Age | Commit message (Collapse) | Author | Files | Lines |
|
into stable/pike
|
|
into stable/pike
|
|
|
|
|
|
stable/pike
|
|
|
|
stable/pike
|
|
|
|
... and not 'keystone' or it fails.
Change-Id: Iee4161ec9d8c7a84997ab24ddd234353f3a81dfb
Closes-Bug: #1729352
(cherry picked from commit b99a240ccc4f262ee7626518087784eb92b0152f)
|
|
stable/pike
|
|
When deploying a composable HA overcloud with a database role split off
to separate nodes we could observe a deployment failure due to galera
never starting up properly.
The reason for this was that instead of having the firewall rules for
the galera bundle applied (i.e. those with the extra control-port for
the bundle), we would see the firewall rules for the BM galera service.
E.g. we would see the following on the host:
tripleo.mysql.firewall_rules: {
104 mysql galera: {
dport: [ 873, 3306, 4444, 4567, 4568, 9200 ]
Instead of the correct mysq bundle firewall rules:
tripleo.mysql.firewall_rules:
104 mysql galera-bundle:
dport: [ 873, 3123, 3306, 4444, 4567, 4568, 9200 ]
The reason for this is the following piece of code in
https://github.com/openstack/tripleo-heat-templates/blob/master/docker/services/pacemaker/clustercheck.yaml#L62:
...
MysqlPuppetBase:
type: ../../../puppet/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Containerized service clustercheck using composable services.
value:
service_name: clustercheck
config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
...
Depending on the ordering of the clustercheck service within the role
(before or after the mysql service), the above code will override the
tripleo.mysql.firewall_rules with the wrong rules because we derive from
puppet/services/... which contain the BM firewall rules.
Let's just switch to derive from the docker service so we do not risk
getting the wrong firewall rules during the map_merge.
Tested this change successfully on a composable HA with split-off DB
nodes.
Change-Id: Ie87b327fe7981d905f8762d3944a0e950dbd0bfa
Closes-Bug: #1728918
(cherry picked from commit 3df6a4204a85b119cd67ccf176d5b72f9e550da6)
|
|
The conditional was missing.
Change-Id: Ie2617dd9dba1c49f37e82448b6bf229d127ed46a
Closes-Bug: #1729384
(cherry picked from commit 410e062aa0d91b99c4493fac6940499cc02e4288)
|
|
|
|
|
|
|
|
stable/pike
|
|
|
|
stable/pike
|
|
into stable/pike
|
|
When using RHSM with a proxy, we want to make sure the proxy can be
reached. This patch verify that a tcp socket can be open from the client
to the proxy.
This patch also does a bit of refactoring:
- --retry-delay 10 --max-time 30 is now used in a parameter everytime we
use curl.
- proxy options are now used everytime curl is used, even for detecting
which version of Satellite is running, now we use proxy options.
Co-Authored-By: Vincent S. Cojot <vincent@cojot.name>
Change-Id: I4dcac1528c10f698338383445e27c8a613f9bcd9
Closes-Bug: #1724970
(cherry picked from commit f4e46f4b3ddac3f536a3a1955c91447e8b26ffca)
|
|
|
|
When deploying with RHSM, sat-tools 6.2 will be installed instead of 6.1.
The new version is supported by RHEL 7.4 and provides katello-agent package.
Change-Id: I04a9feab02bf606ad6ca923a17947dcca30258da
Closes-Bug: #1728638
(cherry picked from commit b248ae1447940f81513be9904a24197bd4af1126)
|
|
Probably a typo, never caught or even tested.
Change-Id: Iaf75edb421a19cb69bf3ead59c83bf812c653f0b
Closes-Bug: #1729479
(cherry picked from commit 24f859c01826eb12256cf1a5cd63b8bb1c0e234c)
|
|
|
|
|
|
To enable per-node override of bind IPs via the per-role
ExtraConfig paramaters, we need to enable hiera interpolation
that references the keys defined in NetIpMap, so we add them
to the hieradata. To minimise the risk of any conflicts in
keynames it's added near the bottom of the hierarchy, but
I'm not aware of any conflicting names in our templates/modules.
This will allow per-node hieradata override of bind IPs e.g:
parameter_defaults:
ComputeRack1ExtraConfig:
nova::vncproxy::host: "%{hiera('rack1_internal_api')}"
ComputeRack2ExtraConfig:
nova::vncproxy::host: "%{hiera('rack2_internal_api')}"
Closes-Bug: #1726884
Change-Id: Icf7da1d78176c2ee0197ff2459d69d995cbb16ad
(cherry picked from commit 65a8b65754d2ea77ec2396658d4e73eb837d34bd)
|
|
|
|
|
|
|
|
katello-agent is an optional package, we don't want to use retry.
The package is available or not.
Fixing a regression from https://review.openstack.org/#/c/386529
Since we use "| true", we can't really use "retry" here.
Change-Id: Id8cd9ac54e158ee1743b2f72b169b3a066f69168
Closes-Bug: #1728614
(cherry picked from commit d9f7b01c6c21b306005bad12fcab103b0a9e7591)
|
|
- until Newton this worked fine, however starting with Ocata, we
do not need the key 'mapped_data'
- having it results in extra indirection in the dictionary in
neutron_bigswitch_data.json
Closes-Bug: #1729453
Change-Id: I3bc9940aeff4e290d83de95a7df294c11f061954
(cherry picked from commit 485339129cee8f5d3223cf47858a5c9f79b0a8de)
|
|
In 59e29b17f4a9f5f65b6f8a7b8e82ef6426d8a51 we forgot to
add tags to the Ansible tasks to remove the baremetal
cron jobs at step 2.
(cherry picked from commit 1128271b460b120a2a59eac3df95082c55e554d0)
Change-Id: I23fb134b88336ebc4eb1a97a69a2d73d4ef0edb2
Related-bug: #1708466
|
|
We were relying on the sysconfig options to set the memcached log file,
however, this is not happening, as the redirection is being taken as an
option and ends up being ignored by the memcached command. So instead,
we set the redirection in the container template.
Change-Id: Ic94e3fd7884d518eb9558c53acdc6b294823cd0a
Closes-Bug: #1720183
(cherry picked from commit ca1fc5848661aacbf14b52e33879190c133c8e48)
|
|
|
|
As we've moved to more dynamic generation of variables, the correct
variable names are *ControllerOpenstack* not *Controller* for the
example standalone environment.
Change-Id: Iaa39de9d8794a856e76cc9995d046484632cf604
Closes-Bug: #1721877
(cherry picked from commit 536d1c4af59dc22164666be5cb1826115fdfdeb9)
|
|
|
|
We used to bind-mount /var/log/memcached.log, but this resulted in the
file being createdin the memcached container as a directory, since this
file didn't exist.
This commit takes the approach of other containers and gets the logs to
a memcached directory in /var/log/containers.
Change-Id: I926b65fa557ad56b4faa2be34452b58f7b01247a
Closes-Bug: #1720183
(cherry picked from commit 5020f38301a9a0a70f34878196250e24fc639dec)
|
|
This sets of one level of verbosity for memcached by default. This
allows us to see any errors or warnings in the logs.
Change-Id: Icc6f56c9e0ee6100286d07c8b6660a08baabb241
Related-Bug: #1720183
(cherry picked from commit 15ad21ba08e92b302318bdc34112601ce666ff35)
|
|
The format which ceph-ansible uses to describe the list of pools
to be created in the cluster is different from the one which
puppet-ceph uses; this commit updates the description and the
the docker templates accordingly.
Change-Id: I1e5b2c3cbf6ae02c19a2275ca119fed6e173319d
Closes-Bug: #1720373
(cherry picked from commit c10aa7a0439fb7d8e8e964e75d73f3cbb54aa9ec)
|
|
Enable Cinder as a backend for Glance by adding 'cinder' to the list of
allowed choices for the GlanceBackend heat parameter.
Update the glance-api docker configuration to allow the feature to work.
This is necessary because the feature uses iSCSI, which requires additional
privileges.
Closes-Bug: #1728409
Depends-On: I850047e32f3608b3ce490e52e2e540695cb1a4ff
Change-Id: I42241747de931103a04aa5ee2ed18fd46197d183
(cherry picked from commit e828e8c7bb2e890b243faa767992226dc270bb6f)
|
|
We have disabled mongo by default in containers via:
Id2e6550fb7c319fc52469644ea022cf35757e0ce Disable mongodb by default
Ie09ce2a52128eef157e4d768c1c4776fc49f2324 Containerized mongodb, disable by default, fix upgrade
Let's not use it in scenario002 either.
NB: Not entirely clean cherry-pick due to scenario002-multinode-containers.yaml
having many more services in master than in pike.
Change-Id: I0d2df25ed797ffb8425ba81736526d3688e5de5c
Closes-Bug: #1724679
(cherry picked from commit 900416d9809bf4446c0c037128edb033ab9b3bcc)
|
|
Change-Id: I4a09343c59da86daf4e6f00a59f7734c8adb209f
Depends-On: I66839e2c42e654a02e5409c6137e479cfb7b385f
Partial-Bug: 1724471
(cherry picked from commit 97879c3ce6dcf06908180a06147bd386580ed5ae)
|
|
The mistral-api container image we use doesn't have the necessary
packages to run via wsgi and this cause puppet to error with:
"Notice: /Stage[main]/Mistral::Wsgi::Apache/Openstacklib::Wsgi::Apache[mistral_wsgi]/File[mistral_wsgi]: Dependency File[/var/www/cgi-bin/mistral] has failures: true",
Fallback to eventlet mistral-api for the time being until we get
a usable mistral-api image.
Change-Id: Ic10c579aa3b6d0d6a01f120669be3b5dcc5efcda
Depends-On: I54627f1c5a8867738a55bee42075bb6087830c61
Related-Bug: #1724607
(cherry picked from commit e158acb14c4ed92be1a5b961ff1e8ff99b1a5ae3)
|
|
The Kolla Dockerfile sets the permissions for /etc/openstack-dashboard/
to horizon:horizon. We need this to be readable by the apache user
as the horizon user is not the user in which httpd runs with. We may
want to consider fixing this in the upstream Dockerfile instead, e.g.
checking if we're using centos/rhel and changing the permissions that
way. I'm not sure why it's set to horizon:horizon upstream, and I'm keen
not to break any existing functionality that relies on the horizon based
permissions.
Closes-Bug: #1723125
Change-Id: If5feebae38f7fdfffa60bfaedc4521f676006484
(cherry picked from commit fd657aa4e68de7ad239a88525b5ae343acd3bf80)
|
|
stable/pike
|
|
|
|
Appears this was missed in I8046f2eed0b9a7da76d6d7c3507a92bf5054b000
Change-Id: I901533f7ab2de2ec0fd1c2bfef8aa8f767c45963
Partial-Implement: blueprint keystone-v3
(cherry picked from commit 4add59c5413e9b36675f07f0c3d0fedbf156b04c)
|
|
|
|
|
|
We currently have the following in the registry:
OS::TripleO::Services::SwiftDispersion: puppet/services/swift-dispersion.yaml
Since this service is included by default in the Controller role
it will be installed on the host even on a containerized deployment.
Let's noop this in docker.yaml until a containerized version of it
gets merged.
Change-Id: Ic2793d0cfb7b20f4661cb1a45793cae67a4868b4
Closes-Bug: #1723788
(cherry picked from commit 0c8ba9651734a0e6180ca443c87c8c8ca5169d6c)
|