Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
Latest commits in puppet-systemd enabled by default systemd-networkd and
systemd-resolved but we don't want to manage them for now in TripleO.
MySQL and MongoDB services were managing some systemd resources so now
we ensure that these 2 systemd services are disabled. In the future, we
might want and activate these services and revert that patch but for now
we want to disable them.
Change-Id: I42c6c9b643a71a0fbb1768bbae91e8bfa916ea00
Closes-Bug: #1704145
|
|
|
|
This should be handled in puppet-tripleo, as is done for some other
services e.g ceph. This has also been identified as a possible
performance problem due to the nested get_attr calls.
Change-Id: I7e14f0219c28c023c4e8e1d4693f0bfa9674d801
Related-Bug: #1684272
Depends-On: Iccb9089db4b382db3adb9340f18f6d2364ca7f58
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Checks for an existing /var/run/yum.pid and exit 1 with an error
message saying why.
Change-Id: I374eeb4164a8007ae67fea2796eac109fffdef97
Closes-Bug: 1704131
|
|
This new directory has now been added to the RDO packaging so we
can move things common to both puppet/container architecture here,
starting with the recently combined services.yaml
Change-Id: If2ce27188c4c15002b3ad830e8d6eb9504d2f3d2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This patch updates the ironic-api docker service so that it
generates its config files in a unique config root. This
ensures that it doesn't have config files in the httpd
conf.d directory for both the API and PXE services thus
causing the API container to attempt to launch both of them.
This functionally fixes the Ironic API and PXE services with
docker so they once again can bring up an overcloud.
Change-Id: I537cd6a3337bf776ca38a279b7c130b6429eea04
Closes-bug: #1702799
|
|
|
|
Change-Id: I797eea2f7788f65411964ccb852b5707e916416f
Partial-Bug: #1668922
|
|
Change-Id: Ibfc568755764203b68aed524d6f334eeb7cd5da7
Closes-bug: #1703001
|
|
This change enables the puppet cron resource in docker-puppet.py and adds user
crontabs to the paths copied from the config containers.
Only the nova crontab is configured for now. Other services will require
similar changes to run their crontabs.
Partial-Bug: 1701254
Change-Id: I2d1d0f0d77908a132472cf4bc475f8bd526af504
Depends-On: Ie16fb4539481a3c192cff8220a97daa4c70467fc
|
|
|
|
The default in non-containerized environments is to run rsync within
xinetd for Red Hat-based deployments, however in an containerized
environment this is not really needed. Therefore run rsync directly
without being started by xinetd.
Change-Id: I08abd917eba08d1192437ddf96c71b06d099a3f8
|
|
|
|
This patch does 2 things:
* Configure messagingv2 as default driver for Oslo Notifications sent on
RPC.
* Allow users to choose between messagingv2 (default) and noop when we
want to disable notifications (for example, when Telemetry is disabled).
* Deprecate KeystoneNotificationDriver in favor of NotificationDriver.
Change-Id: Ia547d7f4bfb51e7c45246b097b48fd86da231bd3
Related-Bug: #1701357
|
|
Starting with Pike, Heat will do attribute resolution in a single pass. A
consequence of this is that when the result of a get_attr is passed to
another get_attr call, there must be a dependency relationship between the
resources so that the inner attribute is resolved first before we try to
determine which attributes are required from the resource in the outer
call.
There are two uses of nested dep_attr in the overcloud template. One (which
hopefully can be removed soon) is in the allNodesConfig resource. In this
case, the {{primary_role_name}}IpListMap already depends on the
ServiceNetMap.
The second is in the KeystoneAdminVip output. This patch makes the VipMap
depend on the ServiceNetMap so that attributes can be resolved in a single
pass in that case.
Change-Id: I438a79748b9b408ec1101271d96c60d84028b57e
|
|
This is associated with the haproxy service, so set the hieradata there
instead. This is needed so we can render the controller role template
via j2, and also if anyone ever wants to run haproxy on some role other
then the Controller.
Change-Id: I82b992afe42f6da7788f6efca2366863c3bf68f7
Partially-Implements: blueprint composable-networks
|
|
This has been replaced for some time by bootstrap_nodeid which isn't
hard-coded to the Controller role.
Change-Id: I2c172de13646e5b88cb9930a93ca71fcc990e522
Depends-On: I0a9fced847caf344e5d26b452f1bd40afab8f029
|
|
Apparently providing completely empty parameter_defaults in an
environment file can confuse Heat, and it seems like it doesn't try to
deploy any services on the overcloud in the multinode job. See the bug
for more details about the bug symptoms.
Change-Id: Ia9cb01b48087b78f66004263757590877219f743
Closes-Bug: #1703599
|
|
There is a Heat patch posted (via Depends-On) that resolves the issue
that caused this to be reverted. This reverts the revert and we need to
make sure all the upgrades jobs pass before we merge this patch.
This reverts commit 69936229f4def703cd44ab164d8d1989c9fa37cb.
Closes-Bug: #1699463
implements blueprint disable-deployments
Change-Id: Iedf680fddfbfc020d301bec8837a0cb98d481eb5
|
|
|
|
Just use the value from the ServerOsCollectConfigData resource in the
output instead of recalculating the value for each role via jinja.
Change-Id: I4e3bf4f25c9a8f677d5d177eb409594193a86405
|
|
Add a new output, DeployedServerEnvionmentOutput, that can be used as
the contents of an environment file to input into a services only stack
when using split-stack. The parameter simplifies the manual steps needed
to deploy split-stack.
By default, the resource that generates the output is mapped to
OS::Heat::None.
implements blueprint split-stack-default
Change-Id: I6004cd3f56778f078a69a20e93a0eba0c574b3db
|
|
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
This commit applies the same change that was applied in
Id2df144b678769def204961236624091d4e5c457 for the non-ha case.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
|
|
The vhost sockets sockets are created with qemu permission, but ovs
runs with root permission. In order to allow ovs to access vhost sockets
reducing the ovs group permission from root to qemu. This is a temprovary
workaround, until ovs fixes the permission issue. The script supports
both ovs2.6 and ovs2.7 versions.
Change-Id: I172956390c19fc9824bf7590cd48bfcf6201191b
|
|
This solves a problem with bind-mounts when the containers are holding
files descriptors open.
At the same time this makes the template more robust to puppet changes
since new config files will be available in the containers without
needing to update the templates.
Partial-Bug: #1698323
Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
|
|
Sometimes the infracloud gateway refuses to ping even though
everything else is working fine. Since we have coverage of this
functionality in the OVB jobs it should be safe to turn it off
here so it stops spuriously failing our jobs.
We can't just set the resource to OS::Heat::None because there
are other resources with dependencies on it. Instead, this adds
a noop version of the validation software config that always
returns true.
Change-Id: I8361bc8be442b45c3ef6bdccdc53598fcb1d9540
Partial-Bug: 1680167
|