Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
This patch adds parameters to configure alternative version
of the Zaqar messaging and management backends.
The intent is to make use of these settings in the
containers undercloud to use swift/mysql backends as a default
thus avoiding the dependency on MongoDB.
Change-Id: Ifd6a561737184c9322192ffc9a412c77d6eac3e9
Depends-On: Ie6a56b9163950cee2c0341afa0c0ddce665f3704
Depends-On: I3598e39c0a3cdf80b96e728d9aa8a7e6505e0690
|
|
Updates hieradata for changes in https://review.openstack.org/471950.
Creates a new service - NovaMigrationTarget. On baremetal this just configures
live/cold-migration. On docker is includes a container running a second sshd
services on an alternative port.
Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd
containers.
Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427
Implements: blueprint tripleo-cold-migration
Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc
Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12
|
|
|
|
Change-Id: I3ea7c0c7ea049043668e68c6e637fd2aaf992622
Partial-Bug: 1700664
|
|
|
|
|
|
This patch removes more of the DockerNamespace references as part
of the cleanup/reorg of the container configuration patches.
This also adds a centos-rdo environment file for use with
the new interface. This file was generated with the command
"openstack overcloud container image prepare"
Depends-On: I729fa00175cb36b02b882d729aae5ff06d0e3fbc
Depends-On: I292162d66880278de09f7acbdbf02e2312c5bb2b
Co-Authored-By: Dan Prince <dprince@redhat.com>
Change-Id: Ice7b57c25248634240a6dd6e14e6d411e7806326
|
|
|
|
Adds upgrade_tasks to remove the pacemaker resources using the
ansible-pacemaker module.
Resources are disabled and removed in step2 (called only on
bootstrap node) and then the cluster stop is moved to step3
The existing systemd/service call is kept but only to disable
services after they are disabled/deleted from the cluster.
Related-Bug: 1701485
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: Ia597d240ea5834c50a8f6c4fac0b6ed417b8535c
|
|
|
|
Some of the tasks carried by nova::compute::rbd class apply to the
compute service, others to the libvirt service so it needs to be
included in both.
Change-Id: I28557deb13b75922932cd3e86c3467a541c988d0
|
|
|
|
|
|
This currently assumes nova-compute and iscsid run in the same context which
isn't true for a containerized deployment
Change-Id: I11232fc412adcc18087928c281ba82546388376e
Depends-On: I91f1ce7625c351745dbadd84b565d55598ea5b59
Depends-On: I0cbb1081ad00b2202c9d913e0e1759c2b95612a5
|
|
|
|
This removes the default container names from all the templates
and uses a single environment file to specify the full container
name and registry from which to pull. Also does away with most
of DockerNamespace.
Change-Id: Ieaedac33f0a25a352ab432cdb00b5c888be4ba27
Depends-On: Ibc108871ebc2beb1baae437105b2da1d0123ba60
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Steve Baker <sbaker@redhat.com>
|
|
Docker services are missing the pre-upgrade validation task
in the upgrade_tasks section which verifies if the service
is running before stopping it.
Change-Id: Ia8c25827d0d6f34e0345c3946dfd6839a7116e04
Partial-Bug: #1704389
|
|
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.
Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).
Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
|
|
|
|
|
|
|
|
|
|
|
|
This patch updates the ironic-api docker service so that it
generates its config files in a unique config root. This
ensures that it doesn't have config files in the httpd
conf.d directory for both the API and PXE services thus
causing the API container to attempt to launch both of them.
This functionally fixes the Ironic API and PXE services with
docker so they once again can bring up an overcloud.
Change-Id: I537cd6a3337bf776ca38a279b7c130b6429eea04
Closes-bug: #1702799
|
|
|
|
Change-Id: I797eea2f7788f65411964ccb852b5707e916416f
Partial-Bug: #1668922
|
|
This change enables the puppet cron resource in docker-puppet.py and adds user
crontabs to the paths copied from the config containers.
Only the nova crontab is configured for now. Other services will require
similar changes to run their crontabs.
Partial-Bug: 1701254
Change-Id: I2d1d0f0d77908a132472cf4bc475f8bd526af504
Depends-On: Ie16fb4539481a3c192cff8220a97daa4c70467fc
|
|
The default in non-containerized environments is to run rsync within
xinetd for Red Hat-based deployments, however in an containerized
environment this is not really needed. Therefore run rsync directly
without being started by xinetd.
Change-Id: I08abd917eba08d1192437ddf96c71b06d099a3f8
|
|
When using LVM/iSCSI backend, cinder-volume tries to modprobe configfs
module. We need the modules dir bind mounted for this to succeed.
Co-Authored-By: Gorka Eguileor <geguileo@redhat.com>
Change-Id: I7bfeaa66915e663726acdf3458db80821fbd3d6b
Closes-Bug: #1701321
|
|
Disabling udev usage from LVM seems to be the only observed working
way of running containerized cinder-volume with local LVM backend.
I didn't come across reports that not using udev would have negative
impact on the functionality.
Additional info at
https://groups.google.com/forum/#!topic/docker-user/n4Xtvsb4RAw
Change-Id: I491795deab0c37d1bad3b50524481e0b76529667
Depends-On: I1bf395a6228dba66fa6bf9b8bcc9f3ac3d922a49
Closes-Bug: #1700982
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
This commit applies the same change that was applied in
Id2df144b678769def204961236624091d4e5c457 for the non-ha case.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
|
|
This solves a problem with bind-mounts when the containers are holding
files descriptors open.
At the same time this makes the template more robust to puppet changes
since new config files will be available in the containers without
needing to update the templates.
Partial-Bug: #1698323
Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
|
|
Before it was Congress, let's stay consistent and stop using CongressApi
in Docker service, because we release.
Change-Id: Id939b3d70e185da4279f3860812fa5dce27d64dd
|
|
This ensures the update only occures on the primary node.
Change-Id: Id58eb9dac65dc178fa863c9bc44b1ed440e26a77
|
|
|
|
|
|
Depends-On: I020550ede0ef981582392cf6c48dd5cb5823a074
Depends-On: I610b07a3c2bcf1c3288f76112a08b81c50e06913
Depends-On: I3d378044b3da5309b60967a12df7800520a254dc
Depends-On: I9c32b41ef865a09587f3ebfe8b8a896031fbd285
Depends-On: Ib31bf29bc69f5c58e98b99c3e598b19c99efc77f
Change-Id: I36c7390ddb4192e55ee56006fd6e9c5f8704445c
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
Change-Id: I521e89994e9be6efd335c5809810d9188dc1742f
Closes-Bug: #1684908
|
|
|
|
This is necessary for accessing the bind mounted hieradata in the
container in order to determine if the node is the primary node.
With the new validation added to yaml-validate.py, we could spot
potential issues in sahara-api and keystone bootstrap tasks.
The keystone one is a false positive, as the image defaults to the root
user in order to be able to run apache. Still, it is better to be
consistent here and specify the root user nonetheless.
Change-Id: Ib0ff9748d5406f507261e506c19b96750b10e846
Closes-Bug: #1697917
|
|
Change-Id: I6a53a56c534f24cb514d8aeb8cec3d7865b93448
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: Id2df144b678769def204961236624091d4e5c457
|
|
|
|
|
|
|