AgeCommit message (Collapse)AuthorFilesLines
2017-11-02Fix nova-cpu/collectd hieradataEmilien Macchi1-1/+1
Probably a typo, never caught or even tested. Change-Id: Iaf75edb421a19cb69bf3ead59c83bf812c653f0b Closes-Bug: #1729479 (cherry picked from commit 24f859c01826eb12256cf1a5cd63b8bb1c0e234c)
2017-11-02Merge "Disable MongoDB in scenario002" into stable/pikeZuul2-4/+4
2017-11-02Merge "Fix standalone ControllerOpenstack vars" into stable/pikeZuul2-11/+26
2017-11-02Add NetIpMap to hieradata for *ExtraConfig overridesSteven Hardy1-0/+2
To enable per-node override of bind IPs via the per-role ExtraConfig paramaters, we need to enable hiera interpolation that references the keys defined in NetIpMap, so we add them to the hieradata. To minimise the risk of any conflicts in keynames it's added near the bottom of the hierarchy, but I'm not aware of any conflicting names in our templates/modules. This will allow per-node hieradata override of bind IPs e.g: parameter_defaults: ComputeRack1ExtraConfig: nova::vncproxy::host: "%{hiera('rack1_internal_api')}" ComputeRack2ExtraConfig: nova::vncproxy::host: "%{hiera('rack2_internal_api')}" Closes-Bug: #1726884 Change-Id: Icf7da1d78176c2ee0197ff2459d69d995cbb16ad (cherry picked from commit 65a8b65754d2ea77ec2396658d4e73eb837d34bd)
2017-11-02Merge "Switch RabbitFDLimit to a Puppet integer" into stable/pikeZuul1-1/+1
2017-11-02Merge "Force memcached container log to file" into stable/pikeZuul1-1/+9
2017-11-02Merge "Enable neutron-lbaasv2 UI in Horizon" into stable/pikeZuul1-0/+3
2017-11-02RHSM: do not use retry to deploy katello-agentEmilien Macchi1-1/+1
katello-agent is an optional package, we don't want to use retry. The package is available or not. Fixing a regression from https://review.openstack.org/#/c/386529 Since we use "| true", we can't really use "retry" here. Change-Id: Id8cd9ac54e158ee1743b2f72b169b3a066f69168 Closes-Bug: #1728614 (cherry picked from commit d9f7b01c6c21b306005bad12fcab103b0a9e7591)
2017-11-01Only mount selinux sysfs in nova_libvirt containerOliver Walsh2-1/+1
https://review.openstack.org/500952 initially just did this. Then we assumed every container should have the selinux sysfs. This causes issues with the sshd container used for live-migration. The advice from the selinux experts is that it should not be enabled within containers, so reverting back to the original fix that enables it only in the nova-libvirt container. Closes-bug: 1729405 Change-Id: I80bf38d7d64ab99510574af5c57423fde9b84eca (cherry picked from commit 7c8127cf96a281dd5cee96e1a68bc0508b9ba4e7)
2017-11-01added level of indirection causes incorrect hiera configAditya Vaja2-21/+19
- until Newton this worked fine, however starting with Ocata, we do not need the key 'mapped_data' - having it results in extra indirection in the dictionary in neutron_bigswitch_data.json Closes-Bug: #1729453 Change-Id: I3bc9940aeff4e290d83de95a7df294c11f061954 (cherry picked from commit 485339129cee8f5d3223cf47858a5c9f79b0a8de)
2017-11-01Add tags to baremetal cron removal tasksDan Prince4-0/+4
In 59e29b17f4a9f5f65b6f8a7b8e82ef6426d8a51 we forgot to add tags to the Ansible tasks to remove the baremetal cron jobs at step 2. (cherry picked from commit 1128271b460b120a2a59eac3df95082c55e554d0) Change-Id: I23fb134b88336ebc4eb1a97a69a2d73d4ef0edb2 Related-bug: #1708466
2017-11-01Force memcached container log to fileJuan Antonio Osorio Robles1-1/+9
We were relying on the sysconfig options to set the memcached log file, however, this is not happening, as the redirection is being taken as an option and ends up being ignored by the memcached command. So instead, we set the redirection in the container template. Change-Id: Ic94e3fd7884d518eb9558c53acdc6b294823cd0a Closes-Bug: #1720183 (cherry picked from commit ca1fc5848661aacbf14b52e33879190c133c8e48)
2017-11-01Merge "Fix permissions for dockerized horizon" into stable/pikeZuul1-1/+1
2017-10-31Fix standalone ControllerOpenstack varsAlex Schultz2-11/+26
As we've moved to more dynamic generation of variables, the correct variable names are *ControllerOpenstack* not *Controller* for the example standalone environment. Change-Id: Iaa39de9d8794a856e76cc9995d046484632cf604 Closes-Bug: #1721877 (cherry picked from commit 536d1c4af59dc22164666be5cb1826115fdfdeb9)
2017-10-31Merge "Set verbosity by default for memcached" into stable/pikeZuul1-0/+1
2017-10-30persist memcached logs in /var/log/containers/memcached/memcached.logJuan Antonio Osorio Robles1-3/+3
We used to bind-mount /var/log/memcached.log, but this resulted in the file being createdin the memcached container as a directory, since this file didn't exist. This commit takes the approach of other containers and gets the logs to a memcached directory in /var/log/containers. Change-Id: I926b65fa557ad56b4faa2be34452b58f7b01247a Closes-Bug: #1720183 (cherry picked from commit 5020f38301a9a0a70f34878196250e24fc639dec)
2017-10-30Set verbosity by default for memcachedJuan Antonio Osorio Robles1-0/+1
This sets of one level of verbosity for memcached by default. This allows us to see any errors or warnings in the logs. Change-Id: Icc6f56c9e0ee6100286d07c8b6660a08baabb241 Related-Bug: #1720183 (cherry picked from commit 15ad21ba08e92b302318bdc34112601ce666ff35)
2017-10-30Update CephPools format in the docker templates to fit ceph-ansibleGiulio Fidente3-17/+25
The format which ceph-ansible uses to describe the list of pools to be created in the cluster is different from the one which puppet-ceph uses; this commit updates the description and the the docker templates accordingly. Change-Id: I1e5b2c3cbf6ae02c19a2275ca119fed6e173319d Closes-Bug: #1720373 (cherry picked from commit c10aa7a0439fb7d8e8e964e75d73f3cbb54aa9ec)
2017-10-30Switch scenario004-containers to use ceph-ansibleJiri Stransky2-24/+24
Use ceph-ansible to match the non-containerized variant of scenario004. Depends-On: I137ca9a005df6e95a59a4d629eb94bda6ef00d3a Depends-On: I6acac1826271efcd4d1acf6633bde6eb8a653f44 Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: I1b3c57a2cfda9e74457f17504f51d5b30c5d381d (cherry picked from commit 4e85813d368b94f588471d9bdc4a04d04d3be541)
2017-10-29Enable Cinder as a backend for GlanceAlan Bishop5-6/+20
Enable Cinder as a backend for Glance by adding 'cinder' to the list of allowed choices for the GlanceBackend heat parameter. Update the glance-api docker configuration to allow the feature to work. This is necessary because the feature uses iSCSI, which requires additional privileges. Closes-Bug: #1728409 Depends-On: I850047e32f3608b3ce490e52e2e540695cb1a4ff Change-Id: I42241747de931103a04aa5ee2ed18fd46197d183 (cherry picked from commit e828e8c7bb2e890b243faa767992226dc270bb6f)
2017-10-27Disable MongoDB in scenario002Michele Baldessari2-4/+4
We have disabled mongo by default in containers via: Id2e6550fb7c319fc52469644ea022cf35757e0ce Disable mongodb by default Ie09ce2a52128eef157e4d768c1c4776fc49f2324 Containerized mongodb, disable by default, fix upgrade Let's not use it in scenario002 either. NB: Not entirely clean cherry-pick due to scenario002-multinode-containers.yaml having many more services in master than in pike. Change-Id: I0d2df25ed797ffb8425ba81736526d3688e5de5c Closes-Bug: #1724679 (cherry picked from commit 900416d9809bf4446c0c037128edb033ab9b3bcc)
2017-10-26Enable neutron-lbaasv2 UI in HorizonCédric Jeanneret1-0/+3
Change-Id: I4a09343c59da86daf4e6f00a59f7734c8adb209f Depends-On: I66839e2c42e654a02e5409c6137e479cfb7b385f Partial-Bug: 1724471 (cherry picked from commit 97879c3ce6dcf06908180a06147bd386580ed5ae)
2017-10-26Run containerized mistral-api eventletMartin André1-1/+35
The mistral-api container image we use doesn't have the necessary packages to run via wsgi and this cause puppet to error with: "Notice: /Stage[main]/Mistral::Wsgi::Apache/Openstacklib::Wsgi::Apache[mistral_wsgi]/File[mistral_wsgi]: Dependency File[/var/www/cgi-bin/mistral] has failures: true", Fallback to eventlet mistral-api for the time being until we get a usable mistral-api image. Change-Id: Ic10c579aa3b6d0d6a01f120669be3b5dcc5efcda Depends-On: I54627f1c5a8867738a55bee42075bb6087830c61 Related-Bug: #1724607 (cherry picked from commit e158acb14c4ed92be1a5b961ff1e8ff99b1a5ae3)
2017-10-25Fix /etc/openstack-dashboard/ permissions for access to *policy.jsonRhys Oxenham1-0/+6
The Kolla Dockerfile sets the permissions for /etc/openstack-dashboard/ to horizon:horizon. We need this to be readable by the apache user as the horizon user is not the user in which httpd runs with. We may want to consider fixing this in the upstream Dockerfile instead, e.g. checking if we're using centos/rhel and changing the permissions that way. I'm not sure why it's set to horizon:horizon upstream, and I'm keen not to break any existing functionality that relies on the horizon based permissions. Closes-Bug: #1723125 Change-Id: If5feebae38f7fdfffa60bfaedc4521f676006484 (cherry picked from commit fd657aa4e68de7ad239a88525b5ae343acd3bf80)
2017-10-24Merge "ci-ovn: Disable Swift services in scenario 007 container job" into ↵Zuul1-0/+3
2017-10-24Merge "Create short lived ssh key for enable-ssh-admin.sh" into stable/pikeZuul1-2/+31
2017-10-24nova-placement: switch auth_uri to keystone versionless endpointOliver Walsh1-1/+1
Appears this was missed in I8046f2eed0b9a7da76d6d7c3507a92bf5054b000 Change-Id: I901533f7ab2de2ec0fd1c2bfef8aa8f767c45963 Partial-Implement: blueprint keystone-v3 (cherry picked from commit 4add59c5413e9b36675f07f0c3d0fedbf156b04c)
2017-10-24Merge "Disable SwiftDispersion when using docker" into stable/pikeZuul1-0/+2
2017-10-24Merge "Support for Satellite Capsule in rhel-registration" into stable/pikeZuul2-9/+15
2017-10-23Disable SwiftDispersion when using dockerMichele Baldessari1-0/+2
We currently have the following in the registry: OS::TripleO::Services::SwiftDispersion: puppet/services/swift-dispersion.yaml Since this service is included by default in the Controller role it will be installed on the host even on a containerized deployment. Let's noop this in docker.yaml until a containerized version of it gets merged. Change-Id: Ic2793d0cfb7b20f4661cb1a45793cae67a4868b4 Closes-Bug: #1723788 (cherry picked from commit 0c8ba9651734a0e6180ca443c87c8c8ca5169d6c)
2017-10-23ci-ovn: Disable Swift services in scenario 007 container jobNuman Siddique1-0/+3
Closes-bug: #1722758 Change-Id: I0161c534807ca45e2d2b6fcace5fc3e26eb450a2 (cherry picked from commit 7e398bf18910e062415ce4e70236ce98577aed13)
2017-10-23Create short lived ssh key for enable-ssh-admin.shJiri Stransky1-2/+31
Instead of using the key provided by user on the command line, create a new short-lived key, give it to Mistral to create a tripleo-admin user with it, and remove the short-lived key. Co-Authored-By: John Fulton <fulton@redhat.com> Change-Id: I6e6ed83fa62319d59d7289b16a1412a340ea6b26 Closes-Bug: #1724578 (cherry picked from commit b0e72c1413c9441aa592b56583e87715e7096152)
2017-10-23Remove deprecation handling from custom rolesJames Slagle1-22/+0
For deployed-server custom roles, the deprecation handlings are removed. As these have always been custom roles with definitions generated from role.role.j2.yaml, these original (now deprecated) param names were never present for anyone using this deployed-server roles data file. Specifically, deprecated_server_resource_name is quite troublesome as it will cause the server resources to get replaced on upgrade as the resource name changes. These were all introduced in If4a8388634fb1dcbb47beeabbd3db005abc80d4e, and this commit removes them. Change-Id: I1c1267f19db972b55466f4649eda62dd7814b94a Closes-Bug: #1723177 (cherry picked from commit 6e7a431df0b7790512eb1920500b8878701c691a)
2017-10-23Merge "Also match config volumes for /var/lib/config-data/puppet-generated/" ↵Zuul1-5/+7
into stable/pike
2017-10-23Merge "Disable xinetd class when creating swift-storage puppet ↵Zuul1-1/+4
configuration" into stable/pike
2017-10-19Merge "Remove Heat Cloudwatch API during upgrade and disable by default" ↵Zuul4-1/+66
into stable/pike
2017-10-19Merge "Fix some missed hard-coded network references" into stable/pikeZuul2-60/+16
2017-10-19Merge "Remove monitor_interface from ceph-ansible parameters" into stable/pikeZuul3-3/+0
2017-10-19Disable xinetd class when creating swift-storage puppet configurationMichele Baldessari1-1/+4
Due to missing puppet invocation with --detailed-exitcodes we ignored a large amount of puppet errors during deploy. Swift storage fails during the puppet_config step with the following error: Debug: /Stage[main]/Swift::Storage::Object/Swift::Storage::Generic[object]/Package[swift-object]: Not tagged with file, file_line, concat, augeas, cron, swif t_proxy_config, swift_config, swift_container_config, swift_container_sync_realms_config, swift_account_config, swift_object_config, swift_object_expirer_con fig, rsync::server Debug: /Stage[main]/Swift::Storage::Object/Swift::Storage::Generic[object]/Package[swift-object]: Resource is being skipped, unscheduling all events Debug: Executing: '/usr/bin/systemctl is-active xinetd' Debug: Executing: '/usr/bin/systemctl is-enabled xinetd' Debug: Executing: '/usr/bin/systemctl unmask xinetd' Debug: Executing: '/usr/bin/systemctl start xinetd' Debug: Runing journalctl command to get logs for systemd start failure: journalctl -n 50 --since '5 minutes ago' -u xinetd --no-pager Debug: Executing: 'journalctl -n 50 --since '5 minutes ago' -u xinetd --no-pager' Error: Systemd start for xinetd failed! The problem is that by using the rsync::server tag we end up including the xinetd class automatically which will try to start a service inside a container. By nooping the xinetd class, we're able avoid systemctl calls and have a successfuly deployment. The resulting swift_rsync container seems to work correctly: [root@overcloud-controller-0 ~]# docker exec -it swift_rsync /bin/bash -c "ps -axuwf" USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 10 0.0 0.0 47444 1624 pts/1 Rs+ 18:16 0:00 ps -axuwf root 1 0.0 0.0 188 4 ? Ss 17:27 0:00 /usr/local/bin/dumb-init /bin/bash /usr/local/bin/kolla_start root 6 0.0 0.0 11036 924 ? Ss 17:27 0:00 /usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf [root@overcloud-controller-0 ~]# docker logs swift_rsync 2>&1|tail -n4 INFO:__main__:Deleting /etc/rsyncd.conf INFO:__main__:Copying /var/lib/kolla/config_files/src/etc/rsyncd.conf to /etc/rsyncd.conf INFO:__main__:Writing out command to execute Running command: '/usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf' Change-Id: I5e43e8fd61e002d2acc56a7de52e6aae64ab60be Closes-Bug: #1723463 (cherry picked from commit b5eeeab73e12efecc86ea7deebc105eee0739510)
2017-10-19Support for Satellite Capsule in rhel-registrationEmilien Macchi2-9/+15
For deployments running on RHEL with Satellite 6 (or beyond) with Capsule (Katello API enabled), the Katello API is available on 8443 port, so the previous API ping didn't work for this case. Capsule is now supported since we just check if katello-ca-consumer-latest rpm is available to tell that Satellite version is 6 or beyond. Closes-Bug: #1716777 Change-Id: If76763b367917fc15f609ad144679750602826eb (cherry picked from commit ad3ea5bb7a2ee2cb1ae6b1d21b2f0b5a177c9fc6)
2017-10-18Sync deployed-server-roles-data and roles-dataEmilien Macchi1-81/+208
deployed-server-roles-data was out of sync and missing some parameters introduced in Pike cycle: This patch syncs the roles_data between 2 files. Change-Id: If4a8388634fb1dcbb47beeabbd3db005abc80d4e Closes-Bug: #1723177 (cherry picked from commit 0e6c86dc123e9f558c4d3d594ff50e85dd00171f)
2017-10-18Also match config volumes for /var/lib/config-data/puppet-generated/Steven Hardy1-5/+7
Some services only mount this directory, not /var/lib/config-data/$service so handle this case in the docker-puppet code that maps the mounted volumes to the services when adding the config hash to the container environment. Change-Id: I3bdb7609f322458584ac9597ffbfefb057b84646 Closes-Bug: #1720208 (cherry picked from commit 3a932b056914d148fa460b8890fc0e631c817a40)
2017-10-17Remove Heat Cloudwatch API during upgrade and disable by defaultmarios4-1/+66
This adds a heat-api-cloudwatch-disabled.yaml and wires it up in the resource registry. During the Ocata to Pike upgrade this service will thus be stopped and disabled by default. If you wish to keep the Heat Cloudwatch API then you should instead use the provided heat-api-cloudwatch.yaml environment file. Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6 Related-Bug: 1713531 (cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)
2017-10-17Merge "Fix ConfigDebug for puppet host runs" into stable/pikeZuul2-1/+11
2017-10-16Merge "Fixes dynamic networks falling back to ctlplane" into stable/pikeZuul2-1/+10
2017-10-16Fix ConfigDebug for puppet host runsMichele Baldessari2-1/+11
Before pike we used to be able to add -e environments/config-debug.yaml and that would give us debug logs for puppet. With the move to ansible running puppet we lost this feature. Let's make sure that the old ConfigDebug variable still works with the ansible playbook-based deploy steps. With this patch and ConfigDebug set to true, we correctly get the puppet debug logs: TASK [debug] ******************************************************************* ok: [localhost] => { "(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))": [ "Warning: Undefined variable 'deploy_config_name'; ", " (file & line not available)", "Warning: This method is deprecated, please use the stdlib validate_legacy function, with Stdlib::Compat::Bool. There is further documentation for validate_legacy function in the README. at [\"/etc/puppet/modules/ntp/manifests/init.pp\", 54]:[\"/etc/puppet/modules/tripleo/manifests/profile/base/time/ntp.pp\", 29]", " (at /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:25:in `deprecation')", "Debug: Runtime environment: puppet_version=4.8.2, ruby_version=2.0.0, run_mode=user, default_encoding=UTF-8", "Debug: Loading external facts from /etc/puppet/modules/openstacklib/facts.d", "Debug: Loading external facts from /var/lib/puppet/facts.d", .... Change-Id: Ia726fb8ca4a6f7bbbd7a1284d76ff42df6825d01 Closes-Bug: #1722752 (cherry picked from commit ecc6ce340aea59faaee4c2a49cd6d6fb90d8ed35)
2017-10-16Switch RabbitFDLimit to a Puppet integerEmilien Macchi1-1/+1
Type changed in: https://github.com/voxpupuli/puppet-rabbitmq/commit/20d159dc6f08357bca4b01fdbe3521e4dc56f634 We need to update it otherwise we get a Puppet error. Change-Id: If03b7363295f1f529b7acf4a008ff63da8fef173 Closes-Bug: #1723665 (cherry picked from commit 24c756616c7a489e9bf43b6c5974e400815462ea)
2017-10-16mysql: expose IPv6 configuration to mysql puppet modulesDamien Ciabrini2-0/+8
When deploying on IPv6 networks, set a hiera key that can be consumed by puppet modules to configure MySQL or Galera appropriately. Currently, this is required for configuring SST encryption in Galera when Internal TLS is enabled [1]. [1] I1d6ee8febb596b3ab9dcde3a85a028ee99b2798c Change-Id: Ia857350ac451fc1bda6659d85019962d3a9d5617 Partial-Bug: #1719885 (cherry picked from commit ff0a0dd987f4bcb997b271572ff0c901ed71d99b)
2017-10-14Merge "Hardcode tag-stable-3.0-jewel-centos-7 in scenario001-containers" ↵Jenkins1-1/+1
into stable/pike
2017-10-14Remove monitor_interface from ceph-ansible parametersGiulio Fidente3-3/+0
We should not pass any hardcoded value for monitor_interface and rely on monitor_address_block only instead. Also removes journal_collocation which is not consumed by newer (and stable) builds of ceph-ansible. Change-Id: Idf213a1f43a66506f76d07102f122839b5096948 Closes-Bug: #1715246 (cherry picked from commit 3e90ae3df5a7c5491672254733ceac163b34a395)