Age | Commit message (Collapse) | Author | Files | Lines |
|
When a service is enabled on multiple roles, the parameters for the
service will be global. This change enables an option to provide
role specific parameter to services and other templates.
Two new parameters - RoleName and RoleParameters, are added to the
service template. RoleName provides the role name of on which the
current instance of the service is being applied on. RoleParameters
provides the list of parameters which are configured specific to the
role in the environment file, like below:
parameters_default:
# Default value for applied to all roles
NovaReservedHostMemory: 2048
ComputeDpdkParameters:
# Applied only to ComputeDpdk role
NovaReservedHostMemory: 4096
In above sample, the cluster contains 2 roles - Compute, ComputeDpdk.
The values of ComputeDpdkParameters will be passed on to the templates
as RoleParameters while creating the stack for ComputeDpdk role. The
parameter which supports role specific configuration, should find the
parameter first in in the RoleParameters list, if not found, then the
default (for all roles) should be used.
Implements: blueprint tripleo-derive-parameters
Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
|
|
|
|
|
|
We dont need expirer unless we have collector and standard
storage enabled. Lets turn it off by default and make it
an optional service. In upgrade scenario, we will kill the
process and stop the expirer, unless explicitly enabled.
Change-Id: Icffb7d1bb2cf7bd61026be7d2dcfbd70cd3bcbda
|
|
|
|
Once puppet has written the initial fernet keys, if a deployer wants to
rotate them, the keys will be overwritten when another overcloud deploy
is executed (for instance, for updates or upgrades). This disables
replacing this keys via puppet, so now the operator can rotate the keys
out of band.
Change-Id: I01fd46ba7c5e0db12524095dc9fe29e90cb0de57
|
|
|
|
Change I5c8b0c4abfc0607f42fd3f2da9f5ef2702b1bbe1 introduced conditions
to optimize upgrade times and fix related bugs. Unfortunately the
conditional inclusion would have to be paired with support in depends_on
to work as we need. Currently we can hit this bug if the batch upgrade
steps are undefined for some role, but upgrade steps are definied:
The specified reference "ControllerUpgradeBatch_Step2" (in
ControllerUpgradeConfig_Step0) is incorrect.
To fix this we have to make the steps unconditional. This isn't fully
reverting the original change because that change also addressed
ordering issues.
Change-Id: I369591f4757c10142f5b455e64aa778e1a9a5611
Closes-Bug: #1689553
|
|
|
|
Via https://github.com/arioch/puppet-redis/pull/192 puppet-redis grew
ulimit support also for pacemaker managed redis instances. To be able to
use that we need to set redis::managed_by_cluster_manager to true.
We also allow redis::ulimit to be configurable and we set a default of
10420 which was the default value before the above change.
Change-Id: I06129870665d7d3bfa09057fd9f0a33a99f98397
Depends-On: I4ffccfe3e3ba862d445476c14c8f2cb267fa108d
Closes-Bug: #1688464
|
|
Change-Id: I2b23d92c85d5ecc889a7ee597b90e930bde9028e
Depends-On: I72f84e737b042ecfaabf5639c6164d46a072b423
|
|
|
|
|
|
|
|
|
|
This will enable those consuming the stack_update_type hieradata
set by this parameter to differentiate an update from a major upgrade
Change-Id: I38469f4b7d04165ea5371aeb0cbd2e9349d70c79
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This add openstack-nova-migration on the compute during the upgrade.
Closes-Bug: #1687081
Depends-on: Iab022bdfb655e3c52fecebf416e75c9e981072ab
Depends-on: I02dc8934521340f42ac44a7d16889f6d79620c33
Change-Id: I3db2a3188e538eeaef61769d38f0166545444cfe
|
|
Specify the allowed networks for migration ssh tunneling.
bp tripleo-cold-migration
Change-Id: Iab022bdfb655e3c52fecebf416e75c9e981072ab
Depends-on: Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293
|
|
|
|
By adding back the conditions we avoid the deployment of unneded
software configs on nodes where we don't have any upgrade task to
run, speeding up the upgrade process.
Related-Bug: #1679486
Related-Bug: #1678101
Change-Id: I5c8b0c4abfc0607f42fd3f2da9f5ef2702b1bbe1
|
|
Depends-On: I55ac06e1a561d29d7e1c928a1684989c9654b95d
Change-Id: Id29e96979b937593efe244f46ce2dd74df3aaa7f
|
|
By deafult, we let the data live for ever. Which isnt very efficient.
Lets expose params to tweak this and use a reasonable default.
Change-Id: I145fa73a7af9cb4135ba910d3659853b3baa893d
|
|
For performance reasons we might want to tweak this param
lets expose this via tripleo. The puppet changes were
added in this patch I5de5283d1b14e0bba63d6d9a440611914ba86ca4
Change-Id: I72f1fe3a47060fe37602a70b8a74fba72209127c
|
|
Instead of using the CA bundle, this sets the mysql client configuration
file to use a specific file for validating the certificate of the
database server. This helps in two ways:
* Improves performance since validation will check only one certificate.
* Improves security since we're only the certificates signed by one CA
are valid, instead of any certificate that the system trusts (which
could include potentially compromised public certs).
Change-Id: I46f7cb6da73715f8f331337e0161418450d5afd7
Depends-On: I75bdaf71d88d169e64687a180cb13c1f63418a0f
|
|
libvirt has its own parameter for setting the CA, however, if we have a
common CA for all services in the internal network (which we do), it's
more consistent to use the common parameter for configuring that CA
file.
The previous parameter was left in case the deployer wants to use a
specific CA file for the compute nodes.
Change-Id: I3d132d3d257d7ea9f43e49593f8509c3cd205ca5
|
|
Instead of using the CA bundle, this sets HAProxy to use a specific file
for validating the certificates of the services it's proxying. This
helps in two ways:
* Improves performance since validation will check only one certificate.
* Improves security since we're only the certificates signed by one CA
are valid, instead of any certificate that the system trusts (which
could include potentially compromised public certs).
Change-Id: Id6de045b3c93c82d37e0b0657c17a3108516016a
|
|
Change-Id: Ic218a753e0cede2ba3951bcaec843f487dce0c71
|
|
|
|
|
|
|
|
SnmpdBindHost will be useful for users who want to change the binding
options for SNMP daemon.
It has to be an array, and by the default the value is
['udp:161','udp6:[::1]:161'] like it was in puppet-tripleo profile.
Change-Id: Iccf0a8d35cc05d34272c078c97a5dddfb8e7d614
Closes-Bug: #1687628
|
|
Closes-Bug:1686619
Change-Id: I7c32ca39a456de9833d30c31d41fcb727d2b0a34
|
|
Change-Id: I26652afe0f513ec354c05570e7fa0e5b4b0ab669
|
|
Change-Id: Ia0e0a12e1863dce657d4e1c7f9894ea5bfd008be
|
|
Exporting the neutron::server parameter into the neutron_api service, so
Octavia API and Neutron Server can be separated.
Change-Id: Iee28b0e84a00bd589d6f14a73f0c3f32d310b393
Closes-Bug: #1687026
|
|
storage backend"
|
|
|
|
|
|
|
|
|
|
|
|
local"
|
|
It is required for a hybrid deployments
when WSGI based services running both at host and in containers, without conflicting default ports.
Partial-bug: #1686637
Co-authored-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: I9d0a5bb32337a6a8f1a4036f9560df79dfe1d90a
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
1) When Apache is upgraded, install mod_ssl rpm.
See https://bugs.launchpad.net/tripleo/+bug/1682448
to understand why we need mod_ssl.
2) All services that run Apache for API will use the snippet from
Apache service to deploy mod_ssl, so we don't duplicate the code
in all services. It's using the same mechanism as ovs upgrade to
compile upgrade_tasks between both services.
Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84
Closes-Bug: #1686503
|