Dan Prince [Sun, 11 Jan 2015 03:04:42 +0000 (22:04 -0500)]
Swift: set default replicas to 3
Our existing default (replicas == 1) means that no data
(or copies) is being replicated in a multi-node Swift
environment. This seems like a bad production default
setting and could easily slip by if not set.
Setting it to 3 shouldn't hurt anything and seems to follow
suit with what several production installers (based around Puppet)
actually use. If using an installation with less than 3 swift
nodes I believe swift will do its best, and still work fine.
FWIW I noticed this when testing a multi-node Puppet swift
installation and was surprised when I didn't see any *data
files getting replicated across the storage cluster.
Change-Id: I44bdfff7aae6bdf845b79ca1f8f450c22113caed
Dan Prince [Sun, 11 Jan 2015 02:44:27 +0000 (21:44 -0500)]
Remove unused swift params from -without-mergepy
In doing the Puppet version of the Swift role I noticed
4 parameters which we apply to storage nodes which should
not be required. This patch drops the following parameters
from the swift-storage and swift-storage-puppet nested
stacks which should not be required.
1) ControllerIP: There is no reason a storage node should need
the IP address of the controller. The swift proxy would need
this information in order to be able to contact keystone.
This swift-proxy is not installed on storage nodes so we can
drop the parameter here.
2) NeutronEnableTunnelling: There is no reason for Neutron
to be installed on Swift storage nodes. No need to create
an OVS bridge either.
3) NeutronNetworkType: Similar to above. No neutron requirements
exist here so this parameter is not required.
4) Password: This only applies to the the swift-proxy which is
currently part of our controller role. Storage nodes shouldn't need
the keystone service-password for any reason.
Change-Id: Icbf05363475c388fc722277da3d3d00a7355b19a
Dan Prince [Fri, 9 Jan 2015 19:01:31 +0000 (14:01 -0500)]
Puppet: Switch glance to use a swift backend
Now that we have swift we can switch glance over
to make use of it.
Change-Id: I9513cb63079235337b684aa734af73a0f0cc0afd
Dan Prince [Fri, 9 Jan 2015 14:19:21 +0000 (09:19 -0500)]
Puppet: Swift Storage node support
This patch implements the required changes to configure
swift storage nodes via Puppet. Similar to the overcloud
we generate the rings on each node (with the same seed).
Change-Id: I677c85b09b6e656b3ac1f938a4bd6bc7daae1755
Dan Prince [Thu, 8 Jan 2015 15:10:41 +0000 (10:10 -0500)]
Puppet: Swift Overcloud Proxy/Storage support
This patch adds support for a Swift proxy and storage
node on the controller.
The implementation is fairly straightforward with the
exception of building the ring. I've followed an
upstream TripleO model here where we build the
actual ring on each node (rather than build once
and rsync). This works because Heat will always
know all the devices ahead of time. In the future
when we have Heat breakpoints it might be possible
to consider optimizing this by generating the ring
once and then rsyncing to all the nodes.
The ringbuilder logic is executed as a seperate
Heat software deployment. On the controller the ring
is executed in between the base service (mysql/rabbit)
and OpenStack service steps. This is to ensure the
ring exists before the Swift proxy is started.
Having the ringbuilder.pp logic as a separate software
config should allow us to reuse it for the Storage
node role.
It should also be noted that swift.zones support is
added here but we are missing an upstream Heat
template change in order for it to be wired
in properly. See: I0e0f5189da1575f2e1ed7fba4bbbe13a8fbf6221
Likewise we need to properly wire in SwiftRingBuild as well.
See: I01311ec3ca265b151f8740bf7dc57cdf0cf0df6f
The underlying puppet ringbuilder code is already wired
to support this change when it lands.
As is this works today and will provide a working Overcloud
Swift-proxy/storage node config. Will follow this up with
a related Swift storage node patch which should allow
puppet to be used for configuration on the storage nodes
as well...
Change-Id: Id1272f796e2507a7357309e8cd6a51ad9e0160af
Dan Prince [Wed, 14 Jan 2015 20:54:45 +0000 (15:54 -0500)]
Compute: consolidated nested stack
In I250dc1a8c02626cf7d1a5d2ce92706504ec0c7de we split
out just the Controller software config in an effort
to provide hooks for alternate implementations (puppet).
This sort of worked but caused quirky ordering issues
with signal handling. It also causes problems for Tuskar
which would prefer to think of these nested stacks and
not have us split out just the software configs like this.
This patch moves all the compute related stuff for
our two implementations:
compute.yaml: is used by os-apply-config (uses the
tripleo-image-elements)
compute-puppet.yaml: uses stackforge puppet-* modules for
configuration
By duplicating the entire compute in this manner we make
it much easier to create dependencies and implement proper
signal handling. The only (temporary) downside is the duplication
of parameters most of which will eventually go away when we move
using the global parameters via Heat environment files instead.
Change-Id: I49175d1843520abc80fefe9528442e5dda151f5d
Dan Prince [Wed, 14 Jan 2015 19:58:35 +0000 (14:58 -0500)]
Controller: consolidated nested stack
In I228216a0b55ff2d384b281d9ad2a61b93d58dab9 we split
out just the Controller software config in an effort
to provide hooks for alternate implementations (puppet).
This sort of worked but caused quirky ordering issues
with signal handling. It also causes problems for Tuskar
which would prefer to think of these nested stacks and
not have us split out just the software configs like this.
This patch moves all the controller related stuff for
our two implementations:
controller.yaml: is used by os-apply-config (uses the
tripleo-image-elements)
controller-puppet.yaml: uses stackforge puppet-* modules for
configuration
By duplicating the entire controller in this manner we make
it much easier to create dependencies and implement proper
signal handling. The only (temporary) downside is the duplication
of parameters most of which will eventually go away when we move towards
using the global parameters via Heat environment files instead.
Change-Id: Iaf3c889d7c8815f862308cd8e15ce1010059f5c6
Jenkins [Tue, 27 Jan 2015 10:03:34 +0000 (10:03 +0000)]
Merge "Add parameter to manage usage of Neutron l3_ha option"
Jenkins [Mon, 19 Jan 2015 10:20:40 +0000 (10:20 +0000)]
Merge "Remove invalid NTP configuration in templates"
Jenkins [Fri, 9 Jan 2015 22:35:50 +0000 (22:35 +0000)]
Merge "Add SwiftMountCheck to overcloud-without-mergepy"
Jenkins [Fri, 9 Jan 2015 20:29:16 +0000 (20:29 +0000)]
Merge "Add SwiftMinPartHours to overcloud-without-mergepy"
Giulio Fidente [Thu, 8 Jan 2015 12:13:48 +0000 (07:13 -0500)]
Add parameter to manage usage of Neutron l3_ha option
This change will allow for the enablement of Neutron routers HA
via the new NeutronL3HA parameter.
Change-Id: Ia5f7c0b4e89159456482e840c50d166ec5f25d4c
Implements: blueprint tripleo-icehouse-ha-production-configuration
Dan Prince [Fri, 9 Jan 2015 15:11:36 +0000 (10:11 -0500)]
Add SwiftMountCheck to overcloud-without-mergepy
This was added in I36fece56bafa9fe9c4883b572687b3fc819eeae1
and is missing from overcloud-without-mergepy.
Change-Id: I5c2566cc77247574f8d687eaab8094de481a8c67
Dan Prince [Fri, 9 Jan 2015 14:43:42 +0000 (09:43 -0500)]
Add SwiftMinPartHours to overcloud-without-mergepy
This was added in Icc5e431a7e2884b3ca3a255b6fd901619bc98460
and is missing from overcloud-without-mergepy.
Change-Id: I1273b646c04783712fd3f8baccafead11817689c
Jenkins [Fri, 9 Jan 2015 14:25:09 +0000 (14:25 +0000)]
Merge "Default BlockStorageCount to 0 for without-mergepy jobs"
Giulio Fidente [Wed, 10 Dec 2014 10:38:24 +0000 (11:38 +0100)]
Default BlockStorageCount to 0 for without-mergepy jobs
We have never created these additional storage nodes by default with
the old templates; we agreed on adding a job for this in CI [1] so
we will override the default value in the specific CI job.
1. https://github.com/openstack-infra/tripleo-ci/blob/master/docs/wanted_ci_jobs.csv
Change-Id: Iaec38807bc209fc28d83e3d6922269e803110053
Nicholas Randon [Wed, 7 Jan 2015 18:54:08 +0000 (18:54 +0000)]
Remove invalid NTP configuration in templates
Currently the all templates have an invalid setting for NTP
setup for the fudge setting. This should be removed from
the templates which will remove the warning seen in syslog.
ntpd[...]: inappropriate address xxx.xxx.xxx.xxx for the
fudge command, line ignored
Partial-Bug:
1408379
Relates-To: Ib9931b84925d9ceb32f18e9adc5be64402fbf61e
Change-Id: I56a03dc0a899a8c515f2a05d678d7e80e9b7b93c
Dan Prince [Sat, 20 Dec 2014 02:48:45 +0000 (21:48 -0500)]
Puppet: overcloud controller config
This patch provides an alternate implementation of
the OS::TripleO::Controller::SoftwareConfig which uses Puppet
to drive the configuration. Using this it is possible
to create a fully functional overcloud controller instance
which has the controller node configured via Puppet
stackforge modules. Initially this includes only the
following services:
MySQL
RabbitMQ
Keepalived/HAProxy (HA is not yet fully supported however)
Nova
Neutron
Keystone
Glance (file backend)
Cinder
Using these services it is possible to run devtest_overcloud.sh
to completion. The idea is that we can quickly add more
services once we have CI in place.
In order to test this you'll want to build your images
with these elements:
os-net-config
heat-config-puppet
puppet-modules
hiera
None of the OpenStack specific TripleO elements
should be used with this approach (the nova/neutron
elements were NOT used to build the controller image).
Also, rather than use neutron-openvswitch-agent to configure
low level networking it is recommended that os-net-config
by configured directly via heat modeling rather than
parameter passing to init-neutron-ovs. This allows us to
configure the physical network while avoiding the coupling to
the neutron-openvswitch-element that our standard
parameter driven networking currently uses. (We still need
to move init-neutron-ovs so that it isn't coupled and/or deprecate
its use entirely because the heat drive stuff is more flexible.)
Packages may optionally be pre-installed via DIB using the
-p option (-p openstack-neutron,openstack-nova) etc.
Change-Id: If8462e4eacb08eced61a8b03fd7c3c4257e0b5b8
Jenkins [Thu, 8 Jan 2015 14:39:31 +0000 (14:39 +0000)]
Merge "Controller: Drive os-net-config via software conf"
Jenkins [Thu, 8 Jan 2015 14:39:23 +0000 (14:39 +0000)]
Merge "Controller: Split out software config"
Jenkins [Thu, 8 Jan 2015 08:50:15 +0000 (08:50 +0000)]
Merge "Bring back (abandoned) support for Cinder/NFS"
Jenkins [Thu, 8 Jan 2015 08:23:50 +0000 (08:23 +0000)]
Merge "Allow setting Neutron tunnel type in no mergepy"
Jenkins [Thu, 8 Jan 2015 08:22:55 +0000 (08:22 +0000)]
Merge "Don't store Ceilo DB credentials on compute node"
Jenkins [Thu, 8 Jan 2015 08:17:23 +0000 (08:17 +0000)]
Merge "Puppet: overcloud compute config"
Jenkins [Wed, 7 Jan 2015 21:27:55 +0000 (21:27 +0000)]
Merge "Drop the MysqlClusterUniquePart validation"
Jenkins [Wed, 7 Jan 2015 20:23:06 +0000 (20:23 +0000)]
Merge "Pass Horizon port through to controller nodes"
Ben Nemec [Mon, 5 Jan 2015 23:32:57 +0000 (17:32 -0600)]
Allow setting Neutron tunnel type in no mergepy
The Neutron tunnel type settings were missing from the Controller
section of the without-mergepy template, which made it impossible
to configure any tunnel other than gre.
Change-Id: Ia2579ed39a16d2b9826ce8406cb97fc116e3d595
Dan Prince [Sat, 20 Dec 2014 02:35:48 +0000 (21:35 -0500)]
Controller: Drive os-net-config via software conf
This example extends the controller software configuration
so that heat metadata is used to model the os-net-config
YAML (ultimately JSON) directly. The existing
os-net-config element already supports this format.
Configuring the physical network layer in this manner
would supplant the ever growing list of Heat parameters
that we have and is something that could be automatically
generated via tuskar.
The default is to use net-config-noop.yaml which
will pass no config metadata into the os-net-config
element which will essentially disable it in favor
of using parameters w/ init-neutron-ovs.
Change-Id: Ifba60454ee11222173a9762882e767a836a4545c
Dan Prince [Tue, 28 Oct 2014 22:00:40 +0000 (18:00 -0400)]
Controller: Split out software config
This is a step towards supporting pluggable software configurations
in the heat templates. By moving controller-config out of controller.yaml
we make it possible to define alternate implementations by
changing the OS::TripleO::ControllerConfig value in the
overcloud-resource-registry.yaml heat environment file.
Change-Id: I228216a0b55ff2d384b281d9ad2a61b93d58dab9
Dan Prince [Wed, 22 Oct 2014 18:22:44 +0000 (14:22 -0400)]
Puppet: overcloud compute config
This patch provides an alternate implementation of
the OS::TripleO::Compute::SoftwareConfig which uses Puppet
to drive the configuration. Using this it is possible
to create a fully functional overcloud compute instance
which has the compute node configured via Puppet
stackforge modules. This includes all the Nova, Neutron,
and Ceilometer configuration required to make things work.
In order to test this you'll want to build your images
with these elements:
os-net-config
heat-config-puppet
puppet-modules
hiera
None of the OpenStack specific TripleO elements
should be used with this approach (the nova/neutron/ceilometer
elements were NOT used to build the compute image).
Also, rather than use neutron-openvswitch-agent to configure
low level networking it is recommended that os-net-config
by configured directly via heat modeling rather than
parameter passing to init-neutron-ovs. This allows us to
configure the physical network while avoiding the coupling to
the neutron-openvswitch-element that our standard
parameter driven networking currently uses. (We still need
to move init-neutron-ovs so that it isn't coupled and/or deprecate
its use entirely because the heat drive stuff is more flexible.)
Packages may optionally be pre-installed via DIB using the
-p option (-p openstack-neutron,openstack-nova).
Change-Id: Ic36be25d70f0a94ca07ffda6e0005669b81c1ac7
Dan Prince [Fri, 2 Jan 2015 13:54:12 +0000 (08:54 -0500)]
Drop the MysqlClusterUniquePart validation
Trying to use overcloud-without-mergepy currently fails with
a validation error around MysqlClusterUniquePart. This
works around the issue by temporarily dropping the validation.
Change-Id: If93945a2c3396b07b592d08efb1f66e11d6194dd
Partial-bug: #
1405446
Jonathan Brownell [Tue, 23 Dec 2014 17:22:39 +0000 (09:22 -0800)]
Pass Horizon port through to controller nodes
The Horizon port may vary based on SSL enablement, and needs
to be known by the nodes for the purpose of iptables rules, etc.
Change-Id: Iec475a6c245a5bfe8b1d63ff72b6d0299861615c
Jenkins [Tue, 23 Dec 2014 17:30:45 +0000 (17:30 +0000)]
Merge "Don't store Neutron DB credentials on compute node"
Jenkins [Tue, 23 Dec 2014 17:30:28 +0000 (17:30 +0000)]
Merge "Don't store Nova DB credentials on compute nodes"
Dan Prince [Thu, 23 Oct 2014 19:17:49 +0000 (15:17 -0400)]
Compute: drive NW configuration via software conf
This example extends the compute software configuration
so that heat metadata is used to model the os-net-config
YAML (ultimately JSON) directly. The existing
os-net-config element already supports this format.
Configuring the physical network layer in this manner
would supplant the ever growing list of Heat parameters
that we have and is something that could be automatically
generated via tuskar.
The default is to use net-config-noop.yaml which
will pass no config metadata into the os-net-config
element which will essentially disable it in favor
of using parameters w/ init-neutron-ovs.
Change-Id: I30f325b1751caaef5624537e63ee27c2e418d5c8
Jenkins [Fri, 19 Dec 2014 14:01:22 +0000 (14:01 +0000)]
Merge "Set default network interfaces to nic1"
Giulio Fidente [Wed, 17 Dec 2014 18:06:28 +0000 (19:06 +0100)]
Set more aggressive keepalive timings
We want to customize the default kernel keepalive timings and
make them more aggressive to workaround lack of hearbeat support
in the Oslo RabbitMQ client, see:
https://bugs.launchpad.net/oslo.messaging/+bug/856764/comments/19
and
https://bugs.launchpad.net/oslo.messaging/+bug/856764/comments/70
Change-Id: Ieac08f595086acb8dd336e33efc705ee0b8a3a87
Closes-Bug:
1301431
Closes-Bug:
1385240
Closes-Bug:
1385234
Giulio Fidente [Fri, 21 Nov 2014 11:11:26 +0000 (06:11 -0500)]
Bring back (abandoned) support for Cinder/NFS
We used to have a YAML file providing a test setup for Cinder/NFS
which could be used via a special Makefile target; this was not
used in CI anymore though and overtime things broke.
This change aims at bringing that functionality back and also
make it easier to use it via a number of changes:
* delete unmaintained nfs-server-source (not working due to
changes in the elements)
* delete (unneeded) block-storage-nfs
* remove the hidden block-storage-with-nfs target from Makefile
* add a some nfs-source which supports newer elements and
newer template language as well
* improve existing comments in Makefile documeting how to use it
Change-Id: I96144ee2f4ca33bd7467f09ad960ea268c1250bf
Jenkins [Tue, 9 Dec 2014 21:34:15 +0000 (21:34 +0000)]
Merge "Remove default flavor from every template"
Jenkins [Tue, 9 Dec 2014 17:51:11 +0000 (17:51 +0000)]
Merge "bump up the number of sesson limit for rabbitmq"
Dan Prince [Sun, 7 Dec 2014 20:03:42 +0000 (15:03 -0500)]
Don't store Ceilo DB credentials on compute node
This patch removes all references to the Ceilometer DSN parameter
in the overcloud compute templates. These credentials
are not required in order to run the required Ceilometer
service/agents.
Change-Id: I421ce4fca87ac87dd65ab8bbb20e7ea9be8d9c5d
Dan Prince [Tue, 25 Nov 2014 20:14:03 +0000 (15:14 -0500)]
Don't store Neutron DB credentials on compute node
This patch removes all references to the Neutron DSN parameter
in the overcloud compute templates. These credentials
are not required in order to run the required Neutron
services.
Change-Id: I0691f43bd2ce85bec0d68ab979136414f0610c61
Dan Prince [Tue, 25 Nov 2014 20:02:00 +0000 (15:02 -0500)]
Don't store Nova DB credentials on compute nodes
Remove NovaDSN from overcloud compute.
When using the Conductor the Nova compute service
does not need access to the database. This patch
removes all references to the Nova DSN in the overcloud
compute templates.
Change-Id: If75f480489b84002dd061c183dbee3572a8b63f1
Dan Prince [Sat, 6 Dec 2014 02:07:32 +0000 (21:07 -0500)]
Remove missing cinder-storage Neutron* parameters
In I00af10e07feed6c9c97ee6cad545dbff88cd6afc we removed the
Neutron* parameters from cinder-storage.yaml but we forgot to
also remove them from overcloud-without-mergepy.yaml.
Change-Id: I09f2eb278fa0eba1dff80884f12b6f682c7b0484
Dan Prince [Fri, 5 Dec 2014 18:42:34 +0000 (13:42 -0500)]
Add missing novncproxy settings to controller
This patch adds the missing HAProxy novncproxy parameters to
controller.yaml
These parameters were adding to overcloud-source.yaml
in I0c6a3d6a8fd10da71abbf568633b28bdb5e56aa2.
Change-Id: Icff2f17a301e5e95fa43549ec1566c0c0d5b5353
Dan Prince [Fri, 5 Dec 2014 18:33:47 +0000 (13:33 -0500)]
Add missing HAProxy settings to controller
This patch adds the missing parameters to controller.yaml
These parameters were adding to overcloud-source.yaml
in I1581c091b996422fb1374ea4c024d0a88453e10b.
Change-Id: I3e4e0e1feb521dded2679fed508fa97e8dd27661
Dan Prince [Fri, 5 Dec 2014 16:13:18 +0000 (11:13 -0500)]
Add missing Neutron DVR params to without-mergepy
This patch adds the missing parameters to
overcloud-without-mergepy.yaml.
These parameters were adding to overcloud-source.yaml
in I422c65e7d941593083d52ad7fdf0dfd1d2fb3155. Due to
the concurrent review window they never made it
into the new overcloud-without-mergepy.yaml
implementation.
Change-Id: If54dc111aec852f906c9e7ac1bf56f9dcaf678ea
Dan Prince [Fri, 5 Dec 2014 15:44:29 +0000 (10:44 -0500)]
Remove duplicate Neutron params in overcloud
In I422c65e7d941593083d52ad7fdf0dfd1d2fb3155
(Enable Neutron DVR support in TripleO installation)
we added duplicate parameters for NeutronPublicInterfaceRawDevice
and NeutronNetworkType.
In preparation for syncing with overcloud-without-mergepy.yaml
lets remove these dups.
Change-Id: Ib4888bc91f30aeb3aba590b69e4919a93f577143
Dan Prince [Fri, 5 Dec 2014 15:13:36 +0000 (10:13 -0500)]
Add missing Keystone params to without-mergepy
This patch adds the missing KeystoneSSLCertificate and
KeystoneSSLCertificateKey to overcloud-without-mergepy.yaml.
These parameters were adding to overcloud-source.yaml
in Icf46132230512a31b6dec3c07164c95b13dd8f73. Due to
the concurrent review window they never made it
into the new overcloud-without-mergepy.yaml
implementation.
Change-Id: I8b1155ca0a28392e5d5ade57d53bf810d8b5f053
Dan Prince [Fri, 5 Dec 2014 15:00:13 +0000 (10:00 -0500)]
Add missing Rabbit params to without-mergepy
This patch adds the missing RabbitClientUseSSL and
RabbitClientPort to overcloud-without-mergepy.yaml.
These parameters were adding to overcloud-source.yaml
in I7b7613cb60b9095ba5665c335c496fea4514391a. Due to
the concurrent review window they never made it
into the new overcloud-without-mergepy.yaml
implementation.
Change-Id: I182671b84d0a21d7018eb136003968f101384716
Dan Prince [Tue, 25 Nov 2014 20:23:22 +0000 (15:23 -0500)]
Set default network interfaces to nic1
Now that we are using os-net-config we can make use of
the nic naming abstraction layer where the actual physical
nic name is mapped automatically.
This change removes all the eth0 references and replaces
them with nic1 which should make it more likely
that these default values would actually work on
some distributions.
It also removes the single instance of eth2 in the
undercloud-bm-nova-deploy.yaml template and replaces
it with nic1 as well. Underclouds aren't a special case
in this regard (I run my bare metal undercloud on em1)
so there is no good reason to default to the second nic.
Change-Id: I3ea92a502bc4b8789f74913f232ac8bc6b843008
Jenkins [Fri, 5 Dec 2014 18:51:25 +0000 (18:51 +0000)]
Merge "Remove LiveUpdate params"
Giulio Fidente [Thu, 4 Dec 2014 17:38:17 +0000 (18:38 +0100)]
Align the cinder-storage.yaml template with block-storage.yaml
Change-Id: I00af10e07feed6c9c97ee6cad545dbff88cd6afc
Dan Prince [Mon, 1 Dec 2014 15:05:44 +0000 (10:05 -0500)]
Remove LiveUpdate params
The params were added in I2997d23c584055c40034827e9beb58e6542ea11c
as a means to pass undercloud image data to overcloud instances
so they could perform an update via takeovernode). We've
never actually made use of them via takeovernode... furthermore
these params are a bit stale in that they haven't been applied
to other instance types (storage, etc.).
I propose we remove them entirely and start with a fresh plan for
how these would get used (perhaps a blueprint). As is these don't
appear to have ever been fully wired up to do anything removing
them should have no effect on end users.
Change-Id: I96f91fb0d67e7fe203d3767c8ab89ce82adbe331
Jerry Zhao [Tue, 25 Nov 2014 17:02:13 +0000 (09:02 -0800)]
bump up the number of sesson limit for rabbitmq
the default maxconn is only 150, which maybe good for api services
but not enough for the rabbitmq session in a cluster as small as 15
nodes. so bump up the number to 1500 for rabbitmq to allow for 100
nodes. this number should be calculated based on the scale numbers
in the long run.
Closes-bug: #
1386406
Change-Id: Ieb707b31022a6fc9ade32ed2a332b67bf4dc0311
Steve Kowalik [Thu, 27 Nov 2014 02:01:54 +0000 (13:01 +1100)]
Remove default flavor from every template
With the push to using the new setup-flavors provided by
os-cloud-config, the default flavor will no longer be called
'baremetal', and Heat will always validate the default even if it
is overridden. To that end, remove the default flavor from every
flavor definition. Just to be certain, also add a custom_constraint
to every flavor definition that was missing it.
Change-Id: I24251e73be4e86738857f73b89499f592c4908de
Jenkins [Wed, 26 Nov 2014 08:35:04 +0000 (08:35 +0000)]
Merge "Don't replace OS::Neutron::Port on update of undercloud"
Jerry Zhao [Mon, 24 Nov 2014 21:18:52 +0000 (13:18 -0800)]
Fix empty local_ip in ml2_conf.ini on undercloud
empty local_ip in ml2_conf.ini would make neutron-openvswitch-agent
fail to start, then fail to bridge dhcp to br-ctlplane and pxe boot an
overcloud, so provide the value in undercloud-source.yaml.
Related-Bug: #
1394956
Change-Id: If3a94b9c2b971ceb7601f91a2db64989960fb5d3
Jenkins [Wed, 19 Nov 2014 20:25:17 +0000 (20:25 +0000)]
Merge "Split out Nova software config"
Jenkins [Tue, 18 Nov 2014 10:48:06 +0000 (10:48 +0000)]
Merge "Add swift.mount-check metadata"
Dan Prince [Wed, 15 Oct 2014 15:18:42 +0000 (11:18 -0400)]
Split out Nova software config
This is a step towards supporting pluggable software configurations
in the heat templates. By moving compute-config out of compute.yaml
we make it possible to define alternate implementations by
changing the OS::TripleO::Compute::SoftwareConfig value in the
overcloud-resource-registry.yaml heat environment file.
Co-Authored-By: Steve Hardy <shardy@redhat.com>
Change-Id: I250dc1a8c02626cf7d1a5d2ce92706504ec0c7de
Jenkins [Fri, 14 Nov 2014 10:10:14 +0000 (10:10 +0000)]
Merge "Use HAProxy httpchk for openstack services"
Nicholas Randon [Thu, 13 Nov 2014 09:18:34 +0000 (09:18 +0000)]
Provide a single stunnel connect_host
At present connect_host is specified by each port, individually, as
the same value. Move connect_host to be a direct child of the stunnel
element so it is only specified once.
Although previously we could theoretically specify a different
connect_host for each service, in practice they were the same and
that never would have worked.
This change means Mustache like {{#stunnel.connect_host}} will work.
Change-Id: I25c4bb09cf28a3728e959d4dd583af26a602ad90
Partial-Bug: #
1391926
Eamonn O'Toole [Wed, 22 Oct 2014 13:06:09 +0000 (14:06 +0100)]
Add swift.mount-check metadata
We've submitted a patch (https://review.openstack.org/#/c/130172/)
to set the value of mount_check to swift.mount-check if it exists,
and otherwise to set mount_check to false. By default TripleO
deployments set mount_check to false since they do not use mounted
disks to store data. However we (HP) and others are now using
TripleO to deploy Swift servers with mounted drives for data, in
which case mount_check should be set to True. This change adds
swift.mount-check data and sets it to the value of the
SwiftMountCheck parameter, which has a default value of False.
Change-Id: I36fece56bafa9fe9c4883b572687b3fc819eeae1
Jenkins [Tue, 11 Nov 2014 15:25:11 +0000 (15:25 +0000)]
Merge "Enable Neutron DVR support in TripleO installation"
James Polley [Mon, 10 Nov 2014 10:43:51 +0000 (11:43 +0100)]
Don't replace OS::Neutron::Port on update of undercloud
This change is congruent with I6dd02ae17407f8f4c81ae418e5027f4f38ae4e9b
but applies to undercloud configs rather than overcloud configs.
I've listed this as closing 138709 even though that bug didn't talk
about the undercloud as this seems like it's another instance of the
same issue seen there.
Change-Id: I3ee80043bb455460991e78525fa4310934df4697
Closes-Bug: #
1383709
Tom Cammann [Tue, 4 Nov 2014 11:11:52 +0000 (11:11 +0000)]
Use HAProxy httpchk for openstack services
Instead of the default TCP connection check use the HTTP check. This
provides a more reliable way to tell if the service is up or not, only
2xx and 3xx response codes will signal a healthy service. This check can
also be used in conjunction with check-ssl to enable checks for services
running SSL/TLS in overcloud.
Change-Id: I1581c091b996422fb1374ea4c024d0a88453e10b
Jenkins [Fri, 31 Oct 2014 15:42:22 +0000 (15:42 +0000)]
Merge "Use parameter constraints for image, key and flavor"
Jenkins [Fri, 31 Oct 2014 01:41:49 +0000 (01:41 +0000)]
Merge "Add converted version of block and object storage"
Jenkins [Thu, 30 Oct 2014 16:38:34 +0000 (16:38 +0000)]
Merge "Don't replace OS::Neutron::Port on update"
Jenkins [Thu, 30 Oct 2014 09:11:01 +0000 (09:11 +0000)]
Merge "Add SSL PKI properties for keystone"
Steve Hardy [Tue, 28 Oct 2014 19:22:18 +0000 (19:22 +0000)]
Don't replace OS::Neutron::Port on update
Due to an ununsual interface to OS::Neutron::Port resources,
it's necessary to specify replacement_policy: AUTO, or the
resource is unconditionally replaced on every stack update.
I've started discussion re possibly changing the default in
Heat, but right now, we need this or we have the bad outcome
of replacing all (!) compute and controller nodes on every
stack-update, even if the templates are unmodified.
Passing the AUTO value should be safe regardless of any
potential change of default value in Heat.
Change-Id: I6dd02ae17407f8f4c81ae418e5027f4f38ae4e9b
Closes-Bug: #
1383709
Phil Neal [Mon, 27 Oct 2014 19:30:16 +0000 (13:30 -0600)]
Add overcloud options for SSL RabbitMQ connections
Adds configuration options for Rabbit port and use_ssl settings using a shared
RabbitMQ parameter.
Change-Id: I7b7613cb60b9095ba5665c335c496fea4514391a
Jenkins [Mon, 27 Oct 2014 08:07:49 +0000 (08:07 +0000)]
Merge "Simplify the layout of haproxy net binds config"
Jenkins [Fri, 24 Oct 2014 07:40:24 +0000 (07:40 +0000)]
Merge "Add block completion signal"
Steven Hardy [Thu, 23 Oct 2014 15:42:45 +0000 (16:42 +0100)]
Use parameter constraints for image, key and flavor
If you don't have (or provide) the wrong image, KeyName,
or flavor, we fail at some later point (not always early,
depending on what's wrong).
Since Icehouse, Heat has had a "custom constraints" method
of dynamically validating parameter values, by comparing the
value provided with a list from the underlying service.
Despite the name, there's nothing "custom" about the constraints,
these ones are included in Heat by default (though they are pluggable,
which is where the name comes from..)
See the docs for more info:
http://docs.openstack.org/developer/heat/template_guide/hot_spec.html#custom-constraint
Note, I've not considered network validation here, this could
possibly be added in a subsequent patch.
These constraints are evaluated via any of the following:
- heat template-validate -f <template>
- heat stack-preview <arguments given to create>
- heat stack-create <arguments, fails fast before creating anything>
- heat stack-update <arguments, fails fast before updating anything>
Change-Id: I3a6374ce5421575cdde893c62aa97c750a07acd8
Erik Colnick [Wed, 8 Oct 2014 13:04:07 +0000 (07:04 -0600)]
Enable Neutron DVR support in TripleO installation
This change adds the necessary elements to the overcloud-source.yaml,
nova-compute-config.yaml and nova-compute-instance.yaml to allow Neutron
Distributed Virtual Routers (DVR) to be enabled. The added elements are
set to default to values such that DVR is not enabled in keeping with
backwards compatibility.
Change-Id: I422c65e7d941593083d52ad7fdf0dfd1d2fb3155
blueprint: support-neutron-dvr
Gregory Haynes [Thu, 16 Oct 2014 21:10:43 +0000 (14:10 -0700)]
Add SSL PKI properties for keystone
To implement the SSL PKI spec we need to change the keystone ssl cert
and cert key properties to be more generalizable. We also need to
support the old properties for backwards compatibility.
Change-Id: Icf46132230512a31b6dec3c07164c95b13dd8f73
Nicholas Randon [Fri, 17 Oct 2014 13:42:10 +0000 (14:42 +0100)]
Simplify the layout of haproxy net binds config
Make the net binds simpler to maintain.
Change-Id: I7c7f2cde38a88976afe33097cdfe4a93d62a6417
Peter Belanyi [Wed, 24 Sep 2014 11:51:13 +0000 (07:51 -0400)]
Add converted version of block and object storage
This patch extends the previous 'Don't use merge.py for overcloud'
commit with the cinder-storage.yaml and swift-storage.yaml templates.
Requirements for this to deploy:
1. Block and object storage images have to be built
(overcloud-cinder-volume and overcloud-swift-storage)
2. The images have to be loaded by devtest_overcloud.sh
OVERCLOUD_CINDER_ID=$(load-image -d $TRIPLEO_ROOT/overcloud-cinder-volume.qcow2)
OVERCLOUD_SWIFT_ID=$(load-image -d $TRIPLEO_ROOT/overcloud-swift-storage.qcow2)
Change-Id: I45f9d9f051970a83e26c0fd924d7c98276958113
Alexis Lee [Mon, 13 Oct 2014 12:50:54 +0000 (13:50 +0100)]
Add block completion signal
In I973d197245ed32612bde9209479e6ae3a443fc69, the signal_transport was
set to NO_SIGNAL to prevent the resource staying CREATE_IN_PROGRESS
forever. This means that Heat reports the stack is configured before it
actually is.
The correct fix was to add completion-signal to BlockStorageConfig.
However now there's a BlockStorage0AllNodesDeployment, we simply have to
receive the signal from allNodesConfig by setting the deployment
signal-transport.
Change-Id: I1f6408ca39fddd146e7aae140f61d265bbf563ec
Tomas Sedovic [Wed, 6 Aug 2014 11:24:10 +0000 (13:24 +0200)]
Compute and controller templates without merge.py
This provides three templates: overcloud-without-mergepy.yaml,
compute.yaml and controller.yaml. These can be used in combination with
overcloud-resource-registry.yaml to deploy the overcloud on their own --
without having to do any pre-processing (via merge.py).
To test these you have to add the resource registry environment (in
addition to the existing `-e` option) and use the new overcloud template
in the Heat call in devtest_overcloud.sh (line 374):
heat $HEAT_OP -e $TRIPLEO_ROOT/overcloud-env.json \
-e "$TRIPLEO_ROOT/tripleo-heat-templates/overcloud-resource-registry.yaml" \
-t 360 \
-f $TRIPLEO_ROOT/tripleo-heat-templates/overcloud-without-mergepy.yaml \
-P "ExtraConfig=${OVERCLOUD_EXTRA_CONFIG}" \
$STACKNAME
The existing overcloud Heat environment
($TRIPLE_ROOT/overcloud-env.json) should keep on working. Scaling is
now being controlled by the `ControllerCount` and `ComputeCount`
template parameters, though.
NOTE: the changes here depend on a fairly recent Heat build (commit
e5f285f6cb from ~7th September, 2014). In other words, this requires
Juno Heat.
Also, passing more than one environment file to Heat requires
python-heatclient version 0.2.11.
Change-Id: I687a00c7dc164ba044f9f2dfca96a02401427855
Jenkins [Mon, 20 Oct 2014 10:07:19 +0000 (10:07 +0000)]
Merge "Passthrough{Specific} and allNodesConfig for BlockStorage nodes"
Giulio Fidente [Tue, 5 Aug 2014 16:44:33 +0000 (18:44 +0200)]
Passthrough{Specific} and allNodesConfig for BlockStorage nodes
Purpose of this change is to allow passthrough of *specific values*
for *same key* in particular to BlockStorage nodes. Same
behaviour is already implemented for controllers and computes.
Change-Id: I7074a8f7d406adaa56e55013b10bd520fcacfcf6
Jenkins [Thu, 16 Oct 2014 15:42:43 +0000 (15:42 +0000)]
Merge "Refactor Heat dependencies for nova compute"
Jenkins [Wed, 15 Oct 2014 22:17:27 +0000 (22:17 +0000)]
Merge "Configures haproxy to serve novnc_proxy"
Jenkins [Wed, 15 Oct 2014 22:01:55 +0000 (22:01 +0000)]
Merge "Secure the MySQL bind-address on the undercloud"
Tom Cammann [Thu, 18 Sep 2014 10:28:08 +0000 (11:28 +0100)]
Refactor Heat dependencies for nova compute
Allows heat to have more control of the parallelism of the deploy
and allow easy integration of the new heat dependencies required for
nova compute integration. At present is difficult understand and has
unnecessary complex dependencies.
Change-Id: Ie566b8b14cbd98fe29cc2368a96d45cc74ca4715
Co-Authored-By: Nicholas Randon <nicholas.randon@hp.com>
Alexis Lee [Wed, 8 Oct 2014 14:17:29 +0000 (15:17 +0100)]
Sort inputs and parameters
They're mostly rather higgledy-piggledy at the moment which makes it
quite difficult to compare against files where these are sorted. EG
compute.yaml from I687a00c7dc164ba044f9f2dfca96a02401427855.
Change-Id: I508a3d0f6a79810d2100fdd1ad143bcd37bf8c00
Jenkins [Tue, 7 Oct 2014 20:50:59 +0000 (20:50 +0000)]
Merge "Add SwiftMinPartHours parameter"
Therese McHale [Tue, 7 Oct 2014 12:57:51 +0000 (13:57 +0100)]
Secure the MySQL bind-address on the undercloud
The MySQL bind-address on the undercloud should be set to
localhost for security.
Change-Id: I0ea485fa6673c06087f5c5baedf591fba54288a4
Loganathan Parthipan [Wed, 1 Oct 2014 11:53:23 +0000 (12:53 +0100)]
Configures haproxy to serve novnc_proxy
This patch configures haproxy to serve novnc_proxy which currently
listens on 0.0.0.0. So before this patch goes in novnc needs to be
listening on local-ipv4 like the rest of the services. The following
patch does that in image-elements.
https://review.openstack.org/#/c/125326/
Change-Id: I0c6a3d6a8fd10da71abbf568633b28bdb5e56aa2
Jenkins [Tue, 30 Sep 2014 11:53:51 +0000 (11:53 +0000)]
Merge "Remove unnecessary completion signal"
Lorcan [Fri, 12 Sep 2014 12:40:24 +0000 (13:40 +0100)]
Add SwiftMinPartHours parameter
This parameter adds the facility for an operator to set the length
of time in hours that a partition in a swift ring can be altered
following a rebalance of that ring. The default value is set to one.
The corresponding element change is here:
Ie6438386a54794e1ae2f31ad925db01c2c10ed6d
Change-Id: Icc5e431a7e2884b3ca3a255b6fd901619bc98460
Jenkins [Fri, 26 Sep 2014 12:23:12 +0000 (12:23 +0000)]
Merge "undercloud: use Nova compute Ironic driver"
Dan Prince [Fri, 19 Sep 2014 14:44:32 +0000 (10:44 -0400)]
undercloud: use Nova compute Ironic driver
Updates the NovaComputeDriver and NovaSchedulerHostManager
defaults so that we use the Nova in-tree versions of
the Ironic compute and scheduler host managers.
The old Ironic in-tree drivers are now deprecated.
Change-Id: I91667a3e7861591285c931006c448cc304649349
Dan Prince [Fri, 19 Sep 2014 14:27:52 +0000 (10:27 -0400)]
Drop CinderLVMLoopDeviceSize from the undercloud
This parameter is unused so lets drop it.
Change-Id: Ie0bec06b14b6b284716604281d29fea065c2a03b
Tom Cammann [Thu, 18 Sep 2014 09:54:37 +0000 (10:54 +0100)]
Remove unnecessary completion signal
There is a spurious completion signal in nova compute config which is
confusing and unnecessary.
Change-Id: I302470933c80443a1069faa03cc924f14ba71ca3
Co-Author: Nicholas Randon
Jenkins [Thu, 18 Sep 2014 06:41:08 +0000 (06:41 +0000)]
Merge "Deprecate Role and ImageBuilder metadata handling"
Jenkins [Tue, 16 Sep 2014 09:15:26 +0000 (09:15 +0000)]
Merge "Parametrize Swift partition power"