Age | Commit message (Collapse) | Author | Files | Lines |
|
Add some special-casing for backwards compatibility, such that the
ObjectStorage role can be rendered via j2 for support of composable networks.
Change-Id: I52abbefe2f5035059ccbed925990faab020c6c89
Partially-Implements: blueprint composable-networks
|
|
Add some special-casing for backwards compatibility, such that the
Compute role can be rendered via j2 for support of composable networks.
Change-Id: Ieee446583f77bb9423609d444c576788cf930121
Partially-Implements: blueprint composable-networks
|
|
Add deprecated role-specific parameters to role definition, in
order to special-case some parameters for backwards compatibility,
such that the Controller role can be rendered via j2 for support
of composable networks.
Co-Authored By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: I5983f03ae1b7f0b6add793914540b8ca405f9b2b
Partially-Implements: blueprint composable-networks
|
|
It wasn't being configured, thus making mongodb fail.
Change-Id: If0d7513aacfa74493a9747440fb97f915a77db84
Closes-Bug: #1710162
|
|
|
|
|
|
This de-couples public TLS from controllers to now run wherever HAProxy
is deployed.
Partially-Implements: blueprint composable-networks
Change-Id: I9e84a25a363899acf103015527787bdd8248949f
|
|
|
|
We allow using multiple registries (e.g. for OpenStack vs. Ceph
container images). We should allow it also in the insecure registry
configuration.
Change-Id: Icf4a51baf2a230b3fa0d5ced0e9cd1983cd93fb0
Closes-Bug: #1709310
Depends-On: I5cddd20a123a85516577bde1b793a30d43171285
|
|
|
|
Run virsh secret-define and secret-set-value in an init step
instead of relying on the puppet-nova exec.
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: Ic950e290af1c66d34b40791defbdf4f8afaa11da
Closes-Bug: #1709583
|
|
Right now when we deploy an HA bundle on a pacemaker remote node,
the deploy will fail due to the fact that the bundle includes
tripleo::profile::base::pacemaker which makes a call to
hiera('hacluster_pwd') which will fail on pcmk remote nodes.
While we could noop the profile on pcmk nodes, it's much simpler
to just make sure this hiera key exists on pcmk remote nodes.
Also make sure that pacemaker::corosync::manage_fw is set to false
on remote nodes, otherwise the mere inclusion of the pacemaker
profile will cause iptables-save to run in a container and thus failing.
Change-Id: I09b3e54a470cc2d600a701d23463962501c5c9d6
|
|
We got to ensure that the cinder-manage db sync is run on only one
controller.
Change-Id: I88a6aa4c49d893b95a26795fbfcf163a780fd0bc
Closes-Bug: #1709315
|
|
this removes the hardcoded paths for the haproxy certs and keys and will
enable re-use. We'll use this in a further commit in the containterized
TLS work.
Change-Id: I602e5a569e2e7e60835deb80532abcedd7a1f63d
|
|
Using a string results in an erroneous check in puppet-keystone, which
sets up a zero where it shouldn't. So we change it to number to avoid
that. Note that there will also be a puppet-keystone fix for this.
Changing the value here assures that deployers only give valid values to
this parameter.
Change-Id: I00823e23358df91ce54f421c12636f05d4196e15
Closes-Bug: #1708584
|
|
|
|
This moves the directories containing the certs/keys for haproxy one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.
bp tls-via-certmonger-containers
Depends-On: Iba3adb9464a755e67c6f87d1233b3affa8be565a
Change-Id: I73df8d442b361cb5ef4e343b4ea2a198a5b95da9
|
|
|
|
Since we now support zaqar:// publisher, Enhance the description to indicate
how to set the zaqar publisher.
Change-Id: Ib7eba98d199fade2346620672e33b74686d4685b
|
|
|
|
Adding composable services for Nuage mechanism driver for ML2. This
is separate from Nuage as the core plugin and intentional duplication
of Nuage under puppet services. Parameters required for working of
Nuage as mechanism driver are also added.
Change-Id: I2b564610721152c4f4dab9da79442256ba8d0b33
|
|
|
|
|
|
|
|
There is logic in nova-base.yaml that depends on the default for
this parameter being '', and the nova-compute service only needs it
set to auto during upgrade. That will be done by [1] anyway, so it
doesn't matter what the default is. It's also not clear to me that
the nova-compute task is even needed now that we're post-Ocata, but
that's not a change I feel comfortable making.
1: https://github.com/openstack/tripleo-heat-templates/blob/master/environments/major-upgrade-composable-steps.yaml
Change-Id: Iccfcb5b68e406db1b942375803cfedbb929b4307
Partial-Bug: 1700664
|
|
These are mostly the low hanging fruit that only required a few
minor changes to fix. There are more that require a lot of changes
or might be more controversial that will be done later.
Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62
Partial-Bug: 1700664
|
|
The key_name default is ignored because the parameter is used in
some mutually exclusive environments where the default doesn't
need to be the same.
Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7
Partial-Bug: 1700664
|
|
We install redis if its not already there, but we should also
ensure redis service is started in the next step 4.
related to issues we're seeing in I284de61bbefac9e9b37390650016643ffe38b5cc
Change-Id: Ic01db53ea8669f14e87f6987045b2be5a3480024
|
|
|
|
Without this config defaults to undef in containers
Change-Id: Id47f365364e7b0d399de92995871b136550cd625
|
|
|
|
|
|
networking-odl no longer supports the network-topology port
binding controller and instead now relies on a pseudo-agent binding
controller. This means that each OVS node must be configured with
host configuration in OVSDB about which VIF types, network types,
functions, etc that this OVS node supports. The end result is this
affects where nova and neutron will schedule instances.
Changes Include:
- Modifying default port binding controller to use pseudo agent
- Adds necessary per role parameters to be able to configure host
config on a per role basis to allow for heterogenous compute node
configurations.
Change-Id: I50458abf6a8a6bf724ad97accb6444d9c497d287
Closes-Bug: 1674995
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml)
is started only on compute nodes. But for the cases where the controller nodes
provide the north/south traffic, we need ovn-controller service runninng in controller
nodes as well.
This patch
- Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more
sense and sets the service name as 'ovn-controller'.
- Adds the service 'ovn-controller' to Controller and Compute roles.
- Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml
Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3
Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53
Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5
|
|
The iscsid service definition has a typo, config_setting should
read config_settings
Change-Id: I12605dba61fd5f6ce80c3ab78e883ed5ebf3ca62
|
|
This sets the SSL flag in the docker service and expose the parameter in
the docker service.
Depends-On: I4c68a662c2433398249f770ac50ba0791449fe71
Change-Id: Ic3df2b9ab7432ffbed5434943e04085a781774a0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is currently included in the controller-role template, so we need
to add it to the generic role.role.j2.yaml in order to convert the
controller-role template to be rendered via j2
Change-Id: I01bf01c8a31e4cc26f202dd1774845ec33f50bcd
Partially-Implements: blueprint composable-networks
|
|
Allow the user to set a specific Tuned profile on a given host.
Defaults to throughput-performance
Change-Id: I0c66193d2733b7a82ad44b1cd0d2187dd732065a
|
|
This patch moves Contrail roles communication from public/external
to internal_api network for OpenStack API.
It also adds the option to enable dpdk.
Monolithic firstboot script is broken down into small pre-network
and per-node extraconfig scripts
Change-Id: I296a3bf60cef6fa950fd71d6e68effe367d1e66b
Closes-Bug: 1698422
|
|
|
|
|
|
|