summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-04-04Filter for local nodes in check_resource functionRaoul Scarazzini1-1/+2
While having extra customizations inside a TripleO deployed Pacemaker environment, say you have instance HA with pacemaker_remoted or you need to configure an external arbitrator for something, then the status of the resources for remote nodes is "Stopped". This leads to failures while, for example, scaling up. This fixes the way status is checked, filtering just local nodes. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: I8dc25f5d7031c265858afd5a266fda5315ae37a0
2016-04-03Merge "Restart haproxy after configuring SSL certs"Jenkins2-7/+21
2016-04-03Merge "Configure ControllerServices via resource chains"Jenkins8-2/+132
2016-04-01Restart haproxy after configuring SSL certsBen Nemec2-7/+21
If a certificate expires, the user will need to update it. However, because we only restart services at the end of a stack-update the new certificate doesn't take effect until after puppet has run. This is a problem because puppet makes OpenStack calls, which will fail if the certificate is expired. In that case we never get to the service restart so the stack is wedged until the user manually restart haproxy. This patch addresses the problem by reloading haproxy before puppet runs. This is done in a pre-puppet script for pacemaker after pacemaker is maintenance mode because we need to make sure it happens after all of the certs have been installed on the controllers, but before puppet runs. For non-pacemaker, haproxy is simply reloaded. Change-Id: Id5ed05b3a20d06af8ae7a3d6f859b03399b0d77d
2016-04-01Merge "Disable Nova v3 API"Jenkins3-121/+0
2016-04-01Disable Nova v3 APIJiri Stransky3-121/+0
Microversions since Nova API v2.1 are aimed to replace the v3 work. The /v2.1 is backwards compatible with the legacy /v2 endpoint. What we called in the past /v3 is now something defunct in-tree. The /v2.1 API is based on the v3 work, but there are many things that differ, in particular with the backwards-compat thing. We keep the /v2 path in api-paste.ini for making sure an upgrade doesn't trample operators and users but if you look in tree, that's redirecting to the v2.1 codepath (just not asking for microversions). In summary, we only need one endpoint, ie. /v2.1. Additional information at https://bugzilla.redhat.com/show_bug.cgi?id=1291291 Related-Bug: #1564372 Change-Id: I1654665663bc5a19c201f7d25407910654ac1308 Depends-On: I6d64b8bcd0f79f1f298ddc809e6d92fbc2985c45
2016-03-31Configure ControllerServices via resource chainsDan Prince8-2/+132
This patch wires in a new for Mitaka Heat feature that allows us to dynamically include a set of nested stacks representing individual services via a Heat resource chain. Follow on patches will use this interface to decompose the controller role into isolated services. Co-Authored-By: Steve Hardy <shardy@redhat.com> Depends-On: If510abe260ea7852dfe2d1f7f92b529979483068 Change-Id: I84c97a76159704c2d6c963bc4b26e365764b1366
2016-03-30Remove hack the pulls latest dockerRyan Hallisey1-13/+0
Atomic is set to Docker 1.8.2. We no longer need to pull the latest Docker to make our template work. Change-Id: I8ab4e135ed4891763f8ced596116b14101466160 Co-Authored-By: Ian Main <imain@redhat.com>
2016-03-30Centos gives /dev/pts/ptmx the wrong permsRyan Hallisey1-0/+3
In order to use cinder, we need to be able to use /dev/pts/ptmx. Centos sets this to 000 when on Fedora it's 666. Change-Id: I76dc5adc64d2da0d27204ea31175244bc1b94428
2016-03-30Merge "compute: restart OVS agent on neutron.conf changes"Jenkins1-0/+10
2016-03-30Merge "change the default satellite tools rpm repo."Jenkins3-1/+6
2016-03-29compute: restart OVS agent on neutron.conf changesEmilien Macchi1-0/+10
Some options in neutron.conf are used bu OVS agent, like logging & messaging. During the upgrade process, you need to restart the agent if these options change. We could patch puppet-neutron to add a notify, but the community won't like it because Neutron OVS agent is not able to restart gracefully until [1] got merged. Until that, we can fix it in TripleO, where we suppose Puppet runs happenning during bootstraps and upgrades. Later, we'll drop this code from here and move it in puppet-neutron. [1] https://review.openstack.org/#/c/297211 Change-Id: I02b17b66e93331ddfb1a7abd8adff672bc7a32d6 Closes-Bug: #1563437
2016-03-29Merge "PLUMgrid Neutron integration"Jenkins6-3/+176
2016-03-29change the default satellite tools rpm repo.Mike Burns3-1/+6
Change-Id: I60ab36b04b8932e4dbee58e21998dc984178b41c Bugzilla: https://bugzilla.redhat.com/1275281
2016-03-29Merge "Increment step count to include ringbuilder"Jenkins6-42/+44
2016-03-29Merge "Don't restart Pacemaker-managed services from Puppet"Jenkins1-0/+18
2016-03-29Merge "Add quotes around the cinder_iscsi_ip_address value"Jenkins2-2/+10
2016-03-29Don't restart Pacemaker-managed services from PuppetJiri Stransky1-0/+18
We need to reload/restart services on updates/upgrades to apply any config changes, but restarting services managed from Pacemaker from Puppet causes problems. For now we no-op the restart and rely on the catch-all restart after Puppet phase. In the future we should have a service provider for pacemaker resources that will be using pcs. We still might have to restart services outside Puppet due to cluster-wide orchestration issues, but we might be able to do the restarts selectively rather than restart everything. We also no-op the start/stop commands to be safe, as it also doesn't make sense for Puppet to try start and stop those services when it doesn't have knowledge about Pacemaker. Change-Id: I95e21e10471cd7575f28c095c48150325f1414b3 Closes-Bug: #1562922
2016-03-29Merge "Set UpdateIdentifier for upgrade converge, to prevent services down"Jenkins2-6/+4
2016-03-28Merge "Remove password default for AodhPassword"Jenkins2-2/+0
2016-03-25Increment step count to include ringbuilderDan Prince6-42/+44
This patch wires in ringbuilder.pp so that it is always asserted like the other manifests and it fixes the misaligned step sequencing in calling our overcloud controller manifests. Previously it was called as a separate software deployment outside of the hiera step sequence. This made things confusing in controller-post.yaml since the deployment names didn't align with the step hiera variables after step 3. Now that we call it just like the other modules it should make gradually moving this code to puppet-tripleo more straightforward as well. Change-Id: Ibd4f51f65da475bb20a6b08d7bda673f330a5464
2016-03-24Set UpdateIdentifier for upgrade converge, to prevent services downMathieu Bultel2-6/+4
We'd like to let the post puppet pacemaker controller services restart to happen for the convergence step so set the UpdateIdentifier. However also set the PackageUpdate to noop so the yum_update.sh doesn't happen. Since a full haproxy restart is expected, we no longer need the systemctl reload added at Iae3bad745ecdf952a7a0314fe1375d07eb47c454 so remove that too. Some more context at https://bugzilla.redhat.com/show_bug.cgi?id=1321036 Co-Authored-By: marios <marios@redhat.com> Change-Id: I31c2d97d68c97b435f63863fae2c89f18f99681d
2016-03-24Remove password default for AodhPasswordPradeep Kilambi2-2/+0
Change-Id: Ibf37bfd6150d212fadcc4d2e2e2d0a89cdd76c91
2016-03-24Merge "Fix satellite registration for http or https"Jenkins1-4/+5
2016-03-24Merge "Add systemctl reload haproxy to the pacemaker_resource_restart.sh"Jenkins1-0/+6
2016-03-24Merge "Deploy Aodh services, replacing Ceilometer Alarm"Jenkins13-3/+328
2016-03-24Add quotes around the cinder_iscsi_ip_address valueGiulio Fidente2-2/+10
In I783e939ae304385674909bfd9f1cac95e04cef22 we add brackets around the cinder_iscsi_ip_address if IPv6 but that causes hiera to try mapping the value into an array, while it isn't. This change adds quotes around the brackets. Change-Id: Id9bb4b12542f1943e9df702486d68424539c7a59 Closes-Bug: 1560934
2016-03-24Merge "Remove unused user resource."Jenkins1-3/+0
2016-03-24Wire redis_password to the tripleo moduleGiulio Fidente1-0/+1
Without this the HAProxy monitoring for Redis would fail to poll the backends. Change-Id: Id0826c6b04e471844c7bef69480af263cf2b3bd4
2016-03-24Merge "Pass iSCSI bind address in brackets to Cinder when IPv6"Jenkins1-1/+1
2016-03-24Merge "Remove the glance/rbd user name from static hieradata"Jenkins1-1/+0
2016-03-23Merge "configure horizon with memcached ipv6 when needed"Jenkins5-2/+30
2016-03-23Merge "nonha: fix memcached servers string in nova.conf for ipv6"Jenkins1-1/+8
2016-03-23configure horizon with memcached ipv6 when neededEmilien Macchi5-2/+30
* Add MemcachedIPv6 parameter * If MemcachedIPv6 is set at True, configure Horizon with Memcached IPv6 addresses. This patch is required to make Horizon working when running IPv6 networks. Change-Id: I752e727bfb9040b29f5d755f565fa6b54b9511c8
2016-03-23Add simple parameter test to yaml-validate.pySteven Hardy1-1/+10
Output a warning for parameters which look unused, this should help developers clean up the template a bit, and eventually could maybe be developed further into something we can use for gating. Change-Id: Ide4fbe3c85854cbddee44801d39ae73003d63bb8
2016-03-23Pass iSCSI bind address in brackets to Cinder when IPv6Giulio Fidente1-1/+1
Configure the Cinder iscsi_ip_address key using brackets when the IP address is of v6 class. Closes-Bug: 1560934 Change-Id: I783e939ae304385674909bfd9f1cac95e04cef22
2016-03-23Add systemctl reload haproxy to the pacemaker_resource_restart.shmarios1-0/+6
As discussed in the related bug below, after upgrading your environment to latest liberty the haproxy config isn't picked up. This adds a systemctl reload haproxy in the pacemaker resource restart we run as part of the post-puppet-pacemaker. Related-Bug: 1561012 Change-Id: Iae3bad745ecdf952a7a0314fe1375d07eb47c454
2016-03-23nonha: fix memcached servers string in nova.conf for ipv6Emilien Macchi1-1/+8
Full context is described here: https://review.openstack.org/#/c/270110/ The patch that was supposed to fix [1] was not fixing non-ha scenario. [1] https://launchpad.net/bugs/1536103 This patch aims to fix it. Change-Id: Iaf4608de1894ce03f35925939e83230abb9f5207 Closes-Bug: #1560063
2016-03-23Fix satellite registration for http or httpsJames Slagle1-4/+5
If the satellite registration url was specified with https, the curl command to detect the satellite version would not work as expected since -L was not passed and you get redirected to https when testing the ping api. To additionally handle the case where https is specified, also use curl directly with -k to download the configuration rpm instead of using rpm with a url. Fixes another bug with a missing $ in the reference to the $satellite_version variable. Change-Id: I984fdfc415eeeed4ef29cc8d0812e1b67545d6b1
2016-03-23Remove the glance/rbd user name from static hieradataGiulio Fidente1-1/+0
The static setting for the glance/rbd user name was overriding any customization provided via template param because it was up in the hierarchy for the controller nodes. More at: https://bugzilla.redhat.com/show_bug.cgi?id=1308889 Change-Id: I3d112de7eeffd524fb1308d5976a28f04aa5ff23
2016-03-23Merge "Comment out the ManagementPort in external-loadbalancer-vip.yaml"Jenkins1-3/+4
2016-03-22Merge "Fix redis coordination url"Jenkins1-3/+4
2016-03-22Fix redis coordination urlPradeep Kilambi1-3/+4
The coordination url connection string to redis is incorrectly formatted with password. More details: https://bugzilla.redhat.com/show_bug.cgi?id=1320036 Change-Id: I93f5e93dfce4ba2629aa57534e8d33d5d1e6d77b
2016-03-22Merge "Add BondInterfaceOvsOptions parameter to net-config-bond.yaml"Jenkins1-0/+6
2016-03-22Merge "Remove GlanceRegistry from EndpointMap"Jenkins4-131/+0
2016-03-22Merge "Remove CephStorageCount"Jenkins1-2/+1
2016-03-21Merge "Allow option to disable Swift ring management"Jenkins2-8/+12
2016-03-21Merge "Wire in HAProxy stats user and password"Jenkins1-0/+11
2016-03-21Allow option to disable Swift ring managementChristian Schwede2-8/+12
There are quite a few cases where it is useful to disable ring building on the nodes. For example: - using different weights, regions, and zones - replacing a node in an existing Swift cluster - adding a new node to an existing cluster - using storage policies and therefore multiple rings - using different nodes and disks for account, container and object servers This patch allows it to disable ring building. Rings need to be maintained manually then, and copied to all storage and proxy nodes within a cluster. This patch is similar to I01311ec3ca265b151f8740bf7dc57cdf0cf0df6f, except that it uses the current templates. Change-Id: I56978b15823dd6eaf4b6fd3440df2f895e89611a
2016-03-21Remove CephStorageCountDerek Higgins1-2/+1
This is set by tripleoclient, remove it from here so it doesn't override the user provided value. Change-Id: I6110b71e484af749838f91dc5c6c4982b0c83074