Age | Commit message (Collapse) | Author | Files | Lines |
|
There may be times where an update needs to change this without changing
the template, such as when updates will be done by something other than
Heat (i.e. Ansible).
Change-Id: I89d1153acab697b64468f841b3f2d17c169da649
|
|
|
|
When change I6730ffe1e27d952d563c16a9480298fbef9f61fe got merged we
introduced some occurrences of list_join which should have been
migrated to Fn::Join (change I039f57ab39c1fcfc319a7a34265ba4fabf4ccd08)
This caused overcloud CI jobs to fail with:
Property error : allNodesConfig: config Items to join must be strings
This change fixes this by replacing newly introduced occurrences
of list_join with Fn::Join
Change-Id: Ibac193781d31d6f81e955e7b9381e13cfdd0ab1d
|
|
|
|
Set the MySQL root password to a random string
for the undercloud and overcloud
Change-Id: I6d38ca82c77a4aa8f58089c50aa5bf320ec0ecc6
|
|
To use a VLAN based public network we need the ext-net network to be a
VLAN with a segmentation id - but we can't do this unless we also have
the datacentre physical network marked as allowing vlans.
We could make this strictly opt-in, but as this doesn't affect the
switch configuration (and thus actual machine capabilities) having it
on by default seems reasonable. OTOH we can't force it on, because
high security environments may well want a defense in depth setup
where neutron admins cannot configure VLANs that they are not meant
to have access too (consider that the cloud machine admins may be
separate to the folk running the services on top of them...)
Change-Id: I9687751753f810896c6d065750910da40132c9fa
|
|
We currently make the external network a single-node gre network but
this is not at all correct for HA environments - we need a provider
network, which means having a bridge mapping, a flat network
specified, and then because we run the same ovs config everywhere we
need br-ex on the hypervisors too. This is entirely reasonable since
DVR will require this as well (and solve lots of scaling issues...).
Change-Id: I8b63ab51e7e20b235430fad8d786d8da005d84a1
|
|
To support underclouds and seeds running older than the very
latest heat.
2013-05-23 lacks function list_join, so this change reverts to
using the equivalent function Fn::Join.
Change-Id: I039f57ab39c1fcfc319a7a34265ba4fabf4ccd08
Closes-Bug: #1354305
|
|
This change sets applications to utilize the VIP address for database
connectivity and sets HAProxy in between the applications and MySQL.
Depends upon tripleo-image-elements changes:
Ia6f26305f8e744e4ff938dff85de1193183ecd8f
Iac1274cc52014f25887d696261b32146afc926dd
I5af70abb96021146c098f788db349808d806a348
Related to blueprint tripleo-icehouse-ha-production-configuration
Change-Id: Ia9d6ed2771f756d2a97ae5df7ed737a062a59cf2
|
|
|
|
To balance load over the rabbit cluster we want to route access
to it via haproxy.
This also helps workaround bug #856764 as an additional benefit.
This change sets rabbit.host to the ControlVirtualIP (to be used by
the elements) and adds an haproxy listener for the rabbit nodes.
Related to blueprint tripleo-icehouse-ha-production-configuration
Depends on I3ff37ec18b9191ca8e861519bed142cbdbd5faa2
Change-Id: I49b622a604542f456bd9a37da8dae3353218e640
Related-Bug: 856764
|
|
Controller scaling was broken by the commit
02772ba2877b9f6d427c6fd760bf19d6334c68a8. Merge.py raises an exception
when it tries to scale the default value "controller0" of the
`BootstrapNodeResource` parameter.
This reverts back to using Fn::Select for specifying the bootstrap host,
the rest of the Fn::Select -> get_attr changes are kept.
Change-Id: I0cdebf75d4752a35f547d4fbb81545ece3172405
|
|
This change renames a few NovaCompute resources so that the naming
is consistent with the controller resources naming choice.
Change-Id: I8c22867b208c5e16fd52bb3157f838f762b71470
|
|
With this we populate the hosts key (needed for /etc/hosts editing)
with the BlockStorage and SwiftStorage nodes too.
Change-Id: I6730ffe1e27d952d563c16a9480298fbef9f61fe
|
|
Overcloud bootstrap_nodeid is now specified by parameter
BootStrapNodeResource with default value controller0.
This avoids the need to use Fn::Select on the mergy.py
built list of controllers to specify the first controller.
Change-Id: Id9cfeab50b90ceeeae51ea0e35997b7495b28cc4
Partial-Blueprint: tripleo-juno-remove-mergepy
|
|
This change was generated and validated by running the following:
make hot clean all validate-all
This converts all templates to be valid HOT.
Fn::Select is not converted in this change but this will actually
work with heat_template_version 2013-05-23. Fn::Select is converted
manually in the next change in this series.
This change also sets the heat_template_version to 2014-10-16 which
includes the list_join intrinsic functions used throughout these
templates.
Partial-Blueprint: tripleo-juno-remove-mergepy
Change-Id: Ib3cbb83f6ae94adb7b793ab1b662bd5c55cbb5b3
|
|
Currently there is very weak (no) ordering of StructuredDeployments during
heat stack creation (and, importantly, update) on the overcloud. This can
cause the deployment which sends the completion signal back to Heat to
happen before all others have completed, which in turn leads Heat to state
the stack is ready while ORC is still configuring services
The only workaround to this is to wait an unknown amount of time after the
heat stack completes before the system is usable.
This patch prevents the completion signal from being returned early, by
ensuring these are strictly ordered:
controller0Deploy
controller0Passthrough
controller0AllNodesDeploy
NovaCompute0Deploy
NovaCompute0Passthrough
NovaCompute0AllNodesDeploy
Change-Id: I0a549370b7aca55b1145de521ad51218428deaf5
|
|
Inherit passthrough from nova-compute-instance.yaml, rather than
having an exact copy in overcloud-source.yaml.
Change-Id: I4f5a4a7be5835cb68755734aa72f8d9670cba0d4
|
|
Rename NovaCompute0Config to NovaCompute0Deploy as this makes
the structured deployment name match the one in
nova-compute-instance.yaml.
Change-Id: I79f66c09006aa7f7118af1f48e1f6f10b87daec6
|
|
Rename all occurrences of controller0AllNodesConfig to
controller0AllNodes as this is in line with compute node
deployments. Also the current naming is confusing as this is a
deployment step not a configuration step.
Change-Id: I8efa3b6a64a099e1e8ee43009472152aed5f8ad8
|
|
|
|
Prior to this change our heat templates define one virtual IP, which all
the services are bound to.
We wish to be able to segregate these endpoints: some need to be
accessible to "the public"; some are only intended to be accessed within
the cloud; some are only for admin use.
This change adds a second VIP which we can use for binding only the
endpoints that are intended to be publicly accessible, leaving the older
VIP to be used for internal end points.
Haproxy is told to also listen on that new VIP so that we can expose selected
services via the new VIP, and keepalived is in charge of assigning the VIP to
control plane nodes.
This change has a proposed split of services between control-only and
control+public interfaces. Assuming our yaml parsers (in merge.py and
Heat) understand YAML anchors/aliases, and assuming I've got the syntax
right, this should get expanded so that all the control+public services
get their config defined from the same block without needing to repeat
it for each service. (AFAICT both merge.py and heat use pyyaml, which
does support aliases/anchors)
The default is left at binding to only the controlplane interface, so
that new services added to this map will default to being internal-only
This patchset partially completes a spec which will one day live at
https://blueprints.launchpad.net/tripleo/+specs/tripleo-juno-virtual-public-ips
but for now can bee seen in Id9addc65f0d2ed519ce4b3edbd561ed660a2786e
Implements: blueprint tripleo-juno-virtual-public-ips
Change-Id: I9649ee74ebaf62b6b929b28243a07c789a08867c
Co-Authored-By: Robert Collins <rbtcollins@hp.com>
Partial-Bug #1325114
|
|
The current configuration of services is that if SSL is in use (signaled by
stunnel.connect_ip) we bind to 127.0.0.1 - which is great, but it breaks
simultaneous non-SSL due to there being no pass-through stunnel equivalent on
all the nodes. As an interim measure, teach stunnel to connect to the ctlplane
address instead. We will need this flexability in future anyway to deal with
mixed-mode configurations, but we don't yet have an SSL only configuration.
The change will permit SSL only by altering the Deployment object only - the
SSL config object should now be flexible enough to run in either mode (but as
yet on an all-one-way-or-the-other basis).
Change-Id: Ibac3dec1fe7b573029482fdd9ad2d2f6223fbce0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This change adds into the overcloud-source template a structure
name horizon.caches meant to define the Horizon caches backend.
It defaults to using memcached and provides a list of the
memcached nodes in horizon.caches.memcached.nodes
Related to blueprint tripleo-icehouse-ha-production-configuration
Change-Id: I728e05926f2de0e867fb8e8c74c63947da7d987a
|
|
Previously glance.host was pointing to the local controller_host
which would have requests to glance from other services to fail
if the local glance daemon was unavailable.
Change-Id: Ifd4f4b12cd51e23313826288797cc00ba3cd1754
|
|
Previously keystone.host was pointing to the local controller_host
which would have caused all local services to become unavailable
if keystone was to go down.
Closes-Bug: #1339986
Change-Id: I9b73595d3e0ae6e872aa6b7e0f93354ff04f2956
|
|
Change keepalived.keepalive_interface so that it uses the actual
ControlVirtualInterface (bridge) for VRRP rather than the bridged
interface (NeutronPublicInterface).
Fixes the issue which caused keepalived to bring up the VIP on
all control nodes.
Change-Id: Ifc484d6a6086d9872210aa576f21d326f60b7d35
|
|
Pacemaker will be used for managing ceilometer central agent,
we need basic metadata to setup corosync and pacemaker.
Related to: Ifa83d62c2132bcdcb40d0b7c80ce3adadc0b5587
Change-Id: I44909005d9bc653c3e7c2de1c12fe4ffecf6bede
|
|
Without this, when there are multiple admin networks (e.g. a VLAN)
Nova will refuse to guess and we'll fail to deploy.
Change-Id: Id1dca43ef287fda2adcfdf5b5d30145b055dbe76
|
|
Previously the completion signal was just based on the first run of
os-refresh-config. But in this case, we actually need to wait until it
runs successfully with all hosts computed. That way we can know that
services aren't in an unstable state while that configuration rolls out.
Change-Id: I3b965c19c92b366df3069cb8e1daffa18252c884
Closes-Bug: #1337230
|
|
|
|
|
|
This causes that:
* rabbit.nodes is list of all control nodes
* rabbit_hosts in OS config files points to all nodes in
rabbitmq cluster
* overcloud control nodes are joined into cluster
This works both for single or multiple control nodes and it's needed
for scaling out control nodes.
rabbit.nodes property is very similar to generating list of all hosts,
so it uses same StructuredConfig block. This block (and couple of references)
is renamed to allNodesConfig to make it more general.
Related to blueprint tripleo-icehouse-ha-production-configuration
Change-Id: Ice1a34ba7a52c41c1bb0c63350438971c651e7b6
|
|
|
|
Then feed in through separate deployments. This reduces the exponential
growth of calculating the entire list for every server.
Change-Id: Ib1187eabeb91b46e29ddcf5065056e43a69bb2a0
|
|
|
|
Adding nodes and cluster_name properties for mysql in order to enable
galera clustering.
Change-Id: I522b7324460469c59f49983ca3becd9ea914cdc0
|
|
Added several sections that are required for HAproxy configuration
1. haproxy.services - standard openstack services ports
2. haproxy.nodes - openstack controllers
3. haproxy.net_binds - virtual ips, that will also act as public endpoint
input controller_nodes scales with OVERCLOUD_CONTROLSCALE > 1
Related change t-i-e I641fa90c4a34c26e5699cf7f5a6f9643792c7b16
Implements blueprint tripleo-haproxy-configuration
Related to blueprint tripleo-icehouse-ha-production-configuration
Change-Id: I9c70812ee1b3e8c8c072705fc5123da88ecc8f9f
|
|
Since the wrong one is a bad idea :)
Change-Id: I7ed40078f487459dee9055ef41f10a9b60a0e674
|
|
|
|
This will allow us distribute identical keys/certs to all
control nodes in HA mode.
CAKey was removed because it's not required by keystone.
Change-Id: I187492d5fac448e57f8cd687f9cb751520df5921
|
|
This change is to set the glance protocol and port as
configurable via the Heat template. Presently the port is
hard-coded in the elements nova.conf file, and the protocol
is assumed as being the default (http).
This change will allow the glance_api_servers
to be set (in nova.conf) using the constituent parts:
glance_protocol://glance_host:glance_port
Change to nova.conf to read this value is:
Idccc0d60c9f6b17a853c6de1bbea64bfc7e028b2
Default port value is set to the nova default(9292) which is
currently hard-coded in the elements nova.conf file.
Default protocol value is set to the nova default(http).
Change-Id: I3c7218292797c62c36e2aaab4f325bf053ef140b
|
|
|
|
|