Age | Commit message (Collapse) | Author | Files | Lines |
|
This is useful in those scenarios were we want to use an external
Ceph deployment with multiple overclouds.
Change-Id: I1749d2a6547f6ce25843709e46a1447e8d42cfff
|
|
|
|
This is the second change of a servies of two, it creates the
user, user_role, service and endpoint for:
* glance
* nova
* neutron
* cinder
* horizon
* swift
* ceilometer
* heat
Change-Id: I50e792d98a2ba516ff498c58ad402f463c5f7e76
|
|
Currently keystone initialization happens via os-cloud-config [1].
This commit moves some of that directly into the manifests. This is the
first in a series of two changes to migrate it entirely into t-h-t.
This change focus on implementing what keystone.initialize() was doing
on the tripleoclient [2], creates the admin tenant, user and roles.
It also creates the keystone endpoint itself.
1. https://github.com/openstack/os-cloud-config/blob/master/os_cloud_config/keystone.py#L128-L158
2. https://github.com/openstack/python-tripleoclient/blob/master/tripleoclient/v1/overcloud_deploy.py#L462-L527
Change-Id: I98555b707ff9b91c6e218de5dca68106ea05c8ea
Depends-On: Ia4b3244f114dcff746ab89d355ad4933f8fdbddf
|
|
|
|
To let ceilometer access to keystone endpoints, use internalURL instead of
publicURL for security & performances reasons.
Change-Id: I6677f40038d6adf36b4f0375484b6ef2e16869e3
|
|
|
|
|
|
Adds support for NFS backend in Glance by allowing the storage directory
for the 'file' backend to be a mount managed by Pacemaker. Default
behavior is unchanged.
Since the Pacemaker-related parameters are not exposed on top level,
change storage-environment.yaml to use parameter_defaults instead of
parameters.
Depends on a Heat fix for environment file's parameter_defaults to
work well with JSONs and comma delimited lists (see Depends-On).
Change-Id: I6e7e2eaf6919b955650c0b32e1629a4067602c89
Depends-On: I85b13a79dbc97a77e20c0d5df8eaf05b3000815e
|
|
To let ceilometer access to keystone endpoints, use internalURL instead
of publicURL for security & performances reasons.
Ceilometer services (API, agents) will use internalURL endpoint to talk
to other services (keystone, neutron, etc).
Change-Id: I4cb843400f244cd34bbae4bc76371977780c7943
|
|
In nova.conf, set cinder/catalog_info to 'volumev2:cinderv2:internalURL'
instead of 'volumev2:cinderv2:publicURL'.
So Nova will use internal Cinder endpoint to reach volume API by
using internal network.
Depends-On: Id9e579ca31364d5207d0c1b892d0f7aa7f20f7a8
Change-Id: Ia34f0fe59f662c3ad29ca0178c01ef1570759d57
|
|
Moves the vhost_params out of the manifest and into static hiera;
also removes unneeded server_alias parameter as that matched the
vhost servername anyway.
Change-Id: I4b5971b23ef3be9529a59075fa93ccc64af75b9c
|
|
Change-Id: Ia2079fc3e350cc677811ebb970cd2b306d6e7040
|
|
If horizon is running in production (DEBUG is False), it will answer
only to the IPs/hostnames specified in the ALLOWED_HOSTS variable in the
local_settings.py configuration file.
The puppet-horizon module offer the feature to customize that,
tripleo-heat-teamplates was missing the link between the top-level
parameter and the puppet parameter, hence this commit.
More info :
* https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
* https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L14-L24
Change-Id: I5faede8b74a0318e15baa761dc502b95b051ae0d
|
|
The removal of default MariaDB accounts was being triggered roughly at
the same time on all controllers, causing a race condition -- multiple
nodes found an account present and attempted deletion, but then only one
succeeded with the deletion, the others failed.
HA controller deletes the accounts only on bootstrap node now, which
fixes the issue.
Change-Id: Ieacd10a6ce26da50f6a37eaa3221d866c24353fa
|
|
|
|
Make core_plugin, type_drivers and service_plugins parameter in
neutron configurable through heat.
Also changing the type_drivers order to "vxlan,vlan,flat,gre"
Change-Id: Iba895ed5897bdaf7bb772ffc063c424abb6e1638
|
|
|
|
The staticweb middleware needs to be put after authentication
middlewares to ensure correct functionality as documented in
http://docs.openstack.org/developer/swift/middleware.html#staticweb
Without this Swift sends a HTML response even if the request was done
using a X-Auth-Token. This might result in a faulty handling of the response on
the client side; for example, "swift stat containername" would report an empty,
private container, while the container might actually be public readable with
data stored in it.
Closes-bug: 1494896
Change-Id: Id48840e0041f8d272e08def292fbedfaf76bbfbb
Co-Authored-By: Christian Schwede <cschwede@redhat.com>
|
|
This patch adds settings for swift::storage::all so
that we set the recommended the incoming and outgoing
chmod permissions.
Depends-On: I627ab2255087b0ebc2d3ddc9cd4a7a7d254abb65
Change-Id: I2f14c9afe7b7135ad1bfecb9db0a39bfc3b4d03a
|
|
This is unused on compute nodes and does not need to be specified.
Further, nova::api is not even included in the compute puppet manifest,
so it had no effect anyway.
Change-Id: I7589bf544fb1ddad3cd371869756cb880c0bac37
|
|
We were calling nova_config resource to define it
but as of Ic060fc18c8f5d7dc8fcf1d7bd921623dc505a515
its now included as part of the nova::api class.
Closes-bug: #1498237
Change-Id: I948f26304536e2d692acf38d994d29167672168b
Depends-On: I2789e782a4fd673e09c6334b6d56819c68414c80
|
|
|
|
|
|
|
|
This is required for HA to work correctly.
Change-Id: I9faa8fd7bbbac67de5c468ab6fc4edb2260dffe7
Depends-On: https://github.com/redhat-openstack/puppet-pacemaker/pull/61
|
|
We don't have swap space enabled on overcloud-full deploys
as discussed at https://bugs.launchpad.net/tripleo/+bug/1491335
The default is 1.5 so configure Virtual ram to physical ram
allocation ratio to 1:1 so we don't allow overcommit.
Related-Bug: 1491335
Change-Id: I58cfe6dc68e8615a5519428412dec8c653bd6093
|
|
This change enables Keystone notifications and adds two parameters
to control the notification driver and format.
Change-Id: I23ac3c46ee9eb49523d3b8dab027ef21fc6e42df
|
|
|
|
Currently mysql root user can connect in a passwordless way from :
* localhost
* 127.0.0.1
* ::1
* <HOSTNAME>
This patch ensures that the mysql root user can connect only from localhost.
Change-Id: If64fd383737c2fbeed4adbe8d98b1f92610956b2
|
|
|
|
|
|
|
|
|
|
Set up a cron job to flush keystone tokens periodically. The job runs
once a day near midnight per puppet-keystone defaults, and we pass
maxdelay 3600 which means each controller will wait a random delay of up
to 1 hour before running the task.
Change-Id: I351f0273c61106c182aa3945b7ad1ce8f5c7d12b
|
|
The dafault in nova.conf for default_floating_pool is set to nova
which is confusing given to make Tempest tests to pass one has to
create a public network with such a name.
Change-Id: I148222a9f276309ede062ee5292993898ff899d6
|
|
This patch moves most of the ::db::mysql parameter initialization
into a new database.yaml Hiera file. This cleans up the
controller manifests and allows us to define things in a single
location across the two implementations (HA and nonHA).
Change-Id: I895b753b329097a96a6c6f3a03a5fcebefe32dd4
|
|
|
|
|
|
Updates the default settings for Nova, Neutron, Cinder,
Ceilometer, and Heat services so we set the default rabbitmq
threshold to 60 seconds.
Change-Id: If537ae16968eb6b264b2ab071144f1eecab18b64
|
|
Change-Id: I7703013b62bd67869c268fb8689389ec0eeb5aad
|
|
By default Cinder will get the publicURL for Nova and Swift, which
is not reachable by the CinderStorage nodes.
Change-Id: I25b7900c9ab261e0f706257ffdf6844533b63b94
|
|
By default Nova will get the publicURL instead, which is not
reachable by the compute nodes.
Change-Id: I57b6a7a7eddb0ffaf6d2d152d932f390c48f908e
|
|
|
|
Currently we build the overcloud image with selinux-permissive element
in CI. However, even in environments where selinux-permissive element is
not used, it should be ensured that SELinux is set to permissive mode on
nodes with Ceph OSD [1].
We have no nice way to manage SELinux status via Puppet at the moment,
so i'm resorting to execs, but with proper "onlyif" guards.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1241422
Change-Id: I31bd685ad4800261fd317eef759bcfd285f2ba80
|
|
This adds the NeutronTunnelIdRanges and NeutronVniRanges parameters
which govern the GRE or VXLAN tunnel IDs (respectively) that are to
be made available for overcloud tenant networks.
These both default to "1:1000," to retain the current behaviour.
They are propagated to the hiera data for puppet deploys and there
is a separate change to support passing these into the config via
the neutron tripleo-image-element at
https://review.openstack.org/#/c/199592/
Change-Id: I967a8cae218a31e888abc438e9de5756ae627adb
Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1240631
|
|
By default MongoDB enables a journaling system that prevents loss of
data in case of an unexpected shut-down. When journaling is enabled,
MongoDB will create the journal files before actually starting the
daemon[1].
The journaling feature is useful in production environment, but not
really on a CI-like system, where we only want to make sure MongoDB is
setup correctly and running, hence here we allow a user to
enable/disable MongoDB journaling.
[1] http://docs.mongodb.org/manual/core/journaling/
Change-Id: I0e4e65af9f650c10fdf5155ff709b4eb984cf4e1
Closes-bug: #1468246
|
|
Currently for both puppet and image-elements based deploys we set
the dhcp_agents_per_network in neutron.conf to 2 and there is no
control over that number (in the hieradata for the former and the
image element for the latter). This change adds the
NeutronDhcpAgentsPerNetwork parameter and also changes the default
to 3 when not explicitly set.
In the puppet case propagate this parameter in the hieradata for
the neutron class and in the non-puppet case expose a new item in
the neutron config to be consumed by the neutron image element
(that change will point here)
Change-Id: Id97c7796db7231b636f2001e28412452cf89562b
|
|
In the overcloud heat, heat.conf instance_user is set to heat-admin.
The consequence of this is that SSHing into heat created guest VMs will require
the user 'heat-admin'. I predict that this will result in user confusion as to
how to SSH into their VMs since they will be attempting default usernames
(centos, cloud-user etc) or the documented heat default user (ec2-user)
This change sets it to an empty string so that default usernames are used.
This change depends on the puppet-heat fix to allow empty string instance_user:
Depends-On: I9e8be0dd50709d271fc81683770c78380724e405
Change-Id: Id14bf3a4ac1b1c95797dae16c674b32a2da230f8
|
|
This value doesn't work, and the default of heat_stack_user is fine.
See https://github.com/openstack/puppet-heat/blob/989ffa65f4339bfd9612cff3b5ddcc4fd301f695/manifests/engine.pp#L22
Resolves: rhbz#1238844
Change-Id: I247121cb91d2b2a34f0f9f769fb411fcbfe6b571
|