aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2015-11-23Merge "Implement Advanced Firewalling support"Jenkins10-0/+137
2015-11-23Sample environment with old ServiceNetMap valueJames Slagle2-0/+42
The original value for the ServiceNetMap parameter had the Keystone Admin API service on the Internal API network. Later, it was moved to the ctlplane network by default. Users updating from clouds already deployed may not want to have the service moved, and we've occassionly seen it cause issues with services not getting restarted properly. This sample environment file documents the old value so that users can just optionally include it via -e to keep the services the same as they were when they originally deployed. Change-Id: I0b68542337a2f40e26df15fe7ac2da5aafe651d5
2015-11-23Fixup neutron constraints in older overclouds before updatingmarios1-0/+10
The neutron pcs constraints were reworked in https://review.openstack.org/#/c/229466/ For overclouds deployed with older tripleo-heat-templates the current pcs ordering constraints will not have those changes, meaning that the behaviour discussed at https://bugs.launchpad.net/tripleo/+bug/1501378 is likely given we will stop and restart all services. This review applies those, in short, remove the ovs-cleanup after neutron-server and add openvswitch-agent instead. Detail in the bug report and linked BZ. Change-Id: I45822c5fe9029f11635400b7fbd386880ac80a4e Related-Bug: 1501378
2015-11-23Merge "Add constraints and timeouts from file in single step"Jenkins1-78/+50
2015-11-23Inject TLS certificate and keys for the OvercloudJuan Antonio Osorio Robles6-31/+138
This is a first implementation of adding TLS termination to the load balancer in the controllers. The implementation was made so that the appropriate certificate/private key in PEM format is copied to the appropriate controller(s) via a software deployment resource. And the path is then referenced on the HAProxy configuration, but this part was left commented out because we need to be able to configure the keystone endpoints in order for this to work properly. Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79
2015-11-23Merge "Allows for customization of NetworkDeployment actions"Jenkins5-2/+30
2015-11-20Merge "Change default host reserved memory to 2048MB from 512MB"Jenkins1-0/+6
2015-11-20Allows for customization of NetworkDeployment actionsGiulio Fidente5-2/+30
We don't necessarily want the network configuration to be reapplied with every template update so we add a param to configure on which action the NetworkDeployment resource should be executed. Change-Id: I0e86318eb5521e540cc567ce9d77e1060086d48b Co-Authored-By: Dan Sneddon <dsneddon@redhat.com> Co-Authored-By: James Slagle <jslagle@redhat.com> Co-Authored-By: Jiri Stransky <jstransk@redhat.com> Co-Authored-By: Steven Hardy <shardy@redhat.com>
2015-11-20Point registry at tripleoupstreamRyan Hallisey2-11/+10
The tripleoupstream registry contains images that are built every time there is a change in delorean. The gate also needs this. Change-Id: If460853284588f637de820afa54069f773f2e6f7
2015-11-20Merge "Nova-libvirt needs to bind to /sys/fs/cgroup"Jenkins1-1/+1
2015-11-20Merge "Add local docker registry support"Jenkins4-15/+55
2015-11-20Merge "Update docker compute environment to use json config"Jenkins4-32/+144
2015-11-19Change default host reserved memory to 2048MB from 512MBJoe Talerico1-0/+6
Results from pmap of idle nova-compute: https://gist.github.com/jtaleric/addd9079d6cdf4f7cf42 Results from free -m and cat /proc/meminfo: https://gist.github.com/jtaleric/410130f09c2aad2dc7e9 bug: https://bugzilla.redhat.com/show_bug.cgi?id=1282644 Change-Id: I9b3ceecabfdae0a516cfc72886fde7b26cc68f82
2015-11-19Implement Advanced Firewalling supportEmilien Macchi10-0/+137
Consume puppet-tripleo to create/manage IPtables from Heat templates. This review put in place the logic to enable and setup firewall rules. A known set of rules are applied. More to come. Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22 Co-Authored-By: Yanis Guenane <yguenane@redhat.com> Depends-On: I144c60db2a568a94dce5b51257f1d10980173325
2015-11-19Add constraints and timeouts from file in single stepGiulio Fidente1-78/+50
To avoid pcmk reconfiguring the resources on each config change, we want to apply the constraints and timeouts from file. We also *do not* want to alter the timeouts for a few ocf resources which are rabbitmq, neutron-netns-cleanup and neutron-ovs-cleanup Change-Id: I6875f19e1f34f0fdcf0928421f49b61d857ca7c8 Co-Authored-By: Andrew Beekhof <abeekhof@redhat.com>
2015-11-18Merge "Implement Neutron enable_isolated_metadata parameters"Jenkins3-0/+17
2015-11-18Merge "Verify galera is sync'd in yum_update.sh"Jenkins1-0/+12
2015-11-17Merge "neutron: enable nova-event-callback by default"Jenkins6-2/+16
2015-11-17Merge "Pass ceph::pool arguments when calling class"Jenkins3-10/+6
2015-11-17Added libvirt_vif_driver, ovs_bridge and security_group_api parametersLokesh Jain2-0/+33
Made libvirt_vif_driver, ovs_bridge and security_group_api parameters in nova as configurable parameters through heat templates Change-Id: I3f355c31a64912baa1a159d59f0fa9089f77b8f4
2015-11-17neutron: enable nova-event-callback by defaultEmilien Macchi6-2/+16
* Add NovaApiVirtualIP string parameter. * Compute nova_url and nova_admin_auth_url parameters. * Configure in Hiera neutron::server::notifications::* parameters. * non-ha: include ::neutron::server::notifications * ha: include ::neutron::server::notifications and create orchestration * Set vif_plugging_is_fatal to True so we actually fail if Neutron is not able to create the VIF during Nova server creation workflow. Depends-On: I21dc10396e92906eab4651c318aa2ee62a8e03c7 Change-Id: I02e41f87404e0030d488476680af2f6d45af94ff
2015-11-17Implement Neutron enable_isolated_metadata parametersCyril Lopez3-0/+17
* Use the parameter in Puppet configuration (Hiera) to configure neutron BZ-1273303 Change-Id: Ic5a7a1f13fd2bc800cadc3a78b1daadbc0394787 Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2015-11-17Verify galera is sync'd in yum_update.shJames Slagle1-0/+12
When the cluster is brought back online after a yum update in yum_update.sh, we should verify that galera is fully sync'd before moving on. This ensures the sync is complete before moving on to update any other nodes in the cluster. Change-Id: Ie8fc2c5d5214deacea94ca658ac75359b318ced1
2015-11-17Merge "Add support for enabling L2 population in Neutron"Jenkins5-0/+35
2015-11-17Merge "Add simple linux bridge as network environment"Jenkins1-0/+73
2015-11-16Add simple linux bridge as network environmentJaume Devesa1-0/+73
Create a bridge for the overcloud services using linux bridge instead of openvswitch. Some SDNs may be incompatible with openvswitch datapath. Change-Id: I873368e74ddfd95bf5c6e1f88cec33ba011e09dd
2015-11-16Add support for enabling L2 population in NeutronBrent Eagles5-0/+35
This change adds support for enabling/disabling L2 population in Neutron agents. It currently defaults to false. Change-Id: I3dd19feb4acb1046bc560b35e5a7a111364ea0d7
2015-11-16Merge "Add environment for isolated networks without tunneling VLAN"Jenkins1-0/+37
2015-11-16Merge "Support network isolation without external nets"Jenkins6-0/+288
2015-11-16Merge "Add the GlanceRegistry and Horizon endpoints to EndpointMap"Jenkins1-0/+35
2015-11-16Merge "Expose the IP of the Endpoints"Jenkins1-0/+1
2015-11-16Merge "Make CloudName available for Endpoints"Jenkins3-3/+49
2015-11-16Make all network ports type to consume FixedIPsGiulio Fidente4-0/+28
This change adds to the internal_api, storage, storage_mgmt and tenant network ports the FixedIPs param and make them consume it when passed. Change-Id: Ica2bca9f573b206cc60c9d572224a8cc7b9b8aa4
2015-11-16Merge "Bump further the stop/start timeout for pcmk/systemd services"Jenkins1-8/+8
2015-11-16Merge "Set start/stop pacemaker resource timeouts for updates"Jenkins1-0/+72
2015-11-16Merge "Add missing constraints in yum_update.sh"Jenkins1-0/+30
2015-11-13Merge "honor the rabbit user and password provided"Jenkins2-2/+4
2015-11-13Merge "Fix cinder error when CinderNfsMountOptions option is absent"Jenkins2-2/+2
2015-11-13Pass ceph::pool arguments when calling classGiulio Fidente3-10/+6
Pass the ceph::pool properties as arguments to the class call instead of setting them as class defaults. Ceph recommends max 32 PGs and min 4 PGs per OSD so this change also lowers the defaults to 32 which works with 1 OSD, suits well a scenario with 3 OSDs and is easy to customize in the static hiera if more than 8 OSDs are deployed. More info at: https://bugzilla.redhat.com/show_bug.cgi?id=1252546 Change-Id: Ifed11d1857900b2251dfdf69d6b6f168150e6330
2015-11-13Merge "Refacter Endpoints into EndpointMap"Jenkins9-134/+493
2015-11-13Merge "Add DeployIdentifier overcloud parameter"Jenkins1-0/+11
2015-11-13Fix cinder error when CinderNfsMountOptions option is absentPierre Blanc2-2/+2
When I deploy director with NFS backend for cinder, sometimes I don't need nfs mount options. If I choose to omit this option, or if the option is defined to '', the deployment fails. This patch add just a default value for this option. Change-Id: Idf708aaecebd5c6db14f48ad2a53d6c2453be5ee Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1281870
2015-11-13Set start/stop pacemaker resource timeouts for updatesJiri Stransky1-0/+72
This matches change I6fc18f1ad876c5a25723710a3b20d8ec9519dcba, but we need it to set it before attempting the cluster stop - yum update - cluster start cycle, to make sure this cycle doesn't hit the low timeout limits. This can be removed once updates from deployments made prior to I6fc18f1ad876c5a25723710a3b20d8ec9519dcba are no longer supported. Change-Id: I587136d8d045d213875c657ea5a405074f80c8ad
2015-11-13Bump further the stop/start timeout for pcmk/systemd servicesGiulio Fidente1-8/+8
This bumps further up the stop/start timeout for the pcmk/systemd services so that it matches the 100s default set in future pcmk versions [1]. 1. https://github.com/ClusterLabs/pacemaker/commit/17d65e9f44061a4fa14a9cddd6edc403b2d6d2b3 Change-Id: I6fc18f1ad876c5a25723710a3b20d8ec9519dcba
2015-11-12Merge "Pin docker version for atomic at 1.8.2"Jenkins1-2/+3
2015-11-12Merge "Set default start/stop timeout for pcmk services to 95s"Jenkins1-8/+8
2015-11-12Merge "Change default bond-mode"Jenkins1-2/+1
2015-11-11Add DeployIdentifier overcloud parameterDan Prince1-0/+11
We've heard from end users that it is confusing that puppet isn't re-executed on a heat stack-update. This patch adds a new DeployIdentifier parameter which we can set via client tooling (tripleoclient) to a unique value so that on each heat stack-update we always execute all of our configuration deployments. Change-Id: Ic352ddd30807dc378e5e7b6c396bc53f5d6d5622 Related-bug: #1505430
2015-11-11Change default bond-modeJoe Talerico1-2/+1
The default balance-tcp is causing issues with deployments. Defaulting to active-backup. After ~ 100 guests (total) connectivity to each guest would become spotty (simple pings would fail, then become successful.) In /var/log/messages we saw : "overcloud-controller-1 kernel: openvswitch: ovs-system: deferred action limit reached, drop recirc action" For more details, refer to this link: http://openvswitch.org/pipermail/discuss/2015-October/019168.html Change-Id: Ia0f2592a289e13472b98d97057cd516c5048fe59
2015-11-11Add missing constraints in yum_update.shJames Slagle1-0/+30
Some missing pacemaker constraints were added in the following commits: https://review.openstack.org/#/c/219770/ https://review.openstack.org/#/c/219665/ https://review.openstack.org/#/c/218931/ https://review.openstack.org/#/c/218930/ Overclouds that were deployed prior to these constraints being added to tripleo-heat-templates still have the constraints missing. During an update, stopping and starting the cluster can fail without these constraints in place. As a workaround, conditionally add these contraints in yum_update.sh so that we're sure they're always present before updating. Change-Id: Id46c85dbbe5e85d362279661091b17ce1b697fe0