Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
It's not used by any service that we enable by default. So instead, I
added it to the environment that enables the services that use it.
Change-Id: Id2e6550fb7c319fc52469644ea022cf35757e0ce
|
|
This changes both the service names and the file names for disabled
services, adding the 'disabled' suffix to them.
This comes with the reasoning that, if a service requires a disabled
service, and checks for the name in the "service_names" hiera entry, it
will appear as if the service was enabled, when it's actually not. So
changing the name and using this convention prevents that issue.
Change-Id: I308d6680a4d9b526f22ba0d7d20e5db638aadb9a
|
|
|
|
|
|
|
|
|
|
Master is now the development branch for pike
changing the release alias name.
Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
|
|
|
|
This will make neutron-server stop advertising dvr extension if the
cloud is not configured to support this flavor of Neutron routers.
Change-Id: I38c8208edff07f7887887918729beb7710068078
Related-Bug: #1450067
|
|
|
|
|
|
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging
two or more networks together to make them look at a single broadcast
domain. This patch implements the l2gw agent which is one of the backend
of the l2 gateway service plugin.
Change-Id: I1ae8132ceff9410be7bd82caddf0d14251e720bf
Depends-On: If1501c153b1b170b9550cb7e5a23be463fba1fe9
Partially-Implements: blueprint l2gw-service-integration
Signed-off-by: Peng Liu <pliu@redhat.com>
|
|
This tells apache which CA certificate was used to sign the certs it's
using. this setting is useful in case we want to enable OCSP stapling or
client authentication via TLS.
Change-Id: I97a7e5332aea8377c7662ca98beb71ed5e236640
|
|
The Apache certs were were being set even if TLS everywhere isn't
enabled. This fixes that.
Change-Id: If143d1fdeb0102a1c13441f89acaa73af24bf48f
|
|
This configures the mongodb server to use TLS in the internal network,
while also passing the necessary attributes to generate the needed cert
and key.
bp tls-via-certmonger
Depends-On: I85dda29bcad686372a74bd7f094bfd62777a3032
Change-Id: If6c603b074cfa7e122579cec29d034fd3312868d
|
|
|
|
|
|
Changing the default values of neighbor table (also known as ARP table)
in the kernel to avoid neighbour table overflow and thus fix
communication errors between overcloud nodes.
default kernel values support L2 network up to 1024 hosts (/22).
The patch will allow up to 4096 hosts (/20).
Change-Id: I5fabc766dd75a38cd3d835deee7e168f04dd30ce
Closes-Bug: #1690087
|
|
This was forgotten in I72376a803ec6b2ed93903cc0c95a6ffce718b6dc and
broke containerized deployment.
Change-Id: I599a87bf06efbfefd3067c77ed6ca866505900f9
Closes-Bug: #1690870
|
|
|
|
Currently we just use what puppet-snmp provides in terms of defaults.
This means that currently every single snmp query gets logged with
the following:
May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161
May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161
May 15 10:51:32 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:50566->[127.0.0.1]:161
The reason is that we use '-LS0-6d' as the default content for
/etc/sysconfig/snmpd:
https://github.com/razorsedge/puppet-snmp/blob/master/manifests/params.pp#L322
This default means that we are logging from 0 (LOG_EMERG) to 6
(LOG_INFO). The above messages bring nothing in a default installation
and only spam the log files, so let's lower the upper log level to 5
(LOG_NOTICE) by default, so we properly do not see every single query in
the logs. We add an option so the operator can still configure the
desired log level via a Heat parameter.
Change-Id: I8d3dfdb4d549cd27131346fc477755ad72313449
|
|
|
|
Service template's parameter documentation has been update by
correcting few of the wrong informations and added more
information with examples.
Change-Id: I2d92fd01cbeb6fdc6f030255dc4b71166509b4f6
|
|
When a service is enabled on multiple roles, the parameters for the
service will be global. This change enables an option to provide
role specific parameter to services and other templates.
Two new parameters - RoleName and RoleParameters, are added to the
service template. RoleName provides the role name of on which the
current instance of the service is being applied on. RoleParameters
provides the list of parameters which are configured specific to the
role in the environment file, like below:
parameters_default:
# Default value for applied to all roles
NovaReservedHostMemory: 2048
ComputeDpdkParameters:
# Applied only to ComputeDpdk role
NovaReservedHostMemory: 4096
In above sample, the cluster contains 2 roles - Compute, ComputeDpdk.
The values of ComputeDpdkParameters will be passed on to the templates
as RoleParameters while creating the stack for ComputeDpdk role. The
parameter which supports role specific configuration, should find the
parameter first in in the RoleParameters list, if not found, then the
default (for all roles) should be used.
Implements: blueprint tripleo-derive-parameters
Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
|
|
|
|
Change-Id: Ifaa3bb0400ee22601fd8f3e1f2f16192b5f8766b
|
|
We dont need expirer unless we have collector and standard
storage enabled. Lets turn it off by default and make it
an optional service. In upgrade scenario, we will kill the
process and stop the expirer, unless explicitly enabled.
Change-Id: Icffb7d1bb2cf7bd61026be7d2dcfbd70cd3bcbda
|
|
Once puppet has written the initial fernet keys, if a deployer wants to
rotate them, the keys will be overwritten when another overcloud deploy
is executed (for instance, for updates or upgrades). This disables
replacing this keys via puppet, so now the operator can rotate the keys
out of band.
Change-Id: I01fd46ba7c5e0db12524095dc9fe29e90cb0de57
|
|
|
|
neutron-metadata number of workers will be taken from NeutronWorkers parameter
if not empty. when empty, all keys related to NeutronWorkers value will be
set with empty dictionary instead empty string ({}).
Change-Id: I18347639c188bbf085e2f3c739465e52c94b9d77
Closes-bug: #1689571
|
|
|
|
Via https://github.com/arioch/puppet-redis/pull/192 puppet-redis grew
ulimit support also for pacemaker managed redis instances. To be able to
use that we need to set redis::managed_by_cluster_manager to true.
We also allow redis::ulimit to be configurable and we set a default of
10420 which was the default value before the above change.
Change-Id: I06129870665d7d3bfa09057fd9f0a33a99f98397
Depends-On: I4ffccfe3e3ba862d445476c14c8f2cb267fa108d
Closes-Bug: #1688464
|
|
Change-Id: I2b23d92c85d5ecc889a7ee597b90e930bde9028e
Depends-On: I72f84e737b042ecfaabf5639c6164d46a072b423
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This add openstack-nova-migration on the compute during the upgrade.
Closes-Bug: #1687081
Depends-on: Iab022bdfb655e3c52fecebf416e75c9e981072ab
Depends-on: I02dc8934521340f42ac44a7d16889f6d79620c33
Change-Id: I3db2a3188e538eeaef61769d38f0166545444cfe
|
|
Specify the allowed networks for migration ssh tunneling.
bp tripleo-cold-migration
Change-Id: Iab022bdfb655e3c52fecebf416e75c9e981072ab
Depends-on: Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293
|
|
|
|
Depends-On: I55ac06e1a561d29d7e1c928a1684989c9654b95d
Change-Id: Id29e96979b937593efe244f46ce2dd74df3aaa7f
|
|
By deafult, we let the data live for ever. Which isnt very efficient.
Lets expose params to tweak this and use a reasonable default.
Change-Id: I145fa73a7af9cb4135ba910d3659853b3baa893d
|
|
For performance reasons we might want to tweak this param
lets expose this via tripleo. The puppet changes were
added in this patch I5de5283d1b14e0bba63d6d9a440611914ba86ca4
Change-Id: I72f1fe3a47060fe37602a70b8a74fba72209127c
|
|
Instead of using the CA bundle, this sets the mysql client configuration
file to use a specific file for validating the certificate of the
database server. This helps in two ways:
* Improves performance since validation will check only one certificate.
* Improves security since we're only the certificates signed by one CA
are valid, instead of any certificate that the system trusts (which
could include potentially compromised public certs).
Change-Id: I46f7cb6da73715f8f331337e0161418450d5afd7
Depends-On: I75bdaf71d88d169e64687a180cb13c1f63418a0f
|