Age | Commit message (Collapse) | Author | Files | Lines |
|
This commit ensures we are not using any deprecated parameters for
nova::network::neutron and are using the right variable names.
Change-Id: Ic1b41e2cdbb6b180496822cc363c433e9388aa02
|
|
|
|
|
|
By configuring the Cinder 'host' setting via the appropriate class
param instead of cinder_config we don't risk to override it if the
user is to pass additional config settings using cinder_config in
ExtraConfig.
Change-Id: Idf33d87e08355b5b4369ccb0001db8d4c3b4c20f
|
|
|
|
|
|
|
|
This change adds puppet hieradata settings which disable IPv6
autoconfiguration and accept_ra by default on all interfaces.
When IPv6 is used, the interfaces are individually enabled and
configured with static IP addresses.
The networking on the compute host needs to be completely
separate from the tenant networking, in order to safeguard the
compute host and isolate tenant traffic. This change disables
IPv6 autoconfiguration and acceptance of RAs by default on
interfaces unless specifically enabled.
Without these settings, IPv6 is enabled on all interfaces, as well
as autoconfiguration and accept_ra, so when the compute host
creates a bridge interface for the router (qbr-<ID>), the
compute node will automatically assign an IPv6 address and will
install a default IPv6 route on the bridge interface when it
receives the RAs from the Neutron router.
The change to turn off autoconfiguration means that interfaces
will not self-assign an IPv6 address, and the change to not accept
RAs is a security hardening feature. This requires that a
static gateway address be declared in the network environment
in the parameter ExternalNetworkDefaultRoute. Alternately, sysctl
can be modified to change the accept_ra behavior for specific
interfaces.
Change-Id: I8a8d311a14b41baf6e7e1b8ce26a63abc2eaabef
Closes-bug: 1544296
|
|
|
|
|
|
This change adds the TripleO Heat Parameters and Puppet hieradata
to support setting the MTU for Neutron tenant networks. A new
parameter, NeutronTenantMtu is introduced, and this gets used for
the NeutronDnsmasqOptions and in Puppet hieradata.
NeutronTenantMtu is also used in the Puppet hieradata for both the
compute and control nodes. Two values are set:
nova::compute::network_device_mtu
which sets /etc/nova/nova.conf: network_device_mtu = <NeutronTenantMtu>
neutron::network_device_mtu
which sets in /etc/neutron/neutron.conf:
network_device_mtu = <NeutronTenantMtu>
finally, the NeutronDnsmasqOptions parameter becomes a str_format
that maps the NeutronTenantMtu onto the DHCP options,
so a default of 'dhcp-option-force=26,%MTU%' would be formatted to
'dhcp-option-force=26,1300' if NeutronTenantMtu were 1300.
This will set dnsmasq to serve an MTU via DHCP that matches the
NeutronTenantMtu:
/etc/neutron/dnsmasq-neutron.conf:dhcp-option-force=26,1300
Typically, you would change all three of these settings to use small
or jumbo frames in VMs. When using tunneling, NeutronTenantMtu
should be set at least 50 bytes smaller than the physical network
MTU in order to make room for tunneling overhead.
Note that this change does not support setting the MTU on veth
interfaces if veth patches are used to br-int instead of OVS
patches.
Change-Id: I38840e082ee01dc3b6fc78e1dd97f53fa4e63039
|
|
|
|
Currently the permissions for the CA file that is injected (if the
environment is set), doesn't permit users that don't belong to the group
that owns the file to read it. This is too restrictive and isn't
necessary, as the certificate should be public.
This is useful in the case where we want a service that can't read the
certificate chain (or bundle) to be able to read that CA certificate.
This is the case for the MariaDB version that is being used in CentOS
7.1 for example.
Change-Id: I6ff59326a5570670c031b448fb0ffd8dfbd8b025
|
|
|
|
|
|
We were incorrectly wiring the rbd user to the relevant glance
module parameter, making it was impossible to customize the
rbd user when using an external Ceph.
Change-Id: Ibe4eaedf986a9077f869c6530381e69ee0281f5b
|
|
|
|
|
|
This hieradata key, neutron::agents::ml2::ovs:bridge_mappings was
missing a : before bridge_mappings causing the value to be blank in
/etc/neutron/plugins/ml2/openvswitch_agent.ini even if a value had been
specified.
Change-Id: I377565d3fb821be1bb2dc7d92ec1ad25a4a3b1f1
|
|
|
|
As per conversation in [1], these settings should have probably never
been there.
1. https://bugzilla.redhat.com/show_bug.cgi?id=1262409
Change-Id: I116f825ba0fe3e4faac8dd347bb087e1b4c70e57
|
|
|
|
|
|
|
|
|
|
|
|
This enables the creation of the nova_api database that is now
mandatory since https://review.openstack.org/#/c/245828/
Change-Id: Ia8242f23864ebb14ccf858a77ba754059e9c2d4a
Related-Bug: #1539793
|
|
|
|
For both HA & non-HA scenarios, switch puppet-keystone configuration to
be run in a WSGI process instead of eventlet.
WSGI is the way to go for scaling Keystone, moreover, eventlet won't be
support in next OpenStack releases.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Depends-On: I22a348c298ff44f616b2e898f4872eddea040239
Change-Id: I862b4a68f43347564ec3c0ddc4ec9e1d1c755cf2
Signed-off-by: Jason Guiditta <jguiditt@redhat.com>
|
|
During high load, the default limit of the kernel connection tracking
table (65536) is often too low, resuling in error messages such as:
kernel: nf_conntrack: table full, dropping packet
This patch increases the limit to 500,000.
Since the nf_conntrack kernel module is not always loaded by default, it also
adds a mechanism to load kernel modules via hieradata using the kmod puppet
module. In order to express the needed dependency in puppet that kernel modules
are loaded before sysctl settings are applied, the Exec resources tagged with
'kmod::load' are specified in a resource collector to express that that Exec
resources with the tag should run before Sysctl resources.
Depends-On: I59cc2280ebae315af38fb5008e6ee0073195ae51
Change-Id: Iffa0a77852729786b69945c1e72bc90ad57ce3bb
|
|
Updated the setting for the dell storage center
api port to the right variable name ::dell_sc_api_port
Change-Id: I67a7533469947355629b6cb54b79759e21e0ec55
|
|
|
|
This change will set a common value for 'host' across all
controllers. We missed to do so for the NFS backend previously.
It will still be possible to set a different per-backend 'host'
value by providing it via ExtraData.
Change-Id: I00fd05660a15be3611e1a394650be6ab713670f9
|
|
The name of the variable ::eqlx_pool had a typo. Fixed it
Change-Id: I83a94d4bccf9c9a60c7b37473ae8a64ac050671c
|
|
|
|
When we utilise images for deployment, the iSCSI initiator name
is not unique, leading to problems with live migration. This
patch simply updates the iSCSI initiator name to a unique ID
randomly generated by iscsi-iname.
https://bugzilla.redhat.com/show_bug.cgi?id=1244328
Change-Id: I170e7f45f67fa8ce70436f24807d1ed7808f2c32
|
|
We get false negatives from Tempest when the Cinder LVM backing
file runs out space. This change increases its default size to 10G,
matching devstack [1]
1. https://github.com/openstack-dev/devstack/blob/master/stackrc#L649
Change-Id: Ia334ea481e17c1d35aa67c33729cac6570f48199
|
|
This was being silently ignored by the mysql puppet module
prior to this commit.[1] However, now that empty values are
allowed, the overcloud deploy fails because the option
--wsrep_notify_cmd requires an argument.
This is not currently failing on master because we are
pinned to an old puppet-mysql. We will need to remove that
pin in order to get on a newer delorean repo though. Also,
this is breaking stable/liberty HA job because we use the
packaged OPM there.
[1] https://github.com/puppetlabs/puppetlabs-mysql/commit/e30e0bc958761890ea4f06cdd3f1fc7242a00fe2
Change-Id: I9e07efe1650831e81e9a783428554578874aa765
Closes-Bug: 1537720
|
|
Change-Id: Ifd750e634812dae2b7945cbe2f35f98d8a82695e
Depends-On: If88dcdf9f4905e2a792b2fdc656eab51c85f637e
|
|
|
|
|
|
The 'router_delete_namespaces' (L3 agent) and 'dhcp_delete_namespaces'
(DHCP agent) configuration settings default to false OpenStack Neutron
resulting in network namespaces not being deleted when
no longer needed. Disabling automatic namespace cleanup was appropriate
for older Linux distributions but is no longer required.
TripleO should set the values to true.
Change-Id: I39e1a347d24ecc99b6f878807c47103c4b3f85e1
|
|
|
|
|
|
|
|
Including ::neutron::config on the controller and compute roles
will allow ad-hoc (non-puppet managed) settings to be made in all
the various neutron config files using Hiera.
Change-Id: Ifadc77cdcb60b7075d091d778cb92b0dd75bd949
|
|
Including ::cinder::config on controller, and volume roles
will allow ad-hoc (non-puppet managed) settings to be
made in the cinder.conf using Hiera.
Change-Id: I519aff02e3cfb7fbf57e89c7a139564df42f8967
|
|
Including ::heat::config on the controller roles will allow
ad-hoc (non-puppet managed) settings to be made in the
heat config file using Hiera.
Change-Id: I80a39b798869ac330ea8a4d01699f5db47c93d47
|
|
Including ::glance::config on glance roles will allow ad-hoc
(non-puppet managed) settings to be made in the
glance config files using Hiera.
Change-Id: I7c86ae0e8f1a0a2b46d526598964454cb80319a6
|
|
Including ::ceph::conf on ceph roles will allow ad-hoc
(non-puppet managed) settings to be made in the
ceph.conf using Hiera.
Change-Id: I656a0ecde465023d7afad9371aa3c5c270078a67
|