Age | Commit message (Collapse) | Author | Files | Lines |
|
This section will be needed for TLS-everywhere. So it should be added as
optional in the yaml-validate.
Change-Id: Ic6ea563b6c8e454cb51f640bb5aaa3adda82a5dd
|
|
This implements a host_prep_tasks hook where we can specify Ansible
tasks to perform on the host before deploying containerized
services. The hook runs in a single step, the assumption is that we will
mostly use the hook for creating per-service directories on the host to
ensure we are able to mount them into the containers. (We cannot do this
operation via Puppet because all containerized services run their Puppet
within a config container, so Puppet doesn't have access to host's
filesystem.)
Change-Id: I7d8bac39e0cd422fd651eefe29f7d10941ab4a1a
|
|
This patch adds the beginning of a set of unit tests
for the new docker services templates. This should help
us the new interfaces as they evolve.
Change-Id: I98a73cf090ebab4593a682f5f34c0950d37e010c
|
|
Until bug #1635409 is fixed we'll have to keep the default list
of services deployed by hyperconverged-ceph.yaml in sync with the
ServicesDefault list provided in roles_data.yaml
This change adds some logic in the templates validation script to
ensure that is preserved with future updates.
Change-Id: Ib767f9a24c3541b16f96bd6b6455cf797113fbd8
|
|
When fixing LP#1643487 we added ?bind_address to all DB URIs.
Since this clashes with Cellsv2 due to the URIs becoming host
dependent, we need a new approach to pass bind_address to pymysql
that leaves the DB URIs host-independent.
In change Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18 we first create a
/etc/my.cnf.d/tripleo.cnf file with a [tripleo] section with the correct
bind-address option.
In this change we make sure that the DB URIs will point to the added
file and to the specific section containing the necessary bind-address
option. We do introduce a new MySQLClient profile which will hold all
this more client-specific configuration so that this change can fit
better in the composable roles work. Also, in the future it might
contain the necessary configuration for SSL for example.
Note that in case the /etc/my.cnf.d/tripleo.cnf file does not exist
(because it is created via the mysqlclient profile), things keep on
working as usual and the bind-address option simply won't be set, which
has no impact on hosts where there are no VIPs.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: Ieac33efe38f32e949fd89545eb1cd8e0fe114a12
Related-Bug: #1643487
Closes-Bug: #1663181
Closes-Bug: #1664524
Depends-On: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
|
|
This reverts the changes in https://review.openstack.org/414629 for nova as
they are incompatible with cell_v2.
This is a temporary fix for HA while a long-term solution is developed.
Change-Id: I79d30a2d76a354999152c0c997ea77f104c51027
Related-bug: #1643487
Closes-bug: #1662344
|
|
Currently we are applying this validation for the services templates, this
submission moves it to run with all templates.
Also fixed those templates not using the alias name.
Change-Id: I3a2c0ce6adcc8061fdc51f73fdc6b9748c0fead9
|
|
this attempts to make the error message more useful. This error message
happens if the environment files containing endpoint map overrides
haven't been updated to match the base endpoint map (or the defaults).
Change-Id: If53d3a9d7848aed62ebb235afe8b14c18d1b284d
|
|
Quick verification to check that the release name
is used instead the date.
Im also adding here all the updated templates required
to pass the check and merge this check as soon as possible.
Change-Id: Ifdc9ac4a9d0a4872d3e21672c93fc87da2e68a4e
|
|
This validation checks that the TLS-related environment files contain
all of the services defined in the base endpoint map. This will
hopefully help to keep them updated.
Change-Id: I58df72e104d8eb74e577484405f15e0a6f92d0ce
|
|
When a service connects to the database VIP from the node hosting this
VIP, the resulting TCP socket has a src address which is by default
bound to the VIP as well. If the VIP is failed over to another node
while the socket's Send-Q is not empty, TCP keepalive won't engage and
the service will become unavailable for a very long time (by default
more than 10m).
To prevent failover issues, DB connections should have the src address
of their TCP socket bound to the IP of the network interface used for
MySQL traffic. This is achieved by passing a new option to the
database connection URIs. This option is available starting from
PyMySQL 0.7.9-2.
We use a new intermediate variable in hiera to hold the IP to be used
as a source address for all DB connections. All services adapt their
database URI accordingly.
Moreover, a new YAML validation check is added to guarantee that new
services will construct their database URI appropriately.
Change-Id: Ic69de63acbfb992314ea30a3a9b17c0b5341c035
Closes-Bug: #1643487
|
|
The first step of generating the Service chain resources via j2,
we'll then incrementally convert other resources to be created
in a similar way.
Partially-Implements: blueprint custom-roles
Depends-On: I81239991f36ed5f6453184bf9cffe930832cb68b
Change-Id: Iafa9b2afddf18a5a9833ec472a552fb256338b38
|
|
Skips the unused parameter warning for required parameters.
Change-Id: I71ad4ab9f6e6c63e3f01b8cc9c72262f1958331e
|
|
This patch adds a new DefaultPasswords parameter to
composable services. This is needed to help provide
access to top level password resources that overcloud.yaml
currently manages (passwords for Rabbit, Mysql, etc.).
Moving the RandomString resources into composable services
would cause them to regenerate within the stack. With this
approach we can leave them where they are while we deprecate
the top level mechanism and move the code that uses the
passwords into the composable services.
Change-Id: I4f21603c58a169a093962594e860933306879e3f
|
|
This will be needed to pick the network where the service has
to bind to from within the service template.
Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
|
|
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml
we have a lot of references to services (e.g for AllNodesConfig)
by underscore, e.g cinder_api. To enable dynamic generation of
this data, we need the service name in underscore format.
Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
|
|
This patch adds a new service_name section to each composable
service. We now have an explicit unit test check to ensure that
service_name exists in tools/yaml-validate.py.
This patch also wires service_names into hieradata on each
of the roles so that tools can access the deployed services locally
during deployment and upgrades.
Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
|
|
Output a warning for parameters which look unused, this should help
developers clean up the template a bit, and eventually could maybe
be developed further into something we can use for gating.
Change-Id: Ide4fbe3c85854cbddee44801d39ae73003d63bb8
|
|
For developer usage it's helpful to have the choice to provide either
an individual files, list of files, or some mix of files and directories
as you don't necessarily want to walk everything all the time.
Change-Id: I050de123bba51402a0dbb42d71e97fd27d7ce4bc
|
|
Adds a "validate" tox env for basic sanity checking of templates.
Currently it just validates that all of the .yaml files are in fact
valid YAML. In the future we might want to add more, but this
seemed like a reasonable start.
Change-Id: I8091bbad0003b150e23dae5de4f465053c982229
|