aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-11-01Rework gnocchi-upgrade to run in a separate upgrade stepPradeep Kilambi5-18/+68
gnocchi when configured with swift will require keystone to be available to authenticate to migrate to v3. At this step keystone is not available and gnocchi upgrade fails with auth error. Instead start apache in step 3, start apache first and then run gnocchi upgrade in a separate step and let upgrade happen here. Closes-Bug: #1634897 Change-Id: I22d02528420e4456f84b80905a7b3a80653fa7b0
2016-11-01Merge "Re-add NFS backend for Glance"Jenkins2-11/+29
2016-11-01Change nova ram_allocation_ratio to match puppet-novaSteven Hardy1-1/+1
The interface for this moved to init.pp, the one we currently use now only outputs a warning, it doesn't actually set anything. Change-Id: Idc40cf0dc4ff0f598e0918e0de8b3233b524cdd5 Closes-Bug: 1638254
2016-11-01Enable internal TLS for Nova APIJuan Antonio Osorio Robles1-4/+13
This adds the necessary hieradata for enabling TLS in the internal network for Nova API. bp tls-via-certmonger Depends-On: I88380a1ed8fd597a1a80488cbc6ce357f133bd70 Change-Id: I45197f98e5b65d6b2ec364676870db4ce582ffe9
2016-10-31Merge "Add replacepkgs to the manual ovs upgrade workaround and fix a typo"Jenkins6-16/+13
2016-10-31Updated Nuage neutron plugin namelokesh-jain1-1/+1
Updated plugin name for configuring Nuage. Nuage plugin name changed after Liberty release and needs to be updated at all instances. Updated neutron-nuage-config.yaml file to reflect the change. Change-Id: I7cce9a07b909ab59bf249439eec0833afce5cca6 Closes-Bug: #1635033
2016-10-31Add SNMP role to the CephStorage nodesGiulio Fidente1-0/+1
Previously the CephStorage nodes were missing the SNMP role. Change-Id: I1356a3ff8da51da4d79b28312f9e3821652b6291
2016-10-31Merge "Enable internal TLS for aodh"Jenkins1-2/+11
2016-10-31Merge "Fix Swift proxy pipeline ordering"Jenkins1-1/+1
2016-10-31Merge "Enable internal TLS for ceilometer"Jenkins1-3/+11
2016-10-28Fix Swift proxy pipeline orderingChristian Schwede1-1/+1
The Ceilometer middleware is in the wrong place; actually any middleware should be deployed after catch_errors to catch any errors that would otherwise crash the proxy service. Additionally the ceilometer middleware should be deployed after any authentication middleware. Closes-Bug: 1637471 Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: I710ff2f51271a78582fa502e7eecfa687800c664
2016-10-28Add option to disable "d1" Swift deviceChristian Schwede1-2/+5
A default TripleO installation uses a local directory named "d1" to be used by Swift. With SwiftRawDisks set it is highly unlikely that that an operator wants to use this any longer, because it affects system perforamce and might result in an overfilled the system disk. In this case d1 should be no longer when building rings. This patch makes it possible to disable the d1 device usage in the ring building process by using a new option "SwiftUseLocalDir". This is set by default to true, not changing the default behavior. If set to false, the d1 device won't be used when building rings. Closes-Bug: 1634051 Change-Id: Ia9ad38e3ffa533e170f4cedd0518d830e9b2fa69
2016-10-27Set cinder's service name to httpd via t-h-tJuan Antonio Osorio Robles1-0/+1
With this, we can clean it from puppet-tripleo. Change-Id: I13638cd1af52537bef8540f0d5fa5f5f7decd392 Depends-On: Ic1967a6f4f60a273965811516f33121115d518b4
2016-10-27Add replacepkgs to the manual ovs upgrade workaround and fix a typoMathieu Bultel6-16/+13
rpm command will return an exit 1 if ovs package is already there and will exit the step_1.sh script. To get around this force the update with --replacepkgs Also remove the \ just before the $ which cause a syntax error for the ceph storage Change-Id: I11fcf688982ceda5eef7afc8904afae44300c2d9 Closes-bug: 1636748
2016-10-26Merge "Remove double tcp_listen_options entries for rabbit"Jenkins1-1/+1
2016-10-26Merge "Remove duplicate bind_host from nova-api profile"Jenkins1-1/+0
2016-10-26Fix usage of SwiftRawDisksChristian Schwede1-1/+1
Using the SwiftRawDisks parameter neither created the XFS filesystem nor mounted the device, requiring manual intervention by an operaror. Partial-Bug: 1634051 Change-Id: I2da0f12635a37c1f339a3be59a7d00f352adf283
2016-10-25Merge "Fix the stonith property during upgrades"Jenkins1-4/+8
2016-10-24Enables auto-detection for VIP interfacesTim Rozet2-17/+9
Previously the ctrl plane VIP would default to 'br-ex' which in non-vlan deployments ends up being the wrong interface. The public VIP interface was also defaulted to 'br-ex' which would be incorrect for vlan based deployments. Since a user has already given the nic template (and in most cases the subnet that corresponds to the nic) the installer should be able to figure out which interface the public/control vip should be on. These changes enable that type of auto-detection, unless a user explicitly overrides the heat parameters for ControlVirtualInterface and PublicVirtualInterface. Also, incorrect parameters from haproxy service are removed. Depends-On: I05105fce85be8ace986db351cdca2916f405ed04 Closes-Bug: 1606632 Change-Id: I3c1c39824ec32ced304a782edc6ef49c0769c108 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-22Fix the rabbitmq/redis pacemaker resource timeouts on updatesMichele Baldessari1-0/+19
With the following two changes we increased the timeout for redis and rabbit for both starting and stopping to 200s: https://review.openstack.org/386618 newton (merged) https://review.openstack.org/385555 master (merged) We want to also fix that on minor updates on all our supported releases upstream and downstream (newton, mitaka, liberty, kilo). This way we can guarantee that we have a uniform timeout for sart and stop for rabbit and redis across all our releases. Change-Id: If59bf3386832ee78d3a654f01077aff2e8be76e8 Closes-Bug: #1634851
2016-10-21Merge "Composable Mistral services"Jenkins11-0/+498
2016-10-21Merge "Prefill Sensu client custom config"Jenkins2-26/+27
2016-10-21Merge "Clarify horizon allowed hosts setting"Jenkins1-1/+2
2016-10-21Merge "Use correct password for keystone bootstrap"Jenkins1-0/+1
2016-10-21Clarify horizon allowed hosts settingMatthias Runge1-1/+2
Horizon allowed hosts should name the IP addresses/ DNS names (short/long) the Horizon node is listening to. Allowed hosts is used for header checks and is a security mechanism. Change-Id: I81c96357f969a1a436eecd35eb178579159bc719
2016-10-21Merge "Add special case handling for OVS upgrade in updates and upgrades"Jenkins6-0/+86
2016-10-21Merge "Use ::os_workers fact instead of ::processorcount"Jenkins2-2/+2
2016-10-21Merge "Add parameters to run cinder over httpd"Jenkins1-1/+29
2016-10-21Merge "Add missing Ceph endpoints from tls-everywhere environment"Jenkins1-0/+3
2016-10-21Re-add NFS backend for GlanceJiri Stransky2-11/+29
We lost ability to store Glance images in NFS mounts as we moved to NG HA architecture. This patch re-adds that ability, but the parameter interface changes because the semantics change as well. (Pacemaker allowed for different mounts than just NFS so the parameters were more generic, although we only ever tested and documented NFS usage.) Change-Id: Ic5197e09846bbf75d780dcc74da1717dcf8301d0 Related-Bug: #1635606
2016-10-21Merge "Include ceilometer in swift proxy pipeline"Jenkins1-0/+12
2016-10-21Merge "Removes EnableODL heat parameter and fixes missing local_ip param"Jenkins4-7/+1
2016-10-21Use ::os_workers fact instead of ::processorcountJuan Antonio Osorio Robles2-2/+2
Change-Id: Ib25849565c617f32357ef545957f58454b2a53f8
2016-10-21Composable Mistral servicesBrad P. Crochet11-0/+498
Adds new puppet specific services for Mistral API and Mistral Engine. This submission enables the mistral service by default in the overcloud, a following submission will disable it and make it optional by enabling it on demand based in an environment file. Depends-On: Iae42ffa37c4c9b1e070b7c3753e04c45bb97703f Depends-On: I942d419be951651e305d01460f394870c30a9878 Depends-On: I6cb2cbf4a2abf494668d24b8c36b0d525643f0af Implements: blueprint composable-services-within-roles Co-Authored-By: Carlos Camacho <ccamacho@redhat.com> Change-Id: Id5ff9cb498b5a47af38413d211ff0ed6ccd0015b
2016-10-21Merge "Generate internal TLS hieradata for apache services"Jenkins5-20/+104
2016-10-21Add missing Ceph endpoints from tls-everywhere environmentJuan Antonio Osorio Robles1-0/+3
Change-Id: Ib945e570556e8e10e5bb07faa57270958c9eda99
2016-10-21Merge "Bind mount files to run DiD in latest atomic host"Jenkins1-1/+22
2016-10-21Merge "Have docker start script honor configuration"Jenkins1-1/+3
2016-10-21Remove double tcp_listen_options entries for rabbitMichele Baldessari1-1/+1
After a brand new deployment we have the following in rabbitmq.config: ... {rabbit, [ {tcp_listen_options, [binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}] }, {tcp_listen_options, [binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]}, ... Let's remove these duplicate entries and make sure that we use the parameters for the puppet module to set the following values explicitely (it's the only parameter where we do not use the default setting from the puppet module): keepalive = true -> rabbitmq::tcp_keepalive: true All the other options that we set are the default in the puppet module: {packet, raw} {reuseaddr, true} {backlog, 128}{nodelay, true} {exit_on_close, false} Depends-On: I608477d5714a5081b3b4ab3b9fc2932bdd598301 Change-Id: I35921652bd84d1d6be0727051294983d4a0dde10
2016-10-20Open port 16509 for libvirt for live migrationJames Slagle1-0/+4
Port 16509 should be opened for tcp traffic to enable live migration. See Also: http://docs.openstack.org/admin-guide/compute-configuring-migrations.html Previously, we were not enabling any iptables rules on the Compute Roles, so this is a regression. Change-Id: Ie4abf53dc2a8171af48d02e34a1a3ad43f27cfb3 Closes-Bug: #1635427
2016-10-20Include ceilometer in swift proxy pipelinePradeep Kilambi1-0/+12
new ceilometermiddleware is available and integrated into puppet-swift. Lets leverage it and include it in the swift proxy pipeline. The correcponding puppet triple change for this is Ie49f4a750368ff174b23b8d6baa743d0956d727e Closes-Bug: #1631108 Change-Id: I82da0240d60d1eed54f1c0927e6157bb63025a19
2016-10-20Merge "Disables Neutron ML2 config on Compute for OpenDaylight"Jenkins2-0/+2
2016-10-20Fix the stonith property during upgradesMichele Baldessari1-4/+8
We currently set the stonith property from all controller nodes during upgrade. This is racy and can actually end up disabling stonith after the upgrade even if when it was enabled. Let's set the property only from the bootstrap node. Change-Id: Id4afb867b485ac853be874a0179a7ed7cc914068 Closes-Bug: #1635294
2016-10-20Add special case handling for OVS upgrade in updates and upgradesmarios6-0/+86
This adds a special case handling for the opensvswitch package as discussed at the related bug below. This is added/handled here for both the minor update and the major mitaka...newton upgrade. Change-Id: I9b1f0eaa0d36a28e20b507bec6a4e9b3af1781ae Closes-Bug: 1635205
2016-10-20Enable internal TLS for gnocchiJuan Antonio Osorio Robles1-2/+11
This adds the necessary hieradata for enabling TLS in the internal network for gnocchi. bp tls-via-certmonger Depends-On: Ie983933e062ac6a7f0af4d88b32634e6ce17838b Change-Id: Iad8d4949ada8b8fd52e0d0bd345b6fb1ca65827b
2016-10-20Enable internal TLS for aodhJuan Antonio Osorio Robles1-2/+11
This adds the necessary hieradata for enabling TLS in the internal network for aodh. bp tls-via-certmonger Change-Id: I2ea160e3ac0775404d6ed302f475268d3a3031ef Depends-On: I50ef0c8fbecb19d6597a28290daa61a91f3b13fc
2016-10-20Enable internal TLS for ceilometerJuan Antonio Osorio Robles1-3/+11
This adds the necessary hieradata for enabling TLS in the internal network for ceilometer. bp tls-via-certmonger Depends-On: Ib5609f77a31b17ed12baea419ecfab5d5f676496 Change-Id: I3eb34efbc8489b23269f97f762d4a3d0fa69f666
2016-10-20Generate internal TLS hieradata for apache servicesJuan Antonio Osorio Robles5-20/+104
This adds an environment file that can be used to enable TLS in the internal endpoints via certmonger if used. This will include a nested stack that will create the hash that will be used to create the certmonger certificates. When setting up a service over apache via puppet, we used to disable explicitly ssl (which sets modd_ssl-related fields for that vhost). We now make this depend on the EnableInternalTLS flag. This has only been done for keystone, but more services will be added as the puppet code lands bp tls-via-certmonger Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039 Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c
2016-10-20Remove duplicate bind_host from nova-api profileJuan Antonio Osorio Robles1-1/+0
Change-Id: I3c5c7753237ebaf16fb40806df0d195cb2b9aaa0
2016-10-19Bind mount files to run DiD in latest atomic hostMartin André1-1/+22
The /usr/bin/docker is a shell script in latest atomic host, pointing to either docker-latest or docker-current binary. Bind mount the required files from atomic host to be able to run docker in docker inside heat-agents container. Co-Authored-By: Flavio Percoco <flavio@redhat.com> Change-Id: I97e29f65beb3a3f89c1b42c339e2e89f0fc1d519