| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The Horizon port may vary based on SSL enablement, and needs
to be known by the nodes for the purpose of iptables rules, etc.
Change-Id: Iec475a6c245a5bfe8b1d63ff72b6d0299861615c
|
|
|
|
We want to customize the default kernel keepalive timings and
make them more aggressive to workaround lack of hearbeat support
in the Oslo RabbitMQ client, see:
https://bugs.launchpad.net/oslo.messaging/+bug/856764/comments/19
and
https://bugs.launchpad.net/oslo.messaging/+bug/856764/comments/70
Change-Id: Ieac08f595086acb8dd336e33efc705ee0b8a3a87
Closes-Bug: 1301431
Closes-Bug: 1385240
Closes-Bug: 1385234
|
|
|
|
|
|
In I422c65e7d941593083d52ad7fdf0dfd1d2fb3155
(Enable Neutron DVR support in TripleO installation)
we added duplicate parameters for NeutronPublicInterfaceRawDevice
and NeutronNetworkType.
In preparation for syncing with overcloud-without-mergepy.yaml
lets remove these dups.
Change-Id: Ib4888bc91f30aeb3aba590b69e4919a93f577143
|
|
Now that we are using os-net-config we can make use of
the nic naming abstraction layer where the actual physical
nic name is mapped automatically.
This change removes all the eth0 references and replaces
them with nic1 which should make it more likely
that these default values would actually work on
some distributions.
It also removes the single instance of eth2 in the
undercloud-bm-nova-deploy.yaml template and replaces
it with nic1 as well. Underclouds aren't a special case
in this regard (I run my bare metal undercloud on em1)
so there is no good reason to default to the second nic.
Change-Id: I3ea92a502bc4b8789f74913f232ac8bc6b843008
|
|
The params were added in I2997d23c584055c40034827e9beb58e6542ea11c
as a means to pass undercloud image data to overcloud instances
so they could perform an update via takeovernode). We've
never actually made use of them via takeovernode... furthermore
these params are a bit stale in that they haven't been applied
to other instance types (storage, etc.).
I propose we remove them entirely and start with a fresh plan for
how these would get used (perhaps a blueprint). As is these don't
appear to have ever been fully wired up to do anything removing
them should have no effect on end users.
Change-Id: I96f91fb0d67e7fe203d3767c8ab89ce82adbe331
|
|
the default maxconn is only 150, which maybe good for api services
but not enough for the rabbitmq session in a cluster as small as 15
nodes. so bump up the number to 1500 for rabbitmq to allow for 100
nodes. this number should be calculated based on the scale numbers
in the long run.
Closes-bug: #1386406
Change-Id: Ieb707b31022a6fc9ade32ed2a332b67bf4dc0311
|
|
With the push to using the new setup-flavors provided by
os-cloud-config, the default flavor will no longer be called
'baremetal', and Heat will always validate the default even if it
is overridden. To that end, remove the default flavor from every
flavor definition. Just to be certain, also add a custom_constraint
to every flavor definition that was missing it.
Change-Id: I24251e73be4e86738857f73b89499f592c4908de
|
|
|
|
|
|
Instead of the default TCP connection check use the HTTP check. This
provides a more reliable way to tell if the service is up or not, only
2xx and 3xx response codes will signal a healthy service. This check can
also be used in conjunction with check-ssl to enable checks for services
running SSL/TLS in overcloud.
Change-Id: I1581c091b996422fb1374ea4c024d0a88453e10b
|
|
|
|
|
|
|
|
Due to an ununsual interface to OS::Neutron::Port resources,
it's necessary to specify replacement_policy: AUTO, or the
resource is unconditionally replaced on every stack update.
I've started discussion re possibly changing the default in
Heat, but right now, we need this or we have the bad outcome
of replacing all (!) compute and controller nodes on every
stack-update, even if the templates are unmodified.
Passing the AUTO value should be safe regardless of any
potential change of default value in Heat.
Change-Id: I6dd02ae17407f8f4c81ae418e5027f4f38ae4e9b
Closes-Bug: #1383709
|
|
Adds configuration options for Rabbit port and use_ssl settings using a shared
RabbitMQ parameter.
Change-Id: I7b7613cb60b9095ba5665c335c496fea4514391a
|
|
If you don't have (or provide) the wrong image, KeyName,
or flavor, we fail at some later point (not always early,
depending on what's wrong).
Since Icehouse, Heat has had a "custom constraints" method
of dynamically validating parameter values, by comparing the
value provided with a list from the underlying service.
Despite the name, there's nothing "custom" about the constraints,
these ones are included in Heat by default (though they are pluggable,
which is where the name comes from..)
See the docs for more info:
http://docs.openstack.org/developer/heat/template_guide/hot_spec.html#custom-constraint
Note, I've not considered network validation here, this could
possibly be added in a subsequent patch.
These constraints are evaluated via any of the following:
- heat template-validate -f <template>
- heat stack-preview <arguments given to create>
- heat stack-create <arguments, fails fast before creating anything>
- heat stack-update <arguments, fails fast before updating anything>
Change-Id: I3a6374ce5421575cdde893c62aa97c750a07acd8
|
|
This change adds the necessary elements to the overcloud-source.yaml,
nova-compute-config.yaml and nova-compute-instance.yaml to allow Neutron
Distributed Virtual Routers (DVR) to be enabled. The added elements are
set to default to values such that DVR is not enabled in keeping with
backwards compatibility.
Change-Id: I422c65e7d941593083d52ad7fdf0dfd1d2fb3155
blueprint: support-neutron-dvr
|
|
To implement the SSL PKI spec we need to change the keystone ssl cert
and cert key properties to be more generalizable. We also need to
support the old properties for backwards compatibility.
Change-Id: Icf46132230512a31b6dec3c07164c95b13dd8f73
|
|
Make the net binds simpler to maintain.
Change-Id: I7c7f2cde38a88976afe33097cdfe4a93d62a6417
|
|
|
|
They're mostly rather higgledy-piggledy at the moment which makes it
quite difficult to compare against files where these are sorted. EG
compute.yaml from I687a00c7dc164ba044f9f2dfca96a02401427855.
Change-Id: I508a3d0f6a79810d2100fdd1ad143bcd37bf8c00
|
|
This patch configures haproxy to serve novnc_proxy which currently
listens on 0.0.0.0. So before this patch goes in novnc needs to be
listening on local-ipv4 like the rest of the services. The following
patch does that in image-elements.
https://review.openstack.org/#/c/125326/
Change-Id: I0c6a3d6a8fd10da71abbf568633b28bdb5e56aa2
|
|
|
|
Remove the hardcoding of gre as the Neutron tenant network type for the
Overcloud. This will enable the ability to deploy an Overcloud that uses
vxlan instead of gre tunnels. A new parameter, NeutronTunnelTypes, is
added to allow configuring the tunnel_types parameter in the Neutron ML2
configuration.
This change is required by https://review.openstack.org/#/c/92913
Change-Id: I2c2e2153a61349e58ada28c87aa2338c9f00e7bd
|
|
The 'show' attribute results in a nova API call, which has
performance overhead even with attribute memoization.
The name attribute was added to expose the name without needing
an API call, since the resource already knows the name. This
change switches from using 'show' to 'name' throughout.
Change-Id: I1e83dd008cd02e5cec97868db0d5a695f07b7199
|
|
|
|
The existing examples for the overcloud ExtraConfig options
use an ironic setting that would likely never apply (Ironic
isn't for the overcloud).
This patch modifies the default section setting to use
the Nova force_config_drive option instead as a
config example.
Change-Id: Ieb893552fe9466b90b9d9a831a676d114efb6db1
|
|
|
|
Supplement ExtraConfig with specific versions - ControllerExtraConfig and
NovaComputeExtraConfig. This allows the user to specify different
configurations for each role.
Change-Id: Ieaee80e414130504a5e40e878a5a4ca1c196ca2b
|
|
Clint pointed out that | prevents things rendering properly on
arbitrarily wide screens. For most things that makes sense but it
doesn't for the JSON examples IMO so I didn't alter those.
Change-Id: Ifb7dcc265c225b000bd5d26500212d41ea0233c8
|
|
|
|
Proper VLAN support requires adding the IP address to a new device,
rather than br-ex/br-ctlplane. This is added in the
tripleo-image-elements change https://review.openstack.org/103449
(I3f77f72ac623792e844dbb4d501b6ab269141f8e) and here we just expose
it with appropriate glue to get the IP address from Neutron.
With this we can now describe a VLAN public interface scenario
to the undercloud and overcloud control planes.
Change-Id: I4d2194fc813aebb0708d6fddf4f05bae5f091fd8
|
|
We can obviously use passthrough for this, but I rather suspect that
OMFG something is broken get me debug will be a common phrase.
Change-Id: I62539630a4737bbbe6883ed71929f38c819ceed4
|
|
|
|
|
|
With the default 60 second timeout, many services will periodically
log "MySQL has gone away" as HAProxy has closed the connection.
Change-Id: Ied67344fbabcd77def4483be37a4706190ab28a0
|
|
|
|
|
|
The address for the vnc proxy is incorrectly configured in the nova
configuration file.
The correct IP address is the Public Virtual IP address of the
controller node as created by:
I9649ee74ebaf62b6b929b28243a07c789a08867c
The nova image_element nova.conf already has:
novncproxy_base_url=http://{{nova.public_ip}}:6080/vnc_auto.html
but nothing was setting nova.public_ip - until now
Closes-Bug: #1332554
Change-Id: I41214834511680170393dd4325b510f549373141
|
|
|
|
There may be times where an update needs to change this without changing
the template, such as when updates will be done by something other than
Heat (i.e. Ansible).
Change-Id: I89d1153acab697b64468f841b3f2d17c169da649
|
|
|
|
When change I6730ffe1e27d952d563c16a9480298fbef9f61fe got merged we
introduced some occurrences of list_join which should have been
migrated to Fn::Join (change I039f57ab39c1fcfc319a7a34265ba4fabf4ccd08)
This caused overcloud CI jobs to fail with:
Property error : allNodesConfig: config Items to join must be strings
This change fixes this by replacing newly introduced occurrences
of list_join with Fn::Join
Change-Id: Ibac193781d31d6f81e955e7b9381e13cfdd0ab1d
|
|
|
|
Set the MySQL root password to a random string
for the undercloud and overcloud
Change-Id: I6d38ca82c77a4aa8f58089c50aa5bf320ec0ecc6
|
|
To use a VLAN based public network we need the ext-net network to be a
VLAN with a segmentation id - but we can't do this unless we also have
the datacentre physical network marked as allowing vlans.
We could make this strictly opt-in, but as this doesn't affect the
switch configuration (and thus actual machine capabilities) having it
on by default seems reasonable. OTOH we can't force it on, because
high security environments may well want a defense in depth setup
where neutron admins cannot configure VLANs that they are not meant
to have access too (consider that the cloud machine admins may be
separate to the folk running the services on top of them...)
Change-Id: I9687751753f810896c6d065750910da40132c9fa
|
|
We currently make the external network a single-node gre network but
this is not at all correct for HA environments - we need a provider
network, which means having a bridge mapping, a flat network
specified, and then because we run the same ovs config everywhere we
need br-ex on the hypervisors too. This is entirely reasonable since
DVR will require this as well (and solve lots of scaling issues...).
Change-Id: I8b63ab51e7e20b235430fad8d786d8da005d84a1
|
Jonathan Brownell
Jenkins
Giulio Fidente
Dan Prince
Jerry Zhao
Steve Kowalik
Tom Cammann
Steve Hardy
Phil Neal
Erik Colnick
Gregory Haynes
Nicholas Randon
Alexis Lee
Loganathan Parthipan
James Slagle
Steve Baker
Robert Collins
Kiall Mac Innes
Ryan Moore
Clint Byrum
Therese McHale