aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-09-27Stop mapping docker to OS::Heat::None in scenariosJiri Stransky6-31/+0
This was needed to make the upgrade job on Ocata->Pike passing, and we now need to remove this to improve the argument order in OOOQ for deployments with scenarios. This shouldn't be backported to Ocata (at least not before we make the split between deploy scenario and upgrade scenario). Change-Id: Ie08bbe08530bd48a0ca58667f0704f360e0a4dd7 Co-Authored-By: Martin André <m.andre@redhat.com> Related-Bug: #1714905 Related-Bug: #1712070 (cherry picked from commit 31550b42027588d82f01db6956c1efaf02d58558)
2017-09-27Add all services to scenario004-containersJiri Stransky1-12/+27
This commit brings the scenario004 file closer to its BM pendant. We need to start with this one to address a chicken-and-egg issue with featureset files. Change-Id: Ia5c0cefb7051ca42b4d470f5a000eb446d18be30 Co-Authored-By: Martin André <m.andre@redhat.com> Related-Bug: #1714905 Related-Bug: #1712070 (cherry picked from commit b4d0a81e55ad51ecdaf2e923f794418ac77cfc57)
2017-09-25Fixes missing keystone authtoken pw for TackerTim Rozet2-0/+5
Closes-Bug: 1718997 Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 253d9b9107aa158af5bcdafe510ecd96658ef137)
2017-09-25Merge "Move neutron api services to ControllerOpenstack" into stable/pikeJenkins2-5/+6
2017-09-25Merge "Fix issue where 2 Redis VIPs are assigned, but only one used." into ↵Jenkins1-3/+0
stable/pike
2017-09-25Merge "Fixed resource registry path in neutron-lbaasv2.yaml" into stable/pikeJenkins1-1/+1
2017-09-25Merge "Rename service_workflow_tasks into workflow_tasks" into stable/pikeJenkins12-18/+18
2017-09-25Merge "Remove deploy_steps_tasks.yaml from upgrade_steps_playbook" into ↵Jenkins1-5/+0
stable/pike
2017-09-22Fix upgrades that use Management networkDan Sneddon3-73/+5
Upgrades from older versions using Management network fail. This patch enables the management network even though it is not enabled in any of the role definitions. This will allow upgrades to complete using existing network environment files, without requiring operators to switch to the new method for defining which networks are attached to roles. Eventually these older environment files will be removed. Change-Id: Iadd12a559f0ad6918958a1355f189187fd327363 Closes-bug: 1717123 (cherry picked from commit 5b9fbc2b2bfa00de2fe0f437f21e05e3fc09a53d)
2017-09-22Fix issue where 2 Redis VIPs are assigned, but only one used.Dan Sneddon1-3/+0
There is an extra RedisVipPort defined in network-isolation.j2.yaml which is unused. This will waste an IP address, and can lead to confusion if there are multiple ports named RedisVipPort. This patch removes the extra (unneeded) instance of the VIP. Change-Id: I222873859af1b4ed1050cfffe55687b2f8d4c528 Closes-bug: 1717017 (cherry picked from commit f543752da6e1df3537ffa68d86806e11ac380375)
2017-09-22Fixed resource registry path in neutron-lbaasv2.yamlAneesh Puttur1-1/+1
Change-Id: Icb58d47a3911e83e2650b2c74b33eae522c84651 Closes-Bug: #1718451 (cherry picked from commit edc02b3352d53bdf460a495f689db55944eab432)
2017-09-22Merge "Create network-isolation-no-tunneling.yaml using jinja2" into stable/pikeJenkins2-61/+34
2017-09-22Move neutron api services to ControllerOpenstackAlex Schultz2-5/+6
The Networker role should not have the api services run on it. Instead these services should run as part of the ControllerOpenstack role that should be used with this role. Change-Id: Iabfe276fe700843f3a8da0b9e9220b2f82e20ec9 Closes-Bug: #1718299 (cherry picked from commit 964a5d738b8dbb6beb077d76448c6f3a84be2500)
2017-09-22Set Ceph pgp_num after pg_numGiulio Fidente1-1/+2
We missed to set the pgp_num default in ceph.conf, causing WARNING messages like: pool default.rgw.buckets.data pg_num 32 > pgp_num 8 Also increases the default pg_num to 128 which is the recommended value for less than 5 OSDs [1]. 1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/ Change-Id: Ibd9fb23e04576e95e24af58f856663397886a947 Closes-Bug: #1718173 (cherry picked from commit 58e6f6533a04eddd2dc897d890737bbccde4ea7b)
2017-09-21Create network-isolation-no-tunneling.yaml using jinja2Antoni Segura Puimedon2-61/+34
The existing network-isolation-no-tunneling.yaml contains references to missing files. This patch generates the file with jinja to include custom networks and make it work with composable networks. Closes-Bug: #1718797 Change-Id: Ibcab2f6b5ac880a6b3d7dd5126bd24facfa17322 Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com> Co-authored-by: Dan Sneddon <dsneddon@redhat.com> (cherry picked from commit 47185342bdd247a2e2735ef96c777ecec663086d)
2017-09-21Merge "Adds post_upgrade_tasks for any service post-upgrade ansible tasks" ↵Jenkins5-16/+69
into stable/pike
2017-09-21Remove deploy_steps_tasks.yaml from upgrade_steps_playbookMarius Cornea1-5/+0
After landing https://review.openstack.org/#/c/503484/ we run the puppet host configuration steps twice. This change removes the deploy_steps_tasks.yaml playbook in order to run the puppet steps only once. Closes-bug: 1717244 Change-Id: I09461094618124915841c8390c8bce8daf64d029 (cherry picked from commit e471c67aab6a8f91011aa2330b3cf80f4427f443)
2017-09-21Merge "Make nova patching parameters configurable in Nuage" into stable/pikeJenkins2-0/+14
2017-09-21Merge "Use haproxy-systemd-wrapper as pid1 in containerized Haproxy" into ↵Jenkins2-6/+4
stable/pike
2017-09-21Merge "Disable all uses of wsrep-provider in mysql_bootstrap container" into ↵Jenkins1-2/+4
stable/pike
2017-09-20Update panko port in env ssl yaml files to correct onePradeep Kilambi4-18/+18
Change-Id: Iafe17a91c4695e442881e6fe813a6499f812f4b4 (cherry picked from commit 96667edee266bf2a64f7c8e2488c0eba105eaa8f)
2017-09-20Use haproxy-systemd-wrapper as pid1 in containerized HaproxyDamien Ciabrini2-6/+4
This wrapper binary spawns the HAproxy daemon and implements a coordinated HAproxy restart on SIGHUP. From a service's perspective, this allows reloading the HAProxy configuration with minimal service disruption, i.e. without stopping and restarting the HAProxy container. Closes-Bug: #1717521 Change-Id: Ib3ef0c0bcf1a8151e179ff4d7509cf0d6b3ac5a1 (cherry picked from commit 91cd44cd7266c15ce07fafbee9d2e33f226096ba)
2017-09-20Disable all uses of wsrep-provider in mysql_bootstrap containerDamien Ciabrini1-2/+4
During the bootstrap of the mariadb database, galera replication must be disabled while the users credentials are being set up. This is done by setting wsrep-provider=none when starting mysqld_safe. Icf67fd2fbf520e8a62405b4d49e8d5169ff3925b already disabled it when the clustercheck credentials are being set up, but Kolla also start a temporary server for setting up the root password. Disable the setting directly at the end of the mysql.cnf in the running container. That way, the default setting from galera.cnf will be overriden, all mysqld_safe calls will disable WSREP and the setting will stay ephemeral. Change-Id: If14e22992b46a35a05a16a9db5ecb360ea13df8f Closes-Bug: #1717250 (cherry picked from commit b0f50db80b10e9cd6263c4d6b3ca8dd818b658ba)
2017-09-20Adds post_upgrade_tasks for any service post-upgrade ansible tasksmarios5-16/+69
This adds a new config/deployment per role that will come after any post deploy steps. It drives the same ansible config as the upgrade_tasks but instead collects the post_upgrade_tasks for any service in the given role. The workflow is upgrade_tasks, then post deploy steps (either puppet/ or docker/ depending on the env) and then the post_upgrade_tasks added here. This is added to the pacemaker/cinder-volume.yaml service for now see the bug below for more info Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680 Closes-Bug: 1706951 (cherry picked from commit 2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
2017-09-19Run gnocchi statsd and metrcd at step 5Dan Prince2-2/+2
Running these daemons at step 5 should avoid seeing error messages in the gnocchi-statsd log files on startup which starts at step4. Change-Id: Idb82f864a2e1c623dab7a2a87054443036670453 Closes-bug: #1713182 (cherry picked from commit 9d8e496f3e8a825d48d9eba9aab540001bb780ea)
2017-09-19Change to boolean for boolean type paramsTong Liu2-2/+2
Some boolean params are set to string type. Although it works, but it is better to use boolean type for better validation. This patch changes them to boolean type. Change-Id: I9f1d223619ea14fbab26033b24eb1144796e5ef2 Closes-Bug: #1715209 (cherry picked from commit cab8ab1d342c6ffada3f2adea5834b4549240af5)
2017-09-15One time delete pacemaker resources during upgrade to containersMarius Cornea4-8/+40
This change allows running the major upgrade composable docker steps multiple times by not trying to delete the pacemaker resources if they're not reported as started or in master state. Closes-bug: 1716031 Depends-On: I8da03f5c4a6d442617b81be5793a9724cc8842bf Change-Id: Ifcf9de8c82550a90a9fb118052d43fdbcdc6ca7e (cherry picked from commit 64d7be1e3d4552e06cbc53f788572e530cc5c3bb)
2017-09-14Make nova patching parameters configurable in NuageLokesh Jain2-0/+14
Nova patching parameters are available in nova.conf but are not configurable from tripleo-heat-templates. Exposing these parameters from Nuage composable services to make them configurable. It enables setting the patching parameters in environment files. This change depends on the addition of nova patching configuration parameters. Change-Id: Iacad25da044f2bac83ee5f577ddcd70650eb61e5 Depends-On: I51ef3e19daff1d98cfe5c2c16475c16e6a3e3e0f (cherry picked from commit f0041153eca8d82bb7f72dc68676cab8448ef037)
2017-09-14Rename service_workflow_tasks into workflow_tasksGiulio Fidente12-18/+18
Using the service_ prefix seems incoherent with its use in service_config_settings (vs config_settings). Change-Id: Ia39f181415bee0071409dabddfa0c5c312915e1f (cherry picked from commit 09137304b98a02ed024c0288da907cfe35ca5fe1)
2017-09-14Retry if the pacemaker_resource commands failedMathieu Bultel6-0/+36
Add a retry when the pacemaker_resource command wasn't apply correctly, more info here: https://bugzilla.redhat.com/show_bug.cgi?id=1482116 This is the same approach puppet-pacemaker uses and provides eventual consistency when multiple nodes change the cluster CIB concurrently. This change depends-on : https://review.gerrithub.io/375982 The return code is not available in the current ansible-pacemaker package. Change-Id: I8da03f5c4a6d442617b81be5793a9724cc8842bf (cherry picked from commit e92430d8d03fc2ce2d0ce192b96209f2c5c04169)
2017-09-13Merge "Enable redis TLS proxy in HA deployments" into stable/pikeJenkins1-26/+67
2017-09-13Merge "Add CephConfigOverrides to allow arbitrary configs in ceph.conf" into ↵Jenkins3-11/+20
stable/pike
2017-09-13Merge "Add RoleConfig output to major_upgrade_steps.j2.yaml" into stable/pikeJenkins3-16/+29
2017-09-13Merge "Enable selinux in containers" into stable/pikeJenkins1-0/+1
2017-09-13Merge "Add verbose output to containerized cell_v2 host discovery" into ↵Jenkins1-1/+1
stable/pike
2017-09-13Add RoleConfig output to major_upgrade_steps.j2.yamlSteven Hardy3-16/+29
I96ec09bc788836584c4b39dcce5bf9b80e914c71 added this output to the deploy-steps.j2, but missed adding this to the major upgrade template which means the overcloud RoleConfig output is broken after the upgrade (until the converge update switches back to the deploy-steps.j2 derived template) Closes-Bug: #1716404 Change-Id: I331fa18b456ca2d6c124316d513374e3fe5a5007 (cherry picked from commit 27018b4182d77abf612697cfe54a4fc3ceeb6be5)
2017-09-12Drop extraconfig for nova-nuageVineet Paul4-94/+45
Made the Compute as a composable service with Nuage. Moved all the Nuage specific parameters from extraconfig to be part of this service. Change-Id: Ic83e9c18d09fbba62bb5d8a12e28a23127f4197d (cherry picked from commit 4b1276b8f6fec22ac3764d58c4ef647535c85cb9)
2017-09-12Add CephConfigOverrides to allow arbitrary configs in ceph.confGiulio Fidente3-11/+20
We need to reuse the ceph_conf_overrides structure provided by ceph-ansible for both user provided configs and TripleO managed configs. This change merges the special user facing parameter with the TripleO generated configs. Also adds osd_scenario and osd_objectstore params for compatibility with newer ceph-ansible versions. Change-Id: I29c689c6c689590da5b6a3f581fdbec98a52e207 Closes-Bug: #1715321 (cherry picked from commit 32bc2abf14af4ca1449e18b848e2be3cff013987)
2017-09-12Merge "Add panko config to ceilometer notification agent container" into ↵Jenkins1-0/+9
stable/pike
2017-09-12Merge "Fixes OpenDaylight updating port status" into stable/pikeJenkins2-0/+7
2017-09-12Merge "Add a docker pull retry to docker-puppet.py" into stable/pikeJenkins1-4/+18
2017-09-12Merge "Add DhcpAgentNotification param to neutron base" into stable/pikeJenkins1-0/+5
2017-09-12Merge "Persist containerized services httpd logs" into stable/pikeJenkins19-22/+129
2017-09-11Enable selinux in containersOliver Walsh1-0/+1
We cannot use the --selinux-enabled docker daemon option on CentOS/RHEL 7.3. It will fail if security_inode_copy_up is not found in the kernel symbols: https://github.com/projectatomic/docker/blob/docker-1.12.6/daemon/daemon_unix.go#L661 NB this has been reduced to a warning upstream: https://github.com/moby/moby/commit/885b29df096db1d6746ece4b3a298a1ffe85716d Instead this just bind mounts /sys/fs/selinux in containers-common.yaml. Everything appears to work at initial glance. Pingtest succeeds, and live-migration between baremetal and containerized computes works. Change-Id: I018221bf7ae9ab9ece193b55f1ce31eb1591046c Closes-bug: #1715171 (cherry picked from commit 520f889a31f1ea6ee2bad86d1dbb3c0435604d10)
2017-09-11Add verbose output to containerized cell_v2 host discoveryOliver Walsh1-1/+1
Required to debug issues. Change-Id: I4d86c8d9ecc353a916475977eb6f2d842c812556 (cherry picked from commit dc64a1108e7bc23f92d77e75001fb42549731e3b)
2017-09-11Add panko config to ceilometer notification agent containerPradeep Kilambi1-0/+9
Without this, ceilometer notification agent cant find panko and skips posting events to it. Change-Id: Ibfeef5c557d1ceb11a999aa947597014ca94ec34 (cherry picked from commit 5437086ee744469b9daf8cd9edd600f7aa98dde6)
2017-09-11Enable redis TLS proxy in HA deploymentsMartin André1-26/+67
Redis does not have TLS out of the box. Let's use a proxy container for TLS termination. This commit enables redis TLS proxy for the HA deployment. bp tls-via-certmonger Change-Id: I45e539872a03878337def33c681c4577c1a5629e (cherry picked from commit c6d8df01d7aa8b44af9ac152b3bb08f07e2e02b7)
2017-09-11Merge "Add defaults for ceilometer-agent-compute upgrade tasks" into stable/pikeJenkins1-3/+3
2017-09-11Merge "Enable Ceilometer agent logging for containers" into stable/pikeJenkins3-3/+20
2017-09-11Add DhcpAgentNotification param to neutron baseTong Liu1-0/+5
Add DhcpAgentNotification param in neutron base yaml file to allow user to toggle dhcp_agent_notification for neutron. Change-Id: I31715f58e885ac0c1cd9d813f79df9906b780d99 Closes-Bug: #1713193 (cherry picked from commit 5ea728cba456f3833a626f86043f17427bca5d4f)