aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-06-09Merge "Revert "Add support to configure Num of Storage sacks""Jenkins1-9/+1
2017-06-09Remove duplicate docker/puppet services.yamlSteven Hardy1-129/+0
Move to one common services.yaml not only reduces the duplication, but it should improve performance for the docker/services.yaml case, because we were creating two ResourceChains with $many services which we know can be really slow (especially since we seem to be missing concurrent: true on one) Change-Id: I76f188438bfc6449b152c2861d99738e6eb3c61b
2017-06-09Configure credentials for ironic to access cinderDmitry Tantsur1-0/+6
Change-Id: Id896e01e24ecc2bfd7a983a3ff9756fefe4a4525 Depends-On: I097c494d3953b7d26d94aecc546ddef5225d1125
2017-06-09Add templates to configure Ironic inspectorDan Prince1-0/+151
Implements: blueprint ironic-inspector-composable-service Co-Authored-By: Dmitry Tantsur <dtantsur@redhat.com> Change-Id: I825516f9f5c2b0c03a3f497d6954022714aab988
2017-06-09Revert "Add support to configure Num of Storage sacks"Pradeep Kilambi1-9/+1
This reverts commit a915b150018bf306a5942782bf93c5faadcd7cde. The argument is renamed and causing promotions to fail. Change-Id: I7e1674cff75b606c20956edddf70eee2990fca78
2017-06-09Merge "Configure crl file for HAProxy"Jenkins1-0/+6
2017-06-09Merge "Configure CRL URI if TLS in the internal network is enabled"Jenkins1-0/+17
2017-06-09Merge "Role Specific parameter for nova-compute service"Jenkins1-3/+23
2017-06-08Change HorizonSecureCookies default to FalseBen Nemec1-1/+1
HorizonSecureCookies is incompatible with non-ssl deployments, which is our default deployment method. When SSL is in use, it can be turned on in the enable-tls.yaml file. This does mean that existing users won't automatically get this feature turned on as part of their upgrade because enable-tls.yaml is an environment that is intended to be copied and edited, but it's simple to add the parameter to the file for users who want that behavior after they upgrade to a version where it is available. Change-Id: If83d3d8709fc4e0c09569e8bf524721d332bf560 Closes-Bug: 1696861
2017-06-08Merge "Use Deployment actions for blacklist"Jenkins6-29/+121
2017-06-08Merge "Add support to configure Num of Storage sacks"Jenkins1-1/+9
2017-06-08Role Specific parameter for nova-compute serviceSaravanan KR1-3/+23
The parameters NovaVcpuPinSet, NovaReservedHostMemory and NovaPCIPassthrough are modified to support role-specific parameter inputs. Change-Id: I7c11e8fc2c933f424318e457cb1e96acb8df2ec7
2017-06-08Configure crl file for HAProxyJuan Antonio Osorio Robles1-0/+6
This will enable HAProxy to use CRLs for the nodes it's proxying. bp tls-via-certmonger Depends-On: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd Change-Id: I2558113bf83674ce22d99364b63c0c5be446bf77
2017-06-08Configure CRL URI if TLS in the internal network is enabledJuan Antonio Osorio Robles1-0/+17
This uses by default the URL for the CRL provided by FreeIPA (the default CA in TripleO). bp tls-via-certmonger Depends-On: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04 Change-Id: I87001388f300f3decb3b74bc037fff9d3b3ccdc2
2017-06-08Role Specific parameters for neutron-sriov-agent serviceSanjay Upadhyay1-3/+19
Merge the role specific parmaeter with the default parameter with the higher precendece given to role specific parameters. Use the merged settings for the hiera config settings. Change-Id: I7d12ea7a26ba5c22d7961c59fb63663fc2a6b4cd Signed-off-by: Sanjay Upadhyay <supadhya@redhat.com>
2017-06-07Dell SC: Add exclude_domain_ip optionrajinir1-0/+4
This option allows users to exclude some fault domains. Otherwise all domains are returned. Change-Id: Iefd1a44c8fe217aee5845bba35def571317bb123 Closes-Bug: #1681490 Depends-On: I6eb2bcc7db003a5eebd3924e3e4eb44e35f60483
2017-06-07Fix the disable expirer to remove crontabPradeep Kilambi1-16/+4
Instead of doing this via puppet which has the consequence of including the step_config and getting included on the host manifest. Lets disable via ansible upgrade task instead. Change-Id: I5f1a4019dd635dea67db4313bd06a228ae7bacd4
2017-06-07Add support to configure Num of Storage sacksPradeep Kilambi1-1/+9
Gnocchi 4 supports storage sacks during upgrade. lets make this configurable if we want to use more metricd workers. Change-Id: I27390b8babf8c4ef35f4c9b8a2e5be69fb9a54ee
2017-06-07Use Deployment actions for blacklistJames Slagle6-29/+121
Instead of using the Heat condition directly on the Deployment resources, use it to set the action list to an empty list when the server is blacklisted. This has a couple advantages over the previous approach in that the actual resources are not deleted and recreated when servers are added and removed from the blacklist. Recreating the resources can be problematic, as it would then force the Deployments to re-run when a server is removed from the blacklist. That is likely not always desirable, especially in the case of NetworkDeloyment. Additionally, you will still see the resources for a blacklisted server in the stack, just with an empty set of actions. This has the benefit of preserving the history of the previous time the Deployment was triggered. implements blueprint disable-deployments Change-Id: I3d0263a6319ae4871b1ae11383ae838bd2540d36
2017-06-07Merge "Ability to enable/disable debug mode per OpenStack service"Jenkins20-27/+226
2017-06-07Ability to enable/disable debug mode per OpenStack serviceEmilien Macchi20-27/+226
Add ServiceDebug parameters for each services that will allow operators to enable/disable Debug for specific services. We keep the Debug parameters for backward compatibility. Operators want to enable Debug everywhere: Debug: true Operators want to disable Debug everywhere: Debug: false Operators want to disable Debug everywhere except Glance: GlanceDebug: true Operators want to enable Debug everywhere except Glance: Debug: true GlanceDebug: false New parameters: AodhDebug, BarbicanDebug, CeilometerDebug, CinderDebug, CongressDebug, GlanceDebug, GnocchiDebug, HeatDebug, HorizonDebug, IronicDebug, KeystoneDebug, ManilaDebug, MistralDebug, NeutronDebug, NovaDebug, OctaviaDebug, PankoDebug, SaharaDebug, TackerDebug, ZaqarDebug. Note: for backward compatibility in Horizon, HorizonDebug is set to false, so we maintain previous behavior. Change-Id: Icbf4a38afcdbd8471d1afc11743df9705451db52 Implement-blueprint: composable-debug Closes-Bug: #1634567
2017-06-06Convert puppet and docker steps to ansibleSteven Hardy6-0/+6
Replace the multiple SoftwareDeployment resources with a common playbook that runs on all roles, consuming the configuration data written via the HostPrepAnsible tasks. This hopefully simplifies things, and will enable re-running the deploy steps for minor updates (we'll need some way to detect a container should be replaced, but that will be done via a follow-up patch). Change-Id: I674a4d9d2c77d1f6fbdb0996f6c9321848e32662
2017-06-06Merge "Update metric processing delay default"Jenkins1-1/+1
2017-06-05Merge "Fix the constraints for THT params NeutronDpdkCoreList and HostCpusList"Jenkins1-4/+4
2017-06-05Merge "Remove nova placement config for compute service node on upgrade"Jenkins1-18/+0
2017-06-04Update metric processing delay defaultPradeep Kilambi1-1/+1
This helps with processing the backlog, so lets update the default out of the box. Change-Id: I06d4ca95f4a1da2864f4845ef3e7a74a1bce9e41
2017-06-03Merge "Add support for linuxbridge agent"Jenkins1-0/+83
2017-06-02Merge "Server blacklist support"Jenkins6-1/+116
2017-06-02Merge "Upgrade gnocchi without skip-storage"Jenkins1-1/+1
2017-06-02Merge "Handle upgrading cinder-volume under pacemaker"Jenkins1-0/+15
2017-06-01Increase default for NovaReservedHostMemory to 4096Sven Anderson1-1/+1
Idle compute nodes are found to already consume ~1.5GB of memory, so 2GB is a bit tight. Increasing to 4GB to be on the safe side. Also see https://bugzilla.redhat.com/show_bug.cgi?id=1341178 Change-Id: Ic95984b62a748593992446271b197439fa12b376
2017-05-31Server blacklist supportJames Slagle6-1/+116
Adds the ability to blacklist servers from all SoftwareDeployment resources. The servers are specified in a new list parameter, DeploymentServerBlacklist by the Heat assigned name (overcloud-compute-0, etc). implements blueprint disable-deployments Change-Id: I46941e54a476c7cc8645cd1aff391c9c6c5434de
2017-05-31Fix the constraints for THT params NeutronDpdkCoreList and HostCpusListKarthik S1-4/+4
This fix needs to be backported to ocata. Change-Id: I5938761efa4f56e576f41929e0bc12df246ac81a Signed-off-by: Karthik S <ksundara@redhat.com> Closes-Bug: #1694703
2017-05-31Upgrade gnocchi without skip-storagePradeep Kilambi1-1/+1
When gnocchi-upgrade run, we need to ensure storage is upgraded so we initialize the necessary storage sacks. Closes-bug: #1693621 Change-Id: I84e4fc3b6ad7fd966c4097a29678a0fd5b7a20a5
2017-05-30Merge "Enable arp_accept for all interfaces"Jenkins1-0/+2
2017-05-29ceilometer-expirer: remove the crontab during upgradeEmilien Macchi1-5/+17
When running disabled/ceilometer-expirer.yaml, we want to remove the crontab that used to run ceilometer-expirer binary in periodic way. Let's use Puppet to remove this crontab. We can't easily use Ansible tasks this time, because the Ansible cron module can only remove Crontabs previously managed by Ansible: https://docs.ansible.com/ansible/cron_module.html#examples In this case, Puppet will erase the crontab in Pike. In Queens, we'll be able to remove these environments files since we wouldn't need it anymore. Change-Id: Idb050c3b281d258aea52d6a3ef40441bb9c8bcbe
2017-05-26Handle upgrading cinder-volume under pacemakerAlan Bishop1-0/+15
Add upgrade tasks for cinder-volume when it's controlled by pacemaker: o Stop the service before the entire pacemaker cluster is stopped. This ensures the service is stopped before infrastructure services (e.g. rabbitmq) go away. o Migrate the cinder DB prior to restarting the service. This covers the situation when puppet-cinder (who otherwise would handle the db sync) isn't managing the service. o Start the service after the rest of the pacemaker cluster has been started. Closes-Bug: #1691851 Change-Id: I5874ab862964fadb68320d5c4de39b20f53dc25c
2017-05-25Enable arp_accept for all interfacesIhar Hrachyshka1-0/+2
OpenStack heavily relies on gratuitous ARP updates when moving floating IP addresses between devices. When a floating IP moves, Neutron L3 agent issues a burst of gratuitous ARP packets that should update any existing ARP table entries on all nodes that belong to the same network segment. Due to locktime kernel behavior, some gratuitous ARP packets may be ignored [1], rendering ARP table entries broken for some time. Due to a kernel bug [2], the time may be as long as hours, depending on other traffic flowing to the node. With the current EL7 kernel, the only way to make sure that nodes honor all sent gratuitous ARP updates is to set arp_accept to 1; this will disable locktime mechanism for the packets sent by Neutron L3 agent, and will make sure ARP tables are always updated. [1] https://patchwork.ozlabs.org/patch/762732/ [2] https://bugzilla.redhat.com/show_bug.cgi?id=1450203 Related-Bug: #1690165 Change-Id: I863b240e0ab4c4d5bb844f91b607fd0937d5cedf
2017-05-25Add ignore_projects to filter gnocchi eventsPradeep Kilambi1-0/+8
Without this, ceilometer db gets hammered with gnocchi swift events. Keystone creds are required so middleware can query for id. Related change: I5c0f4f1a2c7fe7eb39ea6441970e9ac0946a4ec1 Change-Id: I9a7a80252703e470a69dc10352e7ece45ab23150
2017-05-25Add support for linuxbridge agentBartosz Stopa1-0/+83
Currently TripleO does not support LinuxBridge driver, setting NeutronMechanismDrivers to linuxbridge will not force ml2 plugin to use linuxbridge. This commit adds new environment file which replaces default ovs agent with linuxbridge on Compute and Controller nodes. Change-Id: I433b60a551c1eeb9d956df4d0ffb6eeffe980071 Closes-Bug: #1652211 Depends-On: Iae87dc7811bc28fe86db0c422c363eaed5e5285b Depends-On: Ie3ac03052f341c26735b423701e1decf7233d935
2017-05-25Merge "Enable mistral to run under mod_wsgi"Jenkins1-6/+38
2017-05-24Merge "Role Specific paramaeter support for neutron-ovs-dpdk-agent service"Jenkins1-9/+32
2017-05-23Merge "Remove osd_pool_default_min_size to allow Ceph cluster to do the ↵Jenkins2-2/+5
right thing by default"
2017-05-23Merge "Disable mongodb by default"Jenkins1-0/+38
2017-05-23Merge "Use disabled suffix for disabled service names"Jenkins3-3/+3
2017-05-22Remove osd_pool_default_min_size to allow Ceph cluster to do the right thing ↵Keith Schincke2-2/+5
by default The default value is 0 which has the minimum number be caluclated based on the replica count from osd_pool_defaut_size. The default replica count is 3 and the calculated min_size is 2. If the replica count is 1 then the min_size is 1. ie: min_size = replica - (replica/2) Add CephPoolDefaultSize parameter to ceph-mon.yaml. This parameter defaults to 3 but can be overriden. See puppet-ceph-devel.yaml for an example Change-Id: Ie9bdd9b16bcb9f11107ece614b010e87d3ae98a9
2017-05-22Disable mongodb by defaultJuan Antonio Osorio Robles1-0/+38
It's not used by any service that we enable by default. So instead, I added it to the environment that enables the services that use it. Change-Id: Id2e6550fb7c319fc52469644ea022cf35757e0ce
2017-05-22Use disabled suffix for disabled service namesJuan Antonio Osorio Robles3-3/+3
This changes both the service names and the file names for disabled services, adding the 'disabled' suffix to them. This comes with the reasoning that, if a service requires a disabled service, and checks for the name in the "service_names" hiera entry, it will appear as if the service was enabled, when it's actually not. So changing the name and using this convention prevents that issue. Change-Id: I308d6680a4d9b526f22ba0d7d20e5db638aadb9a
2017-05-22Merge "TLS everywhere: configure mongodb's TLS settings"Jenkins1-0/+37
2017-05-20Merge "Open ports 443 and 80 on haproxy's firewall when horizon is standalone"Jenkins1-0/+7