aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-02-23Nova Neutron configuration now uses keystone v3 endpointDavid Moreau Simard3-2/+34
Our current nova-neutron configuration does not work with the latest puppet-nova. In particular, this patch[1]. This commit adds keystone v3 endpoints to the map and gets the nova::network::neutron configuration to use them. [1] https://github.com/openstack/puppet-nova/commit/d09868a59c451932d67c66101b725182d7066a14 Change-Id: Ifb8c23c81c665c2732fa5cd757760668b06a449a
2016-02-22Update nova::network::neutron variables to drop deprecated parametersDavid Moreau Simard3-9/+9
This commit ensures we are not using any deprecated parameters for nova::network::neutron and are using the right variable names. Change-Id: Ic1b41e2cdbb6b180496822cc363c433e9388aa02
2016-02-19Merge "Use the class param to configure Cinder 'host' setting"Jenkins1-3/+1
2016-02-19Merge "Add TripleO Heat Template Parameters for Neutron Tenant MTU"Jenkins3-3/+45
2016-02-19Use the class param to configure Cinder 'host' settingGiulio Fidente1-3/+1
By configuring the Cinder 'host' setting via the appropriate class param instead of cinder_config we don't risk to override it if the user is to pass additional config settings using cinder_config in ExtraConfig. Change-Id: Idf33d87e08355b5b4369ccb0001db8d4c3b4c20f
2016-02-18Merge "Configure keystone public_endpoint"Jenkins1-1/+1
2016-02-18Merge "Enable the ML2 port security extension driver by default"Jenkins2-2/+2
2016-02-18Merge "Add missing : in hieradata key name"Jenkins1-1/+1
2016-02-18Add sysctl settings to disable IPv6 autoconfig and accept_raDan Sneddon1-0/+5
This change adds puppet hieradata settings which disable IPv6 autoconfiguration and accept_ra by default on all interfaces. When IPv6 is used, the interfaces are individually enabled and configured with static IP addresses. The networking on the compute host needs to be completely separate from the tenant networking, in order to safeguard the compute host and isolate tenant traffic. This change disables IPv6 autoconfiguration and acceptance of RAs by default on interfaces unless specifically enabled. Without these settings, IPv6 is enabled on all interfaces, as well as autoconfiguration and accept_ra, so when the compute host creates a bridge interface for the router (qbr-<ID>), the compute node will automatically assign an IPv6 address and will install a default IPv6 route on the bridge interface when it receives the RAs from the Neutron router. The change to turn off autoconfiguration means that interfaces will not self-assign an IPv6 address, and the change to not accept RAs is a security hardening feature. This requires that a static gateway address be declared in the network environment in the parameter ExternalNetworkDefaultRoute. Alternately, sysctl can be modified to change the accept_ra behavior for specific interfaces. Change-Id: I8a8d311a14b41baf6e7e1b8ce26a63abc2eaabef Closes-bug: 1544296
2016-02-18Merge "Make injected CA file readable by others"Jenkins1-1/+1
2016-02-18Merge "Increase size of connection tracking table"Jenkins7-0/+19
2016-02-17Add TripleO Heat Template Parameters for Neutron Tenant MTUDan Sneddon3-3/+45
This change adds the TripleO Heat Parameters and Puppet hieradata to support setting the MTU for Neutron tenant networks. A new parameter, NeutronTenantMtu is introduced, and this gets used for the NeutronDnsmasqOptions and in Puppet hieradata. NeutronTenantMtu is also used in the Puppet hieradata for both the compute and control nodes. Two values are set: nova::compute::network_device_mtu which sets /etc/nova/nova.conf: network_device_mtu = <NeutronTenantMtu> neutron::network_device_mtu which sets in /etc/neutron/neutron.conf: network_device_mtu = <NeutronTenantMtu> finally, the NeutronDnsmasqOptions parameter becomes a str_format that maps the NeutronTenantMtu onto the DHCP options, so a default of 'dhcp-option-force=26,%MTU%' would be formatted to 'dhcp-option-force=26,1300' if NeutronTenantMtu were 1300. This will set dnsmasq to serve an MTU via DHCP that matches the NeutronTenantMtu: /etc/neutron/dnsmasq-neutron.conf:dhcp-option-force=26,1300 Typically, you would change all three of these settings to use small or jumbo frames in VMs. When using tunneling, NeutronTenantMtu should be set at least 50 bytes smaller than the physical network MTU in order to make room for tunneling overhead. Note that this change does not support setting the MTU on veth interfaces if veth patches are used to br-int instead of OVS patches. Change-Id: I38840e082ee01dc3b6fc78e1dd97f53fa4e63039
2016-02-17Merge "Wire the Glance rbd user correctly into the external Ceph template"Jenkins1-1/+1
2016-02-17Make injected CA file readable by othersJuan Antonio Osorio Robles1-1/+1
Currently the permissions for the CA file that is injected (if the environment is set), doesn't permit users that don't belong to the group that owns the file to read it. This is too restrictive and isn't necessary, as the certificate should be public. This is useful in the case where we want a service that can't read the certificate chain (or bundle) to be able to read that CA certificate. This is the case for the MariaDB version that is being used in CentOS 7.1 for example. Change-Id: I6ff59326a5570670c031b448fb0ffd8dfbd8b025
2016-02-17Merge "Bind Galera on a hostname for compat with IPv6 addresses"Jenkins2-2/+12
2016-02-17Merge "Remove start-delay=10s for the Nova resources monitor"Jenkins1-5/+0
2016-02-16Wire the Glance rbd user correctly into the external Ceph templateGiulio Fidente1-1/+1
We were incorrectly wiring the rbd user to the relevant glance module parameter, making it was impossible to customize the rbd user when using an external Ceph. Change-Id: Ibe4eaedf986a9077f869c6530381e69ee0281f5b
2016-02-16Merge "Split pacemaker common check_service function out of _restart.sh"Jenkins3-34/+44
2016-02-16Merge "Use timeout to check for services status"Jenkins1-11/+12
2016-02-16Merge "Remove DNS hack."Jenkins1-2/+0
2016-02-15Merge "Update Dell Storage Center api port setting"Jenkins2-2/+2
2016-02-15Merge "Switch to POLL_TEMP_URL for config transport"Jenkins1-0/+1
2016-02-15Merge "Minor fixes to allow local docker registry usage"Jenkins3-4/+10
2016-02-15Merge "Enable SSL middleware for cinder"Jenkins2-0/+2
2016-02-12Merge "Update the capabilities map file name to be more consistent"Jenkins1-0/+0
2016-02-12Minor fixes to allow local docker registry usageJeff Peeler3-4/+10
Changed the heat-docker-agents namespace to use the namespacing specified in the environment file, which reduces modifications required on the user when using a local registry. Changed the start agents script to handle using a local registry both with a namespace and without. Change-Id: I16cc96b7ecddeeda07de45f50ffc6a880dabbba6
2016-02-12Add missing : in hieradata key nameJames Slagle1-1/+1
This hieradata key, neutron::agents::ml2::ovs:bridge_mappings was missing a : before bridge_mappings causing the value to be blank in /etc/neutron/plugins/ml2/openvswitch_agent.ini even if a value had been specified. Change-Id: I377565d3fb821be1bb2dc7d92ec1ad25a4a3b1f1
2016-02-12Remove DNS hack.Ian Main1-2/+0
With a properly configured undercloud the DNS is fine. We can remove the 8.8.8.8 dns setting. Change-Id: I8ba98e76f95fd0a6f3f34cb5578e6c3ea7a1d15e
2016-02-12Merge "Nova now requires an api database to be created"Jenkins5-0/+23
2016-02-12Remove start-delay=10s for the Nova resources monitorGiulio Fidente1-5/+0
As per conversation in [1], these settings should have probably never been there. 1. https://bugzilla.redhat.com/show_bug.cgi?id=1262409 Change-Id: I116f825ba0fe3e4faac8dd347bb087e1b4c70e57
2016-02-11Merge "Increase default Cinder LVM backing file to 10G"Jenkins3-3/+3
2016-02-11Merge "puppet: run keystone in wsgi"Jenkins4-63/+63
2016-02-11Merge "Update yaml-validate.py to accept files or directories"Jenkins1-11/+30
2016-02-11Merge "Fixed typo in Dell Equallogic Cinder settings"Jenkins2-2/+2
2016-02-10Merge "Pass -q option to yum"Jenkins1-2/+2
2016-02-10Merge "Set 'host' globally in Cinder instead of per-backend basis"Jenkins3-24/+3
2016-02-10Merge "Remove not needed completion-signal"Jenkins1-1/+1
2016-02-10Merge "Fix endpoint names"Jenkins1-5/+5
2016-02-10Nova now requires an api database to be createdDavid Moreau Simard5-0/+23
This enables the creation of the nova_api database that is now mandatory since https://review.openstack.org/#/c/245828/ Change-Id: Ia8242f23864ebb14ccf858a77ba754059e9c2d4a Related-Bug: #1539793
2016-02-10Merge "Makes the iSCSI initiator name unique for compute nodes"Jenkins1-0/+10
2016-02-09puppet: run keystone in wsgiEmilien Macchi4-63/+63
For both HA & non-HA scenarios, switch puppet-keystone configuration to be run in a WSGI process instead of eventlet. WSGI is the way to go for scaling Keystone, moreover, eventlet won't be support in next OpenStack releases. Co-Authored-By: Dan Prince <dprince@redhat.com> Depends-On: I22a348c298ff44f616b2e898f4872eddea040239 Change-Id: I862b4a68f43347564ec3c0ddc4ec9e1d1c755cf2 Signed-off-by: Jason Guiditta <jguiditt@redhat.com>
2016-02-09Increase size of connection tracking tableJames Slagle7-0/+19
During high load, the default limit of the kernel connection tracking table (65536) is often too low, resuling in error messages such as: kernel: nf_conntrack: table full, dropping packet This patch increases the limit to 500,000. Since the nf_conntrack kernel module is not always loaded by default, it also adds a mechanism to load kernel modules via hieradata using the kmod puppet module. In order to express the needed dependency in puppet that kernel modules are loaded before sysctl settings are applied, the Exec resources tagged with 'kmod::load' are specified in a resource collector to express that that Exec resources with the tag should run before Sysctl resources. Depends-On: I59cc2280ebae315af38fb5008e6ee0073195ae51 Change-Id: Iffa0a77852729786b69945c1e72bc90ad57ce3bb
2016-02-09Update Dell Storage Center api port settingrajinir2-2/+2
Updated the setting for the dell storage center api port to the right variable name ::dell_sc_api_port Change-Id: I67a7533469947355629b6cb54b79759e21e0ec55
2016-02-09Merge "Fix MidoNet errors"Jenkins4-14/+31
2016-02-09Merge "Create linux bridge vlans environments"Jenkins7-0/+649
2016-02-08Set 'host' globally in Cinder instead of per-backend basisGiulio Fidente3-24/+3
This change will set a common value for 'host' across all controllers. We missed to do so for the NFS backend previously. It will still be possible to set a different per-backend 'host' value by providing it via ExtraData. Change-Id: I00fd05660a15be3611e1a394650be6ab713670f9
2016-02-08Fixed typo in Dell Equallogic Cinder settingsrajinir2-2/+2
The name of the variable ::eqlx_pool had a typo. Fixed it Change-Id: I83a94d4bccf9c9a60c7b37473ae8a64ac050671c
2016-02-08Pass -q option to yumZane Bitter1-2/+2
The maximum payload size of the return signal from a Heat software deployment is 1MB, and the output of yum starts breaking this limit at ~1000 packages to update - which is not an atypical number. To prevent this, pass the -q (quiet) option to reduce the amount of output to a manageable level. Change-Id: I517271e8465885421a78b73c5af756816c37a977 Resolves-rhbz: #1304878 Closes-Bug: #1543034
2016-02-04Merge "Allow the deployer to pick a predefined IP for VIPs"Jenkins1-0/+21
2016-02-04Merge "neutron: delete by default router/dhcp namespaces"Jenkins1-0/+2