aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/nova-libvirt.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-10-07Support for Ocata-Pike live-migration over sshOliver Walsh1-1/+1
In Ocata all live-migration over ssh is performed on the default ssh port (22). In Pike the containerized live-migration over ssh is on port 2022 as the docker host's sshd is using port 22. To allow live migration during upgrade we need to temporarily pin the Pike computes to port 22 and in the final converge we can switch over to port 2022. This also changes the default port to 2022 for baremetal computes in Pike to enable live-migration between baremetal and containerized computes. Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1 Depends-On: I0b80b81711f683be539939e7d084365ff63546d3 Closes-Bug: 1714171 (cherry picked from commit 17fd16b9f266e1aa67bf03ebdf309e89d668ada2)
2017-08-23Configure listen_address for libvirtd when TLS is enabledJuan Antonio Osorio Robles1-0/+2
It wasn't being configured, and the default is to listen on all interfaces. This fixes that. Change-Id: I00da25474fb1544eabdedaf126e67d5a6617f02f Closes-Bug: #1712475
2017-08-21Merge "Let mds create manila key and fs"Jenkins1-1/+1
2017-08-18Let mds create manila key and fsJan Provaznik1-1/+1
ceph-ansible will take care of setting up client keys both in ceph and on client side. It will also create filesystem for manila. To assure that manila manifest can work in future both with puppet and with ceph-ansible, creation of filesystem is moved to ceph-mds manifest and creation of manila key on ceph side is moved to ceph-base (so manila key is always created), manila key is added to ceph-external for external ceph deployments. Key creation is removed from manila.pp in patch I2b5567a39ac8737e80758b705818cc1807dc8bf1 Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68 Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27 Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
2017-08-14Extend VNC port rangeBen Nemec1-1/+1
Per the attached bug, if a large number of instances are colocated on a single compute node it is possible to exhaust the allowed VNC ports. This change extends the range to include 1024 ports, which with the default 16x overcommit ratio in Nova means we could handle a fully loaded 64 core server. That's _probably_ overkill, but I think it makes sense to overshoot a bit on this and ensure nobody runs into weird problems because their VNC ports weren't allowed through the firewall. Change-Id: Ia48602e82b8e0fbb585371ea514eea3c2334dab0 Closes-Bug: 1678025
2017-08-09Set virsh secret with an init step when using CephGiulio Fidente1-0/+5
Run virsh secret-define and secret-set-value in an init step instead of relying on the puppet-nova exec. Co-Authored-By: Jiri Stransky <jistr@redhat.com> Change-Id: Ic950e290af1c66d34b40791defbdf4f8afaa11da Closes-Bug: #1709583
2017-07-23Add support for nova live/cold-migration with containersOliver Walsh1-3/+17
Updates hieradata for changes in https://review.openstack.org/471950. Creates a new service - NovaMigrationTarget. On baremetal this just configures live/cold-migration. On docker is includes a container running a second sshd services on an alternative port. Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd containers. Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427 Implements: blueprint tripleo-cold-migration Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12
2017-07-19Add nova::compute::rbd setting into nova-libvirt profileGiulio Fidente1-0/+18
Some of the tasks carried by nova::compute::rbd class apply to the compute service, others to the libvirt service so it needs to be included in both. Change-Id: I28557deb13b75922932cd3e86c3467a541c988d0
2017-07-14Adds network/cidr mapping into a new service propertyGiulio Fidente1-0/+5
Makes it possible to resolve network subnets within a service template; the data is transported into a new property ServiceData wired into every service which hopefully is generic enough to be extended in the future and transport more data. Data can be consumed in service templates to set config values which need to know what is the subnet where a deamon operates (for example the Ceph Public vs Cluster network). Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-05-19Update the template_version alias for all the templates to pike.Carlos Camacho1-1/+1
Master is now the development branch for pike changing the release alias name. Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
2017-05-15Add role specific information to the service templateSaravanan KR1-0/+10
When a service is enabled on multiple roles, the parameters for the service will be global. This change enables an option to provide role specific parameter to services and other templates. Two new parameters - RoleName and RoleParameters, are added to the service template. RoleName provides the role name of on which the current instance of the service is being applied on. RoleParameters provides the list of parameters which are configured specific to the role in the environment file, like below: parameters_default: # Default value for applied to all roles NovaReservedHostMemory: 2048 ComputeDpdkParameters: # Applied only to ComputeDpdk role NovaReservedHostMemory: 4096 In above sample, the cluster contains 2 roles - Compute, ComputeDpdk. The values of ComputeDpdkParameters will be passed on to the templates as RoleParameters while creating the stack for ComputeDpdk role. The parameter which supports role specific configuration, should find the parameter first in in the RoleParameters list, if not found, then the default (for all roles) should be used. Implements: blueprint tripleo-derive-parameters Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
2017-05-03Internal TLS: use common CA file parameter for libvirt CA certJuan Antonio Osorio Robles1-5/+20
libvirt has its own parameter for setting the CA, however, if we have a common CA for all services in the internal network (which we do), it's more consistent to use the common parameter for configuring that CA file. The previous parameter was left in case the deployer wants to use a specific CA file for the compute nodes. Change-Id: I3d132d3d257d7ea9f43e49593f8509c3cd205ca5
2017-04-20Merge "TLS-everywhere: Enable for TLS libvirt live migration"Jenkins1-0/+82
2017-04-19TLS-everywhere: Enable for TLS libvirt live migrationJuan Antonio Osorio Robles1-0/+82
This relies on using the default paths for certs/keys used by libvirt and is only enabled if TLS-everywhere is enabled. bp tls-via-certmonger Depends-On: If18206d89460f6660a81aabc4ff8b97f1f99bba7 Depends-On: I0a1684397ebefaa8dc00237e0b7952e9296381fa Change-Id: I0538bbdd54fd0b82518585f4f270b4be684f0ec4
2017-04-15Add migration SSH tunneling supportOliver Walsh1-1/+0
This enables nova cold migration. This also switches to SSH as the default transport for live-migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. The TCP transport is no longer used for live-migration and the firewall port has been closed. Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
2017-02-01Configure VNC Server listen address through t-h-tJuan Antonio Osorio Robles1-0/+1
This adds an entry for libvirt (which is used by the VNC server) on which we can tell it via t-h-t on which IP address to listen on. Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b Related-Bug: #1660099
2017-01-03Expose enabled_perf_events libvirt optionsPradeep Kilambi1-0/+9
For cache monitoring technology feature to work, nova config libvirt settings should have the perf events enabled for nova to emit these so telemetry can capture them. Depends-On: Ia27e6831f3f6e9cdeaacb650039be5c81b90cb40 Change-Id: I92c318008b965a6527acbce85b41a545eda7ee18
2017-01-03Merge "Increase libvirt/qemu.conf max_files and max_processes"Jenkins1-0/+3
2016-12-23Bump template version for all templates to "ocata"Steven Hardy1-1/+1
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-16Increase libvirt/qemu.conf max_files and max_processesGiulio Fidente1-0/+3
When Nova and/or Cinder are using Ceph as backend, qemu will need to open a connection and two threads for each and every Ceph OSD. This change raises the max_files (set to 1024 by default) to 32768 and the max_processes (set to 4096 by default) to 131072. The max number of FDs is per-process, while the max number of processes is per-user. The values can be overridden via ExtraConfig, no params are added to the templates. A more detailed description of the values were chosen can be found at: https://access.redhat.com/solutions/1602683 Change-Id: I1e79675f6aac1b0fe6cc7269550fa6bc8586e1fb Depends-On: I258afd3ee6633e4b2ebc45aa8611be652476be0c
2016-11-03nova: add missing vnc console port in firewallEmilien Macchi1-0/+1
- Remove vncproxy firewall rules from nova-api service - Add vncproxy firewall rules to nova-vncproxy service - Add console port range firewall rules to nova-libvirt service Change-Id: I421ae21c130cac6f25e7c0869b941ba77441172c
2016-11-03nova/libvirt: add missing ports for live-migrationEmilien Macchi1-0/+2
Some ports are missing to support live-migration. This patch adds them. Documented here: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/migrating-instances/chapter-1-how-to-migrate-a-live-instance Change-Id: I72634a9940c11602522322235e51bf27cb664e57
2016-10-20Open port 16509 for libvirt for live migrationJames Slagle1-0/+4
Port 16509 should be opened for tcp traffic to enable live migration. See Also: http://docs.openstack.org/admin-guide/compute-configuring-migrations.html Previously, we were not enabling any iptables rules on the Compute Roles, so this is a regression. Change-Id: Ie4abf53dc2a8171af48d02e34a1a3ad43f27cfb3 Closes-Bug: #1635427
2016-08-31Availability monitoring agents supportMartin Mágr1-0/+4
- adds possibility to install sensu-client on all nodes - each composable service has it's own subscription Co-Authored-By: Emilien Macchi <emilien@redhat.com> Co-Authored-By: Michele Baldessari <michele@redhat.com> Implements: blueprint tripleo-opstools-availability-monitoring Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-18Add DefaultPasswords to composable servicesDan Prince1-0/+4
This patch adds a new DefaultPasswords parameter to composable services. This is needed to help provide access to top level password resources that overcloud.yaml currently manages (passwords for Rabbit, Mysql, etc.). Moving the RandomString resources into composable services would cause them to regenerate within the stack. With this approach we can leave them where they are while we deprecate the top level mechanism and move the code that uses the passwords into the composable services. Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18Pass ServiceNetMap to servicesGiulio Fidente1-0/+7
This will be needed to pick the network where the service has to bind to from within the service template. Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-08-15Move Nova settings out of puppet/compute.yamlDan Prince1-0/+6
This finishes moving most of the config settings out of compute.yaml for Nova and into the proper nova-* services. Only the bind port/VIP related Nova settings remain now and those will be dealt with in a follow up patch. Change-Id: I1c40e7d54c11dfff2aaa6438c7701e98da17ebe6 Related-Bug: #1604412
2016-07-28Convert service_name to underscore syntaxSteven Hardy1-1/+1
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml we have a lot of references to services (e.g for AllNodesConfig) by underscore, e.g cinder_api. To enable dynamic generation of this data, we need the service name in underscore format. Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-25Merge "Move nova::db data within service template"Jenkins1-0/+2
2016-07-22Move nova::db data within service templateGiulio Fidente1-0/+2
Change-Id: I86752248e59a2e98f8ff9b2c5998839f9ade4779
2016-07-22Add 'service_name' to composable servicesDan Prince1-0/+1
This patch adds a new service_name section to each composable service. We now have an explicit unit test check to ensure that service_name exists in tools/yaml-validate.py. This patch also wires service_names into hieradata on each of the roles so that tools can access the deployed services locally during deployment and upgrades. Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-06-30First iteration of libvirt and nova-compute as a composable servicesEmilien Macchi1-0/+31
This is a first iteration of implementing libvirt and nova compute as composable services. Note: some parameters are still in puppet/compute.yaml -- we'll move them later in a next iteration. Implements: blueprint composable-services-within-roles Depends-On: I0b765f8cb08633005c1fc5a5a2a8e5658ff44302 Change-Id: I752198cdf231ef13062ba96c3877e5defd618c3a