summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-11-09Merge "Fix wrong permission on database during mysql_init tasks." into ↵Zuul1-1/+1
stable/pike
2017-11-09Merge "Set bind mount propegatation to shared for /var/lib/nova." into ↵Zuul4-5/+5
stable/pike
2017-11-09Merge "Do not set cluster in maintenance mode during split stack upgrade" ↵Zuul1-2/+2
into stable/pike
2017-11-09Merge "Set ipc=host for services attaching encrypted volumes" into stable/pikeZuul2-0/+2
2017-11-09Merge "Set metric procssing delay for metricd" into stable/pikeZuul1-0/+5
2017-11-09Merge "Add --detailed-exitcodes when running puppet via ansible" into ↵Zuul2-5/+14
stable/pike
2017-11-09Merge "Temporarily disable fluentd from scenario001-multinode-containers" ↵Zuul1-2/+6
into stable/pike
2017-11-08Do not set cluster in maintenance mode during split stack upgradeMarius Cornea1-2/+2
This change noops ControllerDeployedServer{Pre,Post}Config to avoid getting the upgrade of a split stack deployment getting stuck due to the cluster being in maintenance mode. For reference a similar change has been done for the regular Controller role in: https://review.openstack.org/#/c/487313/ Change-Id: Idd393011b3c4d0d236780e11a04a59d426750de1 Closes-bug: 1725175 (cherry picked from commit 8e92d7c6db6fcae863a250f63b01a98f7a3f3340)
2017-11-08Merge "Add all services to container scenarios" into stable/pikeZuul4-27/+74
2017-11-08Add --detailed-exitcodes when running puppet via ansibleMichele Baldessari2-5/+14
puppet run on never fails, even when it should, since we moved to the ansible way of applying it. The reason is the current following code: - name: Run puppet host configuration for step {{step}} command: >- puppet apply --modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --logdest syslog --logdest console --color=false /var/lib/tripleo-config/puppet_step_config.pp The above is missing the --detailed-exitcodes switch and so puppet will never really error out on us and the deployment will keep on running all the steps even though a previous puppet manifest might have failed. This cause extra hard-to-debug failures. Initially the issue was observed on the puppet host runs, but this parameter is missing also from docker-puppet.py, so let's add it there as well as it makes sense to return proper error codes whenever we call puppet. Besides this being a good idea in general, we actually *have* to do it because puppet does not fail correctly without this option due to the following puppet bug: https://tickets.puppetlabs.com/browse/PUP-2754 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: Ie9df4f520645404560a9635fb66e3af42b966f54 Closes-Bug: #1723163 (cherry picked from commit 11e599d116cfbf7df4dcd0e7670c3405a4224c1a)
2017-11-08Temporarily disable fluentd from scenario001-multinode-containersMichele Baldessari1-2/+6
Mixing containers and BM is currently not working. Once the master promotion will take place we will have a fluentd container and can readd fluentd as a container and the problem should not re-occurr. Change-Id: Iad97f7e0e4de56f46a46d2381fc1ea5822a2114a Related-Bug: #1726891 (cherry picked from commit 35d91ddc6d11bb2696321fff4593d5cca3b0cba8)
2017-11-08Merge "Switch scenario004-containers to use ceph-ansible" into stable/pikeZuul2-24/+24
2017-11-08Set bind mount propegatation to shared for /var/lib/nova.Oliver Walsh4-5/+5
This is required for nfs exports mounted by the nova_compute container to be visible to nova_libvirt. Depends-on: I8a63c044e15d7ca0f54654e9fc9c5d878461aa25 Change-Id: I55859e744e3c2ebbd6975c96b84b6b0774dc6700 Closes-bug: 1730533 (cherry picked from commit ef0493f5ea6a7f5412fcf1e1722d71092aba1398)
2017-11-08Merge "nova-placement: switch auth_uri to keystone versionless endpoint" ↵Zuul1-1/+1
into stable/pike
2017-11-08Merge "Fix /etc/openstack-dashboard/ permissions for access to *policy.json" ↵Zuul1-0/+6
into stable/pike
2017-11-08Fix wrong permission on database during mysql_init tasks.Sofer Athlan-Guyot1-1/+1
During mysql initialization, mysql needs to be able to write in the database directory. Change-Id: I82c2e46f66ab01021cb910eb7e0d17c81b00fa09 Closes-bug: #1730349 (cherry picked from commit 0d65e380caf89d8c486e8ea87571298a6687b680)
2017-11-08Merge "Enable Cinder as a backend for Glance" into stable/pikeZuul5-6/+20
2017-11-08Merge "Add tags to baremetal cron removal tasks" into stable/pikeZuul4-0/+4
2017-11-07Set metric procssing delay for metricdPradeep Kilambi1-0/+5
Depends-On: 1d6084045e6019c7ad536a8adfd5249b1d95e37e Closes-bug: #1722788 Change-Id: I22a815bbc8dad65366fbc212f35bdb9d7b4faa52 (cherry picked from commit 66f85f17273353c30ae5625d29c367e0a5f513a8)
2017-11-07Merge "mysql: Only set certificate specs if TLS everywhere is enabled" into ↵Zuul1-20/+24
stable/pike
2017-11-06Merge "cinder: switch CinderCronDbPurgeUser to 'cinder'" into stable/pikeZuul1-1/+1
2017-11-05Merge "Fix iptables rules override bug in clustercheck docker service" into ↵Zuul1-1/+4
stable/pike
2017-11-05Merge "RHSM: when using proxy, test its connectivity first" into stable/pikeZuul2-6/+37
2017-11-05cinder: switch CinderCronDbPurgeUser to 'cinder'Emilien Macchi1-1/+1
... and not 'keystone' or it fails. Change-Id: Iee4161ec9d8c7a84997ab24ddd234353f3a81dfb Closes-Bug: #1729352 (cherry picked from commit b99a240ccc4f262ee7626518087784eb92b0152f)
2017-11-04Merge "mysql: expose IPv6 configuration to mysql puppet modules" into ↵Zuul2-0/+8
stable/pike
2017-11-04Fix iptables rules override bug in clustercheck docker serviceMichele Baldessari1-1/+4
When deploying a composable HA overcloud with a database role split off to separate nodes we could observe a deployment failure due to galera never starting up properly. The reason for this was that instead of having the firewall rules for the galera bundle applied (i.e. those with the extra control-port for the bundle), we would see the firewall rules for the BM galera service. E.g. we would see the following on the host: tripleo.mysql.firewall_rules: { 104 mysql galera: { dport: [ 873, 3306, 4444, 4567, 4568, 9200 ] Instead of the correct mysq bundle firewall rules: tripleo.mysql.firewall_rules: 104 mysql galera-bundle: dport: [ 873, 3123, 3306, 4444, 4567, 4568, 9200 ] The reason for this is the following piece of code in https://github.com/openstack/tripleo-heat-templates/blob/master/docker/services/pacemaker/clustercheck.yaml#L62: ... MysqlPuppetBase: type: ../../../puppet/services/pacemaker/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} outputs: role_data: description: Containerized service clustercheck using composable services. value: service_name: clustercheck config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]} logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]} ... Depending on the ordering of the clustercheck service within the role (before or after the mysql service), the above code will override the tripleo.mysql.firewall_rules with the wrong rules because we derive from puppet/services/... which contain the BM firewall rules. Let's just switch to derive from the docker service so we do not risk getting the wrong firewall rules during the map_merge. Tested this change successfully on a composable HA with split-off DB nodes. Change-Id: Ie87b327fe7981d905f8762d3944a0e950dbd0bfa Closes-Bug: #1728918 (cherry picked from commit 3df6a4204a85b119cd67ccf176d5b72f9e550da6)
2017-11-04mysql: Only set certificate specs if TLS everywhere is enabledJuan Antonio Osorio Robles1-20/+24
The conditional was missing. Change-Id: Ie2617dd9dba1c49f37e82448b6bf229d127ed46a Closes-Bug: #1729384 (cherry picked from commit 410e062aa0d91b99c4493fac6940499cc02e4288)
2017-11-04Set ipc=host for services attaching encrypted volumesEric Harney2-0/+2
Without ipc=host set, cryptsetup/devicemapper will never see devices created when running "cryptsetup luksOpen", causing the command to hang. This is required for attaching encrypted Cinder volumes. Closes-Bug: #1729419 Change-Id: Ic7184b1fbbafea266f8ec1e7974d0a4a2cf4d750 (cherry picked from commit 05b61472463d5dbde3f1b1285819044409a80e2e)
2017-11-03Merge "Fix nova-cpu/collectd hieradata" into stable/pikeZuul1-1/+1
2017-11-03Merge "Upgrade rhel_reg_sat_repo to 6.2" into stable/pikeZuul2-1/+6
2017-11-03Merge "Run containerized mistral-api eventlet" into stable/pikeZuul1-1/+35
2017-11-03Merge "added level of indirection causes incorrect hiera config" into ↵Zuul2-21/+19
stable/pike
2017-11-03Merge "Add NetIpMap to hieradata for *ExtraConfig overrides" into stable/pikeZuul1-0/+2
2017-11-03Merge "Providing required priviledges to the mounted NFS volume" into ↵Zuul1-0/+23
stable/pike
2017-11-03Merge "Update CephPools format in the docker templates to fit ceph-ansible" ↵Zuul3-17/+25
into stable/pike
2017-11-02RHSM: when using proxy, test its connectivity firstEmilien Macchi2-6/+37
When using RHSM with a proxy, we want to make sure the proxy can be reached. This patch verify that a tcp socket can be open from the client to the proxy. This patch also does a bit of refactoring: - --retry-delay 10 --max-time 30 is now used in a parameter everytime we use curl. - proxy options are now used everytime curl is used, even for detecting which version of Satellite is running, now we use proxy options. Co-Authored-By: Vincent S. Cojot <vincent@cojot.name> Change-Id: I4dcac1528c10f698338383445e27c8a613f9bcd9 Closes-Bug: #1724970 (cherry picked from commit f4e46f4b3ddac3f536a3a1955c91447e8b26ffca)
2017-11-02Merge "RHSM: do not use retry to deploy katello-agent" into stable/pikeZuul1-1/+1
2017-11-02Upgrade rhel_reg_sat_repo to 6.2Emilien Macchi2-1/+6
When deploying with RHSM, sat-tools 6.2 will be installed instead of 6.1. The new version is supported by RHEL 7.4 and provides katello-agent package. Change-Id: I04a9feab02bf606ad6ca923a17947dcca30258da Closes-Bug: #1728638 (cherry picked from commit b248ae1447940f81513be9904a24197bd4af1126)
2017-11-02Add all services to container scenariosMartin André4-27/+74
This commit brings the multinode containers scenario files closer to their BM variants to add missing services and turning pacemaker on. These require refactorings in OOOQ in order to support non-containerized to containerized upgrade jobs across releases. Ceph-ansible is also going to be switched separately. Co-Authored-By: Jiri Stransky <jistr@redhat.com> Depends-On: Ie0e8de54794a9259c0aeb8c67ae0f6a908844093 Change-Id: Icb659509b38575534be27a1881dbe671c40a5436 Related-Bug: #1714905 Related-Bug: #1712070 (cherry picked from commit c504f83c28b986ceb2b92cc0077959158bd11df7)
2017-11-02Fix nova-cpu/collectd hieradataEmilien Macchi1-1/+1
Probably a typo, never caught or even tested. Change-Id: Iaf75edb421a19cb69bf3ead59c83bf812c653f0b Closes-Bug: #1729479 (cherry picked from commit 24f859c01826eb12256cf1a5cd63b8bb1c0e234c)
2017-11-02Merge "Disable MongoDB in scenario002" into stable/pikeZuul2-4/+4
2017-11-02Merge "Fix standalone ControllerOpenstack vars" into stable/pikeZuul2-11/+26
2017-11-02Add NetIpMap to hieradata for *ExtraConfig overridesSteven Hardy1-0/+2
To enable per-node override of bind IPs via the per-role ExtraConfig paramaters, we need to enable hiera interpolation that references the keys defined in NetIpMap, so we add them to the hieradata. To minimise the risk of any conflicts in keynames it's added near the bottom of the hierarchy, but I'm not aware of any conflicting names in our templates/modules. This will allow per-node hieradata override of bind IPs e.g: parameter_defaults: ComputeRack1ExtraConfig: nova::vncproxy::host: "%{hiera('rack1_internal_api')}" ComputeRack2ExtraConfig: nova::vncproxy::host: "%{hiera('rack2_internal_api')}" Closes-Bug: #1726884 Change-Id: Icf7da1d78176c2ee0197ff2459d69d995cbb16ad (cherry picked from commit 65a8b65754d2ea77ec2396658d4e73eb837d34bd)
2017-11-02Merge "Switch RabbitFDLimit to a Puppet integer" into stable/pikeZuul1-1/+1
2017-11-02Merge "Force memcached container log to file" into stable/pikeZuul1-1/+9
2017-11-02Merge "Enable neutron-lbaasv2 UI in Horizon" into stable/pikeZuul1-0/+3
2017-11-02RHSM: do not use retry to deploy katello-agentEmilien Macchi1-1/+1
katello-agent is an optional package, we don't want to use retry. The package is available or not. Fixing a regression from https://review.openstack.org/#/c/386529 Since we use "| true", we can't really use "retry" here. Change-Id: Id8cd9ac54e158ee1743b2f72b169b3a066f69168 Closes-Bug: #1728614 (cherry picked from commit d9f7b01c6c21b306005bad12fcab103b0a9e7591)
2017-11-01added level of indirection causes incorrect hiera configAditya Vaja2-21/+19
- until Newton this worked fine, however starting with Ocata, we do not need the key 'mapped_data' - having it results in extra indirection in the dictionary in neutron_bigswitch_data.json Closes-Bug: #1729453 Change-Id: I3bc9940aeff4e290d83de95a7df294c11f061954 (cherry picked from commit 485339129cee8f5d3223cf47858a5c9f79b0a8de)
2017-11-01Add tags to baremetal cron removal tasksDan Prince4-0/+4
In 59e29b17f4a9f5f65b6f8a7b8e82ef6426d8a51 we forgot to add tags to the Ansible tasks to remove the baremetal cron jobs at step 2. (cherry picked from commit 1128271b460b120a2a59eac3df95082c55e554d0) Change-Id: I23fb134b88336ebc4eb1a97a69a2d73d4ef0edb2 Related-bug: #1708466
2017-11-01Force memcached container log to fileJuan Antonio Osorio Robles1-1/+9
We were relying on the sysconfig options to set the memcached log file, however, this is not happening, as the redirection is being taken as an option and ends up being ignored by the memcached command. So instead, we set the redirection in the container template. Change-Id: Ic94e3fd7884d518eb9558c53acdc6b294823cd0a Closes-Bug: #1720183 (cherry picked from commit ca1fc5848661aacbf14b52e33879190c133c8e48)