Age | Commit message (Collapse) | Author | Files | Lines |
|
libvirt has its own parameter for setting the CA, however, if we have a
common CA for all services in the internal network (which we do), it's
more consistent to use the common parameter for configuring that CA
file.
The previous parameter was left in case the deployer wants to use a
specific CA file for the compute nodes.
Change-Id: I3d132d3d257d7ea9f43e49593f8509c3cd205ca5
|
|
|
|
This relies on using the default paths for certs/keys used by libvirt
and is only enabled if TLS-everywhere is enabled.
bp tls-via-certmonger
Depends-On: If18206d89460f6660a81aabc4ff8b97f1f99bba7
Depends-On: I0a1684397ebefaa8dc00237e0b7952e9296381fa
Change-Id: I0538bbdd54fd0b82518585f4f270b4be684f0ec4
|
|
This enables nova cold migration.
This also switches to SSH as the default transport for live-migration.
The tripleo-common mistral action that generates passwords supplies the
MigrationSshKey parameter that enables this.
The TCP transport is no longer used for live-migration and the firewall
port has been closed.
Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f
Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06
Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf
Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
|
|
This adds an entry for libvirt (which is used by the VNC server) on
which we can tell it via t-h-t on which IP address to listen on.
Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b
Related-Bug: #1660099
|
|
For cache monitoring technology feature to work, nova config
libvirt settings should have the perf events enabled for
nova to emit these so telemetry can capture them.
Depends-On: Ia27e6831f3f6e9cdeaacb650039be5c81b90cb40
Change-Id: I92c318008b965a6527acbce85b41a545eda7ee18
|
|
|
|
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.
This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.
Change-Id: Ib415e7290fea27447460baa280291492df197e54
|
|
When Nova and/or Cinder are using Ceph as backend, qemu will need
to open a connection and two threads for each and every Ceph OSD.
This change raises the max_files (set to 1024 by default) to 32768
and the max_processes (set to 4096 by default) to 131072. The max
number of FDs is per-process, while the max number of processes is
per-user. The values can be overridden via ExtraConfig, no params
are added to the templates.
A more detailed description of the values were chosen can be
found at: https://access.redhat.com/solutions/1602683
Change-Id: I1e79675f6aac1b0fe6cc7269550fa6bc8586e1fb
Depends-On: I258afd3ee6633e4b2ebc45aa8611be652476be0c
|
|
- Remove vncproxy firewall rules from nova-api service
- Add vncproxy firewall rules to nova-vncproxy service
- Add console port range firewall rules to nova-libvirt service
Change-Id: I421ae21c130cac6f25e7c0869b941ba77441172c
|
|
Some ports are missing to support live-migration. This patch adds them.
Documented here:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/migrating-instances/chapter-1-how-to-migrate-a-live-instance
Change-Id: I72634a9940c11602522322235e51bf27cb664e57
|
|
Port 16509 should be opened for tcp traffic to enable live migration.
See Also:
http://docs.openstack.org/admin-guide/compute-configuring-migrations.html
Previously, we were not enabling any iptables rules on the Compute
Roles, so this is a regression.
Change-Id: Ie4abf53dc2a8171af48d02e34a1a3ad43f27cfb3
Closes-Bug: #1635427
|
|
- adds possibility to install sensu-client on all nodes
- each composable service has it's own subscription
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Michele Baldessari <michele@redhat.com>
Implements: blueprint tripleo-opstools-availability-monitoring
Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
|
|
This patch adds a new DefaultPasswords parameter to
composable services. This is needed to help provide
access to top level password resources that overcloud.yaml
currently manages (passwords for Rabbit, Mysql, etc.).
Moving the RandomString resources into composable services
would cause them to regenerate within the stack. With this
approach we can leave them where they are while we deprecate
the top level mechanism and move the code that uses the
passwords into the composable services.
Change-Id: I4f21603c58a169a093962594e860933306879e3f
|
|
This will be needed to pick the network where the service has
to bind to from within the service template.
Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
|
|
This finishes moving most of the config settings out of
compute.yaml for Nova and into the proper nova-* services.
Only the bind port/VIP related Nova settings remain now and those
will be dealt with in a follow up patch.
Change-Id: I1c40e7d54c11dfff2aaa6438c7701e98da17ebe6
Related-Bug: #1604412
|
|
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml
we have a lot of references to services (e.g for AllNodesConfig)
by underscore, e.g cinder_api. To enable dynamic generation of
this data, we need the service name in underscore format.
Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
|
|
|
|
Change-Id: I86752248e59a2e98f8ff9b2c5998839f9ade4779
|
|
This patch adds a new service_name section to each composable
service. We now have an explicit unit test check to ensure that
service_name exists in tools/yaml-validate.py.
This patch also wires service_names into hieradata on each
of the roles so that tools can access the deployed services locally
during deployment and upgrades.
Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
|
|
This is a first iteration of implementing libvirt and nova compute as
composable services.
Note: some parameters are still in puppet/compute.yaml -- we'll move
them later in a next iteration.
Implements: blueprint composable-services-within-roles
Depends-On: I0b765f8cb08633005c1fc5a5a2a8e5658ff44302
Change-Id: I752198cdf231ef13062ba96c3877e5defd618c3a
|