Age | Commit message (Collapse) | Author | Files | Lines |
|
We now pass configuration for autofencing to Pacemaker Remote nodes.
Change-Id: Ibb9c65a83cc909528024c538cf3bcc96390c555e
Depends-On: I87c60bd56feac6dedc00a3c458b805aa9b71d9ce
Closes-Bug: #1686115
(cherry picked from commit 05953542a6b688ee549671a46cecb5951b6c3fee)
|
|
For performance reasons we might want to tweak this param
lets expose this via tripleo. The puppet changes were
added in this patch I5de5283d1b14e0bba63d6d9a440611914ba86ca4
Change-Id: I72f1fe3a47060fe37602a70b8a74fba72209127c
(cherry picked from commit e33e76684c9b60b9ce50ad7996529ed49dddd9d9)
|
|
This fix needs to be backported to ocata.
Conflicts:
puppet/services/neutron-ovs-dpdk-agent.yaml
Signed-off-by: Karthik S <ksundara@redhat.com>
Closes-Bug: #1694703
Change-Id: I5938761efa4f56e576f41929e0bc12df246ac81a
(cherry picked from commit 61480182f8a6f27ab7e1e73b9dd79e17a4927f0f)
|
|
|
|
Add upgrade tasks for cinder-volume when it's controlled by pacemaker:
o Stop the service before the entire pacemaker cluster is stopped.
This ensures the service is stopped before infrastructure services
(e.g. rabbitmq) go away.
o Migrate the cinder DB prior to restarting the service. This covers
the situation when puppet-cinder (who otherwise would handle the db
sync) isn't managing the service.
o Start the service after the rest of the pacemaker cluster has been
started.
Closes-Bug: #1691851
Change-Id: I5874ab862964fadb68320d5c4de39b20f53dc25c
(cherry picked from commit c4e3bbe039135f32f0e198365e704b3dbfd00290)
|
|
Specify the allowed networks for migration ssh tunneling.
bp tripleo-cold-migration
Change-Id: Iab022bdfb655e3c52fecebf416e75c9e981072ab
Depends-on: Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293
(cherry picked from commit 3d8af2fcf8e2d41600fa10584120a8117e7ef40c)
|
|
OpenStack heavily relies on gratuitous ARP updates when moving floating
IP addresses between devices. When a floating IP moves, Neutron L3 agent
issues a burst of gratuitous ARP packets that should update any existing
ARP table entries on all nodes that belong to the same network segment.
Due to locktime kernel behavior, some gratuitous ARP packets may be
ignored [1], rendering ARP table entries broken for some time. Due to a
kernel bug [2], the time may be as long as hours, depending on other
traffic flowing to the node.
With the current EL7 kernel, the only way to make sure that nodes honor
all sent gratuitous ARP updates is to set arp_accept to 1; this will
disable locktime mechanism for the packets sent by Neutron L3 agent, and
will make sure ARP tables are always updated.
[1] https://patchwork.ozlabs.org/patch/762732/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1450203
Conflicts:
puppet/services/kernel.yaml
Related-Bug: #1690165
Change-Id: I863b240e0ab4c4d5bb844f91b607fd0937d5cedf
(cherry picked from commit 804fd3427eeb31a2846ee096dbdac924ec39bcbc)
|
|
stable/ocata
|
|
|
|
|
|
There is a windows for the pcs cluster status to hang forever[1]. We
add a timeout during check0 to avoid this situation. 2 minutes should
be more than enought to get all the pcsd nodes to reply.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1292858
Closes-Bug: #1680477
Change-Id: Icb3dc76e031a3d4f26294f37d169f2f61d30973e
(cherry picked from commit 0ea21f51a8128e536404ffd87f741443c9287593)
|
|
Depends-On: If88f403c85b79bd896a24c7816486709bd67706f
Closes-Bug:1686619
Change-Id: I7c32ca39a456de9833d30c31d41fcb727d2b0a34
(cherry picked from commit 77b4bd53dae1882ae3094597e674218b7773eda9)
|
|
The [Pre|Post]Puppet resources were renamed in
https://review.openstack.org/#/c/365763.
This was intended for having a pre/post deployment
steps using an agnostic name instead of
being attached to a technology.
The renaming was unintentionally reverted in
https://review.openstack.org/#/c/393644/ and
https://review.openstack.org/#/c/434451.
This submission merge both resources into one,
and remove the old pre|post hooks.
Change-Id: Ic9d97f172efd2db74255363679b60f1d2dc4e064
Closes-bug: #1669756
(cherry picked from commit 258c6ce52d0c8467f34693722a883d96345802b2)
|
|
Added VxLAN and metadata agent firewall rules to neutron-compute-plugin
for Nuage. Removed a deprecated parameter 'OSControllerIp' as well.
Change-Id: If10c300db48c66b9ebeaf74b5f5fee9132e75366
(cherry picked from commit d5309c9443cbfe50ba5e7c15f025393a58b0804c)
|
|
|
|
|
|
|
|
1) When Apache is upgraded, install mod_ssl rpm.
See https://bugs.launchpad.net/tripleo/+bug/1682448
to understand why we need mod_ssl.
2) All services that run Apache for API will use the snippet from
Apache service to deploy mod_ssl, so we don't duplicate the code
in all services. It's using the same mechanism as ovs upgrade to
compile upgrade_tasks between both services.
Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84
Closes-Bug: #1686503
(cherry picked from commit a6041608ca68aad4298ed9e8febafc442a250a55)
|
|
It doesn't work downstream, so the httpd command was recommended.
Change-Id: I4807333b80dad10f16e5deb56cbfdda656cd1e50
(cherry picked from commit 0b05d7fd9b0e8811755499642647919eaf64cc39)
|
|
In change Ib62001c03e1e08f58cf0c6e0ba07a8879a584084 we switched the
rabbitmq queues HA mode from ha-all to ha-exactly. While this gives us a
nice performance boost with rabbitmq, it makes rabbit less resilient to
network glitches as we painfully found out via
https://bugzilla.redhat.com/show_bug.cgi?id=1441635.
This is the THT part of the change that changes the default to
ha-mode: all.
NB: not clean cherry-pick due to the added metadata_settings line in
master
Closes-Bug: #1686337
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: John Eckersberg <jeckersb@redhat.com>
Change-Id: I7afcf2b3c8deb13fc2134e4cae9c06a44e775384
Depends-On: I9a90e71094b8d8d58b5be0a45a2979701b0ac21c
(cherry picked from commit 90fc4b2e27ef6f612a82dfc5e08884629d0fe0bf)
|
|
CollectdServer, CollectdServerPort, CollectdSecurityLevel, CollectdUsername, CollectdPassword
Change-Id: I43a0aca6f620f2570bdfd88531e70611867337b0
(cherry picked from commit f209f0aa48d277ecb8300ef33225f6ce6e24a4ae)
|
|
|
|
|
|
stable/ocata
|
|
|
|
|
|
This hiera key is used by keystone to create the ceilometer service
user. It works in CI cause keystone and the ceilometer services are in
the same node. However, this fails if keystone is deployed on a separate
note.
We should only deploy it in the nodes containing the keystone service
since it's only relevant to create the service user.
Change-Id: Ic0f02fe9a78a1fe14ac2b87197692fbd80c003b8
Closes-Bug: #1685828
(cherry picked from commit f1f6b5dc7d698a36f04186856fb94b4115d121dc)
|
|
Because CephFS Snapshots are still an experimental feature and
also Manila Ceph driver has this feature disabled by default,
it makes sense to not override this value by default.
Change-Id: I3dacbd7a3c673d2f34998ee9f433889727c6a0f7
(cherry picked from commit 99371a90a29b4f9ffda606263540a1ef0b919633)
|
|
When service is added during an upgrade, fix the ansible syntax
to use the right variable for return code.
Change-Id: I974699fb8b0dcbe5ffa6935c394df4ac8e7b21d4
(cherry picked from commit deb9b4cad5a59e650922067841604a4bc121c228)
|
|
|
|
This change implements a MOTD message and provides a hash of
sshd config options which are sourced to the puppet-ssh module
as a hash.
The SSHD puppet service is enabled by default, as it is
required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293.
Also added the service to the CI roles.
Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e
Depends-On: I1d09530d69e42c0c36311789166554a889e46556
Closes-Bug: #1668543
Co-Authored-By: Oliver Walsh <owalsh@redhat.com>
(cherry picked from commit 5e14f95a4a46fcf88293f1b0fa93327566614d43)
|
|
|
|
|
|
|
|
|
|
|
|
This enables nova cold migration.
This also switches to SSH as the default transport for live-migration.
The tripleo-common mistral action that generates passwords supplies the
MigrationSshKey parameter that enables this.
The TCP transport is no longer used for live-migration and the firewall
port has been closed.
Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f
Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06
Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf
Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
(cherry picked from commit 0271a63e52b961eab0da2f5c6a61811a7a1498f7)
|
|
Fetch the host public keys from each node, combine them all and write to the
system-wide ssh known hosts. The alternative of disabling host key
verification is vulnerable to a MITM attack.
Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
(cherry picked from commit 7d3552a105ad5aa62cad0998c11df5ec6bd06ed6)
|
|
stable/ocata
|
|
In two places during upgrade we manually trigger puppet.
There can be a problem when new puppet modules are added, and their
corresponding symlinks in /etc/puppet/modules are not created during
the installation as their are installed in
/usr/share/openstack-puppet/modules. To prevent the issue tripleo set
modulepath in the templates.
We must use the same modulepath to make sure that we don't fail
because of missing module in the manual puppet run.
This particulary happens when you upgrade from M->N->O, as the base
image in Mitaka doesn't have the proper symlinks and they are not
created during the installation of the package.
Closes-Bug: #1684587
Change-Id: I79df6ea33f1c58e13309176a6de41b7572541fd6
(cherry picked from commit 79c2d0f3d411da9e57731d9da79d25a3e0364eb2)
|
|
According to [1] we need os_region_name, not region_name. Furthermore
the os_interface is configured as well. The hard check on this
parameter was introduced in ocata[2], explaining why the newton version
did not chock on it.
[1] https://docs.openstack.org/ocata/config-reference/compute/config-options.html
[2] https://github.com/openstack/nova/commit/d486315e0
Closes-Bug: #1684058
Change-Id: If6118bf03e832fe3fa5ea4fcb1b436afd2adf80a
(cherry picked from commit 88a3168b3019f7c8232c14b95d4c7c6fb5080f03)
|
|
|
|
|
|
Running this job once a day has proven problematic for large
deployments as seen in the bug report. Setting it to run hourly
would be an improvement to the current situation, as the flushes
wouldn't need to process as much data.
Note that this only affects people using UUID as the token provider.
Change-Id: I462e4da2bfdbcba0403ecde5d613386938e2283a
Related-Bug: #1649616
(cherry picked from commit 65e643aca2202f031db94f1ccd3d44e195e5e772)
|
|
This allows us to better configure these parametes, e.g. we could set
the cron job to run more times per day, and not just one.
Change-Id: I0a151808804809c0742bcfa8ac876e22f5ce5570
Closes-Bug: #1682097
(cherry picked from commit df36f221dd402a5b93585a6851fb1eb43de91967)
|
|
Change-Id: I1b5658efaaa26c473ceef184a962ec320f267ffe
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit e88dfbc4ca115be9522ee0fc0bdb5b60f9ddd7a7)
|
|
|
|
The puppet-tripleo change was added in
Ie9391aa39532507c5de8dd668a70d5b66e17c891.
Closes-bug: #1656558
Change-Id: Ibe2e4be5b5dc953d8d4b14f680a460409db95585
(cherry picked from commit 75d48838020ad9ff2bbd739212599ec8eb932649)
|
|
Convert NetApp Cinder back end to support composable roles via new
"CinderBackendNetApp" service.
Closes-Bug: #1680568
Change-Id: Ia3a78a48c32997c9d3cbe1629c2043cfc5249e1c
(cherry picked from commit c533a3219e47c5a6155e85e089b9f8acdb4a3dd6)
|
|
Following change I1393d65ffb20b1396ff068def237418958ed3289 the ctlplane
network will be 192.168.24 by default and not 192.0.2 anymore.
This change removes old references left to 192.0.2 network from the
overcloud templates.
(cherry picked from commit b5b6681a74e001448a836e7eea5e75fba859b88c)
Closes-Bug: #1682144
Change-Id: I49bd1ac8d594105665010bd898670b17e72fa763
|