aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-07-23Add support for nova live/cold-migration with containersOliver Walsh29-29/+250
Updates hieradata for changes in https://review.openstack.org/471950. Creates a new service - NovaMigrationTarget. On baremetal this just configures live/cold-migration. On docker is includes a container running a second sshd services on an alternative port. Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd containers. Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427 Implements: blueprint tripleo-cold-migration Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12
2017-07-22Merge "Add composable services for the Veritas HyperScale."Jenkins10-0/+184
2017-07-22Merge "Revert "Use optimal (instead of default) tunables for Ceph on upgrade""Jenkins1-2/+2
2017-07-22Merge "Disable env evaluation in workflow executions"Jenkins2-0/+4
2017-07-22Merge "Make Deploy/UpdateIdentifier definition semi-consistent"Jenkins4-4/+6
2017-07-22Merge "Make EnablePackageInstall and Debug descriptions consistent"Jenkins10-5/+9
2017-07-22Merge "Add all existing parameter mismatches to exclusion list"Jenkins1-5/+93
2017-07-22Merge "Fix description of NeutronNetworkVLANRanges"Jenkins1-2/+2
2017-07-22Merge "Move step_config/docker_config calculation into services.yaml"Jenkins3-33/+32
2017-07-21Merge "Add a new role for ComputeOvsDpdk and clean-up parameters"Jenkins8-50/+92
2017-07-21Mount /var/lib/neutron in neutron agents for metadata proxyBrent Eagles3-0/+24
The metadata agent creates domain socket /var/lib/neutron/metadata_proxy that is used for communication with haproxy in the L3 and DHCP agents. This patch adds creation of /var/lib/neutron if it doesn't exist and mounts it into the L3, DHCP and metadata agent containers. Change-Id: Id8b8487b5a6a288e5ef1ca1c7d5b47a59cc8dea2 Closes-Bug: #1705289
2017-07-21Make various password descriptions consistentBen Nemec17-22/+18
Since these are obviously global parameters they shouldn't specify what will be using them because they are used in multiple places. Change-Id: I5054c2d67dffe802e37f8391dd7bad4721e29831 Partial-Bug: 1700664
2017-07-21Make Deploy/UpdateIdentifier definition semi-consistentBen Nemec4-4/+6
It seems UpdateIdentifier is an overloaded parameter - it is used both to trigger package updates in the minor update case as well as to trigger the upgrade steps during a major upgrade. I'm not sure it's appropriate to change either of the descriptions as a result, so for the moment that is added to the exclusion list. Change-Id: Ied36cf259f6a6e5c8cfa7a01722fb7fda6900976 Partial-Bug: 1700664
2017-07-21Make EnablePackageInstall and Debug descriptions consistentBen Nemec10-5/+9
Change-Id: I3ea7c0c7ea049043668e68c6e637fd2aaf992622 Partial-Bug: 1700664
2017-07-21Revert "Disable systemd-networkd & systemd-resolved"Emilien Macchi3-17/+0
https://github.com/camptocamp/puppet-systemd/pull/32 is disabling by default the services so we don't have to control them via TripleO. This reverts commit d24874c7b2625e25630534a86864a93050f661d3. Change-Id: I4044f0b28b636c7a022912f6f24707bce22c8b98 Related-Bug: #1704160
2017-07-21Cleans up exec workaround for ODL container clusteringTim Rozet2-5/+8
Now that ODL clustering is fixed to not use an exec by: https://git.opendaylight.org/gerrit/#/c/60491 We no longer need to use the workaround puppet-tripleo tag to configure clustering. Change-Id: I21c1eb2eff6d4cb855eff4a1122f55ad625d84cc Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-21Merge "Remove DockerNamespace references"Jenkins5-51/+19
2017-07-21Add all existing parameter mismatches to exclusion listBen Nemec1-5/+93
This way we have one list of problems that need to be fixed and can enable this check to avoid adding any new ones. As parameters are fixed they can be removed from the exclusion list. Change-Id: Icb5fc36e2da3a3bfb7eaa8a66464c685220e527f
2017-07-21Fall back to non-containerized cinder-backup and cinder-volume for HADamien Ciabrini1-2/+3
The non-HA version of those two A/P Cinder services currently runs non-containerized, as explained in I9ac74d6717533f59945694b4a43fe56d7ca768c6 and Ib10e4f18d967d356a15b97f58c488f8402a73356. Disable their HA counterpart until the non-HA version is re-enabled. Change-Id: I2aa49330fa361e330448dc9aa88e3812d9a7d464
2017-07-21Open up firewall for the control-ports in the bundlesMichele Baldessari3-1/+26
This is required when the bundles run on pacemaker remote nodes otherwise the cluster won't be able to connect to the control-ports of each bundle. The only services that need this are rabbit, redis and galera because those run pacemaker_remote inside the container (A/P resources and haproxy do not) Change-Id: I6a56d79319ef3d14973a0586dcda4d523adda7aa Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
2017-07-21Move step_config/docker_config calculation into services.yamlSteven Hardy3-33/+32
Moving these means we get a more accurate output from the overcloud RoleData output, which more closely reflects what is actually deployed. Change-Id: I154f36c1597cf4abe29ca0bfe15a54f507433fb1
2017-07-21Merge "Switch MonitoringRabbitUseSSL to boolean"Jenkins1-1/+1
2017-07-21Merge "Exposing the ability to enable/disable the repository"Jenkins2-0/+10
2017-07-21Merge "Add nova::compute::rbd setting into nova-libvirt profile"Jenkins2-1/+21
2017-07-20Add keystone cron container to run token_flushDan Prince1-0/+26
The token-flush cron job is created in /var/spool/cron/keystone by puppet. This patch creates a cron container to run that in an environment where it has access to keystone.conf and the keystone-manage binaries. Change-Id: Ie305ee9990657c66938250d1d6e19fef94675997 Partial-bug: 1701254
2017-07-20Add heat api container to run cron purge_deletedDan Prince1-0/+25
The purge-deleted cron job is created by puppet in /var/spool/cron/heat. This creates a cron container to run that in an environment where it has access to the heat.conf and heat-manage binaries. Change-Id: Ib9fe8e4f6dbd41021df7cf152fd18569c189d2e2 Partial-bug: #1701254
2017-07-20Add cinder cron container to run db purgeDan Prince1-0/+26
The cinder db purge cron job is created by puppet in /var/spool/cron/cinder. This creates a cron container to run that in an environment where it has access to cinder.conf and the cinder-manage binaries. Change-Id: I02ae32a6dcd8569e2e2390063d4d935d05545a78 Partial-bug: #1701254
2017-07-20nova_api_cron docker fix: add /var/spool/cron/novaDan Prince1-4/+20
This patch reworks the nova_api_cron container so that it contains the /var/spool/cron cron for the nova user and also so that it contains the correct nova.conf file. This should allow kolla-start to copy the correct config files into place and then start the cron service to run the nova tasks periodically. Change-Id: Ib6b2ca5af5419130fb9c83f83d6f4bf97410e870 Related-bug: #1701254
2017-07-20Fix network-isolation.j2.yaml to ignore VIPs for disabled networksDan Sneddon1-1/+1
This change modifies network-isolation.j2.yaml to ignore VIPs for networks that are disabled. This fixes a bug where VIPs would be created in network-isolation.yaml even if a network was disabled. Change-Id: I331b8fec3847bce6ca6c22a9f173055121ef65c9
2017-07-20Remove DockerNamespace referencesIan Main5-51/+19
This patch removes more of the DockerNamespace references as part of the cleanup/reorg of the container configuration patches. This also adds a centos-rdo environment file for use with the new interface. This file was generated with the command "openstack overcloud container image prepare" Depends-On: I729fa00175cb36b02b882d729aae5ff06d0e3fbc Depends-On: I292162d66880278de09f7acbdbf02e2312c5bb2b Co-Authored-By: Dan Prince <dprince@redhat.com> Change-Id: Ice7b57c25248634240a6dd6e14e6d411e7806326
2017-07-20Merge "Add validation task in docker services"Jenkins4-0/+42
2017-07-20Revert "Use optimal (instead of default) tunables for Ceph on upgrade"Giulio Fidente1-2/+2
This reverts commit 5e9f855f7c96950ca29a0f85086441c57ae7aed5. The above would have fixed the issue but is only possible if the OSDs are upgraded first. We probably need to disable flag warnings completely instead. [1] 1. http://docs.ceph.com/docs/master/rados/operations/crush-map/#warning-when-tunables-are-non-optimal Change-Id: I429e9f7f220a844b5ca61734287e514c96ea5e6c
2017-07-20Fix description of NeutronNetworkVLANRangesBen Nemec1-2/+2
This claimed that all vlans were allowed, when in fact it is only the first 1000. Change-Id: Id5681be51bc908274a8b9cf18d43e116ba150e7f
2017-07-20Switch MonitoringRabbitUseSSL to booleanAlex Schultz1-1/+1
The puppet-sensu module recently added type checking so rabbitmq_ssl needs to be a boolean and not a string. Change-Id: I69b5a7528c8728310766abdc27ad11c93c4722d5 Closes-Bug: #1705481
2017-07-20Disable env evaluation in workflow executionsGiulio Fidente2-0/+4
This is so that Mistral does not try to resolve the occurrences of {{ or <% as jinja/jaql in the environment data. Change-Id: Id654c336d072a6248570274401857756c6f6e706
2017-07-20Remove non-containerized pacemaker resources on upgrademarios8-31/+141
Adds upgrade_tasks to remove the pacemaker resources using the ansible-pacemaker module. Resources are disabled and removed in step2 (called only on bootstrap node) and then the cluster stop is moved to step3 The existing systemd/service call is kept but only to disable services after they are disabled/deleted from the cluster. Related-Bug: 1701485 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: Ia597d240ea5834c50a8f6c4fac0b6ed417b8535c
2017-07-19Updated from global requirementsOpenStack Proposal Bot1-1/+1
Change-Id: I097c141e4bf9d681d1f3484fea0bce1fac7646c9
2017-07-19Merge "Wrap ceilometer-upgrade in boostrap_host_exec"Jenkins1-1/+5
2017-07-19Merge "Fixing a bug when setting a password for ODL controller"Jenkins2-0/+7
2017-07-19Add containerized manila-share to CIVictoria Martinez de la Cruz1-2/+1
Manila Share THT has been merged, so it should be added to the containerized multinode environment in CI. Change-Id: I6bb28e1f5e57b427aafb152d41ec40c807eaa7fa
2017-07-19Merge "Use optimal (instead of default) tunables for Ceph on upgrade"Jenkins1-2/+2
2017-07-19Increase default RabbitMQ/Erlang TCP timeout from 5 to 15 secondsJohn Eckersberg1-1/+1
This should be greater than the default value of corosync_token_timeout, which is 10 seconds. That way, if an entire cluster node is unavailable, appropriate fencing measures can occur. With the current settings, it is possible for brief network interruptions, greater than 5 seconds, but less than 10 seconds, to occur. This can cause the RabbitMQ cluster to fail in subtle ways, but no corrective action taken by pacemaker. Change-Id: I735d43616c5c623c4398d924713012f595b2e5f9
2017-07-19Stop Heat WSGI services on docker upgradeThomas Herve3-5/+39
As we made the migration to HTTPd during the same cycle, we didn't include stopping the WSGI services before the upgrades. This handles the case, and fixes an issue with the puppet upgrade as well. Change-Id: I54ba6214d4bf052c0d840d5bbce2b524d82b7017 Closes-Bug: #1699443
2017-07-19Add nova::compute::rbd setting into nova-libvirt profileGiulio Fidente2-1/+21
Some of the tasks carried by nova::compute::rbd class apply to the compute service, others to the libvirt service so it needs to be included in both. Change-Id: I28557deb13b75922932cd3e86c3467a541c988d0
2017-07-19Make collectd run as root inside the containerMatthias Runge1-1/+3
that is the RPM package default anyways. Also add /var/log/collectd for logging to the container. Change-Id: I3e71c63c55f0fd71ad8e61547402d0eb94b455f6
2017-07-18Use static environment for deployed-server neutron mappingsJames Slagle2-10/+4
We can't include these mappings for the deployed-server neutron ports when using split-stack in the generated environment file because the path to the actual templates directory is not known from with the templates themselves. This patch removes the mappings from the generated environment from the stack output and adds a static environment file with relative paths that will have to be included on the deploy command cli instead. Change-Id: Id4b8c939fa7b26205609819b66e76bf73c9890d0 Closes-Bug: #1705144
2017-07-18aodh: add gnocchi_external_project_owner configMehdi Abaakouk1-0/+5
gnocchi_external_project_owner is to configure who creates resources and metrics in Gnocchi (usually Ceilometer). So Aodh can create the right rbac rules. So the project name is 'service' for tripleo. We can't use the default set because puppet always uses 'services' and not 'service'. Change-Id: I6f7acc3a4cab29bc566d7becdc93ba3393f5c8fe
2017-07-18Ps Cinder: Added support for password less loginrajinir3-0/+9
Added missing san_private_key parameter used for password less SSH authentication. Change-Id: I6d7544b525055318aa567f9cbbe318d82bafacf0 Depends-On: 70db86d3366f85edf563aa73c533931a21cfab4d
2017-07-18Merge "Allow modprobing from cinder-volume container"Jenkins1-0/+1
2017-07-18Merge "LVM in cinder-volume container without udev"Jenkins1-2/+8