Age | Commit message (Collapse) | Author | Files | Lines |
|
Proper VLAN support requires adding the IP address to a new device,
rather than br-ex/br-ctlplane. This is added in the
tripleo-image-elements change https://review.openstack.org/103449
(I3f77f72ac623792e844dbb4d501b6ab269141f8e) and here we just expose
it with appropriate glue to get the IP address from Neutron.
With this we can now describe a VLAN public interface scenario
to the undercloud and overcloud control planes.
Change-Id: I4d2194fc813aebb0708d6fddf4f05bae5f091fd8
|
|
We can obviously use passthrough for this, but I rather suspect that
OMFG something is broken get me debug will be a common phrase.
Change-Id: I62539630a4737bbbe6883ed71929f38c819ceed4
|
|
|
|
|
|
|
|
With the default 60 second timeout, many services will periodically
log "MySQL has gone away" as HAProxy has closed the connection.
Change-Id: Ied67344fbabcd77def4483be37a4706190ab28a0
|
|
|
|
|
|
The address for the vnc proxy is incorrectly configured in the nova
configuration file.
The correct IP address is the Public Virtual IP address of the
controller node as created by:
I9649ee74ebaf62b6b929b28243a07c789a08867c
The nova image_element nova.conf already has:
novncproxy_base_url=http://{{nova.public_ip}}:6080/vnc_auto.html
but nothing was setting nova.public_ip - until now
Closes-Bug: #1332554
Change-Id: I41214834511680170393dd4325b510f549373141
|
|
|
|
We use semantic versioning, not pbr's pre-version facility. This
line causes local package builds to have the wrong version, and
pbr will in future detect this and error.
Change-Id: Ia625d31e87d137e867badcdeac1f33630257bb8c
|
|
|
|
There may be times where an update needs to change this without changing
the template, such as when updates will be done by something other than
Heat (i.e. Ansible).
Change-Id: I89d1153acab697b64468f841b3f2d17c169da649
|
|
|
|
|
|
|
|
|
|
Change-Id: I03056681b795a2078a678dcb0cd29002310e5843
Related-bug: 1351110
|
|
As per the NovaCompute nodes, this change makes deployment of
BlockStorage nodes dependent on controller0AllNodes.
Change-Id: I4bc4d33d42463a0abadc2bfd4e48b1a4e554d396
|
|
|
|
|
|
|
|
When change I6730ffe1e27d952d563c16a9480298fbef9f61fe got merged we
introduced some occurrences of list_join which should have been
migrated to Fn::Join (change I039f57ab39c1fcfc319a7a34265ba4fabf4ccd08)
This caused overcloud CI jobs to fail with:
Property error : allNodesConfig: config Items to join must be strings
This change fixes this by replacing newly introduced occurrences
of list_join with Fn::Join
Change-Id: Ibac193781d31d6f81e955e7b9381e13cfdd0ab1d
|
|
Previously BlockStorage nodes were using the controller ip instead of the virtual ip to reach rabbit, keystone and mysql.
Change-Id: I23f87511e59d4d3527403b1a81c1b3df65c6a904
|
|
Some of the keys defined in block-storage.yaml for neutron and
passed to the BlockStorage nodes were related to neutron, but
BlockStorage nodes do not route instances traffic so do not need
to be deployed with the OVS agent.
Change-Id: Icc7d5ea0d91370ccdf7cb4742d052fea004bae44
|
|
|
|
|
|
Currently there is very weak ordering of StructuredDeployments during
heat stack creation on the undercloud. This can cause the deployment which
sends the completion signal back to Heat to happen before all others have
completed, which in turn leads Heat to state the stack is ready while ORC
is still configuring services
The only workaround to this is to wait an unknown amount of time after the
heat stack completes before the system is usable.
This patch prevents the completion signal from being returned early, by
ensuring these are strictly ordered:
undercloudIronicDeployment (if used)
undercloudNovaDeployment
undercloudPassthroughDeployment
undercloudDeployment
Note: The reference numbering for the undercloud has been removed.
Change-Id: I98499dd54bb907d29cf355fe83b5c285a7375e97
|
|
Set the MySQL root password to a random string
for the undercloud and overcloud
Change-Id: I6d38ca82c77a4aa8f58089c50aa5bf320ec0ecc6
|
|
To use a VLAN based public network we need the ext-net network to be a
VLAN with a segmentation id - but we can't do this unless we also have
the datacentre physical network marked as allowing vlans.
We could make this strictly opt-in, but as this doesn't affect the
switch configuration (and thus actual machine capabilities) having it
on by default seems reasonable. OTOH we can't force it on, because
high security environments may well want a defense in depth setup
where neutron admins cannot configure VLANs that they are not meant
to have access too (consider that the cloud machine admins may be
separate to the folk running the services on top of them...)
Change-Id: I9687751753f810896c6d065750910da40132c9fa
|
|
We currently make the external network a single-node gre network but
this is not at all correct for HA environments - we need a provider
network, which means having a bridge mapping, a flat network
specified, and then because we run the same ovs config everywhere we
need br-ex on the hypervisors too. This is entirely reasonable since
DVR will require this as well (and solve lots of scaling issues...).
Change-Id: I8b63ab51e7e20b235430fad8d786d8da005d84a1
|
|
|
|
Using 1 is thoroughly non-HA :)
This is the HOT version of this patch.
Change-Id: Ic96bcdc03dacb9650520bd9ac1ce3805c6dac2fa
implements: blueprint tripleo-icehouse-ha-production-configuration
|
|
To support underclouds and seeds running older than the very
latest heat.
2013-05-23 lacks function list_join, so this change reverts to
using the equivalent function Fn::Join.
Change-Id: I039f57ab39c1fcfc319a7a34265ba4fabf4ccd08
Closes-Bug: #1354305
|
|
This change sets applications to utilize the VIP address for database
connectivity and sets HAProxy in between the applications and MySQL.
Depends upon tripleo-image-elements changes:
Ia6f26305f8e744e4ff938dff85de1193183ecd8f
Iac1274cc52014f25887d696261b32146afc926dd
I5af70abb96021146c098f788db349808d806a348
Related to blueprint tripleo-icehouse-ha-production-configuration
Change-Id: Ia9d6ed2771f756d2a97ae5df7ed737a062a59cf2
|
|
The CA certificate is currently passed via ssl-source.yaml as
"stunnel.cacert", but this value is not currently used by stunnel
since we have no use case for client cert authentication.
This change proposes that it also be exposed as
"ssl.ca_certificate", which is consistent with the overall SSL
direction being driven by the PKI spec:
I32473fe797a4c1e28d14c3b82c8892c7c59a4e55
This new CA certificate value will be installed as a trusted CA
on all cloud nodes that issue SSL-secured connection requests to
OpenStack or other infrastructure (MySQL, RabbitMQ) services.
Change-Id: Ibacd7c98980520e11c0df89632013f2ba2dbe370
|
|
|
|
This makes it possible to remove a dead node (e.g. if NovaCompute2 has
failed, regenerate the template with ,2 in the scale parameter, and
NovaCompute2 will not be enumerated.
Change-Id: I65d85a88152ed4adee60895173f8a05611a6440b
|
|
|
|
To balance load over the rabbit cluster we want to route access
to it via haproxy.
This also helps workaround bug #856764 as an additional benefit.
This change sets rabbit.host to the ControlVirtualIP (to be used by
the elements) and adds an haproxy listener for the rabbit nodes.
Related to blueprint tripleo-icehouse-ha-production-configuration
Depends on I3ff37ec18b9191ca8e861519bed142cbdbd5faa2
Change-Id: I49b622a604542f456bd9a37da8dae3353218e640
Related-Bug: 856764
|
|
|
|
|
|
|
|
|
|
Controller scaling was broken by the commit
02772ba2877b9f6d427c6fd760bf19d6334c68a8. Merge.py raises an exception
when it tries to scale the default value "controller0" of the
`BootstrapNodeResource` parameter.
This reverts back to using Fn::Select for specifying the bootstrap host,
the rest of the Fn::Select -> get_attr changes are kept.
Change-Id: I0cdebf75d4752a35f547d4fbb81545ece3172405
|
|
As a side effect this fixes invalid keystone host generation
when multiple controller nodes are used.
Change-Id: I081976f0da94fc0232dfa2c34de03bbb4abf1a85
|
|
Because services which depend on pacemaker (ceilometer central
agent and neutron services) are used in undercloud too, we need to
set basic pacemaker and corosync metadata for undercloud.
Related to: Ifa83d62c2132bcdcb40d0b7c80ce3adadc0b5587
Related to: I63f054a8c80f9f676a77341c89e605b5b472d078
Change-Id: Icc97e36a1db198b973041346cf2056f68de661a2
|
|
This change renames a few NovaCompute resources so that the naming
is consistent with the controller resources naming choice.
Change-Id: I8c22867b208c5e16fd52bb3157f838f762b71470
|
|
These config options are supposed to be under neutron.ovs (see template
for neutron openvswitch agent). They were mistakenly moved to be just
under neutron when the migration to SoftwareConfig was done.
Change-Id: I5769dc1dc501d48c965f8e4e36238cfcaac64a17
|
|
With this we populate the hosts key (needed for /etc/hosts editing)
with the BlockStorage and SwiftStorage nodes too.
Change-Id: I6730ffe1e27d952d563c16a9480298fbef9f61fe
|