| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
This just a revert to see if reverting this gets back to a normal CI run time.
This reverts commit f72aed85594f223b6f888e6d0af3c880ea581a66.
Change-Id: I04a0893f6cf69f547a4db26261005e580e1fc90b
|
|
To enable IPv6 in Corosync, you'll need to set the --ipv6 parameter when
building the cluster.
To do so, we need to specify this parameter in puppet configuration when
running ::pacemaker::corosync class.
So we have now a new parameter: CorosyncIPv6 which is a boolean, False
by default. If set to True, it will pass right options to enable IPv6
when building the Pacemaker cluster.
Change-Id: I485f1399964ddd7a201ed19ec6580b8a136b3acd
|
|
AllNodesExtraConfig should really only run after the validation
deployments are done, which validate that basic networking is
functioning.
In particular, creating a swap file during AllNodesExtraConfig while the
validation deployments are still running might cause temporary network
outages which could fail the validations.
Change-Id: Ia2a10318de47854a9b8932d72243ce0a85603556
Partial-Bug: #1553243
|
|
This change adds a new set of network templates with IPv6 subnets
that can be used instead of the existing IPv4 networks. Each network
can use either the IPv4 or IPv6 template, and the Neutron subnet will
be created with the specified IP version.
The default addresses used for the IPv6 networks use the fd00::/8
prefix for the internal isolated networks (this range is reserved
for private use similar to 10.0.0.0/8), and 2001:db8:fd00:1000::/64
is used as an example default for the External network
(2001:db8::/32 are the documentation addresses [RFC3849]), but this
would ordinarily be a globally addressable subnet. These
parameters may be overridden in an environment file.
This change will require updates to the OpenStack Puppet
Modules to support IPv6 addresses in some of the hieradata values.
Many of the OPM modules already have IPv6 support to support IPv6
deployments in Packstack, but some OPM packages that apply only to
Instack/TripleO deployments need to be updated.
IPv6 addresses used in URLs need to be surrounded by brackets in
order to differentiate IP address from port number. This change
adds a new output to the network/ports resources for
ip_address_uri, which is an IP address with brackets in the case
of IPv6, and a raw IP address without brackets for IPv4 ports.
This change also updates some URLs which are constructed in Heat.
This has been tested and problems were found with Puppet not
accepting IPv6 addresses. This is addressed in the latest Puppet.
Additional changes were required to make this work with Ceph.
IPv6 tunnel endpoints with Open vSwitch are not yet supported
(although support is coming soon), so this review leaves the
Tenant network as an isolated IPv4 network for the time being.
Change-Id: Ie7a742bdf1db533edda2998a53d28528f80ef8e2
|
|
Ceilometer Alarm is deprecated in Liberty by Aodh.
This patch:
* manage Aodh Keystone resources
* deploy Aodh API under WSGI, Notifier, Listener and Evaluator
* manage new parameters to customize Aodh deployment
* uses ceilometer DB for the upgrade path
* pacemaker config
Depends-On: I9e34485285829884d9c954b804e3bdd5d6e31635
Depends-On: I891985da9248a88c6ce2df1dd186881f582605ee
Depends-On: Ied8ba5985f43a5c5b3be5b35a091aef6ed86572f
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com>
Change-Id: I58d419173e80d2462accf7324c987c71420fd5f6
|
|
Change-Id: I7226070aa87416e79f25625647f8e3076c9e2c9a
|
|
|
|
|
|
This change adds the TripleO Heat Parameters and Puppet hieradata
to support setting the MTU for Neutron tenant networks. A new
parameter, NeutronTenantMtu is introduced, and this gets used for
the NeutronDnsmasqOptions and in Puppet hieradata.
NeutronTenantMtu is also used in the Puppet hieradata for both the
compute and control nodes. Two values are set:
nova::compute::network_device_mtu
which sets /etc/nova/nova.conf: network_device_mtu = <NeutronTenantMtu>
neutron::network_device_mtu
which sets in /etc/neutron/neutron.conf:
network_device_mtu = <NeutronTenantMtu>
finally, the NeutronDnsmasqOptions parameter becomes a str_format
that maps the NeutronTenantMtu onto the DHCP options,
so a default of 'dhcp-option-force=26,%MTU%' would be formatted to
'dhcp-option-force=26,1300' if NeutronTenantMtu were 1300.
This will set dnsmasq to serve an MTU via DHCP that matches the
NeutronTenantMtu:
/etc/neutron/dnsmasq-neutron.conf:dhcp-option-force=26,1300
Typically, you would change all three of these settings to use small
or jumbo frames in VMs. When using tunneling, NeutronTenantMtu
should be set at least 50 bytes smaller than the physical network
MTU in order to make room for tunneling overhead.
Note that this change does not support setting the MTU on veth
interfaces if veth patches are used to br-int instead of OVS
patches.
Change-Id: I38840e082ee01dc3b6fc78e1dd97f53fa4e63039
|
|
|
|
We get false negatives from Tempest when the Cinder LVM backing
file runs out space. This change increases its default size to 10G,
matching devstack [1]
1. https://github.com/openstack-dev/devstack/blob/master/stackrc#L649
Change-Id: Ia334ea481e17c1d35aa67c33729cac6570f48199
|
|
Adds three top-level params to allow the deployer pick a predefined IP
for the InternalApi, Storage and StorageMgmt VIPs. We had this already
for the External network (PublicVirtualFixedIPs) and the ctlplane
network (ControlFixedIPs).
Change-Id: I1509e1888774ffa72445ed681dd8107eec703d64
|
|
|
|
|
|
In prior commit, added default for Sahara password in order to
avoid circular dependency. Removing this default now in order
to force password per other service definitions.
Change-Id: I91f98039e520804b25aaededefa25e80992ba6b5
Partially-implements: bp sahara-integration
|
|
|
|
Currently the value of the CloudName param gets written into the
/etc/hosts file on each controller, but it turns out this is an
invalid configuration. CloudName is supposed to be the DNS name
of the overcloud, and the IP being written is (at least in my case)
the internal API VIP. This breaks in cases such as SSL because
the services are not listening on an SSL port on the internal API
network, so if a service tries to talk to another service using a
CloudName-defined public endpoint it ends up pointed at a
non-existent internal address:port.
Since by definition CloudName is supposed to be resolvable by the
configured DNS server, we should not need an explicit hosts entry
as well. Thus, this patch removes that from the file.
Change-Id: I919b42a219d95296f46852dd3266a54d968cf66b
|
|
|
|
|
|
Integration of OpenStack data processing service (sahara) with
TripleO.
- Deploys sahara in distributed mode (separate api and engine
processes on each controller node)
- Load balancing w/haproxy
- RabbitMQ/MySQL supported per current TripleO standard
- Minimal configurability at this time
Change-Id: I77a6a69ed5691e3b1ba34e9ebb4d88c80019642c
Partially-implements: blueprint sahara-integration
Depends-On: I0f0a1dc2eaa57d8226bad8cfb250110296ab9614
Depends-On: Ib84cc59667616ec94e7edce2715cbd7dd944f4ae
Depends-On: I9fe321fd4284f7bfd55bd2e69dcfe623ed6f8a2a
|
|
This patch enables the port security ML2 extension driver by default. It
should have no impact on users that do not explicitly modify the port
security property on a port.
Change-Id: I1413428a1c0329acf0276bf6032684e5e7f8e177
Closes-Bug: #1531970
|
|
|
|
This change adds support for setting the configuration options required
to enable the quality of service feature in Neutron. The default values
will enable the feature.
Closes-Bug: #1524052
Depends-On: Iefc289a6eee13b9c66f8131c258af982f232df4b
Change-Id: I1abf7d37d39e6927e482b56de4ee3d3d7c313a1c
|
|
|
|
Adds a TimeZone parameter for node types and the top level
stack. Defaults to UTC.
Change-Id: I98123d894ce429c34744233fe3e631cbdd7c12b5
Depends-On: Icf7c681f359e3e48b653ea4648db6a73b532d45e
|
|
|
|
|
|
This change adds a system management network to all overcloud
nodes. The purpose of this network is for system administration,
for access to infrastructure services like DNS or NTP, or for
monitoring. This allows the management network to be placed on a
bond for redundancy, or for the system management network to be
an out-of-band network with no routing in or out. The management
network might also be configured as a default route instead of the
provisioning 'ctlplane' network.
This change does not enable the management network by default. An
environment file named network-management.yaml may be included to
enable the network and ports for each role. The included NIC config
templates have been updated with a block that may be uncommented
when the management network is enabled.
This change also contains some minor cleanup to the NIC templates,
particularly the multiple nic templates.
Change-Id: I0813a13f60a4f797be04b34258a2cffa9ea7e84f
|
|
This aligns the parameter default values from python-tripleoclient
with tripleo-heat-templates. This is in preparation for removing
all the defaults from the client, and maintaining them only in the
templates.
Change-Id: I7b635a250f1ecc170e18d8e434f0118c6fcbb942
Co-Authored-By: James Slagle <jslagle@redhat.com>
|
|
|
|
|
|
Without modification we cannot scale to more than 1000 networks.
Neutron will send this message to the user:
"Unable to create the network. No tenant network is available for
allocation."
Change-Id: I5ecbc66a0b6aaa5edbe2669eed9caadfb0691511
|
|
|
|
|
|
Wires the following as arrays to the neutron module:
- mechanism_drivers
- flat_networks
- tenant_network_types
- tunnel_types
- bridge_mappings
Also updates the template version to use a Liberty feature which
allows serialization of comma_delimited_list into JSON.
Tidies up the manifests by removing the class declarations since
config is passed by the puppet/controller+compute hiera mapped_data.
Change-Id: Ie9f85fb827099f897ef750e267bc3ed3a864fe59
Co-Authored-By: Steven Hardy <shardy@redhat.com>
|
|
This change adds a new *_from_pool.yaml meant to return an IP from
a list instead of allocating a Neutron port, useful to pick an IP
from a pre-defined list and making it possible to configure, for
example an external balancer in advance (or dns), with the future
IPs of the controller nodes.
The list of IPs is provided via parameter_defaults (in the
ControllerIPs struct) using ControllerIPs param.
Also some additional VipPort types are created for the *VirtualIP
resources. The VIPs were previously created using the same port
resource used by the nodes, but when deploying with an external
balancer we want the VIP resource to be nooped instead.
Change-Id: Id3d4f12235501ae77200430a2dc022f378dce336
|
|
|
|
Change-Id: I72a79d8200adee8258033e8da370051bbfd1986b
|
|
|
|
This enables pacemaker maintenantce mode when running Puppet on stack
update. Puppet can try to restart some overcloud services, which
pacemaker tries to prevent, and this can result in a failed Puppet run.
At the end of the puppet run, certain pacemaker resources are restarted
in an additional SoftwareDeployment to make sure that any config changes
have been fully applied. This is only done on stack updates (when
UpdateIdentifier is set to something), because the assumption is that on
stack create services already come up with the correct config.
(Change I9556085424fa3008d7f596578b58e7c33a336f75 has been squashed into
this one.)
Change-Id: I4d40358c511fc1f95b78a859e943082aaea17899
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Co-Authored-By: James Slagle <jslagle@redhat.com>
|
|
The parameters have nothing to do with EC2 keypairs, they are used to
specify Nova SSH key pairs.
Change-Id: Ia8d37cb5c443812d02133747cb54fcaf0110d091
|
|
There are two reasons the name property should always be set for deployment
resources:
- The name often shows up in logs, files and API calls, the default
derived name is long and unhelpful
- Sorting by name determines the merge order of os-apply-config, and the
execution order of puppet/shell scripts (note this is different to
resource dependency order) so leaving the default name results in an
undetermined order which could lead to unpredictable deployment of
configs
This change simply sets the name to the resource name, but a future change
should prepend each name with a run-parts style 2 digit prefix so that the
order is explicitly stated. Documentation for extraconfig needs to clearly
state what prefix is needed to override which merge/execution order.
For existing overcloud stacks, heat currently replaces deployment resources
when the name changes, so this change
Depends-On: I95037191915ccd32b2efb72203b146897a4edbc9
Change-Id: Ic4bcd56aa65b981275c3d4214588bfc4de63b3b0
|
|
All of our sensitive parameters are defaulted to easily predictable
values, which is very bad from a security perspective because we don't
force clients to make sane choices thus risk deploying with the
predictable default values. tripleoclient supports generating random
values for all of these, so remove the defaults, for non-tripleoclient
usage we can create a developer-only environment with defaults.
Related-Bug: #1516027
Change-Id: Ia0cf3b7e2de1aa42cf179cba195fb7770a1fc21c
Depends-On: Ifb34b43fdedc55ad220df358c3ccc31e3c2e7c14
|
|
This adds a parameter for each role, where optional scheduler hints
may be passed to nova. One potential use-case for this is using
the ComputeCapabilities to pin deployment to a specific node (not
just a specific role/profile mapping to a pool of nodes like we
have currently documented in the ahc-match docs).
This could work as follows:
1. Tag a specific node as "node:controller-0" in Ironic:
ironic node-update <id> replace properties/capabilities='node:controller-0,boot_option:local'
2. Create a heat environment file which uses %index%
parameters:
ControllerSchedulerHints:
'capabilities:node': 'controller-%index%'
Change-Id: I79251dde719b4bb5c3b0cce90d0c9d1581ae66f2
|
|
|
|
Exposing 'instance_name_template' to be set via
extra config for nuage-metadata-agent to function
Making nova::api::admin_tenant_name
available on the compute node which is
required by nuage-metadata-agent service
Making KeystonePublicApiVirtualIP available
on the compute node, which is used by the
nuage-metadata-agent to build the auth-url
Change-Id: I9736015e18cebf32b07940bf559063b60085f2fb
|
|
For testing purposes it is useful to have an easy way to get the given
IPs for the nodes; since currently one would have to ssh to one of the
ndoes and actually fetch the entries from there.
This will facilitate testing when the keystone endpoints have been
changed for hostnames, as done in this CR:
https://review.openstack.org/#/c/238887
Change-Id: I9b9362192d7e97690ba23d02e74389225913adb9
|
|
Some Nova hooks might require custom properties/metadata set for the
servers deployed in the overcloud, and this would enable us to inject
such information.
For FreeIPA (IdM) integration, there is effectively a Nova hook that
requires such data.
Currently this inserts metadata for all servers, but a subsequent CR
will introduce per-role metadata. However, that was not added to this
because it will require the usage of map_merge. which will block those
changes to be backported. However, this one is not a problem in that
sense.
Change-Id: I98b15406525eda8dff704360d443590260430ff0
|
Jenkins
James Slagle
Emilien Macchi
Dan Sneddon
Jiri Stransky
Giulio Fidente
Ethan Gafford
Ben Nemec
Brent Eagles
Nico Auv
Joe Talerico
Juan Antonio Osorio Robles
Steven Hardy
Steve Baker
Rohit Pagedar