Age | Commit message (Collapse) | Author | Files | Lines |
|
This sets the keystone notification topics only if ceilometer is
enabled. This mitigates the issue of keystone sending notifications
when nobody is receiving them.
Closes-Bug: #1729293
Depends-On: I4dcce73446633c08ea37ba567610eec398094036
Change-Id: I063af5e642388acc180cb8e728481c5a36cc8ddc
(cherry picked from commit 4adb82d03ddd72191bb379f277374a0a5720bbc4)
|
|
Due to the fact that it doesn't use a separate CA (or sub CA) for
libvirtd, and that proper SASL is not being used. We are disabling this
option since it doesn't meet the appropriate security requirements.
We'll look into adding this back once these issues get fixed.
Change-Id: I6a5e4db1b6dd6bc8b7e73e53b614b070d15b8a23
Closes-Bug: #1730370
(cherry picked from commit 645757cbd6bdb1a1b75cb4aa8acce80a178099ce)
|
|
This was previously conflicting with the InternalApiNetCidr value in
environments/network-environment.yaml.
Change-Id: I3f1cb6f056fb19a1ba93d1076191abe7aca4fa21
Depends-On: Ie803b33c93b931f7fefb87b6833eb22fd59cd92d
Closes-Bug: #1726773
(cherry picked from commit 509209a29be1ac3e72d6ea97eaf328760693daaf)
|
|
|
|
|
|
When using RHSM with a proxy, we want to make sure the proxy can be
reached. This patch verify that a tcp socket can be open from the client
to the proxy.
This patch also does a bit of refactoring:
- --retry-delay 10 --max-time 30 is now used in a parameter everytime we
use curl.
- proxy options are now used everytime curl is used, even for detecting
which version of Satellite is running, now we use proxy options.
Co-Authored-By: Vincent S. Cojot <vincent@cojot.name>
Change-Id: I4dcac1528c10f698338383445e27c8a613f9bcd9
Closes-Bug: #1724970
(cherry picked from commit f4e46f4b3ddac3f536a3a1955c91447e8b26ffca)
|
|
When deploying with RHSM, sat-tools 6.2 will be installed instead of 6.1.
The new version is supported by RHEL 7.4 and provides katello-agent package.
Change-Id: I04a9feab02bf606ad6ca923a17947dcca30258da
Closes-Bug: #1728638
(cherry picked from commit b248ae1447940f81513be9904a24197bd4af1126)
|
|
The format which ceph-ansible uses to describe the list of pools
to be created in the cluster is different from the one which
puppet-ceph uses; this commit updates the description and the
the docker templates accordingly.
Change-Id: I1e5b2c3cbf6ae02c19a2275ca119fed6e173319d
Closes-Bug: #1720373
(cherry picked from commit c10aa7a0439fb7d8e8e964e75d73f3cbb54aa9ec)
|
|
|
|
For deployments running on RHEL with Satellite 6 (or beyond) with
Capsule (Katello API enabled), the Katello API is available
on 8443 port, so the previous API ping didn't work for this case.
Capsule is now supported since we just check if katello-ca-consumer-latest
rpm is available to tell that Satellite version is 6 or beyond.
Closes-Bug: #1716777
Change-Id: If76763b367917fc15f609ad144679750602826eb
(cherry picked from commit ad3ea5bb7a2ee2cb1ae6b1d21b2f0b5a177c9fc6)
|
|
This adds a heat-api-cloudwatch-disabled.yaml and wires it up in
the resource registry. During the Ocata to Pike upgrade this service
will thus be stopped and disabled by default.
If you wish to keep the Heat Cloudwatch API then you should instead
use the provided heat-api-cloudwatch.yaml environment file.
Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6
Related-Bug: 1713531
(cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)
|
|
|
|
stable/pike
|
|
This reverts commit 520be6bb4056ead8e6fad08ad96e99f7da5b341e.
This introduced a bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1501515
where during upgrade, the previous heat resource would for the
InternalApi network would have the incorrect name "Internal" and the
upgrade would try to delete the resource in order to create
"InternalApi". This needs to be reverted and a proper fix will be
submitted that accounts for this upgrade scenario.
Related-Bug: #1718764
Change-Id: Id906fac421db317ce48d5cecfcd43397a0f4ab3d
|
|
Currently when a network in network_data is disabled it no port
definitions for that network will be created per role. This results in
no fallback to the ctlplane IP because overriding a type in
network-isolation to noop.yaml does nothing when the port does not exist
for the role.
This patch changes the IPs when a network is disabled to be the same IPs
as ctlplane and fixes the issue, along with removing the need to use
noop.yaml override for ports (non-vip).
Closes-Bug: 1721542
Change-Id: I301370fbf47a71291614dd60e4c64adc7b5ebb42
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 9285cb5fc99331ca63ff09df59f26b6018bc781b)
|
|
Adds a UpgradeRemoveUnusedPackages param to use
in the ansible when conditional for the removal
Adds package removal to step2 right after a service
is stopped and disabled on step2. Package updates
happen in step3 so ideally remove before that.
The package removal task has ignore_errors true
so dependencies or other issue removing packages will
not fail the upgrade workflow.
Also adds this to the upgrade environment files
for visibility and defaulting false
Change-Id: Ie4e4a2d41f7752c5a13507a7c15c6f68e203cfca
Related-Bug: 1701501
(cherry picked from commit ce0ef2fa207698c1ae61c1620fe3c5e8d1c7bfca)
|
|
|
|
Closes-Bug: 1720823
Change-Id: I239cc9f827fe99a553f9c18b80336bc6ce0b1d14
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit ba5436099d37898e418406f8b4376923e14f4c89)
|
|
With the dynamic Jinja2 rendering for networks, the heat resource for
Internal API network was accidentally being renamed to:
OS::TripleO::Network::Internal
when it should be the same as previous versions:
OS::TripleO::Network::InternalApi
This patch removes the 'compat_name' which was overriding the network
name for rendering the resource. This patch also removes the
compat_name functionality from the network/networks.j2.yaml file
since it is no longer needed.
Closes-Bug: 1718764
Change-Id: If756cddd91933edb303cc056515d98b941a3eb14
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 97244b942d29d2b5acd7a3eb07acdba0d9b99677)
|
|
Closes-Bug: 1718997
Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit 253d9b9107aa158af5bcdafe510ecd96658ef137)
|
|
|
|
This adds a new config/deployment per role that will come after any
post deploy steps. It drives the same ansible config as the
upgrade_tasks but instead collects the post_upgrade_tasks for any
service in the given role.
The workflow is upgrade_tasks, then post deploy steps (either
puppet/ or docker/ depending on the env) and then the
post_upgrade_tasks added here.
This is added to the pacemaker/cinder-volume.yaml service for now
see the bug below for more info
Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680
Closes-Bug: 1706951
(cherry picked from commit 2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
|
|
Using the service_ prefix seems incoherent with its use in
service_config_settings (vs config_settings).
Change-Id: Ia39f181415bee0071409dabddfa0c5c312915e1f
(cherry picked from commit 09137304b98a02ed024c0288da907cfe35ca5fe1)
|
|
|
|
|
|
Store the httpd logs under dedicated /var/log/containers/httpd/
paths.
Additionally, add release notes describing upgrade impact
for containerized services logs.
Closes-bug: #1700045
Change-Id: I8120c56f2315700862bd0f708b8baa8910275b09
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit 287e84585ca9170570ce8d06eebd7f9a3ec3345c)
|
|
QoS is not fully supported and fails to load correctly with
networking-odl. Therefore disabling it from Neutron extension drivers
until we have it fully working.
Change-Id: I89aa3628c1400305f9659f5c0c99942a7fa7d19e
Closes-Bug: 1708131
(cherry picked from commit cfd0d185a93ac2922e233e268a32c3574bee37bf)
|
|
ODL now uses a websocket port to update the port status to Neutron.
This port (8185) was blocked so port updates were never received in
Neutron and instances would not come up properly. This patch opens the
port for ODL deployments.
Closes-Bug: 1715484
Change-Id: Ic59b224c67c02b56b0273700e8e2aa85ae6f8c88
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit e2558c4a665345e67fcc784c21188bdf06ff1126)
|
|
stable/pike
|
|
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting
to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK
Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726
Closes-Bug: #1710614
(cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
|
|
|
|
|
|
This change adds support for manila::backend::dellemc_isilon
Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd
Implements: blueprint dellemc-isilon-manila
(cherry picked from commit f6c9906d51fb3268b7a7d61d53181ab5d3c0d2ec)
|
|
This change adds support for manila::backend::dellemc_vmax
Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b
Implements: blueprint dellemc-vmax-manila
(cherry picked from commit 04daabdc8414e4435dc4cd3ccfea9a62b5631261)
|
|
It was being set using NeutronAdmin endpoint but it is an
authorization url. Set it using KeystoneInternal endpoint.
Change-Id: I23f4a895628ac909a1fe1f93cecefa84f25858b1
Closes-Bug: #1712908
(cherry picked from commit 7380183cf590b74f5ad84bb40a8afa08979c235b)
|
|
This change adds a new define for cinder::backend::dellemc_vmax_iscsi
Change-Id: I7c685e0a3186da138964f17b487fb0c3533f58c7
Implements: blueprint dellemc-vmax-isci
(cherry picked from commit c77189905525c6fe834e001f2231b9eab788cd01)
|
|
This change renders the IPv6 versions of the isolated
networks using j2. To allow for backward compatibility,
there will be 2 versions of the network definitions,
<network>.yaml and <network>_v6.yaml. If the ip_subnet
contains an IPv6 address, or if ipv6: true is set on the
network definition in network_data.yaml, then the
<network>.yaml version will contain an IPv6 definition,
otherwise the <network>.yaml will be IPv4, and the
<network>_v6.yaml will be IPv6.
In a future follow-up patch, we will probably only
create the required versions of the networks, either
IPv4, IPv6, not both.
The ipv6_subnet, ipv6_allocation_pools, and ipv6_gateway
settings in the network_data.yaml definition file are
used for the <network>_v6.yaml network definition.
Note that these subnet/cidr/gateway definitions only set
the defaults, which can be overridden with parameters
set in an environment file.
Since the parameters for IP and subnet range are the
same (e.g. InternalApiNetCidr applies to both IPv4/v6),
only one version can be used at a time. If an operator
wishes to use dual-stack IPv4/IPv6, then two different
networks should be created, and both networks can be
applied to a single interface.
Note that the workflow for the operator is the same as
before this change, but a new example template has been
added to environments/network-environment-v6.yaml.
Change-Id: I0e674e4b1e43786717ae6416571dde3a0e11a5cc
Partially-Implements: blueprint composable-networks
Closes-bug: 1714115
(cherry picked from commit dd299f08bd6b1df43760148d83ce9b6e09ba6572)
|
|
ovn-dbs pacemaker bundle resources are created for supporting
Master/Slave HA. puppet-tripleo already supports creating
ovn-dbs bundle resources. The heat template added in this patch
makes use of this.
Closes-bug: #1699085
Change-Id: I23c2d312cfb144f9afc14f0982a92670dc29d74c
(cherry picked from commit 444a39f5983e71e3222b6b7f8f523fce60aeece7)
|
|
|
|
|
|
|
|
This change adds support for manila::backend::dellemc_vnx
Change-Id: I5fa5c2d6956429d1b9c12a5af6d4a887ed0624d9
Implements: blueprint dellemc-vnx-manila
(cherry picked from commit a3debcfa8b2cbb3acaba292e082b0a3b0ee8ef54)
|
|
This change adds support for manila::backend::dellemc_unity
Change-Id: Idec67d190b12359e8e6f1c157577088fa84ef41d
Implements: blueprint dellemc-unity-manila
(cherry picked from commit c5ee7b7714c712807f33ca1645186d33103a2264)
|
|
Since the event pipeline publisher defaults in the heat templates are
different from what puppet sets. We need to have the Manage to true so
override takes effect. Without this we keep defaulting back to puppet
defaults. We can flip this back to false once panko:// is droppped as
a supported option from the pipeline.
Change-Id: I2248c165783dddfb4cb7cf5644884dd8f6e6ed63
(cherry picked from commit 941b5d6797ea54afbc7b822ee045ce1186627e7c)
|
|
Leave the version fields blank, since the release notes document
applies to all versions.
That will avoid manual changes in the future like we did until now.
Change-Id: Ibb33ade808c9866b5314b7dda60a44000089a467
(cherry picked from commit 4782394044a8f66de63db7772b7a5992a781cc57)
|
|
|
|
when running manila-share under control of pacemaker, as
is done for cinder-volume service in the same circumstance.
Change-Id: Ic97f01913bae2a388c962a38fa175eb1d763cdcb
Depends-On: Ie31f2d5ccf458f5fcfe8bec5f2c37f45070cfde2
Closes-Bug: #1712842
(cherry picked from commit 8fa6c6e58c7ac0d32bf2f0dfb586683cf006e3bf)
|
|
This patch adds the support to containerize OVN services for the
base profile.
OVN db servers do not support active-active mode yet. It does support
master-slave mode supported through pacemaker, which will be supported
in a later patch.
Presently the tripleo container framework doesn't allow to start a
container in only controller 0 (or bootstrap node). OVN db servers and
ovn-northd are started on all the controllers, but only the OVN db
servers running in the boot strap controller are configured to listen
on the tcp ports 6641 and 6642. OVN neutron mechanism driver
and ovn-controller's use the ovn_dbs_vip to connect to the OVN db servers.
Haproxy configures all the controllers as back ends, but only OVN db
servers running on controller 0 respond since only they are configured
properly.
The OVN containers running on other controller nodes do not interact
any way, but are wasteful resources.
This patch also adds the scenario007-multinode-containers CI template.
Partial-bug: #1699085
Change-Id: I98b85191cc1fd8c2b166924044d704e79a4c4c8a
(cherry picked from commit e7cd03d2f0fcd8e3069246ced94f1a83869b8bea)
|
|
This containerises Barbican API in TripleO
Change-Id: Icc5e9841ea48c806af4db61cd6de5e9a7a40a988
Partial-Bug: 1668924
Depends-On: I6b5ec18ccdd51b90ff27ff7d4341260dfba71e4e
(cherry picked from commit 6d338b809accea4d3ba09ca8363b1a97ed79b658)
|
|
This is required for t-h-t to generate the appropriate hieradata.
Change-Id: I9b451eac4427a52ad8eec62ff89acc6c6d3ab799
Closes-Bug: #1712328
|