Age | Commit message (Collapse) | Author | Files | Lines |
|
Previously we had to override the location of the manifest file
pushed on the controller nodes when deploying with Pacemaker, this is
not needed anymore with composable roles.
Change-Id: I1e010099263a325d06483f498c70582b008c31e2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This patch updates the endpoint map for Zaqar websockets
so that we use ws (or wss for SSL) instead of the http varients.
This should help resolve protocol issues when trying to make
connections to the websocket API.
Change-Id: Iea88d1e30299cb621424740a39d498defa371ca4
|
|
This switches to using overcloud-full as the OS image for
containerized compute. It includes the following changes:
- install docker, until this change lands
I1eab2a6de721c8f3c21c7df0019f2d4d1cc3775f
- agent image pull has been removed. This avoids a race between docker
starting and the current call to pull. This relies on "docker run"
to do the initial pull and leaves open the option of some other
prefetch mechanism to do the initial pull
- rely on unit Conflicts= to ensure heat-docker-agents and
os-collect-config do not run at the same time
- tweaks to host bind mounts
- removal of commands which only apply to atomic
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I2e82634785834a877a4dbdbdcd788a9ac1c14a9d
|
|
Currently when the docker environments are invoked, every node has the
boot script run which replaces os-collect-config with the heat-agents
container. This should only be happening on Compute nodes currently,
and each role will be converted to heat-agents one at a time.
This change implements a role-specific NodeUserData resource and uses
that mechanism to run docker/firstboot/install_docker_agents.yaml only
on Compute nodes.
Change-Id: Id81811dbcaf0e661c3980aa25f3ca80db5ef0954
|
|
For some upgrade scenarios, e.g all-in-one deployments, it may
be possible to run the upgrade steps, then apply puppet in one
stack update, so reverse the order here. For normal deployments
the upgrade steps are mapped to OS::Heat::None so this will have
no effect.
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I3c78751349a6ac2bc5dff82f67bffe13750ac21c
|
|
This allows us to take advantage of the composable roles hiera
settings to connect the plugin to the northd/ovndb API without
needing to hard-code the IP of the node running the service.
Change-Id: I2508d48f81c1819ae3521fff271c0bdc50724604
Depends-On: I9af7bd837c340c3df016fc7ad4238b2941ba7a95
Closes-Bug: #1634171
|
|
This patch swaps out the noop ctlplane port for a more
proper fake neutron port stack. This stack is a swap
in for the OS::Neutron::Port heat resource and can be
controlled via the DeployedServerPortMap parameter.
By relying on <hostname>-<network> naming conventions in the
map we can map IPs to specific servers without using the
Neutron API. This will allow us to inject IP information
into the Heat stack within the new t-h-t undercloud installer
which currently does not run a Neutron service.
Change-Id: I29fbc720c3d582cbb94385e65e4b64b101f7eac9
|
|
The new DeployedServer resource in Heat will provide a native resource
for Server resources that are not orchestrated via Nova. This will allow
associating SoftwareDeployment's with servers that have not been
launched with Nova with Heat directly.
With the new resource, all of the SoftwareConfigTransport methods are
available, including POLL_TEMP_URL. This patch also updates the
get-occ-config.sh script to configure the requests collector in
os-collect-config.conf on the deployed servers.
Change-Id: I4b80421088acca709fe3f92741c5c052be483131
Partially-implements: blueprint split-stack-software-configuration
Depends-On: I07b9a053ecd3ef4411b602bbc6ef985224834cf8
|
|
For usability and to reduce the number of environments that need to be
given when enabling TLS in the internal network, it's convenient to add
the enabling of TLS in the internal front-ends for HAProxy, instead of
doing that in a separate environment file.
bp tls-via-certmonger
Change-Id: Icef0c70b4b166ce2108315d5cf0763d4e8585ae1
|
|
|
|
This shows how we could wire in the upgrade steps using Ansible
as was previously proposed e.g in https://review.openstack.org/#/c/321416/
but it's more closely integrated with the new composable services
architecture.
It's also very similar to the approach taken by SpinalStack where
ansible snippets per-service were combined then run in a series of
steps using Ansible tags.
This patch just enables upgrade of keystone - we'll add support for
other patches in subsequent patches.
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I39f5426cb9da0b40bec4a7a3a4a353f69319bdf9
|
|
|
|
|
|
|
|
|
|
DVR+HA routers are officially supported, so this patch can be reverted.
This reverts commit ce39dbac56123354576d2c31674e1b18535b0111.
Conflicts:
environments/neutron-ovs-dvr.yaml
Change-Id: Ifeceb0c3ba01e81403903401ebfe69b9e9d7d2f2
|
|
This patch drops use of the vip-hosts.yaml service which can
cause issues during deployment because puppet 'hosts' resources
overwrite the data in /etc/hosts. The only reason things seem to work
at all at the moment is because our hosts element in t-i-e runs
on each os-refresh-config iteration and re-adds the dropped hosts
entries.
To work around the issue we add a conditional which selectively
adds the extra hosts entries only if the AddVipsToEtcHosts is set
to true.
Closes-bug: 1645123
Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
|
|
Until bug #1635409 is fixed, we can provide the full list of
services needed on the Compute role, plus CephOSD, in the
hyperconverged-ceph environment file, preserving the user
experience.
Change-Id: I42409bc098c740759b378969526e13efaf002d3c
Related-Bug: #1635409
|
|
This adds the necessary hieradata for enabling TLS for MySQL (which
happens to run on the internal network). It also adds a template so
this can be done via certmonger. As with other services, this will
fill the necessary specs for the certificate to be requested in a
hash that will be consumed in puppet-tripleo.
Note that this only enables that we can now use TLS, however, we still
need to configure the services (or limit the users the services use)
to only connect via SSL. But that will be done in another patch, as
there is some things that need to land before we can do this (changes
in puppetlabs-mysql and puppet-openstacklib).
Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118
Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
|
|
|
|
OVN natively implements services that are provided by Neutron agents.
This patch disables the Neutron DHCP agent as well as the OVS agent
for compute nodes.
Closes-bug: 1634580
Change-Id: I70631c2facbbf08257868e26e14af942ad7f2893
|
|
|
|
|
|
It had a wrong path and thus crashed when one tried to use it.
Change-Id: Ida4f899c76cce6e819d7e0effaf038f699763bee
Closes-Bug: #1643863
|
|
This change modifies the template interface to support containers and
converts the compute services to composable roles.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Steve Baker <sbaker@redhat.com>
Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b
|
|
This change modifes the environment files
external_loadbalancer_vip.yaml and external_loadbalancer_vip_v6.yaml
to take advantage of the new mechanism for setting FixedIPs for each
VIP. The previous mechanism was used to set the VIP addresses
directly, but each VIP now contains a FixedIPs parameter which sets
the IP for the VIP when it is created. The advantage of the new
mechanism is that we no longer have to set each VIP to noop.yaml in
the resource registry, since vip.yaml can now handle both automatic
and fixed IP selection.
Change-Id: I6e66ea6041fe7357c01b8f79f04e2533579206dc
|
|
Currently this is disabled via a conditional in the keepalived
profile in puppet-tripleo, but this will be incompatible with
the planned composable upgrades implementation. Instead we should
disable the service template by mapping to OS::Heat::None, and
ensure the haproxy manifest uses the t-h-t generated hiera value
keepalived_enabled instead of hard-coding a hiera override in the
haproxy template.
Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef
Partial-Bug: #1642936
Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
|
|
This integrates panko service api into tripleo heat templates.
By default, we will disable this service, an environment service
file is included to enable if needed.
Depends-On: I35f283bdf8dd0ed979c65633724f0464695130a4
Change-Id: I07da3030c6dc69cce7327b54091da15a0c58798e
|
|
Adds new puppet and puppet pacemaker specific services for Zaqar.
The Pacemaker templates extend the default Zaqar services and swap in
the Pacemaker specific puppet-tripleo profile instead.
Change-Id: Ia5ca4fe317339dd05b0fa3d5abebca6ca5066bce
Depends-On: Ie215289a7be681a2b1aa5495d3f965c005d62f52
Depends-On: I0b077e85ba5fcd9fdfd33956cf33ce2403fcb088
Implements: blueprint composable-services-within-roles
|
|
|
|
|
|
We are noticing several tests failing in our low memory environment
because of timeout in neutron requests.
As an example the test
tempest.api.compute.servers.test_server_actions.ServerActionsTestJSON
fails because it requests to plug a vif, and send request to neutron,
which responds in more than neutron_url_timeout, and since the option
vif_plugging_is_fatal is set to True as default, the test fails.
Shortly thereafter, checking in neutron log you can see the request,
returning with the proper status, after more than neutron_url_timeout,
however, it's already too late once nova already marked the instance
with error status, and so the test fails.
Closes-Bug: #1641135
Change-Id: If0991c114f199490ac0deb71eb569a42d4711359
|
|
This patch adds an example increased value for NovaReservedHostMemory
and some documentation around tuning this value when DVR is enabled.
Closes-Bug: #1630583
Change-Id: I2718d72d307a1c90061606e5f36c96f964cd2fb5
|
|
The capitalization of OS::Tripleo is wrong compared to all other services
so correct this for avoidance of confusion when folks write custom roles_data
files or pass custom service lists via *Services parameters.
Change-Id: Ib73c80871b45586edb5774e90280ff89fc0d9895
Closes-Bug: 1640871
|
|
Change-Id: Ibabf09a8b6f35c9b086efeffcf7db89ab8d6b63b
|
|
|
|
The command-line options for Neutron network settings have been
deprecated in favor of setting parameter defaults in environment
files. This update includes the most common settings which were
previously set using CLI options in the sample
network-environment.yaml. This should also make it possible to
deploy in virtual environments without editing any files, since
the network-environment.yaml will include sane defaults.
Change-Id: Ieae59dfec287b9e5424a2e560de9f7b1bd598536
|
|
|
|
|
|
Updated plugin name for configuring Nuage.
Nuage plugin name changed after Liberty release
and needs to be updated at all instances.
Updated neutron-nuage-config.yaml file to reflect
the change.
Change-Id: I7cce9a07b909ab59bf249439eec0833afce5cca6
Closes-Bug: #1635033
|
|
|
|
|
|
|