| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Moves the default KeystoneAdminApiNetwork setting to the ctlplane
so that the undercloud will always have easy access to be able
to configure endpoints.
Change-Id: I1f6aba62b98820b678cce1ca16e72a0c3d045720
|
|
This patch adds explicit nested stack parameters to
help manage use of the Keystone Admin API vs. the
Keystone Public API.
We also add a new output parameter specifically for the Keystone admin
API VIP. This can be useful when configuring keystone endpoints
with network isolation.
Change-Id: I2bd3e61570151e2faeee14ee09b03ad0b3208cc1
|
|
|
|
When using network isolation you might want to selective
move one of the services back to the default ctlplane network
by simply using the ServiceNetMap parameter. This patch
adds ctlplane to the output parameters for both
the net_ip_map and net_ip_list_map nested stacks so that
this is possible.
As part of this patch we also split out the NetIpSubnetMap
into its own unique nested stack so that the Heat input
parameters for this stack are more clearly named.
Change-Id: Iaa2dcaebeac896404e87ec0c635688b2a59a9e0f
|
|
Reinstates the heat-admin user via template user-data, which
replaces the previous boothook injected user provided by the
(deprecated now removed) heat instance_user option.
This has some advantages over the heat.conf option, e.g it allows
for much easier customzation of the user configuration (additional
SSH keys, adding groups etc), and also in future if we support
deploying more than one overcloud you could specify a different
user per deployment.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Change-Id: I2235b9690c01542d8a28ec1c1a4607de751aea29
Closes-Bug: #1229849
|
|
This is another missing constraint. The `require-all=false` part is good
to have, otherwise Ceilometer (and transitively Heat) would switch to
A/P mode. However, at the moment `require-all=false` isn't a recognized
parameter on Fedora, hence the logic fork based on $::operatingsystem.
Change-Id: I2657087192a05b2d8f0ab04ec60631d35331bf6c
|
|
This is required for HA to work correctly.
Change-Id: I9faa8fd7bbbac67de5c468ab6fc4edb2260dffe7
Depends-On: https://github.com/redhat-openstack/puppet-pacemaker/pull/61
|
|
This can probably only be merged when we move CI forward from Fedora 21
to Fedora 22.
Change-Id: I3a3db4b179cc19756f75003dacd2bb4cd957f0de
|
|
We don't have swap space enabled on overcloud-full deploys
as discussed at https://bugs.launchpad.net/tripleo/+bug/1491335
The default is 1.5 so configure Virtual ram to physical ram
allocation ratio to 1:1 so we don't allow overcommit.
Related-Bug: 1491335
Change-Id: I58cfe6dc68e8615a5519428412dec8c653bd6093
|
|
|
|
These were missing and are required for a correct deployment.
Change-Id: I49a61d0ab2f750f2620927a40f798d11b241b2c0
|
|
This is passed from the heat templates as hiera data (defaulting
to 'openvswitch') but never effected, meaning we get the puppet
module default.
Change-Id: I3f14cdce9b9bf278aa9b107b2d313e1e82a20709
Closes-Bug: 1488176
|
|
VXLAN has better performance (20-25% better)
NICs with VXLAN offload are more common
Change-Id: If57c79a1309ae178b3e82d54bb101dde584c86cc
Related: rhbz#1244864
|
|
|
|
This change enables Keystone notifications and adds two parameters
to control the notification driver and format.
Change-Id: I23ac3c46ee9eb49523d3b8dab027ef21fc6e42df
|
|
This change removes a hardcoded value for the bond name in the NIC
config for the compute node in the bond-with-vlan NIC config
templates. When this hardcoded value of "br-bond" is used, then the
Neutron bridge mappings must be set to set to datacentre:br-bond in
order for VLAN mode networking to recognize the bridge. By using the
input value for bridge_name we will ensure that the controller and
compute nodes have the same bridge name (defaults to "br-ex"), and
that the defaults will work with VLAN mode.
Change-Id: I28654ab93e3c10a8597c8b877f3f2f6b3eca887c
|
|
This patch adds support for using an externally managed Ceph
cluster with the TripleO Heat templates.
For an externally managed Ceph cluster we initially
only deploy the Ceph client tools, install the 'openstack' user
keyring, and generate the ceph.conf. This matches what we do
for managed Ceph installations and is a good first start.
No other Ceph related services are installed or managed.
To enable use of a Ceph external cluster simply add
the custom Heat environment file environments/puppet-ceph-external.yaml
to your heat stack create/update command and make sure to
set the required CephClientKey, CephExternalMonHost, and CephClusterFSID
variables.
Change-Id: I0a8b213ce9dfa2fc4e62ae1e7631466e5179fc2b
|
|
|
|
|
|
Currently mysql root user can connect in a passwordless way from :
* localhost
* 127.0.0.1
* ::1
* <HOSTNAME>
This patch ensures that the mysql root user can connect only from localhost.
Change-Id: If64fd383737c2fbeed4adbe8d98b1f92610956b2
|
|
This commit provides a way to configure some additional hieradata
for compute nodes. This is similar to the earlier added infra for
supporting Controller pre-deployment extraconfig.
Change-Id: I02dda0685c7df9013693db5eeacb2f47745d05b5
|
|
Meant to help users configure their storage parameters by copying this
file out, amending it and passing it to `heat stack-create` or
`openstack overcloud deploy`.
Defaults to using Ceph as a backend for Cinder, Glance and also Nova
ephemeral storage.
Change-Id: Ia8f5ef175439394aacdea98cfd66416bcb9bfe3a
|
|
|
|
|
|
|
|
This change adds a default setting for the OVS bond options to the
bond-with-vlans controller.yaml. This default will attempt to bring
up LACP bonding, but should that fail it will bring up the bond in
active/backup mode. This is a safe configuration if the switch is
not configured for bonding.
Change-Id: I91aad1e061ed1ecf26636e60da7a9a6e9cde50a5
|
|
This patches wires in a new "all nodes" validation resource
that can be used to add validations that occur early on
during the deployment process. This occurs after the nodes
have been brought online and the initial networks
have been configured but before any "post" (puppet, etc.)
sort of configuration has been executed.
A initial validation script has been added to ping test network IPs
on each network. When using network isolation this will ensure
network connectivity (vlans, etc) are working on each
node and if not the heat stack will fail early, allowing
time to fix the network connections and retry the
stack creation via an update.
Change-Id: I63cf95b27e8ad2aed48718cf84df5f324780e597
Co-Authored-By: Ian Main <imain@redhat.com>
Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
|
|
|
|
|
|
Set up a cron job to flush keystone tokens periodically. The job runs
once a day near midnight per puppet-keystone defaults, and we pass
maxdelay 3600 which means each controller will wait a random delay of up
to 1 hour before running the task.
Change-Id: I351f0273c61106c182aa3945b7ad1ce8f5c7d12b
|
|
|
|
|
|
|
|
In 9b89dd20162d962480d3cb84161ed6bfd4fa9de8 we had a regression
where the default "external" traffic port was set to a VIP
when using puppet. We should not ever specify a VIP to be used
for the actual machine IPs (VIPs are only guaranteed to
work once the load balancer is running).
Also, This doesn't match the non-puppet case.
Change-Id: Icd179a70001f2bd7a97e31c7f6445001330674cd
|
|
|
|
|
|
|
|
The dafault in nova.conf for default_floating_pool is set to nova
which is confusing given to make Tempest tests to pass one has to
create a public network with such a name.
Change-Id: I148222a9f276309ede062ee5292993898ff899d6
|
|
|
|
|
|
|
|
This change brings PublicVirtualIP in line with the rest of the
VIPs in how it is created. This allows the network where
PublicVirtualIP is instantiated to be on cltplane when network
isolation is not used, and on the external network when network
isolation is used. This change removes the PublicVirtualNetwork
parameter, since it is no longer used. In order to continue to
support the PublicVirtualFixedIPs parameter, which is used to
provide a specific IP for the PublicVirtualIP, the FixedIP
parameter was added to cltplane_vip.yaml, vip.yaml, and
noop.yaml. The value of PublicVirtualIP is passed to FixedIP
in the VIP templates. This change also moves the default
network for keystone public api to the external net (which will
fallback to ctlplane if network isolation isn't used).
Change-Id: I3f5d35cbe55d3a148e95cf49dfbaad4874df960b
|
|
Memcached is used by novnc to share the auth tokens.
Change-Id: I18415b6ae38b46e3c92e4ce84b858a014ef8398b
|
|
This patch moves most of the ::db::mysql parameter initialization
into a new database.yaml Hiera file. This cleans up the
controller manifests and allows us to define things in a single
location across the two implementations (HA and nonHA).
Change-Id: I895b753b329097a96a6c6f3a03a5fcebefe32dd4
|
|
On slow environments the start operation of some services can
take longer than 20s so we increase the default for start
operation to 90s, more info can be found at:
https://bugzilla.redhat.com/show_bug.cgi?id=1242052
Systemd defaults to 90s as well.
Change-Id: Ie4652bad518075be77937d47830f263034eda79c
|
|
|
|
|
|
This wires in use of a new puppet-tripleo class which
encapsulates the logic to enable/disable package
installation and upgrades.
By using the new class we can remove the global
Package provider declaration at the top of each
module.
Change-Id: I5c6e5fd8600031bd8fb6195649721607c560f9d5
Depends-on: Ie8fbc344149bc8c9977e127de77636903607617a
|
|
It was incorrectly assumed that Puppet variables assigned to a
defined class (as seen in cinder-netapp.yaml) would be applied to
any resources created with that type. This is not how Puppet works.
The full range of configuration parameters to cinder::backend::netapp
have been added back in. They are still pulling from Hiera like they
were intended before, but it needs to be a little more explicit for
Puppet to be happy.
Change-Id: I2e00eae829713b2dbb1e4a5f296b6d08d0c21100
|
|
|
Dan Prince
Jenkins
Steven Hardy
Jiri Stransky
Emilien Macchi
marios
Mike Burns
Giulio Fidente
Dan Sneddon
Yanis Guenane
Shiva Prasad Rao
Ryan Hefner