Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This enables the creation of the nova_api database that is now
mandatory since https://review.openstack.org/#/c/245828/
Change-Id: Ia8242f23864ebb14ccf858a77ba754059e9c2d4a
Related-Bug: #1539793
|
|
|
|
For both HA & non-HA scenarios, switch puppet-keystone configuration to
be run in a WSGI process instead of eventlet.
WSGI is the way to go for scaling Keystone, moreover, eventlet won't be
support in next OpenStack releases.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Depends-On: I22a348c298ff44f616b2e898f4872eddea040239
Change-Id: I862b4a68f43347564ec3c0ddc4ec9e1d1c755cf2
Signed-off-by: Jason Guiditta <jguiditt@redhat.com>
|
|
During high load, the default limit of the kernel connection tracking
table (65536) is often too low, resuling in error messages such as:
kernel: nf_conntrack: table full, dropping packet
This patch increases the limit to 500,000.
Since the nf_conntrack kernel module is not always loaded by default, it also
adds a mechanism to load kernel modules via hieradata using the kmod puppet
module. In order to express the needed dependency in puppet that kernel modules
are loaded before sysctl settings are applied, the Exec resources tagged with
'kmod::load' are specified in a resource collector to express that that Exec
resources with the tag should run before Sysctl resources.
Depends-On: I59cc2280ebae315af38fb5008e6ee0073195ae51
Change-Id: Iffa0a77852729786b69945c1e72bc90ad57ce3bb
|
|
Updated the setting for the dell storage center
api port to the right variable name ::dell_sc_api_port
Change-Id: I67a7533469947355629b6cb54b79759e21e0ec55
|
|
|
|
This change will set a common value for 'host' across all
controllers. We missed to do so for the NFS backend previously.
It will still be possible to set a different per-backend 'host'
value by providing it via ExtraData.
Change-Id: I00fd05660a15be3611e1a394650be6ab713670f9
|
|
The name of the variable ::eqlx_pool had a typo. Fixed it
Change-Id: I83a94d4bccf9c9a60c7b37473ae8a64ac050671c
|
|
|
|
When we utilise images for deployment, the iSCSI initiator name
is not unique, leading to problems with live migration. This
patch simply updates the iSCSI initiator name to a unique ID
randomly generated by iscsi-iname.
https://bugzilla.redhat.com/show_bug.cgi?id=1244328
Change-Id: I170e7f45f67fa8ce70436f24807d1ed7808f2c32
|
|
We get false negatives from Tempest when the Cinder LVM backing
file runs out space. This change increases its default size to 10G,
matching devstack [1]
1. https://github.com/openstack-dev/devstack/blob/master/stackrc#L649
Change-Id: Ia334ea481e17c1d35aa67c33729cac6570f48199
|
|
Some operators desire more granular control of hostnames than is
currently possible via the *HostnameFormat parameters, in particular
mapping nodes to explicit IDs (such as inventory references) is not
easily possible.
So, add a HostnameMap parameter, which is optional and allows
explicit overriding of the default hostnames.
E.g pass an environment like this:
parameter_defaults:
HostnameMap:
overcloud-controller-0: overcloud-controller-prod-123-0
overcloud-controller-1: overcloud-controller-prod-456-0
overcloud-controller-2: overcloud-controller-prod-789-0
Note this is mapping is global (for all roles), because we
expect the keys to be unique given that they include the
role name and index by default.
Note that this depends on a fix for heat bug #1539737
Change-Id: Ib4d3d40e9523903ebccc06c3e14b2d71d924afa3
Depends-On: Ib934f443a8b8e4f75335a9d8b992e7f86791aa45
|
|
This was being silently ignored by the mysql puppet module
prior to this commit.[1] However, now that empty values are
allowed, the overcloud deploy fails because the option
--wsrep_notify_cmd requires an argument.
This is not currently failing on master because we are
pinned to an old puppet-mysql. We will need to remove that
pin in order to get on a newer delorean repo though. Also,
this is breaking stable/liberty HA job because we use the
packaged OPM there.
[1] https://github.com/puppetlabs/puppetlabs-mysql/commit/e30e0bc958761890ea4f06cdd3f1fc7242a00fe2
Change-Id: I9e07efe1650831e81e9a783428554578874aa765
Closes-Bug: 1537720
|
|
Change-Id: Ifd750e634812dae2b7945cbe2f35f98d8a82695e
Depends-On: If88dcdf9f4905e2a792b2fdc656eab51c85f637e
|
|
|
|
|
|
The 'router_delete_namespaces' (L3 agent) and 'dhcp_delete_namespaces'
(DHCP agent) configuration settings default to false OpenStack Neutron
resulting in network namespaces not being deleted when
no longer needed. Disabling automatic namespace cleanup was appropriate
for older Linux distributions but is no longer required.
TripleO should set the values to true.
Change-Id: I39e1a347d24ecc99b6f878807c47103c4b3f85e1
|
|
|
|
|
|
|
|
Including ::neutron::config on the controller and compute roles
will allow ad-hoc (non-puppet managed) settings to be made in all
the various neutron config files using Hiera.
Change-Id: Ifadc77cdcb60b7075d091d778cb92b0dd75bd949
|
|
Including ::cinder::config on controller, and volume roles
will allow ad-hoc (non-puppet managed) settings to be
made in the cinder.conf using Hiera.
Change-Id: I519aff02e3cfb7fbf57e89c7a139564df42f8967
|
|
Including ::heat::config on the controller roles will allow
ad-hoc (non-puppet managed) settings to be made in the
heat config file using Hiera.
Change-Id: I80a39b798869ac330ea8a4d01699f5db47c93d47
|
|
Including ::glance::config on glance roles will allow ad-hoc
(non-puppet managed) settings to be made in the
glance config files using Hiera.
Change-Id: I7c86ae0e8f1a0a2b46d526598964454cb80319a6
|
|
Including ::ceph::conf on ceph roles will allow ad-hoc
(non-puppet managed) settings to be made in the
ceph.conf using Hiera.
Change-Id: I656a0ecde465023d7afad9371aa3c5c270078a67
|
|
|
|
Deploy a TripleO overcloud with OpenContrail Vrouter plugin configured
to interact with an existing OpenContrail Server Manager.
OpenContrail is an Apache 2.0-licensed project that is built using
standards-based protocols and provides all the necessary components for
network virtualization–SDN controller, virtual router, analytics engine,
and published northbound APIs. It has an extensive REST API to configure
and gather operational and analytics data from the system.
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: I699a7c4ea09d024fe4d70c6a507c524f0a7aafd5
|
|
|
|
Currently the value of the CloudName param gets written into the
/etc/hosts file on each controller, but it turns out this is an
invalid configuration. CloudName is supposed to be the DNS name
of the overcloud, and the IP being written is (at least in my case)
the internal API VIP. This breaks in cases such as SSL because
the services are not listening on an SSL port on the internal API
network, so if a service tries to talk to another service using a
CloudName-defined public endpoint it ends up pointed at a
non-existent internal address:port.
Since by definition CloudName is supposed to be resolvable by the
configured DNS server, we should not need an explicit hosts entry
as well. Thus, this patch removes that from the file.
Change-Id: I919b42a219d95296f46852dd3266a54d968cf66b
|
|
Some assignments must be fixed in order to make run midonet with HA
pacemaker properly and when the network isolation is enabled.
Change-Id: I69fb3a1911cfe3baea3349da8f3e185dddf60a95
|
|
|
|
|
|
There was a missing : in the hieradata for the compute nodes that
caused tunnel_types to not be configured. This also made it
impossible to boot instances on tunneled networks because the port
binding always failed.
Change-Id: Icc2a45aa9514ce62497f91e6abe9261d1c1374ed
Partial-Bug: 1534349
|
|
In our neutron.conf we configure both keystone v2 and v3 options,
which confuses the keystoneclient code responsible for deciding
which to use. For whatever reason, having it talk to the
unversioned keystone endpoint and letting the client decide which
version that way makes it happy. Except that we write a wrong
value for project_name, which makes it unhappy again.
This change fixes both of those issues, which allows notifications
to work again.
Change-Id: Ic3a329354d0ed071363183b5e06c0a42d2dd84ad
Closes-Bug: 1519525
|
|
|
|
Right now our vncproxy settings are hard-coded to http and the
non-ssl port. This change adds a vncproxy entry to the endpoint
map and uses those values to configure the proxy correctly on
compute nodes. This is sufficient to get it working in my
environment with ssl enabled.
Change-Id: I9d69b088eef4700959b33c7e0eb44932949d7b71
|
|
Due to a bug [1] in Galera we can't pass an IPv6 as bind-address,
we pass an hostname instead.
1. https://bugzilla.redhat.com/show_bug.cgi?id=1298671
Change-Id: Ia5a5b66dd3e94d3dfb6588550fcfe34382897c27
|
|
If the X-Forwarded-Proto header is received by keystone, this option
will make the service properly handle it. This is useful, for instance,
if TLS is enabled for the admin endpoint.
Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
|
|
|
|
We need this set for SSL or keystone returns a non-https address.
It shouldn't hurt anything to set this in the non-SSL case since
the value will still be correct and the behavior will be the same
as if it were unset.
Change-Id: Iea3ea1d25dfc462fa844d3c12e6070f2c9b42036
|
|
|
|
PyMySQL is a new driver introduced in Liberty.
This patch change the MySQL url to use mysql+pymysql like recommanded.
Change-Id: I28e14acacba865241a0cc388a879a003181a85f3
Depends-On: I7604cca9e2d7bf0b93c820adec5f937f72b64fa8
Closes-Bug: #1499298
|
|
Configure ceilometer to use the service tenant instead of the admin
tenant. Using the admin tenant is not required and a security risk.
This brings the ceilometer configuration in line with the
recommendations from the official installation guide:
http://docs.openstack.org/kilo/install-guide/install/yum/content/ceilometer-controller-install.html
Change-Id: Ia14695eb23a1ff551fd27f74b4cb864e80b100e3
Partial-Bug: #1358237
|
|
Integration of OpenStack data processing service (sahara) with
TripleO.
- Deploys sahara in distributed mode (separate api and engine
processes on each controller node)
- Load balancing w/haproxy
- RabbitMQ/MySQL supported per current TripleO standard
- Minimal configurability at this time
Change-Id: I77a6a69ed5691e3b1ba34e9ebb4d88c80019642c
Partially-implements: blueprint sahara-integration
Depends-On: I0f0a1dc2eaa57d8226bad8cfb250110296ab9614
Depends-On: Ib84cc59667616ec94e7edce2715cbd7dd944f4ae
Depends-On: I9fe321fd4284f7bfd55bd2e69dcfe623ed6f8a2a
|
|
The completion-signal input is no longer needed, because for some
time 99-refresh-completed has supported using per-deployment
signal URLs instead provided the config group is set correctly
to os-apply-config.
Change-Id: I76cb5331917ff54e978bd22b9dea0c1a2c65a928
|
|
- Adds parameter to enable switching off token flush cron job.
- Sets destination for deleted rows to /dev/null
Change-Id: I9e8aed969e81595d8a1d0a5300da17da6ba15c03
Partial-bug: rhbz#1249106
Depends-On: I5e51562338f68b4ba1b2e942907e6f6a0ab7a61e
|
|
|
|
|
|
This patch enables the port security ML2 extension driver by default. It
should have no impact on users that do not explicitly modify the port
security property on a port.
Change-Id: I1413428a1c0329acf0276bf6032684e5e7f8e177
Closes-Bug: #1531970
|