aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-05-03Configure snmpd auth params in ceilometer profilePradeep Kilambi1-0/+10
Depends-On: I55ac06e1a561d29d7e1c928a1684989c9654b95d Change-Id: Id29e96979b937593efe244f46ce2dd74df3aaa7f
2017-05-03Set reasonable TTL defaults for Ceilometer DBPradeep Kilambi1-1/+12
By deafult, we let the data live for ever. Which isnt very efficient. Lets expose params to tweak this and use a reasonable default. Change-Id: I145fa73a7af9cb4135ba910d3659853b3baa893d
2017-05-03Expose metric delay processing metricPradeep Kilambi2-0/+8
For performance reasons we might want to tweak this param lets expose this via tripleo. The puppet changes were added in this patch I5de5283d1b14e0bba63d6d9a440611914ba86ca4 Change-Id: I72f1fe3a47060fe37602a70b8a74fba72209127c
2017-05-03Merge "Internal TLS: Use specific CA file for haproxy"Jenkins2-0/+12
2017-05-03Internal TLS: Use specific CA file for mysql-clientJuan Antonio Osorio Robles1-0/+6
Instead of using the CA bundle, this sets the mysql client configuration file to use a specific file for validating the certificate of the database server. This helps in two ways: * Improves performance since validation will check only one certificate. * Improves security since we're only the certificates signed by one CA are valid, instead of any certificate that the system trusts (which could include potentially compromised public certs). Change-Id: I46f7cb6da73715f8f331337e0161418450d5afd7 Depends-On: I75bdaf71d88d169e64687a180cb13c1f63418a0f
2017-05-03Use httpd in Heat docker servicesThomas Herve2-16/+22
This switches heat-api and heat-api-cfn to use httpd in containerized overcloud. Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I2fe6e25474279c7c91a69d9df7b28e12b1d8ac00
2017-05-03Merge "Move containers common volumes from yaql to list_concat"Jenkins35-593/+477
2017-05-03Internal TLS: use common CA file parameter for libvirt CA certJuan Antonio Osorio Robles1-5/+20
libvirt has its own parameter for setting the CA, however, if we have a common CA for all services in the internal network (which we do), it's more consistent to use the common parameter for configuring that CA file. The previous parameter was left in case the deployer wants to use a specific CA file for the compute nodes. Change-Id: I3d132d3d257d7ea9f43e49593f8509c3cd205ca5
2017-05-03Internal TLS: Use specific CA file for haproxyJuan Antonio Osorio Robles2-0/+12
Instead of using the CA bundle, this sets HAProxy to use a specific file for validating the certificates of the services it's proxying. This helps in two ways: * Improves performance since validation will check only one certificate. * Improves security since we're only the certificates signed by one CA are valid, instead of any certificate that the system trusts (which could include potentially compromised public certs). Change-Id: Id6de045b3c93c82d37e0b0657c17a3108516016a
2017-05-03Disable ComputeNeutron* for cisco-nexus-ucsmSteven Hardy1-0/+2
It seems this wasn't adjusted when https://review.openstack.org/#/c/338315/ landed, which added interfaces for compute specific neutron configuration, which is disabled for most vendor backends. Change-Id: I4c98008107568b3b65decd7640e25c7d2b1ea9ff Related-Bug: #1687597
2017-05-02Add deprecation notes for panko servicePradeep Kilambi3-2/+11
Change-Id: Ic218a753e0cede2ba3951bcaec843f487dce0c71
2017-05-02Merge "Ensure AllNodesExtraConfig runs before AllNodesDeploySteps"Jenkins1-0/+1
2017-05-02Merge "Fix for the resource ControllerPostPuppetMaintenanceModeDeployment"Jenkins4-11/+16
2017-05-02Merge "Deprecate ceilometer collector"Jenkins8-37/+89
2017-05-02Initial VIP ipv6 minor update codeMichele Baldessari2-5/+74
To test this change we deployed a stock master with ipv6 which created a bunch of ipv6 with /64 netmask: [root@overcloud-controller-0 ~]# pcs resource show ip-fd00.fd00.fd00.2000..18 Resource: ip-fd00.fd00.fd00.2000..18 (class=ocf provider=heartbeat type=IPaddr2) Attributes: ip=fd00:fd00:fd00:2000::18 cidr_netmask=64 Operations: start interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-start-interval-0s) stop interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-stop-interval-0s) monitor interval=10s timeout=20s (ip-fd00.fd00.fd00.2000..18-monitor-interval-10s) Then we update the THT folder with this patch and upload the new scripts on the undercloud via: openstack overcloud deploy --update-plan-only .... Then we kick off the minor update workflow: openstack overcloud update stack -i overcloud Once the controller-0 node (bootstrap node for pacemaker) is completed we have the correct VIP configuration: [root@overcloud-controller-0 heat-config-script]# pcs resource show ip-fd00.fd00.fd00.2000..18 Resource: ip-fd00.fd00.fd00.2000..18 (class=ocf provider=heartbeat type=IPaddr2) Attributes: ip=fd00:fd00:fd00:2000::18 cidr_netmask=128 nic=vlan20 lvs_ipv6_addrlabel=true lvs_ipv6_addrlabel_value=99 Operations: start interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-start-interval-0s) stop interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-stop-interval-0s) monitor interval=10s timeout=20s (ip-fd00.fd00.fd00.2000..18-monitor-interval-10s) Also verified that running the script a second time does not alter the (already fixed) VIPs. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: I765cd5c9b57134dff61f67ce726bf88af90f8090
2017-05-02Merge "Use list_concat for metadata_settings for haproxy"Jenkins1-6/+4
2017-05-02snmp: add SnmpdBindHost parameterEmilien Macchi2-0/+12
SnmpdBindHost will be useful for users who want to change the binding options for SNMP daemon. It has to be an array, and by the default the value is ['udp:161','udp6:[::1]:161'] like it was in puppet-tripleo profile. Change-Id: Iccf0a8d35cc05d34272c078c97a5dddfb8e7d614 Closes-Bug: #1687628
2017-05-02Ensure AllNodesExtraConfig runs before AllNodesDeployStepsSteven Hardy1-0/+1
When implementing custom roles, we lost an implicit dependency that ensured AllNodesExtraConfig is applied before AllNodesDeploySteps, which causes problems if you need to write hieradata via the AllNodesExtraConfig hook (some cisco integrations we have in tree do this, and are now broken because the ordering is no longer ensured. Change-Id: Ie78ecbb4e135ab7f196867ef9d8d271049a9cd10 Closes-Bug: #1687597
2017-05-02Merge "Allow to deploy Octavia API & Neutron Server on 2 different nodes"Jenkins2-1/+7
2017-05-02Fix for the resource ControllerPostPuppetMaintenanceModeDeploymentCarlos Camacho4-11/+16
Closes-Bug:1686619 Change-Id: I7c32ca39a456de9833d30c31d41fcb727d2b0a34
2017-05-02Merge "Remove deprecated minor update pcs code"Jenkins1-18/+0
2017-05-02Add parameter Ec2ApiExternalNetwork for VPCsSven Anderson1-0/+15
Change-Id: I26652afe0f513ec354c05570e7fa0e5b4b0ab669
2017-05-02Move containers common volumes from yaql to list_concatJuan Antonio Osorio Robles35-593/+477
list_concat was introduced recently and is able to replace the yaql calls for concatenating lists. Change-Id: Id3a80a0e1e4c25b6d838898757c69ec99d0cd826
2017-05-02Use list_concat for metadata_settings for haproxyJuan Antonio Osorio Robles1-6/+4
Change-Id: Ia0e0a12e1863dce657d4e1c7f9894ea5bfd008be
2017-05-02Improve logging for docker-puppet.pyBogdan Dobrelya1-36/+50
Log prepared docker command Use logger stdout instead of print command Log stderr as debug as well Change-Id: I3d48fbf4fa3381d325e3be3788b041e06d4bb294 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-05-01Enable splay for os-collect-configAlex Schultz6-0/+60
At scale, having the os-collect-config instances all check in at the same time can cause performance problems. This change enables splay and sets it to a default maximum random sleep of 30 seconds prior to the os-collect-config polling. Change-Id: Iab8b51f4e5fb4727b8aa7e081f5cbfcbf11f7fcb Depends-On: I88f623c9e8db9ed4a186918206a63faec8f7f673 Closes-Bug: #1677314
2017-05-01Disable Telemetry services on undercloud containersPradeep Kilambi5-8/+27
We dont deploy telemetry by default on undercloud anymore. Lets disable by default and provide an env file to enable on demand. Change-Id: I03807b3b75bb038c2d2bb342f3327e6eca2f3976
2017-05-01Merge "Validate NTP servers"Jenkins2-0/+36
2017-04-29Allow to deploy Octavia API & Neutron Server on 2 different nodesEmilien Macchi2-1/+7
Exporting the neutron::server parameter into the neutron_api service, so Octavia API and Neutron Server can be separated. Change-Id: Iee28b0e84a00bd589d6f14a73f0c3f32d310b393 Closes-Bug: #1687026
2017-04-28Merge "Enables support for configuring Cinder with Pure Storage FlashArray ↵Jenkins4-0/+89
storage backend"
2017-04-28Merge "Unset the UpgradeInitCommand on converge"Jenkins2-0/+2
2017-04-28Merge "Add $STACK_NAME input var"Jenkins2-3/+9
2017-04-28Support Redfish hardware in the overcloud IronicDmitry Tantsur2-1/+21
Part of blueprint redfish-support Depends-On: I0bd6697a33a62d62ee94a1de768b8516bba2e2bc Depends-On: Ib14f87800ae7657cf6176a4820248a2ce048241d Change-Id: I2482d3a7549ac9ebc7c0c20626e479575aaad182
2017-04-28Unset the UpgradeInitCommand on convergemarios2-0/+2
In the converge envs we unset the UpgradeInitCommon since we used that for the N..O upgrades workflow. However an operator may have also overridden the UpgradeInitCommand so we should unset that too. Closes-Bug: 1686918 Change-Id: I3b316d04b78a4ab1e3f9f69948e42e6fb0ad6632
2017-04-28Merge "Fix redis container"Jenkins1-2/+17
2017-04-27Merge "Add missing tag to nova-placement docker image"Jenkins1-1/+1
2017-04-27Merge "aodh-base.yaml uses a hard coded keystone region name"Jenkins1-1/+1
2017-04-27Merge "Disable default vhost for apache"Jenkins2-0/+7
2017-04-27Merge "upgrades: deploy mod_ssl when upgrading apache"Jenkins10-95/+150
2017-04-27Remove deprecated minor update pcs codeMichele Baldessari1-18/+0
We fixed pcs resources start/stop timeouts via I587136d8d045d213875c657ea5a405074f80c8ad in Nov 2015.for mitaka. And there we stated: This can be removed once updates from deployments made prior to I6fc18f1ad876c5a25723710a3b20d8ec9519dcba are no longer supported. We can now safely remove these updates as they are useless and cost time anyway. Change-Id: Ibad2b3eed0d08560d52d5ebe700746b61e5b8f51
2017-04-27Merge "Change the default for rabbitmq back to ha-mode: all"Jenkins3-33/+15
2017-04-27Add $STACK_NAME input varJames Slagle2-3/+9
The stack name can now be overridden in the get-occ-config.sh script for deployed-server's by setting the $STACK_NAME variable in the environment. Change-Id: Iecba21499b80e463b4c629be53c309996d39472d Closes-Bug: #1686719
2017-04-27Merge "TLS-everywhere: Add missing profiles to docker compute services"Jenkins1-0/+2
2017-04-27Merge "Pass httpd service_name to Zaqar"Jenkins1-0/+1
2017-04-27Merge "[ironic] expose default boot_option in configuration and change it to ↵Jenkins2-0/+20
local"
2017-04-27Fix redis containerMartin André1-2/+17
The puppet-redis module makes use of the exec puppet tag to copy the /etc/redis.conf.puppet file to /etc/redis.conf. We need to explicitly enable it otherwise our redis container will pick up the default redis configuration and not the one that was generated with puppet. Also creates the /var/run/redis directory on the host since we bind mount /run, and ensure the container sets the correct ownership on the directory. Finally, configure redis to not daemonize otherwise the container ends up in a restart loop. Change-Id: Ia1dce2120ca7479eef8bc77dedf9431adbe210cc Closes-Bug: #1686707
2017-04-27Merge "Upgrade failure when service parameter is changed for PankoApi"Jenkins1-0/+1
2017-04-27Merge "Fix etcd_init_task volume"Jenkins1-1/+1
2017-04-27Disable default vhost for apacheBogdan Dobrelya2-0/+7
It is required for a hybrid deployments when WSGI based services running both at host and in containers, without conflicting default ports. Partial-bug: #1686637 Co-authored-by: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I9d0a5bb32337a6a8f1a4036f9560df79dfe1d90a Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-04-27TLS-everywhere: Add missing profiles to docker compute servicesJuan Antonio Osorio Robles1-0/+2
the CA and certmonger user profiles were needed in the compute services list from the tls-everywhere in containers environment. bp tls-via-certmonger-containers Change-Id: Ib584ac0745d68828467bcfad7f6472ab66adbac3