Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
If a certificate expires, the user will need to update it. However,
because we only restart services at the end of a stack-update the
new certificate doesn't take effect until after puppet has run.
This is a problem because puppet makes OpenStack calls, which will
fail if the certificate is expired. In that case we never get to
the service restart so the stack is wedged until the user manually
restart haproxy.
This patch addresses the problem by reloading haproxy before puppet
runs. This is done in a pre-puppet script for pacemaker after pacemaker
is maintenance mode because we need to make sure it happens after all of
the certs have been installed on the controllers, but before puppet
runs.
For non-pacemaker, haproxy is simply reloaded.
Change-Id: Id5ed05b3a20d06af8ae7a3d6f859b03399b0d77d
|
|
|
|
Microversions since Nova API v2.1 are aimed to replace the v3 work. The
/v2.1 is backwards compatible with the legacy /v2 endpoint. What we
called in the past /v3 is now something defunct in-tree. The /v2.1 API
is based on the v3 work, but there are many things that differ, in
particular with the backwards-compat thing. We keep the /v2 path in
api-paste.ini for making sure an upgrade doesn't trample operators and
users but if you look in tree, that's redirecting to the v2.1
codepath (just not asking for microversions). In summary, we only need
one endpoint, ie. /v2.1.
Additional information at https://bugzilla.redhat.com/show_bug.cgi?id=1291291
Related-Bug: #1564372
Change-Id: I1654665663bc5a19c201f7d25407910654ac1308
Depends-On: I6d64b8bcd0f79f1f298ddc809e6d92fbc2985c45
|
|
This patch wires in a new for Mitaka Heat feature
that allows us to dynamically include a set of nested
stacks representing individual services via a Heat resource chain.
Follow on patches will use this interface to decompose the controller
role into isolated services.
Co-Authored-By: Steve Hardy <shardy@redhat.com>
Depends-On: If510abe260ea7852dfe2d1f7f92b529979483068
Change-Id: I84c97a76159704c2d6c963bc4b26e365764b1366
|
|
Atomic is set to Docker 1.8.2. We no longer need to pull the
latest Docker to make our template work.
Change-Id: I8ab4e135ed4891763f8ced596116b14101466160
Co-Authored-By: Ian Main <imain@redhat.com>
|
|
In order to use cinder, we need to be able to use
/dev/pts/ptmx. Centos sets this to 000 when on Fedora
it's 666.
Change-Id: I76dc5adc64d2da0d27204ea31175244bc1b94428
|
|
The generated galera config has to include additional settings for
galera to be active on MariaDB 10.1.
wsrep_on must be explicitely set to ON. On MariaDB 5.5, this was
implicitely set as soon as wsrep_provider was specified.
a valid wsrep_cluster_address must be configured in addition to
wsrep_on, otherwise recovery command mysqld_safe --wsrep-recover
cannot retrieve replication state, and cluster cannot be bootstrapped.
These explicit settings are backward compatible with MariaDB 5.5 since
the two variables exist in both versions of MariaDB.
Change-Id: I4ab4f4eeb8679899f194399ba8695155e9a2f4a5
Closes-Bug: 1563751
|
|
|
|
|
|
Some options in neutron.conf are used bu OVS agent, like logging &
messaging.
During the upgrade process, you need to restart the agent if these
options change.
We could patch puppet-neutron to add a notify, but the community won't
like it because Neutron OVS agent is not able to restart gracefully
until [1] got merged. Until that, we can fix it in TripleO, where we
suppose Puppet runs happenning during bootstraps and upgrades.
Later, we'll drop this code from here and move it in puppet-neutron.
[1] https://review.openstack.org/#/c/297211
Change-Id: I02b17b66e93331ddfb1a7abd8adff672bc7a32d6
Closes-Bug: #1563437
|
|
|
|
Change-Id: I60ab36b04b8932e4dbee58e21998dc984178b41c
Bugzilla: https://bugzilla.redhat.com/1275281
|
|
|
|
|
|
|
|
We need to reload/restart services on updates/upgrades to apply any
config changes, but restarting services managed from Pacemaker from
Puppet causes problems.
For now we no-op the restart and rely on the catch-all restart after
Puppet phase.
In the future we should have a service provider for pacemaker resources
that will be using pcs. We still might have to restart services outside
Puppet due to cluster-wide orchestration issues, but we might be able to
do the restarts selectively rather than restart everything.
We also no-op the start/stop commands to be safe, as it also doesn't
make sense for Puppet to try start and stop those services when it
doesn't have knowledge about Pacemaker.
Change-Id: I95e21e10471cd7575f28c095c48150325f1414b3
Closes-Bug: #1562922
|
|
|
|
|
|
This patch wires in ringbuilder.pp so that it is always
asserted like the other manifests and it fixes the misaligned
step sequencing in calling our overcloud controller manifests.
Previously it was called as a separate software deployment outside of
the hiera step sequence. This made things confusing in
controller-post.yaml since the deployment names didn't align
with the step hiera variables after step 3. Now that we call it
just like the other modules it should make gradually moving this
code to puppet-tripleo more straightforward as well.
Change-Id: Ibd4f51f65da475bb20a6b08d7bda673f330a5464
|
|
We'd like to let the post puppet pacemaker controller services
restart to happen for the convergence step so set the
UpdateIdentifier. However also set the PackageUpdate to noop so the
yum_update.sh doesn't happen.
Since a full haproxy restart is expected, we no longer need the
systemctl reload added at Iae3bad745ecdf952a7a0314fe1375d07eb47c454
so remove that too.
Some more context at
https://bugzilla.redhat.com/show_bug.cgi?id=1321036
Co-Authored-By: marios <marios@redhat.com>
Change-Id: I31c2d97d68c97b435f63863fae2c89f18f99681d
|
|
Change-Id: Ibf37bfd6150d212fadcc4d2e2e2d0a89cdd76c91
|
|
|
|
|
|
|
|
In I783e939ae304385674909bfd9f1cac95e04cef22 we add brackets around
the cinder_iscsi_ip_address if IPv6 but that causes hiera to try
mapping the value into an array, while it isn't. This change adds
quotes around the brackets.
Change-Id: Id9bb4b12542f1943e9df702486d68424539c7a59
Closes-Bug: 1560934
|
|
|
|
Without this the HAProxy monitoring for Redis would fail to poll
the backends.
Change-Id: Id0826c6b04e471844c7bef69480af263cf2b3bd4
|
|
|
|
|
|
|
|
|
|
* Add MemcachedIPv6 parameter
* If MemcachedIPv6 is set at True, configure Horizon with Memcached IPv6
addresses.
This patch is required to make Horizon working when running IPv6
networks.
Change-Id: I752e727bfb9040b29f5d755f565fa6b54b9511c8
|
|
Output a warning for parameters which look unused, this should help
developers clean up the template a bit, and eventually could maybe
be developed further into something we can use for gating.
Change-Id: Ide4fbe3c85854cbddee44801d39ae73003d63bb8
|
|
Configure the Cinder iscsi_ip_address key using brackets when
the IP address is of v6 class.
Closes-Bug: 1560934
Change-Id: I783e939ae304385674909bfd9f1cac95e04cef22
|
|
As discussed in the related bug below, after upgrading your
environment to latest liberty the haproxy config isn't picked
up. This adds a systemctl reload haproxy in the pacemaker
resource restart we run as part of the post-puppet-pacemaker.
Related-Bug: 1561012
Change-Id: Iae3bad745ecdf952a7a0314fe1375d07eb47c454
|
|
Full context is described here:
https://review.openstack.org/#/c/270110/
The patch that was supposed to fix [1] was not fixing non-ha scenario.
[1] https://launchpad.net/bugs/1536103
This patch aims to fix it.
Change-Id: Iaf4608de1894ce03f35925939e83230abb9f5207
Closes-Bug: #1560063
|
|
If the satellite registration url was specified with https, the curl
command to detect the satellite version would not work as expected since
-L was not passed and you get redirected to https when testing the ping
api.
To additionally handle the case where https is specified, also use curl
directly with -k to download the configuration rpm instead of using rpm
with a url.
Fixes another bug with a missing $ in the reference to the
$satellite_version variable.
Change-Id: I984fdfc415eeeed4ef29cc8d0812e1b67545d6b1
|
|
The static setting for the glance/rbd user name was overriding
any customization provided via template param because it was
up in the hierarchy for the controller nodes.
More at: https://bugzilla.redhat.com/show_bug.cgi?id=1308889
Change-Id: I3d112de7eeffd524fb1308d5976a28f04aa5ff23
|
|
|
|
|
|
The coordination url connection string to redis
is incorrectly formatted with password.
More details: https://bugzilla.redhat.com/show_bug.cgi?id=1320036
Change-Id: I93f5e93dfce4ba2629aa57534e8d33d5d1e6d77b
|
|
|
|
|
|
|
|
|
|
|
|
There are quite a few cases where it is useful to disable ring building on the
nodes. For example:
- using different weights, regions, and zones
- replacing a node in an existing Swift cluster
- adding a new node to an existing cluster
- using storage policies and therefore multiple rings
- using different nodes and disks for account, container and object servers
This patch allows it to disable ring building. Rings need to be maintained
manually then, and copied to all storage and proxy nodes within a cluster.
This patch is similar to I01311ec3ca265b151f8740bf7dc57cdf0cf0df6f, except that
it uses the current templates.
Change-Id: I56978b15823dd6eaf4b6fd3440df2f895e89611a
|