Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
Ironic will soon refuse to start when at least some value is not provided.
Unfortunately, we do not create any overcloud[*] networks during deployment.
Fortunately, Ironic does not validate this value until actual cleaning. So,
this change sets it to "provisioning", which is what people often use.
An update will follow to the documentation to recommend this name:
http://tripleo.org/advanced_deployment/baremetal_overcloud.html#configuring-cleaning
A new parameter is created for this value, with a reminded to change it to
an actual UUID later on. While a pre-defined name will work in a simplest case,
in a real multi-tenant deployment a network name conflict is possible.
Using a UUID is safer in this regard.
[*] networks created in overcloud neutron
Change-Id: I1b7dc2ff70d3b76f19a183a60e88cf72f6d2a318
Closes-Bug: #1661082
|
|
Currently we don't correctly disable the batch_upgrade_tasks, so
rework the loops to ensure we only create the batch deployments
for roles which enabled upgrades.
Note this modifies some loop whitespace too which cleans up the
rendered output and makes it a bit more readable/compact.
Change-Id: I1c257dcc351e99efa54f9cae4b3009287908756e
Partially-Renders: blueprint overcloud-upgrades-per-service
|
|
We don't need all the steps currently enabled for either batched
or concurrent updates, so decrease them. In future we can perhaps
introspect the task tags during plan creation and set these
dynamically.
Change-Id: I0358886a332dfbecd03bc4a67086b08d25756c22
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
We should enable each kind of upgrade per role, not per step
so rework the conditions, and also only apply it to the deployment
(to save the round-trip to the nodes applying an empty config)
but don't disable the *Config resources as the overhead of these
is small, and we reference the Step1 config in the outputs, even
if it's empty.
Change-Id: Iee2f1fb5b1d8b0b6001c6ab0f2a4ef2858cef281
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
Where the role has disabled upgrades, we need to skip both the ansible and
puppet steps. To do this we refactor the post.j2.yaml so that it can be
included in the upgrade template with an adjusted list of roles.
Note this requires https://review.openstack.org/#/c/425220/ - this
change will be required for local testing of this patch
(run mistral-db-mange populate after updating tripleo-common
and restart the mistral services, or update your repos and re-run
openstack undercloud install).
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: Ie7d0fa6fef3528bd93e6cde076b964ea8de3185a
|
|
This change fixes the item variable notation in
puppet/services/ceph-osd.yaml.
Change-Id: I4d105619e4ac913b4a711bf91fea5f6e3c9b4caa
Closes-Bug: 1661339
|
|
|
|
|
|
|
|
This adds an entry for libvirt (which is used by the VNC server) on
which we can tell it via t-h-t on which IP address to listen on.
Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b
Related-Bug: #1660099
|
|
This needs to be run by puppet or ansible runs it as root and the
later run by puppet fails due to permissions on the logfile.
Probably we need to remove the *sync calls for most services to
avoid similar issues, now that we're running puppet as part of the
pre-converge upgrade process but that will be done in another patch.
Change-Id: I808db2c175325a25058226842684558ea06fb5c5
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
So, if RabbitClientUseSSL is set, this will enable TLS for the
swift's ceilometer message broker connection.
Change-Id: Ide70a509aefc9e7eb9d7cc5b3a60520fa42b4010
Depends-On: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
|
|
|
|
|
|
|
|
|
|
|
|
If TLS in the internal network is enabled, we run neutron-server
behind a TLS proxy (which is actually httpd's mod_proxy). This passes
the necessary hieradata.
bp tls-via-certmonger
Depends-On: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e
Change-Id: I9252512dbf9cf2e3eec50c41bf10629d36070bbd
|
|
This patch allows the management of the AuditD service and its associated
files (such as `audit.rules`)
This is achieved by means of the `puppet-auditd` puppet module.
Also places ssh banner capabilities map on top of patch
Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d
Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
|
|
|
|
|
|
Adds a step0 for most services to check that the state is running
before continuing with any of the other upgrades steps (these are
tagged step0).
You can skip this service check by overriding the
SkipUpgradeConfigTags parameter as follows:
parameter_defaults:
SkipUpgradeConfigTags: validation
Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
|
|
When replacing a controller node, Exec['wait-for-settle'] needs to
timeout, which means that the command pcs cluster auth will be executed
360 times with 10 seconds in between. So that means waiting for an hour
for no reason. Let's allow to override the settle_tries counter so
an operator can shorten it accordingly.
Tested this by setting CorosyncSettleTries to 100 and I correctly get
proper hiera settings:
$ hiera pacemaker::corosync::settle_tries
100
And effectively we try a number of 100 times as opposed to the 360
default:
/Stage[main]/Pacemaker::Corosync/Exec[reauthenticate-across-all-nodes]/returns
(debug): Exec try 1/100
Change-Id: I5e21b4215cb0b8686d2059b3d71e2444a96719dc
Closes-Bug: #1659741
|
|
Allow to deploy 2 different nodes with Neutron and another with Horizon.
Horizon will get the right hieradata to collect the mechanism driver and
configure the dashboard correctly.
Change-Id: I24621f6a7d053cff487984bab0d10a4a97204675
Closes-Bug: 1659662
|
|
|
|
|
|
This flag is quite old and doesnt work as expected anymore.
Let ceilometer upgrade create these reource types instead.
Change-Id: I71ea6e2fd9418095de658d709c14bb3006ca2753
|
|
|
|
|
|
|
|
|
|
Implements minor upgrade of the ceph-radosgw service.
Change-Id: I4c064bf996ec6bb7eba41ab6384bd953a8ec920f
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
|
|
The 'ceph' metapackage is only provided by some repos so we should
not explicitly pull it.
Also adds a validation step to the CephMon and CephOSD roles to
stop upgrade if the Ceph cluster is in error state.
Change-Id: I5aa275677ada47a352a327b9be21927b852d16f3
|
|
|
|
|
|
|
|
|
|
|
|
This change adds a profile to deploy the Ceph RBD mirroring daemon
as a Pacemaker resource.
Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948
Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789
Closes-Bug: #1652177
|
|
|
|
Allow use of ooo template to populate banner text into /etc/issue
Change-Id: If5b2da9415f10652a0a64503b2da4b63d1018640
Depends-On: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e
Closes-Bug: #1640306
|
|
It may be that we want ways to selectively disable certain tasks,
such as pre-flight validations that might fail when restarting an
upgrade from a failed state. This shows a way we might do that.
Depends-On: I18214f80be9f3ad6c2d385fc00f3b786d3e7dda3
Change-Id: Ibffaaf1de0baf47a0450daa5b7cbb57d38746556
|
|
|
|
|