Age | Commit message (Collapse) | Author | Files | Lines |
|
When a service is enabled on multiple roles, the parameters for the
service will be global. This change enables an option to provide
role specific parameter to services and other templates.
Two new parameters - RoleName and RoleParameters, are added to the
service template. RoleName provides the role name of on which the
current instance of the service is being applied on. RoleParameters
provides the list of parameters which are configured specific to the
role in the environment file, like below:
parameters_default:
# Default value for applied to all roles
NovaReservedHostMemory: 2048
ComputeDpdkParameters:
# Applied only to ComputeDpdk role
NovaReservedHostMemory: 4096
In above sample, the cluster contains 2 roles - Compute, ComputeDpdk.
The values of ComputeDpdkParameters will be passed on to the templates
as RoleParameters while creating the stack for ComputeDpdk role. The
parameter which supports role specific configuration, should find the
parameter first in in the RoleParameters list, if not found, then the
default (for all roles) should be used.
Implements: blueprint tripleo-derive-parameters
Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
|
|
This adds the necessary parameter for swift proxy to be terminiated
internally by a TLS proxy.
bp tls-via-certmonger
Change-Id: I3cb9d53d75f982068f1025729c1793efaee87380
Depends-On: I6e7193cc5b4bb7e56cc89e0a293c91b0d391c68e
|
|
|
|
In the previous release[1], the services were stopped before the
pacemaker services, so that they get a chance to send last message to
the database/rabbitmq queue:
Let's do the upgrade in the same order.
[1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71
Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218
|
|
If the message broker is using TLS, we enable it for these
notifications.
Change-Id: I4f37e77ae12e9582fab7d326ebd4c70127c5445f
Depends-On: If23d1f0d20264faaddc2e5ad54863483fa43ed41
|
|
The admin endpoint is listening on the ctlplane network by default;
services should ideally be using the internal api network for this kind
of traffic, as the ctlplane network is mostly for provisioning. On the
other hand, the admin endpoint shouldn't be as relevant with services
switching to keystone v3.
Change-Id: I1213a83ef8693c1cca1d20de974f7949a801d9f1
|
|
So, if RabbitClientUseSSL is set, this will enable TLS for the
swift's ceilometer message broker connection.
Change-Id: Ide70a509aefc9e7eb9d7cc5b3a60520fa42b4010
Depends-On: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
|
|
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Partially-Implements: blueprint overcloud-upgrades-per-service
Closes-Bug: #1655651
Change-Id: I83134f51d152f3b97f9a570bbd9a67c753982810
|
|
puppet-swift has hard-coded sections which expect these to be
*_quotas, without matching the pipeline to the sections swift
proxy fails to start.
Change-Id: I3ee94a9bc4b046051e5d814e82a69f759bea1296
Closes-Bug: #1657167
|
|
Setting the default Swift proxy workers to 0 actually results in a
single Swift proxy worker, no matter how many CPU cores are available.
This is not the default Swift setting and is most likely not sufficient.
Setting this to auto uses the default in Swift, which equals to the
number of CPU cores.
Closes-Bug: 1655070
Change-Id: Ic321b6111f8697ba3cc1554611fee44c2e540759
|
|
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.
This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.
Change-Id: Ib415e7290fea27447460baa280291492df197e54
|
|
This patch updates the swift-proxy base profile so that
we now explicitly set the rabbit_port. This allows us
to remove the use of puppet-ceilometer default settings
in the puppet-tripleo modules change ID here:
I8d9f69f5e9160543b372bd9886800f16f625fdc6
It also adds a new boolean parameter that allows the
end user to disable the swift ceilometer pipeline
by setting SwiftCeilometerPipelineEnabled to false.
This two settings allow Swift to once again be installed
on a machine without configuring Ceilometer.
Depends-On: Id1584df5e5bb90f8087ae25eecc4834179b6fc21
Change-Id: Ief5399d7ea4d26e96ce54903a69d660fa4fe3ce9
Related-bug: #1648736
|
|
|
|
Ceilometer notifications can be sent in a background thread, unblocking
the Swift proxy in case the RabbitMQ is not processing notifications
quick enough or even unavailable.
There is a default queue size of 1000 notifications. If more messages
are added to the queue these will be discarded, and a warning log entry
will be emitted.
Change-Id: I98022dcbf661a5bb7425f49ba8525225d61212dc
|
|
Adding these features are typically enabled by default
in any swift cluster.
See upstream sample:
https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample
Change-Id: I29915d1b86da5c47ec34acfb89ab8234e153bf31
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Depends-On: Ie323f68255a73d46e774cbf49d9353c3bf90c35e
|
|
|
|
Depends-On: Icf45cf2aece398b836c87ddffde5d3056e96dc4d
Change-Id: I3577dc38a0b52092ee5e98a381eb52c3d2768c10
Signed-off-by: Thiago da Silva <thiago@redhat.com>
|
|
The param is now managed in puppet-tripleo like other services.
Change-Id: I306aa6ac6e2cfc0d4602e15e11564a6be096a121
Depends-On: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d
|
|
The Ceilometer middleware is in the wrong place; actually any middleware
should be deployed after catch_errors to catch any errors that would
otherwise crash the proxy service. Additionally the ceilometer
middleware should be deployed after any authentication middleware.
Closes-Bug: 1637471
Co-Authored-By: Thiago da Silva <thiago@redhat.com>
Change-Id: I710ff2f51271a78582fa502e7eecfa687800c664
|
|
new ceilometermiddleware is available and integrated into
puppet-swift. Lets leverage it and include it in the
swift proxy pipeline. The correcponding puppet triple
change for this is Ie49f4a750368ff174b23b8d6baa743d0956d727e
Closes-Bug: #1631108
Change-Id: I82da0240d60d1eed54f1c0927e6157bb63025a19
|
|
Tempest expects object versioning to be enabled by default in Swift;
if not it has to be disabled explicitly in the Tempest config.
This is a commonly used middleware, therefore it should be enabled
in the overcloud proxy nodes as well.
Closes-Bug: 1632215
Depends-On: I07a206473ff7939749e3eba1dfe3ea8c4526eb5c
Change-Id: I4eae08ff3f9a3a2f829c3497c1c2aaee8e7f8554
|
|
This patch moves the keystone::auth settings for all
services into the new service_config_settings section. This
is important because we execute the keystone commands via
puppet only on the role containing the keystone service
and without these settings it will fail.
Note that yaql merging/filtering is used here to ensure that
service_config_settings is optional in service templates,
and also that we'll only deploy hieradata for a given
service on a node running the service (the key in
the service_config_settings map must match the service_name
in the service template for this to work).
e.g the following will result in only deploying keystone: 123
in hiera on the role running the "keystone" service,
regardless of which service template defines it.
service_config_settings:
keystone:
keystone: 123
Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265
Closes-bug: 1620829
|
|
|
|
It updates Glance, Neutron and Swift to deploy authtoken with modern
pattern.
Change-Id: Icfaf011ea4a23bc47d2fb45e8768f8238532dab3
|
|
- adds possibility to install sensu-client on all nodes
- each composable service has it's own subscription
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Michele Baldessari <michele@redhat.com>
Implements: blueprint tripleo-opstools-availability-monitoring
Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
|
|
This moves the swift local bind and hash prefix settings
into the relevant swift-* composable services.
Change-Id: I807ff14c4cc9afa39efee13849e0f8c22718f1c0
|
|
This patch adds a new DefaultPasswords parameter to
composable services. This is needed to help provide
access to top level password resources that overcloud.yaml
currently manages (passwords for Rabbit, Mysql, etc.).
Moving the RandomString resources into composable services
would cause them to regenerate within the stack. With this
approach we can leave them where they are while we deprecate
the top level mechanism and move the code that uses the
passwords into the composable services.
Change-Id: I4f21603c58a169a093962594e860933306879e3f
|
|
This will be needed to pick the network where the service has
to bind to from within the service template.
Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
|
|
|
|
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml
we have a lot of references to services (e.g for AllNodesConfig)
by underscore, e.g cinder_api. To enable dynamic generation of
this data, we need the service name in underscore format.
Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
|
|
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml
except for some services that are not composable yet.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
|
|
Split out the firewall rules in puppet/hieradata/controller.yaml
into the composable services
Depends-On: Id370362ab57347b75b1ab25afda877885b047263
Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
|
|
This patch adds a new service_name section to each composable
service. We now have an explicit unit test check to ensure that
service_name exists in tools/yaml-validate.py.
This patch also wires service_names into hieradata on each
of the roles so that tools can access the deployed services locally
during deployment and upgrades.
Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
|
|
We've had problems uploading images on slow virtualized environments,
where the requests to swift would time out. The issue has been seen both
on undercloud and overcloud. The default timeout is 10 seconds, the
issue has been reportedly reproduced on undercloud with node_timeout as
high as 30 seconds, but not with 60 seconds yet. Set the default timeout
to 60 seconds on overcloud too.
Change-Id: I7d486cf4dc9768ddbf71ab71e92db8d2ef29978e
Closes-Bug: #1594725
|
|
Switch the swift proxy service to use the new composable
services format.
Change-Id: Idc9ac64818882e73836ac99bbad56eec184c9a5d
Partially-Implements: blueprint composable-services-within-roles
Depends-On: I6bd72284911f3f449157a6fc00b76682dd53bd8c
|