| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
As with other services, this passes the necessary hieradata to enable
TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo)
that there will only be TLS connections, as the ssl_only option is being
used.
bp tls-via-certmonger
Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5
Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
|
|
In ocata we changed the rabbitmq ha policy to "ha-exactly" via the
following changes:
- tht: Iace6daf27a76cb8ef1050ada0de7ff1f530916c6
- puppet-tripleo: Ib62001c03e1e08f58cf0c6e0ba07a8879a584084
We took care of the upgrade path via I3a97505d2ae1ae27f3080ffe74c33fdabffd2420
With the move to the ansible-based composable upgrades we left this change out.
And now an upgraded environment has the following policy:
- Upgraded environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}"
- New environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}"
We need to add this pcs resource change to the our upgrade scripts.
Change-Id: I3c4113c207e9d0c45be43df7c2379ac26cb60692
Closes-Bug: #1668600
|
|
This change adds a profile to deploy the Ceph RBD mirroring daemon
as a Pacemaker resource.
Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948
Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789
Closes-Bug: #1652177
|
|
These are only used for TLS-everywhere, and fills up the kerberos
principals that will need to be created for the certs used by the
overcloud. With this, the metadata hook will format these principals
correctly and will further pass them on to the nova metadata service.
Where they can be used if there's a plugin enabled.
bp tls-via-certmonger
bp novajoin
Change-Id: I873094bb69200052febda629fda698a7a782c031
|
|
Adds a step0 for any pre-upgrade checks. This migrates
some of the checks we have at the top of
extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh
Checks for other services (and for the cluster) will follow
in separate commits.
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I607f1fed68d7f11773484c3d7cb3e5af67465d57
|
|
With change I80c8559bb2d915385bcc20ae71fe144ddd6591c1 we removed
all the unused puppet-tripleo pacemaker profiles. With this change
we remove the corresponding puppet profiles from tripleo-heat-templates.
We can also remove any trace of the fake ::Core service as it was
introduced via Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8
for the fake openstack-core pacemaker resource during the Mitaka cycle
and became unused in Newton.
Change-Id: I48cd2b6a4593d673d5883b45feae088392e7e713
|
|
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.
This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.
Change-Id: Ib415e7290fea27447460baa280291492df197e54
|
|
This changes how we get the network-based FQDNs for the specific
services, from using the custom fact, to the new hiera entries.
Change-Id: Iae668a5d89fb7bee091db4a761aa6c91d369b276
|
|
This patch optimizes how we deploy hiera by using a new
heat hook specifically designed to help compose hiera
within heat templates. As part of this change:
- we update all the 'hiera' software configurations to set the group to hiera
instead of os-apply-config.
- The new format uses JSON instead of YAML. The hook actually writes
out the hiera JSON directly so no conversion takes place. Arrays,
Strings, Booleans all stay in their native formats. As such we can avoid
having to do many of the awkward string and list conversions in t-h-t to
support the previous YAML formatting.
- The new hook prefers JSON over YAML so upgrading users will have the
new files prefered. (we will post a cleanup routine for the old files
soon but this isn't a new behavior, JSON is now simply prefered.)
- A lot of services required edits to account for default settings that
worked in YAML that no longer work correctly in the native JSON
format. In almost all these cases I think the resulting codes looks
cleaner and is more explicit with regards to what is getting
configured in hiera on the actual nodes.
Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b
Closes-bug: #1596373
Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
|
|
Currently this is disabled via a conditional in the keepalived
profile in puppet-tripleo, but this will be incompatible with
the planned composable upgrades implementation. Instead we should
disable the service template by mapping to OS::Heat::None, and
ensure the haproxy manifest uses the t-h-t generated hiera value
keepalived_enabled instead of hard-coding a hiera override in the
haproxy template.
Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef
Partial-Bug: #1642936
Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
|
|
This patch updates the pacemaker composable service templates for
mongo and redis to extend the proper base (redis.yaml and mongo.yaml)
templates instead of the -base.yaml versions. This was causing
some missing hiera settings for these services which caused symptoms
like missing firewall rules for these services.
Change-Id: I3f94acbf4d1baadbb151b1c4d34b4a0ab28ad5e5
Partial-bug: #1629934
|
|
We do not want cinder-volume to be managed by Pacemaker on
BlockStorage nodes, where Pacemaker is not running at all.
This change adds a new BlockStorageCinderVolume service name
which can (and is, by default) mapped to the non Pacemaker
implementation of the service.
The error was:
Could not find dependency Exec[wait-for-settle] for
Pacemaker::Resource::Systemd[openstack-cinder-volume]
Also moves cinder::host setting into the Pacemaker specific service
definition because we only want to set a shared host= string when
the service is managed by Pacemaker.
Closes-Bug: #1628912
Change-Id: I2f7e82db4fdfd5f161e44d65d17893c3e19a89c9
|
|
This used to used mysql_bind_ip, but this parameter is quite misleading
since what it actually configures is not the bind-ip itself, but the
gmcast.listen_addr parameter. This fixes that confusion.
Depends-On: Iea4bd67074824e5dc6732fd7e408743e693d80b3
Change-Id: I2b114600e622491ccff08a07946926734b50ac70
|
|
This now takes into use the mysql_bind_host key, to set an
appropriate fqdn for mysql to bind to.
Closes-Bug: #1627060
Change-Id: I50f4082ea968d93b240b6b5541d84f27afd6e2a3
Depends-On: I316acfd514aac63b84890e20283c4ca611ccde8b
|
|
This implements support for installing fluentd agents as a composable
service on the overcloud.
Depends-On: I2e1abe4d8c8359e56ff626255ee50c9cacca1940
Implements: tripleo-opstools-centralized-logging
Change-Id: I23b0e23881b742158fcfb6b8c145a3211d45086e
|
|
If these names don't match then we cannot set the service's nodes,
VIP and network.
Change-Id: I8f1c0eaf62eee2704a5f2556a553032106db606b
Closes-Bug: #1621368
|
|
- adds possibility to install sensu-client on all nodes
- each composable service has it's own subscription
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Michele Baldessari <michele@redhat.com>
Implements: blueprint tripleo-opstools-availability-monitoring
Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
|
|
Change-Id: I5018e4cdb1e5df7c2d67a8c1248d7453941b725f
|
|
Change-Id: Id2227bedee098e0f18704a3dc82fb0be311ff4d2
|
|
|
|
This moves the config settings out of controller.yaml for MySQL
and into puppet/services/database/mysql.yaml.
The top leve MysqlRootPassword is still maintained by default
in overcloud.yaml so that users who upgrade won't get
broken. New users may optionally specify the MysqlRootPassword
as a parameter instead which will take priority over the top
level generated parameter.
We drop the top level MysqlClusterUniquePart because it is no
longer used (I think it was a remnant from t-i-e).
Related-Bug: #1604414
Change-Id: I06ebac0f4c87dabfccefb2e550a64650868c5b26
|
|
Marian Krcmari noticed that on a freshly deployed HA Newton system
gnocchi-metricd and gnocchi-statsd are down. This likely came about when
gnocchi moved to composable roles
(I40a3815923099d00a0f3fc1d88a942784e7c6fb9) and those settings made
sense when it was managed by pacemaker.
Also make sure that all services are disabled when managed via
pacemaker and add manage_service: false for gnocchi-api for pacemaker
which was missing.
Change-Id: If7d681e0fa3e84379ac83c8a55b481369fe2849e
|
|
This patch adds a new DefaultPasswords parameter to
composable services. This is needed to help provide
access to top level password resources that overcloud.yaml
currently manages (passwords for Rabbit, Mysql, etc.).
Moving the RandomString resources into composable services
would cause them to regenerate within the stack. With this
approach we can leave them where they are while we deprecate
the top level mechanism and move the code that uses the
passwords into the composable services.
Change-Id: I4f21603c58a169a093962594e860933306879e3f
|
|
This will be needed to pick the network where the service has
to bind to from within the service template.
Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
|
|
Tempest tests for cinder contain backup tests that fail
unless cinder-backup service is started. This patch facilitates
the service start upon the overcloud deployment.
Original patch converted to composable role.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Depends-On: Ib1dfe52b83ab01819fc669312967950e75d8ddf1
Change-Id: I9ca97b3f1c26aac6d81b3525377e1f5fb962313f
|
|
https://review.openstack.org/#/c/318840/ decomposed the Sahara services
but they weren't added to the ControllerServices list, thus are now disabled.
Since we shipped mitaka with sahara enabled by default, we should probably add
them so the behavior is consistent when folks upgrade.
This also fixes a couple of issues we missed when landing the initial service
templates (partly because CI didn't test them).
In order for each service to operate independently when used with Pacemaker,
the roles needed to be separated. This commit also does this.
Depends-On: Id61eb15b1e2366f5b73c6e7d47941651e40651b1
Change-Id: I0846b328e9d938275e373d58f0b99219b19b326c
Closes-Bug: #1592284
Co-Authored-By: Brad P. Crochet <brad@redhat.com>
|
|
This is the THT part that brings us the next generation architecture
as described in the following spec:
https://review.openstack.org/#/c/299628/
Blueprint:
https://blueprints.launchpad.net/tripleo/+spec/ha-lightweight-architecture
So far we tested deployment + tripleo.sh --overcloud-pingtest and
failover + tripleo.sh --overcloud-pingtest
Note that many of the Pacemaker template files become redundant with
this change, but to simplify the process of getting this change landed,
those templates will not be removed until a future commit.
Depends-On: I5e7585c08675d8a4bd071523b94210d325d79b59
Change-Id: I00bccb2563c006f80baed623b64f1e17af20dd4e
Implements: blueprint ha-lightweight-architecture
Co-Author: cmsj@tenshu.net
|
|
Allows the installation and configuration of Manila.
Supports the generic driver only. This has a dependency on the
puppet-tripleo classes for manila where the puppet specific
config now lives.
The review at https://review.openstack.org/#/c/315658/ has been
merge into this one, as of v68, so manila lands as a composable
service. This was brought up on the mailing list at [1]
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-May/096126.html
Co-Authored-By: Marios Andreou <marios@redhat.com>
Implements: blueprint composable-services-within-roles
Depends-On: I444916d60a67bf730bf4089323dba1c1429e2e71
Depends-On: I9eda4b3364e5c59342761a1ec71b0eb567c69cf1
Depends-On: I571b65a5402c1028418476a573ebeb9450ed00c9
Change-Id: I7acebac4354fca1f8d7ff6c343c1346bf29b81c6
|
|
|
|
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml
we have a lot of references to services (e.g for AllNodesConfig)
by underscore, e.g cinder_api. To enable dynamic generation of
this data, we need the service name in underscore format.
Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
|
|
|
|
Change-Id: Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8
Depends-On: I16a786ce167c57848551c7245f4344c382c55b3d
|
|
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml
except for some services that are not composable yet.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
|
|
|
|
|
|
This patch adds a new service_name section to each composable
service. We now have an explicit unit test check to ensure that
service_name exists in tools/yaml-validate.py.
This patch also wires service_names into hieradata on each
of the roles so that tools can access the deployed services locally
during deployment and upgrades.
Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
|
|
puppet-neutron takes this variable as boolean. Although it doesn't
change the behavior in master (because the variable is used directly as
config), in mitaka it is used as a conditional and should be properly
fixed.
Also a fix is needed in python-tripleoclient because it is hard coded to
be True there based on number of controllers being greater than 1.
Therefore we shoudl remove that logic from tripleoclient and implement
it in THT. In order to do that the pacemaker version of the variable is
defaulted to true.
Partial-Bug: 1605379
Change-Id: I0b797dbe188382e2dc32506913aaa60a0a21bd68
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Deploy Horizon with composable apache service and don't include:
::tripleo::profile::pacemaker::apache
Because it's already included in the profiles in puppet-tripleo.
Change-Id: I5382d5cc95ba10805019142a9a223dbd4a4b8074
Depends-On: Id28c618133e53e28dfac7e3e9cf9f5f5a6b2421a
|
|
Depends-On: I6ba962c682dc2ab8c6ee5238e0c176d9ae05d696
Change-Id: I796524128c49fe1927e96288d40b257a4d862ee7
|
|
This patch just moves the Puppet code into puppet-tripleo.
A future iteration will be to move parameters within the service
template.
Closes-Bug: #1601853
Depends-On: I7ddae28a6affd55c5bffc15d72226a18c708850e
Change-Id: I51a05dbf53f516b200c146b35529ce563ce9ac7b
|
|
Implements: blueprint composable-services-within-roles
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Authored-By: Carlos Camacho <ccamacho@redhat.com>
Depends-On: Id728aae79442c45ab48fe0914c065f1807e8890d
Closes-Bug: #1601846
Change-Id: I40a3815923099d00a0f3fc1d88a942784e7c6fb9
|
|
This patch brings back Ceilometer composable roles for controller,
module some adjustments to make it work.
Fixes 3 issues in Ceilometer composable services
1) This patch fixes the hiera maps in the pacemaker ceilometer*
templates. These were lists and should be a map.
2) fixes a critical issue in ceilometer-base.yaml where the
password was incorrectly coded in the YAML using get_param on
a string which wasn't actually a parameter.
3) Fixes the ceilometer_coordination_url so that it uses a YAML anchor
as was implied instead of get_param on a string which wasn't a
parameter.
4) Fixes the default database connection to use mongodb and configured
in puppet-tripleo profile appropriately.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com>
Closes-Bug: #1601844
Change-Id: Ia0a59121b9ffd5e07647f66137ce53870bc6b5d6
|
|
Depends-On: I2393fc3c360f5f5786411f64dbcd06f380376093
Change-Id: I606cb1f7ef7d651b5d145bfa10ef3aa1561b1590
Partially-implements: blueprint composable-services-within-roles
|
|
|
|
This reverts commit c48410a05ec0ffd11c717bcf350badc9e5f0e910.
We've discovered this patch never had passing CI due to a DLRN
build failure.
Change-Id: I546cb3e340d20701662affda7e28b586c58ba6de
|
|
|
|
|
|
Depends-On: I4b5e93a108e80e91af26ffee454130ee18c0042e
Change-Id: I59c948ead475f449cb8d1b752f39b7eaaf056130
|
|
Class was moved in with other plugins, it's just an update.
Change-Id: I6436c5c36ac0081a720cb8a737a573b1246127a1
Depends-On: I35332df5800083f3373f5c37411534d11e9b4401
|
|
In order for each service to operate independently when used with Pacemaker,
the roles needed to be separated.
Change-Id: I0440b7b119fc9b7bb3db8a2bf341c0c6db8d3d33
Depends-On: I3fa76562c13191884a53848ad5adcbc9f5a24f61
|
Juan Antonio Osorio Robles
Michele Baldessari
Giulio Fidente
marios
Steven Hardy
Dan Prince
Lars Kellogg-Stedman
Martin Mágr
Pradeep Kilambi
Jenkins
Erno Kuvaja
Ryan Hefner
Emilien Macchi
Tim Rozet
Brad P. Crochet