| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Currently we build the overcloud image with selinux-permissive element
in CI. However, even in environments where selinux-permissive element is
not used, it should be ensured that SELinux is set to permissive mode on
nodes with Ceph OSD [1].
We have no nice way to manage SELinux status via Puppet at the moment,
so i'm resorting to execs, but with proper "onlyif" guards.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1241422
Change-Id: I31bd685ad4800261fd317eef759bcfd285f2ba80
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allows inclusion of additional arbitrary puppet classes by the
manifests if defined in the *_classes hieradata.
Example: to specify the Nova RAM allocation ratio there is a
param in nova::scheduler::filter but we do not include it
by default; if needed one can use:
nova::scheduler::filter::ram_allocation_ratio: 1.8
controller_classes:
- nova::scheduler::filter
Change-Id: I61d64d2498bed5c49376dee917d106598392db51
|
|
Without the constraint the VIP could get assigned to a node without
an active haproxy instance, which ultimately means everything stops
working.
kind=Optional allows a VIP to relocate to a healthy haproxy instance
in the event of a failure without tearing down the entire stack in the
process.
Change-Id: I44d44952fb42cf91a2a248250a4063e3034d119e
|
|
In 88b278f510b0c9351c58dfe67513f3902d415ab6 we dropped
the swift ceilometer middleware but we forgot to do it
for the overcloud pacemaker manifest.
Change-Id: If9fcc5d029492554472edbe3be98a44942f94d20
|
|
This maps the template param to the actual class param which optionally
configures Ceph as a backend for the ephemeral storage or for the
persistent storage only. See I4ae0fd605c5a57aa23bea83b06530a50844d24a0
Change-Id: Ic7007da8317e98d450b1362864e65093a184cb25
|
|
|
|
While trying to download a glance image from a webserver, you need to
enable the HTTP backend store.
This patch aims to merge the configured backend and the HTTP store
backend so it will be enabled anytime.
Change-Id: Ie769831f8d491c1b7fe08b8fc7df9ebea493f9e8
|
|
Add two new parameters: EnableFencing and FencingConfig.
FencingConfig is a json with an expected structure documented in the
templates. It gets passed further to puppet-tripleo, which configures
the fencing devices.
Fencing is configured and enabled in the last step after all pacemaker
resources and constraints have been created, which should be a more
stable approach than the other way round.
Change-Id: Ifd432bfd2443b6d13e7efa006d4120bb0eaa2554
Depends-On: I819fc8c126ec47cd207c59b3dcf92ff699649c5a
Depends-On: I8b7adff6f05f864115071c51810b41efad887584
|
|
We do not want to delay Redis vip start to promotion of Redis master,
HAProxy will take care of the validating the backends.
We do not need to force colocation of Redis vip with Redis master.
We do not want to restart the Ceilometer central agent when the vip
moves this can instead cause unwanted cascading restarts due to other
constraints in between services.
More details can be read on the BZ at:
https://bugzilla.redhat.com/show_bug.cgi?id=1236374
Change-Id: I594984cd23db7de57746c3e1018181d61b020f46
|
|
|
|
|
|
|
|
|
|
The Heat contraints group was missing the initial
dependency on Keystone, causing Pacemaker to Heat before or
in parallel to Keystone.
Given Systemd can define dependencies in the unit files, this was
additionally causing an unmanaged start of Keystone making
cluster initialization to fail (with Keystone start timeout blocking
all the depending resources).
Also moves Keystone -> Ceilomter constraint on top of Ceilometer
constraints group for clarity.
Logs and more infos at [1]
1. https://bugzilla.redhat.com/show_bug.cgi?id=1235703
Change-Id: I9505fd46c5bf278afc8ff919c7e768e2de194cb8
|
|
Change-Id: I154c90e6d019807758332e3aefe5dde9d79db6ac
Related-Bug: 1456701
Depends-On: I7199c7e5d759a76f58c0f48b40e9d460a3163886
|
|
Change-Id: I42462a6de2bf70ef71899833c3f27633f0f59493
Closes-Bug: 1468549
Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1235454
|
|
This will increase the mongodb_conn_validator timeout from 60 secs
(the default) to 600 secs; it should take much less in normal
circumstances to start mongod but nodes might not be starting it all
at the same time so we use a larger timeframe for the availablity
checks.
Change-Id: I0ee210be94b33d1c08d67f287aa745743a6649d3
|
|
Neutron will populate the database with some data as soon as the
neutron-server service is started; we want this to happen from a
single node before normal Pacemaker initialization.
Change-Id: I422972502fbb10ddae3201464bbd6885749de31e
Closes-Bug: 1467904
Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1233061
|
|
|
|
|
|
|
|
Change-Id: I8a56e7b067044bace5def63ea6170ed817f48acd
Closes-Bug: 1467437
Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1233283
|
|
|
|
This patch updates the cinder block storage role
for Puppet so that it supports network isolation.
This includes using the (optional) isolated networks
for MySQL, Glance API, and iscsi network traffic.
Change-Id: Icdfbf5fce7380e6049babca0cd50ca2e4008c1b0
|
|
Per Ceilometer commit 191f7bf9ccee33d8444f7dac5c09ceccce72ca29
(change ID: Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97) the
Swift Ceilometer middleware no longer exists so we need
to drop it in order to work with the latest upstream
package.
Change-Id: Iebaad0ba477001d663c6875b32d691bbfcda3d8d
|
|
Redis balancing is controlled by static hieradata [1] we don't
need to override it into manifest.
1. https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/hieradata/controller.yaml#L111
Change-Id: Ie2a5a4cbee0a55f2572f182b18c036efc299dbef
|
|
We need to customize the default apache::ip param or the default
vhost configured will listen on ::80
Change-Id: I195a083f727da940841beb3a0c37dade02c6d1ca
|
|
We have to set it to true as the default is false which means the
redis vip can't be reached. This was manifested as a problem with
ceilometer agent reaching the coordination url like [1].
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
[1] https://bugzilla.redhat.com/attachment.cgi?id=1040023
Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1232797
Change-Id: I1cd63308d0ac1d17542e1a2a909ee1a9680ed4b3
|
|
|
|
|
|
The redis_vip should come from a Neutron Port as its cidr depends
on the Neutron Network configuration. This change adds 2 new files
and modifies 1 in the network/ports directory:
- noop.yaml - Passes through the ctlplane Controller IP (modified)
- ctlplane_vip.yaml - Creates a new VIP on the control plane
- vip.yaml - Creates a VIP on the named network (for isolated nets)
Also, changes to overcloud-without-mergepy.yaml create the
Redis Virtual IP. The standard resource registry was modified to
use noop.yaml for the new Redis VIP. The Puppet resource registry
was modified to use ctlplane_vip.yaml by default, but can be made
to use vip.yaml when network isolation is used by using an
environment file. vip.yaml will place the VIP according to the
ServiceNetMap, which can also be overridden.
We use this new VIP port definition to assign a VIP to Redis,
but follow-up patches will assign VIPs to the rest of the
services in a similar fashion.
Co-Authored-By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: I2cb44ea7a057c4064d0e1999702623618ee3390c
|
|
The Redis bind host should be set from [1] template.
1. https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/controller-puppet.yaml#L985
Change-Id: I8713db1a7ad739692817921248edcc6b0e819ade
|
|
Adds the horizon (httpd) service as pacemaker resource
Also adds a default for the horizon::django_session_engine [1]
which was previously unconfigured. Also adds a server-status.conf
for httpd/pacemaker [2]
[1] https://docs.djangoproject.com/en/dev/topics/http/sessions/#using-cached-sessions
[2] https://github.com/beekhof/osp-ha-deploy/blob/master/pcmk/horizon.scenario#L72
Change-Id: I320837dfecf3241355e8a3345d0ff271592da491
|
|
|
|
|
|
|
|
Two PR have been merged upstream that let use improve our current
implementation :
* service_manage[1]
* conn string has namevar[2]
[1] https://github.com/puppetlabs/puppetlabs-mongodb/pull/198
[2] https://github.com/puppetlabs/puppetlabs-mongodb/pull/200
Change-Id: Ia2247348a9e0292b5fcbc65ea1e41e6bc7c477fa
|
|
Since t-h-t can now deploy a Redis cluster, we can rely on it as the
tooz backend for high availability.
Change-Id: If045a273388aa2e725b6de624e09aa9c85248cc4
|
|
Change-Id: I731b408f24da01c1bc897bfffe8fd4d5638932ed
|
|
Enables support for configuring Cinder with a NetApp backend.
This change adds all relevant parameters for:
- Clustered Data ONTAP (NFS, iSCSI, FC)
- Data ONTAP 7-Mode (NFS, iSCSI, FC)
- E-Series (iSCSI)
Change-Id: If6c6e511ef2d26c4794e3b37c61e5318485ff4db
|
|
The list of drivers loaded by the ML2 plugin does not have to
match the list of tenant_network_types, this will make ML2 load
the flat, gre, vxlan and vlan drivers so that the provider
networks can be of flat (default) and vlan type as well.
Change-Id: I0b74f86acf5c1ff644deb46c0a1d14129c1882d4
|
|
This patch updates the overcloud pacemaker role manifest so
that it optionally configures VIPs on isolated networks if
they are enabled.
Change-Id: I6123ee622abe4d8d7b5f76cf9bac43acd80c1f64
|
|
This patch refactors the puppet controller role so that it
makes use of per service VIP settings for each service.
Previously the VIP for the ctlplane was hard wired to
many of the controller service. With this patch we have
the ability to isolate traffic for services which
made use of the ctlplane and public VIPs for their
settings.
The implementation includes:
* stops the use of the VirtualIP and PublicVirtualIP within the
controller role. These parameters have now been replaced with
per service heat parameters for the controller nested stack which
are determined via VipMap based on per service settings in the heat
environment.
* All VIP configuration is now moved into puppet/vip-config.yaml.
This made sense so we could deprecate the use of the VirtualIP
and PublicVirtualIP settings above.
* The puppet manifests for the controller were cleaned up for several
to use Hiera directly instead of constructing URLs based on the
static controller and public network VIPs. This improvement
was something we wanted to do anyways and made the implementation
cleaner.
Change-Id: I9b9a15be67f74bec97366408f7047acfd6ea0ec6
|
Jiri Stransky
Jenkins
Giulio Fidente
Dan Prince
Emilien Macchi
marios
Yanis Guenane
Ryan Hefner