Age | Commit message (Collapse) | Author | Files | Lines |
|
the CA and certmonger user profiles were needed in the compute services
list from the tls-everywhere in containers environment.
bp tls-via-certmonger-containers
Change-Id: Ib584ac0745d68828467bcfad7f6472ab66adbac3
|
|
1) When Apache is upgraded, install mod_ssl rpm.
See https://bugs.launchpad.net/tripleo/+bug/1682448
to understand why we need mod_ssl.
2) All services that run Apache for API will use the snippet from
Apache service to deploy mod_ssl, so we don't duplicate the code
in all services. It's using the same mechanism as ovs upgrade to
compile upgrade_tasks between both services.
Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84
Closes-Bug: #1686503
|
|
|
|
Change-Id: Ifec9839ac0fc688678f0221bb731fb64bd86d2d9
|
|
In change Ib62001c03e1e08f58cf0c6e0ba07a8879a584084 we switched the
rabbitmq queues HA mode from ha-all to ha-exactly. While this gives us a
nice performance boost with rabbitmq, it makes rabbit less resilient to
network glitches as we painfully found out via
https://bugzilla.redhat.com/show_bug.cgi?id=1441635.
This is the THT part of the change that changes the default to
ha-mode: all.
Closes-Bug: #1686337
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: John Eckersberg <jeckersb@redhat.com>
Change-Id: I7afcf2b3c8deb13fc2134e4cae9c06a44e775384
Depends-On: I9a90e71094b8d8d58b5be0a45a2979701b0ac21c
|
|
Docker puppet hook writes to /etc of
containers. Mount /etc as rw for etcd container.
Change-Id: I8e45de18a91022690c19888cbfaa68d2fdfe46ce
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
scenario001 env in ocata has mapped PankoApi locally and it
has been removed master scenario001 env file. In tripleo.sh
upgrade command, both old (ocata) and new (master) env files
are included, because of which new service file is not used,
as it has been removed. This change is to add the PankoApi
mapping back to scenario001 env file for now. Actual fix
will be remove old env file from upgrade command of tripleo.sh.
Partial-Bug: #1685759
Change-Id: I4a8ee38d990a1980eea6ec63f2780357d040ded4
|
|
|
|
|
|
Ceilometer collector is deprecated in Pike release.
Do not deploy by default. Instead use the pipeline
yaml to configure the publisher directly.
Closes-bug: #1676961
Change-Id: Ic71360c6307086d5393cd37d38ab921de186a2e0
|
|
|
|
|
|
We have a circular dependency errror since
https://review.openstack.org/#/c/452734/ landed.
This adjusts the dependencies to ensure we run pre-config before
the first puppet deploy step, and removes the duplicate declaration
of the ControllerPostConfig resource. Also we ensure the first
container step always depends on the same step puppet deploy.
Change-Id: I70c5a39fb36b951bdeb04c15bddac7d00eebf08a
Closes-Bug: #1686098
|
|
This hiera key is used by keystone to create the ceilometer service
user. It works in CI cause keystone and the ceilometer services are in
the same node. However, this fails if keystone is deployed on a separate
note.
We should only deploy it in the nodes containing the keystone service
since it's only relevant to create the service user.
Change-Id: Ic0f02fe9a78a1fe14ac2b87197692fbd80c003b8
Closes-Bug: #1685828
|
|
This removes the need to do it in puppet-tripleo
Change-Id: I6f44a6a02041c0fbbafb770a087a0032c3a53a76
|
|
|
|
|
|
Change-Id: I8dabf83907b2e50f6611f1ef93702b6bd5ac5e19
|
|
Adds support for a secondary DSM in case the primary becomes
unavailable.
Change-Id: I0887e15a7e1c90a4f333bef6cdbb5d43ba0cd838
Closes-Bug: #1681492
Depends-On: I331466e4f254b2b8ff7891b796e78cd30c2c87f7
|
|
|
|
|
|
Depends-On: I3ad463217ed3f2d6374627248236b274cfed72fb
Depends-On: If4b01934a9a5cb6ca2ff6c1831e4fe073f1b04ea
Closes-bug: #1668938
Change-Id: I6cb902d712849bf11f331ed776cd0ed6e200dcd9
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
The [Pre|Post]Puppet resources were renamed in
https://review.openstack.org/#/c/365763.
This was intended for having a pre/post deployment
steps using an agnostic name instead of
being attached to a technology.
The renaming was unintentionally reverted in
https://review.openstack.org/#/c/393644/ and
https://review.openstack.org/#/c/434451.
This submission merge both resources into one,
and remove the old pre|post hooks.
Closes-bug: #1669756
Change-Id: Ic9d97f172efd2db74255363679b60f1d2dc4e064
|
|
* Use default puppet tags instead of the 'file' tag only
* Noop user/policy providers for puppet_config docker step
and move them into docker_puppet_tasks (init container)
Change-Id: I98a54808aae6fca060b23f074b71178f2d4c815e
Closes-bug: #1684138
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
|
|
Closes-bug: #1668919
Change-Id: Ie750caa34c6fa22ca6eae6834b9ca20e15d97f7f
|
|
|
|
|
|
In I7831d20eae6ab9668a919b451301fe669e2b1346 we removed some of
the old upgrades but left the environment files removed here.
Change-Id: Ib3eca5687285b280832d19b647c3b4aa3d9ac36d
|
|
When configuring nova containers via puppet, the puppet class chain
includes a class for live migration, which configures live migration
aspects in nova and libvirt.
Some of the libvirt config parts try to notify Service[libvirt], but
that service definition is only included in nova-libvirt service, it's
not included in the control plan nova services. However, our hieradata
is currently global on the node, it's not per-service, which means even
though only nova-compute and nova-libvirt service set
tripleo::profile::base::nova::manage_migration: true
this hiera setting is applied to all containers running puppet, most
notably the ones which configure nova control plane services. As a
result, configuration of nova control plane services failed, and in turn
the whole deployment failed.
This commit disables the libvirt part of live migration config until we
implement some better solution (e.g. hieradata separation between
different puppet containers, or move the libvirt config parts only to
nova-compute manifests in puppet-tripleo).
Change-Id: I0328406607d451e6bdce4d92c441c03648925fa7
Closes-Bug: #1684107
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Currently we're referencing some steps that don't exist in the
output from the OS::Heat::Value resource, but as noted in the heat
bug #1681749 I think this isn't valid and probably should not be
allowed, so instead merge defaults with the non-empty step
tasks. To avoid further duplication of the loop variables, I
made the max step a variable.
Change-Id: Icf3d639b53c97006a0c370c12600449fba6f3323
Related-Bug: #1681749
|
|
In two places during upgrade we manually trigger puppet.
There can be a problem when new puppet modules are added, and their
corresponding symlinks in /etc/puppet/modules are not created during
the installation as their are installed in
/usr/share/openstack-puppet/modules. To prevent the issue tripleo set
modulepath in the templates.
We must use the same modulepath to make sure that we don't fail
because of missing module in the manual puppet run.
This particulary happens when you upgrade from M->N->O, as the base
image in Mitaka doesn't have the proper symlinks and they are not
created during the installation of the package.
Closes-Bug: #1684587
Change-Id: I79df6ea33f1c58e13309176a6de41b7572541fd6
|
|
|