| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
In Ocata and later, the port binding controller for ODL was changed by
default to be the pseudo agent controller, which requires a new feature
"host config" for OVS. This patch modifies the default to use
network-topology, which will work without any new host config features
implemented (previous way of port binding).
Closes-Bug: 1675211
Depends-On: I5004fdeb238dea81bc4f7e9437843a8a080d5b46
Change-Id: I6a6969d1d6b8d8b8ac31fecd57af85eb653245d2
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
gnocchi metricd and statsd are broken due to recent change
to support keystone v3. see I2feed8b1219069128faa1a1e8dcd2ddfbae7e40a
We need swift auth url to have suffix so it knows what endpoint
to use.
Change-Id: I753f37e121b95813e345f200ad3f3e75ec4bd7e1
|
|
Usually a nested stack is used that contains the TLS-everywhere bits
(config_settings and metadata_settings). Nested stacks are very
resource intensive. So, instead of doing using nested stacks, this patch
changes that to use a conditional, and output the necessary
config_settings and metadata_settings this way in an attempt to save
resources.
Change-Id: Ib7151d67982957369f7c139a3b01274a1a746c4a
|
|
Usually a nested stack is used that contains the TLS-everywhere bits
(config_settings and metadata_settings). Nested stacks are very
resource intensive. So, instead of doing using nested stacks, this patch
changes that to use a conditional, and output the necessary
config_settings and metadata_settings this way in an attempt to save
resources.
Change-Id: Ia7ee632383542ac012c20448ff1b4435004e57e3
|
|
Usually a nested stack is used that contains the TLS-everywhere bits
(config_settings and metadata_settings). Nested stacks are very
resource intensive. So, instead of doing using nested stacks, this patch
changes that to use a conditional, and output the necessary
config_settings and metadata_settings this way in an attempt to save
resources.
Change-Id: Ic25f84a81aefef91b3ab8db2bc864853ee82c8aa
|
|
When the firewall is enabled with ipv6, the default rules set is
taken as not ipv6 firewall was present for Newton. This make
communication impossible until puppet is run again.
This ensures that no rules are loaded when the firewall is enabled.
This mimic this patch[1]
[1] https://github.com/openstack/tripleo-heat-templates/commit/ae8aac36143d5dadb08af0d275f513678909dcc7
Change-Id: Id878b5caae666a799c89c8466ce46b9ecb86d9f7
Closes-Bug: #1675782
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This change ensures that that openstack-nova-compute is
stopped and disabled during the upgrade process.
Closes-Bug: 1675814
Change-Id: Ifd2557b11e4317f1e76e459e8de4162116578eff
|
|
During upgrade the cell0 database has the connection pointing to
mysql+pymysql://nova:c2cdagE8PyAbnpers3AD88Hge@10.0.0.19/nova_cell0?bind_address=10.0.0.20
where 10.0.0.20 was the ip of the bootstrap node. This makes the
nova-api fails on 2/3 node at the end of the
major-upgrade-composable-steps.yaml step.
We do have the right value in the hiera database so make sure we use
it for cell0 creation and not the nova.conf file which hasn't been
updated yet.
Change-Id: I09775206cb8fc5e15934f7e4475506a7fe17271e
Closes-Bug: #1675359
|
|
The str_replace conversion used previously is no longer needed and
breaks the hieradata value.
Closes-Bug: 1675426
Change-Id: I7a052d1757efe36daf6ed47e55598ca3c2ee9055
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
A side-effect of running map_cell_and_hosts is that a default cell is created
(unless host mappings already exists).
As we are explicitly creating the default cell we need to run discover_hosts
to create the host mappings.
Change-Id: I1a28e9b85a7c43561700faf692248c5fc06b8ad8
Closes-Bug: #1675418
|
|
This is needed for the TLS everywhere work. This will break on
TLS-everywhere setups where neutron would be deployed in its own role.
So we need to add the metadata_settings.
bp tls-via-certmonger
Change-Id: I7934a258e032d8eaa6f07c0e48b3fbdb1f8c6a06
|
|
This feature stopped working somewhere along the lines. In the past it
was working with parameter_defaults like this:
CinderNfsServers: '10.0.0.254:/srv/nfs/cinder'
or
CinderNfsServers: "[fd00:fd00:fd00:3000::1]:/srv/nfs/cinder"
The problem was that the templating escaped these strings, and
puppet-tripleo didn't receive a proper array, but a string.
This patch fixes this. It accepts strings as above as well as
comma-delimited lists of Nfs Servers.
Closes-Bug: 1671153
Change-Id: I89439c1d969e92cb8e0503de561e22409deafdfc
|
|
Firewall config was being inherited by the dpdk service, however
since the firewall service name was the parent (neutron_ovs_agent)
and technically that service was not enabled - the rules were never
applied. This modifies the service name as it is inherited using
map_replace.
Closes-Bug: 1674689
Change-Id: I6676205b8fc1fd578cb2435ad97fe577a9e81d95
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
This is used in gnocchi-api.yaml and is not needed on the base template.
Change-Id: I5ebd27dff3dca7053647a57eb4cdef56d38526c6
|
|
Bug #1611800 fixed an upgrade issue by enabling purging configs for
some services, but this causes issues such as longer updates and
restarting services in the minor update case, so only do this for
major upgrades, and default to false.
Related-Bug: #1611800
Closes-Bug: #1674858
Change-Id: Iff7d715f6730c5633f1146008504b4309ef3133d
|
|
|
|
Unprivileged access to the kernel syslog can expose sensitive
kernel address information.
Change-Id: If40f1b883dfde6c7870bf9c463753d037867c9e2
Signed-off-by: zshi <zshi@redhat.com>
|
|
|
|
Change-Id: I4958b886cbd6c2b34da0c265e8774105474ace13
|
|
Port 2550 is required for inter-ODL communication when clustering.
odl-jolokia feature is required to expose REST APIs from ODL for
monitoring the cluster.
Implements: blueprint opendaylight-ha
Depends-On: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31
Change-Id: Ie108ab75cce0cb7d89e72637c600e30fc241d186
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
The agent configuration was lost in newton during the puppet-tripleo and
THT role conversion. This change adds support for including the bigswitch
agent service for composable roles.
Change-Id: I46896389e48cdbe2864bf5b609a786f1c84ef908
Closes-Bug: #1673126
|
|
|
|
We currently do not bind redis-sentinel to any IP:
redis 21144 0.0 0.0 142908 5908 ? Ssl 07:43 0:11 /usr/bin/redis-sentinel *:26379 [sentinel]
Let's bind it to the same network as redis.
Change-Id: I8a782ae1db84eb614aa3995a1638a2f370e70d06
Partial-Bug: #1673715
|
|
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.
Also remove neutron_url, it can be fetched from the catalog instead.
Change-Id: I12822568cb4db31808aec5fd407d71fe4b7b09e0
Depends-On: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #1661250
|
|
Secure EtcdInitialClusterToken parameter by:
* removing the default value.
* make it hidden.
Change-Id: I938af697f9faaadb9c9aeb950e9410db24b1b961
Depends-On: I6e30cce469736e84a3c483fafa29d542b8347ba9
Closes-Bug: #1673266
|
|
UUID is to be deprecated, and we should be using fernet.
Change-Id: I61b999e65ba5eb771776344d38eb90fc52d49d56
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This profile will request the certificates for the services on the node.
So with this, we will remove the requesting of these certs on the
services' profiles themselves.
The reasoning for this is that for a containerized environment, the
containers won't have credentials to the CA while the baremetal node
does. So, with this, we will have this profile that still gets executed
in the baremetal nodes, and we can subsequently pass the requested
certificates by bind-mounting them on the containers. On the other hand,
this approach still works well for the TLS-everywhere case when the
services are running on baremetal.
Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
|
|
Switch Congress and Tacker to use auth_uri with keystone versionless
endpoint.
Change-Id: I7e17d061344849b0421f3a6c9571f1609e8861fb
Partial-Implement: blueprint keystone-v3
|
|
* Move swift_authurl to gnocchi-base hieradata, where other swift auth
credentials live and switch it to versionless keystone endpoint.
* Force swift_auth_version to 3 for Keystone v3.
* Switch auth_uri to use versionless Keystone endpoint.
* Switch auth_url to use Keystone admin endpoint (instead of internal).
* Remove old parameters from gnocchi::api, not used anymore.
Partial-blueprint: keystone-v3
Change-Id: I2feed8b1219069128faa1a1e8dcd2ddfbae7e40a
|
|
Switch Aodh, Ceilometer and Panko to use auth_uri parameter with
keystone versionless endpoint.
Change-Id: I5800f4161d0406d3717e1f539d23411b11378fbc
Partial-implement: blueprint keystone-v3
|
Tim Rozet
Pradeep Kilambi
Juan Antonio Osorio Robles
Sofer Athlan-Guyot
Jenkins
Marius Cornea
Oliver Walsh
Christian Schwede
Steven Hardy
zshi
Dan Radez
Alex Schultz
Michele Baldessari
Dmitry Tantsur
Emilien Macchi