Age | Commit message (Collapse) | Author | Files | Lines |
|
In case an ansible update is available during the upgrade then
the ansible package gets updated to a new version by the ansible
tasks. This could potentially lead to issues as the one described
in LP#1729546. This change updates the ansible package via yum
before starting the ansible upgrade tasks in order to avoid having
ansible updating itself.
Related-bug: 1729546
Change-Id: I2ea0aa1f670053578996018663c9fa52dec14b77
(cherry picked from commit 0c1ac1d752aaf88832b34e165f7d147e2304ff1c)
|
|
Due to the fact that it doesn't use a separate CA (or sub CA) for
libvirtd, and that proper SASL is not being used. We are disabling this
option since it doesn't meet the appropriate security requirements.
We'll look into adding this back once these issues get fixed.
Change-Id: I6a5e4db1b6dd6bc8b7e73e53b614b070d15b8a23
Closes-Bug: #1730370
(cherry picked from commit 645757cbd6bdb1a1b75cb4aa8acce80a178099ce)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
nova-manage cell_v2 create_cell just uses a dumb string comparison to detect
when a cell already exists. If there is a slight difference (e.g ordering of
params in the db uri query string) it can result in duplicate cells.
With this patch we should detect that the default cell already exists and
update it to use the current transport_url/database_connection instead of
attempting to create a new cell.
Change-Id: If6a32e87b19cb0edf683144367701a115657ad0a
Closes-bug: 1718912
(cherry picked from commit ebcaabcc5c5d2840128b3609c82c4a70a81ea0a0)
|
|
The compute service list is polled until all expected hosts are reported or a
timeout occurs (600s).
Adds a cellv2_discovery flag to puppet services. Used to generate a list of
hosts that should have cellv2 host mappings.
Adds a canonical fqdn and that should match the fqdn reported by a host.
Adds the ability to upload a config script for docker config instead of using
complex bash on-liners.
Closes-bug: 1720821
Change-Id: I33e2f296526c957cb5f96dff19682a4e60c6a0f0
(cherry picked from commit 61fcfca045aeb5be1ee280d8dd9c260fb39b9084)
|
|
The cinder-backup and cinder-volume templates were lagging behind the
non-pacemaker version and didn't pass CI. This commit aims at bringing
back parity.
Change-Id: I11a12f52538168c858b16c9786eb83ae88161488
Depends-On: Iea84a291414e515d8c72a60646188e5b37354a38
Closes-Bug: #1729430
(cherry picked from commit 72c5c73aaafc013d3e2292cded11234ae2b55e80)
|
|
This was previously conflicting with the InternalApiNetCidr value in
environments/network-environment.yaml.
Change-Id: I3f1cb6f056fb19a1ba93d1076191abe7aca4fa21
Depends-On: Ie803b33c93b931f7fefb87b6833eb22fd59cd92d
Closes-Bug: #1726773
(cherry picked from commit 509209a29be1ac3e72d6ea97eaf328760693daaf)
|
|
|
|
|
|
Now that we got a promotion, there is a container image for fluentd in
tripleomaster registry. We can finally re-enable the containerized
fluentd service in scenario0001.
Change-Id: I636e63f9b66dd47267fa40febf49a6ec9a6b7ef3
Related-Bug: #1721723
Closes-Bug: #1726891
(cherry picked from commit c795e748d2e0fe1299919872250d6951246c1365)
|
|
stable/pike
|
|
stable/pike
|
|
into stable/pike
|
|
|
|
This patch adds env files for SRIOV, OVS-DPDK, L2GW, BGPVPN
and SFC deployments with ODL.
These files contain configs not present in basic ODL deployment
env file. While deploying, these need to be used along the basic
deployment env file like
openstack overcloud deploy \
-e environments/services-docker/neutron-opendaylight.yaml \
-e environments/services-docker/neutron-opendaylight-dpdk.yaml
and
openstack overcloud deploy \
-e environments/services-docker/neutron-opendaylight.yaml \
-e environments/services-docker/neutron-opendaylight-sriov.yaml
and so forth for all other deployments.
Closes-Bug: 1722881
Change-Id: I2b70d3f4518e0c014cf37f7fecd92f69989f0860
(cherry picked from commit e0c89d6593dadd9bf6ba9fa6f618e7c44ec7aa2e)
|
|
For some reasonf that directory doesn't have r/x rights, so when
compress is ran as root, it can access config files in it, but when
horizon is run by apache, it can't, and expects different theme files,
thus failing with OfflineGenerationError. Giving apache access to that
directory fixes the problem and makes the custom theme work.
Closes-bug: #1730911
Change-Id: I53f6db23b036bc9b5a689bbac958550f384194c6
(cherry picked from commit 2827fa428c757180019dd7c1aacafcca554845ab)
|
|
|
|
stable/pike
|
|
into stable/pike
|
|
This change noops ControllerDeployedServer{Pre,Post}Config to avoid
getting the upgrade of a split stack deployment getting stuck due
to the cluster being in maintenance mode. For reference a similar
change has been done for the regular Controller role in:
https://review.openstack.org/#/c/487313/
Change-Id: Idd393011b3c4d0d236780e11a04a59d426750de1
Closes-bug: 1725175
(cherry picked from commit 8e92d7c6db6fcae863a250f63b01a98f7a3f3340)
|
|
|
|
puppet run on never fails, even when it should, since we moved
to the ansible way of applying it. The reason is the current following code:
- name: Run puppet host configuration for step {{step}}
command: >-
puppet apply
--modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
--logdest syslog --logdest console --color=false
/var/lib/tripleo-config/puppet_step_config.pp
The above is missing the --detailed-exitcodes switch and so puppet will never
really error out on us and the deployment will keep on running all the
steps even though a previous puppet manifest might have failed. This
cause extra hard-to-debug failures.
Initially the issue was observed on the puppet host runs, but this
parameter is missing also from docker-puppet.py, so let's add it there
as well as it makes sense to return proper error codes whenever we call
puppet.
Besides this being a good idea in general, we actually *have* to do it
because puppet does not fail correctly without this option due to the
following puppet bug:
https://tickets.puppetlabs.com/browse/PUP-2754
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: Ie9df4f520645404560a9635fb66e3af42b966f54
Closes-Bug: #1723163
(cherry picked from commit 11e599d116cfbf7df4dcd0e7670c3405a4224c1a)
|
|
Mixing containers and BM is currently not working. Once the master
promotion will take place we will have a fluentd container and
can readd fluentd as a container and the problem should not re-occurr.
Change-Id: Iad97f7e0e4de56f46a46d2381fc1ea5822a2114a
Related-Bug: #1726891
(cherry picked from commit 35d91ddc6d11bb2696321fff4593d5cca3b0cba8)
|
|
|
|
This is required for nfs exports mounted by the nova_compute container to be
visible to nova_libvirt.
Depends-on: I8a63c044e15d7ca0f54654e9fc9c5d878461aa25
Change-Id: I55859e744e3c2ebbd6975c96b84b6b0774dc6700
Closes-bug: 1730533
(cherry picked from commit ef0493f5ea6a7f5412fcf1e1722d71092aba1398)
|
|
into stable/pike
|
|
into stable/pike
|
|
During mysql initialization, mysql needs to be able to write in the
database directory.
Change-Id: I82c2e46f66ab01021cb910eb7e0d17c81b00fa09
Closes-bug: #1730349
(cherry picked from commit 0d65e380caf89d8c486e8ea87571298a6687b680)
|
|
|
|
|
|
Depends-On: 1d6084045e6019c7ad536a8adfd5249b1d95e37e
Closes-bug: #1722788
Change-Id: I22a815bbc8dad65366fbc212f35bdb9d7b4faa52
(cherry picked from commit 66f85f17273353c30ae5625d29c367e0a5f513a8)
|
|
stable/pike
|
|
|
|
stable/pike
|
|
|
|
... and not 'keystone' or it fails.
Change-Id: Iee4161ec9d8c7a84997ab24ddd234353f3a81dfb
Closes-Bug: #1729352
(cherry picked from commit b99a240ccc4f262ee7626518087784eb92b0152f)
|
|
stable/pike
|
|
When deploying a composable HA overcloud with a database role split off
to separate nodes we could observe a deployment failure due to galera
never starting up properly.
The reason for this was that instead of having the firewall rules for
the galera bundle applied (i.e. those with the extra control-port for
the bundle), we would see the firewall rules for the BM galera service.
E.g. we would see the following on the host:
tripleo.mysql.firewall_rules: {
104 mysql galera: {
dport: [ 873, 3306, 4444, 4567, 4568, 9200 ]
Instead of the correct mysq bundle firewall rules:
tripleo.mysql.firewall_rules:
104 mysql galera-bundle:
dport: [ 873, 3123, 3306, 4444, 4567, 4568, 9200 ]
The reason for this is the following piece of code in
https://github.com/openstack/tripleo-heat-templates/blob/master/docker/services/pacemaker/clustercheck.yaml#L62:
...
MysqlPuppetBase:
type: ../../../puppet/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Containerized service clustercheck using composable services.
value:
service_name: clustercheck
config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
...
Depending on the ordering of the clustercheck service within the role
(before or after the mysql service), the above code will override the
tripleo.mysql.firewall_rules with the wrong rules because we derive from
puppet/services/... which contain the BM firewall rules.
Let's just switch to derive from the docker service so we do not risk
getting the wrong firewall rules during the map_merge.
Tested this change successfully on a composable HA with split-off DB
nodes.
Change-Id: Ie87b327fe7981d905f8762d3944a0e950dbd0bfa
Closes-Bug: #1728918
(cherry picked from commit 3df6a4204a85b119cd67ccf176d5b72f9e550da6)
|
|
The conditional was missing.
Change-Id: Ie2617dd9dba1c49f37e82448b6bf229d127ed46a
Closes-Bug: #1729384
(cherry picked from commit 410e062aa0d91b99c4493fac6940499cc02e4288)
|
|
Without ipc=host set, cryptsetup/devicemapper will never
see devices created when running "cryptsetup luksOpen",
causing the command to hang.
This is required for attaching encrypted Cinder volumes.
Closes-Bug: #1729419
Change-Id: Ic7184b1fbbafea266f8ec1e7974d0a4a2cf4d750
(cherry picked from commit 05b61472463d5dbde3f1b1285819044409a80e2e)
|
|
|
|
|
|
|
|
stable/pike
|
|
|