Age | Commit message (Collapse) | Author | Files | Lines |
|
stable/pike
|
|
This enables the configuration of notification topics via the
KeystoneNotificationTopics parameter.
Change-Id: I224e730e41e1bcb703e5deebfab3ca74f08faa02
Related-Bug: #1729293
(cherry picked from commit 3de75ccea06a160f8afb21f9da461109a08f7cbc)
|
|
This sets the keystone notification topics only if ceilometer is
enabled. This mitigates the issue of keystone sending notifications
when nobody is receiving them.
Closes-Bug: #1729293
Depends-On: I4dcce73446633c08ea37ba567610eec398094036
Change-Id: I063af5e642388acc180cb8e728481c5a36cc8ddc
(cherry picked from commit 4adb82d03ddd72191bb379f277374a0a5720bbc4)
|
|
Due to the fact that it doesn't use a separate CA (or sub CA) for
libvirtd, and that proper SASL is not being used. We are disabling this
option since it doesn't meet the appropriate security requirements.
We'll look into adding this back once these issues get fixed.
Change-Id: I6a5e4db1b6dd6bc8b7e73e53b614b070d15b8a23
Closes-Bug: #1730370
(cherry picked from commit 645757cbd6bdb1a1b75cb4aa8acce80a178099ce)
|
|
|
|
The compute service list is polled until all expected hosts are reported or a
timeout occurs (600s).
Adds a cellv2_discovery flag to puppet services. Used to generate a list of
hosts that should have cellv2 host mappings.
Adds a canonical fqdn and that should match the fqdn reported by a host.
Adds the ability to upload a config script for docker config instead of using
complex bash on-liners.
Closes-bug: 1720821
Change-Id: I33e2f296526c957cb5f96dff19682a4e60c6a0f0
(cherry picked from commit 61fcfca045aeb5be1ee280d8dd9c260fb39b9084)
|
|
This was previously conflicting with the InternalApiNetCidr value in
environments/network-environment.yaml.
Change-Id: I3f1cb6f056fb19a1ba93d1076191abe7aca4fa21
Depends-On: Ie803b33c93b931f7fefb87b6833eb22fd59cd92d
Closes-Bug: #1726773
(cherry picked from commit 509209a29be1ac3e72d6ea97eaf328760693daaf)
|
|
|
|
into stable/pike
|
|
|
|
Depends-On: 1d6084045e6019c7ad536a8adfd5249b1d95e37e
Closes-bug: #1722788
Change-Id: I22a815bbc8dad65366fbc212f35bdb9d7b4faa52
(cherry picked from commit 66f85f17273353c30ae5625d29c367e0a5f513a8)
|
|
stable/pike
|
|
... and not 'keystone' or it fails.
Change-Id: Iee4161ec9d8c7a84997ab24ddd234353f3a81dfb
Closes-Bug: #1729352
(cherry picked from commit b99a240ccc4f262ee7626518087784eb92b0152f)
|
|
stable/pike
|
|
The conditional was missing.
Change-Id: Ie2617dd9dba1c49f37e82448b6bf229d127ed46a
Closes-Bug: #1729384
(cherry picked from commit 410e062aa0d91b99c4493fac6940499cc02e4288)
|
|
|
|
stable/pike
|
|
Probably a typo, never caught or even tested.
Change-Id: Iaf75edb421a19cb69bf3ead59c83bf812c653f0b
Closes-Bug: #1729479
(cherry picked from commit 24f859c01826eb12256cf1a5cd63b8bb1c0e234c)
|
|
To enable per-node override of bind IPs via the per-role
ExtraConfig paramaters, we need to enable hiera interpolation
that references the keys defined in NetIpMap, so we add them
to the hieradata. To minimise the risk of any conflicts in
keynames it's added near the bottom of the hierarchy, but
I'm not aware of any conflicting names in our templates/modules.
This will allow per-node hieradata override of bind IPs e.g:
parameter_defaults:
ComputeRack1ExtraConfig:
nova::vncproxy::host: "%{hiera('rack1_internal_api')}"
ComputeRack2ExtraConfig:
nova::vncproxy::host: "%{hiera('rack2_internal_api')}"
Closes-Bug: #1726884
Change-Id: Icf7da1d78176c2ee0197ff2459d69d995cbb16ad
(cherry picked from commit 65a8b65754d2ea77ec2396658d4e73eb837d34bd)
|
|
|
|
|
|
- until Newton this worked fine, however starting with Ocata, we
do not need the key 'mapped_data'
- having it results in extra indirection in the dictionary in
neutron_bigswitch_data.json
Closes-Bug: #1729453
Change-Id: I3bc9940aeff4e290d83de95a7df294c11f061954
(cherry picked from commit 485339129cee8f5d3223cf47858a5c9f79b0a8de)
|
|
This sets of one level of verbosity for memcached by default. This
allows us to see any errors or warnings in the logs.
Change-Id: Icc6f56c9e0ee6100286d07c8b6660a08baabb241
Related-Bug: #1720183
(cherry picked from commit 15ad21ba08e92b302318bdc34112601ce666ff35)
|
|
Enable Cinder as a backend for Glance by adding 'cinder' to the list of
allowed choices for the GlanceBackend heat parameter.
Update the glance-api docker configuration to allow the feature to work.
This is necessary because the feature uses iSCSI, which requires additional
privileges.
Closes-Bug: #1728409
Depends-On: I850047e32f3608b3ce490e52e2e540695cb1a4ff
Change-Id: I42241747de931103a04aa5ee2ed18fd46197d183
(cherry picked from commit e828e8c7bb2e890b243faa767992226dc270bb6f)
|
|
Change-Id: I4a09343c59da86daf4e6f00a59f7734c8adb209f
Depends-On: I66839e2c42e654a02e5409c6137e479cfb7b385f
Partial-Bug: 1724471
(cherry picked from commit 97879c3ce6dcf06908180a06147bd386580ed5ae)
|
|
Appears this was missed in I8046f2eed0b9a7da76d6d7c3507a92bf5054b000
Change-Id: I901533f7ab2de2ec0fd1c2bfef8aa8f767c45963
Partial-Implement: blueprint keystone-v3
(cherry picked from commit 4add59c5413e9b36675f07f0c3d0fedbf156b04c)
|
|
into stable/pike
|
|
This adds a heat-api-cloudwatch-disabled.yaml and wires it up in
the resource registry. During the Ocata to Pike upgrade this service
will thus be stopped and disabled by default.
If you wish to keep the Heat Cloudwatch API then you should instead
use the provided heat-api-cloudwatch.yaml environment file.
Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6
Related-Bug: 1713531
(cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)
|
|
Type changed in:
https://github.com/voxpupuli/puppet-rabbitmq/commit/20d159dc6f08357bca4b01fdbe3521e4dc56f634
We need to update it otherwise we get a Puppet error.
Change-Id: If03b7363295f1f529b7acf4a008ff63da8fef173
Closes-Bug: #1723665
(cherry picked from commit 24c756616c7a489e9bf43b6c5974e400815462ea)
|
|
When deploying on IPv6 networks, set a hiera key that can be consumed
by puppet modules to configure MySQL or Galera appropriately.
Currently, this is required for configuring SST encryption in Galera
when Internal TLS is enabled [1].
[1] I1d6ee8febb596b3ab9dcde3a85a028ee99b2798c
Change-Id: Ia857350ac451fc1bda6659d85019962d3a9d5617
Partial-Bug: #1719885
(cherry picked from commit ff0a0dd987f4bcb997b271572ff0c901ed71d99b)
|
|
These got missed in the refactoring to support composable networks.
Change-Id: I5c97df08ae84e9c383175687428fb00143d171ff
Closes-Bug: #1720849
(cherry picked from commit ef1768e40c3a6c58a22381a4546772f571bee5cc)
|
|
stable/pike
|
|
|
|
Adds update_tasks for the minor update workflow. These will be
collected into playbooks during an initial 'update init' heat
stack update and then invoked later by the operator as ansible
playbooks.
Current understanding/workflow:
Step=1: stop the cluster on the updated node
Step=2: Pull the latest image and retag the it pcmklatest
Step=3: yum upgrade happens on the host
Step=4: Restart the cluster on the node
Step=5: Verification: test pacemaker services are running.
https://etherpad.openstack.org/p/tripleo-pike-updates-upgrades
Related-Bug: 1715557
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Change-Id: I101e0f5d221045fbf94fb9dc11a2f30706843806
(cherry picked from commit a953bda0ae615dc44d3e8a70aa7ab0160e26f3af)
|
|
We make sure to run upgrade and run os-net-config on its own. Running
os-net-config with the no-activate option will
- prevent the restart of the interface
- adjust the network files to the expected configuration so that next
run won't restart the network.
Eventually at next reboot the change will be taken into account.
Currently we have no change that are required to be taken live during
the upgrade so it safe to ignore the new parameters.
Closes-Bug: #1721073
Change-Id: I51464274d5dff8a267992ae303ac3517b78d08fb
(cherry picked from commit 5aab25bb68f62b0d7e4ffdc20d4f4da1d82a76db)
|
|
Cold migration network is determined by the value of my_ip in nova.conf.
If this isn't set then the network with the default gateway will be used.
This patch sets my_ip and the whitelisted IP for cold migation over SSH to the
NovaApiNetwork.
Until https://bugs.launchpad.net/nova/+bug/1671288 is fixed we cannot control
the network used for live migration over SSH. It is determined by hostname
resolution.
This patch sets the whitelisted IP for live migration over SSH to the hostname
resolution network for the role - which is typically the same as NovaApiNetwork.
(NB The puppet manifest will remove duplicates).
Live migration over TLS is not affected. It can control the network used so it
configurable via NovaLibvirtNetwork.
Change-Id: Ica3f79d6d0cfae446e276172146f3a9407f2971f
Depends-On: Id22a6c990f424b9f3ca6159088540ea207460ffd
(cherry picked from commit 23331889a577b82b625610a80ecd44e164fe6cf1)
|
|
|
|
|
|
|
|
|
|
In Ocata all live-migration over ssh is performed on the default ssh port (22).
In Pike the containerized live-migration over ssh is on port 2022 as the
docker host's sshd is using port 22.
To allow live migration during upgrade we need to temporarily pin the Pike
computes to port 22 and in the final converge we can switch over to port 2022.
This also changes the default port to 2022 for baremetal computes in Pike to
enable live-migration between baremetal and containerized computes.
Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1
Depends-On: I0b80b81711f683be539939e7d084365ff63546d3
Closes-Bug: 1714171
(cherry picked from commit 17fd16b9f266e1aa67bf03ebdf309e89d668ada2)
|
|
As per Ceph docs [1] we should default pg_num and pgp_num to 128 when
using less than 5 OSDs.
This same change was applied to the ceph-ansible profiles with [2].
Also updates the CI environment files to continue using 32 where we
deploy a single OSD.
1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/
2. Ibd9fb23e04576e95e24af58f856663397886a947
Change-Id: I1920bc8f5251f362af38ad3bd6f46dda42c6ee93
Closes-Bug: #1718756
(cherry picked from commit e17ae7620e03790da0d29092ab42e8089b2e8d11)
|
|
Since each dnsmasq process consumes one inotify socket, the default
value of fs.inotify.max_user_instances which is 128 lets us scale to
only around a 116 neutron subnets (a few other sockets are used by other
processes on the system). Since, we need to provide better defaults,
this patch proposes to bump this value to 1024 by default, while giving
the user a way to cahnge it. Based on
https://unix.stackexchange.com/a/13757 each inotify watch takes 1KB of
memory and we have fs.inotify.max_user_watches set to 8192 by default.
This means that even in the worst case we won't be using more than 8MB
of memory. Bumping the fs.inotify.max_user_instances value to 1024 is
safe because there is fs.inotify.max_user_watches which caps the total
number of files that can be watched by all the inotify instances a user
has.
Related Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1474515
https://bugzilla.redhat.com/show_bug.cgi?id=1491505
Change-Id: I39664312bf6cf06f1e1ca2e86ffd86fb9a4582ad
Closes-Bug: 1718266
(cherry picked from commit d2d0c3ff00de9b62382193d942239d543aa9499f)
|
|
Closes-Bug: 1718997
Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 253d9b9107aa158af5bcdafe510ecd96658ef137)
|
|
|
|
into stable/pike
|
|
|
|
This adds a new config/deployment per role that will come after any
post deploy steps. It drives the same ansible config as the
upgrade_tasks but instead collects the post_upgrade_tasks for any
service in the given role.
The workflow is upgrade_tasks, then post deploy steps (either
puppet/ or docker/ depending on the env) and then the
post_upgrade_tasks added here.
This is added to the pacemaker/cinder-volume.yaml service for now
see the bug below for more info
Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680
Closes-Bug: 1706951
(cherry picked from commit 2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
|
|
Some boolean params are set to string type. Although it works, but
it is better to use boolean type for better validation. This patch
changes them to boolean type.
Change-Id: I9f1d223619ea14fbab26033b24eb1144796e5ef2
Closes-Bug: #1715209
(cherry picked from commit cab8ab1d342c6ffada3f2adea5834b4549240af5)
|
|
Nova patching parameters are available in nova.conf but are not
configurable from tripleo-heat-templates. Exposing these parameters
from Nuage composable services to make them configurable. It enables
setting the patching parameters in environment files. This change
depends on the addition of nova patching configuration parameters.
Change-Id: Iacad25da044f2bac83ee5f577ddcd70650eb61e5
Depends-On: I51ef3e19daff1d98cfe5c2c16475c16e6a3e3e0f
(cherry picked from commit f0041153eca8d82bb7f72dc68676cab8448ef037)
|