aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-05-16Merge "Disable ComputeNeutron* for cisco-nexus-ucsm" into stable/ocataJenkins1-0/+2
2017-05-15Fix SshHostPubKeyDeployment on containerized nova-compute.Oliver Walsh1-1/+2
This is failing since https://review.openstack.org/458672 merged because the ssh host keys are not mapped to the container. Change-Id: Ie868654f13bee04da642337cc344871903f40473 Closes-bug: #1690911
2017-05-15Disable ComputeNeutron* for cisco-nexus-ucsmSteven Hardy1-0/+2
It seems this wasn't adjusted when https://review.openstack.org/#/c/338315/ landed, which added interfaces for compute specific neutron configuration, which is disabled for most vendor backends. Change-Id: I4c98008107568b3b65decd7640e25c7d2b1ea9ff Related-Bug: #1687597 (cherry picked from commit 95fbda4d0254edb12bfec1ccd41d3b5f6204fe8f)
2017-05-13Merge "Fix for the resource ControllerPostPuppetMaintenanceModeDeployment" ↵Jenkins4-11/+16
into stable/ocata
2017-05-12Merge "Merge pre|post puppet resources into pre|post config." into stable/ocataJenkins12-42/+26
2017-05-08Fix for the resource ControllerPostPuppetMaintenanceModeDeploymentCarlos Camacho4-11/+16
Depends-On: If88f403c85b79bd896a24c7816486709bd67706f Closes-Bug:1686619 Change-Id: I7c32ca39a456de9833d30c31d41fcb727d2b0a34 (cherry picked from commit 77b4bd53dae1882ae3094597e674218b7773eda9)
2017-05-08Merge pre|post puppet resources into pre|post config.Jenkins12-42/+26
The [Pre|Post]Puppet resources were renamed in https://review.openstack.org/#/c/365763. This was intended for having a pre/post deployment steps using an agnostic name instead of being attached to a technology. The renaming was unintentionally reverted in https://review.openstack.org/#/c/393644/ and https://review.openstack.org/#/c/434451. This submission merge both resources into one, and remove the old pre|post hooks. Change-Id: Ic9d97f172efd2db74255363679b60f1d2dc4e064 Closes-bug: #1669756 (cherry picked from commit 258c6ce52d0c8467f34693722a883d96345802b2)
2017-05-08Fix up pacemaker_status test in yum_update.shMichele Baldessari1-2/+2
In change I2aae4e2fdfec526c835f8967b54e1db3757bca17 we did the following: -pacemaker_status=$(systemctl is-active pacemaker || :) +pacemaker_status="" +if hiera -c /etc/puppet/hiera.yaml service_names | grep -q pacemaker; then + pacemaker_status=$(systemctl is-active pacemaker) +fi we did that so due to LP#1668266: we did not want systemctl is-active to fail on non pacemaker nodes. The problem with the above hiera check is that it will match on pacemaker_remote nodes as well. We cannot piggyback the pacemaker_enabled hiera key because that is true on all nodes. So let's make the test check only for pacemaker service without matching pacemaker remote. Tested with: 1) Test on a controller node with pacemaker service enabled [root@overcloud-controller-0 ~]# hiera -c /etc/puppet/hiera.yaml -a service_names |grep '\bpacemaker\b' "pacemaker", [root@overcloud-controller-0 ~]# echo $? 0 2) Test on a compute node without pacemaker: [root@overcloud-novacompute-0 puppet]# hiera -c /etc/puppet/hiera.yaml service_names |grep '\bpacemaker\b' [root@overcloud-novacompute-0 puppet]# echo $? 1 3) Test on a node with pacemaker_remote in the service_names key: [root@overcloud-novacompute-0 puppet]# hiera -c /etc/puppet/hiera.yaml service_names |grep '\bpacemaker\b' [root@overcloud-novacompute-0 puppet]# echo $? 1 [root@overcloud-novacompute-0 puppet]# hiera -c /etc/puppet/hiera.yaml service_names |grep '\bpacemaker_remote\b' "pacemaker_remote"] [root@overcloud-novacompute-0 puppet]# echo $? 0 NB: cherry-pick was not 100% clean due to unrelated lines being cleaned up in master. Change-Id: I54c5756ba6dea791aef89a79bc0b538ba02ae48a Closes-Bug: #1688214 (cherry picked from commit 2244290424ffa7781fb5b64688908c218cd10ecd)
2017-05-04Initial VIP ipv6 minor update codeMichele Baldessari2-5/+74
To test this change we deployed a stock master with ipv6 which created a bunch of ipv6 with /64 netmask: [root@overcloud-controller-0 ~]# pcs resource show ip-fd00.fd00.fd00.2000..18 Resource: ip-fd00.fd00.fd00.2000..18 (class=ocf provider=heartbeat type=IPaddr2) Attributes: ip=fd00:fd00:fd00:2000::18 cidr_netmask=64 Operations: start interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-start-interval-0s) stop interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-stop-interval-0s) monitor interval=10s timeout=20s (ip-fd00.fd00.fd00.2000..18-monitor-interval-10s) Then we update the THT folder with this patch and upload the new scripts on the undercloud via: openstack overcloud deploy --update-plan-only .... Then we kick off the minor update workflow: openstack overcloud update stack -i overcloud Once the controller-0 node (bootstrap node for pacemaker) is completed we have the correct VIP configuration: [root@overcloud-controller-0 heat-config-script]# pcs resource show ip-fd00.fd00.fd00.2000..18 Resource: ip-fd00.fd00.fd00.2000..18 (class=ocf provider=heartbeat type=IPaddr2) Attributes: ip=fd00:fd00:fd00:2000::18 cidr_netmask=128 nic=vlan20 lvs_ipv6_addrlabel=true lvs_ipv6_addrlabel_value=99 Operations: start interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-start-interval-0s) stop interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-stop-interval-0s) monitor interval=10s timeout=20s (ip-fd00.fd00.fd00.2000..18-monitor-interval-10s) Also verified that running the script a second time does not alter the (already fixed) VIPs. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: I765cd5c9b57134dff61f67ce726bf88af90f8090 (cherry picked from commit 4923f5c4991bd539888b4175fae20025d6ef3957)
2017-05-02Ensure AllNodesExtraConfig runs before AllNodesDeployStepsSteven Hardy1-0/+1
When implementing custom roles, we lost an implicit dependency that ensured AllNodesExtraConfig is applied before AllNodesDeploySteps, which causes problems if you need to write hieradata via the AllNodesExtraConfig hook (some cisco integrations we have in tree do this, and are now broken because the ordering is no longer ensured. Change-Id: Ie78ecbb4e135ab7f196867ef9d8d271049a9cd10 Closes-Bug: #1687597 (cherry picked from commit 4efc067a7e2965fc7a07eb05b019d0e3e8160606)
2017-04-28Unset the UpgradeInitCommand on convergemarios1-0/+1
In the converge envs we unset the UpgradeInitCommon since we used that for the N..O upgrades workflow. However an operator may have also overridden the UpgradeInitCommand so we should unset that too. Closes-Bug: 1686918 Change-Id: I3b316d04b78a4ab1e3f9f69948e42e6fb0ad6632 (cherry picked from commit 7d87b8225bd640fee4b55fd66e793391526f6d54)
2017-04-28Merge "Change the default for rabbitmq back to ha-mode: all" into stable/ocataJenkins3-33/+15
2017-04-28Merge "upgrades: deploy mod_ssl when upgrading apache" into stable/ocataJenkins9-67/+116
2017-04-27Merge "Prepare 6.1.0 (ocata)" into stable/ocataJenkins1-2/+2
2017-04-27Merge "Cinder-api upgrade: use httpd instead of apachectl" into stable/ocataJenkins1-1/+1
2017-04-27Merge "Align hyperconverged-ceph.yaml environment and adds some validation" ↵Jenkins1-0/+18
into stable/ocata
2017-04-27Prepare 6.1.0 (ocata)Emilien Macchi1-2/+2
Change-Id: Idb0423f9cf76234b9f44cacf32dd34cd9ae4e655
2017-04-27upgrades: deploy mod_ssl when upgrading apacheSofer Athlan-Guyot9-67/+116
1) When Apache is upgraded, install mod_ssl rpm. See https://bugs.launchpad.net/tripleo/+bug/1682448 to understand why we need mod_ssl. 2) All services that run Apache for API will use the snippet from Apache service to deploy mod_ssl, so we don't duplicate the code in all services. It's using the same mechanism as ovs upgrade to compile upgrade_tasks between both services. Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84 Closes-Bug: #1686503 (cherry picked from commit a6041608ca68aad4298ed9e8febafc442a250a55)
2017-04-26Cinder-api upgrade: use httpd instead of apachectlSofer Athlan-Guyot1-1/+1
It doesn't work downstream, so the httpd command was recommended. Change-Id: I4807333b80dad10f16e5deb56cbfdda656cd1e50 (cherry picked from commit 0b05d7fd9b0e8811755499642647919eaf64cc39)
2017-04-26Change the default for rabbitmq back to ha-mode: allMichele Baldessari3-33/+15
In change Ib62001c03e1e08f58cf0c6e0ba07a8879a584084 we switched the rabbitmq queues HA mode from ha-all to ha-exactly. While this gives us a nice performance boost with rabbitmq, it makes rabbit less resilient to network glitches as we painfully found out via https://bugzilla.redhat.com/show_bug.cgi?id=1441635. This is the THT part of the change that changes the default to ha-mode: all. NB: not clean cherry-pick due to the added metadata_settings line in master Closes-Bug: #1686337 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Co-Authored-By: John Eckersberg <jeckersb@redhat.com> Change-Id: I7afcf2b3c8deb13fc2134e4cae9c06a44e775384 Depends-On: I9a90e71094b8d8d58b5be0a45a2979701b0ac21c (cherry picked from commit 90fc4b2e27ef6f612a82dfc5e08884629d0fe0bf)
2017-04-26Increase documentation about parametersJuan Badia Payno2-3/+33
CollectdServer, CollectdServerPort, CollectdSecurityLevel, CollectdUsername, CollectdPassword Change-Id: I43a0aca6f620f2570bdfd88531e70611867337b0 (cherry picked from commit f209f0aa48d277ecb8300ef33225f6ce6e24a4ae)
2017-04-25Merge "SSHD Service extensions" into stable/ocataJenkins10-5/+46
2017-04-25Merge "sensu: fix upgrade case when service is added" into stable/ocataJenkins1-1/+1
2017-04-25Merge "Deploy ceilometer_auth_enabled to node containing keystone" into ↵Jenkins1-1/+1
stable/ocata
2017-04-25Merge "Remove no longer used environment files - older upgrade workflows" ↵Jenkins6-37/+0
into stable/ocata
2017-04-25Merge "Add migration SSH tunneling support" into stable/ocataJenkins3-1/+22
2017-04-25Merge "SSH known_hosts config" into stable/ocataJenkins11-1/+324
2017-04-25Deploy ceilometer_auth_enabled to node containing keystoneJuan Antonio Osorio Robles1-1/+1
This hiera key is used by keystone to create the ceilometer service user. It works in CI cause keystone and the ceilometer services are in the same node. However, this fails if keystone is deployed on a separate note. We should only deploy it in the nodes containing the keystone service since it's only relevant to create the service user. Change-Id: Ic0f02fe9a78a1fe14ac2b87197692fbd80c003b8 Closes-Bug: #1685828 (cherry picked from commit f1f6b5dc7d698a36f04186856fb94b4115d121dc)
2017-04-24Remove no longer used environment files - older upgrade workflowsmarios6-37/+0
In I7831d20eae6ab9668a919b451301fe669e2b1346 we removed some of the old upgrades but left the environment files removed here. Related-Bug: 1673447 Change-Id: Ib3eca5687285b280832d19b647c3b4aa3d9ac36d (cherry picked from commit 61632a621b1ef0fc0e3d20080eb8a5ff05952bbe)
2017-04-24sensu: fix upgrade case when service is addedEmilien Macchi1-1/+1
When service is added during an upgrade, fix the ansible syntax to use the right variable for return code. Change-Id: I974699fb8b0dcbe5ffa6935c394df4ac8e7b21d4 (cherry picked from commit deb9b4cad5a59e650922067841604a4bc121c228)
2017-04-21Merge "Fix bogus parameters in get_param" into stable/ocataJenkins2-2/+2
2017-04-21SSHD Service extensionsLuke Hinds10-5/+46
This change implements a MOTD message and provides a hash of sshd config options which are sourced to the puppet-ssh module as a hash. The SSHD puppet service is enabled by default, as it is required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293. Also added the service to the CI roles. Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e Depends-On: I1d09530d69e42c0c36311789166554a889e46556 Closes-Bug: #1668543 Co-Authored-By: Oliver Walsh <owalsh@redhat.com> (cherry picked from commit 5e14f95a4a46fcf88293f1b0fa93327566614d43)
2017-04-21Merge "N->O Manual puppet commands have the right modulepath." into stable/ocataJenkins2-2/+5
2017-04-21Merge "Run token flush cron job hourly by default" into stable/ocataJenkins2-1/+8
2017-04-21Merge "Update Dell EMC Cinder back end services" into stable/ocataJenkins2-0/+6
2017-04-21Merge "Add composable role support for NetApp Cinder back end" into stable/ocataJenkins6-159/+132
2017-04-21Merge "Replace references to the 192.0.2 network" into stable/ocataJenkins13-16/+39
2017-04-21Merge "N->O upgrade, fix wrong parameters to nova placement." into stable/ocataJenkins1-1/+2
2017-04-20Add migration SSH tunneling supportOliver Walsh3-1/+22
This enables nova cold migration. This also switches to SSH as the default transport for live-migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. The TCP transport is no longer used for live-migration and the firewall port has been closed. Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec (cherry picked from commit 0271a63e52b961eab0da2f5c6a61811a7a1498f7)
2017-04-20SSH known_hosts configOliver Walsh11-1/+324
Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c (cherry picked from commit 7d3552a105ad5aa62cad0998c11df5ec6bd06ed6)
2017-04-20Merge "Use comma_delimited_list for token flush cron time settings" into ↵Jenkins1-5/+5
stable/ocata
2017-04-20N->O Manual puppet commands have the right modulepath.Sofer Athlan-Guyot2-2/+5
In two places during upgrade we manually trigger puppet. There can be a problem when new puppet modules are added, and their corresponding symlinks in /etc/puppet/modules are not created during the installation as their are installed in /usr/share/openstack-puppet/modules. To prevent the issue tripleo set modulepath in the templates. We must use the same modulepath to make sure that we don't fail because of missing module in the manual puppet run. This particulary happens when you upgrade from M->N->O, as the base image in Mitaka doesn't have the proper symlinks and they are not created during the installation of the package. Closes-Bug: #1684587 Change-Id: I79df6ea33f1c58e13309176a6de41b7572541fd6 (cherry picked from commit 79c2d0f3d411da9e57731d9da79d25a3e0364eb2)
2017-04-20Merge "Touch /etc/httpd/conf.d/ssl.conf" into stable/ocataJenkins1-0/+4
2017-04-20N->O upgrade, fix wrong parameters to nova placement.Sofer Athlan-Guyot1-1/+2
According to [1] we need os_region_name, not region_name. Furthermore the os_interface is configured as well. The hard check on this parameter was introduced in ocata[2], explaining why the newton version did not chock on it. [1] https://docs.openstack.org/ocata/config-reference/compute/config-options.html [2] https://github.com/openstack/nova/commit/d486315e0 Closes-Bug: #1684058 Change-Id: If6118bf03e832fe3fa5ea4fcb1b436afd2adf80a (cherry picked from commit 88a3168b3019f7c8232c14b95d4c7c6fb5080f03)
2017-04-19Merge "Decouple Swift ringbuilding logic" into stable/ocataJenkins5-94/+10
2017-04-19Merge "Modify pci_passthrough hiera value as string" into stable/ocataJenkins2-2/+10
2017-04-19Run token flush cron job hourly by defaultJuan Antonio Osorio Robles2-1/+8
Running this job once a day has proven problematic for large deployments as seen in the bug report. Setting it to run hourly would be an improvement to the current situation, as the flushes wouldn't need to process as much data. Note that this only affects people using UUID as the token provider. Change-Id: I462e4da2bfdbcba0403ecde5d613386938e2283a Related-Bug: #1649616 (cherry picked from commit 65e643aca2202f031db94f1ccd3d44e195e5e772)
2017-04-19Use comma_delimited_list for token flush cron time settingsJuan Antonio Osorio Robles1-5/+5
This allows us to better configure these parametes, e.g. we could set the cron job to run more times per day, and not just one. Change-Id: I0a151808804809c0742bcfa8ac876e22f5ce5570 Closes-Bug: #1682097 (cherry picked from commit df36f221dd402a5b93585a6851fb1eb43de91967)
2017-04-18Touch /etc/httpd/conf.d/ssl.confLukas Bezdicka1-0/+4
To ensure that yum update passes without issues we touch ssl.conf. Proper fix is https://review.openstack.org/#/c/456712/ Depends-On: Ic5a0719f67d3795a9edca25284d1cf6f088073e8 Closes-Bug: #1682448 Resolves: rhbz#1441977 Change-Id: I73e5272c64df4aa5900f544a5d9f0670544ca679
2017-04-18Fix bogus parameters in get_paramBogdan Dobrelya2-2/+2
Change-Id: I1b5658efaaa26c473ceef184a962ec320f267ffe Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com> (cherry picked from commit e88dfbc4ca115be9522ee0fc0bdb5b60f9ddd7a7)