Pradeep Kilambi [Wed, 11 Jan 2017 18:56:57 +0000 (13:56 -0500)]
Restrict mongodb memory usage
Currently, mongodb has no limits on how much memory
it can consume. This enforces restriction so mongodb
service limits through systemd.
The puppet-systemd module has support for limits. The
MemoryLimit support is added in the follwoing pull
request https://github.com/camptocamp/puppet-systemd/pull/23
Closes-bug: #
1656558
Change-Id: Ie9391aa39532507c5de8dd668a70d5b66e17c891
Alex Schultz [Fri, 31 Mar 2017 23:41:36 +0000 (17:41 -0600)]
Move horizon to step 3
We configure apache in step 3 so horizon should be configured at the
same time or else updates will cause horizon to be unvailable during the
update process.
Change-Id: I4032f7c24edc0ff9ed637e213870cdd3beb9a54e
Closes-Bug: #
1678338
Jenkins [Sun, 2 Apr 2017 03:53:20 +0000 (03:53 +0000)]
Merge "Decouple ceilometer user create from API"
Jenkins [Thu, 30 Mar 2017 22:07:36 +0000 (22:07 +0000)]
Merge "Add missing include of ::ec2api::keystone::authtoken"
Jenkins [Thu, 30 Mar 2017 21:42:20 +0000 (21:42 +0000)]
Merge "Fix deprecated eqlx parameters"
Pradeep Kilambi [Wed, 29 Mar 2017 19:07:36 +0000 (15:07 -0400)]
Decouple ceilometer user create from API
Ceilometer user is needed for other ceilometer services to
authenticate with keystone even when API is not present.
So the data can be dispatched to gnocchi. Lets keep these
separate so user always exists even when api is not.
Depends-On: Iffebd40752eafb1d30b5962da8b5624fb9df7d48
Closes-bug: #
1677354
Change-Id: I8f4e543a7cef5e50a35a191fe20e276d518daf20
Jenkins [Thu, 30 Mar 2017 20:46:39 +0000 (20:46 +0000)]
Merge "Tuned should be configured properly"
Jenkins [Thu, 30 Mar 2017 18:23:48 +0000 (18:23 +0000)]
Merge "securetty: use validate_array for tty list"
Jenkins [Thu, 30 Mar 2017 15:47:28 +0000 (15:47 +0000)]
Merge "Move neutron profile out of step 4"
Juan Antonio Osorio Robles [Thu, 30 Mar 2017 09:01:32 +0000 (12:01 +0300)]
securetty: use validate_array for tty list
Change-Id: I1e79407ec6f360a2b205cec6cf8e812a11b799ea
Jenkins [Thu, 30 Mar 2017 07:27:34 +0000 (07:27 +0000)]
Merge "Adds service for managing securetty"
Jenkins [Thu, 30 Mar 2017 03:45:51 +0000 (03:45 +0000)]
Merge "Qpid dispatch router puppet profile"
lhinds [Thu, 23 Mar 2017 13:28:19 +0000 (13:28 +0000)]
Adds service for managing securetty
This adds the ability to manage the securetty file.
By allowing management of securetty, operators can limit root
console access and improve security through hardening.
Change-Id: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
Closes-Bug: #
1665042
Emilien Macchi [Wed, 29 Mar 2017 11:55:12 +0000 (07:55 -0400)]
Fix reno for rabbitmq-user-check
Change-Id: I5eed22ab0230a477d1629545b8ab1aeff33f4a35
Michele Baldessari [Thu, 26 Jan 2017 14:00:30 +0000 (15:00 +0100)]
Qpid dispatch router puppet profile
Depends-On: I4b56417ce8ee7502ad32da578bdc29c46e459bd5
Change-Id: Idecbbabdd4f06a37ff0cfb34dc23732b1176a608
Author: John Eckersberg <jeckersb@redhat.com>
Jenkins [Tue, 28 Mar 2017 18:22:56 +0000 (18:22 +0000)]
Merge "Re-run gnocchi and ceilometer upgrade in step 5"
Jenkins [Tue, 28 Mar 2017 11:44:04 +0000 (11:44 +0000)]
Merge "Include oslo.messaging amqp support for rpc and notifications"
Jenkins [Tue, 28 Mar 2017 08:08:19 +0000 (08:08 +0000)]
Merge "Add openstack-kolla to docker-registry profile"
Jenkins [Tue, 28 Mar 2017 05:58:00 +0000 (05:58 +0000)]
Merge "Check rabbitmq user at step >= 2"
Jenkins [Tue, 28 Mar 2017 05:27:59 +0000 (05:27 +0000)]
Merge "Include ceph::profile::client from rgw.pp"
Sven Anderson [Mon, 27 Mar 2017 15:35:21 +0000 (17:35 +0200)]
Add missing include of ::ec2api::keystone::authtoken
Change-Id: Id933276fab16eebd72751dca136ad805547e6291
Related-Bug: #
1676491
Pradeep Kilambi [Mon, 20 Mar 2017 15:44:53 +0000 (11:44 -0400)]
Re-run gnocchi and ceilometer upgrade in step 5
Without this gnocchi resources types are not created
as they are skipped initially and the resources from
ceilometer wont make it to gnocchi.
Closes-bug: #
1674421
Depends-On: I753f37e121b95813e345f200ad3f3e75ec4bd7e1
Change-Id: Ib45bf1b3e526a58f675d7555fe7bb5038dadeede
Peng Liu [Fri, 3 Mar 2017 06:12:11 +0000 (14:12 +0800)]
Add l2 gateway Neutron service plugin profile
Introduce profile to configure l2 gateway Neutron
service plugin.
Implements: blueprint l2gw-service-integration
Change-Id: I01a8afdc51b2a077be1bbc7855892f68756e1fd3
Signed-off-by: Peng Liu <pliu@redhat.com>
Juan Antonio Osorio Robles [Mon, 13 Mar 2017 12:56:01 +0000 (14:56 +0200)]
Remove certificate request bits from service profiles
This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.
Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Alex Schultz [Thu, 23 Mar 2017 15:58:34 +0000 (09:58 -0600)]
Ensure iscsi-initiator-utils installed
We attempt to use iscsi-iname in an exec for our nova compute profile
but we do not ensure that the package providing this command is
installed. This change adds the package definition for
iscsi-initiator-utils to ensure it is installed before trying to use
iscsi-iname.
Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d
Closes-Bug: #
1675462
James Slagle [Wed, 22 Mar 2017 21:58:29 +0000 (17:58 -0400)]
Check rabbitmq user at step >= 2
The rabbitmq user check is moved to step >= 2 from step >= 1. There is
no gaurantee that rabbitmq is running at step 1, especially if updating
a failed stack that never made it past step 1 to begin with.
Change-Id: I029193da4c180deff3ab516bc8dc2da14c279317
Closes-Bug: #
1675194
Carlos Camacho [Mon, 13 Mar 2017 07:51:07 +0000 (08:51 +0100)]
Move neutron profile out of step 4
This submission moves the neutron profile
`::tripleo::profile::base::neutron`
our of step 4.
Change-Id: I4d0617b0d7801426ea6827e70f5f31f10bbcc038
Andrew Smith [Sun, 19 Mar 2017 21:07:47 +0000 (17:07 -0400)]
Include oslo.messaging amqp support for rpc and notifications
This commit conditionally includes messaging amqp class for the
oslo.messaging AMQP 1.0 driver to support notifications.
This patch:
* include keystone::messaging::amqp class for oslo_messaging_amqp opts
Change-Id: I8eb23a21d2499795c3a76ae3197bda7773165a8c
Jenkins [Fri, 17 Mar 2017 21:46:57 +0000 (21:46 +0000)]
Merge "Enables OpenDaylight Clustering in HA deployments"
Jenkins [Fri, 17 Mar 2017 11:27:05 +0000 (11:27 +0000)]
Merge "Explicitly configure credentials used by ironic to access other services"
Tim Rozet [Wed, 25 Jan 2017 20:09:32 +0000 (15:09 -0500)]
Enables OpenDaylight Clustering in HA deployments
Previously ODL was restricted to only running on the first node in an
tripleO HA deployment. This patches enables clustering for ODL and
allows multiple ODL instances (minimum 3 for HA).
Partially-implements: blueprint opendaylight-ha
Change-Id: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31
Signed-off-by: Tim Rozet <trozet@redhat.com>
Dmitry Tantsur [Wed, 15 Mar 2017 15:58:23 +0000 (16:58 +0100)]
Explicitly configure credentials used by ironic to access other services
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.
As a side effect, this change makes it possible to potentially enable
ironic-inspector support in the future (it's not enabled yet).
Change-Id: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #
1661250
Jenkins [Thu, 16 Mar 2017 15:50:10 +0000 (15:50 +0000)]
Merge "Add spec tests for tripleo::certmonger::mysql class"
Jenkins [Thu, 16 Mar 2017 15:22:18 +0000 (15:22 +0000)]
Merge "Add spec tests for tripleo::certmonger::ca::local class"
Jenkins [Thu, 16 Mar 2017 15:21:49 +0000 (15:21 +0000)]
Merge "Add spec test for tripleo::certmonger::httpd resource"
Jenkins [Thu, 16 Mar 2017 09:32:23 +0000 (09:32 +0000)]
Merge "Create profile to request certificates for the services in the node"
Juan Antonio Osorio Robles [Thu, 16 Mar 2017 09:13:36 +0000 (11:13 +0200)]
Add spec tests for tripleo::certmonger::ca::local class
Change-Id: I81e0850777f1498ba9b7a213ba02819847a40786
Juan Antonio Osorio Robles [Thu, 16 Mar 2017 09:01:53 +0000 (11:01 +0200)]
Add spec tests for tripleo::certmonger::mysql class
Change-Id: I81b0b8b54a034817f5791ff7e29f1a3065902642
Juan Antonio Osorio Robles [Thu, 16 Mar 2017 09:07:16 +0000 (11:07 +0200)]
Add spec test for tripleo::certmonger::httpd resource
Change-Id: Ia002aced6de474022d4aa4e9e3d7d5ee7c31a2b0
Giulio Fidente [Wed, 15 Mar 2017 23:45:11 +0000 (00:45 +0100)]
Include ceph::profile::client from rgw.pp
To deploy successfully the RadosGW service on a dedicated node
it is necessary to provision on the node a CephX keyring with the
needed permissions to import the RadosGW service keyring. This
change will provision any keyring passed via client_keys.
It makes possible to deploy the CephRgw service on any custom role
without including the CephClient service.
Change-Id: I5772eeb233ca241887226145a472c7a0363249cb
Closes-Bug: #
1673288
Jenkins [Wed, 15 Mar 2017 13:54:46 +0000 (13:54 +0000)]
Merge "HAProxy: Refactor certificate retrieval bits"
Jenkins [Tue, 14 Mar 2017 12:23:02 +0000 (12:23 +0000)]
Merge "Correct haproxy's stat unix socket path"
Juan Antonio Osorio Robles [Mon, 13 Mar 2017 12:21:17 +0000 (14:21 +0200)]
Create profile to request certificates for the services in the node
This profile will specifically be used to create all the certificates
required in the node. These are fetched from hiera and will be ran in
the first step of the overcloud deployment and in the undercloud.
The reasoning for this is that, with services moving to containers, we
can't yet do these requests for certificates within the containers for
the specific services. this is because the containers won't have
credentials to the CA, while the baremetal node does. So instead we
still do this on the baremetal node, and will subsequently bind mount
the certificates to the containers that need them. Also, this gives us
flexibility since this approach still works for the baremetal case.
There will be a subsequent commit removing the certificate requests from
the service-specific profiles.
Change-Id: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
Tim Rozet [Thu, 9 Mar 2017 17:04:10 +0000 (12:04 -0500)]
Fixes issues with raising mysql file limit
Changes Include:
- Adds spec testing
- Only raise limits if nonha. puppet-systemd will restart the mariadb
service which breaks ha deployments. Hence we only want to do this
in noha.
- Minor fix to hiera value refrenced not as parameter to mysql.pp
Partial-Bug: #
1648181
Related-Bug: #
1524809
Co-Authored By: Feng Pan <fpan@redhat.com>
Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Feng Pan <fpan@redhat.com>
Michele Baldessari [Wed, 8 Mar 2017 14:23:59 +0000 (15:23 +0100)]
Correct haproxy's stat unix socket path
We currently set the haproxy stat socket to /var/run/haproxy.sock.
On Centos/RHEL with selinux enabled this will break:
avc: denied { link } for pid=284010 comm="haproxy"
name="haproxy.sock" dev="tmpfs" ino=330803
scontext=system_u:system_r:haproxy_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
The blessed/correctly-labeled path is /var/lib/haproxy/stats
Note: I am setting only Partial-Bug because I would still like
to make this a parameter so other distros may just override the path.
But that change is more apt for pike and not for ocata.
Change-Id: I62aab6fb188a9103f1586edac1c2aa7949fdb08c
Patial-Bug: #
1671119
Paul Belanger [Mon, 13 Mar 2017 16:00:34 +0000 (12:00 -0400)]
Add bindep support
Bindep is an automation tool used by openstack-infra to bootstrap a
worker with default packages. Something not needed for puppet jobs.
Change-Id: I6b4784c233a2abad01da3408f131af2c89586868
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Juan Antonio Osorio Robles [Mon, 13 Mar 2017 12:09:36 +0000 (14:09 +0200)]
HAProxy: Refactor certificate retrieval bits
This moves the certificate request bits to simplify the profile and move
the logic to the HAProxy/certmonger specific manifest.
This is a small iteration on the effort to separate the certificate
retrieval to its own manifest since this part won't be containerized
yet.
Change-Id: Ibb01cd9a59049e4728615cb4f37e5bfac5800a92
Joe Talerico [Thu, 23 Feb 2017 22:05:01 +0000 (17:05 -0500)]
Tuned should be configured properly
Currently tuned uses the wrong profile on compute nodes. This patch will
allow users to update their tuned profile.
Fixes bug
1667524
Change-Id: Ic67aca7f5338ea4bb2d3843201e122c72d97056e
Jenkins [Sat, 11 Mar 2017 19:07:14 +0000 (19:07 +0000)]
Merge "Add support for BGPVPN service plugin"
Ricardo Noriega [Wed, 1 Feb 2017 12:32:14 +0000 (13:32 +0100)]
Add support for BGPVPN service plugin
Introduce profile to configure networking-bgpvpn service
Implements: blueprint bgpvpn-service-integration
Change-Id: I7c1686693a29cc1985f009bd7a3c268c0e211876
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
Jenkins [Sat, 11 Mar 2017 02:58:19 +0000 (02:58 +0000)]
Merge "httpd: Clean up heat API profiles and add release note"
Jenkins [Fri, 10 Mar 2017 20:42:56 +0000 (20:42 +0000)]
Merge "Deploy Heat APIs over httpd"
Alex Schultz [Fri, 10 Mar 2017 16:33:33 +0000 (09:33 -0700)]
Fix deprecated eqlx parameters
The eqlx_use_chap, eqlx_chap_login and eqlx_chap_password were
previously deprecated and are scheduled to be removed in Pike. This
change updates these parameters to use the replacement params.
See I295d8388ba17dd60e83995e7c82f64f02a3c4258 for more details.
Change-Id: I0f229ed2e7bb65d9da81c5caa69dbe1a4aded814
Juan Antonio Osorio Robles [Fri, 10 Mar 2017 09:44:56 +0000 (11:44 +0200)]
panko: Do db_sync in api manifest
The db_sync from panko comes from the panko-api package; So we move the
db_sync to be done in the api manifest as it's done for other services
such as barbican.
This is necessary since in cases where the overcloud deploy requires
puppet to do the installations, with the previous setup it failed since
the command wasn't available in the step it was being done.
Change-Id: I20a549cbaa2ee4b2c762dbae97f5cbf4d0b517c8
Closes-Bug: #
1671716
Juan Antonio Osorio Robles [Thu, 9 Mar 2017 15:17:40 +0000 (17:17 +0200)]
Add tests for tripleo::certmonger::rabbitmq class
Change-Id: I1668b749779bf812d8f55b695dd138cde7eb09d6
Juan Antonio Osorio Robles [Thu, 9 Jun 2016 06:33:20 +0000 (09:33 +0300)]
Enable TLS in the internal network for RabbitMQ
This optionally enables TLS for RabbitMQ in the internal network. Note
that this leaves enable_internal_tls as undef instead of using the
regular default. This is because we don't want to enable this just now,
since we first want to pass the necessary hieradata via t-h-t. This will
be cleaned in further commits.
bp tls-via-certmonger
Depends-On: I4f37e77ae12e9582fab7d326ebd4c70127c5445f
Depends-On: Ic32b2cb253fa0dc43aad7226b24919b7e588faa9
Change-Id: Ic2a7f877745a0a490ddc9315123bd1180b03c514
Emilien Macchi [Tue, 7 Mar 2017 17:01:30 +0000 (12:01 -0500)]
sahara: include authtoken class
authtoken class configures the keystone_authtoken parameters, required
to move to Keystone V3 auth.
Change-Id: Ibfd761fef813faa7bf13881c52c34e20d3eac9e5
Alex Schultz [Tue, 7 Mar 2017 18:27:12 +0000 (11:27 -0700)]
Update version for Pike
The current version information is behind that of stable/ocata. In order
to address some version generation issues in packaging, we need to bump
the version numbers for in preparation for the next version.
Change-Id: I586811d9623c4bb03b1b234eaed2b3b365ba6e3e
Releated-Bug: #
1669462
Juan Antonio Osorio Robles [Fri, 3 Mar 2017 08:40:04 +0000 (10:40 +0200)]
httpd: Clean up heat API profiles and add release note
There were some values that were passed to the classes manually, and
this takes the parameters from t-h-t instead. Also, the release note was
added.
bp tls-via-certmonger
Change-Id: I17c4b7041e16da6489f4b713fdeb28a6e1c5563c
Depends-On: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6
Juan Antonio Osorio Robles [Fri, 3 Mar 2017 07:53:35 +0000 (09:53 +0200)]
Deploy Heat APIs over httpd
This deploys the Heat APIs (api, cfn and cloudwatch) over httpd, and
includes the TLS-everywhere bits.
bp tls-via-certmonger
Change-Id: I23971b0164468e67c9b3577772af84bd947e16f1
Jenkins [Tue, 7 Mar 2017 13:58:35 +0000 (13:58 +0000)]
Merge "Stop the chronyd service"
Jenkins [Tue, 7 Mar 2017 03:39:32 +0000 (03:39 +0000)]
Merge "fix typo in release note"
Jenkins [Tue, 7 Mar 2017 03:16:40 +0000 (03:16 +0000)]
Merge "Throw warnings for norpm actions"
Emilien Macchi [Tue, 7 Mar 2017 02:06:25 +0000 (21:06 -0500)]
fix typo in release note
Change-Id: I89e544474b3f73a9e00d37dcddb605d5fe979ca8
Alex Schultz [Mon, 6 Mar 2017 17:02:16 +0000 (10:02 -0700)]
Stop the chronyd service
Since the norpm provider can prevent the chronyd package from actually
getting purged, we need to make sure the chronyd service is stopped and
disabled so that it does not conflict with ntpd.
Change-Id: I7a697aba7aa5a27ba4ab6e46018057f7f01dfab2
Closes-Bug: #
1665426
Steven Hardy [Thu, 2 Mar 2017 11:48:09 +0000 (11:48 +0000)]
Add docker profile
This configures the docker service on the host, as an alternative
to the firstboot script in docker/firstboot/setup_docker_host.sh
Doing this via puppet will enable easier integration with e.g
the multinode jobs where no firstboot scripts run, and also
enables a better error path in the event the service fails to start
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
Martin André [Mon, 6 Mar 2017 14:21:10 +0000 (15:21 +0100)]
Add openstack-kolla to docker-registry profile
Kolla will be used to build container images and populate the local
docker registry.
Change-Id: I325a5248754d269d77eaf78224c7379dd81d6053
Jenkins [Fri, 3 Mar 2017 20:41:54 +0000 (20:41 +0000)]
Merge "mariadb: Move generation of systemd drop-in to puppet-tripleo"
Alex Schultz [Fri, 3 Mar 2017 16:21:59 +0000 (09:21 -0700)]
Throw warnings for norpm actions
If the norpm provider attempts to do any install/update/remove actions,
we should throw a warning in the logs so people are aware that the
action did not actually take place.
Change-Id: Ieee5cac3412c709ba6b39316e455d7708cc9d22e
Closes-Bug: #
1669666
Jenkins [Wed, 1 Mar 2017 01:20:52 +0000 (01:20 +0000)]
Merge "mysqlclient: Drop hiera calls in favor of getting these via t-h-t"
Jenkins [Wed, 1 Mar 2017 01:20:42 +0000 (01:20 +0000)]
Merge "Configure MySQL client SSL connections via the config file"
Jenkins [Tue, 28 Feb 2017 14:32:17 +0000 (14:32 +0000)]
Merge "Revert "Add httpchk for http services""
Juan Antonio Osorio Robles [Tue, 28 Feb 2017 12:53:58 +0000 (14:53 +0200)]
mysqlclient: Drop hiera calls in favor of getting these via t-h-t
This also updates a leftover comment.
Change-Id: I870caf20103b044655e699aac09f6621414f5326
Depends-On: I5af5ccb88e644f4dd25503d8e7a93796695d3039
Juan Antonio Osorio Robles [Thu, 23 Feb 2017 13:03:56 +0000 (15:03 +0200)]
Configure MySQL client SSL connections via the config file
This does the actual configuration for the mysql client to use SSL if
the parameter is set via t-h-t.
Change-Id: I24e4c195a31109835739e78a6b53d36f661f9fd0
Depends-On: Ifd1a06e0749a05a65f6314255843f572d2209067
Jenkins [Tue, 28 Feb 2017 06:53:13 +0000 (06:53 +0000)]
Merge "Default neutron dhcp_agents_per_network to number of agents"
Jenkins [Tue, 28 Feb 2017 06:52:48 +0000 (06:52 +0000)]
Merge "Ironic inspector support"
Emilien Macchi [Tue, 28 Feb 2017 05:06:23 +0000 (05:06 +0000)]
Revert "Add httpchk for http services"
https://bugs.launchpad.net/tripleo/+bug/
1668493
I thought about a fix for ceph_rgw, but I realized
we might have missed other services too, specially
the ones we're not testing in CI.
We need to revisit this work and probably
make the code more robust for the services where
no CI coverage is done.
Related-Bug: #
1668493
This reverts commit
ebcc470ea8a632e6d5c13561a97e817d5f290aac.
Change-Id: I3f79c881d8aeda361a59f9952948355986a7c835
Jenkins [Mon, 27 Feb 2017 21:01:40 +0000 (21:01 +0000)]
Merge "Add ceilometer polling agent profile"
Damien Ciabrini [Wed, 7 Dec 2016 18:09:06 +0000 (19:09 +0100)]
mariadb: Move generation of systemd drop-in to puppet-tripleo
Systemd starts mariadb as user mysql, so in order to allow a large
number of connections (e.g. max_connections=4096) it is necessary to
raise the file descriptor limit via a system drop-in file.
When installing an undercloud, such drop-in file is currently
generated by instack-undercloud (in file puppet-stack-config.pp). But
non-HA overcloud also need such drop-in to be generated.
In order to avoid duplicating code, the drop-in creation code should
be provided by puppet-tripleo. By default, no drop-in is generated;
it has to be enabled by instack-undercloud or tripleo-heat-template
once they will use it (resp. to create undercloud or non-HA overcloud).
This patch does not aim at generating a dynamic file limit based on
the number of connections, this should land in another dedicated
patch. Instead, it just reuses the limit currently set for undercloud
and HA-overclouds.
Also, the generation of the drop-in does not force a mysql restart
like it currently does in instack-undercloud, to avoid unexpected
service disruption on a non-HA overcloud after a minor update.
Co-Authored-By: Tim Rozet <trozet@redhat.com>
Depends-On: I7ca7b5f7614971455cae2bf7c4bf8264b642b0dc
Change-Id: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6
Partial-Bug: #
1648181
Related-Bug: #
1524809
Alex Schultz [Mon, 27 Feb 2017 16:07:21 +0000 (09:07 -0700)]
Add release note for httpchk
Adding release note for Ie72b96c76d7513f84003bc15b6527c97df7ba92f
Change-Id: Ie3dd31519a4a2cc7aa94a5fc7cd7e906482668f3
Related-Bug: #
1629052
Brent Eagles [Fri, 24 Feb 2017 15:22:11 +0000 (11:52 -0330)]
Default neutron dhcp_agents_per_network to number of agents
This patch will set neutron's dhcp_agents_per_network equal to the
number of deployed neutron DHCP agents unless otherwise explicitly set.
Partial-bug: #
1632721
Change-Id: I5533e42c5ba9f72cc70d80489a07e30ee2341198
Jenkins [Mon, 27 Feb 2017 14:40:38 +0000 (14:40 +0000)]
Merge "Remove todo comment"
Jenkins [Mon, 27 Feb 2017 01:13:32 +0000 (01:13 +0000)]
Merge "Add httpchk for http services"
Carlos Camacho [Sun, 26 Feb 2017 20:44:37 +0000 (21:44 +0100)]
Remove todo comment
We can remove the sprintf todo comment (Already fixed).
Change-Id: I407cbf015ccd23a28ee01a669d397479277b4fd3
Pradeep Kilambi [Tue, 7 Feb 2017 20:47:49 +0000 (15:47 -0500)]
Add ceilometer polling agent profile
Ceilometer central, compute and ipmi agent classes are
deprecated. Instead we should be using polling agent
with relevant namespace.
Closes-bug: #
1662685
Change-Id: I1ee50124bf8936e12414f984e1bcd4545d92e953
Jenkins [Sat, 25 Feb 2017 16:04:22 +0000 (16:04 +0000)]
Merge "Remove the string cast for using transport_url"
Jenkins [Fri, 24 Feb 2017 14:12:29 +0000 (14:12 +0000)]
Merge "Replace default to be more robust"
Alex Schultz [Tue, 8 Nov 2016 00:17:15 +0000 (17:17 -0700)]
Add httpchk for http services
The httpchk health check option should help reduce the situtations
where haproxy thinks the service is up but the service is only
listening and not actively serving http requests.
Change-Id: Ie72b96c76d7513f84003bc15b6527c97df7ba92f
Closes-Bug: #
1629052
Carlos Camacho [Tue, 21 Feb 2017 13:58:21 +0000 (14:58 +0100)]
Remove the string cast for using transport_url
os_transport_url was updated to allow receiving
a string or an integer as parameter.
Fixes the workarounds in puppet-tripleo
Change-Id: I50993514048bf96b5a42b3425a7d6f98778fe694
Depends-On: I9e56f8e2de542b20fe9e6995506cff5bb435e220
Dan Prince [Mon, 13 Feb 2017 15:07:24 +0000 (10:07 -0500)]
Configure authtoken in Nova Placement
The Nova Placement API's configuration currently relies
on the nova-api profile for its keystone authtoken
configuration. This means that Nova Placement would
fail if it got installed on an isolated node or
docker container (this currently breaks TripleO's
deployment of placement via docker).
This patch creates a new authtoken profile and
calls it via the api and placement roles.
Change-Id: I7b38ab6ba5cae41689ac500d97dec4d09c73d387
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Jenkins [Tue, 21 Feb 2017 21:16:21 +0000 (21:16 +0000)]
Merge "Add VPP service"
Jiri Stransky [Tue, 21 Feb 2017 12:54:06 +0000 (13:54 +0100)]
Stop accidentally removing docker-distribution
By default Puppet does virtual package matching if precise name matching
fails. Docker-distribution RPM "provides" docker-registry:
bash-4.2# rpm -q --whatprovides docker-registry
docker-distribution-2.5.1-1.el7.x86_64
This means that when we wanted to make docker-registry package absent,
we were actually removing docker-distribution instead. This is now fixed
by allow_virtual => false. Only name matching is performed.
Change-Id: I1f93b404085f0bc2b6c063f573c801db6409c0bb
Closes-Bug: #
1666459
Dan Prince [Mon, 20 Feb 2017 18:53:57 +0000 (13:53 -0500)]
Ironic inspector support
This includes a new ironic-inspector profile, and updates
to the mysql and keystone profiles so that a database
and endpoints are also created when the inspector
is enabled.
Change-Id: I4a71a95efb87a10528df0600277768969a32117b
David Gurtner [Mon, 20 Feb 2017 17:50:54 +0000 (18:50 +0100)]
Replace default to be more robust
Specifying undef as the fallback only works because the merge
function specifically checks for this:
next if arg.is_a? String and arg.empty? # empty string is synonym for puppet's undef
But the empty Hash would be a much more robust default.
Change-Id: I7e302c00ef030d75998e352d88b3ccc60b194ab7
Jenkins [Mon, 20 Feb 2017 16:37:25 +0000 (16:37 +0000)]
Merge "Allow neutron_options customization for dashboard"
Jenkins [Mon, 20 Feb 2017 16:04:16 +0000 (16:04 +0000)]
Merge "Use rpc and notify transport_url for oslo_messaging backends"
Jenkins [Sat, 18 Feb 2017 08:57:42 +0000 (08:57 +0000)]
Merge "Create /etc/my.cnf.d/tripleo.cnf with proper bind-address"
Jenkins [Sat, 18 Feb 2017 04:52:24 +0000 (04:52 +0000)]
Merge "Enable languages in UI config"
Jenkins [Fri, 17 Feb 2017 17:44:34 +0000 (17:44 +0000)]
Merge "Add virtual_packages support to norpm provider"
Michele Baldessari [Thu, 9 Feb 2017 09:53:06 +0000 (10:53 +0100)]
Create /etc/my.cnf.d/tripleo.cnf with proper bind-address
When fixing LP#
1643487 we added ?bind_address to all DB URIs.
Since this clashes with Cellsv2 due to the URIs becoming host
dependent, we need a new approach to pass bind_address to pymysql
that leaves the DB URIs host-independent.
We first create a /etc/my.cnf.d/tripleo.cnf file with a [tripleo]
section and in this section we add the correct bind-address option.
Note that we use the puppet augeas lens and not the mysql one
because the mysql one does not support custom sections *and* there
are older versions around which do not like the /etc/my.cnf.d/* path.
The reason for not reusing an existing mariadb file (my.cnf or
galera.cnf) is that pymysql's ini file support is not robust
enough at the moment: https://github.com/PyMySQL/PyMySQL/issues/548
The reason for putting this file creation code only on the controller
nodes the following: The slow VIP failover only happens if a
service runs where the VIPs exist. The VIPs get created in the
haproxy profile and that is why in order to have fast VIP failovers
the MySQLClient profile must live where the Haproxy service is running.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Partial-Bug: #
1663181
Change-Id: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
Code Review / apex-puppet-tripleo.git / log