network/storage_v6.yaml +++ b/network/storage_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json StorageNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean StorageNetShared: default: false diff --git a/network/tenant.yaml b/network/tenant.yaml index 4881308d..c50dca27 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -15,7 +15,7 @@ parameters: type: json TenantNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean TenantNetEnableDHCP: default: false diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml index bbc2b6bf..c77c2cbe 100644 --- a/network/tenant_v6.yaml +++ b/network/tenant_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json TenantNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean TenantNetShared: default: false diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index cdc2ec68..933b5e60 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -27,10 +27,6 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string - EnableLoadBalancer: - default: true - description: Whether to deploy a LoadBalancer on the Controller - type: boolean ExtraConfig: default: {} description: | @@ -525,7 +521,6 @@ resources: config: {get_resource: ControllerConfig} server: {get_resource: Controller} input_values: - enable_load_balancer: {get_param: EnableLoadBalancer} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Map heat metadata into hiera datafiles @@ -567,8 +562,6 @@ resources: - {get_param: ControllerExtraConfig} extraconfig: {get_param: ExtraConfig} controller: - enable_load_balancer: {get_input: enable_load_balancer} - # Misc tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 28552301..cbeef6c5 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -69,11 +69,11 @@ parameters: type: json CephValidationRetries: type: number - default: 5 + default: 40 description: Number of retry attempts for Ceph validation CephValidationDelay: type: number - default: 10 + default: 30 description: Interval (in seconds) in between validation checks MonitoringSubscriptionCephMon: default: 'overcloud-ceph-mon' diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 5bdc3b88..35dcc196 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -26,6 +26,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableLoadBalancer: + default: true + description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used. + type: boolean HAProxyStatsPassword: description: Password for HAProxy stats endpoint hidden: true @@ -100,6 +104,7 @@ outputs: tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile} tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile} tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled} + enable_load_balancer: {get_param: EnableLoadBalancer} tripleo::profile::base::haproxy::certificates_specs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 4493721c..2c23cf55 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -53,8 +53,7 @@ parameters: type: comma_delimited_list NeutronEnableDVR: default: False - description: | - Enable support for distributed routing in the OVS Agent. + description: Enable Neutron DVR. type: boolean NeutronEnableARPResponder: default: false diff --git a/puppet/services/qdr.yaml b/puppet/services/qdr.yaml index 0659a945..433556f3 100644 --- a/puppet/services/qdr.yaml +++ b/puppet/services/qdr.yaml @@ -28,14 +28,14 @@ parameters: type: json RabbitUserName: default: guest - description: The username for Qdr + description: The username for RabbitMQ type: string RabbitPassword: - description: The password for Qdr + description: The password for RabbitMQ type: string hidden: true RabbitClientPort: - description: Listening port for Qdr + description: Set rabbit subscriber port, change this if using SSL default: 5672 type: number MonitoringSubscriptionQdr: diff --git a/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml new file mode 100644 index 00000000..f8c06fd6 --- /dev/null +++ b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - Fixed the openvswitch permission to allow ovs to access vhost + sockets created by qemu. This is a workaround until openvswitch + provides the actual solution. + |