summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-01-05Bump the pacemaker service op_params to 200s for start and stopmarios2-10/+10
Based on observed timeouts during updates bump the stop and start timeouts for pacemaker service resources (via op_params) to 200. This is based on the reasoning that the full timeout may be as long as two elapsed timeout intervals. After an initial timeout, the sigterm that follows is then allowed another DefaultTimeoutStopSec seconds. The 200s is produced by allowing this 2xDefaultTimeoutStopSec (@90s for systemd) and some scheduling delta. Many thanks to Michele Baldessari. Closes-Bug: 1531204 Change-Id: If6b43982c958f63bc78ad997400bf1279c23df7e
2016-01-05Merge "Network Isolation support for containerized compute"Jenkins4-2/+12
2016-01-05Merge "Wait for cluster to settle in yum_update.sh"Jenkins1-1/+11
2016-01-04Network Isolation support for containerized computeRyan Hallisey4-2/+12
The template will all neutron-agents to be configured so that it can run the network isolation templates on the containerized compute node. Co-Authored-By: Dan Prince <dpince@redhat.com> Change-Id: I7837ed7ed3e807ec5c1276904893695918bef293
2016-01-04Merge "Convert JSON generations from bash to python"Jenkins2-108/+101
2016-01-04Wait for cluster to settle in yum_update.shJiri Stransky1-1/+11
Occasionally we hit "Error: unable to push cib" during update. This is probably due to the fact that when we try to replace cib in yum_update.sh, services on the previous updated controller are still coming up and changing cib, and racing/conflicting with the cib push from yum_update.sh. This commit adds waiting for the cluster to settle before exiting from yum_update.sh, to avoid this kind of conflict. Also a check for cib-push success is added, to make the update fail properly instead of hanging indefinitely as we've observed with this issue. Change-Id: I953087e0e565474ac553fd57bea2459d2e3a6081 Closes-Bug: #1527644
2015-12-29Merge "Enable TLS in loadbalancer if cert path is detected"Jenkins2-6/+33
2015-12-23Merge "Add all isolated networks to all nodes."Jenkins6-0/+113
2015-12-23Merge "Add Management Network For System Administration."Jenkins38-13/+576
2015-12-23Merge "Remove unsafe "unset" defaults"Jenkins5-39/+0
2015-12-22Merge "Fix description of control plane route parameter"Jenkins5-5/+5
2015-12-22Merge "Add sample environment file to document usage of predictable IPs"Jenkins1-0/+20
2015-12-22Merge "MidoNet heat templates"Jenkins7-36/+352
2015-12-21Merge "Add SoftwareConfigTransport for switching transports"Jenkins5-0/+40
2015-12-21MidoNet heat templatesJaume Devesa7-36/+352
Deploy a TripleO overcloud with networking midonet. MidoNet is a monolithic plugin and quite changes on the puppet manifest must be done. Depends-On: I72f21036fda795b54312a7d39f04c30bbf16c41b Depends-On: I6f1ac659297b8cf6671e11ad23284f8f543568b0 Depends-On: Icea9bd96e4c80a26b9e813d383f84099c736d7bf Change-Id: I9692e2ef566ea37e0235a6059b1ae1ceeb9725ba
2015-12-18Add all isolated networks to all nodes.Dan Sneddon6-0/+113
This change allows every overcloud node to optionally participate in any of the isolated networks. The optional networks are not enabled by default, but allow additional flexibility. Since the new networks are not enabled by default, the standared deployment is unchanged. This change was originally requested for OpenDaylight support. There are several use cases for using non-standard networks. For instance, one example might be adding the Internal API network to the Ceph nodes, in order to use that network for administrative functions. Another example would be adding the Storage Management network to the compute nodes, in order to use it for backup. Without this change, any deviation from the standard set of roles that use a network is a custom change to the Heat templates, which makes upgrades much more difficult. Change-Id: Ia386c964aa0ef79e457821d8d96ebb8ac2847231
2015-12-18Add Management Network For System Administration.Dan Sneddon38-18/+581
This change adds a system management network to all overcloud nodes. The purpose of this network is for system administration, for access to infrastructure services like DNS or NTP, or for monitoring. This allows the management network to be placed on a bond for redundancy, or for the system management network to be an out-of-band network with no routing in or out. The management network might also be configured as a default route instead of the provisioning 'ctlplane' network. This change does not enable the management network by default. An environment file named network-management.yaml may be included to enable the network and ports for each role. The included NIC config templates have been updated with a block that may be uncommented when the management network is enabled. This change also contains some minor cleanup to the NIC templates, particularly the multiple nic templates. Change-Id: I0813a13f60a4f797be04b34258a2cffa9ea7e84f
2015-12-18Merge "Fix typo in HostsEntry output description"Jenkins2-2/+2
2015-12-18Merge "Allow for usage of pre-allocated IPs for the controller nodes"Jenkins20-19/+379
2015-12-17Convert JSON generations from bash to pythonRyan Hallisey2-108/+101
Python script in the heat template will handle JSON generation for the containers. Change-Id: I296fd4a4948f3f937e3a108bc926af6415b350c4
2015-12-17Merge "Add fixup for pcs order constraints after update to new templates"Jenkins1-0/+6
2015-12-17Merge "pacemaker: run neutron-server-start-wait-stop only at step 4"Jenkins1-9/+26
2015-12-17Merge "Implement Workers parameters"Jenkins1-0/+54
2015-12-16Merge "Wire Neutron ML2 plugin and OVS agent settings as arrays"Jenkins6-147/+128
2015-12-15Add capabilities mapJiri Tomasek1-0/+226
This file holds metadata about the capabilities of the tripleo-heat-templates repository for deployment using puppet. It groups configuration by topic, describes possible combinations of environments and resource capabilities It's main purpose is to provide relevant information to the user to guide him through the deployment options. tripleo-common can use this information to streamline deployment process on environment and resource registry level. Heat templates themself aren't currently able to provide this information. Change-Id: I82a7ba6defc13ac2efae73a6caa36bfee69dd94b
2015-12-15Add fixup for pcs order constraints after update to new templatesmarios1-0/+6
In https://review.openstack.org/#/c/248572/ yum_update.sh sets the pcs constraints before restarting the cluster. However after post-update pacemaker run, the previous constraint of neutron-server...neutron-ovs-cleanup is re-added. Explicitly remove this before the post-update restart of certain services Change-Id: I84dd650dcc66ce3f48926cf369b7d691014c2254
2015-12-15Merge "Pacemaker maintenance mode for the duration of Puppet run on update"Jenkins9-1/+186
2015-12-15Wire Neutron ML2 plugin and OVS agent settings as arraysGiulio Fidente6-147/+128
Wires the following as arrays to the neutron module: - mechanism_drivers - flat_networks - tenant_network_types - tunnel_types - bridge_mappings Also updates the template version to use a Liberty feature which allows serialization of comma_delimited_list into JSON. Tidies up the manifests by removing the class declarations since config is passed by the puppet/controller+compute hiera mapped_data. Change-Id: Ie9f85fb827099f897ef750e267bc3ed3a864fe59 Co-Authored-By: Steven Hardy <shardy@redhat.com>
2015-12-15Fix description of control plane route parameterJiri Stransky5-5/+5
In the other templates this seems to be already correct. Change-Id: Ied3c49cca878bd370068c9b8d1cafdec176c1725
2015-12-15Add sample environment file to document usage of predictable IPsGiulio Fidente1-0/+20
This change adds a sample environment file which documents how to assign to controllers a predictable IP on each network. Change-Id: I5be21428c66c82488af8e0240c1614ac3b9b55f0
2015-12-15Allow for usage of pre-allocated IPs for the controller nodesGiulio Fidente20-19/+379
This change adds a new *_from_pool.yaml meant to return an IP from a list instead of allocating a Neutron port, useful to pick an IP from a pre-defined list and making it possible to configure, for example an external balancer in advance (or dns), with the future IPs of the controller nodes. The list of IPs is provided via parameter_defaults (in the ControllerIPs struct) using ControllerIPs param. Also some additional VipPort types are created for the *VirtualIP resources. The VIPs were previously created using the same port resource used by the nodes, but when deploying with an external balancer we want the VIP resource to be nooped instead. Change-Id: Id3d4f12235501ae77200430a2dc022f378dce336
2015-12-15Merge "Set swift replicas = min(device_count, replicas)"Jenkins1-1/+1
2015-12-14Merge "Fix wrong keypair parameter description"Jenkins6-6/+6
2015-12-15Fix typo in HostsEntry output descriptionJuan Antonio Osorio Robles2-2/+2
Change-Id: I72a79d8200adee8258033e8da370051bbfd1986b
2015-12-14Merge "Add output for host entries"Jenkins2-0/+12
2015-12-14Set swift replicas = min(device_count, replicas)Dan Prince1-1/+1
Per Swift upstream commit: 7035639dfd239b52d4ed46aae50f78d16ec8cbfe Swift's ringbuilder now validates that the number of devices is greater than or equal to the replicas. Change-Id: I56eaa9ddda138e87f7615d3bde797b568fa5e302 Related-bug: #1525356
2015-12-14Merge "Enable per-role SchedulerHints"Jenkins6-4/+52
2015-12-14Merge "Remove deprecated overcloud-resource-registry.yaml"Jenkins1-81/+0
2015-12-14Pacemaker maintenance mode for the duration of Puppet run on updateSteven Hardy9-1/+186
This enables pacemaker maintenantce mode when running Puppet on stack update. Puppet can try to restart some overcloud services, which pacemaker tries to prevent, and this can result in a failed Puppet run. At the end of the puppet run, certain pacemaker resources are restarted in an additional SoftwareDeployment to make sure that any config changes have been fully applied. This is only done on stack updates (when UpdateIdentifier is set to something), because the assumption is that on stack create services already come up with the correct config. (Change I9556085424fa3008d7f596578b58e7c33a336f75 has been squashed into this one.) Change-Id: I4d40358c511fc1f95b78a859e943082aaea17899 Co-Authored-By: Jiri Stransky <jistr@redhat.com> Co-Authored-By: James Slagle <jslagle@redhat.com>
2015-12-12Add SoftwareConfigTransport for switching transportsSteve Baker5-0/+40
This change adds a SoftwareConfigTransport parameter to role templates so that the transport can be changed via a parameter_defaults entry. This change will have no effect on an existing overcloud as the current default POLL_SERVER_CFN is now explicit in the parameter default. Change-Id: I5c2a2d2170714093c5757282cba12ac65f8738a4
2015-12-11Merge "Update typos"Jenkins14-14/+14
2015-12-10pacemaker: run neutron-server-start-wait-stop only at step 4Emilien Macchi1-9/+26
neutron-server-start-wait-stop is a dangerous Exec that is exposed to race conditions, because it does not have "onlyif" or "unless" statements. That means during a deployment, this exec can be run in the wrong order during Step 5 and/or 6, while it was supposed to be run at Step 4 only. If that happens, the exec will fail because puppet tries to start neutron-server while Pacemaker already started the resource. So in that case, systemd would returns 1 to Puppet which would return 6 to the overcloud deployment and the deployment would fail to finish correctly. This patch aims to prevent from this scenario by making sure we run the exec only during the step 4. Also, in order to secure it a bit more, we add 'unless' statement to this exec, so we would make sure the Puppet run would be idempotent and the Exec would run one successful time only. https://bugzilla.redhat.com/show_bug.cgi?id=1290582 Change-Id: I42813c5cff6c525c15c9c24baad4e355f88af672
2015-12-10Fix wrong keypair parameter descriptionSteven Hardy6-6/+6
The parameters have nothing to do with EC2 keypairs, they are used to specify Nova SSH key pairs. Change-Id: Ia8d37cb5c443812d02133747cb54fcaf0110d091
2015-12-09Remove unsafe "unset" defaultsSteven Hardy5-39/+0
All of our sensitive parameters are defaulted to easily predictable values, which is very bad from a security perspective because we don't force clients to make sane choices thus risk deploying with the predictable default values. tripleoclient supports generating random values for all of these, so remove the defaults, for non-tripleoclient usage we can create a developer-only environment with defaults. Related-Bug: #1516027 Change-Id: Ia0cf3b7e2de1aa42cf179cba195fb7770a1fc21c Depends-On: Ifb34b43fdedc55ad220df358c3ccc31e3c2e7c14
2015-12-09Remove deprecated overcloud-resource-registry.yamlSteven Hardy1-81/+0
We recently removed all the templates this references in I29e2a8f1b0c66f3cf88f40244d6da49f3d7420be Change-Id: I599d18675d829935893d6bfb375f8f0d15e01197
2015-12-08Merge "Remove Ceilometer Alarm from the overcloud"Jenkins2-64/+0
2015-12-08Merge "Change for configuring use_forwarded_for value for Nuage"Jenkins2-0/+8
2015-12-08Implement Workers parametersEmilien Macchi1-0/+54
* For each OpenStack service, create a new parameter to change worker number (default to 0 to keep default behavior) * Use the parameter in Puppet configuration (Hiera) to configure the services with the number of workers defined by the parameter. Change-Id: Ic147bc9225aab48e94243a94a2189467829b8d55
2015-12-08Enable per-role SchedulerHintsSteven Hardy6-4/+52
This adds a parameter for each role, where optional scheduler hints may be passed to nova. One potential use-case for this is using the ComputeCapabilities to pin deployment to a specific node (not just a specific role/profile mapping to a pool of nodes like we have currently documented in the ahc-match docs). This could work as follows: 1. Tag a specific node as "node:controller-0" in Ironic: ironic node-update <id> replace properties/capabilities='node:controller-0,boot_option:local' 2. Create a heat environment file which uses %index% parameters: ControllerSchedulerHints: 'capabilities:node': 'controller-%index%' Change-Id: I79251dde719b4bb5c3b0cce90d0c9d1581ae66f2
2015-12-08Enable TLS in loadbalancer if cert path is detectedJuan Antonio Osorio Robles2-6/+33
If there is a value for the certificate path (which should only happen if the environment for enabling TLS is used) then the loadbalancer will detect it and configure it's front ends correctly. On the other hand a proper override for the example environment was given, since this will be needed because we want to pass the hosts and protocols correctly so the tripleoclient will catch it and pass it to os-cloud-config Change-Id: Ifba51495f0c99398291cfd29d10c04ec33b8fc34 Depends-On: Ie2428093b270ab8bc19fcb2130bb16a41ca0ce09