Age | Commit message (Collapse) | Author | Files | Lines |
|
Appears this was missed in I8046f2eed0b9a7da76d6d7c3507a92bf5054b000
Change-Id: I901533f7ab2de2ec0fd1c2bfef8aa8f767c45963
Partial-Implement: blueprint keystone-v3
(cherry picked from commit 4add59c5413e9b36675f07f0c3d0fedbf156b04c)
|
|
This adds a heat-api-cloudwatch-disabled.yaml and wires it up in
the resource registry. During the Ocata to Pike upgrade this service
will thus be stopped and disabled by default.
If you wish to keep the Heat Cloudwatch API then you should instead
use the provided heat-api-cloudwatch.yaml environment file.
Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6
Related-Bug: 1713531
(cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)
|
|
stable/pike
|
|
|
|
Adds update_tasks for the minor update workflow. These will be
collected into playbooks during an initial 'update init' heat
stack update and then invoked later by the operator as ansible
playbooks.
Current understanding/workflow:
Step=1: stop the cluster on the updated node
Step=2: Pull the latest image and retag the it pcmklatest
Step=3: yum upgrade happens on the host
Step=4: Restart the cluster on the node
Step=5: Verification: test pacemaker services are running.
https://etherpad.openstack.org/p/tripleo-pike-updates-upgrades
Related-Bug: 1715557
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Change-Id: I101e0f5d221045fbf94fb9dc11a2f30706843806
(cherry picked from commit a953bda0ae615dc44d3e8a70aa7ab0160e26f3af)
|
|
We make sure to run upgrade and run os-net-config on its own. Running
os-net-config with the no-activate option will
- prevent the restart of the interface
- adjust the network files to the expected configuration so that next
run won't restart the network.
Eventually at next reboot the change will be taken into account.
Currently we have no change that are required to be taken live during
the upgrade so it safe to ignore the new parameters.
Closes-Bug: #1721073
Change-Id: I51464274d5dff8a267992ae303ac3517b78d08fb
(cherry picked from commit 5aab25bb68f62b0d7e4ffdc20d4f4da1d82a76db)
|
|
Cold migration network is determined by the value of my_ip in nova.conf.
If this isn't set then the network with the default gateway will be used.
This patch sets my_ip and the whitelisted IP for cold migation over SSH to the
NovaApiNetwork.
Until https://bugs.launchpad.net/nova/+bug/1671288 is fixed we cannot control
the network used for live migration over SSH. It is determined by hostname
resolution.
This patch sets the whitelisted IP for live migration over SSH to the hostname
resolution network for the role - which is typically the same as NovaApiNetwork.
(NB The puppet manifest will remove duplicates).
Live migration over TLS is not affected. It can control the network used so it
configurable via NovaLibvirtNetwork.
Change-Id: Ica3f79d6d0cfae446e276172146f3a9407f2971f
Depends-On: Id22a6c990f424b9f3ca6159088540ea207460ffd
(cherry picked from commit 23331889a577b82b625610a80ecd44e164fe6cf1)
|
|
|
|
|
|
|
|
|
|
In Ocata all live-migration over ssh is performed on the default ssh port (22).
In Pike the containerized live-migration over ssh is on port 2022 as the
docker host's sshd is using port 22.
To allow live migration during upgrade we need to temporarily pin the Pike
computes to port 22 and in the final converge we can switch over to port 2022.
This also changes the default port to 2022 for baremetal computes in Pike to
enable live-migration between baremetal and containerized computes.
Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1
Depends-On: I0b80b81711f683be539939e7d084365ff63546d3
Closes-Bug: 1714171
(cherry picked from commit 17fd16b9f266e1aa67bf03ebdf309e89d668ada2)
|
|
As per Ceph docs [1] we should default pg_num and pgp_num to 128 when
using less than 5 OSDs.
This same change was applied to the ceph-ansible profiles with [2].
Also updates the CI environment files to continue using 32 where we
deploy a single OSD.
1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/
2. Ibd9fb23e04576e95e24af58f856663397886a947
Change-Id: I1920bc8f5251f362af38ad3bd6f46dda42c6ee93
Closes-Bug: #1718756
(cherry picked from commit e17ae7620e03790da0d29092ab42e8089b2e8d11)
|
|
Since each dnsmasq process consumes one inotify socket, the default
value of fs.inotify.max_user_instances which is 128 lets us scale to
only around a 116 neutron subnets (a few other sockets are used by other
processes on the system). Since, we need to provide better defaults,
this patch proposes to bump this value to 1024 by default, while giving
the user a way to cahnge it. Based on
https://unix.stackexchange.com/a/13757 each inotify watch takes 1KB of
memory and we have fs.inotify.max_user_watches set to 8192 by default.
This means that even in the worst case we won't be using more than 8MB
of memory. Bumping the fs.inotify.max_user_instances value to 1024 is
safe because there is fs.inotify.max_user_watches which caps the total
number of files that can be watched by all the inotify instances a user
has.
Related Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1474515
https://bugzilla.redhat.com/show_bug.cgi?id=1491505
Change-Id: I39664312bf6cf06f1e1ca2e86ffd86fb9a4582ad
Closes-Bug: 1718266
(cherry picked from commit d2d0c3ff00de9b62382193d942239d543aa9499f)
|
|
Closes-Bug: 1718997
Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 253d9b9107aa158af5bcdafe510ecd96658ef137)
|
|
|
|
into stable/pike
|
|
|
|
This adds a new config/deployment per role that will come after any
post deploy steps. It drives the same ansible config as the
upgrade_tasks but instead collects the post_upgrade_tasks for any
service in the given role.
The workflow is upgrade_tasks, then post deploy steps (either
puppet/ or docker/ depending on the env) and then the
post_upgrade_tasks added here.
This is added to the pacemaker/cinder-volume.yaml service for now
see the bug below for more info
Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680
Closes-Bug: 1706951
(cherry picked from commit 2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
|
|
Some boolean params are set to string type. Although it works, but
it is better to use boolean type for better validation. This patch
changes them to boolean type.
Change-Id: I9f1d223619ea14fbab26033b24eb1144796e5ef2
Closes-Bug: #1715209
(cherry picked from commit cab8ab1d342c6ffada3f2adea5834b4549240af5)
|
|
Nova patching parameters are available in nova.conf but are not
configurable from tripleo-heat-templates. Exposing these parameters
from Nuage composable services to make them configurable. It enables
setting the patching parameters in environment files. This change
depends on the addition of nova patching configuration parameters.
Change-Id: Iacad25da044f2bac83ee5f577ddcd70650eb61e5
Depends-On: I51ef3e19daff1d98cfe5c2c16475c16e6a3e3e0f
(cherry picked from commit f0041153eca8d82bb7f72dc68676cab8448ef037)
|
|
Using the service_ prefix seems incoherent with its use in
service_config_settings (vs config_settings).
Change-Id: Ia39f181415bee0071409dabddfa0c5c312915e1f
(cherry picked from commit 09137304b98a02ed024c0288da907cfe35ca5fe1)
|
|
Made the Compute as a composable service with Nuage.
Moved all the Nuage specific parameters from extraconfig to be part of this service.
Change-Id: Ic83e9c18d09fbba62bb5d8a12e28a23127f4197d
(cherry picked from commit 4b1276b8f6fec22ac3764d58c4ef647535c85cb9)
|
|
|
|
Add DhcpAgentNotification param in neutron base yaml file to allow
user to toggle dhcp_agent_notification for neutron.
Change-Id: I31715f58e885ac0c1cd9d813f79df9906b780d99
Closes-Bug: #1713193
(cherry picked from commit 5ea728cba456f3833a626f86043f17427bca5d4f)
|
|
|
|
ODL now uses a websocket port to update the port status to Neutron.
This port (8185) was blocked so port updates were never received in
Neutron and instances would not come up properly. This patch opens the
port for ODL deployments.
Closes-Bug: 1715484
Change-Id: Ic59b224c67c02b56b0273700e8e2aa85ae6f8c88
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit e2558c4a665345e67fcc784c21188bdf06ff1126)
|
|
stable/pike
|
|
Patch Ie09ce2a52128eef157e4d768c1c4776fc49f2324 added a new
set of upgrade tasks which were missing the 'tags' keyword.
Closes-Bug: 1715631
Change-Id: Ib1c1aadfbf58c9bccc18667934c8b3c5f38fafa4
(cherry picked from commit 7897d38274cb6435289bc4f4928f96b111e5b4f4)
|
|
This patch adds support for running the neutron SR-IOV agent in a
container.
Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f
Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec
Closes-Bug: #1715388
Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9
(cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)
|
|
stable/pike
|
|
|
|
|
|
As described in the bug report, DeployedSSLCertificatePath is used by
the TLS injection script (if you decide to use that).
There is an alternative, which is to use FreeIPA to provide the
certificate for public TLS (powered by certmonger); however, it doesn't
use the same path as what folks expected. This reuses the
DeployedSSLCertificatePath parameter and uses that as a path for the
resulting PEM file, so its easier to debug.
Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d
Closes-Bug: #1714932
(cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)
|
|
The ceph-osd package is only required on nodes hosting the CephOSD
service, but the package's presence on other nodes may interfere with
software updates. That's because some distros distribute Ceph software
in different channels, and not all nodes have access to the ceph-osd
channel.
There are two parts to the fix, and the first is an enhancement to the
yum update process. The process detects when the ceph-osd package is not
required, and removes the package from the node.
The second part takes ceph-osd out of the default list of packages
needed by puppet-ceph. The ceph-osd package is listed only on the nodes
hosting the CephOSD service.
Closes-Bug: #1713292
Change-Id: I7a581518ed25cf5f264abfaabfcf2041363a065b
(cherry picked from commit 5a89ea21f2add98119a10464b020a98999d31c41)
|
|
|
|
|
|
Change-Id: I31c49926b0ba93f79db3d778c574bd9a480e70cd
Closes-Bug: #1713193
Depends-On: Id73f675844b0df2eafa45507d1c28f16cd0b15b2
|
|
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting
to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK
Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726
Closes-Bug: #1710614
(cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
|
|
|
|
|
|
Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.
bp tls-via-certmonger
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9
Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b
Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit c2a93cf4c5d9d6b5ee0536380751a7a9540927cc)
|
|
This change removes the entry to containerise docker by default
because it should now be disabled since the change
Id2e6550fb7c319fc52469644ea022cf35757e0ce.
Removing the entry means the default mapping to mongodb-disabled.yaml
takes effect.
This change also modifies the upgrade_tasks so that the mongod service
is only disabled when the service exists. There appears to be upgrade
scenarios which fail because mongodb was never installed in the first
place.
Change-Id: Ie09ce2a52128eef157e4d768c1c4776fc49f2324
Closes-Bug: #1715031
(cherry picked from commit cb81cbe3b5f3887f5d690c590e52b728f74d43c3)
|
|
|
|
|
|
Currently for non controller upgrades we're looping through the
upgrade steps and run the upgrade tasks based on when conditionals
including the step number and the existing upgrade task condition.
Some of tasks fail because the variables used in when conditionals
are not available through all steps. This change adds default values
to these vars where possible or creates them for all steps to avoid
failures.
Related-Bug: 1708115
Change-Id: I5c731043cec8e31fc82ca98972a301baa7294c4f
(cherry picked from commit e2f00ef1dc98140087c81e202a520f549f9a0970)
|
|
This change adds support for manila::backend::dellemc_isilon
Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd
Implements: blueprint dellemc-isilon-manila
(cherry picked from commit f6c9906d51fb3268b7a7d61d53181ab5d3c0d2ec)
|
|
This change adds support for manila::backend::dellemc_vmax
Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b
Implements: blueprint dellemc-vmax-manila
(cherry picked from commit 04daabdc8414e4435dc4cd3ccfea9a62b5631261)
|
|
This will be used for the replication traffic as specified in the
dependent commit.
bp tls-via-certmonger
Change-Id: Ia53b9edaa6c6cdd48bcdde64969ae6c16f57ae41
Depends-On: I265c89cb8898a6da78a606664a22c50f5e57a847
(cherry picked from commit 1b4df60ac780a8388f5421c3c1634d172886595f)
|
|
It was being set using NeutronAdmin endpoint but it is an
authorization url. Set it using KeystoneInternal endpoint.
Change-Id: I23f4a895628ac909a1fe1f93cecefa84f25858b1
Closes-Bug: #1712908
(cherry picked from commit 7380183cf590b74f5ad84bb40a8afa08979c235b)
|