Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
DVR+HA routers are officially supported, so this patch can be reverted.
This reverts commit ce39dbac56123354576d2c31674e1b18535b0111.
Conflicts:
environments/neutron-ovs-dvr.yaml
Change-Id: Ifeceb0c3ba01e81403903401ebfe69b9e9d7d2f2
|
|
This patch drops use of the vip-hosts.yaml service which can
cause issues during deployment because puppet 'hosts' resources
overwrite the data in /etc/hosts. The only reason things seem to work
at all at the moment is because our hosts element in t-i-e runs
on each os-refresh-config iteration and re-adds the dropped hosts
entries.
To work around the issue we add a conditional which selectively
adds the extra hosts entries only if the AddVipsToEtcHosts is set
to true.
Closes-bug: 1645123
Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
|
|
Until bug #1635409 is fixed, we can provide the full list of
services needed on the Compute role, plus CephOSD, in the
hyperconverged-ceph environment file, preserving the user
experience.
Change-Id: I42409bc098c740759b378969526e13efaf002d3c
Related-Bug: #1635409
|
|
This adds the necessary hieradata for enabling TLS for MySQL (which
happens to run on the internal network). It also adds a template so
this can be done via certmonger. As with other services, this will
fill the necessary specs for the certificate to be requested in a
hash that will be consumed in puppet-tripleo.
Note that this only enables that we can now use TLS, however, we still
need to configure the services (or limit the users the services use)
to only connect via SSL. But that will be done in another patch, as
there is some things that need to land before we can do this (changes
in puppetlabs-mysql and puppet-openstacklib).
Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118
Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
|
|
|
|
OVN natively implements services that are provided by Neutron agents.
This patch disables the Neutron DHCP agent as well as the OVS agent
for compute nodes.
Closes-bug: 1634580
Change-Id: I70631c2facbbf08257868e26e14af942ad7f2893
|
|
|
|
|
|
It had a wrong path and thus crashed when one tried to use it.
Change-Id: Ida4f899c76cce6e819d7e0effaf038f699763bee
Closes-Bug: #1643863
|
|
This change modifies the template interface to support containers and
converts the compute services to composable roles.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Steve Baker <sbaker@redhat.com>
Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b
|
|
Currently this is disabled via a conditional in the keepalived
profile in puppet-tripleo, but this will be incompatible with
the planned composable upgrades implementation. Instead we should
disable the service template by mapping to OS::Heat::None, and
ensure the haproxy manifest uses the t-h-t generated hiera value
keepalived_enabled instead of hard-coding a hiera override in the
haproxy template.
Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef
Partial-Bug: #1642936
Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
|
|
This integrates panko service api into tripleo heat templates.
By default, we will disable this service, an environment service
file is included to enable if needed.
Depends-On: I35f283bdf8dd0ed979c65633724f0464695130a4
Change-Id: I07da3030c6dc69cce7327b54091da15a0c58798e
|
|
|
|
|
|
We are noticing several tests failing in our low memory environment
because of timeout in neutron requests.
As an example the test
tempest.api.compute.servers.test_server_actions.ServerActionsTestJSON
fails because it requests to plug a vif, and send request to neutron,
which responds in more than neutron_url_timeout, and since the option
vif_plugging_is_fatal is set to True as default, the test fails.
Shortly thereafter, checking in neutron log you can see the request,
returning with the proper status, after more than neutron_url_timeout,
however, it's already too late once nova already marked the instance
with error status, and so the test fails.
Closes-Bug: #1641135
Change-Id: If0991c114f199490ac0deb71eb569a42d4711359
|
|
This patch adds an example increased value for NovaReservedHostMemory
and some documentation around tuning this value when DVR is enabled.
Closes-Bug: #1630583
Change-Id: I2718d72d307a1c90061606e5f36c96f964cd2fb5
|
|
The capitalization of OS::Tripleo is wrong compared to all other services
so correct this for avoidance of confusion when folks write custom roles_data
files or pass custom service lists via *Services parameters.
Change-Id: Ib73c80871b45586edb5774e90280ff89fc0d9895
Closes-Bug: 1640871
|
|
Change-Id: Ibabf09a8b6f35c9b086efeffcf7db89ab8d6b63b
|
|
|
|
The command-line options for Neutron network settings have been
deprecated in favor of setting parameter defaults in environment
files. This update includes the most common settings which were
previously set using CLI options in the sample
network-environment.yaml. This should also make it possible to
deploy in virtual environments without editing any files, since
the network-environment.yaml will include sane defaults.
Change-Id: Ieae59dfec287b9e5424a2e560de9f7b1bd598536
|
|
|
|
|
|
Updated plugin name for configuring Nuage.
Nuage plugin name changed after Liberty release
and needs to be updated at all instances.
Updated neutron-nuage-config.yaml file to reflect
the change.
Change-Id: I7cce9a07b909ab59bf249439eec0833afce5cca6
Closes-Bug: #1635033
|
|
|
|
|
|
|
|
We lost ability to store Glance images in NFS mounts as we moved to NG
HA architecture. This patch re-adds that ability, but the parameter
interface changes because the semantics change as well. (Pacemaker
allowed for different mounts than just NFS so the parameters were more
generic, although we only ever tested and documented NFS usage.)
Change-Id: Ic5197e09846bbf75d780dcc74da1717dcf8301d0
Related-Bug: #1635606
|
|
|
|
Adds new puppet specific services for Mistral
API and Mistral Engine.
This submission enables the mistral service by default in the
overcloud, a following submission will disable it and make it
optional by enabling it on demand based in an environment file.
Depends-On: Iae42ffa37c4c9b1e070b7c3753e04c45bb97703f
Depends-On: I942d419be951651e305d01460f394870c30a9878
Depends-On: I6cb2cbf4a2abf494668d24b8c36b0d525643f0af
Implements: blueprint composable-services-within-roles
Co-Authored-By: Carlos Camacho <ccamacho@redhat.com>
Change-Id: Id5ff9cb498b5a47af38413d211ff0ed6ccd0015b
|
|
|
|
Change-Id: Ib945e570556e8e10e5bb07faa57270958c9eda99
|
|
This adds an environment file that can be used to enable TLS in
the internal endpoints via certmonger if used. This will include
a nested stack that will create the hash that will be used to
create the certmonger certificates.
When setting up a service over apache via puppet, we used to disable
explicitly ssl (which sets modd_ssl-related fields for that vhost).
We now make this depend on the EnableInternalTLS flag. This has only
been done for keystone, but more services will be added as the
puppet code lands
bp tls-via-certmonger
Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039
Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c
|
|
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: If2804b469eb3ee08f3f194c7dd3290d23a245a7a
Depends-On: I091ecfbcb2e38fe77203244ac7a597aedcb558fb
Change-Id: Iacc504fc4fa2d06893917024ce2340d3fb80b626
|
|
EnableOpenDaylightOnController was not very composable. Removing this
parameter to make the service truly composable. Also fixes missing
local_ip setting for OVS, required for VXLAN or GRE tenant networks.
Closes-Bug: 1633625
Depends-On: Ia55c05e12d5d434111a13e1ed795da530e3ff4a5
Change-Id: I0e07e1631793311334d1436ee8fdf9af2802ba70
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
This is not needed with ODL and actually triggers deployments to fail
due to missing ODL username/password info on compute nodes.
Depends-On: Ifd906db4e6062ac271c2147fe1149b1009d06ae2
Closes-Bug: 1633630
Change-Id: Ib88e8ef91c393d30c44b86a932103f5a294bc547
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
|
|
- Custom config has to contain OpenStack auth information,
so it has to be generated for user during deployment.
This patch maintains the ability to provide a custom
configuration for the Sensu client.
Change-Id: If449642c4bbad683421e1f461b8721e655db0c45
|
|
|
|
Introduce a new environment template that enables the Debug parameter.
By default the value is set to "true".
Change-Id: Ieac59de42ffef6afa5d8f10ef1925c32c7dc8551
|
|
|
|
Depends-On: I04e28a95e8d69a24cd3df109bf1802bfcbd941db
Change-Id: I4ada033155e5fde0add08ec9aa8f6af7c31d53f3
|
|
|
|
In Newton, ceilometer api is changed to run under apache wsgi
instead of eventlet. This will require upgrades for mitaka
deployments to switch to wsgi.
Closes-Bug: 1631297
Change-Id: If9d6987cd0a8fc5d3f9de518ba422d97d5149732
|
|
This default setting got lots in the composable roles/services patches.
Re-enable the ManageFirewall setting by default per what we did in
git commit 73c76b867ddc8a23a30b9a3cac4031189d4178c6.
We also fix a typo in neutron-api.yaml so that the firewall rules
matches to service_name. (otherwise it won't get loaded).
Also, drops the environments/manage-firewall.yaml which is
no longer needed if we enable firewall management by default.
Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b
Closes-bug: 1629934
|
|
|