| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
These work the same way as upgrade_tasks *but* they use a step variable
instead of tags, so we can iterate over a count/sequence which isn't
possibly via a wrapper playbook with tags (we may want to align upgrade
tasks with the same approach if this works out well).
Note the tasks can be run via ansible-playbook on the undercloud, like:
openstack overcloud config download --config-dir tmpconfig
cd tmpconfig/tripleo-HCrDA6-config
ansible-playbook -b -i /usr/bin/tripleo-ansible-inventory update_steps_playbook.yaml --limit controller
The above will do a rolling update for the Controller role (note the inconsistent
capitalization, we probably need to fix the group naming in tripleo-ansible-inventory)
because we specify serial: 1 in the playbook.
You can also trigger an update explicitly on one node like this, which is useful for debugging:
ansible-playbook -vvv -b -i /usr/bin/tripleo-ansible-inventory update_steps_playbook.yaml --limit overcloud-controller-0
Change-Id: I20bb3e26ab9d9cadf1a31fd304de8a014a901aa9
|
|
It wasn't being configured, thus making mongodb fail.
Change-Id: If0d7513aacfa74493a9747440fb97f915a77db84
Closes-Bug: #1710162
|
|
|
|
|
|
This de-couples public TLS from controllers to now run wherever HAProxy
is deployed.
Partially-Implements: blueprint composable-networks
Change-Id: I9e84a25a363899acf103015527787bdd8248949f
|
|
|
|
|
|
Run virsh secret-define and secret-set-value in an init step
instead of relying on the puppet-nova exec.
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: Ic950e290af1c66d34b40791defbdf4f8afaa11da
Closes-Bug: #1709583
|
|
this removes the hardcoded paths for the haproxy certs and keys and will
enable re-use. We'll use this in a further commit in the containterized
TLS work.
Change-Id: I602e5a569e2e7e60835deb80532abcedd7a1f63d
|
|
Using a string results in an erroneous check in puppet-keystone, which
sets up a zero where it shouldn't. So we change it to number to avoid
that. Note that there will also be a puppet-keystone fix for this.
Changing the value here assures that deployers only give valid values to
this parameter.
Change-Id: I00823e23358df91ce54f421c12636f05d4196e15
Closes-Bug: #1708584
|
|
|
|
This moves the directories containing the certs/keys for haproxy one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.
bp tls-via-certmonger-containers
Depends-On: Iba3adb9464a755e67c6f87d1233b3affa8be565a
Change-Id: I73df8d442b361cb5ef4e343b4ea2a198a5b95da9
|
|
|
|
Since we now support zaqar:// publisher, Enhance the description to indicate
how to set the zaqar publisher.
Change-Id: Ib7eba98d199fade2346620672e33b74686d4685b
|
|
|
|
Adding composable services for Nuage mechanism driver for ML2. This
is separate from Nuage as the core plugin and intentional duplication
of Nuage under puppet services. Parameters required for working of
Nuage as mechanism driver are also added.
Change-Id: I2b564610721152c4f4dab9da79442256ba8d0b33
|
|
|
|
|
|
There is logic in nova-base.yaml that depends on the default for
this parameter being '', and the nova-compute service only needs it
set to auto during upgrade. That will be done by [1] anyway, so it
doesn't matter what the default is. It's also not clear to me that
the nova-compute task is even needed now that we're post-Ocata, but
that's not a change I feel comfortable making.
1: https://github.com/openstack/tripleo-heat-templates/blob/master/environments/major-upgrade-composable-steps.yaml
Change-Id: Iccfcb5b68e406db1b942375803cfedbb929b4307
Partial-Bug: 1700664
|
|
These are mostly the low hanging fruit that only required a few
minor changes to fix. There are more that require a lot of changes
or might be more controversial that will be done later.
Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62
Partial-Bug: 1700664
|
|
We install redis if its not already there, but we should also
ensure redis service is started in the next step 4.
related to issues we're seeing in I284de61bbefac9e9b37390650016643ffe38b5cc
Change-Id: Ic01db53ea8669f14e87f6987045b2be5a3480024
|
|
|
|
Without this config defaults to undef in containers
Change-Id: Id47f365364e7b0d399de92995871b136550cd625
|
|
|
|
|
|
networking-odl no longer supports the network-topology port
binding controller and instead now relies on a pseudo-agent binding
controller. This means that each OVS node must be configured with
host configuration in OVSDB about which VIF types, network types,
functions, etc that this OVS node supports. The end result is this
affects where nova and neutron will schedule instances.
Changes Include:
- Modifying default port binding controller to use pseudo agent
- Adds necessary per role parameters to be able to configure host
config on a per role basis to allow for heterogenous compute node
configurations.
Change-Id: I50458abf6a8a6bf724ad97accb6444d9c497d287
Closes-Bug: 1674995
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml)
is started only on compute nodes. But for the cases where the controller nodes
provide the north/south traffic, we need ovn-controller service runninng in controller
nodes as well.
This patch
- Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more
sense and sets the service name as 'ovn-controller'.
- Adds the service 'ovn-controller' to Controller and Compute roles.
- Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml
Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3
Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53
Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5
|
|
The iscsid service definition has a typo, config_setting should
read config_settings
Change-Id: I12605dba61fd5f6ce80c3ab78e883ed5ebf3ca62
|
|
This sets the SSL flag in the docker service and expose the parameter in
the docker service.
Depends-On: I4c68a662c2433398249f770ac50ba0791449fe71
Change-Id: Ic3df2b9ab7432ffbed5434943e04085a781774a0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allow the user to set a specific Tuned profile on a given host.
Defaults to throughput-performance
Change-Id: I0c66193d2733b7a82ad44b1cd0d2187dd732065a
|
|
This patch moves Contrail roles communication from public/external
to internal_api network for OpenStack API.
It also adds the option to enable dpdk.
Monolithic firstboot script is broken down into small pre-network
and per-node extraconfig scripts
Change-Id: I296a3bf60cef6fa950fd71d6e68effe367d1e66b
Closes-Bug: 1698422
|
|
|
|
|
|
|
|
Add more parameters to Veritas Hyperscale's composable service, which
will be relevant in distributed setup.
Change-Id: Ib1b90edbf17ea7f14bdbed4857241fca86b87a18
Signed-off-by: abhishek.kane <abhishek.kane@veritas.com>
|
|
|
|
|
|
We don't expose metadata_settings in Heat services, so SSL shouldn't
work.
Change-Id: I411085d9b249e54a2462de5efe4abf8f0865c0c2
|
|
|
|
|
|
This patch adds parameters to configure alternative version
of the Zaqar messaging and management backends.
The intent is to make use of these settings in the
containers undercloud to use swift/mysql backends as a default
thus avoiding the dependency on MongoDB.
Change-Id: Ifd6a561737184c9322192ffc9a412c77d6eac3e9
Depends-On: Ie6a56b9163950cee2c0341afa0c0ddce665f3704
Depends-On: I3598e39c0a3cdf80b96e728d9aa8a7e6505e0690
|
|
Updates hieradata for changes in https://review.openstack.org/471950.
Creates a new service - NovaMigrationTarget. On baremetal this just configures
live/cold-migration. On docker is includes a container running a second sshd
services on an alternative port.
Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd
containers.
Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427
Implements: blueprint tripleo-cold-migration
Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc
Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12
|
|
|
Steven Hardy
Juan Antonio Osorio Robles
Jenkins
Giulio Fidente
Pradeep Kilambi
lokesh-jain
Ben Nemec
Itzik Brown
Numan Siddique
Damien Ciabrini
Thomas Herve
Joe Talerico
Michael Henkel
abhishek.kane
Dan Prince
Oliver Walsh