Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
http_proxy_to_wsgi middleware was recently added to Ceilometer [1] and
in order to take it into use, we need to enable it via hiera.
[1] I24f16dda49bd9e7930ca9f0d32bf0793463aff03
Depends-On: I1812a27202ba3714b354aeb27611d38def87a7fc
Related-Bug: #1590608
Change-Id: If8de25afa13de6797895f36c98ffdde8cf3e8656
|
|
|
|
http_proxy_to_wsgi middleware was recently added to Gnocchi [1] and
in order to take it into use, we need to enable it via hiera.
[1] Ic5526cf37e70335fa2cc70946a271253f227f129
Related-Bug: #1590608
Change-Id: I145dcfa3455ca1541cbf6b5fc4b601f0813619c0
|
|
|
|
|
|
The current kernel sysctl settings modify the
net.ipv6.conf.default.accept_ra and net.ipv6.conf.default.autoconf
to both be '0'. However, this is overridden by the settings in
net.ipv6.conf.all, so no matter what setting is in the ifcfg file
for the IPv6 interface, autoconfiguration and accept_ra will be
enabled. This causes a security vulnerability where rogue RAs
could be used to intercept traffic from the controllers.
This change sets both default and all settings to '0' for IPv6
accept_ra and autoconf.
Closes-Bug: 1632830
Change-Id: I95b86c5c6feed30dfa5103ffbddb9e85ac567bbb
|
|
|
|
This patch updates the t-h-t templates for
nova services so that we only set the value of workers in
the non-default case. TripleO has always defaulted the
workers count to 0 and there was recently a regression in
nova where they treat the default of 0 as invalid (a bug
that may get fixed in nova but we don't want to wait on it)
This patch avoids the issue by allowing the default value
to be unset if the TripleO default of 0 is configured.
Change-Id: I175977b88129d87caeb32332d47eb14816a6d5d4
Closes-bug: #1631133
|
|
These keys are already specified in nova-metadata.yaml
where they get set correctly per the network management
local IP (based on 'service_name' list).
Depends-On: I94f985e719a3bf7408655fbbb5ab1aeaf15e994e
Change-Id: I5d57561b732783118efd2a637aa137f5f7bcddbc
Partial-bug: #1631133
|
|
|
|
Unfortunately we use "SwiftStorage" in the ObjectStorage role
template, so we have to special-case this for backwards compatibility
or deployments enabling the ObjectStorage role will fail.
Ideally we'd align the port names in the objectstorage-role.yaml, but we
can't becauuse all the ports would be replaced in existing deployments
on update.
Change-Id: Ia07e193d2b9a4d33c6272c2b4448133584b81350
Closes-Bug: #1632663
|
|
The glance-api and glance-registry services are currently coupled
in that some of the hiera settings in the API are required for
the registry to run correctly (the backend settings).
This patch moves some of the common settings into glance-base and
then updates the glance-api and glance-registry services to
supply that service.
Change-Id: Ie3d7e24c7fd475e3f6ad542c1654eb7dbd9d9b35
Closes-bug: #1628582
|
|
|
|
|
|
|
|
We have the following function in the upgrade process after we updated
the packages and called the db-sync commands:
services=$(services_to_migrate)
...
for service in $(services); do
manage_systemd_service start "${service%%-clone}"
check_resource_systemd "${service%%-clone}" started 600
done
The above is broken because $services contains a list of services to
start, so $(services) will return gibberish and the for loop will never
execute anything.
One of the symptoms for this is the openstack-nova-compute service not
restarting on the compute nodes during the yum -y upgrade. The reason
for this is that during the service restart, nova-compute waits for
nova-conductor to show up in the rabbitmq queues, which cannot happen
since the service was actually never started.
Change-Id: I811ff19d7b44a935b2ec5c5e66e5b5191b259eb3
Closes-Bug: #1630580
|
|
Need to set the right default notification driver for glance so
telemetry receives them accordingly. Without this tempest tests
fail.
Closes-bug: #1631939
Change-Id: I1cee5467d077eea6142076925646f7d0cdae96c7
|
|
|
|
|
|
|
|
This resolves the issue causing the 'step' hiera setting
to get written as a string (thus causing puppet failures)
on a pacemaker controller.
Change-Id: I70037889e499846460357928f8637a35ac97bc7a
Closes-bug: #1631488
|
|
Introduce a new environment template that enables the Debug parameter.
By default the value is set to "true".
Change-Id: Ieac59de42ffef6afa5d8f10ef1925c32c7dc8551
|
|
|
|
Depends-On: I04e28a95e8d69a24cd3df109bf1802bfcbd941db
Change-Id: I4ada033155e5fde0add08ec9aa8f6af7c31d53f3
|
|
|
|
Closes-Bug: #1631277
Change-Id: I126b3ed2afdf03ffabb7e57f8792b9f7ecc06a09
|
|
|
|
In Newton, ceilometer api is changed to run under apache wsgi
instead of eventlet. This will require upgrades for mitaka
deployments to switch to wsgi.
Closes-Bug: 1631297
Change-Id: If9d6987cd0a8fc5d3f9de518ba422d97d5149732
|
|
Otherwise there may be a race between updating the hiera
and running the UpdateWorkflow
Change-Id: I22cd893e0db3df6d39504fbd61d7d9024cebb1c5
Related-Bug: 1631297
|
|
|
|
role.role.j2.yaml"
|
|
The puppet-ceph module defaults to 'ceph' but that is a metapacakge
which isn't provided in all repos.
Depends-On: I13462219522386f8740b0d70916a44f3474115e4
Change-Id: Ie55d22301dd22102d471e6002dfcaad4bfadd5f6
Related-Bug: 1629933
|
|
- Move VXLAN and VRRP rules from Neutron Server to the right services.
- Enable Firewall by default on Compute nodes.
Change-Id: I99d172dcedaf6be297aad184cc51fe9f292a57e1
|
|
This default setting got lots in the composable roles/services patches.
Re-enable the ManageFirewall setting by default per what we did in
git commit 73c76b867ddc8a23a30b9a3cac4031189d4178c6.
We also fix a typo in neutron-api.yaml so that the firewall rules
matches to service_name. (otherwise it won't get loaded).
Also, drops the environments/manage-firewall.yaml which is
no longer needed if we enable firewall management by default.
Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b
Closes-bug: 1629934
|
|
This will wire up the per-network hostnames in the generic role.
Needs to land after https://review.openstack.org/#/c/378764
Partial-Bug: #1626976
Change-Id: I595f35cce03d9f416a1768aa5c349a1bb20b0e19
|
|
|
|
|
|
|
|
|
|
|
|
The regex failed to match the INSECURE_REGISTRY string used in latest
atomic host image due to it expecting a whitespace after
--insecure-registry.
Change-Id: Ib8f288d844b4d94b0f6309bfd04bb05930d8c4c5
|
|
This submission creates a generic template
file to deploy custom roles.
Also adds a file to specify an exclusion role
list in order to avoid not to generate the
template for those roles.
Partial-Bug: #1626976
Depends-On: I6d7247bbb8702eb0ab9bdf133b5ab1c6e8349d98
Change-Id: I3e11c089023b793a5063d9e1714527a3fe2b7458
|
|
When deploying manila with cephfs backend,
/etc/manila/manila.conf should define
cephfs_conf_path = /etc/ceph/ceph.conf
in the cephfs native backend since this is
the conventional path that ceph operators expect
and since we document that path upstream.
Change-Id: I4abf5c33b675b1102413a84d64f4ce23b07b4485
Closes-Bug: 1630777
|
|
|