Jenkins [Wed, 19 Apr 2017 10:45:48 +0000 (10:45 +0000)]
Merge "Modify pci_passthrough hiera value as string" into stable/ocata
Jenkins [Mon, 17 Apr 2017 21:54:21 +0000 (21:54 +0000)]
Merge "Add params to tweak memory limit on mongodb" into stable/ocata
Jenkins [Mon, 17 Apr 2017 18:06:33 +0000 (18:06 +0000)]
Merge "Update ceph-rgw acccepted roles to fix OSP upgrade" into stable/ocata
Pradeep Kilambi [Mon, 3 Apr 2017 22:01:27 +0000 (18:01 -0400)]
Add params to tweak memory limit on mongodb
The puppet-tripleo change was added in
Ie9391aa39532507c5de8dd668a70d5b66e17c891.
Closes-bug: #
1656558
Change-Id: Ibe2e4be5b5dc953d8d4b14f680a460409db95585
(cherry picked from commit
75d48838020ad9ff2bbd739212599ec8eb932649)
Matthew Flusche [Mon, 27 Feb 2017 22:11:37 +0000 (22:11 +0000)]
yum_update.sh - Use the yum parameter: check-update
The current check tends to produce a false positive causing unnecessary
service restarts. yum check-update will exit with return code 100 if
updated packages are available.
Change-Id: I8bd89f2b24bafc6c991382b9eb484cfa9a2f8968
(cherry picked from commit
9e4375d2762f4a26e8b0b8375f9265ad6e439ea1)
Closes-Bug: #
1680634
Jenkins [Tue, 11 Apr 2017 22:45:50 +0000 (22:45 +0000)]
Merge "Use --disable= in subscription-manager to avoid shell expansion." into stable/ocata
Keith Schincke [Fri, 31 Mar 2017 12:59:47 +0000 (08:59 -0400)]
Update ceph-rgw acccepted roles to fix OSP upgrade
This patch updates ceph::keystone::auth::roles to remove
"member" and add "Member". The previous entry breaks
OSP N to O upgrades when ceph-rgw is enabled.
This patch fixes: https://bugs.launchpad.net/tripleo/+bug/
1678126
Closes-bug:
1678126
(cherry picked from commit
4656323fc30e67f43d3dbd1ada42b608aa6f79e7)
Change-Id: I70e70f96c4aba2c89a9f81973f732d4348b91515
Jenkins [Sat, 8 Apr 2017 06:15:47 +0000 (06:15 +0000)]
Merge "Add missing ec2api::api::keystone_ec2_tokens_url config" into stable/ocata
Cyril Lopez [Thu, 30 Mar 2017 13:48:14 +0000 (15:48 +0200)]
Add trigger to setup a LDAP backend as keystone domaine
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo
who will call a define in puppet-keysone ldap_backend.pp.
Given the following environment:
parameter_defaults:
KeystoneLDAPDomainEnable: true
KeystoneLDAPBackendConfigs:
tripleoldap:
url: ldap://192.0.2.250
user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com
password: Secrete
suffix: dc=redhat,dc=example,dc=com
user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com
user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)"
user_objectclass: person
user_id_attribute: cn
user_allow_create: false
user_allow_update: false
user_allow_delete: false
ControllerExtraConfig:
nova::keystone::authtoken::auth_version: v3
cinder::keystone::authtoken::auth_version: v3
It would then create a domain called tripleoldap with an LDAP
configuration as defined by the hash. The parameters from the
hash are defined by the keystone::ldap_backend resource in
puppet-keystone.
More backends can be added as more entries to that hash.
This also enables multi-domain support for horizon.
Conflicts:
puppet/services/keystone.yaml
Closes-Bug:
1677603
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db
Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
(cherry picked from commit
347f5434b3e3793b9fdf2a94f49ab7734c5d923b)
Jenkins [Fri, 7 Apr 2017 05:14:26 +0000 (05:14 +0000)]
Merge "Generate Pre/Post Puppet Tasks for all roles" into stable/ocata
Jenkins [Thu, 6 Apr 2017 23:54:05 +0000 (23:54 +0000)]
Merge "Updated from global requirements" into stable/ocata
Jenkins [Thu, 6 Apr 2017 23:16:26 +0000 (23:16 +0000)]
Merge "Add manual ovs upgrade script for workaround ovs upgrade issue" into stable/ocata
Jenkins [Thu, 6 Apr 2017 18:22:40 +0000 (18:22 +0000)]
Merge "Add environment for deployed-server with pacemaker" into stable/ocata
Mathieu Bultel [Wed, 15 Feb 2017 15:36:17 +0000 (16:36 +0100)]
Add manual ovs upgrade script for workaround ovs upgrade issue
When we upgrade OVS from 2.5 to 2.6, the postrun package update
restart the services and drop the connectivity
We need to push this manual upgrade script and executed to the
nodes for newton to ocata
The special case is needed for 2.5.0-14 specifically see related
bug for more info (or, older where the postun tries restart).
See related review at [1] for the minor update/manual upgrade.
Related-Bug:
1669714
Depends-On: I3227189691df85f265cf84bd4115d8d4c9f979f3
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
[1] https://review.openstack.org/#/c/450607/
Change-Id: If998704b3c4199bbae8a1d068c31a71763f5c8a2
(cherry picked from commit
d2d319ec0ead06b860f8464b001048fb4f723788)
marios [Wed, 22 Mar 2017 14:09:22 +0000 (16:09 +0200)]
Enforce upgrade_batch_tasks before upgrade_tasks order
If we really want upgrade_batch_tasks before the upgrade_tasks
as described in the README then we should enforce the ordering
Noticed this working on bug
1671504 upgrade tasks were being
executed before batch upgrade tasks.
Closes-Bug:
1678101
Change-Id: Iaa1bce960a37c072b5f8441132705a6bb6eb6ede
(cherry picked from commit
299b9f532377a3a0c16ba9cb4fe92c637fc38eeb)
Sofer Athlan-Guyot [Mon, 3 Apr 2017 16:28:21 +0000 (18:28 +0200)]
Ensure upgrade step orchestration accross roles.
Currently we don't enforce step ordering across role, only within
role. With custom role, we can reach a step5 on one role while the
cluster is still at step3, breaking the contract announced in the
README[1] where each step has a guarantied cluster state.
We have to remove the conditional here as well as jinja has no way to
access this information, but we need jinja to iterate over all enabled
role to create the orchestration.
This deals only with Upgrade tasks, there is another review to deal
with UpgradeBatch tasks.
[1] https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/README.rst
Closes-Bug: #
1679486
Change-Id: Ibc6b64424cde56419fe82f984d3cc3620f7eb028
(cherry picked from commit
d286892c785b8b81a866ea3c6a459d1fc4a347e8)
Jenkins [Thu, 6 Apr 2017 02:10:32 +0000 (02:10 +0000)]
Merge "Make neutron dhcp agents per network conditional" into stable/ocata
Jenkins [Thu, 6 Apr 2017 00:49:17 +0000 (00:49 +0000)]
Merge "Fixes port binding controller for OpenDaylight" into stable/ocata
Jenkins [Wed, 5 Apr 2017 21:23:10 +0000 (21:23 +0000)]
Merge "Purge initial firewall for deployed-server's" into stable/ocata
James Slagle [Wed, 15 Feb 2017 18:20:00 +0000 (13:20 -0500)]
Add environment for deployed-server with pacemaker
A new environment file to be used when using the deployed-server roles
data at deployed-server/deployed-server-roles-data.yaml. This ensures
the Pre and Post Puppet Tasks for the ControllerDeployedServer role are
mapped to the stacks that handle maintenance mode and resource restarts
for pacemaker on stack-update.
Change-Id: I1ca52dfb3a3b669e128ebb0a28d9e36a1807faad
Closes-Bug: #
1665060
(cherry picked from commit
f8cc35092d8d8c60eee12bd2a550ff5d60e28582)
James Slagle [Wed, 15 Feb 2017 18:13:36 +0000 (13:13 -0500)]
Generate Pre/Post Puppet Tasks for all roles
We need to generate the Pre and Post Puppet Tasks for all roles, not
just the Controller role. Otherwise, you have to have a role
specifically named Controller that is running your pacemaker services,
or pacemaker won't be properly handled on stack-updates.
When using deployed-server's it's actually not possible to have a role
called Controller, since we need to use all custom roles so that we can
set disable_contraints on each role. Further, it is not possible to
redefine the Controller role since puppet/controller-role.yaml is listed
in the excludes file.
Change-Id: I737b24db90932e292b50b122640f66385f2d1c23
Partial-Bug: #
1665060
(cherry picked from commit
529768ae84f7713f2ae9447ff35ee2d63b4bdcd7)
OpenStack Proposal Bot [Wed, 5 Apr 2017 18:04:51 +0000 (18:04 +0000)]
Updated from global requirements
Change-Id: I40ecce838d12c2e232d8d4284bfa3ef3b88cebe4
Jenkins [Wed, 5 Apr 2017 18:04:31 +0000 (18:04 +0000)]
Merge "Add OpenDaylightConnectionProtocol parameter to opendaylight-api service" into stable/ocata
James Slagle [Mon, 3 Apr 2017 16:50:45 +0000 (12:50 -0400)]
Purge initial firewall for deployed-server's
We need to purge the initial firewall for deployed-server's, otherwise
if you have a default REJECT rule, the pacemaker cluster will fail to
initialize. This matches the behavior done when using images, see:
Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3
I0dee5ff045fbfe7b55d078583e16b107eec534aa
Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911
Closes-Bug: #
1679234
(cherry picked from commit
a216934f408439e77bf8346dafe30c4752c70946)
Pradeep Kilambi [Wed, 29 Mar 2017 19:20:40 +0000 (15:20 -0400)]
Set auth flag so ceilometer auth is enabled
Ceilometer Auth should be enabled even if ceilometer api
is not. Lets decouple these, this flag will be used in
puppet-tripleo where ceilometer::keystone::auth class
is initialized.
Change-Id: Iffebd40752eafb1d30b5962da8b5624fb9df7d48
Closes-bug: #
1677354
(cherry picked from commit
0d04302abd19f98df3cd700f9cc4ec47273e5dac)
Jenkins [Tue, 4 Apr 2017 00:40:15 +0000 (00:40 +0000)]
Merge "Setting keystone region for tacker" into stable/ocata
Jenkins [Mon, 3 Apr 2017 22:24:39 +0000 (22:24 +0000)]
Merge "FQDN validation" into stable/ocata
Jenkins [Mon, 3 Apr 2017 22:24:31 +0000 (22:24 +0000)]
Merge "Setting keystone region for congress" into stable/ocata
Jenkins [Mon, 3 Apr 2017 18:36:58 +0000 (18:36 +0000)]
Merge "Re-Add bigswitch agent support" into stable/ocata
Matthew Flusche [Tue, 14 Feb 2017 17:00:02 +0000 (17:00 +0000)]
FQDN validation
Adds optional validation to ensure FQDN set by Nova matches /etc/hosts
as created by overcloud heat configuration.
Consistent FQDN requires the nova parameter [Default]/dhcp_domain to
match the CloudDomain tht parameter.
This validation is disabled by default.
Change-Id: Ib5689acae66baf63ecccbc3b1c0b96684781b863
(cherry picked from commit
bae2d113938b9bb22d4c291ae312d2299187f72b)
Partial-Bug: #
1581472
Tim Rozet [Wed, 22 Mar 2017 23:55:31 +0000 (19:55 -0400)]
Fixes port binding controller for OpenDaylight
In Ocata and later, the port binding controller for ODL was changed by
default to be the pseudo agent controller, which requires a new feature
"host config" for OVS. This patch modifies the default to use
network-topology, which will work without any new host config features
implemented (previous way of port binding).
Closes-Bug:
1675211
Depends-On: I5004fdeb238dea81bc4f7e9437843a8a080d5b46
Change-Id: I6a6969d1d6b8d8b8ac31fecd57af85eb653245d2
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
502b3459d9c2b32beba31b37814d7625cd007775)
Jenkins [Mon, 3 Apr 2017 14:54:03 +0000 (14:54 +0000)]
Merge "Don't check haproxy if external load-balancer is used." into stable/ocata
Sven Anderson [Mon, 27 Mar 2017 19:39:00 +0000 (21:39 +0200)]
Add missing ec2api::api::keystone_ec2_tokens_url config
Change-Id: I9a19aff24dede2bea3bf2959afa7adde00817ee0
Related-Bug: #
1676491
(cherry picked from commit
10cb0cfdef9b3a4719f89bcc2cdf1dae4a14dcca)
Dan Radez [Mon, 20 Mar 2017 15:41:36 +0000 (11:41 -0400)]
Setting keystone region for tacker
Change-Id: I170b7e4cff66f0a4b1b6d5735f93c9f0295a5ac5
(cherry picked from commit
eb426db63c8cc48990a832f8e1b972feb93e7e92)
Jenkins [Mon, 3 Apr 2017 09:56:40 +0000 (09:56 +0000)]
Merge "Add special case upgrade from openvswitch 2.5.0-14" into stable/ocata
Pradeep Kilambi [Tue, 28 Mar 2017 12:04:21 +0000 (08:04 -0400)]
Include panko in the default dispatcher
panko is enabled by default, we might as well make it
the default dispatcher along with gnocchi.
Closes-bug: #
1676900
Change-Id: Icb6c98ed0810724e4445d78f3d34d8b71db826ae
(cherry picked from commit
568573b9b054c3804d9d1be2ce6ec2668ca2dbfb)
Jenkins [Sun, 2 Apr 2017 09:09:02 +0000 (09:09 +0000)]
Merge "Fixes multiple issues with retry function in rhel-registration." into stable/ocata
marios [Tue, 28 Mar 2017 07:44:41 +0000 (10:44 +0300)]
Add special case upgrade from openvswitch 2.5.0-14
In [1] we removed the previously used special case upgrade code.
However we have since discovered that for openvswitch 2.5.0-14
the special case is still required with an extra flag to prevent
the restart. This adds the upgrade code back into the minor
update and 'manual upgrade' scripts for compute/swift. The
review at If998704b3c4199bbae8a1d068c31a71763f5c8a2 is adding
this logic for the ansible upgrade steps.
Related-Bug:
1669714
[1] https://review.openstack.org/#/q/
59e5f9597eb37f69045e470eb457b878728477d7
Change-Id: I3e5899e2d831b89745b2f37e61ff69dbf83ff595
(cherry picked from commit
25983882c2f7a8e8f8fb83bd967a67d008a556a4)
Jenkins [Sun, 2 Apr 2017 08:05:07 +0000 (08:05 +0000)]
Merge "[N->O] Fix wrong database connection for cell0 during upgrade." into stable/ocata
Sofer Athlan-Guyot [Thu, 30 Mar 2017 10:06:13 +0000 (12:06 +0200)]
Don't check haproxy if external load-balancer is used.
Change-Id: Ia65796b04be9f7cadc57af30ef66788dd8cb7de8
Closes-Bug:
1677539
(cherry picked from commit
56535c89ad6a5db718dc0fb89c19dda9fba251ca)
Jenkins [Fri, 31 Mar 2017 21:03:11 +0000 (21:03 +0000)]
Merge "Stop openstack-nova-compute during nova-ironic upgrade" into stable/ocata
Alex Schultz [Wed, 15 Mar 2017 15:55:05 +0000 (09:55 -0600)]
Re-Add bigswitch agent support
The agent configuration was lost in newton during the puppet-tripleo and
THT role conversion. This change adds support for including the bigswitch
agent service for composable roles.
Change-Id: I46896389e48cdbe2864bf5b609a786f1c84ef908
Closes-Bug: #
1673126
(cherry picked from commit
8eaa5f8e10a801be8fc45eeaaa479e7774d97997)
Sofer Athlan-Guyot [Thu, 23 Mar 2017 11:10:48 +0000 (12:10 +0100)]
[N->O] Fix wrong database connection for cell0 during upgrade.
During upgrade the cell0 database has the connection pointing to
mysql+pymysql://nova:c2cdagE8PyAbnpers3AD88Hge@10.0.0.19/nova_cell0?bind_address=10.0.0.20
where 10.0.0.20 was the ip of the bootstrap node. This makes the
nova-api fails on 2/3 node at the end of the
major-upgrade-composable-steps.yaml step.
We do have the right value in the hiera database so make sure we use
it for cell0 creation and not the nova.conf file which hasn't been
updated yet.
Change-Id: I09775206cb8fc5e15934f7e4475506a7fe17271e
Closes-Bug: #
1675359
(cherry picked from commit
c9c3813b6a0811a262068d0aab28d0bd535be3e1)
Jenkins [Fri, 31 Mar 2017 11:07:11 +0000 (11:07 +0000)]
Merge "[N->O] is creating 2 default cell_v2 cells" into stable/ocata
Jenkins [Fri, 31 Mar 2017 03:23:12 +0000 (03:23 +0000)]
Merge "Run cluster check on nodes configured in wsrep_cluster_address." into stable/ocata
Marius Cornea [Fri, 24 Mar 2017 12:06:22 +0000 (13:06 +0100)]
Stop openstack-nova-compute during nova-ironic upgrade
This change ensures that that openstack-nova-compute is
stopped and disabled during the upgrade process.
Closes-Bug:
1675814
Change-Id: Ifd2557b11e4317f1e76e459e8de4162116578eff
(cherry picked from commit
276aca7a8145570301e566a8fb3253f57601d171)
Yurii Prokulevych [Thu, 23 Mar 2017 13:35:54 +0000 (14:35 +0100)]
Run cluster check on nodes configured in wsrep_cluster_address.
Attempt to check galera's cluster status fails when galera service
is not running on the same node.
Change-Id: I27fb0841d85cd0dc86e92ac2e21eedf5f8f863ab
Closes-Bug: #
1677574
(cherry picked from commit
d39c952fd3150d24c9e01c15806181715d0760f8 )
Jenkins [Thu, 30 Mar 2017 11:50:53 +0000 (11:50 +0000)]
Merge "N->O Upgrade, make sure all nova placement parameter properly set." into stable/ocata
Jenkins [Thu, 30 Mar 2017 11:06:25 +0000 (11:06 +0000)]
Merge "N->O upgrade, blanks ipv6 rules before activating it." into stable/ocata
Jenkins [Thu, 30 Mar 2017 03:44:40 +0000 (03:44 +0000)]
Merge "Nic config mappings for deployed-server" into stable/ocata
Jenkins [Wed, 29 Mar 2017 15:12:30 +0000 (15:12 +0000)]
Merge "Enables increasing mariadb open files for noha deployments" into stable/ocata
Jenkins [Wed, 29 Mar 2017 14:41:15 +0000 (14:41 +0000)]
Merge "Sort ResourceGroup resource list" into stable/ocata
Saravanan KR [Wed, 22 Mar 2017 14:10:29 +0000 (19:40 +0530)]
Modify pci_passthrough hiera value as string
Hiera value of nova::compute::pci_passthrough should be a string.
It has been modified to JSON with the heira hook changes. Modifying
it again back to string.
Closes-Bug: #
1675036
Change-Id: I441907ff313ecc5b7b4da562c6be195687fc6c76
(cherry picked from commit
57c06ddefd4d7ff87de02dab9d1c5e92eb8e6eef)
Jenkins [Wed, 29 Mar 2017 04:12:11 +0000 (04:12 +0000)]
Merge "Only set EnableConfigPurge on major upgrades" into stable/ocata
Dan Prince [Mon, 27 Mar 2017 17:57:06 +0000 (13:57 -0400)]
Remove 'Controller' role references from overcloud.j2.yaml
This patch again removes hard coded role references to
the overcloud.yaml template that was added in
fd15a091f7ab6927833275df17b96ecacc2b1827. This
breaks the composable undercloud work (undercloud-containers ci job as
well).
Change-Id: Ie30b2573dc4d2b45ebc0afc0e0d73bfdf41e4d4b
Closes-bug: #
1676528
(cherry picked from commit
f7f1a8a6d8cfd4c78ffd256497b32daa5908641e)
Jenkins [Tue, 28 Mar 2017 17:44:11 +0000 (17:44 +0000)]
Merge "Fixes missing firewall rules for neutron_ovs_dpdk_agent service" into stable/ocata
Steven Hardy [Wed, 22 Mar 2017 09:18:29 +0000 (09:18 +0000)]
Only set EnableConfigPurge on major upgrades
Bug #
1611800 fixed an upgrade issue by enabling purging configs for
some services, but this causes issues such as longer updates and
restarting services in the minor update case, so only do this for
major upgrades, and default to false.
Conflicts: (don't exist on this branch)
environments/major-upgrade-composable-steps-docker.yaml
environments/major-upgrade-converge-docker.yaml
Related-Bug: #
1611800
Closes-Bug: #
1674858
Change-Id: Iff7d715f6730c5633f1146008504b4309ef3133d
(cherry picked from commit
947a7148e807e74daf9e30e4e8c891d5bdacc69f)
Oliver Walsh [Thu, 23 Mar 2017 13:50:55 +0000 (13:50 +0000)]
[N->O] is creating 2 default cell_v2 cells
A side-effect of running map_cell_and_hosts is that a default cell is created
(unless host mappings already exists).
As we are explicitly creating the default cell we need to run discover_hosts
to create the host mappings.
Change-Id: I1a28e9b85a7c43561700faf692248c5fc06b8ad8
Closes-Bug: #
1675418
(cherry picked from commit
ab4adb9fb1b1ba003a8045ce4c3879f88ea243b3)
James Slagle [Mon, 6 Mar 2017 21:29:43 +0000 (16:29 -0500)]
Nic config mappings for deployed-server
Adds default nic config mappings when using the deployed-server custom
roles data at deployed-server/deployed-server-roles-data.yaml.
Previously there were no default mappings as the hardcoded mapping for
the Controller role from overcloud-resource-registry-puppet.j2.yaml
would not be used since there is no Controller role when using
deployed-server.
The default mapping is net-config-static.yaml instead of
net-config-noop.yaml, since there is no requirement of a L2 domain for
dhcp between undercloud and overcloud nodes when using deployed-server.
The convenience mapping of ControllerDeployedServer to
net-config-static-bridge.yaml is also added so that out of the box the
roles with controller services will get the right bridge created.
The mappings can always be overridden in later environment files if
needed.
Change-Id: I581fec99b459a12512686e47b10b962756652eb3
Closes-Bug: #
1670493
Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab
(cherry picked from commit
cdbf1ca1918af649d1079ee07a9303059c9723ed)
Jenkins [Tue, 28 Mar 2017 11:01:13 +0000 (11:01 +0000)]
Merge "Fix usage of CinderNfsServers" into stable/ocata
Jenkins [Tue, 28 Mar 2017 05:57:52 +0000 (05:57 +0000)]
Merge "Don't try to run os-net-config from yum_update.sh" into stable/ocata
James Slagle [Thu, 16 Feb 2017 21:19:23 +0000 (16:19 -0500)]
Sort ResourceGroup resource list
We should sort the results by resource_name when listing resources in
the ResourceGroup stack in get-occ-config.sh, as the order is not
guaranteed. We want the order to always be numerical ascending by
resource_name (which are just integers starting at 0).
Change-Id: Iccef81e4dfd9586e0030f20bdde131d1a885eb19
Closes-Bug: #
1665458
(cherry picked from commit
c5e5d21a61808f7c09b85a2750a905bb57b54be1)
Jenkins [Mon, 27 Mar 2017 15:59:23 +0000 (15:59 +0000)]
Merge "Install openstack-selinux for deployed-server" into stable/ocata
Dan Radez [Mon, 20 Mar 2017 15:39:13 +0000 (11:39 -0400)]
Setting keystone region for congress
Change-Id: I4958b886cbd6c2b34da0c265e8774105474ace13
(cherry picked from commit
32be46f508423c822208e3c9f3afb32902f1c1ae)
Sofer Athlan-Guyot [Fri, 24 Mar 2017 12:45:10 +0000 (13:45 +0100)]
N->O upgrade, blanks ipv6 rules before activating it.
When the firewall is enabled with ipv6, the default rules set is
taken as not ipv6 firewall was present for Newton. This make
communication impossible until puppet is run again.
This ensures that no rules are loaded when the firewall is enabled.
This mimic this patch[1]
[1] https://github.com/openstack/tripleo-heat-templates/commit/
ae8aac36143d5dadb08af0d275f513678909dcc7
Change-Id: Id878b5caae666a799c89c8466ce46b9ecb86d9f7
Closes-Bug: #
1675782
(cherry picked from commit
670399a2caeecd9259bea454e9518ab6c92cff49)
Sofer Athlan-Guyot [Fri, 24 Mar 2017 11:11:33 +0000 (12:11 +0100)]
N->O Upgrade, make sure all nova placement parameter properly set.
The restart of openstack-nova-compute takes place before crudini set
the password, user_domain and project_name get set.
Change-Id: I57b54d5f59d5803d7ad4e399d598f699785a5825
Closes-Bug: #
1675739
Co-Authored-By: Oliver Walsh <owalsh@redhat.com>
(cherry picked from commit
bfd485406d8f3847b1969579ebbdaa912c592a4a)
Christian Schwede [Tue, 21 Mar 2017 17:28:34 +0000 (18:28 +0100)]
Fix usage of CinderNfsServers
This feature stopped working somewhere along the lines. In the past it
was working with parameter_defaults like this:
CinderNfsServers: '10.0.0.254:/srv/nfs/cinder'
or
CinderNfsServers: "[fd00:fd00:fd00:3000::1]:/srv/nfs/cinder"
The problem was that the templating escaped these strings, and
puppet-tripleo didn't receive a proper array, but a string.
This patch fixes this. It accepts strings as above as well as
comma-delimited lists of Nfs Servers.
Closes-Bug:
1671153
Change-Id: I89439c1d969e92cb8e0503de561e22409deafdfc
(cherry picked from commit
9445b0e0972696e7de1c0a702f456571d12fa964)
Jenkins [Mon, 27 Mar 2017 03:47:15 +0000 (03:47 +0000)]
Merge "etcd: secure EtcdInitialClusterToken parameter" into stable/ocata
James Slagle [Wed, 22 Mar 2017 21:04:50 +0000 (17:04 -0400)]
Install openstack-selinux for deployed-server
No other packages actually require openstack-selinux, so it must be
explicity installed.
Change-Id: Ic7b39ddfc4cfb28b8a08e9b02043211e4ca4a39a
Closes-Bug: #
1675170
(cherry picked from commit
583a60248f47428542a560a869aab04933512d94)
Jenkins [Sun, 26 Mar 2017 14:10:27 +0000 (14:10 +0000)]
Merge "Deploy versionless keystone endpoints (for keystone only)" into stable/ocata
Tim Rozet [Wed, 22 Mar 2017 14:52:03 +0000 (10:52 -0400)]
Fixes missing firewall rules for neutron_ovs_dpdk_agent service
Firewall config was being inherited by the dpdk service, however
since the firewall service name was the parent (neutron_ovs_agent)
and technically that service was not enabled - the rules were never
applied. This modifies the service name as it is inherited using
map_replace.
Closes-Bug:
1674689
Change-Id: I6676205b8fc1fd578cb2435ad97fe577a9e81d95
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
48a38a19347a18d4d35fb22de82136359aae5cb7)
Tim Rozet [Thu, 16 Feb 2017 19:21:32 +0000 (14:21 -0500)]
Enables increasing mariadb open files for noha deployments
There is currently an issue where the max open files limit is hit with
MariaDB in noha deployments, because it is defaulted to 1024 by system
limits. In HA deployments the limit is bumped to 16384. This patch
introduces a flag to be able to increase the limit to 16384 for noHA
deployments.
In the future we should change this to be an integer, and let the
operator decide the setting. Since this setting is set in a different
path for HA, we would need to implement a change that allows setting
both (ha and nonha) via the same integer param.
Depends-On: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6
Closes-Bug: #
1648181
Related-Bug: #
1524809
Change-Id: I95393fc798b833a8575afbff03ef74a839565c5e
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
900ddfb27f0dd2afd8345d89a78b624f647b255d)
Jenkins [Sat, 25 Mar 2017 20:54:15 +0000 (20:54 +0000)]
Merge "Explicitly configure credentials used by ironic to access other services" into stable/ocata
Jenkins [Sat, 25 Mar 2017 20:01:09 +0000 (20:01 +0000)]
Merge "Pick dynamically the first node for stack validation" into stable/ocata
Tim Rozet [Thu, 23 Mar 2017 14:24:38 +0000 (10:24 -0400)]
Fixes OpenDaylightProviderMappings hiera parsing
The str_replace conversion used previously is no longer needed and
breaks the hieradata value.
Closes-Bug:
1675426
Change-Id: I7a052d1757efe36daf6ed47e55598ca3c2ee9055
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
ae10ae4a5a21bb58c183aa50f237ffa2d6f14280)
Jenkins [Thu, 23 Mar 2017 06:17:23 +0000 (06:17 +0000)]
Merge "Add bindep support" into stable/ocata
Emilien Macchi [Wed, 15 Mar 2017 21:56:30 +0000 (17:56 -0400)]
etcd: secure EtcdInitialClusterToken parameter
Secure EtcdInitialClusterToken parameter by:
* removing the default value.
* make it hidden.
Change-Id: I938af697f9faaadb9c9aeb950e9410db24b1b961
Depends-On: I6e30cce469736e84a3c483fafa29d542b8347ba9
Closes-Bug: #
1673266
(cherry picked from commit
55d17ca118d27f16b57424774265f5b3db7b7b52)
Jenkins [Wed, 22 Mar 2017 15:56:35 +0000 (15:56 +0000)]
Merge "Cleanup no longer used upgrade files" into stable/ocata
Juan Antonio Osorio Robles [Mon, 27 Feb 2017 16:54:45 +0000 (18:54 +0200)]
Deploy versionless keystone endpoints (for keystone only)
The default is to deploy v2.0 endpoints, but this is not the recommended
approach. we should instead be using versionless endpoints
Change-Id: Icbfae1c2ff2b7312646fd8e817dd8209220a0d96
Related-Bug: #
1667679
(cherry picked from commit
40a50031f37df0f0cde53e3f3c15ffe407fbdcbd)
Paul Belanger [Mon, 13 Mar 2017 16:10:53 +0000 (12:10 -0400)]
Add bindep support
Bindep is an automation tool used by openstack-infra to bootstrap a
worker with default packages. This is not needed, since we depend on
puppet to automate this step.
Change-Id: I759614ed0cf1fab5433956ed459419e564590398
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
(cherry picked from commit
209d8f5eac9273372aa44988436ae7f12596cd0d)
Lukas Bezdicka [Mon, 13 Mar 2017 13:39:12 +0000 (14:39 +0100)]
Don't try to run os-net-config from yum_update.sh
The UpdateDeployment already depends on NetworkDeployment.
We should not run os-net-config unconditionally before update.
Closes-Bug: #
1666227
Change-Id: I48cbf5de00d47c6fdad71ff24c00e9db05cec5d5
(cherry picked from commit
b19d6306ea582dc31ebfd609475d9ac4e641e278)
Dmitry Tantsur [Wed, 15 Mar 2017 17:04:44 +0000 (18:04 +0100)]
Explicitly configure credentials used by ironic to access other services
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.
Also remove neutron_url, it can be fetched from the catalog instead.
Change-Id: I12822568cb4db31808aec5fd407d71fe4b7b09e0
Depends-On: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #
1661250
(cherry picked from commit
91d7d8c46858d42e6cf2354a3be6af6c5bb9c02e)
Jenkins [Tue, 21 Mar 2017 10:39:58 +0000 (10:39 +0000)]
Merge "Disable exit on error for pacemaker commands for update flow" into stable/ocata
Vincent S. Cojot [Mon, 13 Mar 2017 18:39:16 +0000 (14:39 -0400)]
Fixes multiple issues with retry function in rhel-registration.
There were multiple issues in retry() in rhel-registration:
- There was no need for it to be recursive (local variables
got overwritten)
- There was no delay between multiple attempts, leading to faster but
more frequent failures.
- The max number of attempts was set too low for some environements.
With this patch, rhel-registration now works more reliably with slow-links
for portal registration and does not attempt to DDos the portal or your
satellite server.
Closes-Bug: #
1674358
Change-Id: I594d3c94867b45a7a58766dbcc66edead78d6a4e
(cherry picked from commit
038eae089130bc3a814897c0e282223de16f4658)
Luca Lorenzetto [Fri, 17 Mar 2017 08:29:41 +0000 (09:29 +0100)]
Pick dynamically the first node for stack validation
When replacing the controller node with resource id 0,
AllNodesValidation will fail because there is an hardcoded reference
to resource.0. With this commit the id for validation is extracted
dynamically with yaql query, picking the first available.
Thanks to Steven Hardy for pointing to the right direction.
Change-Id: I8f2bfacbc005d948bd31ebd51c3d3df3182d5a3c
Closes-Bug: #
1673439
Michele Baldessari [Fri, 17 Mar 2017 14:36:50 +0000 (15:36 +0100)]
Make sure PrePuppet runs before any Deployment_Step
We used to have this in mitaka:
https://github.com/openstack/tripleo-heat-templates/blob/stable/mitaka/puppet/controller-post.yaml#L45
but we lost it along the way. The problem without this change is that we
are open to the following race:
1) ControllerDeployment_Step1 is started and manages to do a successful
"systemctl start pacemaker"
2) PrePuppet gets called and in the HA deployment calls
pacemaker_maintenance_mode.sh
3) pacemaker_maintenance_mode.sh will set the maintenance-mode=true
property because the pacemaker service is already up:
https://github.com/openstack/tripleo-heat-templates/blob/master/extraconfig/tasks/pacemaker_maintenance_mode.sh#L8-L9
4) If the maintenance property is set to true at this stage, the
creation of any resource will take place but they won't really
start.
Note that this is not a straight cherry pick from commit
bae48e60b3cb9b5f21490997ca39c1e0e23fd195 because in ocata only
ControllerPrePuppet exists and not {{role.name}}PrePuppet like in
pike.
Change-Id: Icb7495edd00385b2975dd42f63085d20292ef9a9
Closes-Bug: #
1673795
Co-Authored-By: Jiri Stransky <jstransk@redhat.com>
marios [Wed, 15 Mar 2017 08:28:17 +0000 (10:28 +0200)]
Cleanup no longer used upgrade files
Removes some of the no longer used scripts and templates used by
the upgrades workflow in previous versions.
Closes-Bug:
1673447
Change-Id: I7831d20eae6ab9668a919b451301fe669e2b1346
(cherry picked from commit
521a8973229484d52c03e9ed04782c5dc493c1b0)
Michele Baldessari [Tue, 28 Feb 2017 12:25:59 +0000 (13:25 +0100)]
Upgrades: wait for galera to be settled
We also need to wait for the galera resource to settle down
before we proceed starting up with the other services.
Note that before merging this, we need to land the following
change in ansible-pacemaker:
https://review.gerrithub.io/#/c/351387/
D-O is needed for upgrades to work against stable/* branches.
Depends-On: I712abe71f97c22ee3d55d9db2f641096f8a7350c
Change-Id: Id71c9cb41cfd4c17685c922db2683e28ab7588fd
Closes-Bug: #
1668372
(cherry picked from commit
841d30549bd27a8b5669955196e14085025dafad)
Jenkins [Fri, 10 Mar 2017 18:08:46 +0000 (18:08 +0000)]
Merge "Remove ha-by-default release note in Ocata" into stable/ocata
Jenkins [Fri, 10 Mar 2017 02:40:11 +0000 (02:40 +0000)]
Merge "Adds upgrade tasks for OpenDaylight services" into stable/ocata
Jenkins [Thu, 9 Mar 2017 14:24:12 +0000 (14:24 +0000)]
Merge "Remove the openvswitch special case upgrade code" into stable/ocata
Tim Rozet [Mon, 27 Feb 2017 20:19:56 +0000 (15:19 -0500)]
Adds upgrade tasks for OpenDaylight services
Change-Id: I740b20b12acb3740886409bff86c4989f0a066f4
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
20d7901ab24e93e0224cc1c8b0cde3eb80122818)
Carlos Camacho [Wed, 8 Mar 2017 09:48:55 +0000 (10:48 +0100)]
Remove ha-by-default release note in Ocata
This was not implemented for Ocata so this
release note should not exist.
Change-Id: I58216fb54a156853f60697a903f1c38cf7970216
marios [Mon, 6 Mar 2017 08:33:01 +0000 (10:33 +0200)]
Use the new hiera hook in all remaining templates
The new hiera hook in I21639f6aadabf9e49f40d1bb0b1d0edcfc4dbc5e
was added to most of the tripleo-heat-templates in
Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
The new hook is installed by default if you use tripleo-common
Ia1864933235152b7e899c4442534879f8e22240d and will be installed
as part of the Newton to Ocata upgrades workflow in
I0c7a32194c0069b63a501a913c17907b47c9cc16
In order to use the new hiera data as part of the upgrade we
need to remove the old hieradata which will break anyone still
defining and using it. This change updates the remaining vendor
plugin manifests to use the new hiera hook. The pre-requisite
is that the new hook is installed on their overcloud (as above
it comes if you follow the N..O upgrade)
Change-Id: Ic95154734cb21e6b941c7f1569295b413963831d
(cherry picked from commit
c5d10cd9fc94e6557417673190b73867a83cbb7b)
Brent Eagles [Mon, 27 Feb 2017 15:12:20 +0000 (11:42 -0330)]
Make neutron dhcp agents per network conditional
While the heat templates specify a default value of 3, it rarely seems
to have an effect as the tripleoclient is setting this according to the
controller scale. This was fine before composable roles, but it is now
invalid. While the client needs to be modified to no longer set this
according to controller scale, the template should default to a sentinel
value that will allow the puppet code to determine the proper value by
the number of hosts that have the neutron dhcp agent deployed on them.
Depends-On: I5533e42c5ba9f72cc70d80489a07e30ee2341198
Partial-bug: #
1632721
Change-Id: I06628764c4769d91bbc42efe1c722702d6574d02
(cherry picked from commit
3c5345fc75da1e289929ef5caf08a0f75f904bb4)
Emilien Macchi [Mon, 6 Mar 2017 13:03:28 +0000 (08:03 -0500)]
reno: prepare 6.0.0 (Ocata GA)
Change-Id: Ia3e17aa0da1f199d28e589bf83e0fead37654ea4
Jenkins [Sat, 4 Mar 2017 01:18:55 +0000 (01:18 +0000)]
Merge "Adding keystone parameters for Congress" into stable/ocata
Jenkins [Fri, 3 Mar 2017 22:09:52 +0000 (22:09 +0000)]
Merge "Make UpdateDeployment depend on NetworkDeployment" into stable/ocata
Jenkins [Fri, 3 Mar 2017 22:08:26 +0000 (22:08 +0000)]
Merge "Fix Panko API upgrade process" into stable/ocata
Steven Hardy [Wed, 1 Mar 2017 09:51:20 +0000 (09:51 +0000)]
Make UpdateDeployment depend on NetworkDeployment
Prior to https://review.openstack.org/#/c/271450/ os-net-config was
applied via os-refresh-config directly, which meant that even though
UpdateDeployment and NetworkDeployment can be created concurrently,
we'd always do the os-net-config step first.
However now that we apply both steps via scripts (which are both handled
via the same heat-config hook) we should add an explicit dependency to
ensure the network is always fully configured before attempting to run
any update. This should avoid the risk of e.g running an update on
initial deployment before the network connectivity to access yum repos
is in place.
Change-Id: Idff7a95afe7b49b6384b1d0c78e76522fb1f8eb7
Related-Bug: #
1666227
(cherry picked from commit
626b820b57498ff5002c5530962e6e4fd5644b51)
Code Review / apex-tripleo-heat-templates.git / log