summaryrefslogtreecommitdiffstats
path: root/puppet/services
AgeCommit message (Collapse)AuthorFilesLines
2017-10-24nova-placement: switch auth_uri to keystone versionless endpointOliver Walsh1-1/+1
Appears this was missed in I8046f2eed0b9a7da76d6d7c3507a92bf5054b000 Change-Id: I901533f7ab2de2ec0fd1c2bfef8aa8f767c45963 Partial-Implement: blueprint keystone-v3 (cherry picked from commit 4add59c5413e9b36675f07f0c3d0fedbf156b04c)
2017-10-17Remove Heat Cloudwatch API during upgrade and disable by defaultmarios1-0/+48
This adds a heat-api-cloudwatch-disabled.yaml and wires it up in the resource registry. During the Ocata to Pike upgrade this service will thus be stopped and disabled by default. If you wish to keep the Heat Cloudwatch API then you should instead use the provided heat-api-cloudwatch.yaml environment file. Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6 Related-Bug: 1713531 (cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)
2017-10-10Merge "Adds pacemaker update_tasks for Pike minor update workflow" into ↵Jenkins2-1/+20
stable/pike
2017-10-10Merge "Fix cold/live migration network config" into stable/pikeJenkins2-3/+10
2017-10-09Adds pacemaker update_tasks for Pike minor update workflowmarios2-1/+20
Adds update_tasks for the minor update workflow. These will be collected into playbooks during an initial 'update init' heat stack update and then invoked later by the operator as ansible playbooks. Current understanding/workflow: Step=1: stop the cluster on the updated node Step=2: Pull the latest image and retag the it pcmklatest Step=3: yum upgrade happens on the host Step=4: Restart the cluster on the node Step=5: Verification: test pacemaker services are running. https://etherpad.openstack.org/p/tripleo-pike-updates-upgrades Related-Bug: 1715557 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com> Change-Id: I101e0f5d221045fbf94fb9dc11a2f30706843806 (cherry picked from commit a953bda0ae615dc44d3e8a70aa7ab0160e26f3af)
2017-10-09Special treatment for os-net-config upgrade.Sofer Athlan-Guyot1-0/+9
We make sure to run upgrade and run os-net-config on its own. Running os-net-config with the no-activate option will - prevent the restart of the interface - adjust the network files to the expected configuration so that next run won't restart the network. Eventually at next reboot the change will be taken into account. Currently we have no change that are required to be taken live during the upgrade so it safe to ignore the new parameters. Closes-Bug: #1721073 Change-Id: I51464274d5dff8a267992ae303ac3517b78d08fb (cherry picked from commit 5aab25bb68f62b0d7e4ffdc20d4f4da1d82a76db)
2017-10-09Fix cold/live migration network configOliver Walsh2-3/+10
Cold migration network is determined by the value of my_ip in nova.conf. If this isn't set then the network with the default gateway will be used. This patch sets my_ip and the whitelisted IP for cold migation over SSH to the NovaApiNetwork. Until https://bugs.launchpad.net/nova/+bug/1671288 is fixed we cannot control the network used for live migration over SSH. It is determined by hostname resolution. This patch sets the whitelisted IP for live migration over SSH to the hostname resolution network for the role - which is typically the same as NovaApiNetwork. (NB The puppet manifest will remove duplicates). Live migration over TLS is not affected. It can control the network used so it configurable via NovaLibvirtNetwork. Change-Id: Ica3f79d6d0cfae446e276172146f3a9407f2971f Depends-On: Id22a6c990f424b9f3ca6159088540ea207460ffd (cherry picked from commit 23331889a577b82b625610a80ecd44e164fe6cf1)
2017-10-07Merge "Default Ceph pg_num and pgp_num to 128" into stable/pikeJenkins1-2/+2
2017-10-07Merge "Support for Ocata-Pike live-migration over ssh" into stable/pikeJenkins3-2/+13
2017-10-07Merge "Bump fs.inotify.max_user_instances for scale" into stable/pikeJenkins1-0/+9
2017-10-07Merge "Drop extraconfig for nova-nuage" into stable/pikeJenkins1-0/+43
2017-10-07Support for Ocata-Pike live-migration over sshOliver Walsh3-2/+13
In Ocata all live-migration over ssh is performed on the default ssh port (22). In Pike the containerized live-migration over ssh is on port 2022 as the docker host's sshd is using port 22. To allow live migration during upgrade we need to temporarily pin the Pike computes to port 22 and in the final converge we can switch over to port 2022. This also changes the default port to 2022 for baremetal computes in Pike to enable live-migration between baremetal and containerized computes. Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1 Depends-On: I0b80b81711f683be539939e7d084365ff63546d3 Closes-Bug: 1714171 (cherry picked from commit 17fd16b9f266e1aa67bf03ebdf309e89d668ada2)
2017-10-07Default Ceph pg_num and pgp_num to 128Giulio Fidente1-2/+2
As per Ceph docs [1] we should default pg_num and pgp_num to 128 when using less than 5 OSDs. This same change was applied to the ceph-ansible profiles with [2]. Also updates the CI environment files to continue using 32 where we deploy a single OSD. 1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/ 2. Ibd9fb23e04576e95e24af58f856663397886a947 Change-Id: I1920bc8f5251f362af38ad3bd6f46dda42c6ee93 Closes-Bug: #1718756 (cherry picked from commit e17ae7620e03790da0d29092ab42e8089b2e8d11)
2017-10-04Bump fs.inotify.max_user_instances for scaleSai Sindhur Malleni1-0/+9
Since each dnsmasq process consumes one inotify socket, the default value of fs.inotify.max_user_instances which is 128 lets us scale to only around a 116 neutron subnets (a few other sockets are used by other processes on the system). Since, we need to provide better defaults, this patch proposes to bump this value to 1024 by default, while giving the user a way to cahnge it. Based on https://unix.stackexchange.com/a/13757 each inotify watch takes 1KB of memory and we have fs.inotify.max_user_watches set to 8192 by default. This means that even in the worst case we won't be using more than 8MB of memory. Bumping the fs.inotify.max_user_instances value to 1024 is safe because there is fs.inotify.max_user_watches which caps the total number of files that can be watched by all the inotify instances a user has. Related Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1474515 https://bugzilla.redhat.com/show_bug.cgi?id=1491505 Change-Id: I39664312bf6cf06f1e1ca2e86ffd86fb9a4582ad Closes-Bug: 1718266 (cherry picked from commit d2d0c3ff00de9b62382193d942239d543aa9499f)
2017-09-25Fixes missing keystone authtoken pw for TackerTim Rozet1-0/+1
Closes-Bug: 1718997 Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 253d9b9107aa158af5bcdafe510ecd96658ef137)
2017-09-25Merge "Rename service_workflow_tasks into workflow_tasks" into stable/pikeJenkins1-2/+2
2017-09-21Merge "Adds post_upgrade_tasks for any service post-upgrade ansible tasks" ↵Jenkins1-14/+6
into stable/pike
2017-09-21Merge "Make nova patching parameters configurable in Nuage" into stable/pikeJenkins1-0/+12
2017-09-20Adds post_upgrade_tasks for any service post-upgrade ansible tasksmarios1-14/+6
This adds a new config/deployment per role that will come after any post deploy steps. It drives the same ansible config as the upgrade_tasks but instead collects the post_upgrade_tasks for any service in the given role. The workflow is upgrade_tasks, then post deploy steps (either puppet/ or docker/ depending on the env) and then the post_upgrade_tasks added here. This is added to the pacemaker/cinder-volume.yaml service for now see the bug below for more info Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680 Closes-Bug: 1706951 (cherry picked from commit 2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
2017-09-19Change to boolean for boolean type paramsTong Liu2-2/+2
Some boolean params are set to string type. Although it works, but it is better to use boolean type for better validation. This patch changes them to boolean type. Change-Id: I9f1d223619ea14fbab26033b24eb1144796e5ef2 Closes-Bug: #1715209 (cherry picked from commit cab8ab1d342c6ffada3f2adea5834b4549240af5)
2017-09-14Make nova patching parameters configurable in NuageLokesh Jain1-0/+12
Nova patching parameters are available in nova.conf but are not configurable from tripleo-heat-templates. Exposing these parameters from Nuage composable services to make them configurable. It enables setting the patching parameters in environment files. This change depends on the addition of nova patching configuration parameters. Change-Id: Iacad25da044f2bac83ee5f577ddcd70650eb61e5 Depends-On: I51ef3e19daff1d98cfe5c2c16475c16e6a3e3e0f (cherry picked from commit f0041153eca8d82bb7f72dc68676cab8448ef037)
2017-09-14Rename service_workflow_tasks into workflow_tasksGiulio Fidente1-2/+2
Using the service_ prefix seems incoherent with its use in service_config_settings (vs config_settings). Change-Id: Ia39f181415bee0071409dabddfa0c5c312915e1f (cherry picked from commit 09137304b98a02ed024c0288da907cfe35ca5fe1)
2017-09-12Drop extraconfig for nova-nuageVineet Paul1-0/+43
Made the Compute as a composable service with Nuage. Moved all the Nuage specific parameters from extraconfig to be part of this service. Change-Id: Ic83e9c18d09fbba62bb5d8a12e28a23127f4197d (cherry picked from commit 4b1276b8f6fec22ac3764d58c4ef647535c85cb9)
2017-09-12Merge "Fixes OpenDaylight updating port status" into stable/pikeJenkins1-0/+1
2017-09-11Add DhcpAgentNotification param to neutron baseTong Liu1-0/+5
Add DhcpAgentNotification param in neutron base yaml file to allow user to toggle dhcp_agent_notification for neutron. Change-Id: I31715f58e885ac0c1cd9d813f79df9906b780d99 Closes-Bug: #1713193 (cherry picked from commit 5ea728cba456f3833a626f86043f17427bca5d4f)
2017-09-11Merge "Add Neutron SR-IOV agent container" into stable/pikeJenkins2-0/+92
2017-09-08Fixes OpenDaylight updating port statusTim Rozet1-0/+1
ODL now uses a websocket port to update the port status to Neutron. This port (8185) was blocked so port updates were never received in Neutron and instances would not come up properly. This patch opens the port for ODL deployments. Closes-Bug: 1715484 Change-Id: Ic59b224c67c02b56b0273700e8e2aa85ae6f8c88 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit e2558c4a665345e67fcc784c21188bdf06ff1126)
2017-09-08Merge "Maintain ceph-osd package only on nodes hosting CephOSD service" into ↵Jenkins1-1/+6
stable/pike
2017-09-07Add tags in upgrade_tasks for mongodb services.Jose Luis Franco Arza1-0/+1
Patch Ie09ce2a52128eef157e4d768c1c4776fc49f2324 added a new set of upgrade tasks which were missing the 'tags' keyword. Closes-Bug: 1715631 Change-Id: Ib1c1aadfbf58c9bccc18667934c8b3c5f38fafa4 (cherry picked from commit 7897d38274cb6435289bc4f4928f96b111e5b4f4)
2017-09-07Add Neutron SR-IOV agent containerBrent Eagles2-0/+92
This patch adds support for running the neutron SR-IOV agent in a container. Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935 Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec Closes-Bug: #1715388 Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9 (cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)
2017-09-07Merge "Use DeployedSSLCertificatePath for public TLS via certmonger" into ↵Jenkins1-10/+7
stable/pike
2017-09-07Merge "Containerized mongodb, disable by default, fix upgrade" into stable/pikeJenkins1-0/+4
2017-09-07Merge "Change all references of nsx_v3 to nsx." into stable/pikeJenkins1-9/+9
2017-09-07Use DeployedSSLCertificatePath for public TLS via certmongerJuan Antonio Osorio Robles1-10/+7
As described in the bug report, DeployedSSLCertificatePath is used by the TLS injection script (if you decide to use that). There is an alternative, which is to use FreeIPA to provide the certificate for public TLS (powered by certmonger); however, it doesn't use the same path as what folks expected. This reuses the DeployedSSLCertificatePath parameter and uses that as a path for the resulting PEM file, so its easier to debug. Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d Closes-Bug: #1714932 (cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)
2017-09-07Maintain ceph-osd package only on nodes hosting CephOSD serviceAlan Bishop1-1/+6
The ceph-osd package is only required on nodes hosting the CephOSD service, but the package's presence on other nodes may interfere with software updates. That's because some distros distribute Ceph software in different channels, and not all nodes have access to the ceph-osd channel. There are two parts to the fix, and the first is an enhancement to the yum update process. The process detects when the ceph-osd package is not required, and removes the package from the node. The second part takes ceph-osd out of the default list of packages needed by puppet-ceph. The ceph-osd package is listed only on the nodes hosting the CephOSD service. Closes-Bug: #1713292 Change-Id: I7a581518ed25cf5f264abfaabfcf2041363a065b (cherry picked from commit 5a89ea21f2add98119a10464b020a98999d31c41)
2017-09-06Merge "Add param to configure snat mechanism" into stable/pikeJenkins1-0/+9
2017-09-06Merge "TLS proxy for redis" into stable/pikeJenkins3-2/+70
2017-09-06Change all references of nsx_v3 to nsx.Jay Jahns1-9/+9
Change-Id: I31c49926b0ba93f79db3d778c574bd9a480e70cd Closes-Bug: #1713193 Depends-On: Id73f675844b0df2eafa45507d1c28f16cd0b15b2
2017-09-06Add param to configure snat mechanismJanki Chhatbar1-0/+9
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726 Closes-Bug: #1710614 (cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
2017-09-06Merge "Rabbitmq: Enable Erlang distribution TLS" into stable/pikeJenkins1-0/+1
2017-09-06Merge "Add support for Dell EMC Isilon Manila backend" into stable/pikeJenkins1-0/+72
2017-09-06TLS proxy for redisMartin André3-2/+70
Redis does not have TLS out of the box. Let's use a proxy container for TLS termination. bp tls-via-certmonger Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9 Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147 (cherry picked from commit c2a93cf4c5d9d6b5ee0536380751a7a9540927cc)
2017-09-06Containerized mongodb, disable by default, fix upgradeSteve Baker1-0/+4
This change removes the entry to containerise docker by default because it should now be disabled since the change Id2e6550fb7c319fc52469644ea022cf35757e0ce. Removing the entry means the default mapping to mongodb-disabled.yaml takes effect. This change also modifies the upgrade_tasks so that the mongod service is only disabled when the service exists. There appears to be upgrade scenarios which fail because mongodb was never installed in the first place. Change-Id: Ie09ce2a52128eef157e4d768c1c4776fc49f2324 Closes-Bug: #1715031 (cherry picked from commit cb81cbe3b5f3887f5d690c590e52b728f74d43c3)
2017-09-06Merge "Add support for Dell EMC VMAX Manila Backend" into stable/pikeJenkins1-0/+74
2017-09-06Merge "manila: set "neutron_admin_auth_url" correctly" into stable/pikeJenkins1-1/+1
2017-09-06Allow upgrade tasks to run when looping through stepsMarius Cornea1-2/+2
Currently for non controller upgrades we're looping through the upgrade steps and run the upgrade tasks based on when conditionals including the step number and the existing upgrade task condition. Some of tasks fail because the variables used in when conditionals are not available through all steps. This change adds default values to these vars where possible or creates them for all steps to avoid failures. Related-Bug: 1708115 Change-Id: I5c731043cec8e31fc82ca98972a301baa7294c4f (cherry picked from commit e2f00ef1dc98140087c81e202a520f549f9a0970)
2017-09-05Add support for Dell EMC Isilon Manila backendrajinir1-0/+72
This change adds support for manila::backend::dellemc_isilon Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd Implements: blueprint dellemc-isilon-manila (cherry picked from commit f6c9906d51fb3268b7a7d61d53181ab5d3c0d2ec)
2017-09-05Add support for Dell EMC VMAX Manila Backendrajinir1-0/+74
This change adds support for manila::backend::dellemc_vmax Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b Implements: blueprint dellemc-vmax-manila (cherry picked from commit 04daabdc8414e4435dc4cd3ccfea9a62b5631261)
2017-09-05Rabbitmq: Enable Erlang distribution TLSJuan Antonio Osorio Robles1-0/+1
This will be used for the replication traffic as specified in the dependent commit. bp tls-via-certmonger Change-Id: Ia53b9edaa6c6cdd48bcdde64969ae6c16f57ae41 Depends-On: I265c89cb8898a6da78a606664a22c50f5e57a847 (cherry picked from commit 1b4df60ac780a8388f5421c3c1634d172886595f)
2017-09-05manila: set "neutron_admin_auth_url" correctlyTom Barron1-1/+1
It was being set using NeutronAdmin endpoint but it is an authorization url. Set it using KeystoneInternal endpoint. Change-Id: I23f4a895628ac909a1fe1f93cecefa84f25858b1 Closes-Bug: #1712908 (cherry picked from commit 7380183cf590b74f5ad84bb40a8afa08979c235b)