Giulio Fidente [Thu, 20 Jul 2017 11:44:57 +0000 (13:44 +0200)]
Disable env evaluation in workflow executions
This is so that Mistral does not try to resolve the occurrences
of {{ or <% as jinja/jaql in the environment data.
Change-Id: Id654c336d072a6248570274401857756c6f6e706
marios [Tue, 4 Jul 2017 13:52:26 +0000 (16:52 +0300)]
Remove non-containerized pacemaker resources on upgrade
Adds upgrade_tasks to remove the pacemaker resources using the
ansible-pacemaker module.
Resources are disabled and removed in step2 (called only on
bootstrap node) and then the cluster stop is moved to step3
The existing systemd/service call is kept but only to disable
services after they are disabled/deleted from the cluster.
Related-Bug:
1701485
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: Ia597d240ea5834c50a8f6c4fac0b6ed417b8535c
OpenStack Proposal Bot [Wed, 19 Jul 2017 22:32:37 +0000 (22:32 +0000)]
Updated from global requirements
Change-Id: I097c141e4bf9d681d1f3484fea0bce1fac7646c9
Jenkins [Wed, 19 Jul 2017 21:25:09 +0000 (21:25 +0000)]
Merge "Wrap ceilometer-upgrade in boostrap_host_exec"
Jenkins [Wed, 19 Jul 2017 21:24:49 +0000 (21:24 +0000)]
Merge "Fixing a bug when setting a password for ODL controller"
Victoria Martinez de la Cruz [Wed, 19 Jul 2017 19:09:05 +0000 (16:09 -0300)]
Add containerized manila-share to CI
Manila Share THT has been merged, so it should be added
to the containerized multinode environment in CI.
Change-Id: I6bb28e1f5e57b427aafb152d41ec40c807eaa7fa
Jenkins [Wed, 19 Jul 2017 18:09:32 +0000 (18:09 +0000)]
Merge "Use optimal (instead of default) tunables for Ceph on upgrade"
John Eckersberg [Wed, 19 Jul 2017 15:28:39 +0000 (11:28 -0400)]
Increase default RabbitMQ/Erlang TCP timeout from 5 to 15 seconds
This should be greater than the default value of
corosync_token_timeout, which is 10 seconds. That way, if an entire
cluster node is unavailable, appropriate fencing measures can occur.
With the current settings, it is possible for brief network
interruptions, greater than 5 seconds, but less than 10 seconds, to
occur. This can cause the RabbitMQ cluster to fail in subtle ways,
but no corrective action taken by pacemaker.
Change-Id: I735d43616c5c623c4398d924713012f595b2e5f9
Thomas Herve [Wed, 12 Jul 2017 14:54:23 +0000 (16:54 +0200)]
Stop Heat WSGI services on docker upgrade
As we made the migration to HTTPd during the same cycle, we didn't
include stopping the WSGI services before the upgrades. This handles the
case, and fixes an issue with the puppet upgrade as well.
Change-Id: I54ba6214d4bf052c0d840d5bbce2b524d82b7017
Closes-Bug: #
1699443
Giulio Fidente [Wed, 19 Jul 2017 13:15:42 +0000 (15:15 +0200)]
Add nova::compute::rbd setting into nova-libvirt profile
Some of the tasks carried by nova::compute::rbd class apply to the
compute service, others to the libvirt service so it needs to be
included in both.
Change-Id: I28557deb13b75922932cd3e86c3467a541c988d0
Matthias Runge [Wed, 12 Jul 2017 12:20:27 +0000 (14:20 +0200)]
Make collectd run as root inside the container
that is the RPM package default anyways.
Also add /var/log/collectd for logging to the container.
Change-Id: I3e71c63c55f0fd71ad8e61547402d0eb94b455f6
James Slagle [Wed, 19 Jul 2017 00:01:06 +0000 (20:01 -0400)]
Use static environment for deployed-server neutron mappings
We can't include these mappings for the deployed-server neutron ports
when using split-stack in the generated environment file because the
path to the actual templates directory is not known from with the
templates themselves.
This patch removes the mappings from the generated environment from the
stack output and adds a static environment file with relative paths that
will have to be included on the deploy command cli instead.
Change-Id: Id4b8c939fa7b26205609819b66e76bf73c9890d0
Closes-Bug: #
1705144
Mehdi Abaakouk [Tue, 18 Jul 2017 14:16:51 +0000 (16:16 +0200)]
aodh: add gnocchi_external_project_owner config
gnocchi_external_project_owner is to configure who creates resources and
metrics in Gnocchi (usually Ceilometer). So Aodh can create the right rbac rules.
So the project name is 'service' for tripleo. We can't use the default
set because puppet always uses 'services' and not 'service'.
Change-Id: I6f7acc3a4cab29bc566d7becdc93ba3393f5c8fe
rajinir [Mon, 26 Jun 2017 19:17:02 +0000 (14:17 -0500)]
Ps Cinder: Added support for password less login
Added missing san_private_key parameter used for password less SSH
authentication.
Change-Id: I6d7544b525055318aa567f9cbbe318d82bafacf0
Depends-On:
70db86d3366f85edf563aa73c533931a21cfab4d
Jenkins [Tue, 18 Jul 2017 17:19:19 +0000 (17:19 +0000)]
Merge "Allow modprobing from cinder-volume container"
Jenkins [Tue, 18 Jul 2017 17:18:18 +0000 (17:18 +0000)]
Merge "LVM in cinder-volume container without udev"
Jenkins [Tue, 18 Jul 2017 11:51:07 +0000 (11:51 +0000)]
Merge "Ensure yum cache is ready before update"
Carlos Camacho [Tue, 18 Jul 2017 10:14:36 +0000 (12:14 +0200)]
Stop also openstack-swift-object-expirer when upgrading swift services
openstack-swift-object-expirer is not stopped when
running the upgrade tasks so forth when changing to
containers the service is still running after upgrading
to docker.
This service is added by default here: https://review.openstack.org/#/c/404149
But it wasnt stopped when running the upgrade tasks.
Related also to this RHBZ#
1470005
Change-Id: I8d5f195095d702057c3b2741127e7338d7451aad
Closes-Bug:
1699444
Giulio Fidente [Tue, 18 Jul 2017 09:03:35 +0000 (11:03 +0200)]
Use optimal (instead of default) tunables for Ceph on upgrade
With the default setting, after the majority of the monitors have
been upgraded the cluster will go in WARN state because of legacy
tunables. This changes the tunables we set after each monitor is
upgraded from 'default' to 'optimal' [1].
1. http://docs.ceph.com/docs/master/rados/operations/crush-map/#warning-when-tunables-are-non-optimal
Change-Id: I0f16c29cc200d762f0c4acfd87ba7d1adb5c1eeb
Closes-Bug: #
1704959
Jenkins [Tue, 18 Jul 2017 06:29:58 +0000 (06:29 +0000)]
Merge "Enable Neutron LBaaS Integration"
Jenkins [Tue, 18 Jul 2017 05:01:52 +0000 (05:01 +0000)]
Merge "Corrected wrong os_region_name in glance-api conf file"
Jenkins [Tue, 18 Jul 2017 02:45:56 +0000 (02:45 +0000)]
Merge "Improve logs from ansible, puppet, docker-puppet.py"
Jenkins [Tue, 18 Jul 2017 02:45:49 +0000 (02:45 +0000)]
Merge "Handles {controller,NovaCompute}ExtraConfig deprecation in ovecloud.j2"
Jenkins [Tue, 18 Jul 2017 02:14:48 +0000 (02:14 +0000)]
Merge "Add ComputeHCI role and related validations"
Jenkins [Mon, 17 Jul 2017 22:27:45 +0000 (22:27 +0000)]
Merge "CI/scenarios: set NotificationDriver to 'noop'"
James Slagle [Mon, 17 Jul 2017 16:00:35 +0000 (12:00 -0400)]
Set name property on missing deployments
To be consistent with all other SoftwareDeployment's in
tripleo-heat-templates, this sets the name property on
the deployments where it was missing.
Change-Id: I8bc062d2af93acead240bd5e473ea385b2bf6cf2
Oliver Walsh [Mon, 10 Jul 2017 14:51:20 +0000 (15:51 +0100)]
Refactor iscsi initiator-name reset into separate service
This currently assumes nova-compute and iscsid run in the same context which
isn't true for a containerized deployment
Change-Id: I11232fc412adcc18087928c281ba82546388376e
Depends-On: I91f1ce7625c351745dbadd84b565d55598ea5b59
Depends-On: I0cbb1081ad00b2202c9d913e0e1759c2b95612a5
Giulio Fidente [Mon, 17 Jul 2017 08:15:13 +0000 (10:15 +0200)]
Handles {controller,NovaCompute}ExtraConfig deprecation in ovecloud.j2
We missed to parse and merge {controller,NovaCompute}ExtraConfig data
in change [1].
Also fixes whitespaces handling in docker-steps.j2 and
puppet-steps.j2 previously updated by [2].
1. Id37de5864138edd5476c097a8a1f0763faeaf768
2. I36a642fbc2076ad9e4a10ffc56d6d16f3ed6f27a
Change-Id: Ia9983bc991eb79e479855993c1c8819ddfb52e38
Jenkins [Mon, 17 Jul 2017 09:07:48 +0000 (09:07 +0000)]
Merge "Add role_merged_configs into workflow executions environmentxi"
abhishek.kane [Tue, 20 Jun 2017 12:36:04 +0000 (18:06 +0530)]
Add composable services for the Veritas HyperScale.
Add a composable service for each of:
- the Veritas HyperScale's Cinder backend.
- installing the Veritas HyperScale controller packages.
Change-Id: I99ee827825ec2a6a3c695de1ca1c1015859fe398
Depends-On: I316b22f4f7f9f68fe5c46075dc348a70e437fb1d
Depends-On: I9168bffa5c73a205d1bb84b831b06081c40af549
Signed-off-by: abhishek.kane <abhishek.kane@veritas.com>
Jenkins [Sun, 16 Jul 2017 11:22:58 +0000 (11:22 +0000)]
Merge "Workflow input parameter update in plan-environment"
Jenkins [Sat, 15 Jul 2017 06:19:13 +0000 (06:19 +0000)]
Merge "Use a single configuration file for specifying docker containers."
Jenkins [Fri, 14 Jul 2017 23:11:34 +0000 (23:11 +0000)]
Merge "Adds network/cidr mapping into a new service property"
Ian Main [Tue, 11 Jul 2017 23:41:57 +0000 (11:41 +1200)]
Use a single configuration file for specifying docker containers.
This removes the default container names from all the templates
and uses a single environment file to specify the full container
name and registry from which to pull. Also does away with most
of DockerNamespace.
Change-Id: Ieaedac33f0a25a352ab432cdb00b5c888be4ba27
Depends-On: Ibc108871ebc2beb1baae437105b2da1d0123ba60
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Steve Baker <sbaker@redhat.com>
Emilien Macchi [Thu, 13 Jul 2017 18:58:05 +0000 (11:58 -0700)]
CI/scenarios: set NotificationDriver to 'noop'
So we don't waste RabbitMQ resources since nothing will actually consume
the messages sent on the queue.
Note: we don't change scenario001, since it's a Telemetry scenario and
the services require notifications enabled.
Change-Id: I7d1d80da4eda7c0385461fe62b1d3038022973c6
Jenkins [Fri, 14 Jul 2017 17:10:17 +0000 (17:10 +0000)]
Merge "Support deprecated controllerExtraConfig naming in role template"
Giulio Fidente [Fri, 14 Jul 2017 11:38:47 +0000 (13:38 +0200)]
Add role_merged_configs into workflow executions environmentxi
Merges per-role config settings into merged_config_settings which
is wired into the workflow executions environment.
Useful to consume role config settings from within a workflow.
Change-Id: Id37de5864138edd5476c097a8a1f0763faeaf768
Andrew Toth [Thu, 13 Jul 2017 18:17:37 +0000 (14:17 -0400)]
Enable Neutron LBaaS Integration
Allows the configuration of the Neutron LBaaS agent.
Change-Id: I4c29ece765ec9147cef9b4d74d30e3c4483c48ab
Implements: blueprint lbaasv2-service-integration
Jenkins [Fri, 14 Jul 2017 12:52:46 +0000 (12:52 +0000)]
Merge "Disable systemd-networkd & systemd-resolved"
Jose Luis Franco Arza [Fri, 14 Jul 2017 07:50:58 +0000 (09:50 +0200)]
Add validation task in docker services
Docker services are missing the pre-upgrade validation task
in the upgrade_tasks section which verifies if the service
is running before stopping it.
Change-Id: Ia8c25827d0d6f34e0345c3946dfd6839a7116e04
Partial-Bug: #
1704389
Giulio Fidente [Thu, 22 Jun 2017 15:25:03 +0000 (17:25 +0200)]
Adds network/cidr mapping into a new service property
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.
Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).
Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
Jenkins [Fri, 14 Jul 2017 10:50:17 +0000 (10:50 +0000)]
Merge "Move services.yaml to common directory"
Jenkins [Fri, 14 Jul 2017 10:30:25 +0000 (10:30 +0000)]
Merge "Remove special-case of memcache node ips for ipv6"
Bogdan Dobrelya [Fri, 9 Jun 2017 16:03:50 +0000 (18:03 +0200)]
Improve logs from ansible, puppet, docker-puppet.py
* Debug ansible 'puppet apply' stderr joined stdout, split
by lines.
* Do 'puppet apply' w/o colors, logdest syslog, and given a wanted
modulepath instead of the module puppet, that can't support those
options.
* Bind-mount syslog socket for docker-puppet.py to pass puppet logs
to host OS syslog.
* Fix logging handlers for multiprocess workers in docker-puppet.py.
Related-bug: #
1698172
Closes-bug: #
1700086
Change-Id: I84112a836e968aa5c3596a6544e0392980529963
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Saravanan KR [Wed, 28 Jun 2017 08:11:20 +0000 (13:41 +0530)]
Add a new role for ComputeOvsDpdk and clean-up parameters
A new role ComputeOvsDpdk has been added to avoid manual
roles_data creation. And cleaned-up the DPDK parameters
inline with the refactored code.
Change-Id: I16dac69609c98194c2504ff067258fa14363d4f1
Emilien Macchi [Fri, 14 Jul 2017 04:09:38 +0000 (21:09 -0700)]
Disable systemd-networkd & systemd-resolved
Latest commits in puppet-systemd enabled by default systemd-networkd and
systemd-resolved but we don't want to manage them for now in TripleO.
MySQL and MongoDB services were managing some systemd resources so now
we ensure that these 2 systemd services are disabled. In the future, we
might want and activate these services and revert that patch but for now
we want to disable them.
Change-Id: I42c6c9b643a71a0fbb1768bbae91e8bfa916ea00
Closes-Bug: #
1704145
Jenkins [Fri, 14 Jul 2017 00:33:58 +0000 (00:33 +0000)]
Merge "Adds check for existing yum process during the legacy minor update"
Steven Hardy [Tue, 11 Jul 2017 13:37:36 +0000 (14:37 +0100)]
Support deprecated controllerExtraConfig naming in role template
To enable backwards compatibility with rendering the controler-role
template add this deprecated parameter for all roles - we should
remove this in a future release after the tripleoclient warnings re
deprecated parameters are available.
Change-Id: Icce93a4109191609848ca216c946a32663753b93
Steven Hardy [Thu, 6 Jul 2017 13:37:31 +0000 (14:37 +0100)]
Remove special-case of memcache node ips for ipv6
This should be handled in puppet-tripleo, as is done for some other
services e.g ceph. This has also been identified as a possible
performance problem due to the nested get_attr calls.
Change-Id: I7e14f0219c28c023c4e8e1d4693f0bfa9674d801
Related-Bug: #
1684272
Depends-On: Iccb9089db4b382db3adb9340f18f6d2364ca7f58
Jenkins [Thu, 13 Jul 2017 18:38:39 +0000 (18:38 +0000)]
Merge "Remove hardcoded enable_load_balancer from Controller role"
Jenkins [Thu, 13 Jul 2017 18:38:02 +0000 (18:38 +0000)]
Merge "Make NeutronEnableDVR parameter consistent"
Jenkins [Thu, 13 Jul 2017 18:33:29 +0000 (18:33 +0000)]
Merge "Added OvS permission workaround for enabling DPDK"
Jenkins [Thu, 13 Jul 2017 13:55:43 +0000 (13:55 +0000)]
Merge "Make Rabbit parameters consistent"
Jenkins [Thu, 13 Jul 2017 13:55:35 +0000 (13:55 +0000)]
Merge "Make CephValidationDelay/Retries default consistent"
Jenkins [Thu, 13 Jul 2017 13:40:25 +0000 (13:40 +0000)]
Merge "Make *AdminStateUp parameters consistent"
marios [Thu, 13 Jul 2017 13:11:13 +0000 (16:11 +0300)]
Adds check for existing yum process during the legacy minor update
Checks for an existing /var/run/yum.pid and exit 1 with an error
message saying why.
Change-Id: I374eeb4164a8007ae67fea2796eac109fffdef97
Closes-Bug:
1704131
Steven Hardy [Thu, 13 Jul 2017 08:30:15 +0000 (09:30 +0100)]
Move services.yaml to common directory
This new directory has now been added to the RDO packaging so we
can move things common to both puppet/container architecture here,
starting with the recently combined services.yaml
Change-Id: If2ce27188c4c15002b3ad830e8d6eb9504d2f3d2
Jenkins [Thu, 13 Jul 2017 11:29:20 +0000 (11:29 +0000)]
Merge "Containerize Manila Share service"
Jenkins [Thu, 13 Jul 2017 11:28:09 +0000 (11:28 +0000)]
Merge "Use ServerOsCollectConfigData value in output"
Lukas Bezdicka [Wed, 12 Jul 2017 19:13:28 +0000 (21:13 +0200)]
Ensure yum cache is ready before update
To workaround yum bug with libnss we need to make yum cache
before running update. In fact we should have done this
regardless of the bug.
Change-Id: I5b2355fb8abe3c8d4b9ce9c62b9ffdba8c1e8d9d
Resolves: rhbz#
1458841
Closes-Bug: #
1703830
PranaliD [Thu, 13 Jul 2017 06:38:04 +0000 (12:08 +0530)]
Corrected wrong os_region_name in glance-api conf file
KeystoneRegion value for all endpoints is set as 'regionOne',
it should be same in the configuration file.
In case of Cinder as glance backend the os_region_name should be
"regionOne" instead of "RegionOne".
Currently CI is not failing because cinder backend scenario is not yet added.
But this would definitely fail if os_region_name=RegionOne.
Change-Id: I26811a404a20ea3c55f5b272f86d9269d0f6acec
Closes-Bug:
1704060
Jenkins [Thu, 13 Jul 2017 06:19:07 +0000 (06:19 +0000)]
Merge "Fix ironic-pxe startup issues"
Jenkins [Thu, 13 Jul 2017 04:12:40 +0000 (04:12 +0000)]
Merge "Tolerate network errors in pingtest retry logic"
Jenkins [Thu, 13 Jul 2017 04:09:03 +0000 (04:09 +0000)]
Merge "Drop ComputeServices from environments/docker.yaml"
Jenkins [Thu, 13 Jul 2017 04:08:40 +0000 (04:08 +0000)]
Merge "Add support for running crontabs in containers"
Jenkins [Thu, 13 Jul 2017 04:08:29 +0000 (04:08 +0000)]
Merge "Revert "Revert "Blacklist support for ExtraConfig"""
Jenkins [Thu, 13 Jul 2017 04:07:57 +0000 (04:07 +0000)]
Merge "Run rsync for Swift without xinetd"
Jenkins [Thu, 13 Jul 2017 04:07:50 +0000 (04:07 +0000)]
Merge "Allow to set Notification Driver to 'noop'"
Jenkins [Thu, 13 Jul 2017 02:04:21 +0000 (02:04 +0000)]
Merge "Add DeployedServerEnvironmentOutput"
Jenkins [Thu, 13 Jul 2017 01:32:40 +0000 (01:32 +0000)]
Merge "Add missing tags in iscsid upgrade_tasks"
Jenkins [Wed, 12 Jul 2017 21:15:24 +0000 (21:15 +0000)]
Merge "Implement scenario006 with Ironic in overcloud"
Jenkins [Wed, 12 Jul 2017 19:39:13 +0000 (19:39 +0000)]
Merge "Remove controller specific bootstack_nodeid"
Jenkins [Wed, 12 Jul 2017 19:38:02 +0000 (19:38 +0000)]
Merge "Add dependency relationship between nested get_attr targets"
Dan Prince [Fri, 7 Jul 2017 01:03:30 +0000 (21:03 -0400)]
Fix ironic-pxe startup issues
This patch updates the ironic-api docker service so that it
generates its config files in a unique config root. This
ensures that it doesn't have config files in the httpd
conf.d directory for both the API and PXE services thus
causing the API container to attempt to launch both of them.
This functionally fixes the Ironic API and PXE services with
docker so they once again can bring up an overcloud.
Change-Id: I537cd6a3337bf776ca38a279b7c130b6429eea04
Closes-bug: #
1702799
Jenkins [Wed, 12 Jul 2017 16:19:06 +0000 (16:19 +0000)]
Merge "Bind mount needed cert for haproxy for HA too"
Victoria Martinez de la Cruz [Wed, 7 Jun 2017 01:17:30 +0000 (22:17 -0300)]
Containerize Manila Share service
Change-Id: I797eea2f7788f65411964ccb852b5707e916416f
Partial-Bug: #
1668922
Dan Prince [Fri, 7 Jul 2017 20:05:43 +0000 (16:05 -0400)]
Drop ComputeServices from environments/docker.yaml
Change-Id: Ibfc568755764203b68aed524d6f334eeb7cd5da7
Closes-bug: #
1703001
Oliver Walsh [Thu, 29 Jun 2017 12:59:26 +0000 (13:59 +0100)]
Add support for running crontabs in containers
This change enables the puppet cron resource in docker-puppet.py and adds user
crontabs to the paths copied from the config containers.
Only the nova crontab is configured for now. Other services will require
similar changes to run their crontabs.
Partial-Bug:
1701254
Change-Id: I2d1d0f0d77908a132472cf4bc475f8bd526af504
Depends-On: Ie16fb4539481a3c192cff8220a97daa4c70467fc
Jenkins [Wed, 12 Jul 2017 07:39:07 +0000 (07:39 +0000)]
Merge "Remove ceilometer apache files on upgrade"
Christian Schwede [Thu, 6 Jul 2017 18:42:40 +0000 (20:42 +0200)]
Run rsync for Swift without xinetd
The default in non-containerized environments is to run rsync within
xinetd for Red Hat-based deployments, however in an containerized
environment this is not really needed. Therefore run rsync directly
without being started by xinetd.
Change-Id: I08abd917eba08d1192437ddf96c71b06d099a3f8
Jenkins [Wed, 12 Jul 2017 03:14:53 +0000 (03:14 +0000)]
Merge "Switch from oslosphinx to openstackdocstheme"
Emilien Macchi [Fri, 7 Jul 2017 18:35:28 +0000 (11:35 -0700)]
Allow to set Notification Driver to 'noop'
This patch does 2 things:
* Configure messagingv2 as default driver for Oslo Notifications sent on
RPC.
* Allow users to choose between messagingv2 (default) and noop when we
want to disable notifications (for example, when Telemetry is disabled).
* Deprecate KeystoneNotificationDriver in favor of NotificationDriver.
Change-Id: Ia547d7f4bfb51e7c45246b097b48fd86da231bd3
Related-Bug: #
1701357
Zane Bitter [Tue, 11 Jul 2017 19:52:37 +0000 (15:52 -0400)]
Add dependency relationship between nested get_attr targets
Starting with Pike, Heat will do attribute resolution in a single pass. A
consequence of this is that when the result of a get_attr is passed to
another get_attr call, there must be a dependency relationship between the
resources so that the inner attribute is resolved first before we try to
determine which attributes are required from the resource in the outer
call.
There are two uses of nested dep_attr in the overcloud template. One (which
hopefully can be removed soon) is in the allNodesConfig resource. In this
case, the {{primary_role_name}}IpListMap already depends on the
ServiceNetMap.
The second is in the KeystoneAdminVip output. This patch makes the VipMap
depend on the ServiceNetMap so that attributes can be resolved in a single
pass in that case.
Change-Id: I438a79748b9b408ec1101271d96c60d84028b57e
Steven Hardy [Thu, 6 Jul 2017 16:39:00 +0000 (17:39 +0100)]
Remove hardcoded enable_load_balancer from Controller role
This is associated with the haproxy service, so set the hieradata there
instead. This is needed so we can render the controller role template
via j2, and also if anyone ever wants to run haproxy on some role other
then the Controller.
Change-Id: I82b992afe42f6da7788f6efca2366863c3bf68f7
Partially-Implements: blueprint composable-networks
Steven Hardy [Thu, 6 Jul 2017 16:31:25 +0000 (17:31 +0100)]
Remove controller specific bootstack_nodeid
This has been replaced for some time by bootstrap_nodeid which isn't
hard-coded to the Controller role.
Change-Id: I2c172de13646e5b88cb9930a93ca71fcc990e522
Depends-On: I0a9fced847caf344e5d26b452f1bd40afab8f029
Brent Eagles [Wed, 28 Jun 2017 13:03:24 +0000 (10:33 -0230)]
Add PCI to nova compute container for passthrough support
Nova's whitelist mechanism requires access to the PCI related
directories in the filesystem to service PCI passthrough requests.
Change-Id: Icfad1d116662798701228b142e224513f7dd22e2
Jiri Stransky [Fri, 30 Jun 2017 09:45:53 +0000 (11:45 +0200)]
Allow modprobing from cinder-volume container
When using LVM/iSCSI backend, cinder-volume tries to modprobe configfs
module. We need the modules dir bind mounted for this to succeed.
Co-Authored-By: Gorka Eguileor <geguileo@redhat.com>
Change-Id: I7bfeaa66915e663726acdf3458db80821fbd3d6b
Closes-Bug: #
1701321
Jiri Stransky [Tue, 27 Jun 2017 13:48:40 +0000 (15:48 +0200)]
LVM in cinder-volume container without udev
Disabling udev usage from LVM seems to be the only observed working
way of running containerized cinder-volume with local LVM backend.
I didn't come across reports that not using udev would have negative
impact on the functionality.
Additional info at
https://groups.google.com/forum/#!topic/docker-user/n4Xtvsb4RAw
Change-Id: I491795deab0c37d1bad3b50524481e0b76529667
Depends-On: I1bf395a6228dba66fa6bf9b8bcc9f3ac3d922a49
Closes-Bug: #
1700982
Jiri Stransky [Tue, 11 Jul 2017 12:33:57 +0000 (14:33 +0200)]
Don't confuse Heat with empty parameter_defaults
Apparently providing completely empty parameter_defaults in an
environment file can confuse Heat, and it seems like it doesn't try to
deploy any services on the overcloud in the multinode job. See the bug
for more details about the bug symptoms.
Change-Id: Ia9cb01b48087b78f66004263757590877219f743
Closes-Bug: #
1703599
Itzik Brown [Thu, 6 Jul 2017 10:42:12 +0000 (13:42 +0300)]
Fixing a bug when setting a password for ODL controller
Change-Id: I301f73801e95e607ed28992e68528f17843a0b6c
Closes-Bug: #
1702435
James Slagle [Mon, 26 Jun 2017 13:48:34 +0000 (09:48 -0400)]
Revert "Revert "Blacklist support for ExtraConfig""
There is a Heat patch posted (via Depends-On) that resolves the issue
that caused this to be reverted. This reverts the revert and we need to
make sure all the upgrades jobs pass before we merge this patch.
This reverts commit
69936229f4def703cd44ab164d8d1989c9fa37cb.
Closes-Bug: #
1699463
implements blueprint disable-deployments
Change-Id: Iedf680fddfbfc020d301bec8837a0cb98d481eb5
Jenkins [Mon, 10 Jul 2017 17:20:09 +0000 (17:20 +0000)]
Merge "Copy only generated puppet files into the container"
Martin André [Mon, 10 Jul 2017 14:32:58 +0000 (16:32 +0200)]
Replace outdated instruction with link to upstream doc
Beside it's historical value, the instruction in the README-containers
file served no purpose and confused users. Link to upstream
documentation instead.
Change-Id: I86753a613f3d405fc919bb3cc5bd94f29449184d
James Slagle [Fri, 7 Jul 2017 11:45:26 +0000 (07:45 -0400)]
Use ServerOsCollectConfigData value in output
Just use the value from the ServerOsCollectConfigData resource in the
output instead of recalculating the value for each role via jinja.
Change-Id: I4e3bf4f25c9a8f677d5d177eb409594193a86405
James Slagle [Fri, 28 Apr 2017 20:01:14 +0000 (16:01 -0400)]
Add DeployedServerEnvironmentOutput
Add a new output, DeployedServerEnvionmentOutput, that can be used as
the contents of an environment file to input into a services only stack
when using split-stack. The parameter simplifies the manual steps needed
to deploy split-stack.
By default, the resource that generates the output is mapped to
OS::Heat::None.
implements blueprint split-stack-default
Change-Id: I6004cd3f56778f078a69a20e93a0eba0c574b3db
Jenkins [Mon, 10 Jul 2017 13:11:52 +0000 (13:11 +0000)]
Merge "Modify generic role template to support custom networks"
Martin André [Mon, 10 Jul 2017 11:25:17 +0000 (13:25 +0200)]
Bind mount needed cert for haproxy for HA too
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
This commit applies the same change that was applied in
Id2df144b678769def204961236624091d4e5c457 for the non-ha case.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/
4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Saravanan KR [Tue, 27 Jun 2017 13:47:43 +0000 (19:17 +0530)]
Added OvS permission workaround for enabling DPDK
The vhost sockets sockets are created with qemu permission, but ovs
runs with root permission. In order to allow ovs to access vhost sockets
reducing the ovs group permission from root to qemu. This is a temprovary
workaround, until ovs fixes the permission issue. The script supports
both ovs2.6 and ovs2.7 versions.
Change-Id: I172956390c19fc9824bf7590cd48bfcf6201191b
Martin André [Wed, 21 Jun 2017 14:02:55 +0000 (16:02 +0200)]
Copy only generated puppet files into the container
This solves a problem with bind-mounts when the containers are holding
files descriptors open.
At the same time this makes the template more robust to puppet changes
since new config files will be available in the containers without
needing to update the templates.
Partial-Bug: #
1698323
Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
Ben Nemec [Fri, 30 Jun 2017 19:04:35 +0000 (14:04 -0500)]
Disable network validation in multinode jobs
Sometimes the infracloud gateway refuses to ping even though
everything else is working fine. Since we have coverage of this
functionality in the OVB jobs it should be safe to turn it off
here so it stops spuriously failing our jobs.
We can't just set the resource to OS::Heat::None because there
are other resources with dependencies on it. Instead, this adds
a noop version of the validation software config that always
returns true.
Change-Id: I8361bc8be442b45c3ef6bdccdc53598fcb1d9540
Partial-Bug:
1680167
Code Review / apex-tripleo-heat-templates.git / log