aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-07-20Fix description of NeutronNetworkVLANRangesBen Nemec1-2/+2
This claimed that all vlans were allowed, when in fact it is only the first 1000. Change-Id: Id5681be51bc908274a8b9cf18d43e116ba150e7f
2017-07-20Switch MonitoringRabbitUseSSL to booleanAlex Schultz1-1/+1
The puppet-sensu module recently added type checking so rabbitmq_ssl needs to be a boolean and not a string. Change-Id: I69b5a7528c8728310766abdc27ad11c93c4722d5 Closes-Bug: #1705481
2017-07-20Disable env evaluation in workflow executionsGiulio Fidente1-0/+2
This is so that Mistral does not try to resolve the occurrences of {{ or <% as jinja/jaql in the environment data. Change-Id: Id654c336d072a6248570274401857756c6f6e706
2017-07-20Remove non-containerized pacemaker resources on upgrademarios1-18/+1
Adds upgrade_tasks to remove the pacemaker resources using the ansible-pacemaker module. Resources are disabled and removed in step2 (called only on bootstrap node) and then the cluster stop is moved to step3 The existing systemd/service call is kept but only to disable services after they are disabled/deleted from the cluster. Related-Bug: 1701485 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: Ia597d240ea5834c50a8f6c4fac0b6ed417b8535c
2017-07-19Merge "Fixing a bug when setting a password for ODL controller"Jenkins1-0/+2
2017-07-19Merge "Use optimal (instead of default) tunables for Ceph on upgrade"Jenkins1-2/+2
2017-07-19Increase default RabbitMQ/Erlang TCP timeout from 5 to 15 secondsJohn Eckersberg1-1/+1
This should be greater than the default value of corosync_token_timeout, which is 10 seconds. That way, if an entire cluster node is unavailable, appropriate fencing measures can occur. With the current settings, it is possible for brief network interruptions, greater than 5 seconds, but less than 10 seconds, to occur. This can cause the RabbitMQ cluster to fail in subtle ways, but no corrective action taken by pacemaker. Change-Id: I735d43616c5c623c4398d924713012f595b2e5f9
2017-07-19Stop Heat WSGI services on docker upgradeThomas Herve1-1/+1
As we made the migration to HTTPd during the same cycle, we didn't include stopping the WSGI services before the upgrades. This handles the case, and fixes an issue with the puppet upgrade as well. Change-Id: I54ba6214d4bf052c0d840d5bbce2b524d82b7017 Closes-Bug: #1699443
2017-07-19Add nova::compute::rbd setting into nova-libvirt profileGiulio Fidente1-0/+18
Some of the tasks carried by nova::compute::rbd class apply to the compute service, others to the libvirt service so it needs to be included in both. Change-Id: I28557deb13b75922932cd3e86c3467a541c988d0
2017-07-18aodh: add gnocchi_external_project_owner configMehdi Abaakouk1-0/+5
gnocchi_external_project_owner is to configure who creates resources and metrics in Gnocchi (usually Ceilometer). So Aodh can create the right rbac rules. So the project name is 'service' for tripleo. We can't use the default set because puppet always uses 'services' and not 'service'. Change-Id: I6f7acc3a4cab29bc566d7becdc93ba3393f5c8fe
2017-07-18Ps Cinder: Added support for password less loginrajinir1-0/+4
Added missing san_private_key parameter used for password less SSH authentication. Change-Id: I6d7544b525055318aa567f9cbbe318d82bafacf0 Depends-On: 70db86d3366f85edf563aa73c533931a21cfab4d
2017-07-18Merge "Ensure yum cache is ready before update"Jenkins1-0/+2
2017-07-18Stop also openstack-swift-object-expirer when upgrading swift servicesCarlos Camacho1-0/+1
openstack-swift-object-expirer is not stopped when running the upgrade tasks so forth when changing to containers the service is still running after upgrading to docker. This service is added by default here: https://review.openstack.org/#/c/404149 But it wasnt stopped when running the upgrade tasks. Related also to this RHBZ#1470005 Change-Id: I8d5f195095d702057c3b2741127e7338d7451aad Closes-Bug: 1699444
2017-07-18Use optimal (instead of default) tunables for Ceph on upgradeGiulio Fidente1-2/+2
With the default setting, after the majority of the monitors have been upgraded the cluster will go in WARN state because of legacy tunables. This changes the tunables we set after each monitor is upgraded from 'default' to 'optimal' [1]. 1. http://docs.ceph.com/docs/master/rados/operations/crush-map/#warning-when-tunables-are-non-optimal Change-Id: I0f16c29cc200d762f0c4acfd87ba7d1adb5c1eeb Closes-Bug: #1704959
2017-07-18Merge "Corrected wrong os_region_name in glance-api conf file"Jenkins1-0/+1
2017-07-18Merge "Handles {controller,NovaCompute}ExtraConfig deprecation in ovecloud.j2"Jenkins1-27/+26
2017-07-17Set name property on missing deploymentsJames Slagle1-0/+1
To be consistent with all other SoftwareDeployment's in tripleo-heat-templates, this sets the name property on the deployments where it was missing. Change-Id: I8bc062d2af93acead240bd5e473ea385b2bf6cf2
2017-07-17Refactor iscsi initiator-name reset into separate serviceOliver Walsh1-0/+41
This currently assumes nova-compute and iscsid run in the same context which isn't true for a containerized deployment Change-Id: I11232fc412adcc18087928c281ba82546388376e Depends-On: I91f1ce7625c351745dbadd84b565d55598ea5b59 Depends-On: I0cbb1081ad00b2202c9d913e0e1759c2b95612a5
2017-07-17Handles {controller,NovaCompute}ExtraConfig deprecation in ovecloud.j2Giulio Fidente1-27/+26
We missed to parse and merge {controller,NovaCompute}ExtraConfig data in change [1]. Also fixes whitespaces handling in docker-steps.j2 and puppet-steps.j2 previously updated by [2]. 1. Id37de5864138edd5476c097a8a1f0763faeaf768 2. I36a642fbc2076ad9e4a10ffc56d6d16f3ed6f27a Change-Id: Ia9983bc991eb79e479855993c1c8819ddfb52e38
2017-07-17Merge "Add role_merged_configs into workflow executions environmentxi"Jenkins1-0/+8
2017-07-17Add composable services for the Veritas HyperScale.abhishek.kane2-0/+126
Add a composable service for each of: - the Veritas HyperScale's Cinder backend. - installing the Veritas HyperScale controller packages. Change-Id: I99ee827825ec2a6a3c695de1ca1c1015859fe398 Depends-On: I316b22f4f7f9f68fe5c46075dc348a70e437fb1d Depends-On: I9168bffa5c73a205d1bb84b831b06081c40af549 Signed-off-by: abhishek.kane <abhishek.kane@veritas.com>
2017-07-14Merge "Adds network/cidr mapping into a new service property"Jenkins184-0/+851
2017-07-14Merge "Support deprecated controllerExtraConfig naming in role template"Jenkins1-1/+27
2017-07-14Add role_merged_configs into workflow executions environmentxiGiulio Fidente1-0/+8
Merges per-role config settings into merged_config_settings which is wired into the workflow executions environment. Useful to consume role config settings from within a workflow. Change-Id: Id37de5864138edd5476c097a8a1f0763faeaf768
2017-07-14Merge "Disable systemd-networkd & systemd-resolved"Jenkins2-0/+8
2017-07-14Adds network/cidr mapping into a new service propertyGiulio Fidente184-0/+851
Makes it possible to resolve network subnets within a service template; the data is transported into a new property ServiceData wired into every service which hopefully is generic enough to be extended in the future and transport more data. Data can be consumed in service templates to set config values which need to know what is the subnet where a deamon operates (for example the Ceph Public vs Cluster network). Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-07-14Disable systemd-networkd & systemd-resolvedEmilien Macchi2-0/+8
Latest commits in puppet-systemd enabled by default systemd-networkd and systemd-resolved but we don't want to manage them for now in TripleO. MySQL and MongoDB services were managing some systemd resources so now we ensure that these 2 systemd services are disabled. In the future, we might want and activate these services and revert that patch but for now we want to disable them. Change-Id: I42c6c9b643a71a0fbb1768bbae91e8bfa916ea00 Closes-Bug: #1704145
2017-07-13Support deprecated controllerExtraConfig naming in role templateSteven Hardy1-1/+27
To enable backwards compatibility with rendering the controler-role template add this deprecated parameter for all roles - we should remove this in a future release after the tripleoclient warnings re deprecated parameters are available. Change-Id: Icce93a4109191609848ca216c946a32663753b93
2017-07-13Remove special-case of memcache node ips for ipv6Steven Hardy1-7/+0
This should be handled in puppet-tripleo, as is done for some other services e.g ceph. This has also been identified as a possible performance problem due to the nested get_attr calls. Change-Id: I7e14f0219c28c023c4e8e1d4693f0bfa9674d801 Related-Bug: #1684272 Depends-On: Iccb9089db4b382db3adb9340f18f6d2364ca7f58
2017-07-13Merge "Remove hardcoded enable_load_balancer from Controller role"Jenkins2-7/+5
2017-07-13Merge "Make NeutronEnableDVR parameter consistent"Jenkins1-2/+1
2017-07-13Merge "Make Rabbit parameters consistent"Jenkins1-3/+3
2017-07-13Merge "Make CephValidationDelay/Retries default consistent"Jenkins1-2/+2
2017-07-13Ensure yum cache is ready before updateLukas Bezdicka1-0/+2
To workaround yum bug with libnss we need to make yum cache before running update. In fact we should have done this regardless of the bug. Change-Id: I5b2355fb8abe3c8d4b9ce9c62b9ffdba8c1e8d9d Resolves: rhbz#1458841 Closes-Bug: #1703830
2017-07-13Corrected wrong os_region_name in glance-api conf filePranaliD1-0/+1
KeystoneRegion value for all endpoints is set as 'regionOne', it should be same in the configuration file. In case of Cinder as glance backend the os_region_name should be "regionOne" instead of "RegionOne". Currently CI is not failing because cinder backend scenario is not yet added. But this would definitely fail if os_region_name=RegionOne. Change-Id: I26811a404a20ea3c55f5b272f86d9269d0f6acec Closes-Bug: 1704060
2017-07-13Merge "Revert "Revert "Blacklist support for ExtraConfig"""Jenkins6-0/+96
2017-07-13Merge "Allow to set Notification Driver to 'noop'"Jenkins15-3/+106
2017-07-13Merge "Add DeployedServerEnvironmentOutput"Jenkins6-0/+234
2017-07-12Merge "Remove controller specific bootstack_nodeid"Jenkins1-4/+0
2017-07-12Merge "Remove ceilometer apache files on upgrade"Jenkins1-0/+41
2017-07-11Allow to set Notification Driver to 'noop'Emilien Macchi15-3/+106
This patch does 2 things: * Configure messagingv2 as default driver for Oslo Notifications sent on RPC. * Allow users to choose between messagingv2 (default) and noop when we want to disable notifications (for example, when Telemetry is disabled). * Deprecate KeystoneNotificationDriver in favor of NotificationDriver. Change-Id: Ia547d7f4bfb51e7c45246b097b48fd86da231bd3 Related-Bug: #1701357
2017-07-11Remove hardcoded enable_load_balancer from Controller roleSteven Hardy2-7/+5
This is associated with the haproxy service, so set the hieradata there instead. This is needed so we can render the controller role template via j2, and also if anyone ever wants to run haproxy on some role other then the Controller. Change-Id: I82b992afe42f6da7788f6efca2366863c3bf68f7 Partially-Implements: blueprint composable-networks
2017-07-11Remove controller specific bootstack_nodeidSteven Hardy1-4/+0
This has been replaced for some time by bootstrap_nodeid which isn't hard-coded to the Controller role. Change-Id: I2c172de13646e5b88cb9930a93ca71fcc990e522 Depends-On: I0a9fced847caf344e5d26b452f1bd40afab8f029
2017-07-10Fixing a bug when setting a password for ODL controllerItzik Brown1-0/+2
Change-Id: I301f73801e95e607ed28992e68528f17843a0b6c Closes-Bug: #1702435
2017-07-10Revert "Revert "Blacklist support for ExtraConfig""James Slagle6-0/+96
There is a Heat patch posted (via Depends-On) that resolves the issue that caused this to be reverted. This reverts the revert and we need to make sure all the upgrades jobs pass before we merge this patch. This reverts commit 69936229f4def703cd44ab164d8d1989c9fa37cb. Closes-Bug: #1699463 implements blueprint disable-deployments Change-Id: Iedf680fddfbfc020d301bec8837a0cb98d481eb5
2017-07-10Add DeployedServerEnvironmentOutputJames Slagle6-0/+234
Add a new output, DeployedServerEnvionmentOutput, that can be used as the contents of an environment file to input into a services only stack when using split-stack. The parameter simplifies the manual steps needed to deploy split-stack. By default, the resource that generates the output is mapped to OS::Heat::None. implements blueprint split-stack-default Change-Id: I6004cd3f56778f078a69a20e93a0eba0c574b3db
2017-07-10Merge "Modify generic role template to support custom networks"Jenkins1-121/+34
2017-07-07Remove ceilometer apache files on upgradePradeep Kilambi1-0/+41
Ceilometer API runs under apache. Since this service is deprecated and disabled in pike, we need to ensure the apache files are removed during upgrade. Change-Id: I0c0913e74396bd463f5a6da46f83512bab77b75e
2017-07-06Merge "Enable Neutron LBaaS Integration"Jenkins1-0/+70
2017-07-05Modify generic role template to support custom networksSteven Hardy1-121/+34
Render all per-network resources and interfaces via j2 to enable future support for custom networks via network_data.yaml Note this doesn't enable custom networks for the built-in roles as we skip j2 rendering for them, this will be resolved by converting them to use the generic role template instead of the hard-coded ones listed in the j2_excludes.yaml. Depends-On: I18fa3829ff38ac200550d8e36bbe334c0005da22 Change-Id: I49565f9389f3ec9aef4861e23a3bed64a85501e6 Partially-Implements: blueprint composable-networks