Age | Commit message (Collapse) | Author | Files | Lines |
|
Depends-On: I55ac06e1a561d29d7e1c928a1684989c9654b95d
Change-Id: Id29e96979b937593efe244f46ce2dd74df3aaa7f
|
|
By deafult, we let the data live for ever. Which isnt very efficient.
Lets expose params to tweak this and use a reasonable default.
Change-Id: I145fa73a7af9cb4135ba910d3659853b3baa893d
|
|
For performance reasons we might want to tweak this param
lets expose this via tripleo. The puppet changes were
added in this patch I5de5283d1b14e0bba63d6d9a440611914ba86ca4
Change-Id: I72f1fe3a47060fe37602a70b8a74fba72209127c
|
|
|
|
Instead of using the CA bundle, this sets the mysql client configuration
file to use a specific file for validating the certificate of the
database server. This helps in two ways:
* Improves performance since validation will check only one certificate.
* Improves security since we're only the certificates signed by one CA
are valid, instead of any certificate that the system trusts (which
could include potentially compromised public certs).
Change-Id: I46f7cb6da73715f8f331337e0161418450d5afd7
Depends-On: I75bdaf71d88d169e64687a180cb13c1f63418a0f
|
|
This switches heat-api and heat-api-cfn to use httpd in containerized
overcloud.
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I2fe6e25474279c7c91a69d9df7b28e12b1d8ac00
|
|
|
|
libvirt has its own parameter for setting the CA, however, if we have a
common CA for all services in the internal network (which we do), it's
more consistent to use the common parameter for configuring that CA
file.
The previous parameter was left in case the deployer wants to use a
specific CA file for the compute nodes.
Change-Id: I3d132d3d257d7ea9f43e49593f8509c3cd205ca5
|
|
Instead of using the CA bundle, this sets HAProxy to use a specific file
for validating the certificates of the services it's proxying. This
helps in two ways:
* Improves performance since validation will check only one certificate.
* Improves security since we're only the certificates signed by one CA
are valid, instead of any certificate that the system trusts (which
could include potentially compromised public certs).
Change-Id: Id6de045b3c93c82d37e0b0657c17a3108516016a
|
|
It seems this wasn't adjusted when https://review.openstack.org/#/c/338315/
landed, which added interfaces for compute specific neutron configuration,
which is disabled for most vendor backends.
Change-Id: I4c98008107568b3b65decd7640e25c7d2b1ea9ff
Related-Bug: #1687597
|
|
Change-Id: Ic218a753e0cede2ba3951bcaec843f487dce0c71
|
|
|
|
|
|
|
|
To test this change we deployed a stock master with ipv6 which created a bunch
of ipv6 with /64 netmask:
[root@overcloud-controller-0 ~]# pcs resource show ip-fd00.fd00.fd00.2000..18
Resource: ip-fd00.fd00.fd00.2000..18 (class=ocf provider=heartbeat type=IPaddr2)
Attributes: ip=fd00:fd00:fd00:2000::18 cidr_netmask=64
Operations: start interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-start-interval-0s)
stop interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-stop-interval-0s)
monitor interval=10s timeout=20s (ip-fd00.fd00.fd00.2000..18-monitor-interval-10s)
Then we update the THT folder with this patch and upload the new scripts on the undercloud via:
openstack overcloud deploy --update-plan-only ....
Then we kick off the minor update workflow:
openstack overcloud update stack -i overcloud
Once the controller-0 node (bootstrap node for pacemaker) is completed we have the
correct VIP configuration:
[root@overcloud-controller-0 heat-config-script]# pcs resource show ip-fd00.fd00.fd00.2000..18
Resource: ip-fd00.fd00.fd00.2000..18 (class=ocf provider=heartbeat type=IPaddr2)
Attributes: ip=fd00:fd00:fd00:2000::18 cidr_netmask=128 nic=vlan20 lvs_ipv6_addrlabel=true lvs_ipv6_addrlabel_value=99
Operations: start interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-start-interval-0s)
stop interval=0s timeout=20s (ip-fd00.fd00.fd00.2000..18-stop-interval-0s)
monitor interval=10s timeout=20s (ip-fd00.fd00.fd00.2000..18-monitor-interval-10s)
Also verified that running the script a second time does not alter the
(already fixed) VIPs.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: I765cd5c9b57134dff61f67ce726bf88af90f8090
|
|
|
|
SnmpdBindHost will be useful for users who want to change the binding
options for SNMP daemon.
It has to be an array, and by the default the value is
['udp:161','udp6:[::1]:161'] like it was in puppet-tripleo profile.
Change-Id: Iccf0a8d35cc05d34272c078c97a5dddfb8e7d614
Closes-Bug: #1687628
|
|
When implementing custom roles, we lost an implicit dependency that
ensured AllNodesExtraConfig is applied before AllNodesDeploySteps,
which causes problems if you need to write hieradata via the
AllNodesExtraConfig hook (some cisco integrations we have in tree
do this, and are now broken because the ordering is no longer ensured.
Change-Id: Ie78ecbb4e135ab7f196867ef9d8d271049a9cd10
Closes-Bug: #1687597
|
|
|
|
Closes-Bug:1686619
Change-Id: I7c32ca39a456de9833d30c31d41fcb727d2b0a34
|
|
|
|
Change-Id: I26652afe0f513ec354c05570e7fa0e5b4b0ab669
|
|
list_concat was introduced recently and is able to replace the yaql
calls for concatenating lists.
Change-Id: Id3a80a0e1e4c25b6d838898757c69ec99d0cd826
|
|
Change-Id: Ia0e0a12e1863dce657d4e1c7f9894ea5bfd008be
|
|
Log prepared docker command
Use logger stdout instead of print command
Log stderr as debug as well
Change-Id: I3d48fbf4fa3381d325e3be3788b041e06d4bb294
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
At scale, having the os-collect-config instances all check in at the
same time can cause performance problems. This change enables splay and
sets it to a default maximum random sleep of 30 seconds prior to the
os-collect-config polling.
Change-Id: Iab8b51f4e5fb4727b8aa7e081f5cbfcbf11f7fcb
Depends-On: I88f623c9e8db9ed4a186918206a63faec8f7f673
Closes-Bug: #1677314
|
|
We dont deploy telemetry by default on undercloud anymore.
Lets disable by default and provide an env file to enable
on demand.
Change-Id: I03807b3b75bb038c2d2bb342f3327e6eca2f3976
|
|
|
|
Exporting the neutron::server parameter into the neutron_api service, so
Octavia API and Neutron Server can be separated.
Change-Id: Iee28b0e84a00bd589d6f14a73f0c3f32d310b393
Closes-Bug: #1687026
|
|
storage backend"
|
|
|
|
|
|
Part of blueprint redfish-support
Depends-On: I0bd6697a33a62d62ee94a1de768b8516bba2e2bc
Depends-On: Ib14f87800ae7657cf6176a4820248a2ce048241d
Change-Id: I2482d3a7549ac9ebc7c0c20626e479575aaad182
|
|
In the converge envs we unset the UpgradeInitCommon since we used
that for the N..O upgrades workflow. However an operator may have
also overridden the UpgradeInitCommand so we should unset that
too.
Closes-Bug: 1686918
Change-Id: I3b316d04b78a4ab1e3f9f69948e42e6fb0ad6632
|
|
|
|
|
|
|
|
|
|
|
|
We fixed pcs resources start/stop timeouts via
I587136d8d045d213875c657ea5a405074f80c8ad in Nov 2015.for mitaka.
And there we stated:
This can be removed once updates from deployments made prior to
I6fc18f1ad876c5a25723710a3b20d8ec9519dcba are no longer supported.
We can now safely remove these updates as they are useless and cost time
anyway.
Change-Id: Ibad2b3eed0d08560d52d5ebe700746b61e5b8f51
|
|
|
|
The stack name can now be overridden in the get-occ-config.sh script for
deployed-server's by setting the $STACK_NAME variable in the
environment.
Change-Id: Iecba21499b80e463b4c629be53c309996d39472d
Closes-Bug: #1686719
|
|
|
|
|
|
local"
|
|
The puppet-redis module makes use of the exec puppet tag to copy the
/etc/redis.conf.puppet file to /etc/redis.conf. We need to explicitly
enable it otherwise our redis container will pick up the default redis
configuration and not the one that was generated with puppet.
Also creates the /var/run/redis directory on the host since we bind
mount /run, and ensure the container sets the correct ownership on the
directory.
Finally, configure redis to not daemonize otherwise the container ends
up in a restart loop.
Change-Id: Ia1dce2120ca7479eef8bc77dedf9431adbe210cc
Closes-Bug: #1686707
|
|
|
|
|
|
It is required for a hybrid deployments
when WSGI based services running both at host and in containers, without conflicting default ports.
Partial-bug: #1686637
Co-authored-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: I9d0a5bb32337a6a8f1a4036f9560df79dfe1d90a
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
the CA and certmonger user profiles were needed in the compute services
list from the tls-everywhere in containers environment.
bp tls-via-certmonger-containers
Change-Id: Ib584ac0745d68828467bcfad7f6472ab66adbac3
|