summaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-02-28Add auditd upgrate stepsCarlos Camacho1-0/+15
Add base upgrade steps for auditd Change-Id: Iaa56eb40ed80d20744cf8bab18504d700466d26e
2017-02-25Merge "Don't assume default network names in net_ip*map"Jenkins1-9/+35
2017-02-24Merge "Upgrade nova-api/scheduler/conductor packages at step3 not step2."Jenkins4-11/+4
2017-02-24Merge "Add checks in ansible upgrade tasks for CephMon and CephOSD"Jenkins3-19/+78
2017-02-24Upgrade nova-api/scheduler/conductor packages at step3 not step2.Sofer Athlan-Guyot4-11/+4
The nova-api, nova-scheduler nova-conductor packages are updated during step2. The package upgrade trigger a restart of the service which fails and is constantly retried by systemd: Feb 24 12:34:24 centos-7-2-node-rax-iad-7463943-440549 systemd[1]: Failed to start OpenStack Nova Scheduler Server. Feb 24 12:34:24 centos-7-2-node-rax-iad-7463943-440549 systemd[1]: Unit openstack-nova-scheduler.service entered failed state. Feb 24 12:34:24 centos-7-2-node-rax-iad-7463943-440549 systemd[1]: openstack-nova-scheduler.service failed. Feb 24 12:34:24 centos-7-2-node-rax-iad-7463943-440549 systemd[1]: openstack-nova-scheduler.service holdoff time over, scheduling restart. We eventually reach timeout. We use https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/tripleo-packages.yaml#L44-L46 to upgrade existing packages. Add a note to the README.rst to make people aware of the general upgrade done at step3 and limit its usage to new package for individual service. Change-Id: I13b51bcfe0c98034944613f7e1c3f0168cd4de76 Closes-Bug: #1667728
2017-02-24Merge "Enable TLS for swift-proxy's ceilometer notifications"Jenkins1-0/+1
2017-02-23Merge "Remove forgotten sahara dbsync from step5 upgrades tasks"Jenkins1-3/+0
2017-02-23Merge "Adding the ip_conntrack_proto_sctp kernel module"Jenkins1-0/+1
2017-02-23Merge "Increase ansible-pacemaker default service start timeout"Jenkins1-1/+1
2017-02-23Enable TLS for swift-proxy's ceilometer notificationsJuan Antonio Osorio Robles1-0/+1
If the message broker is using TLS, we enable it for these notifications. Change-Id: I4f37e77ae12e9582fab7d326ebd4c70127c5445f Depends-On: If23d1f0d20264faaddc2e5ad54863483fa43ed41
2017-02-23Increase ansible-pacemaker default service start timeoutmarios1-1/+1
We are passing 200 but in some environments this has been seen to expire by a few seconds. Change-Id: I5c2270559339ea9ee0043b7a2e519e26d4d9d78a Closes-Bug: 1666604
2017-02-23Remove forgotten sahara dbsync from step5 upgrades tasksmarios1-3/+0
I suspect this was forgotten from the initial commits where we were doing the dbsync in ansible Change-Id: Ie337bfba4e61cf3d546d0b79b611b84211ac9d9d
2017-02-23Merge "neutron: don't set external_network_bridge option by default"Jenkins2-10/+28
2017-02-23Adding the ip_conntrack_proto_sctp kernel moduleItzik Brown1-0/+1
When using conntrack there is a need to load the ip_conntrack_proto_sctp module for SCTP to work. Closes-bug: 1664192 Change-Id: Ic58f5327401c3ab2215acd8b9ce699f555e8c5e4
2017-02-22Merge "Configure authtoken in nova-placement api service"Jenkins1-0/+4
2017-02-22Merge "Add step0,validation checks for heat services"Jenkins4-4/+4
2017-02-22Merge "Adding upgrade steps to congress service"Jenkins1-0/+8
2017-02-21Improve the README for the _setting keysMichele Baldessari1-2/+15
It is not entirely clear to someone writing their own templates how to distribute hiera keys to different roles. Let's clear this up with a more extensive description. Change-Id: I02224389c2de90bc5534bce764e5e9d3bb23538f
2017-02-21Add checks in ansible upgrade tasks for CephMon and CephOSDGiulio Fidente3-19/+78
Adds two checks, one for the CephMon and one for the CephOSD upgrade tasks borrowed from ceph-ansible. Change-Id: I0a0e60d277240130c6bd76a74ccc13354b87a30a Co-Authored-By: Sebastien Han <seb@redhat.com>
2017-02-21Add step0,validation checks for heat servicesmarios4-4/+4
These are currently commented out because we were waiting for I7612189be49c9c07f64753c1be4b72aa8524d06d to enable these in the ci upgrades job. Change-Id: I07bc0c2af0b227416470e23ad42f3a9aae430271
2017-02-21Merge "Stop nova-api before upgrading package"Jenkins1-3/+3
2017-02-21Merge "Adding upgrade_tasks to tacker"Jenkins1-0/+7
2017-02-20Adding upgrade steps to congress serviceDan Radez1-0/+8
Change-Id: I79169baf4c59e9325355992288de2e9ad8088e3b
2017-02-20Merge "Generate Pre/Post Puppet Tasks for all roles"Jenkins1-11/+7
2017-02-20Stop nova-api before upgrading packageOliver Walsh1-3/+3
If the service is running then the rpm upgrade will attempt to restart. Ensuring the service is stopped before upgrade should resolve this. Change-Id: I4179cb773616721640490d26082eacac45f92dff Closes-Bug: 1665717
2017-02-20Merge "Make the DB URIs host-independent for all services"Jenkins21-38/+52
2017-02-20Adding upgrade_tasks to tackerDan Radez1-0/+7
Change-Id: I0d7e151a931d02068dea80d7cf57b99736e689e6
2017-02-17Make the DB URIs host-independent for all servicesMichele Baldessari21-38/+52
When fixing LP#1643487 we added ?bind_address to all DB URIs. Since this clashes with Cellsv2 due to the URIs becoming host dependent, we need a new approach to pass bind_address to pymysql that leaves the DB URIs host-independent. In change Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18 we first create a /etc/my.cnf.d/tripleo.cnf file with a [tripleo] section with the correct bind-address option. In this change we make sure that the DB URIs will point to the added file and to the specific section containing the necessary bind-address option. We do introduce a new MySQLClient profile which will hold all this more client-specific configuration so that this change can fit better in the composable roles work. Also, in the future it might contain the necessary configuration for SSL for example. Note that in case the /etc/my.cnf.d/tripleo.cnf file does not exist (because it is created via the mysqlclient profile), things keep on working as usual and the bind-address option simply won't be set, which has no impact on hosts where there are no VIPs. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: Ieac33efe38f32e949fd89545eb1cd8e0fe114a12 Related-Bug: #1643487 Closes-Bug: #1663181 Closes-Bug: #1664524 Depends-On: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
2017-02-17Generate Pre/Post Puppet Tasks for all rolesJames Slagle1-11/+7
We need to generate the Pre and Post Puppet Tasks for all roles, not just the Controller role. Otherwise, you have to have a role specifically named Controller that is running your pacemaker services, or pacemaker won't be properly handled on stack-updates. When using deployed-server's it's actually not possible to have a role called Controller, since we need to use all custom roles so that we can set disable_contraints on each role. Further, it is not possible to redefine the Controller role since puppet/controller-role.yaml is listed in the excludes file. Change-Id: I737b24db90932e292b50b122640f66385f2d1c23 Partial-Bug: #1665060
2017-02-17Don't assume default network names in net_ip*mapSteven Hardy1-9/+35
This needs to handle a ServiceNetMap containing non-default network names when they are overridden via the *NetName parameters. Closes-Bug: #1651541 Change-Id: I95d808444642a37612a495e822e50449a7e7da63
2017-02-17Install nova-placement package on upgradeSteven Hardy1-0/+5
This doesn't exist in newton images, so install it via the ansible tasks during step3 (when all other packages are updated). Change-Id: I08fb7855b910ccc5a8ab2d73f1de15b695784abd Closes-Bug: #1664265
2017-02-17Merge "Apply puppet in non-controller script in step."Jenkins1-0/+1
2017-02-17Merge "docker: new hybrid deployment architecture and configuration"Jenkins2-7/+3
2017-02-17Merge "Add Newton to Ocata UpgradeInitCommonCommand"Jenkins6-1/+54
2017-02-17Merge "Automatically backup and restore Swift rings from the undercloud"Jenkins1-0/+18
2017-02-16Merge "Configuring a default ntp server."Jenkins1-2/+4
2017-02-16Merge "Remove unused nova_url from neutron config"Jenkins1-2/+0
2017-02-16Merge "Remove deprecated metering_secret"Jenkins1-1/+0
2017-02-16Merge "OVN bridge mappings for tripleo"Jenkins1-0/+11
2017-02-16Add Newton to Ocata UpgradeInitCommonCommandmarios6-1/+54
This adds the UpgradeInitCommonCommand for newton..ocata common UpgradeInit commands. This comes before the ansible upgrade steps so we need to do things like remove the old newton hieradata and install the ansible-pacemaker module and ansible heat-agent plugin This defaults to '' and is set in the major-upgrade-composable-steps and unset in the major-upgrade-converge environment files. Change-Id: I0c7a32194c0069b63a501a913c17907b47c9cc16
2017-02-15Merge "Add nova service support for composable upgrades"Jenkins9-5/+161
2017-02-15docker: new hybrid deployment architecture and configurationDan Prince2-7/+3
This patch implements a new docker deployment architecture that should us to install docker services in a stepwise manner alongside of baremetal puppet services. This works by using Yaql to select docker specific services (docker/services/*.yaml) vs the puppet specific ones and then applying the selected Json to relevant Heat software deployments for docker and baremetal puppet in a stepwise fashion. Additionally the new architecture leverages new composable services interfaces from Newton to allow configuration of per-service container configuration sets (directories that are bind mounted into kolla containers) by using the Kolla containers themselves. It does this by spinning up a throw away "configuration only" version of the container being configured itself, then running the puppet apply in that container and copying the generated config files into /var/lib/config-data. This avoids having to install all of the OpenStack dependency packages in the heat-agent-container itself (our previous approach) and should allow us to configure a much wider variety of container config files that would otherwise be impossible with the previous shared approach. The new approach (combined) should allow us to configure containers in both the undercloud and overcloud and incrementally add CI coverage to services as we containerize them. Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Change-Id: Ibcff99f03e6751fbf3197adefd5d344178b71fc2
2017-02-15Apply puppet in non-controller script in step.Sofer Athlan-Guyot1-0/+1
We want to apply a puppet manifest for the non-controller role, but we need to apply it in stages. By loading the proper hieradata we get the needed step configuration. Change-Id: I07bfeee7b7d9a9b8c2c20e5d5c9ed735d0bfc842 Closes-Bug: #1664304
2017-02-15Merge "OVN plugin configuration fixes"Jenkins2-10/+23
2017-02-14Add nova service support for composable upgradesSteven Hardy9-5/+161
Co-Authored-By: Mathieu Bultel <mbultel@redhat.com> Co-Authored-By: Oliver Walsh <owalsh@redhat.com> Change-Id: Iafad800a6819d7e75fdaab60d328999d3d3c037f Partially-Implements: blueprint overcloud-upgrades-per-service Related-Bug: #1662344
2017-02-14Merge "Reduce memcached memory configuration"Jenkins1-0/+7
2017-02-14Merge "Add upgrade tasks for opstools services"Jenkins3-0/+27
2017-02-14OVN bridge mappings for tripleoBabu Shanmugam1-0/+11
This patch adds an additional configuration setting for OVN bridge mappings Co-authored-by: Numan Siddique <nusiddiq@redhat.com> Change-Id: I99f2c0c8e633e63273e2469d95fbabbbc665c87c Depends-On: Ia6d66fa954571328c0ac3542af17303def382c1a
2017-02-14Add upgrade tasks for opstools servicesMartin Mágr3-0/+27
This patch adds upgrade tasks for sensu-client, fluentd and collectd Change-Id: I3a8096159664b1934b34f6c79b8afb4a3dc645c8
2017-02-14Configuring a default ntp server.Carlos Camacho1-2/+4
Adding a default NTP server by default will keep all Pacemaker and non-Pacemaker deployments aligned with the same server by default. Also useful for keeping time diff controlled for Keystone and Ceph. Change-Id: I8a26bae15cbfb83e3abd6b9ef9d12b57467e6258