Age | Commit message (Collapse) | Author | Files | Lines |
|
This change allows running the major upgrade composable docker
steps multiple times by not trying to delete the pacemaker resources
if they're not reported as started or in master state.
Closes-bug: 1716031
Depends-On: I8da03f5c4a6d442617b81be5793a9724cc8842bf
Change-Id: Ifcf9de8c82550a90a9fb118052d43fdbcdc6ca7e
(cherry picked from commit 64d7be1e3d4552e06cbc53f788572e530cc5c3bb)
|
|
Add a retry when the pacemaker_resource command
wasn't apply correctly, more info here:
https://bugzilla.redhat.com/show_bug.cgi?id=1482116
This is the same approach puppet-pacemaker uses
and provides eventual consistency when multiple
nodes change the cluster CIB concurrently.
This change depends-on :
https://review.gerrithub.io/375982
The return code is not available in the current
ansible-pacemaker package.
Change-Id: I8da03f5c4a6d442617b81be5793a9724cc8842bf
(cherry picked from commit e92430d8d03fc2ce2d0ce192b96209f2c5c04169)
|
|
|
|
stable/pike
|
|
|
|
stable/pike
|
|
We need to reuse the ceph_conf_overrides structure provided by
ceph-ansible for both user provided configs and TripleO managed
configs. This change merges the special user facing parameter
with the TripleO generated configs.
Also adds osd_scenario and osd_objectstore params for compatibility
with newer ceph-ansible versions.
Change-Id: I29c689c6c689590da5b6a3f581fdbec98a52e207
Closes-Bug: #1715321
(cherry picked from commit 32bc2abf14af4ca1449e18b848e2be3cff013987)
|
|
stable/pike
|
|
|
|
|
|
We cannot use the --selinux-enabled docker daemon option on CentOS/RHEL 7.3.
It will fail if security_inode_copy_up is not found in the kernel symbols:
https://github.com/projectatomic/docker/blob/docker-1.12.6/daemon/daemon_unix.go#L661
NB this has been reduced to a warning upstream:
https://github.com/moby/moby/commit/885b29df096db1d6746ece4b3a298a1ffe85716d
Instead this just bind mounts /sys/fs/selinux in containers-common.yaml.
Everything appears to work at initial glance. Pingtest succeeds, and
live-migration between baremetal and containerized computes works.
Change-Id: I018221bf7ae9ab9ece193b55f1ce31eb1591046c
Closes-bug: #1715171
(cherry picked from commit 520f889a31f1ea6ee2bad86d1dbb3c0435604d10)
|
|
Required to debug issues.
Change-Id: I4d86c8d9ecc353a916475977eb6f2d842c812556
(cherry picked from commit dc64a1108e7bc23f92d77e75001fb42549731e3b)
|
|
Without this, ceilometer notification agent cant find panko
and skips posting events to it.
Change-Id: Ibfeef5c557d1ceb11a999aa947597014ca94ec34
(cherry picked from commit 5437086ee744469b9daf8cd9edd600f7aa98dde6)
|
|
Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.
This commit enables redis TLS proxy for the HA deployment.
bp tls-via-certmonger
Change-Id: I45e539872a03878337def33c681c4577c1a5629e
(cherry picked from commit c6d8df01d7aa8b44af9ac152b3bb08f07e2e02b7)
|
|
|
|
|
|
|
|
Store the httpd logs under dedicated /var/log/containers/httpd/
paths.
Additionally, add release notes describing upgrade impact
for containerized services logs.
Closes-bug: #1700045
Change-Id: I8120c56f2315700862bd0f708b8baa8910275b09
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit 287e84585ca9170570ce8d06eebd7f9a3ec3345c)
|
|
Co-Authored-By: Ian Main <imain@redhat.com>
Change-Id: Iad6d38690340f4a064a4527c58ed439d91fa5188
Closes-bug: #1715136
(cherry picked from commit d3b3361a76c2e8b188fa8e586d9fb7f3c60bb66f)
|
|
Change-Id: Ibeb28d7c497b02253d00a74257989cefba2b0cc4
(cherry picked from commit fc44ee6ff3553754c618349df3be7544b17e9c5f)
|
|
This change allows the upgrade non controller script, which loops
throug all steps, to complete by adding default values to be
evaluated in the steps where the vars are not registered.
Closes-Bug: 1715574
Change-Id: Ic056fc556240d1acc9f28a75f63c7628cc64da03
(cherry picked from commit d109c1d7a7d2f6302c39369de8a601bc0b2f6704)
|
|
For DPDK, vhost-user sockets are created on the host at
/var/lib/vhost_sockets directory, which will be used by
libvirt and openvswitch. This directory has the necessary
permissions and SELinux policies. Mount this folder for
libvirt container.
Change-Id: Id8be208d1b05886ac45dfdcf48fe766ee5724d1c
Partial-Bug: #1712732
(cherry picked from commit 3ea04744c22ae4cd2e1f2b77fc7d5ade012899e0)
|
|
|
|
|
|
stable/pike
|
|
Patch Ie09ce2a52128eef157e4d768c1c4776fc49f2324 added a new
set of upgrade tasks which were missing the 'tags' keyword.
Closes-Bug: 1715631
Change-Id: Ib1c1aadfbf58c9bccc18667934c8b3c5f38fafa4
(cherry picked from commit 7897d38274cb6435289bc4f4928f96b111e5b4f4)
|
|
This patch adds support for running the neutron SR-IOV agent in a
container.
Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f
Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec
Closes-Bug: #1715388
Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9
(cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)
|
|
Previously it was only possible to configure the overcloud with
an external Ceph cluster via puppet-ceph-external.
This submission adds a CephExternal implementation which uses
ceph-ansible.
Change-Id: Id0d375f88e27e91e9d89f25a0cd7388b6e45df8b
Depends-On: Ifc57c9cf6ca8017a2abc78d6320c0675ad49ca9f
Closes-Bug: #1714271
(cherry picked from commit 01e55c314de74579196518d958bf5be30e390409)
|
|
This patch allows usage of ceph-ansible to configure the RGW service
in the overcloud. Still uses puppet-keystone to create the necessary
user and endpoint in the catalog.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Iafa17bb64c54e40350b2ba7d76dea3d82fcab0e4
(cherry picked from commit 5b3cd1dcacff408bcb482bdea6cded8755a39ebb)
|
|
|
|
|
|
|
|
|
|
|
|
It's being mounted on the actual haproxy container, but not the init
one.
Change-Id: I66b69e0bb3642dbfeec767ef5216d515786b5b19
Closes-Bug: #1715132
(cherry picked from commit 03622e89ac3037b4d69d913586823e689b210688)
|
|
journal and snapshots folders hold data needed for update. This
patch mounts these folders and adds ODL log file in
/var/log/containers/opendaylight
Change-Id: I65c6183c2867b2ced6e6ef25896d80154857b7dc
Closes:Bug: #1714231
(cherry picked from commit 81dd0808d2a180d108f1159bc67f345fe6bf27d4)
|
|
|
|
|
|
We do not want a default value for the container image name parameters
and expect deployers to set this value instead.
Change-Id: I9377b7c3564360353aa6da2d2457b2cfacd4e9d6
Closes-Bug: #1714221
(cherry picked from commit fcc3259891ee67956d63c37217acdb999bc4bb65)
|
|
Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.
bp tls-via-certmonger
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9
Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b
Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit c2a93cf4c5d9d6b5ee0536380751a7a9540927cc)
|
|
This change removes the entry to containerise docker by default
because it should now be disabled since the change
Id2e6550fb7c319fc52469644ea022cf35757e0ce.
Removing the entry means the default mapping to mongodb-disabled.yaml
takes effect.
This change also modifies the upgrade_tasks so that the mongod service
is only disabled when the service exists. There appears to be upgrade
scenarios which fail because mongodb was never installed in the first
place.
Change-Id: Ie09ce2a52128eef157e4d768c1c4776fc49f2324
Closes-Bug: #1715031
(cherry picked from commit cb81cbe3b5f3887f5d690c590e52b728f74d43c3)
|
|
Capabilities were not properly escaped and ignored by ceph.
Change-Id: I099c3d9bad95ec69ac85fe406e3e1d4685ede439
Closes: #1713928
|
|
Currently for non controller upgrades we're looping through the
upgrade steps and run the upgrade tasks based on when conditionals
including the step number and the existing upgrade task condition.
Some of tasks fail because the variables used in when conditionals
are not available through all steps. This change adds default values
to these vars where possible or creates them for all steps to avoid
failures.
Related-Bug: 1708115
Change-Id: I5c731043cec8e31fc82ca98972a301baa7294c4f
(cherry picked from commit e2f00ef1dc98140087c81e202a520f549f9a0970)
|
|
Use a more restrictive mode for these files, as some may contain sensitive data
which shouldn't be world readable
Closes-Bug: #1714986
Change-Id: Ib1e79b1d4e25d6e329938402b1ca776bdab81bdd
(cherry picked from commit 94c7752cfae64d96124a32bc36ccd6ec7b4df4a7)
|
|
|
|
|
|
|
|
Get the path from the CONFIG_VOLUME_PREFIX environment variable.
This is useful for debugging and generate configuration files to
a different directory.
Change-Id: Ib85e3898804312ebb6677a5fa189fbfc357ce27c
(cherry picked from commit 0c62b6cd8d696befb1c0c31bb6e206199ce1edac)
|
|
Correct the zaqar service name to match the bootstrap host id name
Closes-bug: #1714253
Change-Id: Iced8f3a7e64d9023bd46a50629a56e087d1f6f24
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit d782f687cb7794e0491c0d0f6dc3d9b28196dc96)
|
|
Use a separate config_volume for swift_ringbuilder puppet_config tasks.
This is necessary so that the swift_ringbuilder and swift-storage
services don't both rsync files to the same bind mounted directory.
The rsync command from docker-puppet.py uses --delete-after, so when
they both use the same config_volume, they can end up deleting the files
generated by the other (depending on the order of execution).
Even though a separate config_volume is used, the rings must still end up
in /etc/swift for the swift services containers. An additional
container init task is used to copy the ring files into
/var/lib/config-data/puppet-generated/swift/etc/swift so that they will
be present when the actual swift services containers are started.
Change-Id: I05821e76191f64212704ca8e3b7428cda6b3a4b7
Closes-Bug: #1710952
(cherry picked from commit cba00abb7517efa6a8d9b8fb954563204323ffed)
|