| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
No other packages actually require openstack-selinux, so it must be
explicity installed.
Change-Id: Ic7b39ddfc4cfb28b8a08e9b02043211e4ca4a39a
Closes-Bug: #1675170
(cherry picked from commit 583a60248f47428542a560a869aab04933512d94)
|
|
stable/ocata
|
|
Firewall config was being inherited by the dpdk service, however
since the firewall service name was the parent (neutron_ovs_agent)
and technically that service was not enabled - the rules were never
applied. This modifies the service name as it is inherited using
map_replace.
Closes-Bug: 1674689
Change-Id: I6676205b8fc1fd578cb2435ad97fe577a9e81d95
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 48a38a19347a18d4d35fb22de82136359aae5cb7)
|
|
There is currently an issue where the max open files limit is hit with
MariaDB in noha deployments, because it is defaulted to 1024 by system
limits. In HA deployments the limit is bumped to 16384. This patch
introduces a flag to be able to increase the limit to 16384 for noHA
deployments.
In the future we should change this to be an integer, and let the
operator decide the setting. Since this setting is set in a different
path for HA, we would need to implement a change that allows setting
both (ha and nonha) via the same integer param.
Depends-On: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6
Closes-Bug: #1648181
Related-Bug: #1524809
Change-Id: I95393fc798b833a8575afbff03ef74a839565c5e
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 900ddfb27f0dd2afd8345d89a78b624f647b255d)
|
|
services" into stable/ocata
|
|
|
|
The str_replace conversion used previously is no longer needed and
breaks the hieradata value.
Closes-Bug: 1675426
Change-Id: I7a052d1757efe36daf6ed47e55598ca3c2ee9055
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit ae10ae4a5a21bb58c183aa50f237ffa2d6f14280)
|
|
|
|
Secure EtcdInitialClusterToken parameter by:
* removing the default value.
* make it hidden.
Change-Id: I938af697f9faaadb9c9aeb950e9410db24b1b961
Depends-On: I6e30cce469736e84a3c483fafa29d542b8347ba9
Closes-Bug: #1673266
(cherry picked from commit 55d17ca118d27f16b57424774265f5b3db7b7b52)
|
|
|
|
The default is to deploy v2.0 endpoints, but this is not the recommended
approach. we should instead be using versionless endpoints
Change-Id: Icbfae1c2ff2b7312646fd8e817dd8209220a0d96
Related-Bug: #1667679
(cherry picked from commit 40a50031f37df0f0cde53e3f3c15ffe407fbdcbd)
|
|
Bindep is an automation tool used by openstack-infra to bootstrap a
worker with default packages. This is not needed, since we depend on
puppet to automate this step.
Change-Id: I759614ed0cf1fab5433956ed459419e564590398
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
(cherry picked from commit 209d8f5eac9273372aa44988436ae7f12596cd0d)
|
|
The UpdateDeployment already depends on NetworkDeployment.
We should not run os-net-config unconditionally before update.
Closes-Bug: #1666227
Change-Id: I48cbf5de00d47c6fdad71ff24c00e9db05cec5d5
(cherry picked from commit b19d6306ea582dc31ebfd609475d9ac4e641e278)
|
|
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.
Also remove neutron_url, it can be fetched from the catalog instead.
Change-Id: I12822568cb4db31808aec5fd407d71fe4b7b09e0
Depends-On: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #1661250
(cherry picked from commit 91d7d8c46858d42e6cf2354a3be6af6c5bb9c02e)
|
|
stable/ocata
|
|
There were multiple issues in retry() in rhel-registration:
- There was no need for it to be recursive (local variables
got overwritten)
- There was no delay between multiple attempts, leading to faster but
more frequent failures.
- The max number of attempts was set too low for some environements.
With this patch, rhel-registration now works more reliably with slow-links
for portal registration and does not attempt to DDos the portal or your
satellite server.
Closes-Bug: #1674358
Change-Id: I594d3c94867b45a7a58766dbcc66edead78d6a4e
(cherry picked from commit 038eae089130bc3a814897c0e282223de16f4658)
|
|
When replacing the controller node with resource id 0,
AllNodesValidation will fail because there is an hardcoded reference
to resource.0. With this commit the id for validation is extracted
dynamically with yaql query, picking the first available.
Thanks to Steven Hardy for pointing to the right direction.
Change-Id: I8f2bfacbc005d948bd31ebd51c3d3df3182d5a3c
Closes-Bug: #1673439
|
|
We used to have this in mitaka:
https://github.com/openstack/tripleo-heat-templates/blob/stable/mitaka/puppet/controller-post.yaml#L45
but we lost it along the way. The problem without this change is that we
are open to the following race:
1) ControllerDeployment_Step1 is started and manages to do a successful
"systemctl start pacemaker"
2) PrePuppet gets called and in the HA deployment calls
pacemaker_maintenance_mode.sh
3) pacemaker_maintenance_mode.sh will set the maintenance-mode=true
property because the pacemaker service is already up:
https://github.com/openstack/tripleo-heat-templates/blob/master/extraconfig/tasks/pacemaker_maintenance_mode.sh#L8-L9
4) If the maintenance property is set to true at this stage, the
creation of any resource will take place but they won't really
start.
Note that this is not a straight cherry pick from commit
bae48e60b3cb9b5f21490997ca39c1e0e23fd195 because in ocata only
ControllerPrePuppet exists and not {{role.name}}PrePuppet like in
pike.
Change-Id: Icb7495edd00385b2975dd42f63085d20292ef9a9
Closes-Bug: #1673795
Co-Authored-By: Jiri Stransky <jstransk@redhat.com>
|
|
Removes some of the no longer used scripts and templates used by
the upgrades workflow in previous versions.
Closes-Bug: 1673447
Change-Id: I7831d20eae6ab9668a919b451301fe669e2b1346
(cherry picked from commit 521a8973229484d52c03e9ed04782c5dc493c1b0)
|
|
We also need to wait for the galera resource to settle down
before we proceed starting up with the other services.
Note that before merging this, we need to land the following
change in ansible-pacemaker:
https://review.gerrithub.io/#/c/351387/
D-O is needed for upgrades to work against stable/* branches.
Depends-On: I712abe71f97c22ee3d55d9db2f641096f8a7350c
Change-Id: Id71c9cb41cfd4c17685c922db2683e28ab7588fd
Closes-Bug: #1668372
(cherry picked from commit 841d30549bd27a8b5669955196e14085025dafad)
|
|
|
|
|
|
|
|
Change-Id: I740b20b12acb3740886409bff86c4989f0a066f4
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 20d7901ab24e93e0224cc1c8b0cde3eb80122818)
|
|
This was not implemented for Ocata so this
release note should not exist.
Change-Id: I58216fb54a156853f60697a903f1c38cf7970216
|
|
The new hiera hook in I21639f6aadabf9e49f40d1bb0b1d0edcfc4dbc5e
was added to most of the tripleo-heat-templates in
Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
The new hook is installed by default if you use tripleo-common
Ia1864933235152b7e899c4442534879f8e22240d and will be installed
as part of the Newton to Ocata upgrades workflow in
I0c7a32194c0069b63a501a913c17907b47c9cc16
In order to use the new hiera data as part of the upgrade we
need to remove the old hieradata which will break anyone still
defining and using it. This change updates the remaining vendor
plugin manifests to use the new hiera hook. The pre-requisite
is that the new hook is installed on their overcloud (as above
it comes if you follow the N..O upgrade)
Change-Id: Ic95154734cb21e6b941c7f1569295b413963831d
(cherry picked from commit c5d10cd9fc94e6557417673190b73867a83cbb7b)
|
|
While the heat templates specify a default value of 3, it rarely seems
to have an effect as the tripleoclient is setting this according to the
controller scale. This was fine before composable roles, but it is now
invalid. While the client needs to be modified to no longer set this
according to controller scale, the template should default to a sentinel
value that will allow the puppet code to determine the proper value by
the number of hosts that have the neutron dhcp agent deployed on them.
Depends-On: I5533e42c5ba9f72cc70d80489a07e30ee2341198
Partial-bug: #1632721
Change-Id: I06628764c4769d91bbc42efe1c722702d6574d02
(cherry picked from commit 3c5345fc75da1e289929ef5caf08a0f75f904bb4)
|
|
Change-Id: Ia3e17aa0da1f199d28e589bf83e0fead37654ea4
|
|
|
|
|
|
|
|
Prior to https://review.openstack.org/#/c/271450/ os-net-config was
applied via os-refresh-config directly, which meant that even though
UpdateDeployment and NetworkDeployment can be created concurrently,
we'd always do the os-net-config step first.
However now that we apply both steps via scripts (which are both handled
via the same heat-config hook) we should add an explicit dependency to
ensure the network is always fully configured before attempting to run
any update. This should avoid the risk of e.g running an update on
initial deployment before the network connectivity to access yum repos
is in place.
Change-Id: Idff7a95afe7b49b6384b1d0c78e76522fb1f8eb7
Related-Bug: #1666227
(cherry picked from commit 626b820b57498ff5002c5530962e6e4fd5644b51)
|
|
Removed from the tripleo_upgrade_node.sh (major upgrade) & yum_update.sh
(minor update). The workaround is no longer needed and in fact has the
opposite effect killing connectitivity to the node. The 'normal' yum
update on nodes delivers the latest openvswitch 2.6.1 with no drama.
Also adds a 'complete' message, some extra debug echo for logs
and removes the python-zaqarclient install no longer needed
Closes-Bug: 1669714
Change-Id: Icd1517bcade36781fa0da21d045ffd9ec68efc38
(cherry picked from commit 9025a3bc23834e31efc5021acaef80b8d0f5de73)
|
|
|
|
Upgrade process wasn't consistent and correct.
Change-Id: Id1f810d33c2909957be9a2c96d18c96dee939953
(cherry picked from commit 480baa3ce1c344b3279d5fe3292238c996bc856f)
|
|
This doesn't exist in newton images, so install it via the
ansible tasks during step3 (when all other packages are updated).
Change-Id: I08fb7855b910ccc5a8ab2d73f1de15b695784abd
Closes-Bug: #1664265
(cherry picked from commit e6ed8a75eb8bebd22eef469bedeea7beae28037d)
|
|
Change-Id: Icc5fbf99301ae47344e1582767e1e7a4687f491b
(cherry picked from commit 7273a3de0296f6f75d4d549f72645ca916d967de)
|
|
stable/ocata
|
|
|
|
In ocata we changed the rabbitmq ha policy to "ha-exactly" via the
following changes:
- tht: Iace6daf27a76cb8ef1050ada0de7ff1f530916c6
- puppet-tripleo: Ib62001c03e1e08f58cf0c6e0ba07a8879a584084
We took care of the upgrade path via I3a97505d2ae1ae27f3080ffe74c33fdabffd2420
With the move to the ansible-based composable upgrades we left this change out.
And now an upgraded environment has the following policy:
- Upgraded environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}"
- New environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}"
We need to add this pcs resource change to the our upgrade scripts.
Change-Id: I3c4113c207e9d0c45be43df7c2379ac26cb60692
Closes-Bug: #1668600
(cherry picked from commit 41514d0cd603194fecb327f96995c60a9fe6e67a)
|
|
into stable/ocata
|
|
Change-Id: I189edaf69c0e97a3399e6af939595f98322d7c03
Partially-Implements: blueprint overcloud-upgrades-per-service
(cherry picked from commit dedef90750827fd7b413eac32223f929c8ac5555)
|
|
During upgrades, validation test if a service is running before the
upgrade process starts.
In some cases, servies doesn't exist yet so we don't want to run the
validation.
This patch makes sure we check if the service is actually present on the
system before validating it's running correctly.
Also it makes sure that services are enabled before trying to stop them.
It allows use-cases where we want to add new services during an upgrade.
Also install new packages of services added in Ocata, so we can validate
upgrades on scenarios jobs.
Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
(cherry picked from commit 7c84a9b390c469e716e5802eef078d2df3902c6a)
|
|
stable/ocata
|
|
|
|
|
|
|
|
In the previous release[1], the services were stopped before the
pacemaker services, so that they get a chance to send last message to
the database/rabbitmq queue:
Let's do the upgrade in the same order.
[1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71
Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218
(cherry picked from commit fb7821378242e595184a38e1e0cb7e9978c0f806)
|
|
|
Jenkins
James Slagle
Tim Rozet
Emilien Macchi
Juan Antonio Osorio Robles
Paul Belanger
Lukas Bezdicka
Dmitry Tantsur
Vincent S. Cojot
Luca Lorenzetto
Michele Baldessari
marios
Carlos Camacho
Brent Eagles
Steven Hardy
Pradeep Kilambi
Sofer Athlan-Guyot