Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
The Ceilometer middleware is in the wrong place; actually any middleware
should be deployed after catch_errors to catch any errors that would
otherwise crash the proxy service. Additionally the ceilometer
middleware should be deployed after any authentication middleware.
Closes-Bug: 1637471
Co-Authored-By: Thiago da Silva <thiago@redhat.com>
Change-Id: I710ff2f51271a78582fa502e7eecfa687800c664
|
|
With this, we can clean it from puppet-tripleo.
Change-Id: I13638cd1af52537bef8540f0d5fa5f5f7decd392
Depends-On: Ic1967a6f4f60a273965811516f33121115d518b4
|
|
|
|
|
|
Using the SwiftRawDisks parameter neither created the XFS filesystem nor
mounted the device, requiring manual intervention by an operaror.
Partial-Bug: 1634051
Change-Id: I2da0f12635a37c1f339a3be59a7d00f352adf283
|
|
|
|
With the following two changes we increased the timeout for redis and
rabbit for both starting and stopping to 200s:
https://review.openstack.org/386618 newton (merged)
https://review.openstack.org/385555 master (merged)
We want to also fix that on minor updates on all our supported
releases upstream and downstream (newton, mitaka, liberty, kilo).
This way we can guarantee that we have a uniform timeout for
sart and stop for rabbit and redis across all our releases.
Change-Id: If59bf3386832ee78d3a654f01077aff2e8be76e8
Closes-Bug: #1634851
|
|
|
|
|
|
|
|
|
|
Horizon allowed hosts should name the IP addresses/
DNS names (short/long) the Horizon node is listening to.
Allowed hosts is used for header checks and is a security
mechanism.
Change-Id: I81c96357f969a1a436eecd35eb178579159bc719
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Change-Id: Ib25849565c617f32357ef545957f58454b2a53f8
|
|
Adds new puppet specific services for Mistral
API and Mistral Engine.
This submission enables the mistral service by default in the
overcloud, a following submission will disable it and make it
optional by enabling it on demand based in an environment file.
Depends-On: Iae42ffa37c4c9b1e070b7c3753e04c45bb97703f
Depends-On: I942d419be951651e305d01460f394870c30a9878
Depends-On: I6cb2cbf4a2abf494668d24b8c36b0d525643f0af
Implements: blueprint composable-services-within-roles
Co-Authored-By: Carlos Camacho <ccamacho@redhat.com>
Change-Id: Id5ff9cb498b5a47af38413d211ff0ed6ccd0015b
|
|
|
|
Change-Id: Ib945e570556e8e10e5bb07faa57270958c9eda99
|
|
|
|
|
|
After a brand new deployment we have the following in rabbitmq.config:
...
{rabbit, [
{tcp_listen_options,
[binary,
{packet, raw},
{reuseaddr, true},
{backlog, 128},
{nodelay, true},
{exit_on_close, false}]
},
{tcp_listen_options, [binary, {packet, raw}, {reuseaddr, true},
{backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive,
true}]},
...
Let's remove these duplicate entries and make sure that we use the
parameters for the puppet module to set the following values
explicitely (it's the only parameter where we do not use the default
setting from the puppet module):
keepalive = true -> rabbitmq::tcp_keepalive: true
All the other options that we set are the default in the puppet module:
{packet, raw}
{reuseaddr, true}
{backlog, 128}{nodelay, true}
{exit_on_close, false}
Depends-On: I608477d5714a5081b3b4ab3b9fc2932bdd598301
Change-Id: I35921652bd84d1d6be0727051294983d4a0dde10
|
|
Port 16509 should be opened for tcp traffic to enable live migration.
See Also:
http://docs.openstack.org/admin-guide/compute-configuring-migrations.html
Previously, we were not enabling any iptables rules on the Compute
Roles, so this is a regression.
Change-Id: Ie4abf53dc2a8171af48d02e34a1a3ad43f27cfb3
Closes-Bug: #1635427
|
|
new ceilometermiddleware is available and integrated into
puppet-swift. Lets leverage it and include it in the
swift proxy pipeline. The correcponding puppet triple
change for this is Ie49f4a750368ff174b23b8d6baa743d0956d727e
Closes-Bug: #1631108
Change-Id: I82da0240d60d1eed54f1c0927e6157bb63025a19
|
|
|
|
We currently set the stonith property from all controller nodes during
upgrade. This is racy and can actually end up disabling stonith after
the upgrade even if when it was enabled.
Let's set the property only from the bootstrap node.
Change-Id: Id4afb867b485ac853be874a0179a7ed7cc914068
Closes-Bug: #1635294
|
|
This adds a special case handling for the opensvswitch package
as discussed at the related bug below.
This is added/handled here for both the minor update and the
major mitaka...newton upgrade.
Change-Id: I9b1f0eaa0d36a28e20b507bec6a4e9b3af1781ae
Closes-Bug: 1635205
|
|
This adds the necessary hieradata for enabling TLS in the internal
network for aodh.
bp tls-via-certmonger
Change-Id: I2ea160e3ac0775404d6ed302f475268d3a3031ef
Depends-On: I50ef0c8fbecb19d6597a28290daa61a91f3b13fc
|
|
This adds the necessary hieradata for enabling TLS in the internal
network for ceilometer.
bp tls-via-certmonger
Depends-On: Ib5609f77a31b17ed12baea419ecfab5d5f676496
Change-Id: I3eb34efbc8489b23269f97f762d4a3d0fa69f666
|
|
This adds an environment file that can be used to enable TLS in
the internal endpoints via certmonger if used. This will include
a nested stack that will create the hash that will be used to
create the certmonger certificates.
When setting up a service over apache via puppet, we used to disable
explicitly ssl (which sets modd_ssl-related fields for that vhost).
We now make this depend on the EnableInternalTLS flag. This has only
been done for keystone, but more services will be added as the
puppet code lands
bp tls-via-certmonger
Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039
Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c
|
|
Change-Id: I3c5c7753237ebaf16fb40806df0d195cb2b9aaa0
|
|
The /usr/bin/docker is a shell script in latest atomic host, pointing
to either docker-latest or docker-current binary. Bind mount the
required files from atomic host to be able to run docker in docker
inside heat-agents container.
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Change-Id: I97e29f65beb3a3f89c1b42c339e2e89f0fc1d519
|
|
The test was always evaluate as true which resulted in
insecure_registry line being set even when DockerNamespaceIsRegistry
was set to false.
Change-Id: Iacb73a4908a6a27082b94fe919734e644ed47b19
|
|
|
|
|
|
|
|
|
|
This adds the necessary hieradata to run cinder over httpd instead
of eventlet.
Change-Id: Ic1967a6f4f60a273965811516f33121115d518b4
|
|
|
|
There is a missing repositiry for LBaaS in api_extensions_path in neutron-opencontrail.
This patch is working in my lab : tripleo liberty and opencontrail 3.0.2
Closes-Bug: #1634120
Change-Id: Ie06612faf226d0e5e75f3f8a9b560118cba5ff4c
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
|
|
Without this httpd fails to start on deployments where the
worker count isn't explicitly overridden via a parameter.
Change-Id: Ie7b31bc6e022a0166af126c866994bdd019718df
Closes-Bug: #1634213
|
|
EnableOpenDaylightOnController was not very composable. Removing this
parameter to make the service truly composable. Also fixes missing
local_ip setting for OVS, required for VXLAN or GRE tenant networks.
Closes-Bug: 1633625
Depends-On: Ia55c05e12d5d434111a13e1ed795da530e3ff4a5
Change-Id: I0e07e1631793311334d1436ee8fdf9af2802ba70
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
with the move to use httpd instead of eventlet, We now add this
parameter in t-h-t to be able to clean it up from the puppet-tripleo
manifest.
Change-Id: Ic229182cc5c887b57f6182c3db1bac8bed330f7c
Depends-On: I4603b81d30a704b07eef461b3cdbfe164614b04f
|
|
http_proxy_to_wsgi middleware was recently added to Neutron [1] and
in order to take it into use, we need to enable it via hiera.
[1] Ice9ee8f4e04050271d59858f92034c230325718b
Depends-On: I99bc9486fdd85857ce73c413e17400320bd6ec5b
Related-Bug: #1590608
Change-Id: I10c065e726f2708e09acfc04dac3cae34a534d23
|