| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
For cache monitoring technology feature to work, nova config
libvirt settings should have the perf events enabled for
nova to emit these so telemetry can capture them.
Depends-On: Ia27e6831f3f6e9cdeaacb650039be5c81b90cb40
Change-Id: I92c318008b965a6527acbce85b41a545eda7ee18
|
|
This change pulls the hard coded value out of puppet-tripleo to later
allow people to skip the cell0 creation if they want a more complex cell
v2 setup for nova.
Change-Id: I08119d781ef60750cc19753bc03190e413159925
Related-Bug: #1649341
|
|
|
|
|
|
|
|
|
|
When a service connects to the database VIP from the node hosting this
VIP, the resulting TCP socket has a src address which is by default
bound to the VIP as well. If the VIP is failed over to another node
while the socket's Send-Q is not empty, TCP keepalive won't engage and
the service will become unavailable for a very long time (by default
more than 10m).
To prevent failover issues, DB connections should have the src address
of their TCP socket bound to the IP of the network interface used for
MySQL traffic. This is achieved by passing a new option to the
database connection URIs. This option is available starting from
PyMySQL 0.7.9-2.
We use a new intermediate variable in hiera to hold the IP to be used
as a source address for all DB connections. All services adapt their
database URI accordingly.
Moreover, a new YAML validation check is added to guarantee that new
services will construct their database URI appropriately.
Change-Id: Ic69de63acbfb992314ea30a3a9b17c0b5341c035
Closes-Bug: #1643487
|
|
|
|
|
|
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.
This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.
Change-Id: Ib415e7290fea27447460baa280291492df197e54
|
|
|
|
|
|
The cell v2 setup requires the transport url for nova. We need to
provide mysql with the rabbit connection information so that it can it
when setting up the cell information.
Change-Id: I43ba77cd4c8da7c6dc117ab0bd53e5cd330dc3de
Related-Bug: #1649341
|
|
|
|
This enables the deployer to dynamically add nova metadata to the
servers based on the output of service profiles that implement the
metadata_settings key in the role_data output for the profiles.
One can set an implementation via the OS::TripleO::ServerMetadataHook
resource, which currently is set as OS::Heat::None. So, because of
the default implementation, if left untouched it actually does
nothing.
Currently, besides the list, which is metadata_settings, this hook also
takes the name of the node that it's setting the metadata for.
This is useful for nova vendordata plugins that can parse said metadata.
Change-Id: I8a937f711f0b90156fbb6c4632760435ef846474
|
|
Custom role deployments were not working when ODL API was on a different
node due to firewall rules blocking traffic. This patch adds the
missing rules for the REST communication to ODL (8081 by default), OVSDB
connection (6640), and OpenFlow protocol (6653).
Closes-Bug: 1651476
Depends-On: I1f2af2793d040fda17bf73252afe59434d99f31f
Change-Id: Ic0119c783d01e864c49fa06a66fdd68c059a726b
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
ODL username and password are already present in the OpenDaylightApi
service. However, when moving the OpenDaylightApi service to its own
custom role, the Controller/Compute nodes no longer have access to these
hiera values. This patch adds them also to the OpenDaylightOvs service.
Closes-Bug: 1651499
Depends-On: I418643810ee6b8a2c17a4754c83453140ebe39c7
Change-Id: I169fdad4c94bd6dfc1fe7cde3d6b19b36d916af7
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Depends-On: Ice921f0fdd4bec6de50e62c39c447ee40dc0e8f5
Change-Id: I4109ac83c32ee2365695611009579a8b117134ff
|
|
Depends-On: I53b156505e08625d56ed6a302cf5b5c30e8e288c
Change-Id: Id9791d8a19a74c1f0855e794170f66542f88a548
|
|
Since we have aodh enabled for alarms, we should set the
notifier to the default queue alarm.all.
Closes-bug: #1590473
Change-Id: Ibcb5076424ac2ddcd18ff717d82da1aec4c035cb
|
|
|
|
|
|
|
|
It turns out the puppet-mistral change this depends on broke
introspection, so we need to back it out for now.
This reverts commit ed029e5bf279945e82bff8766af4093856a7ac6a.
Change-Id: I828478267935cdc68aa24de8c9dc2d12fcadb631
|
|
|
|
|
|
|
|
This allows us to take advantage of the composable roles hiera
settings to connect the plugin to the northd/ovndb API without
needing to hard-code the IP of the node running the service.
Change-Id: I2508d48f81c1819ae3521fff271c0bdc50724604
Depends-On: I9af7bd837c340c3df016fc7ad4238b2941ba7a95
Closes-Bug: #1634171
|
|
When Nova and/or Cinder are using Ceph as backend, qemu will need
to open a connection and two threads for each and every Ceph OSD.
This change raises the max_files (set to 1024 by default) to 32768
and the max_processes (set to 4096 by default) to 131072. The max
number of FDs is per-process, while the max number of processes is
per-user. The values can be overridden via ExtraConfig, no params
are added to the templates.
A more detailed description of the values were chosen can be
found at: https://access.redhat.com/solutions/1602683
Change-Id: I1e79675f6aac1b0fe6cc7269550fa6bc8586e1fb
Depends-On: I258afd3ee6633e4b2ebc45aa8611be652476be0c
|
|
The RabbitMQ's puppet manifest configures the node's IP and port through
environment variables. While this would usually be fine, it doesn't
allow us to use TLS-only, since it will always try to start a TCP
listener. So, by setting these values through the config file, when
setting ssl_only for rabbitmq, they will effectively be discarded and
thus allow us to use an SSL listener on the same port.
Change-Id: I33d051a8c740baf69b99517378e1f9b0f3cc1681
|
|
This reads makes Django take the X-Forwarded-Proto header into account
when forming URLs.
Change-Id: Ice64de9a11d7819ae7f380279ff356342d9b6673
Depends-On: Ifed7d4c3409419c01c5b20c707221c1fc76ea09e
|
|
disallow_iframe_embed can be used to prevent Horizon from being
embedded within an iframe. Legacy browsers are still vulnerable
to a Cross-Frame Scripting (XFS) vulnerability, so this option
allows extra security hardening where iframes are not used in
deployment
Change-Id: I2fe6b243250608b340ee555062060dbdad1a49c4
Depends-On: I5c540e552efe738bdec8598f9257fa22ae651a76
Closes-Bug: #1641882
|
|
This patch updates the swift-proxy base profile so that
we now explicitly set the rabbit_port. This allows us
to remove the use of puppet-ceilometer default settings
in the puppet-tripleo modules change ID here:
I8d9f69f5e9160543b372bd9886800f16f625fdc6
It also adds a new boolean parameter that allows the
end user to disable the swift ceilometer pipeline
by setting SwiftCeilometerPipelineEnabled to false.
This two settings allow Swift to once again be installed
on a machine without configuring Ceilometer.
Depends-On: Id1584df5e5bb90f8087ae25eecc4834179b6fc21
Change-Id: Ief5399d7ea4d26e96ce54903a69d660fa4fe3ce9
Related-bug: #1648736
|
|
The upstream puppet module is adding the proper keystone authtoken
middleware support. This change updates THT to use the keystone
authtoken class rather than the deprecated settings. This also allows
for proper keystone v3 integration.
Change-Id: Iaf82716122a25e3e0785de1250d24edaaa5e4d04
Depends-On: I71969ef09018f9daa5f81c4f3bcbdb0b0974446c
|
|
Change-Id: I75815a4bcbf421597abb86226238b74a9afffc0d
Depends-On: Iffb8c2cfed53d8b29e777c35cee44921194239e9
|
|
example for
- NeutronSriovNumVFs
- NeutronPhysicalDevMappings
as given, causes parsing error.
Change-Id: I71fb42f10dac70afa02244cd6629b3439f418d63
Closes-Bug: #1648351
|
|
Change-Id: I299f8f33b0bac40d331084df37f690dc2a279677
|
|
It's no longer available in Neutron (removed in Mitaka). See:
I2a879213c3b095a007a4531f430a33cea9fdf1bd
Change-Id: I044c648eb8c4933667b8ea2c9159a30e5ebb7df3
|
|
|
|
|
|
This seems to have broken the updates job, causing it to fail
with following error:
Can't set long node name!\nPlease check your configuration\n
Related-Bug: 1646873
This reverts commit 3e9fcfd09320ace07bc1bd4cb57feb98cd057332.
Change-Id: I72ba891cd9cd8c4f1bc204144f46aaabbdfd3647
|
|
|
|
|
|
|
|
|
|
'user' is required or puppet-ceph will complain that the Keystone_user
has no title:
Evaluation Error: Missing title. The title expression resulted in undef
at /etc/puppet/modules/ceph/manifests/rgw/keystone/auth.pp
The value is set to Swift, as we use the same credentials as Swift
service.
Closes-Bug: #1642524
Change-Id: Ib4a7c07086b0b3354c8e589612f330ecdffdc637
|
|
This shows how we could wire in the upgrade steps using Ansible
as was previously proposed e.g in https://review.openstack.org/#/c/321416/
but it's more closely integrated with the new composable services
architecture.
It's also very similar to the approach taken by SpinalStack where
ansible snippets per-service were combined then run in a series of
steps using Ansible tags.
This patch just enables upgrade of keystone - we'll add support for
other patches in subsequent patches.
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I39f5426cb9da0b40bec4a7a3a4a353f69319bdf9
|
Jenkins
Pradeep Kilambi
Alex Schultz
Damien Ciabrini
Steven Hardy
Juan Antonio Osorio Robles
Tim Rozet
Ben Nemec
Giulio Fidente
Luke Hinds
Dan Prince
Sanjay Upadhyay
Ihar Hrachyshka
Emilien Macchi