| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This adds the necessary hieradata for enabling TLS in the internal
network for Cinder API.
bp tls-via-certmonger
Depends-On: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863
Change-Id: I126e890076bc96b1cd166a919eff6aa1bb80510b
|
|
|
|
|
|
|
|
For parameter merge strategies to work we need to merge multiple environment
files, which doesn't consider the defaults defined in the heat template.
Moving where we define these defaults will enable the merge strategies
applied when appending services to roles in environment files to work.
Change-Id: I1ef1ad685c8a15308d051665c576a98b277f2496
Closes-Bug: #1635409
|
|
|
|
|
|
|
|
This can be used to pass the e.g. the tripleo-validations ssh key into
the deployment.
Change-Id: I861b9e2252a9c8122dcf7df261386f1ea5200c4f
Related-Bug: #1635226
|
|
|
|
|
|
|
|
manila-share also needs the db configuration so the db-sync works
correctly when manila-api is running on a non-controller node.
Change-Id: Ib8a6f10ef6a650275fc011e51acfc4b5c7c99164
Closes-Bug: 1633077
|
|
Because manila-share is a pacemaker-managed service, it has to be
on the controller node. If you deploy the api services to a
different node, then manila-share loses access to the authtoken
hieradata generated by manila-api. Adding it explicitly to the
manila-share config allows this setup to deploy sanely.
Note that I'm having a different problem with manila db-syncs in
this setup, so there's likely another patch required to get it
fully working.
Change-Id: Iac782fa67ea912d24b9905dd8bbafb8ff28dd669
Partial-Bug: 1633077
|
|
|
|
The param is now managed in puppet-tripleo like other services.
Change-Id: I306aa6ac6e2cfc0d4602e15e11564a6be096a121
Depends-On: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d
|
|
|
|
|
|
|
|
- Remove vncproxy firewall rules from nova-api service
- Add vncproxy firewall rules to nova-vncproxy service
- Add console port range firewall rules to nova-libvirt service
Change-Id: I421ae21c130cac6f25e7c0869b941ba77441172c
|
|
Some ports are missing to support live-migration. This patch adds them.
Documented here:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/migrating-instances/chapter-1-how-to-migrate-a-live-instance
Change-Id: I72634a9940c11602522322235e51bf27cb664e57
|
|
|
|
|
|
Seems the conditional has changed and we should pickup the
tripleo::profile::base::swift::storage::enable_swift_storage
hiera data.
After controller nodes are upgraded the swift services were down
even though there was no stand-alone swift node (the current
conditional was failing as that hiera isn't set any more)
Closes-Bug: 1638821
Change-Id: Id1383c1e54f9cae13fd375e90da525230e5d23eb
|
|
The update configuration is generated into ceph.yaml and into
{rolename}.yaml. We should ensure puppet hiera is looking for
these files.
Change-Id: I261d16bc365b3d19adc502385edcc509a53ffc2a
Closes-Bug: #1638346
Resolves: rhbz#1388977
|
|
currently udp port 8125 is blocked by default. This can cause issues
when sending statsd data.
Change-Id: Icb5569c4e3dc981e9a8accf32eedd3370552cb34
|
|
|
|
OPM package is metadata package with unversioned requirements which
means that update does not update the dependencies. This leaves us
with old puppet modules and old puppet during the puppet run.
Change-Id: I80f8a73142a09bb4178bb5a396d256ba81ba98a8
Closes-Bug: #1638266
Resolves: rhbz#1390559
|
|
gnocchi when configured with swift will require keystone
to be available to authenticate to migrate to v3. At this
step keystone is not available and gnocchi upgrade fails
with auth error. Instead start apache in step 3, start
apache first and then run gnocchi upgrade in a separate
step and let upgrade happen here.
Closes-Bug: #1634897
Change-Id: I22d02528420e4456f84b80905a7b3a80653fa7b0
|
|
|
|
The interface for this moved to init.pp, the one we currently
use now only outputs a warning, it doesn't actually set anything.
Change-Id: Idc40cf0dc4ff0f598e0918e0de8b3233b524cdd5
Closes-Bug: 1638254
|
|
|
|
Updated plugin name for configuring Nuage.
Nuage plugin name changed after Liberty release
and needs to be updated at all instances.
Updated neutron-nuage-config.yaml file to reflect
the change.
Change-Id: I7cce9a07b909ab59bf249439eec0833afce5cca6
Closes-Bug: #1635033
|
|
|
|
|
|
|
|
The Ceilometer middleware is in the wrong place; actually any middleware
should be deployed after catch_errors to catch any errors that would
otherwise crash the proxy service. Additionally the ceilometer
middleware should be deployed after any authentication middleware.
Closes-Bug: 1637471
Co-Authored-By: Thiago da Silva <thiago@redhat.com>
Change-Id: I710ff2f51271a78582fa502e7eecfa687800c664
|
|
A default TripleO installation uses a local directory named "d1" to be
used by Swift. With SwiftRawDisks set it is highly unlikely that that an
operator wants to use this any longer, because it affects system
perforamce and might result in an overfilled the system disk. In this
case d1 should be no longer when building rings.
This patch makes it possible to disable the d1 device usage in the ring
building process by using a new option "SwiftUseLocalDir". This is set
by default to true, not changing the default behavior. If set to false,
the d1 device won't be used when building rings.
Closes-Bug: 1634051
Change-Id: Ia9ad38e3ffa533e170f4cedd0518d830e9b2fa69
|
|
With this, we can clean it from puppet-tripleo.
Change-Id: I13638cd1af52537bef8540f0d5fa5f5f7decd392
Depends-On: Ic1967a6f4f60a273965811516f33121115d518b4
|
|
rpm command will return an exit 1 if ovs package is already
there and will exit the step_1.sh script. To get around this
force the update with --replacepkgs
Also remove the \ just before the $ which cause a syntax
error for the ceph storage
Change-Id: I11fcf688982ceda5eef7afc8904afae44300c2d9
Closes-bug: 1636748
|
|
|
|
|
|
Using the SwiftRawDisks parameter neither created the XFS filesystem nor
mounted the device, requiring manual intervention by an operaror.
Partial-Bug: 1634051
Change-Id: I2da0f12635a37c1f339a3be59a7d00f352adf283
|
|
|
|
With the following two changes we increased the timeout for redis and
rabbit for both starting and stopping to 200s:
https://review.openstack.org/386618 newton (merged)
https://review.openstack.org/385555 master (merged)
We want to also fix that on minor updates on all our supported
releases upstream and downstream (newton, mitaka, liberty, kilo).
This way we can guarantee that we have a uniform timeout for
sart and stop for rabbit and redis across all our releases.
Change-Id: If59bf3386832ee78d3a654f01077aff2e8be76e8
Closes-Bug: #1634851
|
|
|
|
|
|
|
|
|
|
Horizon allowed hosts should name the IP addresses/
DNS names (short/long) the Horizon node is listening to.
Allowed hosts is used for header checks and is a security
mechanism.
Change-Id: I81c96357f969a1a436eecd35eb178579159bc719
|
Juan Antonio Osorio Robles
Jenkins
Steven Hardy
Ben Nemec
Emilien Macchi
marios
Lukas Bezdicka
Pradeep Kilambi
lokesh-jain
Christian Schwede
Mathieu Bultel
Michele Baldessari
Matthias Runge