Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch makes sure:
* When doing shared storage
Nova is configured with block_migration_flag and live_migration_flag = '(...),VIR_MIGRATE_TUNNELLED'
flag for security improvements.
* When not doing shared storage
Nova is not configured with VIR_MIGRATE_TUNNELLED flag because it's not
supported by Qemu yet. We need to make sure the value is unset otherwise
live migration will fail when not running shared storage for VMs.
Note: this patch will be backport to stable branches. In a further
iteration, we'll probably use live_migration_tunnelled new Nova
parameter which is a simplier way to manage this feature.
Co-Authored-By: Kashyap Chamarthy <kchamart@redhat.com>
Change-Id: I557c1624ee944a32b1831d504f7b189308cd1961
|
|
To deploy Ceph on IPv6, we need to enable ms_bind_ipv6 in addition
to passing the list of MON IPs in brackets.
Change-Id: I3644b8fc06458e68574afa5573f07442f0a09190
|
|
https://review.openstack.org/268356 can cause issues in IPv6
environments. It generates the following Hiera data:
nova::vncproxy::common::vncproxy_host: [2001:db8:fd00:1000::10]
which fails due to the brackets. Making sure there are no brackets
in nova_vncproxy_host makes it work for both the IP case and when
using DNS names.
Change-Id: Iafe18f042725eb9419d97cd674c4b9a1a895b187
|
|
Currently the vnc server on the compute nodes binds on 0.0.0.0.
which only works with IPv4 addresses, it breaks connectivity with
IPv6 addressing.
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1300678.
Change-Id: Id642d224fb3c62f786453dc684634adca1c2c09d
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
|
|
Change-Id: I9ed917f32b3de95beb234ade4819a8b96affe3e9
|
|
|
|
|
|
|
|
|
|
Adds Rabbit environment variable required for IPv6 only support
Change-Id: Iec209ca83a5b0708ac828c4afaf9d2222e597f24
|
|
|
|
|
|
Previously we used to always set CinderISCSIHelper to lioadm from
the client. With [1] we aim at cleaning up the client from any
default so this change move the actual default into the templates.
1. Iabc94ad1cce6f1744429aca9f866a59a698f5680
Change-Id: I662e4b0e3cf909ec2583d087ca1d246715caf0f7
Related-Bug: 1554564
|
|
|
|
It has been observed that on large clouds the netdev backlog
buffer might overflow. This change increases the default by ten
times.
The /proc/net/softnet_stat file contains a counter in the 2nd
column that is incremented when the netdev backlog queue overflows.
If this value is incrementing over time, then netdev_max_backlog
needs to be increased [1].
[1]. https://bugzilla.redhat.com/show_bug.cgi?id=1283676
Change-Id: Iec12324fd3a24e8b608b1e1849c270cc24cb0e60
|
|
|
|
Adds an option to toggle whether events are stored in Ceilometer.
The default is false and remains unchanged.
Change-Id: I9accb679b97cf7172c67f3cd5f218bdaee507c94
Related-Bug: rhbz#1312373
|
|
|
|
In order for instance HA to function safely, nova-compute needs access
to the name by which nova knows the current compute node.
Since the names of the nova-compute and neutron ml2 agents must be the
same for vif binding to work, it also sets the host value in
neutron.conf.
Change-Id: I7d07c57b7276815c72d08acaa86f673e43eb0498
|
|
|
|
|
|
|
|
|
|
|
|
As discussed at https://bugzilla.redhat.com/show_bug.cgi?id=1299265
when providing a list of IPv6 addresses as the memcache_node_ips
the resulting nova.conf entry can't be parsed properly.
This adds a memcache_node_ips_v6 which has the required format like
inet6:[ADDR1],inet6:[ADDR2],inet6:[ADDR3]
Closes-Bug: 1536103
Change-Id: I7f95fa063cbba279c4c2e270841f0a279d2be2f6
|
|
The swift device string is formatted in the outputs of the
controller template and swift-storage templates.
For ipv6 we need to delimit the address with [] as discussed in
https://bugzilla.redhat.com/show_bug.cgi?id=1296701#c0
Change-Id: Ie611d62c3668a65a7be52777a613d265682c6a8b
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Closes-Bug: 1534135
|
|
This just a revert to see if reverting this gets back to a normal CI run time.
This reverts commit f72aed85594f223b6f888e6d0af3c880ea581a66.
Change-Id: I04a0893f6cf69f547a4db26261005e580e1fc90b
|
|
We'll use /32 for IPv4, the default pacemaker was already using.
Change-Id: Iab584c3e50efc3ecc0ec87bb080bf2d5d802199d
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
|
|
To enable IPv6 in Corosync, you'll need to set the --ipv6 parameter when
building the cluster.
To do so, we need to specify this parameter in puppet configuration when
running ::pacemaker::corosync class.
So we have now a new parameter: CorosyncIPv6 which is a boolean, False
by default. If set to True, it will pass right options to enable IPv6
when building the Pacemaker cluster.
Change-Id: I485f1399964ddd7a201ed19ec6580b8a136b3acd
|
|
|
|
Previously we were always appending the :port suffix to the list
of rabbitmq nodes but the syntax was invalid for IPv6.
This change wires rabbit_hosts from the templates as it happens
already for the other services. Port can be customized using
rabbit_port.
Change-Id: Iecc7a97d46d7de17e85398c57996c104c9125b0e
|
|
Without this the nova_api and sahara database_connection string won't
add brackets around the IP address, when IPv6, causing db sync to fail.
Change-Id: I262e5de993ae59ad665edb043119aac2e09c6fdc
|
|
|
|
|
|
This is necessary to keep creating the Default domain.
Change-Id: Ib9911819e89f30270d4f7597639b33f30ad2e3a6
Closes-Bug: #1549867
|
|
|
|
This change adds a new set of network templates with IPv6 subnets
that can be used instead of the existing IPv4 networks. Each network
can use either the IPv4 or IPv6 template, and the Neutron subnet will
be created with the specified IP version.
The default addresses used for the IPv6 networks use the fd00::/8
prefix for the internal isolated networks (this range is reserved
for private use similar to 10.0.0.0/8), and 2001:db8:fd00:1000::/64
is used as an example default for the External network
(2001:db8::/32 are the documentation addresses [RFC3849]), but this
would ordinarily be a globally addressable subnet. These
parameters may be overridden in an environment file.
This change will require updates to the OpenStack Puppet
Modules to support IPv6 addresses in some of the hieradata values.
Many of the OPM modules already have IPv6 support to support IPv6
deployments in Packstack, but some OPM packages that apply only to
Instack/TripleO deployments need to be updated.
IPv6 addresses used in URLs need to be surrounded by brackets in
order to differentiate IP address from port number. This change
adds a new output to the network/ports resources for
ip_address_uri, which is an IP address with brackets in the case
of IPv6, and a raw IP address without brackets for IPv4 ports.
This change also updates some URLs which are constructed in Heat.
This has been tested and problems were found with Puppet not
accepting IPv6 addresses. This is addressed in the latest Puppet.
Additional changes were required to make this work with Ceph.
IPv6 tunnel endpoints with Open vSwitch are not yet supported
(although support is coming soon), so this review leaves the
Tenant network as an isolated IPv4 network for the time being.
Change-Id: Ie7a742bdf1db533edda2998a53d28528f80ef8e2
|
|
Id3d4f12235501ae77200430a2dc022f378dce336 added support for pre-allocated
IPs on the other overlay networks, but because the patch adding the
managment network (I0813a13f60a4f797be04b34258a2cffa9ea7e84f) was
under review around the same time, we missed adding the from_pool
capability to the ManagementNetwork.
Change-Id: If99f37634d5da7e7fb7cfc31232e926bd5ff074a
|
|
|
|
Fixed the heat_template_version of these YAML files to the liberty
release version according to HOT template specs.
Change-Id: Ic5e0d843f7e164c59fb1737e52ef4cf6ad4df77f
|
|
Ceilometer Alarm is deprecated in Liberty by Aodh.
This patch:
* manage Aodh Keystone resources
* deploy Aodh API under WSGI, Notifier, Listener and Evaluator
* manage new parameters to customize Aodh deployment
* uses ceilometer DB for the upgrade path
* pacemaker config
Depends-On: I9e34485285829884d9c954b804e3bdd5d6e31635
Depends-On: I891985da9248a88c6ce2df1dd186881f582605ee
Depends-On: Ied8ba5985f43a5c5b3be5b35a091aef6ed86572f
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com>
Change-Id: I58d419173e80d2462accf7324c987c71420fd5f6
|
|
|
|
|
|
|
|
|
|
With the move of keystone under wsgi and httpd, all openstack services received an
ordering constraint on the 'httpd' service (which now exposes keystone and horizon).
Since this is not only a layering violation, but it also removes the ability to
restart keystone (httpd) without having to restart all dependent services, we introduce
a dummy 'openstack-core' service which all other services depend on and we make also
keystone (httpd) depend on it.
The previous constraint ordering graph can be found here:
http://acksyn.org/files/tripleo/wsgi-2016-02-24-cib.pdf
Whereas after this change we have the following ordering graph:
http://acksyn.org/files/tripleo/wsgi-openstack-core.pdf
Once this is agreed upon, we can start working on fixing the upgrade path
from Liberty.
This fixes RHBZ#1290121
Closes bug: 1537885
Change-Id: Ie26908ac9bfc0b84b6b65ae3bda711236b03d9d4
|
|
Because Overcloud Keystone resources are not managed by puppet-keystone
but by os-cloud-config, we need to let os-cloud-config managing keystone
bootstrap otherwise the Exec will fail since some data is already in
place.
Later, when Keystone resources will be managed by Puppet, drop this
parameter, because puppet-keystone is able to manage the boostrap
itself.
Change-Id: I027deaae5cf90c27a6b5e9d236ae61145cab3c3f
Closes-Bug: #1551501
|
|
Due to fix: https://bugs.launchpad.net/networking-cisco/+bug/1469839,
the replay count parameter is no longer used. This needs to be
reflected in the Triple O templates.
Change-Id: I666c4394108287adcb4989e897ab3936667a602b
Closes-bug: #1551387
|
|
Adds missing configuration which allows overcloud nodes to be
polled by undercloud node.
One would have expected the snmp::snmpv3_user call to create the
missing configuration line. But as noted in this bug, it does not:
https://github.com/razorsedge/puppet-snmp/issues/9
Fixes BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1223278
Change-Id: Ieb2d612a27a938b45056bd37176f44cb55543d75
Closes-Bug: 1532700
|
|
|