aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-08-03Merge "Set redis password hiera value in compute agent"Jenkins1-0/+5
2017-08-03Merge "Cinder volume/backup containers shouldn't mount two paths at same point"Jenkins2-2/+0
2017-08-03Merge "Update TLS-everywhere docker environment"Jenkins1-2/+5
2017-08-03Merge "Fix keystone, cinder, heat-api cron containers"Jenkins3-1/+7
2017-08-02Make UpgradeLevelNovaCompute parameters consistentBen Nemec3-3/+2
There is logic in nova-base.yaml that depends on the default for this parameter being '', and the nova-compute service only needs it set to auto during upgrade. That will be done by [1] anyway, so it doesn't matter what the default is. It's also not clear to me that the nova-compute task is even needed now that we're post-Ocata, but that's not a change I feel comfortable making. 1: https://github.com/openstack/tripleo-heat-templates/blob/master/environments/major-upgrade-composable-steps.yaml Change-Id: Iccfcb5b68e406db1b942375803cfedbb929b4307 Partial-Bug: 1700664
2017-08-02Make many networking parameters consistentBen Nemec39-77/+67
These are mostly the low hanging fruit that only required a few minor changes to fix. There are more that require a lot of changes or might be more controversial that will be done later. Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62 Partial-Bug: 1700664
2017-08-02Make RoleParameters and key_name descriptions consistentBen Nemec12-12/+12
The key_name default is ignored because the parameter is used in some mutually exclusive environments where the default doesn't need to be the same. Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7 Partial-Bug: 1700664
2017-08-02Merge "Fix ceilometer agent compute service name"Jenkins1-1/+1
2017-08-02Add Telemetry services to scenario002Pradeep Kilambi2-4/+17
We need to test gnocchi with swift backend. So adding telemetry to scenario002 job to cover that. Change-Id: I284de61bbefac9e9b37390650016643ffe38b5cc
2017-08-02Start redis service after upgradePradeep Kilambi1-0/+3
We install redis if its not already there, but we should also ensure redis service is started in the next step 4. related to issues we're seeing in I284de61bbefac9e9b37390650016643ffe38b5cc Change-Id: Ic01db53ea8669f14e87f6987045b2be5a3480024
2017-08-02openstack-heat-templates: fix deprecation pathSébastien Han1-1/+1
The right file is external-ceph.yaml, not ceph-external.yaml. Change-Id: If21a4f183305f82916e1ef2aadb0706e7dab4657 Signed-off-by: Sébastien Han <seb@redhat.com>
2017-08-02Update capabilities map to match latest environmentsJiri Tomasek1-263/+239
This change updates capabilities-map.yaml to properly map existing environments Closes-Bug: 1708159 Change-Id: I4104b6b59b3e9b19a06cdc233dae4f68fe033580
2017-08-02Fix up multipath docker indentationMichele Baldessari1-5/+5
Deploying a multipathd container gives the following error: failed: [localhost] (item={'key': u'config_files', 'value': [{u'dest': u'/', u'merge': True, u'source': u'/var/lib/kolla/config_files/src-iscsid/*', u'preserve_properties': True}]}) => {\"checksum\": \"72ad81489381571c5043b7613f6828b06ae364bd\", \"failed\": true, \"item\": {\"key\": \"config_files\", \"value\": [{\"dest\": \"/\", \"merge\": true, \"preserve_properties\": true, \"source\": \"/var/lib/kolla/config_files/src-iscsid/*\"}]}, \"msg\": \"Destination directory does not exist\"} The reason is the wrong indentation of the config_files key in the multipath docker service. Change-Id: I0e1fbb9eb188a903994b9e5da90ab4a6fb81f00a Closes-Bug: #1708129
2017-08-02Merge "Fix iscsid role data's section"Jenkins1-1/+1
2017-08-02Cinder volume/backup containers shouldn't mount two paths at same pointJohn Fulton2-2/+0
Docker refuses to start the container because config_files/src-ceph:ro is mounted at both /etc/ceph and config-data/puppet-generated/ceph. The mount to /var/lib/config-data/puppet-generated/ceph should have been removed in commit ed0b77ff93a1a1e071d32f6a758e04c6d0b041ef. Change-Id: I411b4764a54fc21e97e4c41a5fef00c7e6e2b64d Closes-Bug: #1707956
2017-08-02Merge "Fix network-isolation.j2.yaml to ignore VIPs for disabled networks"Jenkins1-1/+1
2017-08-02Merge "Remove empty metadata_settings from iscsid and multipathd templates"Jenkins2-2/+0
2017-08-02Merge "Adds stop and disable for libvirtd on upgrade to containers"Jenkins1-0/+4
2017-08-01Set redis password hiera value in compute agentPradeep Kilambi1-0/+5
Without this config defaults to undef in containers Change-Id: Id47f365364e7b0d399de92995871b136550cd625
2017-08-01Fix ceilometer agent compute service namePradeep Kilambi1-1/+1
Make sure this matches whats in roles_data.yaml Change-Id: Id41c457914f557af7c9ec195c4c6f98669523ac1
2017-08-01Merge "Generate MySQL client config if service requires database"Jenkins44-116/+359
2017-08-01Run gnocchi upgrade with sacks in docker templatePradeep Kilambi1-1/+9
Without this gnocchi is not initializing the sacks like puppet does and gnocchi containers dont respond properly. Change-Id: I2c53b00793f99420fd12ccc0b5646cf21d528e46
2017-08-01Merge "Add missing metadata_settings from docker services"Jenkins3-0/+6
2017-08-01Adds stop and disable for libvirtd on upgrade to containersmarios1-0/+4
Adds this into the tripleo_upgrade_node.sh executed by the operator for the major upgrade see the bug for more info Change-Id: Ic54b48b149594e8ea08e95152111bcdaf7b252b7 Closes-Bug: 1707926
2017-08-01Fix keystone, cinder, heat-api cron containersDan Prince3-1/+7
The cron containers need to run as root in order to create PID files correctly. Additionally, the keystone_cron container was misconfigured to use /usr/bin/cron instead of the correct /usr/bin/crond. Additionally we have an issue where the Kolla keystone container has hard coded ARGS for the docker container which causes -DFOREGROUND (an Apache specific argument) to get appended onto the kolla_start command thus causing crond to fail to startup correctly. This works around the issue by overriding the command and calling kolla_set_configs manually. Once we fix this in Kolla we can revisit this. Change-Id: Ib8fb2bef9a3bb89131265051e9ea304525b58374 Related-bug: 1707785
2017-08-01Fix CA file bind mounting in containersJuan Antonio Osorio Robles1-1/+5
The syntax was wrong and wasn't actually bind mounting the CA file. This fixes it. Change-Id: Icfa2118ccd2a32fdc3d1af27e3e3ee02bdfbb13b
2017-08-01Update TLS-everywhere docker environmentJuan Antonio Osorio Robles1-2/+5
Some resources have changed. So the environment needed syncing Change-Id: I9aa310ae80edfccd3ed28e67a431aad6e1ed8a7f
2017-08-01Remove empty metadata_settings from iscsid and multipathd templatesJuan Antonio Osorio Robles2-2/+0
metadata_settings is meant to have a specific format or be completely absent. Unfortunately the hook [1] doesn't an empty value for this. So we remove it as an easy fix before figuring out how to add such a functionality to the hook. [1] https://github.com/openstack/tripleo-heat-templates/blob/master/extraconfig/nova_metadata/krb-service-principals.yaml Co-Authored-By: Thomas Herve <therve@redhat.com> Change-Id: Ieac62a8076e421b5c4843a3cbe1c8fa9e3825b38
2017-07-31Merge "Enable Dpdk after rebooting with Hugepages for OvS2.7"Jenkins2-35/+58
2017-07-31MariaDB: create clustercheck user at container bootstrapDamien Ciabrini1-1/+22
In HA overclouds, the helper script clustercheck is called by HAProxy to poll the state of the galera cluster. Make sure that a dedicated clustercheck user is created at deployment, like it is currently done in Ocata. The creation of the clustercheck user happens on all controller nodes, right after the database creation. This way, it does not need to wait for the galera cluster to be up and running. Partial-Bug: #1707683 Change-Id: If8e0b3f9e4f317fde5328e71115aab87a5fa655f
2017-07-31Merge "Fix creation of iptables rules for non-HA containerized HAproxy"Jenkins2-2/+39
2017-07-31Add missing metadata_settings from docker servicesJuan Antonio Osorio Robles3-0/+6
These are needed for the TLS everywhere bits. Change-Id: I81fcf453fc1aaa2545e0ed24013f0f13b240a102
2017-07-31Merge "Add 'ovn-controller' service"Jenkins12-15/+54
2017-07-31Copy scheduler configuration from service/ironic to services-docker/ironicDmitry Tantsur1-0/+2
That was missed back then. Without it bug 1697724 is not fixed for containers. Change-Id: Ie859f10129cbdeebd9ea4522510768cec99a1df3 Related-Bug: #1697724
2017-07-31Enable Dpdk after rebooting with Hugepages for OvS2.7Saravanan KR2-35/+58
With OvS2.7, DPDK is initialized immediately after setting dpdk-init flag. DPDK requires hugepages configuration to be available on kernel args with a reboot. This patch reboots the node after applying the kernel args. And once the node is rebooted, DPDK will be enabled and then the deployment continues. Change-Id: Ide442e09c2bea56a38399247de588e63b4272326
2017-07-29Merge "add lbaasv2 to NeutronServicePlugins in octavia containers"Jenkins1-0/+5
2017-07-28Merge "Also log docker-puppet.py puppet output to console"Jenkins1-1/+1
2017-07-28Merge "Enable Zaqar API SSL"Jenkins2-1/+20
2017-07-28Also log docker-puppet.py puppet output to consoleBogdan Dobrelya1-1/+1
Running puppet apply with --logdest syslog results in all the output being redirected to syslog. You get no error messages. In the case where this fails, the subsequent debug task shows nothing useful as there was no stdout/stderr. Also pass --logdest console to docker-puppet's puppet apply so that we get the output for the debug task. Related-Bug: #1707030 Change-Id: I67df5eee9916237420ca646a16e188f26c828c0e Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-07-28Merge "Consistent hostname format env for split-stack"Jenkins3-15/+5
2017-07-27Changing the default port-binding configurationItzik Brown3-2/+55
networking-odl no longer supports the network-topology port binding controller and instead now relies on a pseudo-agent binding controller. This means that each OVS node must be configured with host configuration in OVSDB about which VIF types, network types, functions, etc that this OVS node supports. The end result is this affects where nova and neutron will schedule instances. Changes Include: - Modifying default port binding controller to use pseudo agent - Adds necessary per role parameters to be able to configure host config on a per role basis to allow for heterogenous compute node configurations. Change-Id: I50458abf6a8a6bf724ad97accb6444d9c497d287 Closes-Bug: 1674995 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-27Add 'ovn-controller' serviceNuman Siddique12-15/+54
Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml) is started only on compute nodes. But for the cases where the controller nodes provide the north/south traffic, we need ovn-controller service runninng in controller nodes as well. This patch - Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more sense and sets the service name as 'ovn-controller'. - Adds the service 'ovn-controller' to Controller and Compute roles. - Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3 Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53 Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5
2017-07-27Also log puppet output to consoleJames Slagle1-1/+1
Running puppet apply with --logdest syslog results in all the output being redirected to syslog. You get no error messages. In the case where this ansible task fails, the subsequent debug task shows nothing useful as there was no stdout/stderr. Also pass --logdest console to puppet apply so that we get the output for the debug task. My local testing showed that when specifying logdest twice, both values were honored, and the output went to syslog and the console. Change-Id: Id5212b3ed27b6299e33e81ecf71ead554f9bdd29 Closes-Bug: #1707030
2017-07-27Generate MySQL client config if service requires databaseDamien Ciabrini44-116/+359
Services that access database have to read an extra MySQL configuration file /etc/my.cnf.d/tripleo.cnf which holds client-only settings, like client bind address and SSL configuration. The configuration file is thus used by containerized services, but also by non-containerized services that still run on the host. In order to generate that client configuration file appropriately both on the host and for containers, 1) the MySQLClient service must be included by the role; 2) every containerized service which uses the database must include the mysql::client profile in the docker-puppet config generation step. By including the mysql::client profile in each containerized service, we ensure that any change in configuration file will be reflected in the service's /var/lib/config-data/{service}, and that paunch will restart the service's container automatically. We now only rely on MySQLClient from puppet/services, to make it possible to generate /etc/my.cnf.d/tripleo.cnf on the host, and to set the hiera keys that drive the generation of that config file in containers via docker-puppet. We include a new YAML validation step to ensure that any service which depends on MySQL will initialize the mysql::client profile during the docker-puppet step. Change-Id: I0dab1dc9caef1e749f1c42cfefeba179caebc8d7
2017-07-27Fix iscsid role data's sectionDamien Ciabrini1-1/+1
The iscsid service definition has a typo, config_setting should read config_settings Change-Id: I12605dba61fd5f6ce80c3ab78e883ed5ebf3ca62
2017-07-27Add environment for setting a custom domain nameBen Nemec4-4/+54
Just setting CloudDomain won't make the domains used consistent. There are a number of CloudName parameters that must be set as well. This change adds a sample environment that includes all of those parameters so it is easy to set everything consistently. Also fixes the description of CloudNameCtlplane to reflect the actual use for that parameter. Change-Id: I56d1c1c5619f83c16c4e8350aa84fccc3d748425
2017-07-27Do not run clustercheck on the host after O->P upgradeDamien Ciabrini1-0/+6
Once an Ocata overcloud is upgraded to Pike, clustercheck should only be running in a dedicated container, and xinetd should no longer manage it on the host. Fix the mysql upgrade_task accordingly. Change-Id: I01acacc2ff7bcc867760b298fad6ff11742a2afb Closes-Bug: #1706612
2017-07-27Merge "Add PCI to nova compute container for passthrough support"Jenkins1-0/+2
2017-07-27Merge "Enable libvirtd_config puppet tag in nova-libvirtd docker service"Jenkins1-1/+1
2017-07-27Enable Zaqar API SSLThomas Herve2-1/+20
This sets the SSL flag in the docker service and expose the parameter in the docker service. Depends-On: I4c68a662c2433398249f770ac50ba0791449fe71 Change-Id: Ic3df2b9ab7432ffbed5434943e04085a781774a0