Steven Hardy [Thu, 17 Nov 2016 11:02:57 +0000 (11:02 +0000)]
Move calculation of neutron l3_ha into puppet profile
This is currently calculated in t-h-t but has a hard-coded reference
to the ControllerCount which is incompatible with custom-roles.
So instead calculate the setting based on the number of neutron API
services running (on any role, not just Controller), combined with
whether DVR is enabled (equivalent to current t-h-t logic).
To avoid breaking the NeutronL3HA parameter in t-h-t we maintain an
optional parameter to override the calculated value.
Change-Id: I01c50973eec8138ec61304f2982d5026142f267c
Partial-Bug: #
1629187
Steven Hardy [Thu, 17 Nov 2016 17:37:45 +0000 (17:37 +0000)]
Replace hard-coded haproxy/keepalived coupling
We have a variable in hiera which tells us if the keepalived
service is enabled, so use it here. Without this any deployment
disabling OS::TripleO::Services::Keepalived will fail.
Change-Id: I90faf51881bd05920067c1e1d82baf5d7586af23
Closes-Bug: #
1642677
Jenkins [Thu, 17 Nov 2016 08:07:53 +0000 (08:07 +0000)]
Merge "Sort parameters in keystone profile alphabetically"
Jenkins [Wed, 16 Nov 2016 18:33:58 +0000 (18:33 +0000)]
Merge "Prepare 6.0.0 (ocata-1)"
Juan Antonio Osorio Robles [Wed, 16 Nov 2016 12:21:04 +0000 (14:21 +0200)]
Sort parameters in keystone profile alphabetically
Change-Id: I035c26e0f50e4b3fc0f6085fa5a4bf524e4852b7
Juan Antonio Osorio Robles [Wed, 16 Nov 2016 06:34:08 +0000 (08:34 +0200)]
Remove explicit hiera calls for heat in keystone profile
These are now passed via the heat profiles in t-h-t (via
heat-base.yaml and heat-engine.yaml) and use the actual names of
keystone parameters instead.
Change-Id: Id0f5dd03b6757df989339c93b58a5b7eac3402a2
Depends-On: I0e5124d57fdc519262fdec2dbeaaac85afaeebdf
Emilien Macchi [Wed, 16 Nov 2016 02:38:14 +0000 (21:38 -0500)]
Prepare 6.0.0 (ocata-1)
Prepare the first release of Ocata.
Change-Id: Ib8173d1ce26752216aeaab835f483503cf82b217
Jenkins [Tue, 15 Nov 2016 18:21:14 +0000 (18:21 +0000)]
Merge " Enable TLS in the internal network for Barbican API"
Jenkins [Mon, 14 Nov 2016 09:36:37 +0000 (09:36 +0000)]
Merge "Fix barbican server name to not use aodh hiera"
Juan Antonio Osorio Robles [Mon, 14 Nov 2016 07:04:46 +0000 (09:04 +0200)]
Enable TLS in the internal network for Barbican API
This optionally enables TLS for Barbican API in the internal network.
If internal TLS is enabled, each node that is serving the Barbican API
service will use certmonger to request its certificate.
bp tls-via-certmonger
Change-Id: I1c1d3dab9bba7bec6296a55747e9ade242c47bd9
Jenkins [Fri, 11 Nov 2016 19:23:10 +0000 (19:23 +0000)]
Merge "Normalize civetweb binding address if IPv6"
Jenkins [Fri, 11 Nov 2016 19:19:40 +0000 (19:19 +0000)]
Merge "Enable TLS in the internal network for Cinder API"
Jenkins [Fri, 11 Nov 2016 15:43:03 +0000 (15:43 +0000)]
Merge "Ensure keepalived is restarted when necessary."
Giulio Fidente [Wed, 9 Nov 2016 20:01:51 +0000 (21:01 +0100)]
Normalize civetweb binding address if IPv6
The civetweb binding format is IP:PORT; this change ensures the IP
is enclosed in brackets if IPv6.
To do so we add the bind_ip and bind_port parameters to the
rgw service class.
Change-Id: Ib84fa3479c2598bff7e89ad60a1c7d5f2c22c18c
Co-Authored-By: Lukas Bezdicka <social@v3.sk>
Related-Bug: #
1636515
Pradeep Kilambi [Thu, 10 Nov 2016 23:19:27 +0000 (18:19 -0500)]
Fix barbican server name to not use aodh hiera
this looks like a copy/paste error. Let barbican use its own
hiera data.
Change-Id: I84118c1a561c3db2f18504b55c5a8c4f042e7e3b
Ben Nemec [Thu, 10 Nov 2016 23:03:58 +0000 (23:03 +0000)]
Fix puppet lint failure
I'm not sure how this merged, but it's causing failures in other
patches to puppet-tripleo.
Change-Id: Ib20d349fa9abd6347739190bb29a02b6e3eb839d
Jenkins [Wed, 9 Nov 2016 13:27:01 +0000 (13:27 +0000)]
Merge "Enable TLS in the internal network for Nova API"
Jenkins [Wed, 9 Nov 2016 13:26:32 +0000 (13:26 +0000)]
Merge "Better way to ensure keepalived before haproxy."
Jenkins [Wed, 9 Nov 2016 13:22:42 +0000 (13:22 +0000)]
Merge "Wrong default in docstring"
Jenkins [Wed, 9 Nov 2016 10:48:44 +0000 (10:48 +0000)]
Merge "Pass X-Forwarded-Proto for missing services"
Sofer Athlan-Guyot [Tue, 8 Nov 2016 15:44:26 +0000 (16:44 +0100)]
Ensure keepalived is restarted when necessary.
If os-collect-config/config.json is updated before an upgrade/update,
then the os-net-config run will automatically erase the keepalived
managed ips.
This is a hackish way to ensure that keepalived is restarted during the
next phase in order to have the ip recreated.
It basically adds a comment line to the keepalived.conf file (making it
different than the puppet one) if it's there. This will force a puppet
restart of the keepalive service puting the ips back on the undercloud.
Change-Id: I56b706ff44ba31aa87a63f870940831ce02a6e77
Closes-Bug: #
1640213
Related-Bug: #
1638029
Jenkins [Tue, 8 Nov 2016 18:00:24 +0000 (18:00 +0000)]
Merge "Add proper handling of IPv6 addresses for rabbit host/port handling"
Sofer Athlan-Guyot [Tue, 8 Nov 2016 09:16:53 +0000 (10:16 +0100)]
Better way to ensure keepalived before haproxy.
The lastest patchset of https://review.openstack.org/393361 was actually
not working.
The `if defined` idiom depends on *evaluation* order.
At the time it's red in the haproxy.pp class, the line that loads the
class 'haproxy' has still not yet been reached and thus the `defined`
result is false. The constraint is not added.
For this reason, the use of `defined` in module is not advised by
puppetlabs[1].
[1] https://docs.puppet.com/puppet/latest/reference/function.html#defined
Change-Id: Ibd352cb313f8863d62db8987419378bed5b87256
Relates-To: #
1638029
Jenkins [Tue, 8 Nov 2016 16:19:48 +0000 (16:19 +0000)]
Merge "Enable TLS in the internal network for gnocchi"
Jenkins [Tue, 8 Nov 2016 16:12:46 +0000 (16:12 +0000)]
Merge "Improve failed mysql node removal time in HA deploys."
MikeG451 [Tue, 8 Nov 2016 15:30:50 +0000 (15:30 +0000)]
Wrong default in docstring
Update default doc default for bind_host to match previous change
http://review.openstack.org/386817/
Change-Id: Iff048ba7152c1b7e945f284311215c8f872c1409
Closes-bug: #
1640104
Juan Antonio Osorio Robles [Tue, 8 Nov 2016 11:22:13 +0000 (13:22 +0200)]
Pass X-Forwarded-Proto for missing services
aodh, ceilometer, gnocchi and neutron need the X-Forwarded-Proto in
order to return links with the correct protocol when SSL is enabled.
This enables it in HAProxy
Change-Id: Icceab92f86b1cc40d42195fa4ba0c75f302795b8
Closes-Bug: #
1640126
Chris Jones [Fri, 4 Nov 2016 10:01:24 +0000 (10:01 +0000)]
Improve failed mysql node removal time in HA deploys.
In HA deployments, we now check mysql nodes every 1s and removed them
immediately if they are failed. Previously we would check every 2s and
allow them to fail 5 checks before being removed, producing errors from
other OpenStack services for 10s, which causes confusion and delay for
operators.
Additionally, these check options are now also a class parameter so can
be overridden by operators.
Closes-Bug: #
1639189
Change-Id: I0b915f790ae5a4b018a212d3aa83cca507be05e9
Brent Eagles [Tue, 8 Nov 2016 04:32:29 +0000 (01:02 -0330)]
Add proper handling of IPv6 addresses for rabbit host/port handling
This patch changes the rabbit_hosts config generation to work properly
with IPv6 addresses.
Closes-Bug: #
1639881
Change-Id: I07cd983880a4a75a051e081dcb96134cb5c6f5e8
Steven Hardy [Mon, 7 Nov 2016 11:35:05 +0000 (11:35 +0000)]
Increase haproxy timeouts
It's been proposed this may help with the
('Connection aborted.', BadStatusLine("''",)) errors.
This patch increase queue, server and client timeouts to 2m (default is 1m)
Related-Bug: #
1638908
Change-Id: Ie4f059f3fad2271bb472697e85ede296eee91f5d
Emilien Macchi [Mon, 31 Oct 2016 14:39:43 +0000 (10:39 -0400)]
swift/proxy: configure rabbitmq properly
Use rabbitmq_node_ips to find out where rabbitmq nodes are, and have
correct ipv6 syntax if required.
Closes-Bug:
1637443
Change-Id: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d
Jenkins [Thu, 3 Nov 2016 10:07:47 +0000 (10:07 +0000)]
Merge "Fix default for barbican documentation"
Jenkins [Thu, 3 Nov 2016 08:47:05 +0000 (08:47 +0000)]
Merge "Make sure keepalived is restarted before haproxy."
Alex Schultz [Tue, 1 Nov 2016 19:43:17 +0000 (13:43 -0600)]
Create heat user in keystone profile
Rather than use the heat::keystone::domain class which also includes the
configuration options, we should just create the user for heat in
keystone independently of the configuration.
Change-Id: I7d42d04ef0c53dc1e62d684d8edacfed9fd28fbe
Related-Bug: #
1638350
Closes-Bug: #
1638626
Juan Antonio Osorio Robles [Tue, 1 Nov 2016 10:06:49 +0000 (12:06 +0200)]
Enable TLS in the internal network for Cinder API
This optionally enables TLS for Cinder API in the internal network.
If internal TLS is enabled, each node that is serving the Cinder API
service will use certmonger to request its certificate.
bp tls-via-certmonger
Change-Id: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863
Juan Antonio Osorio Robles [Tue, 1 Nov 2016 12:09:33 +0000 (14:09 +0200)]
Fix default for barbican documentation
Change-Id: Id4dc2379b0c423012a0b3aaf49d1e1a7d633a03b
Jenkins [Tue, 1 Nov 2016 12:59:19 +0000 (12:59 +0000)]
Merge "Add barbican profile rspec testing"
Jenkins [Tue, 1 Nov 2016 12:58:55 +0000 (12:58 +0000)]
Merge "Add barbican profile"
Jenkins [Tue, 1 Nov 2016 12:12:57 +0000 (12:12 +0000)]
Merge "Fixes transparent binding to OpenDaylight in HA Proxy"
Jenkins [Tue, 1 Nov 2016 11:23:19 +0000 (11:23 +0000)]
Merge "NFS mounting for Glance file backend"
Juan Antonio Osorio Robles [Wed, 19 Oct 2016 07:30:18 +0000 (10:30 +0300)]
Enable TLS in the internal network for Nova API
This optionally enables TLS for Nova API in the internal network.
If internal TLS is enabled, each node that is serving the Nova API
service will use certmonger to request its certificate.
Note that this doesn't enable internal TLS for the nova metadata
service since it doesn't run over httpd. This will be handled in
a later commit.
bp tls-via-certmonger
Change-Id: I88380a1ed8fd597a1a80488cbc6ce357f133bd70
Sofer Athlan-Guyot [Mon, 31 Oct 2016 14:53:13 +0000 (15:53 +0100)]
Make sure keepalived is restarted before haproxy.
When using SSL setup for undercloud, the admin and public vip required
for ssl binding by haproxy are created by keepalived.
This makes sure that keepalived is started before haproxy and thus that
the interfaces are indeed present.
This patch also ensures this is happening for overcloud ssl
configuration. The case where another load-balancing technology other
than haproxy is used is not covered.
Closes-Bug: #
1638029
Change-Id: I98cb0dcd7f389a1dd38ec8324429bfef4979aa66
Jenkins [Mon, 31 Oct 2016 17:16:12 +0000 (17:16 +0000)]
Merge "Release 5.4.0"
Jenkins [Mon, 31 Oct 2016 12:56:52 +0000 (12:56 +0000)]
Merge "Calculate zaqar mongo from mongodb_node_ips"
Jenkins [Mon, 31 Oct 2016 12:06:10 +0000 (12:06 +0000)]
Merge "Reload haproxy if any configuration changes on HA"
Jenkins [Mon, 31 Oct 2016 11:48:53 +0000 (11:48 +0000)]
Merge "Enable TLS in the internal network for aodh"
Emilien Macchi [Mon, 31 Oct 2016 11:34:50 +0000 (07:34 -0400)]
Release 5.4.0
New Newton release
Change-Id: I152fbd1dcaac37474183d60654db15a9a4918209
Jenkins [Mon, 31 Oct 2016 09:39:36 +0000 (09:39 +0000)]
Merge "Enable TLS in the internal network for ceilometer"
Tim Rozet [Sun, 30 Oct 2016 13:44:18 +0000 (09:44 -0400)]
Fixes transparent binding to OpenDaylight in HA Proxy
ODL was missing transparent binding mode, which causes HA deployments to
fail since HA Proxy will try to come up on every node (even without
VIP).
Closes-Bug:
1637833
Change-Id: I0bb7839cdcfeacb4ca1a9fc6f878e8b51330be92
Signed-off-by: Tim Rozet <trozet@redhat.com>
Juan Antonio Osorio Robles [Thu, 27 Oct 2016 14:38:52 +0000 (17:38 +0300)]
Clean up service name from cinder api
Since the service_name is now being passed from t-h-t, we can clean
it up from the profile in puppet.
Change-Id: I724af8c355c3077be64cf472cedbca80af55da01
Depends-On: I13638cd1af52537bef8540f0d5fa5f5f7decd392
Brad P. Crochet [Thu, 27 Oct 2016 09:04:36 +0000 (05:04 -0400)]
Calculate zaqar mongo from mongodb_node_ips
In order to make the zaqar service fully composable, the mongo ips need
to be calculated without assuming that mongo and zaqar are on the same
node.
Change-Id: I0b077e85ba5fcd9fdfd33956cf33ce2403fcb088
Jenkins [Thu, 27 Oct 2016 07:02:34 +0000 (07:02 +0000)]
Merge "Set redis file descriptor limit when run via pacemaker"
Juan Antonio Osorio Robles [Wed, 26 Oct 2016 16:38:55 +0000 (19:38 +0300)]
Reload haproxy if any configuration changes on HA
In some cases, for instance, when updating from a non-SSL setup in
HAProxy to an SSL setup, we don't reload haproxy's configuration.
This is problematic since we need HAProxy to serve the certificates
and the new endpoints.
This forces the reload when puppet notices changes.
Change-Id: Ie1dd809e6beef33fadad48de55e488219fb7d686
Closes-Bug: #
1636921
Jenkins [Wed, 26 Oct 2016 15:55:15 +0000 (15:55 +0000)]
Merge "Deploy cinder over Apache httpd"
Jenkins [Wed, 26 Oct 2016 13:33:25 +0000 (13:33 +0000)]
Merge "Only restart haproxy services when enable_load_balancer is defined"
Jenkins [Wed, 26 Oct 2016 13:28:08 +0000 (13:28 +0000)]
Merge "Remove the hardcoded tcp_keepalive false parameter"
Michele Baldessari [Tue, 25 Oct 2016 12:36:56 +0000 (14:36 +0200)]
Only restart haproxy services when enable_load_balancer is defined
If we upgrade a cloud that was configured with external load balancer
the process will fail during convergence step because it will try to
restart haproxy which is not configured when an external load balancer
is configured.
Closes-Bug: #
1636527
Change-Id: I6f6caec3e5c96e77437c1c83e625f39649a66c48
Michele Baldessari [Fri, 21 Oct 2016 08:02:39 +0000 (10:02 +0200)]
Set redis file descriptor limit when run via pacemaker
The current redis file descriptor limit is 4096 because of two reasons:
- It is run via the redis user
- It is not started via systemd which has explicit LimitNOFILE set to
10240 (which matches the default configuration of maximum 10000
clients)
Create an /etc/security/limits.d/redis.conf file in order to increase
the fd limit value With this change we correctly get the following
limits:
[root@overcloud-controller-0 ~]# pcs status |grep -A2 redis
Master/Slave Set: redis-master [redis]
Masters: [ overcloud-controller-2 ]
Slaves: [ overcloud-controller-0 overcloud-controller-1 ]
[root@overcloud-controller-0 ~]# cat /proc/`pgrep redis`/limits | grep open
Max open files 10240 10240 files
Previously this limit was set to 4096.
Change-Id: I7691581bad92ad9442cecd82cf44f5ac78ed169f
Closes-Bug: #
1635334
Jenkins [Sun, 23 Oct 2016 08:47:56 +0000 (08:47 +0000)]
Merge "Enable communication between UI and the Undercloud by making HAProxy proxy for the UI"
Jenkins [Sun, 23 Oct 2016 08:09:44 +0000 (08:09 +0000)]
Merge "Enable haproxy statistics unix socket"
Jenkins [Sat, 22 Oct 2016 21:45:27 +0000 (21:45 +0000)]
Merge "Increase haproxy client/server timeout for swift-proxy"
Jenkins [Sat, 22 Oct 2016 21:44:51 +0000 (21:44 +0000)]
Merge "Use HAProxy for docker-registry endpoint"
Jenkins [Fri, 21 Oct 2016 21:05:51 +0000 (21:05 +0000)]
Merge "Deploy monitoring/logging agents sooner"
Jenkins [Fri, 21 Oct 2016 21:04:23 +0000 (21:04 +0000)]
Merge "Add zaqar profiles"
Jiri Stransky [Thu, 20 Oct 2016 17:26:16 +0000 (19:26 +0200)]
NFS mounting for Glance file backend
Previously we did this with Pacemaker, but with move to NG HA
architecture we lost the ability to use NFS mounts as image storage for
Glance. This reimplements the mounting without utilizing Pacemaker. The
mount is by default also written to /etc/fstab so that it persists over
reboot, but this behavior can be disabled.
This could also go to puppet-glance eventually, but not yet -- we need
this backported to Newton because it's a TripleO regression. I don't
think puppet-glance would allow backporting this to Newton, because from
their point of view it would be a RFE rather than a regression.
Change-Id: I45ad34c36587a8d695069368cf791f1efb68256c
Related-Bug: #
1635606
John Trowbridge [Fri, 21 Oct 2016 14:47:17 +0000 (10:47 -0400)]
Increase haproxy client/server timeout for swift-proxy
The upload and extraction for the plan tarball to swift can take
longer than the default one minute in slower environments. Doubling
the timeout to two minutes has proven to help.
This is only a partial fix, because the error reporting for this
issue also needs to be improved.
Change-Id: I06592d38fdfefacc8bdf76289a0bfa20eb33a89b
Partial-Bug:
1635269
Jenkins [Fri, 21 Oct 2016 12:57:11 +0000 (12:57 +0000)]
Merge "Removes logic dependent on 'odl_on_controller'"
Jenkins [Fri, 21 Oct 2016 12:05:31 +0000 (12:05 +0000)]
Merge "Enable TLS in the internal network for keystone"
Martin Mágr [Tue, 4 Oct 2016 10:29:51 +0000 (12:29 +0200)]
Deploy monitoring/logging agents sooner
To be able to monitor during deployment, we need sensu clients
and fluentd collectors be deployed as soon as it is possible.
Change-Id: I952f0d6de6f6327d5c923b8f1d7a5979758dbc59
Michele Baldessari [Fri, 21 Oct 2016 05:44:24 +0000 (07:44 +0200)]
Remove the hardcoded tcp_keepalive false parameter
In change I35921652bd84d1d6be0727051294983d4a0dde10 we want to remove
all those duplicate tcp_listen_option entries. One consequence of that
is that we need to set rabbitmq::tcp_keepalive to true via hiera
(as opposed to forcing it via the tcp_listen_option hash).
For this to work we need to remove this forced parameter override.
Note that even if I35921652bd84d1d6be0727051294983d4a0dde10 and this
change don't merge at the exact same time it is still okay because
we do force tcp_keepalive to true via the tcp_listen_options.
Change-Id: I608477d5714a5081b3b4ab3b9fc2932bdd598301
Jenkins [Thu, 20 Oct 2016 21:51:42 +0000 (21:51 +0000)]
Merge "pacemaker/mysql: wait step 2 to remove default accounts"
Jenkins [Thu, 20 Oct 2016 15:34:43 +0000 (15:34 +0000)]
Merge "Fixes missing ODL ML2 Authentication info"
Steve Baker [Thu, 20 Oct 2016 01:51:55 +0000 (14:51 +1300)]
Use HAProxy for docker-registry endpoint
The docker tooling has a preference for interacting with encrypted
endpoints. Terminating the docker-registry endpoint with HAProxy
allows the SSL VIP to be used for this purpose.
Change-Id: Ifebfa7256e0887d6f26a478ff8dc82b0ef5f65f6
Juan Antonio Osorio Robles [Tue, 27 Sep 2016 08:58:50 +0000 (08:58 +0000)]
Enable TLS in the internal network for gnocchi
This optionally enables TLS for gnocchi in the internal network.
If internal TLS is enabled, each node that is serving the gnocchi
service will use certmonger to request its certificate.
bp tls-via-certmonger
Change-Id: Ie983933e062ac6a7f0af4d88b32634e6ce17838b
Juan Antonio Osorio Robles [Tue, 27 Sep 2016 08:45:07 +0000 (08:45 +0000)]
Enable TLS in the internal network for aodh
This optionally enables TLS for aodh in the internal network.
If internal TLS is enabled, each node that is serving the aodh
service will use certmonger to request its certificate.
This, in turn should also configure a command that should be ran when
the certificate is refreshed (which requires the service to be
restarted).
bp tls-via-certmonger
Change-Id: I50ef0c8fbecb19d6597a28290daa61a91f3b13fc
Juan Antonio Osorio Robles [Tue, 27 Sep 2016 07:15:53 +0000 (07:15 +0000)]
Enable TLS in the internal network for ceilometer
This optionally enables TLS for aodh in the internal network.
If internal TLS is enabled, each node that is serving the ceilometer
service will use certmonger to request its certificate.
This, in turn should also configure a command that should be ran when
the certificate is refreshed (which requires the service to be
restarted).
bp tls-via-certmonger
Change-Id: Ib5609f77a31b17ed12baea419ecfab5d5f676496
Juan Antonio Osorio Robles [Wed, 13 Jul 2016 09:27:23 +0000 (12:27 +0300)]
Enable TLS in the internal network for keystone
This optionally enables TLS for keystone in the internal network.
If internal TLS is enabled, each node that is serving the keystone
service will use certmonger to request its certificate.
This, in turn should also configure a command that should be ran when
the certificate is refreshed (which requires the service to be
restarted).
bp tls-via-certmonger
Change-Id: I303f6cf47859284785c0cdc65284a7eb89a4e039
Jenkins [Wed, 19 Oct 2016 13:55:42 +0000 (13:55 +0000)]
Merge "Add port to rabbitmq node ip list"
Jenkins [Wed, 19 Oct 2016 11:02:00 +0000 (11:02 +0000)]
Merge "Include ::swift::config in Swift API and Storage roles"
Alex Schultz [Tue, 18 Oct 2016 16:20:23 +0000 (10:20 -0600)]
Add barbican profile rspec testing
This change adds rspec tests for the barbican profiles to ensure they
function as expected.
Change-Id: I73f5405ade2cc73024efbeb2cfbfc831a2120f51
Ade Lee [Mon, 8 Aug 2016 14:18:51 +0000 (10:18 -0400)]
Add barbican profile
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: If2804b469eb3ee08f3f194c7dd3290d23a245a7a
Jenkins [Wed, 19 Oct 2016 00:21:18 +0000 (00:21 +0000)]
Merge "Fix broken rabbitmqctl commands when using ipv6"
Jenkins [Tue, 18 Oct 2016 23:27:40 +0000 (23:27 +0000)]
Merge "Set memcached_servers for nova API"
Tim Rozet [Fri, 14 Oct 2016 21:43:51 +0000 (17:43 -0400)]
Fixes missing ODL ML2 Authentication info
Without this, neutron-server fails to start and communication will not
work to ODL REST.
Parital-Bug:
1633630
Change-Id: Ifd906db4e6062ac271c2147fe1149b1009d06ae2
Signed-off-by: Tim Rozet <trozet@redhat.com>
Jenkins [Tue, 18 Oct 2016 19:55:55 +0000 (19:55 +0000)]
Merge "Remove explicit service_name setting from nova manifest"
Dan Prince [Mon, 17 Oct 2016 18:47:33 +0000 (14:47 -0400)]
Set memcached_servers for nova API
This patch updates the Nova profile so that we set memcached
servers correctly for the Nova keystone auth_token middleware.
Most of the hiera settings for ::nova::keystone::authtoken are
already included in the t-h-t nova-api service.
Change-Id: I3b7ff02abbd0d5e0c38232d02b33e4c7bc411120
Closes-bug: #
1633595
Jenkins [Tue, 18 Oct 2016 09:51:18 +0000 (09:51 +0000)]
Merge "Remove faulty migration logic to stop nova-api"
Michele Baldessari [Sat, 15 Oct 2016 09:24:45 +0000 (11:24 +0200)]
Fix broken rabbitmqctl commands when using ipv6
When deploying via ipv6, rabbitmq-ctl commands have the following
issues:
- `rabbitmq cluster_status` shows nodedown alerts
- list_queues / list_connections hang
- `rabbitmqctl node_health_check` fails with an error.
* There is no any issue while performing activity on RHOS setup(From
* horizon/cli). i.e. RHOS environment is functioning as expected.
For example:
sudo rabbitmqctl node_health_check -n rabbit@node1
Checking health of node 'rabbit@node1' ...
Heath check failed:
health check of node 'rabbit@node1' fails: nodedown
The problem is that we are missing the following in
/etc/rabbitmq/rabbitmq-env.conf:
RABBITMQ_CTL_ERL_ARGS="-proto_dist inet6_tcp"
Fix these by setting the appropriate RABBITMQ_CTL_ERL_ARGS when
deploying ipv6.
Closes-Bug: #
1633693
Change-Id: I53f4e76e687b3966fbb74fd0c2d83f05176630de
Dan Trainor [Fri, 14 Oct 2016 21:43:36 +0000 (14:43 -0700)]
Enable communication between UI and the Undercloud by making HAProxy
proxy for the UI
Change-Id: I74eac4bbfc16720eeb6e2bf0ee251689dde3bafc
Implements: enable-communication-ui-undercloud
Brent Eagles [Fri, 14 Oct 2016 19:05:44 +0000 (16:35 -0230)]
Add port to rabbitmq node ip list
We use the rabbit_hosts configuration for most of our services but we
haven't been adding the configured port. This patch appends the IP port
used provided to the service's heat template to the IPs in the list.
Note: while we could use the value set for the rabbitmq server in
rabbitmq::port, it doesn't allow for dealing with SSL. This also is also
backwards compatible with the RabbitClientPort parameters used in the
heat templates.
Change-Id: I0000f039144a6b0e98c0a148dc69324f60db3d8b
Closes-Bug: #
1633580
Tim Rozet [Mon, 17 Oct 2016 15:29:10 +0000 (11:29 -0400)]
Removes logic dependent on 'odl_on_controller'
Since moving to composable service/roles there was some logic here that
was relying on a variable to enable ODL rather than enabling the service
itself to decide where ODL was enabled. Now that ODL and ODL OVS
configuration are split into 2 different services we can make these
truly composable.
Partial-Bug:
1633625
Change-Id: Ia55c05e12d5d434111a13e1ed795da530e3ff4a5
Signed-off-by: Tim Rozet <trozet@redhat.com>
Jenkins [Mon, 17 Oct 2016 14:05:53 +0000 (14:05 +0000)]
Merge "packages: run upgrade at 'setup' stage"
Brad P. Crochet [Fri, 10 Jun 2016 13:02:51 +0000 (09:02 -0400)]
Add zaqar profiles
Change-Id: Ie215289a7be681a2b1aa5495d3f965c005d62f52
Depends-On: Ia863b38bbac1aceabe6b7deb6939c9db693ff16d
Juan Antonio Osorio Robles [Mon, 17 Oct 2016 07:16:11 +0000 (10:16 +0300)]
Deploy cinder over Apache httpd
This adds the necessary resources to the manifest to run cinder
to run over httpd. The service name will be moved to t-h-t in a
subsequent commit, but since this patch depends on t-h-t, we try to
avoid circular dependencies of repos.
Change-Id: I950257e3b5d8db071752e53557115429574e98e2
Depends-On: Ic1967a6f4f60a273965811516f33121115d518b4
Juan Antonio Osorio Robles [Mon, 17 Oct 2016 06:47:34 +0000 (09:47 +0300)]
Remove faulty migration logic to stop nova-api
The patch making nova run over httpd had added migration logic to
stop nova-api, However, this doesn't work since nova-metadata is
running over the same process. Now, the fact that is was running
seems to be just luck, since the systemctl runs, then we start the
service via the nova::api resource. So this is fragile in it's
current state.
This then removes the exec, as we don't need it for the migration.
Change-Id: I4603b81d30a704b07eef461b3cdbfe164614b04f
Michele Baldessari [Sun, 16 Oct 2016 19:57:29 +0000 (21:57 +0200)]
Enable haproxy statistics unix socket
By enabling the statistics socket we allow the collection
of statistics over time for haproxy.
This socket is set to "user" level, so this socket is limited
to read-only. The "stats timeout" line is optional, but since the
default timeout of the stats socket is 10s, we set this higher.
Change-Id: I22d3ab771e981be0d2c74b60443d276973bc1639
Jenkins [Fri, 14 Oct 2016 22:50:17 +0000 (22:50 +0000)]
Merge "Move heat domain/user creation into keystone profile"
Emilien Macchi [Fri, 14 Oct 2016 14:15:01 +0000 (10:15 -0400)]
packages: run upgrade at 'setup' stage
Instead of using an operator to make sure we upgrade package before any
service, which causes dependency cycles with iptables puppet module,
let's do another approach where we upgrade rpms in the 'setup' stage,
which is a stage that runs before configure and running services.
In that way, we'll remove dependency cycles and make sure packages are
upgrades before configure and running TripleO services.
Change-Id: I1be83f88be1959885c980ab4f428477d412751f7
Jenkins [Fri, 14 Oct 2016 13:40:23 +0000 (13:40 +0000)]
Merge "pacemaker: increase timeouts for rabbitmq and redis"
Steven Hardy [Thu, 13 Oct 2016 17:56:35 +0000 (18:56 +0100)]
Move heat domain/user creation into keystone profile
This needs to happen on the node running keystone, or things break
when you try to deploy e.g the heat_engine service on a non Controller
role. We check the enabled flag for heat engine so this only happens
if the heat_engine service is running on some (any) role.
Partial-Bug: #
1631130
Change-Id: Ib088a572b384b479f51d56555734d78ab840a1f3
Code Review / apex-puppet-tripleo.git / log