summaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-11-14Merge "Set keystone notification topics if ceilometer is enabled" into ↵Zuul1-0/+2
stable/pike
2017-11-13Keystone: Enable notification topics to be configuredJuan Antonio Osorio Robles1-0/+5
This enables the configuration of notification topics via the KeystoneNotificationTopics parameter. Change-Id: I224e730e41e1bcb703e5deebfab3ca74f08faa02 Related-Bug: #1729293 (cherry picked from commit 3de75ccea06a160f8afb21f9da461109a08f7cbc)
2017-11-13Set keystone notification topics if ceilometer is enabledJuan Antonio Osorio Robles1-0/+2
This sets the keystone notification topics only if ceilometer is enabled. This mitigates the issue of keystone sending notifications when nobody is receiving them. Closes-Bug: #1729293 Depends-On: I4dcce73446633c08ea37ba567610eec398094036 Change-Id: I063af5e642388acc180cb8e728481c5a36cc8ddc (cherry picked from commit 4adb82d03ddd72191bb379f277374a0a5720bbc4)
2017-11-11Disable live migration over TLSJuan Antonio Osorio Robles1-9/+10
Due to the fact that it doesn't use a separate CA (or sub CA) for libvirtd, and that proper SASL is not being used. We are disabling this option since it doesn't meet the appropriate security requirements. We'll look into adding this back once these issues get fixed. Change-Id: I6a5e4db1b6dd6bc8b7e73e53b614b070d15b8a23 Closes-Bug: #1730370 (cherry picked from commit 645757cbd6bdb1a1b75cb4aa8acce80a178099ce)
2017-11-10Merge "Refactor cellv2 host discovery logic to avoid races" into stable/pikeZuul2-0/+16
2017-11-10Refactor cellv2 host discovery logic to avoid racesOliver Walsh2-0/+16
The compute service list is polled until all expected hosts are reported or a timeout occurs (600s). Adds a cellv2_discovery flag to puppet services. Used to generate a list of hosts that should have cellv2 host mappings. Adds a canonical fqdn and that should match the fqdn reported by a host. Adds the ability to upload a config script for docker config instead of using complex bash on-liners. Closes-bug: 1720821 Change-Id: I33e2f296526c957cb5f96dff19682a4e60c6a0f0 (cherry picked from commit 61fcfca045aeb5be1ee280d8dd9c260fb39b9084)
2017-11-10Configure docker0 bridge addressMartin André1-4/+8
This was previously conflicting with the InternalApiNetCidr value in environments/network-environment.yaml. Change-Id: I3f1cb6f056fb19a1ba93d1076191abe7aca4fa21 Depends-On: Ie803b33c93b931f7fefb87b6833eb22fd59cd92d Closes-Bug: #1726773 (cherry picked from commit 509209a29be1ac3e72d6ea97eaf328760693daaf)
2017-11-09Merge "Set metric procssing delay for metricd" into stable/pikeZuul1-0/+5
2017-11-08Merge "nova-placement: switch auth_uri to keystone versionless endpoint" ↵Zuul1-1/+1
into stable/pike
2017-11-08Merge "Enable Cinder as a backend for Glance" into stable/pikeZuul1-2/+2
2017-11-07Set metric procssing delay for metricdPradeep Kilambi1-0/+5
Depends-On: 1d6084045e6019c7ad536a8adfd5249b1d95e37e Closes-bug: #1722788 Change-Id: I22a815bbc8dad65366fbc212f35bdb9d7b4faa52 (cherry picked from commit 66f85f17273353c30ae5625d29c367e0a5f513a8)
2017-11-07Merge "mysql: Only set certificate specs if TLS everywhere is enabled" into ↵Zuul1-20/+24
stable/pike
2017-11-05cinder: switch CinderCronDbPurgeUser to 'cinder'Emilien Macchi1-1/+1
... and not 'keystone' or it fails. Change-Id: Iee4161ec9d8c7a84997ab24ddd234353f3a81dfb Closes-Bug: #1729352 (cherry picked from commit b99a240ccc4f262ee7626518087784eb92b0152f)
2017-11-04Merge "mysql: expose IPv6 configuration to mysql puppet modules" into ↵Zuul1-0/+6
stable/pike
2017-11-04mysql: Only set certificate specs if TLS everywhere is enabledJuan Antonio Osorio Robles1-20/+24
The conditional was missing. Change-Id: Ie2617dd9dba1c49f37e82448b6bf229d127ed46a Closes-Bug: #1729384 (cherry picked from commit 410e062aa0d91b99c4493fac6940499cc02e4288)
2017-11-03Merge "Fix nova-cpu/collectd hieradata" into stable/pikeZuul1-1/+1
2017-11-03Merge "added level of indirection causes incorrect hiera config" into ↵Zuul2-21/+19
stable/pike
2017-11-02Fix nova-cpu/collectd hieradataEmilien Macchi1-1/+1
Probably a typo, never caught or even tested. Change-Id: Iaf75edb421a19cb69bf3ead59c83bf812c653f0b Closes-Bug: #1729479 (cherry picked from commit 24f859c01826eb12256cf1a5cd63b8bb1c0e234c)
2017-11-02Add NetIpMap to hieradata for *ExtraConfig overridesSteven Hardy1-0/+2
To enable per-node override of bind IPs via the per-role ExtraConfig paramaters, we need to enable hiera interpolation that references the keys defined in NetIpMap, so we add them to the hieradata. To minimise the risk of any conflicts in keynames it's added near the bottom of the hierarchy, but I'm not aware of any conflicting names in our templates/modules. This will allow per-node hieradata override of bind IPs e.g: parameter_defaults: ComputeRack1ExtraConfig: nova::vncproxy::host: "%{hiera('rack1_internal_api')}" ComputeRack2ExtraConfig: nova::vncproxy::host: "%{hiera('rack2_internal_api')}" Closes-Bug: #1726884 Change-Id: Icf7da1d78176c2ee0197ff2459d69d995cbb16ad (cherry picked from commit 65a8b65754d2ea77ec2396658d4e73eb837d34bd)
2017-11-02Merge "Switch RabbitFDLimit to a Puppet integer" into stable/pikeZuul1-1/+1
2017-11-02Merge "Enable neutron-lbaasv2 UI in Horizon" into stable/pikeZuul1-0/+3
2017-11-01added level of indirection causes incorrect hiera configAditya Vaja2-21/+19
- until Newton this worked fine, however starting with Ocata, we do not need the key 'mapped_data' - having it results in extra indirection in the dictionary in neutron_bigswitch_data.json Closes-Bug: #1729453 Change-Id: I3bc9940aeff4e290d83de95a7df294c11f061954 (cherry picked from commit 485339129cee8f5d3223cf47858a5c9f79b0a8de)
2017-10-30Set verbosity by default for memcachedJuan Antonio Osorio Robles1-0/+1
This sets of one level of verbosity for memcached by default. This allows us to see any errors or warnings in the logs. Change-Id: Icc6f56c9e0ee6100286d07c8b6660a08baabb241 Related-Bug: #1720183 (cherry picked from commit 15ad21ba08e92b302318bdc34112601ce666ff35)
2017-10-29Enable Cinder as a backend for GlanceAlan Bishop1-2/+2
Enable Cinder as a backend for Glance by adding 'cinder' to the list of allowed choices for the GlanceBackend heat parameter. Update the glance-api docker configuration to allow the feature to work. This is necessary because the feature uses iSCSI, which requires additional privileges. Closes-Bug: #1728409 Depends-On: I850047e32f3608b3ce490e52e2e540695cb1a4ff Change-Id: I42241747de931103a04aa5ee2ed18fd46197d183 (cherry picked from commit e828e8c7bb2e890b243faa767992226dc270bb6f)
2017-10-26Enable neutron-lbaasv2 UI in HorizonCédric Jeanneret1-0/+3
Change-Id: I4a09343c59da86daf4e6f00a59f7734c8adb209f Depends-On: I66839e2c42e654a02e5409c6137e479cfb7b385f Partial-Bug: 1724471 (cherry picked from commit 97879c3ce6dcf06908180a06147bd386580ed5ae)
2017-10-24nova-placement: switch auth_uri to keystone versionless endpointOliver Walsh1-1/+1
Appears this was missed in I8046f2eed0b9a7da76d6d7c3507a92bf5054b000 Change-Id: I901533f7ab2de2ec0fd1c2bfef8aa8f767c45963 Partial-Implement: blueprint keystone-v3 (cherry picked from commit 4add59c5413e9b36675f07f0c3d0fedbf156b04c)
2017-10-19Merge "Remove Heat Cloudwatch API during upgrade and disable by default" ↵Zuul1-0/+48
into stable/pike
2017-10-17Remove Heat Cloudwatch API during upgrade and disable by defaultmarios1-0/+48
This adds a heat-api-cloudwatch-disabled.yaml and wires it up in the resource registry. During the Ocata to Pike upgrade this service will thus be stopped and disabled by default. If you wish to keep the Heat Cloudwatch API then you should instead use the provided heat-api-cloudwatch.yaml environment file. Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6 Related-Bug: 1713531 (cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)
2017-10-16Switch RabbitFDLimit to a Puppet integerEmilien Macchi1-1/+1
Type changed in: https://github.com/voxpupuli/puppet-rabbitmq/commit/20d159dc6f08357bca4b01fdbe3521e4dc56f634 We need to update it otherwise we get a Puppet error. Change-Id: If03b7363295f1f529b7acf4a008ff63da8fef173 Closes-Bug: #1723665 (cherry picked from commit 24c756616c7a489e9bf43b6c5974e400815462ea)
2017-10-16mysql: expose IPv6 configuration to mysql puppet modulesDamien Ciabrini1-0/+6
When deploying on IPv6 networks, set a hiera key that can be consumed by puppet modules to configure MySQL or Galera appropriately. Currently, this is required for configuring SST encryption in Galera when Internal TLS is enabled [1]. [1] I1d6ee8febb596b3ab9dcde3a85a028ee99b2798c Change-Id: Ia857350ac451fc1bda6659d85019962d3a9d5617 Partial-Bug: #1719885 (cherry picked from commit ff0a0dd987f4bcb997b271572ff0c901ed71d99b)
2017-10-11Fix some missed hard-coded network referencesSteven Hardy1-30/+8
These got missed in the refactoring to support composable networks. Change-Id: I5c97df08ae84e9c383175687428fb00143d171ff Closes-Bug: #1720849 (cherry picked from commit ef1768e40c3a6c58a22381a4546772f571bee5cc)
2017-10-10Merge "Adds pacemaker update_tasks for Pike minor update workflow" into ↵Jenkins2-1/+20
stable/pike
2017-10-10Merge "Fix cold/live migration network config" into stable/pikeJenkins2-3/+10
2017-10-09Adds pacemaker update_tasks for Pike minor update workflowmarios2-1/+20
Adds update_tasks for the minor update workflow. These will be collected into playbooks during an initial 'update init' heat stack update and then invoked later by the operator as ansible playbooks. Current understanding/workflow: Step=1: stop the cluster on the updated node Step=2: Pull the latest image and retag the it pcmklatest Step=3: yum upgrade happens on the host Step=4: Restart the cluster on the node Step=5: Verification: test pacemaker services are running. https://etherpad.openstack.org/p/tripleo-pike-updates-upgrades Related-Bug: 1715557 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com> Change-Id: I101e0f5d221045fbf94fb9dc11a2f30706843806 (cherry picked from commit a953bda0ae615dc44d3e8a70aa7ab0160e26f3af)
2017-10-09Special treatment for os-net-config upgrade.Sofer Athlan-Guyot1-0/+9
We make sure to run upgrade and run os-net-config on its own. Running os-net-config with the no-activate option will - prevent the restart of the interface - adjust the network files to the expected configuration so that next run won't restart the network. Eventually at next reboot the change will be taken into account. Currently we have no change that are required to be taken live during the upgrade so it safe to ignore the new parameters. Closes-Bug: #1721073 Change-Id: I51464274d5dff8a267992ae303ac3517b78d08fb (cherry picked from commit 5aab25bb68f62b0d7e4ffdc20d4f4da1d82a76db)
2017-10-09Fix cold/live migration network configOliver Walsh2-3/+10
Cold migration network is determined by the value of my_ip in nova.conf. If this isn't set then the network with the default gateway will be used. This patch sets my_ip and the whitelisted IP for cold migation over SSH to the NovaApiNetwork. Until https://bugs.launchpad.net/nova/+bug/1671288 is fixed we cannot control the network used for live migration over SSH. It is determined by hostname resolution. This patch sets the whitelisted IP for live migration over SSH to the hostname resolution network for the role - which is typically the same as NovaApiNetwork. (NB The puppet manifest will remove duplicates). Live migration over TLS is not affected. It can control the network used so it configurable via NovaLibvirtNetwork. Change-Id: Ica3f79d6d0cfae446e276172146f3a9407f2971f Depends-On: Id22a6c990f424b9f3ca6159088540ea207460ffd (cherry picked from commit 23331889a577b82b625610a80ecd44e164fe6cf1)
2017-10-07Merge "Default Ceph pg_num and pgp_num to 128" into stable/pikeJenkins1-2/+2
2017-10-07Merge "Support for Ocata-Pike live-migration over ssh" into stable/pikeJenkins3-2/+13
2017-10-07Merge "Bump fs.inotify.max_user_instances for scale" into stable/pikeJenkins1-0/+9
2017-10-07Merge "Drop extraconfig for nova-nuage" into stable/pikeJenkins2-92/+43
2017-10-07Support for Ocata-Pike live-migration over sshOliver Walsh3-2/+13
In Ocata all live-migration over ssh is performed on the default ssh port (22). In Pike the containerized live-migration over ssh is on port 2022 as the docker host's sshd is using port 22. To allow live migration during upgrade we need to temporarily pin the Pike computes to port 22 and in the final converge we can switch over to port 2022. This also changes the default port to 2022 for baremetal computes in Pike to enable live-migration between baremetal and containerized computes. Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1 Depends-On: I0b80b81711f683be539939e7d084365ff63546d3 Closes-Bug: 1714171 (cherry picked from commit 17fd16b9f266e1aa67bf03ebdf309e89d668ada2)
2017-10-07Default Ceph pg_num and pgp_num to 128Giulio Fidente1-2/+2
As per Ceph docs [1] we should default pg_num and pgp_num to 128 when using less than 5 OSDs. This same change was applied to the ceph-ansible profiles with [2]. Also updates the CI environment files to continue using 32 where we deploy a single OSD. 1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/ 2. Ibd9fb23e04576e95e24af58f856663397886a947 Change-Id: I1920bc8f5251f362af38ad3bd6f46dda42c6ee93 Closes-Bug: #1718756 (cherry picked from commit e17ae7620e03790da0d29092ab42e8089b2e8d11)
2017-10-04Bump fs.inotify.max_user_instances for scaleSai Sindhur Malleni1-0/+9
Since each dnsmasq process consumes one inotify socket, the default value of fs.inotify.max_user_instances which is 128 lets us scale to only around a 116 neutron subnets (a few other sockets are used by other processes on the system). Since, we need to provide better defaults, this patch proposes to bump this value to 1024 by default, while giving the user a way to cahnge it. Based on https://unix.stackexchange.com/a/13757 each inotify watch takes 1KB of memory and we have fs.inotify.max_user_watches set to 8192 by default. This means that even in the worst case we won't be using more than 8MB of memory. Bumping the fs.inotify.max_user_instances value to 1024 is safe because there is fs.inotify.max_user_watches which caps the total number of files that can be watched by all the inotify instances a user has. Related Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1474515 https://bugzilla.redhat.com/show_bug.cgi?id=1491505 Change-Id: I39664312bf6cf06f1e1ca2e86ffd86fb9a4582ad Closes-Bug: 1718266 (cherry picked from commit d2d0c3ff00de9b62382193d942239d543aa9499f)
2017-09-25Fixes missing keystone authtoken pw for TackerTim Rozet1-0/+1
Closes-Bug: 1718997 Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 253d9b9107aa158af5bcdafe510ecd96658ef137)
2017-09-25Merge "Rename service_workflow_tasks into workflow_tasks" into stable/pikeJenkins1-2/+2
2017-09-21Merge "Adds post_upgrade_tasks for any service post-upgrade ansible tasks" ↵Jenkins1-14/+6
into stable/pike
2017-09-21Merge "Make nova patching parameters configurable in Nuage" into stable/pikeJenkins1-0/+12
2017-09-20Adds post_upgrade_tasks for any service post-upgrade ansible tasksmarios1-14/+6
This adds a new config/deployment per role that will come after any post deploy steps. It drives the same ansible config as the upgrade_tasks but instead collects the post_upgrade_tasks for any service in the given role. The workflow is upgrade_tasks, then post deploy steps (either puppet/ or docker/ depending on the env) and then the post_upgrade_tasks added here. This is added to the pacemaker/cinder-volume.yaml service for now see the bug below for more info Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680 Closes-Bug: 1706951 (cherry picked from commit 2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
2017-09-19Change to boolean for boolean type paramsTong Liu2-2/+2
Some boolean params are set to string type. Although it works, but it is better to use boolean type for better validation. This patch changes them to boolean type. Change-Id: I9f1d223619ea14fbab26033b24eb1144796e5ef2 Closes-Bug: #1715209 (cherry picked from commit cab8ab1d342c6ffada3f2adea5834b4549240af5)
2017-09-14Make nova patching parameters configurable in NuageLokesh Jain1-0/+12
Nova patching parameters are available in nova.conf but are not configurable from tripleo-heat-templates. Exposing these parameters from Nuage composable services to make them configurable. It enables setting the patching parameters in environment files. This change depends on the addition of nova patching configuration parameters. Change-Id: Iacad25da044f2bac83ee5f577ddcd70650eb61e5 Depends-On: I51ef3e19daff1d98cfe5c2c16475c16e6a3e3e0f (cherry picked from commit f0041153eca8d82bb7f72dc68676cab8448ef037)