summaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-11-02Add NetIpMap to hieradata for *ExtraConfig overridesSteven Hardy1-0/+2
To enable per-node override of bind IPs via the per-role ExtraConfig paramaters, we need to enable hiera interpolation that references the keys defined in NetIpMap, so we add them to the hieradata. To minimise the risk of any conflicts in keynames it's added near the bottom of the hierarchy, but I'm not aware of any conflicting names in our templates/modules. This will allow per-node hieradata override of bind IPs e.g: parameter_defaults: ComputeRack1ExtraConfig: nova::vncproxy::host: "%{hiera('rack1_internal_api')}" ComputeRack2ExtraConfig: nova::vncproxy::host: "%{hiera('rack2_internal_api')}" Closes-Bug: #1726884 Change-Id: Icf7da1d78176c2ee0197ff2459d69d995cbb16ad (cherry picked from commit 65a8b65754d2ea77ec2396658d4e73eb837d34bd)
2017-11-02Merge "Switch RabbitFDLimit to a Puppet integer" into stable/pikeZuul1-1/+1
2017-11-02Merge "Enable neutron-lbaasv2 UI in Horizon" into stable/pikeZuul1-0/+3
2017-10-30Set verbosity by default for memcachedJuan Antonio Osorio Robles1-0/+1
This sets of one level of verbosity for memcached by default. This allows us to see any errors or warnings in the logs. Change-Id: Icc6f56c9e0ee6100286d07c8b6660a08baabb241 Related-Bug: #1720183 (cherry picked from commit 15ad21ba08e92b302318bdc34112601ce666ff35)
2017-10-26Enable neutron-lbaasv2 UI in HorizonCédric Jeanneret1-0/+3
Change-Id: I4a09343c59da86daf4e6f00a59f7734c8adb209f Depends-On: I66839e2c42e654a02e5409c6137e479cfb7b385f Partial-Bug: 1724471 (cherry picked from commit 97879c3ce6dcf06908180a06147bd386580ed5ae)
2017-10-19Merge "Remove Heat Cloudwatch API during upgrade and disable by default" ↵Zuul1-0/+48
into stable/pike
2017-10-17Remove Heat Cloudwatch API during upgrade and disable by defaultmarios1-0/+48
This adds a heat-api-cloudwatch-disabled.yaml and wires it up in the resource registry. During the Ocata to Pike upgrade this service will thus be stopped and disabled by default. If you wish to keep the Heat Cloudwatch API then you should instead use the provided heat-api-cloudwatch.yaml environment file. Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6 Related-Bug: 1713531 (cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)
2017-10-16Switch RabbitFDLimit to a Puppet integerEmilien Macchi1-1/+1
Type changed in: https://github.com/voxpupuli/puppet-rabbitmq/commit/20d159dc6f08357bca4b01fdbe3521e4dc56f634 We need to update it otherwise we get a Puppet error. Change-Id: If03b7363295f1f529b7acf4a008ff63da8fef173 Closes-Bug: #1723665 (cherry picked from commit 24c756616c7a489e9bf43b6c5974e400815462ea)
2017-10-11Fix some missed hard-coded network referencesSteven Hardy1-30/+8
These got missed in the refactoring to support composable networks. Change-Id: I5c97df08ae84e9c383175687428fb00143d171ff Closes-Bug: #1720849 (cherry picked from commit ef1768e40c3a6c58a22381a4546772f571bee5cc)
2017-10-10Merge "Adds pacemaker update_tasks for Pike minor update workflow" into ↵Jenkins2-1/+20
stable/pike
2017-10-10Merge "Fix cold/live migration network config" into stable/pikeJenkins2-3/+10
2017-10-09Adds pacemaker update_tasks for Pike minor update workflowmarios2-1/+20
Adds update_tasks for the minor update workflow. These will be collected into playbooks during an initial 'update init' heat stack update and then invoked later by the operator as ansible playbooks. Current understanding/workflow: Step=1: stop the cluster on the updated node Step=2: Pull the latest image and retag the it pcmklatest Step=3: yum upgrade happens on the host Step=4: Restart the cluster on the node Step=5: Verification: test pacemaker services are running. https://etherpad.openstack.org/p/tripleo-pike-updates-upgrades Related-Bug: 1715557 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com> Change-Id: I101e0f5d221045fbf94fb9dc11a2f30706843806 (cherry picked from commit a953bda0ae615dc44d3e8a70aa7ab0160e26f3af)
2017-10-09Special treatment for os-net-config upgrade.Sofer Athlan-Guyot1-0/+9
We make sure to run upgrade and run os-net-config on its own. Running os-net-config with the no-activate option will - prevent the restart of the interface - adjust the network files to the expected configuration so that next run won't restart the network. Eventually at next reboot the change will be taken into account. Currently we have no change that are required to be taken live during the upgrade so it safe to ignore the new parameters. Closes-Bug: #1721073 Change-Id: I51464274d5dff8a267992ae303ac3517b78d08fb (cherry picked from commit 5aab25bb68f62b0d7e4ffdc20d4f4da1d82a76db)
2017-10-09Fix cold/live migration network configOliver Walsh2-3/+10
Cold migration network is determined by the value of my_ip in nova.conf. If this isn't set then the network with the default gateway will be used. This patch sets my_ip and the whitelisted IP for cold migation over SSH to the NovaApiNetwork. Until https://bugs.launchpad.net/nova/+bug/1671288 is fixed we cannot control the network used for live migration over SSH. It is determined by hostname resolution. This patch sets the whitelisted IP for live migration over SSH to the hostname resolution network for the role - which is typically the same as NovaApiNetwork. (NB The puppet manifest will remove duplicates). Live migration over TLS is not affected. It can control the network used so it configurable via NovaLibvirtNetwork. Change-Id: Ica3f79d6d0cfae446e276172146f3a9407f2971f Depends-On: Id22a6c990f424b9f3ca6159088540ea207460ffd (cherry picked from commit 23331889a577b82b625610a80ecd44e164fe6cf1)
2017-10-07Merge "Default Ceph pg_num and pgp_num to 128" into stable/pikeJenkins1-2/+2
2017-10-07Merge "Support for Ocata-Pike live-migration over ssh" into stable/pikeJenkins3-2/+13
2017-10-07Merge "Bump fs.inotify.max_user_instances for scale" into stable/pikeJenkins1-0/+9
2017-10-07Merge "Drop extraconfig for nova-nuage" into stable/pikeJenkins2-92/+43
2017-10-07Support for Ocata-Pike live-migration over sshOliver Walsh3-2/+13
In Ocata all live-migration over ssh is performed on the default ssh port (22). In Pike the containerized live-migration over ssh is on port 2022 as the docker host's sshd is using port 22. To allow live migration during upgrade we need to temporarily pin the Pike computes to port 22 and in the final converge we can switch over to port 2022. This also changes the default port to 2022 for baremetal computes in Pike to enable live-migration between baremetal and containerized computes. Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1 Depends-On: I0b80b81711f683be539939e7d084365ff63546d3 Closes-Bug: 1714171 (cherry picked from commit 17fd16b9f266e1aa67bf03ebdf309e89d668ada2)
2017-10-07Default Ceph pg_num and pgp_num to 128Giulio Fidente1-2/+2
As per Ceph docs [1] we should default pg_num and pgp_num to 128 when using less than 5 OSDs. This same change was applied to the ceph-ansible profiles with [2]. Also updates the CI environment files to continue using 32 where we deploy a single OSD. 1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/ 2. Ibd9fb23e04576e95e24af58f856663397886a947 Change-Id: I1920bc8f5251f362af38ad3bd6f46dda42c6ee93 Closes-Bug: #1718756 (cherry picked from commit e17ae7620e03790da0d29092ab42e8089b2e8d11)
2017-10-04Bump fs.inotify.max_user_instances for scaleSai Sindhur Malleni1-0/+9
Since each dnsmasq process consumes one inotify socket, the default value of fs.inotify.max_user_instances which is 128 lets us scale to only around a 116 neutron subnets (a few other sockets are used by other processes on the system). Since, we need to provide better defaults, this patch proposes to bump this value to 1024 by default, while giving the user a way to cahnge it. Based on https://unix.stackexchange.com/a/13757 each inotify watch takes 1KB of memory and we have fs.inotify.max_user_watches set to 8192 by default. This means that even in the worst case we won't be using more than 8MB of memory. Bumping the fs.inotify.max_user_instances value to 1024 is safe because there is fs.inotify.max_user_watches which caps the total number of files that can be watched by all the inotify instances a user has. Related Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1474515 https://bugzilla.redhat.com/show_bug.cgi?id=1491505 Change-Id: I39664312bf6cf06f1e1ca2e86ffd86fb9a4582ad Closes-Bug: 1718266 (cherry picked from commit d2d0c3ff00de9b62382193d942239d543aa9499f)
2017-09-25Fixes missing keystone authtoken pw for TackerTim Rozet1-0/+1
Closes-Bug: 1718997 Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 253d9b9107aa158af5bcdafe510ecd96658ef137)
2017-09-25Merge "Rename service_workflow_tasks into workflow_tasks" into stable/pikeJenkins1-2/+2
2017-09-21Merge "Adds post_upgrade_tasks for any service post-upgrade ansible tasks" ↵Jenkins1-14/+6
into stable/pike
2017-09-21Merge "Make nova patching parameters configurable in Nuage" into stable/pikeJenkins1-0/+12
2017-09-20Adds post_upgrade_tasks for any service post-upgrade ansible tasksmarios1-14/+6
This adds a new config/deployment per role that will come after any post deploy steps. It drives the same ansible config as the upgrade_tasks but instead collects the post_upgrade_tasks for any service in the given role. The workflow is upgrade_tasks, then post deploy steps (either puppet/ or docker/ depending on the env) and then the post_upgrade_tasks added here. This is added to the pacemaker/cinder-volume.yaml service for now see the bug below for more info Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680 Closes-Bug: 1706951 (cherry picked from commit 2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
2017-09-19Change to boolean for boolean type paramsTong Liu2-2/+2
Some boolean params are set to string type. Although it works, but it is better to use boolean type for better validation. This patch changes them to boolean type. Change-Id: I9f1d223619ea14fbab26033b24eb1144796e5ef2 Closes-Bug: #1715209 (cherry picked from commit cab8ab1d342c6ffada3f2adea5834b4549240af5)
2017-09-14Make nova patching parameters configurable in NuageLokesh Jain1-0/+12
Nova patching parameters are available in nova.conf but are not configurable from tripleo-heat-templates. Exposing these parameters from Nuage composable services to make them configurable. It enables setting the patching parameters in environment files. This change depends on the addition of nova patching configuration parameters. Change-Id: Iacad25da044f2bac83ee5f577ddcd70650eb61e5 Depends-On: I51ef3e19daff1d98cfe5c2c16475c16e6a3e3e0f (cherry picked from commit f0041153eca8d82bb7f72dc68676cab8448ef037)
2017-09-14Rename service_workflow_tasks into workflow_tasksGiulio Fidente1-2/+2
Using the service_ prefix seems incoherent with its use in service_config_settings (vs config_settings). Change-Id: Ia39f181415bee0071409dabddfa0c5c312915e1f (cherry picked from commit 09137304b98a02ed024c0288da907cfe35ca5fe1)
2017-09-12Drop extraconfig for nova-nuageVineet Paul2-92/+43
Made the Compute as a composable service with Nuage. Moved all the Nuage specific parameters from extraconfig to be part of this service. Change-Id: Ic83e9c18d09fbba62bb5d8a12e28a23127f4197d (cherry picked from commit 4b1276b8f6fec22ac3764d58c4ef647535c85cb9)
2017-09-12Merge "Fixes OpenDaylight updating port status" into stable/pikeJenkins1-0/+1
2017-09-11Add DhcpAgentNotification param to neutron baseTong Liu1-0/+5
Add DhcpAgentNotification param in neutron base yaml file to allow user to toggle dhcp_agent_notification for neutron. Change-Id: I31715f58e885ac0c1cd9d813f79df9906b780d99 Closes-Bug: #1713193 (cherry picked from commit 5ea728cba456f3833a626f86043f17427bca5d4f)
2017-09-11Merge "Add Neutron SR-IOV agent container" into stable/pikeJenkins2-0/+92
2017-09-08Fixes OpenDaylight updating port statusTim Rozet1-0/+1
ODL now uses a websocket port to update the port status to Neutron. This port (8185) was blocked so port updates were never received in Neutron and instances would not come up properly. This patch opens the port for ODL deployments. Closes-Bug: 1715484 Change-Id: Ic59b224c67c02b56b0273700e8e2aa85ae6f8c88 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit e2558c4a665345e67fcc784c21188bdf06ff1126)
2017-09-08Merge "Maintain ceph-osd package only on nodes hosting CephOSD service" into ↵Jenkins1-1/+6
stable/pike
2017-09-07Merge "Add tags in upgrade_tasks for mongodb services." into stable/pikeJenkins1-0/+1
2017-09-07Merge "fluentd: log configuration was not generated correctly" into stable/pikeJenkins1-6/+0
2017-09-07Add tags in upgrade_tasks for mongodb services.Jose Luis Franco Arza1-0/+1
Patch Ie09ce2a52128eef157e4d768c1c4776fc49f2324 added a new set of upgrade tasks which were missing the 'tags' keyword. Closes-Bug: 1715631 Change-Id: Ib1c1aadfbf58c9bccc18667934c8b3c5f38fafa4 (cherry picked from commit 7897d38274cb6435289bc4f4928f96b111e5b4f4)
2017-09-07Add Neutron SR-IOV agent containerBrent Eagles2-0/+92
This patch adds support for running the neutron SR-IOV agent in a container. Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935 Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec Closes-Bug: #1715388 Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9 (cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)
2017-09-07Merge "Use DeployedSSLCertificatePath for public TLS via certmonger" into ↵Jenkins1-10/+7
stable/pike
2017-09-07Merge "Containerized mongodb, disable by default, fix upgrade" into stable/pikeJenkins1-0/+4
2017-09-07Merge "Change all references of nsx_v3 to nsx." into stable/pikeJenkins1-9/+9
2017-09-07Use DeployedSSLCertificatePath for public TLS via certmongerJuan Antonio Osorio Robles1-10/+7
As described in the bug report, DeployedSSLCertificatePath is used by the TLS injection script (if you decide to use that). There is an alternative, which is to use FreeIPA to provide the certificate for public TLS (powered by certmonger); however, it doesn't use the same path as what folks expected. This reuses the DeployedSSLCertificatePath parameter and uses that as a path for the resulting PEM file, so its easier to debug. Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d Closes-Bug: #1714932 (cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)
2017-09-07Maintain ceph-osd package only on nodes hosting CephOSD serviceAlan Bishop1-1/+6
The ceph-osd package is only required on nodes hosting the CephOSD service, but the package's presence on other nodes may interfere with software updates. That's because some distros distribute Ceph software in different channels, and not all nodes have access to the ceph-osd channel. There are two parts to the fix, and the first is an enhancement to the yum update process. The process detects when the ceph-osd package is not required, and removes the package from the node. The second part takes ceph-osd out of the default list of packages needed by puppet-ceph. The ceph-osd package is listed only on the nodes hosting the CephOSD service. Closes-Bug: #1713292 Change-Id: I7a581518ed25cf5f264abfaabfcf2041363a065b (cherry picked from commit 5a89ea21f2add98119a10464b020a98999d31c41)
2017-09-07fluentd: log configuration was not generated correctlyLars Kellogg-Stedman1-6/+0
fluentd hiera elements were being set in all_nodes.json, but then were overwritten by values in <role>.json (e.g., controller.json). This commit removes the values from all-nodes.json and ensures that they are set correctly in <role>.json. Closes-Bug: #1713240 Change-Id: I2b4c74c2a807f8e2fed57112f06b3791701bbe95 (cherry picked from commit d9db0c5f4f0fb07832e54b1c7fd7f5c8bfd4134e)
2017-09-06Merge "Add param to configure snat mechanism" into stable/pikeJenkins1-0/+9
2017-09-06Merge "TLS proxy for redis" into stable/pikeJenkins3-2/+70
2017-09-06Change all references of nsx_v3 to nsx.Jay Jahns1-9/+9
Change-Id: I31c49926b0ba93f79db3d778c574bd9a480e70cd Closes-Bug: #1713193 Depends-On: Id73f675844b0df2eafa45507d1c28f16cd0b15b2
2017-09-06Add param to configure snat mechanismJanki Chhatbar1-0/+9
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726 Closes-Bug: #1710614 (cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
2017-09-06Merge "Rabbitmq: Enable Erlang distribution TLS" into stable/pikeJenkins1-0/+1