Age | Commit message (Collapse) | Author | Files | Lines |
|
This adds a new config/deployment per role that will come after any
post deploy steps. It drives the same ansible config as the
upgrade_tasks but instead collects the post_upgrade_tasks for any
service in the given role.
The workflow is upgrade_tasks, then post deploy steps (either
puppet/ or docker/ depending on the env) and then the
post_upgrade_tasks added here.
This is added to the pacemaker/cinder-volume.yaml service for now
see the bug below for more info
Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680
Closes-Bug: 1706951
(cherry picked from commit 2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
|
|
Some boolean params are set to string type. Although it works, but
it is better to use boolean type for better validation. This patch
changes them to boolean type.
Change-Id: I9f1d223619ea14fbab26033b24eb1144796e5ef2
Closes-Bug: #1715209
(cherry picked from commit cab8ab1d342c6ffada3f2adea5834b4549240af5)
|
|
This change allows running the major upgrade composable docker
steps multiple times by not trying to delete the pacemaker resources
if they're not reported as started or in master state.
Closes-bug: 1716031
Depends-On: I8da03f5c4a6d442617b81be5793a9724cc8842bf
Change-Id: Ifcf9de8c82550a90a9fb118052d43fdbcdc6ca7e
(cherry picked from commit 64d7be1e3d4552e06cbc53f788572e530cc5c3bb)
|
|
Add a retry when the pacemaker_resource command
wasn't apply correctly, more info here:
https://bugzilla.redhat.com/show_bug.cgi?id=1482116
This is the same approach puppet-pacemaker uses
and provides eventual consistency when multiple
nodes change the cluster CIB concurrently.
This change depends-on :
https://review.gerrithub.io/375982
The return code is not available in the current
ansible-pacemaker package.
Change-Id: I8da03f5c4a6d442617b81be5793a9724cc8842bf
(cherry picked from commit e92430d8d03fc2ce2d0ce192b96209f2c5c04169)
|
|
|
|
stable/pike
|
|
|
|
|
|
stable/pike
|
|
I96ec09bc788836584c4b39dcce5bf9b80e914c71 added this output to the
deploy-steps.j2, but missed adding this to the major upgrade template
which means the overcloud RoleConfig output is broken after the upgrade
(until the converge update switches back to the deploy-steps.j2 derived
template)
Closes-Bug: #1716404
Change-Id: I331fa18b456ca2d6c124316d513374e3fe5a5007
(cherry picked from commit 27018b4182d77abf612697cfe54a4fc3ceeb6be5)
|
|
We need to reuse the ceph_conf_overrides structure provided by
ceph-ansible for both user provided configs and TripleO managed
configs. This change merges the special user facing parameter
with the TripleO generated configs.
Also adds osd_scenario and osd_objectstore params for compatibility
with newer ceph-ansible versions.
Change-Id: I29c689c6c689590da5b6a3f581fdbec98a52e207
Closes-Bug: #1715321
(cherry picked from commit 32bc2abf14af4ca1449e18b848e2be3cff013987)
|
|
stable/pike
|
|
|
|
|
|
|
|
|
|
We cannot use the --selinux-enabled docker daemon option on CentOS/RHEL 7.3.
It will fail if security_inode_copy_up is not found in the kernel symbols:
https://github.com/projectatomic/docker/blob/docker-1.12.6/daemon/daemon_unix.go#L661
NB this has been reduced to a warning upstream:
https://github.com/moby/moby/commit/885b29df096db1d6746ece4b3a298a1ffe85716d
Instead this just bind mounts /sys/fs/selinux in containers-common.yaml.
Everything appears to work at initial glance. Pingtest succeeds, and
live-migration between baremetal and containerized computes works.
Change-Id: I018221bf7ae9ab9ece193b55f1ce31eb1591046c
Closes-bug: #1715171
(cherry picked from commit 520f889a31f1ea6ee2bad86d1dbb3c0435604d10)
|
|
Required to debug issues.
Change-Id: I4d86c8d9ecc353a916475977eb6f2d842c812556
(cherry picked from commit dc64a1108e7bc23f92d77e75001fb42549731e3b)
|
|
Without this, ceilometer notification agent cant find panko
and skips posting events to it.
Change-Id: Ibfeef5c557d1ceb11a999aa947597014ca94ec34
(cherry picked from commit 5437086ee744469b9daf8cd9edd600f7aa98dde6)
|
|
Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.
This commit enables redis TLS proxy for the HA deployment.
bp tls-via-certmonger
Change-Id: I45e539872a03878337def33c681c4577c1a5629e
(cherry picked from commit c6d8df01d7aa8b44af9ac152b3bb08f07e2e02b7)
|
|
|
|
|
|
Add DhcpAgentNotification param in neutron base yaml file to allow
user to toggle dhcp_agent_notification for neutron.
Change-Id: I31715f58e885ac0c1cd9d813f79df9906b780d99
Closes-Bug: #1713193
(cherry picked from commit 5ea728cba456f3833a626f86043f17427bca5d4f)
|
|
|
|
|
|
Store the httpd logs under dedicated /var/log/containers/httpd/
paths.
Additionally, add release notes describing upgrade impact
for containerized services logs.
Closes-bug: #1700045
Change-Id: I8120c56f2315700862bd0f708b8baa8910275b09
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit 287e84585ca9170570ce8d06eebd7f9a3ec3345c)
|
|
Co-Authored-By: Ian Main <imain@redhat.com>
Change-Id: Iad6d38690340f4a064a4527c58ed439d91fa5188
Closes-bug: #1715136
(cherry picked from commit d3b3361a76c2e8b188fa8e586d9fb7f3c60bb66f)
|
|
Change-Id: Ibeb28d7c497b02253d00a74257989cefba2b0cc4
(cherry picked from commit fc44ee6ff3553754c618349df3be7544b17e9c5f)
|
|
This change allows the upgrade non controller script, which loops
throug all steps, to complete by adding default values to be
evaluated in the steps where the vars are not registered.
Closes-Bug: 1715574
Change-Id: Ic056fc556240d1acc9f28a75f63c7628cc64da03
(cherry picked from commit d109c1d7a7d2f6302c39369de8a601bc0b2f6704)
|
|
stable/pike
|
|
The clustercheck service is currently in the ControllerOpenstack role
which represents a controller without the DB. Since the clustercheck
service/container always talks to the SQL server via a localhost
connection it *has* to run on the very same node that hosts the DB.
In a containerized deployment this error shows up with db syncs simply
hanging because haproxy will stop serving port 3306 because the
clustercheck service on port 9200 cannot talk to mysql locally.
Errors like this will be logged when trying to connect to the DB VIP:
mysql -u heat -h 172.17.1.13 -p3UazsaeTC64V9UvEcJ3GZ9rbd
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
Fix this by making sure that the clustercheck service runs on
the DB role.
Change-Id: Iec4c9678d8b8d44e002c1e53110dedc0674359fb
Closes-Bug: #1715847
(cherry picked from commit 1760079dfe5905f2e696b9fc5c729cffa44554ae)
|
|
QoS is not fully supported and fails to load correctly with
networking-odl. Therefore disabling it from Neutron extension drivers
until we have it fully working.
Change-Id: I89aa3628c1400305f9659f5c0c99942a7fa7d19e
Closes-Bug: 1708131
(cherry picked from commit cfd0d185a93ac2922e233e268a32c3574bee37bf)
|
|
ODL now uses a websocket port to update the port status to Neutron.
This port (8185) was blocked so port updates were never received in
Neutron and instances would not come up properly. This patch opens the
port for ODL deployments.
Closes-Bug: 1715484
Change-Id: Ic59b224c67c02b56b0273700e8e2aa85ae6f8c88
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit e2558c4a665345e67fcc784c21188bdf06ff1126)
|
|
For DPDK, vhost-user sockets are created on the host at
/var/lib/vhost_sockets directory, which will be used by
libvirt and openvswitch. This directory has the necessary
permissions and SELinux policies. Mount this folder for
libvirt container.
Change-Id: Id8be208d1b05886ac45dfdcf48fe766ee5724d1c
Partial-Bug: #1712732
(cherry picked from commit 3ea04744c22ae4cd2e1f2b77fc7d5ade012899e0)
|
|
stable/pike
|
|
|
|
|
|
stable/pike
|
|
stable/pike
|
|
|
|
|
|
Patch Ie09ce2a52128eef157e4d768c1c4776fc49f2324 added a new
set of upgrade tasks which were missing the 'tags' keyword.
Closes-Bug: 1715631
Change-Id: Ib1c1aadfbf58c9bccc18667934c8b3c5f38fafa4
(cherry picked from commit 7897d38274cb6435289bc4f4928f96b111e5b4f4)
|
|
This patch adds support for running the neutron SR-IOV agent in a
container.
Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f
Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec
Closes-Bug: #1715388
Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9
(cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)
|
|
Previously it was only possible to configure the overcloud with
an external Ceph cluster via puppet-ceph-external.
This submission adds a CephExternal implementation which uses
ceph-ansible.
Change-Id: Id0d375f88e27e91e9d89f25a0cd7388b6e45df8b
Depends-On: Ifc57c9cf6ca8017a2abc78d6320c0675ad49ca9f
Closes-Bug: #1714271
(cherry picked from commit 01e55c314de74579196518d958bf5be30e390409)
|
|
stable/pike
|
|
This patch allows usage of ceph-ansible to configure the RGW service
in the overcloud. Still uses puppet-keystone to create the necessary
user and endpoint in the catalog.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Iafa17bb64c54e40350b2ba7d76dea3d82fcab0e4
(cherry picked from commit 5b3cd1dcacff408bcb482bdea6cded8755a39ebb)
|
|
|
|
|
|
As described in the bug report, DeployedSSLCertificatePath is used by
the TLS injection script (if you decide to use that).
There is an alternative, which is to use FreeIPA to provide the
certificate for public TLS (powered by certmonger); however, it doesn't
use the same path as what folks expected. This reuses the
DeployedSSLCertificatePath parameter and uses that as a path for the
resulting PEM file, so its easier to debug.
Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d
Closes-Bug: #1714932
(cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)
|
|
The ceph-osd package is only required on nodes hosting the CephOSD
service, but the package's presence on other nodes may interfere with
software updates. That's because some distros distribute Ceph software
in different channels, and not all nodes have access to the ceph-osd
channel.
There are two parts to the fix, and the first is an enhancement to the
yum update process. The process detects when the ceph-osd package is not
required, and removes the package from the node.
The second part takes ceph-osd out of the default list of packages
needed by puppet-ceph. The ceph-osd package is listed only on the nodes
hosting the CephOSD service.
Closes-Bug: #1713292
Change-Id: I7a581518ed25cf5f264abfaabfcf2041363a065b
(cherry picked from commit 5a89ea21f2add98119a10464b020a98999d31c41)
|