Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Id896e01e24ecc2bfd7a983a3ff9756fefe4a4525
Depends-On: I097c494d3953b7d26d94aecc546ddef5225d1125
|
|
|
|
|
|
|
|
|
|
The parameters NovaVcpuPinSet, NovaReservedHostMemory and
NovaPCIPassthrough are modified to support role-specific
parameter inputs.
Change-Id: I7c11e8fc2c933f424318e457cb1e96acb8df2ec7
|
|
This will enable HAProxy to use CRLs for the nodes it's proxying.
bp tls-via-certmonger
Depends-On: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
Change-Id: I2558113bf83674ce22d99364b63c0c5be446bf77
|
|
This uses by default the URL for the CRL provided by FreeIPA (the
default CA in TripleO).
bp tls-via-certmonger
Depends-On: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
Change-Id: I87001388f300f3decb3b74bc037fff9d3b3ccdc2
|
|
Instead of doing this via puppet which has the consequence of including
the step_config and getting included on the host manifest. Lets disable
via ansible upgrade task instead.
Change-Id: I5f1a4019dd635dea67db4313bd06a228ae7bacd4
|
|
Gnocchi 4 supports storage sacks during upgrade. lets make this
configurable if we want to use more metricd workers.
Change-Id: I27390b8babf8c4ef35f4c9b8a2e5be69fb9a54ee
|
|
Add ServiceDebug parameters for each services that will allow operators
to enable/disable Debug for specific services.
We keep the Debug parameters for backward compatibility.
Operators want to enable Debug everywhere:
Debug: true
Operators want to disable Debug everywhere:
Debug: false
Operators want to disable Debug everywhere except Glance:
GlanceDebug: true
Operators want to enable Debug everywhere except Glance:
Debug: true
GlanceDebug: false
New parameters: AodhDebug, BarbicanDebug, CeilometerDebug, CinderDebug,
CongressDebug, GlanceDebug, GnocchiDebug, HeatDebug, HorizonDebug,
IronicDebug, KeystoneDebug, ManilaDebug, MistralDebug, NeutronDebug,
NovaDebug, OctaviaDebug, PankoDebug, SaharaDebug, TackerDebug,
ZaqarDebug.
Note: for backward compatibility in Horizon, HorizonDebug is set to
false, so we maintain previous behavior.
Change-Id: Icbf4a38afcdbd8471d1afc11743df9705451db52
Implement-blueprint: composable-debug
Closes-Bug: #1634567
|
|
|
|
|
|
This helps with processing the backlog, so lets update
the default out of the box.
Change-Id: I06d4ca95f4a1da2864f4845ef3e7a74a1bce9e41
|
|
|
|
|
|
|
|
Idle compute nodes are found to already consume ~1.5GB of memory, so
2GB is a bit tight. Increasing to 4GB to be on the safe side. Also
see https://bugzilla.redhat.com/show_bug.cgi?id=1341178
Change-Id: Ic95984b62a748593992446271b197439fa12b376
|
|
This fix needs to be backported to ocata.
Change-Id: I5938761efa4f56e576f41929e0bc12df246ac81a
Signed-off-by: Karthik S <ksundara@redhat.com>
Closes-Bug: #1694703
|
|
When gnocchi-upgrade run, we need to ensure storage is upgraded so we
initialize the necessary storage sacks.
Closes-bug: #1693621
Change-Id: I84e4fc3b6ad7fd966c4097a29678a0fd5b7a20a5
|
|
|
|
When running disabled/ceilometer-expirer.yaml, we want to remove the
crontab that used to run ceilometer-expirer binary in periodic way.
Let's use Puppet to remove this crontab.
We can't easily use Ansible tasks this time, because the Ansible cron
module can only remove Crontabs previously managed by Ansible:
https://docs.ansible.com/ansible/cron_module.html#examples
In this case, Puppet will erase the crontab in Pike. In Queens, we'll be
able to remove these environments files since we wouldn't need it
anymore.
Change-Id: Idb050c3b281d258aea52d6a3ef40441bb9c8bcbe
|
|
Add upgrade tasks for cinder-volume when it's controlled by pacemaker:
o Stop the service before the entire pacemaker cluster is stopped.
This ensures the service is stopped before infrastructure services
(e.g. rabbitmq) go away.
o Migrate the cinder DB prior to restarting the service. This covers
the situation when puppet-cinder (who otherwise would handle the db
sync) isn't managing the service.
o Start the service after the rest of the pacemaker cluster has been
started.
Closes-Bug: #1691851
Change-Id: I5874ab862964fadb68320d5c4de39b20f53dc25c
|
|
OpenStack heavily relies on gratuitous ARP updates when moving floating
IP addresses between devices. When a floating IP moves, Neutron L3 agent
issues a burst of gratuitous ARP packets that should update any existing
ARP table entries on all nodes that belong to the same network segment.
Due to locktime kernel behavior, some gratuitous ARP packets may be
ignored [1], rendering ARP table entries broken for some time. Due to a
kernel bug [2], the time may be as long as hours, depending on other
traffic flowing to the node.
With the current EL7 kernel, the only way to make sure that nodes honor
all sent gratuitous ARP updates is to set arp_accept to 1; this will
disable locktime mechanism for the packets sent by Neutron L3 agent, and
will make sure ARP tables are always updated.
[1] https://patchwork.ozlabs.org/patch/762732/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1450203
Related-Bug: #1690165
Change-Id: I863b240e0ab4c4d5bb844f91b607fd0937d5cedf
|
|
Without this, ceilometer db gets hammered with gnocchi swift events.
Keystone creds are required so middleware can query for id.
Related change: I5c0f4f1a2c7fe7eb39ea6441970e9ac0946a4ec1
Change-Id: I9a7a80252703e470a69dc10352e7ece45ab23150
|
|
Currently TripleO does not support LinuxBridge driver, setting
NeutronMechanismDrivers to linuxbridge will not force ml2 plugin
to use linuxbridge.
This commit adds new environment file which replaces default ovs
agent with linuxbridge on Compute and Controller nodes.
Change-Id: I433b60a551c1eeb9d956df4d0ffb6eeffe980071
Closes-Bug: #1652211
Depends-On: Iae87dc7811bc28fe86db0c422c363eaed5e5285b
Depends-On: Ie3ac03052f341c26735b423701e1decf7233d935
|
|
|
|
|
|
right thing by default"
|
|
|
|
|
|
by default
The default value is 0 which has the minimum number be caluclated based on the replica count
from osd_pool_defaut_size. The default replica count is 3 and the calculated min_size is 2.
If the replica count is 1 then the min_size is 1. ie: min_size = replica - (replica/2)
Add CephPoolDefaultSize parameter to ceph-mon.yaml. This parameter defaults to 3 but can
be overriden. See puppet-ceph-devel.yaml for an example
Change-Id: Ie9bdd9b16bcb9f11107ece614b010e87d3ae98a9
|
|
It's not used by any service that we enable by default. So instead, I
added it to the environment that enables the services that use it.
Change-Id: Id2e6550fb7c319fc52469644ea022cf35757e0ce
|
|
This changes both the service names and the file names for disabled
services, adding the 'disabled' suffix to them.
This comes with the reasoning that, if a service requires a disabled
service, and checks for the name in the "service_names" hiera entry, it
will appear as if the service was enabled, when it's actually not. So
changing the name and using this convention prevents that issue.
Change-Id: I308d6680a4d9b526f22ba0d7d20e5db638aadb9a
|
|
|
|
|
|
|
|
|
|
Merge the role specific parmaeter with the default parameter with the
higher precendece given to role specific parameters. Use the merged
settings to the hiera config settings.
Change-Id: I500558dfbf4ac4ddcf850064e654c4fab03d141b
|
|
Master is now the development branch for pike
changing the release alias name.
Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
|
|
|
|
This will make neutron-server stop advertising dvr extension if the
cloud is not configured to support this flavor of Neutron routers.
Change-Id: I38c8208edff07f7887887918729beb7710068078
Related-Bug: #1450067
|
|
|
|
|
|
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging
two or more networks together to make them look at a single broadcast
domain. This patch implements the l2gw agent which is one of the backend
of the l2 gateway service plugin.
Change-Id: I1ae8132ceff9410be7bd82caddf0d14251e720bf
Depends-On: If1501c153b1b170b9550cb7e5a23be463fba1fe9
Partially-Implements: blueprint l2gw-service-integration
Signed-off-by: Peng Liu <pliu@redhat.com>
|
|
This tells apache which CA certificate was used to sign the certs it's
using. this setting is useful in case we want to enable OCSP stapling or
client authentication via TLS.
Change-Id: I97a7e5332aea8377c7662ca98beb71ed5e236640
|
|
The Apache certs were were being set even if TLS everywhere isn't
enabled. This fixes that.
Change-Id: If143d1fdeb0102a1c13441f89acaa73af24bf48f
|
|
This configures the mongodb server to use TLS in the internal network,
while also passing the necessary attributes to generate the needed cert
and key.
bp tls-via-certmonger
Depends-On: I85dda29bcad686372a74bd7f094bfd62777a3032
Change-Id: If6c603b074cfa7e122579cec29d034fd3312868d
|
|
|
|
|