Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The patch this depends on passes through the classes some parameters
that are meant to be passed via t-h-t. This patch addresses these and
other things required for deploying these services over httpd:
* Set the number of workers taking care not to set this value to 0.
* Add the apache base hieradata to the service profiles.
* Set the servernames and other httpd-specific values.
bp tls-via-certmonger
Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6
Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
|
|
This patch allows operator to create SSL certificates for SSL auth to RabbitMQ.
Change-Id: I250aedcfdbe3b7a7e8c611c0e6122cf8fe0edda4
|
|
|
|
|
|
As with other services, this passes the necessary hieradata to enable
TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo)
that there will only be TLS connections, as the ssl_only option is being
used.
bp tls-via-certmonger
Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5
Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
|
|
|
|
There is currently an issue where the max open files limit is hit with
MariaDB in noha deployments, because it is defaulted to 1024 by system
limits. In HA deployments the limit is bumped to 16384. This patch
introduces a flag to be able to increase the limit to 16384 for noHA
deployments.
In the future we should change this to be an integer, and let the
operator decide the setting. Since this setting is set in a different
path for HA, we would need to implement a change that allows setting
both (ha and nonha) via the same integer param.
Depends-On: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6
Closes-Bug: #1648181
Related-Bug: #1524809
Change-Id: I95393fc798b833a8575afbff03ef74a839565c5e
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Configure keystone_authtoken for Sahara service.
Change-Id: I045b7d1d52851ab0d532a8524fcea95705e3db78
Partial-implement: blueprint keystone-v3
|
|
This also moves the explicit usages of the Keystone V3 endpoint fromt he
EndpointMap, as using the uri_no_suffix defeats that usage.
Change-Id: I5f07a0cee07fa28b88c419e25e014094004b1bce
Partial-Implement: blueprint keystone-v3
|
|
glance-base is not useful anymore since we only run Glance API service
and there is no plan yet to add new services for Glance. Let's cleanup
this useless service and consolidate glance-api service.
Change-Id: I73cd0def2ae73e0bd52104c6710998df4a0d2e58
|
|
This means we can remove the special BannerText hiera reference
in the puppet-tripleo profile
Change-Id: Id4c8b853fa0e9bcdffe2cf7cd1554a9be7451b25
|
|
|
|
|
|
|
|
Change-Id: I1b5658efaaa26c473ceef184a962ec320f267ffe
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
This uses a puppet-tripleo profile to configure and start docker
in step1 of the deployment, which is before we attempt to deploy
any containers (see docker/services/README.rst#docker-steps)
This enables existing environments on upgrade to configure things
correctly, without using the docker/firstboot/setup_docker_host.sh
- the firstboot approach may still be needed for atomic, but for
environments where we can run puppet on the host this integrates
more cleanly with our existing architecture I think.
Depends-On: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
Change-Id: If4ffe21579bcb2770f4e5a96be7960b52927a27b
|
|
|
|
|
|
Change-Id: I54a3cac11ae63c553f831a3f8eeca2cbe4cc88d3
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
It doesn't work downstream, so the httpd command was recommended.
Change-Id: I4807333b80dad10f16e5deb56cbfdda656cd1e50
|
|
|
|
The new hiera hook in I21639f6aadabf9e49f40d1bb0b1d0edcfc4dbc5e
was added to most of the tripleo-heat-templates in
Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
The new hook is installed by default if you use tripleo-common
Ia1864933235152b7e899c4442534879f8e22240d and will be installed
as part of the Newton to Ocata upgrades workflow in
I0c7a32194c0069b63a501a913c17907b47c9cc16
In order to use the new hiera data as part of the upgrade we
need to remove the old hieradata which will break anyone still
defining and using it. This change updates the remaining vendor
plugin manifests to use the new hiera hook. The pre-requisite
is that the new hook is installed on their overcloud (as above
it comes if you follow the N..O upgrade)
Change-Id: Ic95154734cb21e6b941c7f1569295b413963831d
|
|
A change to puppet-tripleo (Iea5607dbb3ee6b1dd50acc1395de52dc920aa915)
altered altered which hieradata was consumed for octavia. This updates
the heat templates to sync with that change.
Change-Id: I572dd4c25f25ab2ea8b10cabfa4773fae2a2bc91
Closes-Bug: #1670058
|
|
|
|
The puppet facts will be removed soon and using the hiera value is
adviced instead.
Change-Id: I318f81abaac997370e950780993dc95cae088327
|
|
The puppet facts will be removed soon and using the hiera value is
adviced instead.
Change-Id: I3ba89dd9bd471c5723325efc9041ca6da937ccc5
|
|
Upgrade process wasn't consistent and correct.
Change-Id: Id1f810d33c2909957be9a2c96d18c96dee939953
|
|
|
|
|
|
|
|
Change-Id: Icc5fbf99301ae47344e1582767e1e7a4687f491b
|
|
In ocata we changed the rabbitmq ha policy to "ha-exactly" via the
following changes:
- tht: Iace6daf27a76cb8ef1050ada0de7ff1f530916c6
- puppet-tripleo: Ib62001c03e1e08f58cf0c6e0ba07a8879a584084
We took care of the upgrade path via I3a97505d2ae1ae27f3080ffe74c33fdabffd2420
With the move to the ansible-based composable upgrades we left this change out.
And now an upgraded environment has the following policy:
- Upgraded environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}"
- New environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}"
We need to add this pcs resource change to the our upgrade scripts.
Change-Id: I3c4113c207e9d0c45be43df7c2379ac26cb60692
Closes-Bug: #1668600
|
|
Change-Id: I740b20b12acb3740886409bff86c4989f0a066f4
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Change-Id: I189edaf69c0e97a3399e6af939595f98322d7c03
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
During upgrades, validation test if a service is running before the
upgrade process starts.
In some cases, servies doesn't exist yet so we don't want to run the
validation.
This patch makes sure we check if the service is actually present on the
system before validating it's running correctly.
Also it makes sure that services are enabled before trying to stop them.
It allows use-cases where we want to add new services during an upgrade.
Also install new packages of services added in Ocata, so we can validate
upgrades on scenarios jobs.
Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
|
|
|
|
|
|
|
|
Prior to https://review.openstack.org/#/c/271450/ os-net-config was
applied via os-refresh-config directly, which meant that even though
UpdateDeployment and NetworkDeployment can be created concurrently,
we'd always do the os-net-config step first.
However now that we apply both steps via scripts (which are both handled
via the same heat-config hook) we should add an explicit dependency to
ensure the network is always fully configured before attempting to run
any update. This should avoid the risk of e.g running an update on
initial deployment before the network connectivity to access yum repos
is in place.
Change-Id: Idff7a95afe7b49b6384b1d0c78e76522fb1f8eb7
Related-Bug: #1666227
|
|
|
|
|
|
|
|
In the previous release[1], the services were stopped before the
pacemaker services, so that they get a chance to send last message to
the database/rabbitmq queue:
Let's do the upgrade in the same order.
[1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71
Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218
|
|
Rename ec2-api_enabled to ec2_api_enabled so we avoid this error:
The conditional check 'ec2-api_enabled.rc == 0' failed.
The error was: error while evaluating conditional
(ec2-api_enabled.rc == 0): 'api_enabled' is undefined"}
Change-Id: Id325fd7eba397155eac7fb6c7410f88486173ba1
|
|
|
|
Change-Id: I256d2fcb6353d029750113c1fec59a89c82583ca
|
|
While the heat templates specify a default value of 3, it rarely seems
to have an effect as the tripleoclient is setting this according to the
controller scale. This was fine before composable roles, but it is now
invalid. While the client needs to be modified to no longer set this
according to controller scale, the template should default to a sentinel
value that will allow the puppet code to determine the proper value by
the number of hosts that have the neutron dhcp agent deployed on them.
Depends-On: I5533e42c5ba9f72cc70d80489a07e30ee2341198
Partial-bug: #1632721
Change-Id: I06628764c4769d91bbc42efe1c722702d6574d02
|
|
|
|
|