Michele Baldessari [Wed, 11 Oct 2017 10:47:01 +0000 (12:47 +0200)]
Fix ConfigDebug for puppet host runs
Before pike we used to be able to add -e environments/config-debug.yaml
and that would give us debug logs for puppet. With the move to ansible
running puppet we lost this feature.
Let's make sure that the old ConfigDebug variable still works with
the ansible playbook-based deploy steps. With this patch and ConfigDebug
set to true, we correctly get the puppet debug logs:
TASK [debug] *******************************************************************
ok: [localhost] => {
"(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))": [
"Warning: Undefined variable 'deploy_config_name'; ",
" (file & line not available)",
"Warning: This method is deprecated, please use the stdlib validate_legacy function, with Stdlib::Compat::Bool. There is further documentation for validate_legacy function in the README. at [\"/etc/puppet/modules/ntp/manifests/init.pp\", 54]:[\"/etc/puppet/modules/tripleo/manifests/profile/base/time/ntp.pp\", 29]",
" (at /etc/puppet/modules/stdlib/lib/puppet/functions/deprecation.rb:25:in `deprecation')",
"Debug: Runtime environment: puppet_version=4.8.2, ruby_version=2.0.0, run_mode=user, default_encoding=UTF-8",
"Debug: Loading external facts from /etc/puppet/modules/openstacklib/facts.d",
"Debug: Loading external facts from /var/lib/puppet/facts.d",
....
Change-Id: Ia726fb8ca4a6f7bbbd7a1284d76ff42df6825d01
Closes-Bug: #
1722752
(cherry picked from commit
ecc6ce340aea59faaee4c2a49cd6d6fb90d8ed35)
Jenkins [Sat, 14 Oct 2017 10:12:24 +0000 (10:12 +0000)]
Merge "Hardcode tag-stable-3.0-jewel-centos-7 in scenario001-containers" into stable/pike
Jenkins [Sat, 14 Oct 2017 01:09:45 +0000 (01:09 +0000)]
Merge "Revert "Fixes heat resource name for Internal API Network"" into stable/pike
Tim Rozet [Thu, 12 Oct 2017 19:21:59 +0000 (19:21 +0000)]
Revert "Fixes heat resource name for Internal API Network"
This reverts commit
520be6bb4056ead8e6fad08ad96e99f7da5b341e.
This introduced a bug:
https://bugzilla.redhat.com/show_bug.cgi?id=
1501515
where during upgrade, the previous heat resource would for the
InternalApi network would have the incorrect name "Internal" and the
upgrade would try to delete the resource in order to create
"InternalApi". This needs to be reverted and a proper fix will be
submitted that accounts for this upgrade scenario.
Related-Bug: #
1718764
Change-Id: Id906fac421db317ce48d5cecfcd43397a0f4ab3d
John Fulton [Wed, 11 Oct 2017 21:10:07 +0000 (17:10 -0400)]
Hardcode tag-stable-3.0-jewel-centos-7 in scenario001-containers
Change-Id: I88f622c0b7a92ab75c2523fdc0d4d9ac1a2a2560
Closes-Bug: #
1722908
(cherry picked from commit
06331a830e8923a9dc2ef8c15f2f1bf9d1d58ba1)
Jenkins [Tue, 10 Oct 2017 14:28:29 +0000 (14:28 +0000)]
Merge "Add IronicPxe to the default controller" into stable/pike
Jenkins [Tue, 10 Oct 2017 04:38:29 +0000 (04:38 +0000)]
Merge "Remove package if service stopped and disabled" into stable/pike
Jenkins [Tue, 10 Oct 2017 04:38:12 +0000 (04:38 +0000)]
Merge "Adds pacemaker update_tasks for Pike minor update workflow" into stable/pike
Derek Higgins [Thu, 3 Aug 2017 15:01:37 +0000 (16:01 +0100)]
Add IronicPxe to the default controller
It doesn't exist in the non containerized openstack so leave it
stubbed out by default.
Closes-Bug: #
1721212
Change-Id: I5fcb1f0b9958ac90f034a12f1ee733dae6571f9c
(cherry picked from commit
a850d8059fbc1c36efb18773e40bb600e5da5005)
Jenkins [Tue, 10 Oct 2017 01:13:58 +0000 (01:13 +0000)]
Merge "Make containerized galera use mysql_network everywhere" into stable/pike
Jenkins [Tue, 10 Oct 2017 01:12:03 +0000 (01:12 +0000)]
Merge "Fix cold/live migration network config" into stable/pike
Jenkins [Tue, 10 Oct 2017 01:11:50 +0000 (01:11 +0000)]
Merge "Create mysql user for non-ha deployments" into stable/pike
Jenkins [Tue, 10 Oct 2017 01:11:40 +0000 (01:11 +0000)]
Merge "List all unhealthy containers" into stable/pike
Jenkins [Tue, 10 Oct 2017 01:11:32 +0000 (01:11 +0000)]
Merge "Special treatment for os-net-config upgrade." into stable/pike
marios [Mon, 3 Jul 2017 16:20:30 +0000 (19:20 +0300)]
Remove package if service stopped and disabled
Adds a UpgradeRemoveUnusedPackages param to use
in the ansible when conditional for the removal
Adds package removal to step2 right after a service
is stopped and disabled on step2. Package updates
happen in step3 so ideally remove before that.
The package removal task has ignore_errors true
so dependencies or other issue removing packages will
not fail the upgrade workflow.
Also adds this to the upgrade environment files
for visibility and defaulting false
Change-Id: Ie4e4a2d41f7752c5a13507a7c15c6f68e203cfca
Related-Bug:
1701501
(cherry picked from commit
ce0ef2fa207698c1ae61c1620fe3c5e8d1c7bfca)
marios [Mon, 24 Jul 2017 11:01:06 +0000 (14:01 +0300)]
Adds pacemaker update_tasks for Pike minor update workflow
Adds update_tasks for the minor update workflow. These will be
collected into playbooks during an initial 'update init' heat
stack update and then invoked later by the operator as ansible
playbooks.
Current understanding/workflow:
Step=1: stop the cluster on the updated node
Step=2: Pull the latest image and retag the it pcmklatest
Step=3: yum upgrade happens on the host
Step=4: Restart the cluster on the node
Step=5: Verification: test pacemaker services are running.
https://etherpad.openstack.org/p/tripleo-pike-updates-upgrades
Related-Bug:
1715557
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Change-Id: I101e0f5d221045fbf94fb9dc11a2f30706843806
(cherry picked from commit
a953bda0ae615dc44d3e8a70aa7ab0160e26f3af)
Jenkins [Mon, 9 Oct 2017 15:32:18 +0000 (15:32 +0000)]
Merge "docker: add logging(source & groups)" into stable/pike
Sofer Athlan-Guyot [Tue, 3 Oct 2017 15:59:19 +0000 (17:59 +0200)]
Special treatment for os-net-config upgrade.
We make sure to run upgrade and run os-net-config on its own. Running
os-net-config with the no-activate option will
- prevent the restart of the interface
- adjust the network files to the expected configuration so that next
run won't restart the network.
Eventually at next reboot the change will be taken into account.
Currently we have no change that are required to be taken live during
the upgrade so it safe to ignore the new parameters.
Closes-Bug: #
1721073
Change-Id: I51464274d5dff8a267992ae303ac3517b78d08fb
(cherry picked from commit
5aab25bb68f62b0d7e4ffdc20d4f4da1d82a76db)
Martin Mágr [Tue, 3 Oct 2017 08:43:23 +0000 (10:43 +0200)]
List all unhealthy containers
Currently the default Sensu check defined in docker/services/sensu-client.yaml
reports only first unhealthy container. This patch changes the check output
to contain list of all unhealthy containers.
Change-Id: I0a934367ef22984d9091d160ec7105092edc8149
Closes-Bug: #
1720972
(cherry picked from commit
9b016c9f3fbe9552497737974b9928d1dff4d299)
Martin Mágr [Fri, 29 Sep 2017 12:07:46 +0000 (14:07 +0200)]
Create mysql user for non-ha deployments
Currently health check for mysql container reports unhealthy container
because there is no 'mysql' user created. This patch creates the user
during mysql_bootstrap without any permission, just to allow health
check to connect to DB and run 'select 1'.
Change-Id: Iab26da0d30939b219189d4e7beb2a61d456ab7c3
Closes-Bug: #
1718944
(cherry picked from commit
3a9cfaa992e92423461d64f84d701336322bdd10)
Oliver Walsh [Wed, 30 Aug 2017 23:13:15 +0000 (00:13 +0100)]
Fix cold/live migration network config
Cold migration network is determined by the value of my_ip in nova.conf.
If this isn't set then the network with the default gateway will be used.
This patch sets my_ip and the whitelisted IP for cold migation over SSH to the
NovaApiNetwork.
Until https://bugs.launchpad.net/nova/+bug/
1671288 is fixed we cannot control
the network used for live migration over SSH. It is determined by hostname
resolution.
This patch sets the whitelisted IP for live migration over SSH to the hostname
resolution network for the role - which is typically the same as NovaApiNetwork.
(NB The puppet manifest will remove duplicates).
Live migration over TLS is not affected. It can control the network used so it
configurable via NovaLibvirtNetwork.
Change-Id: Ica3f79d6d0cfae446e276172146f3a9407f2971f
Depends-On: Id22a6c990f424b9f3ca6159088540ea207460ffd
(cherry picked from commit
23331889a577b82b625610a80ecd44e164fe6cf1)
Juan Badia Payno [Thu, 31 Aug 2017 09:07:11 +0000 (11:07 +0200)]
docker: add logging(source & groups)
The services that docker depends on, have logging_sources and logging_groups;
but those are not set on the docker outputs so they are not used when dockers
are deployed.
Added logging_source & logging_groups as docker optional parameters in
tools/yaml-validate.py
Closes-Bug: #
1718110
Change-Id: I8795eaf4bd06051e9b94aa50450dee0d8761e526
(cherry picked from commit
5dbe1121e98a794ec6a6387ff56ee34314177567)
Juan Badia Payno [Tue, 23 May 2017 07:36:15 +0000 (09:36 +0200)]
Containerized Fluentd client
Change-Id: Ia350e4899aa499cf27efffd9d2243e7e95fa1d65
Depends-On: I60796063fa9ebe0d98030fb982d22dabe2593ea0
Depends-On: I585b6877074353b5de62e5efaabfbe62432c473d
(cherry picked from commit
f37fe4f903f429b43d22b485c29547f576ec7269)
Damien Ciabrini [Tue, 26 Sep 2017 13:23:11 +0000 (15:23 +0200)]
Make containerized galera use mysql_network everywhere
The containerized galera service generates a galera.cnf which uses
short hostname to identify itself rather than the fqdn from the
mysql_network (e.g. overcloud-x.internalapi.cloudname).
This breaks when internal TLS is in use, because the mysql certificate
does not reference this short hostname.
Fix the appropriate hiera parameter to make it behave like the
non-containerized galera service.
Change-Id: I904cde38f2baeddab5178e8ad48d34a0c73629af
Closes-Bug: #
1719599
(cherry picked from commit
e10aa591dc9155a2746df01279c4ba4f2133fd17)
Jenkins [Sat, 7 Oct 2017 06:11:18 +0000 (06:11 +0000)]
Merge "Remove extra noop.yaml ports from network-isolation files." into stable/pike
Jenkins [Sat, 7 Oct 2017 06:07:37 +0000 (06:07 +0000)]
Merge "Default Ceph pg_num and pgp_num to 128" into stable/pike
Jenkins [Sat, 7 Oct 2017 05:38:24 +0000 (05:38 +0000)]
Merge "Support for Ocata-Pike live-migration over ssh" into stable/pike
Jenkins [Sat, 7 Oct 2017 05:05:25 +0000 (05:05 +0000)]
Merge "Fixes missing type for heat param TenantNetName" into stable/pike
Jenkins [Sat, 7 Oct 2017 05:00:33 +0000 (05:00 +0000)]
Merge "Use sub_nodes_private instead of node_private" into stable/pike
Jenkins [Sat, 7 Oct 2017 03:46:44 +0000 (03:46 +0000)]
Merge "Update panko port in env ssl yaml files to correct one" into stable/pike
Jenkins [Sat, 7 Oct 2017 03:46:38 +0000 (03:46 +0000)]
Merge "Bump fs.inotify.max_user_instances for scale" into stable/pike
Jenkins [Sat, 7 Oct 2017 03:46:24 +0000 (03:46 +0000)]
Merge "Drop extraconfig for nova-nuage" into stable/pike
Jenkins [Sat, 7 Oct 2017 03:37:35 +0000 (03:37 +0000)]
Merge "Fixes heat resource name for Internal API Network" into stable/pike
Dan Sneddon [Thu, 14 Sep 2017 19:26:53 +0000 (13:26 -0600)]
Remove extra noop.yaml ports from network-isolation files.
The environments/network-isolation[-v6].yaml files have an
unneeded reference to network/ports/noop.yaml for unused
networks.
This introduces a regression where environment files that
define the networks and ports on a per-role basis can
cancel out other environment files. See bug #
1717322.
The overcloud-resource-registry.j2.yaml already uses noop.yaml
for every network on every role (whether or not the networks
are enabled, or whether the particular network is supposed
to be on a role. So having noop.yaml specified for every
role in network-isolation[-v6].yaml is not needed and can
cause issues with upgrades if the environments are not
included in a specific order.
Change-Id: If06407e5235587af090ede44674bf9c7e08e340e
Closes-bug:
1717322
(cherry picked from commit
9b08df3733257ac0fbc150a4071aec051e073ef7)
Oliver Walsh [Wed, 6 Sep 2017 10:35:07 +0000 (11:35 +0100)]
Support for Ocata-Pike live-migration over ssh
In Ocata all live-migration over ssh is performed on the default ssh port (22).
In Pike the containerized live-migration over ssh is on port 2022 as the
docker host's sshd is using port 22.
To allow live migration during upgrade we need to temporarily pin the Pike
computes to port 22 and in the final converge we can switch over to port 2022.
This also changes the default port to 2022 for baremetal computes in Pike to
enable live-migration between baremetal and containerized computes.
Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1
Depends-On: I0b80b81711f683be539939e7d084365ff63546d3
Closes-Bug:
1714171
(cherry picked from commit
17fd16b9f266e1aa67bf03ebdf309e89d668ada2)
Giulio Fidente [Thu, 21 Sep 2017 19:18:01 +0000 (21:18 +0200)]
Default Ceph pg_num and pgp_num to 128
As per Ceph docs [1] we should default pg_num and pgp_num to 128 when
using less than 5 OSDs.
This same change was applied to the ceph-ansible profiles with [2].
Also updates the CI environment files to continue using 32 where we
deploy a single OSD.
1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/
2. Ibd9fb23e04576e95e24af58f856663397886a947
Change-Id: I1920bc8f5251f362af38ad3bd6f46dda42c6ee93
Closes-Bug: #
1718756
(cherry picked from commit
e17ae7620e03790da0d29092ab42e8089b2e8d11)
Sagi Shnaidman [Mon, 2 Oct 2017 12:33:38 +0000 (15:33 +0300)]
Use sub_nodes_private instead of node_private
node_private file doesn't exist anymore, use sub_nodes_private
instead
Change-Id: Ifb3af18733c0e1fd6895c270bb39199acaa98968
Tim Rozet [Mon, 2 Oct 2017 15:52:56 +0000 (11:52 -0400)]
Fixes missing type for heat param TenantNetName
Closes-Bug:
1720823
Change-Id: I239cc9f827fe99a553f9c18b80336bc6ce0b1d14
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
ba5436099d37898e418406f8b4376923e14f4c89)
Jenkins [Fri, 6 Oct 2017 14:09:17 +0000 (14:09 +0000)]
Merge "Pin scenario001-multinode-containers to earlier ceph docker container" into stable/pike
John Fulton [Wed, 4 Oct 2017 17:31:09 +0000 (13:31 -0400)]
Pin scenario001-multinode-containers to earlier ceph docker container
Change-Id: I122a246a559e07ed74c69e3eb172a4bbb801aeb7
Closes-Bug: #
1721239
(cherry picked from commit
3e8de70bd5a8c43389432d484189d4de5fc0ae2f)
Tim Rozet [Thu, 21 Sep 2017 19:47:44 +0000 (15:47 -0400)]
Fixes heat resource name for Internal API Network
With the dynamic Jinja2 rendering for networks, the heat resource for
Internal API network was accidentally being renamed to:
OS::TripleO::Network::Internal
when it should be the same as previous versions:
OS::TripleO::Network::InternalApi
This patch removes the 'compat_name' which was overriding the network
name for rendering the resource. This patch also removes the
compat_name functionality from the network/networks.j2.yaml file
since it is no longer needed.
Closes-Bug:
1718764
Change-Id: If756cddd91933edb303cc056515d98b941a3eb14
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
97244b942d29d2b5acd7a3eb07acdba0d9b99677)
Sai Sindhur Malleni [Tue, 19 Sep 2017 19:12:35 +0000 (15:12 -0400)]
Bump fs.inotify.max_user_instances for scale
Since each dnsmasq process consumes one inotify socket, the default
value of fs.inotify.max_user_instances which is 128 lets us scale to
only around a 116 neutron subnets (a few other sockets are used by other
processes on the system). Since, we need to provide better defaults,
this patch proposes to bump this value to 1024 by default, while giving
the user a way to cahnge it. Based on
https://unix.stackexchange.com/a/13757 each inotify watch takes 1KB of
memory and we have fs.inotify.max_user_watches set to 8192 by default.
This means that even in the worst case we won't be using more than 8MB
of memory. Bumping the fs.inotify.max_user_instances value to 1024 is
safe because there is fs.inotify.max_user_watches which caps the total
number of files that can be watched by all the inotify instances a user
has.
Related Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=
1474515
https://bugzilla.redhat.com/show_bug.cgi?id=
1491505
Change-Id: I39664312bf6cf06f1e1ca2e86ffd86fb9a4582ad
Closes-Bug:
1718266
(cherry picked from commit
d2d0c3ff00de9b62382193d942239d543aa9499f)
marios [Tue, 26 Sep 2017 12:33:13 +0000 (15:33 +0300)]
Disable role host_prep_tasks on controlplane upgrade
During the controlplane upgrade the host_prep_tasks are being
executed on the disable_upgrade_deployment roles too.
This sets the role specific host_prep_tasks to an empty list for
those roles during an upgrade, as executing them during the
controlplane upgrade (during -e
major-upgrade-composable-steps-docker.yaml) causes problems.
They will be executed as part of the non controller upgrade as they
are written to the stack outputs to be used as ansible playbooks
(see bug
1708115 for more info on this)
Change-Id: I42c963440b9b1e8222097c3d4e83ffcbe820886c
Closes-Bug:
1719604
(cherry picked from commit
684267a7a4fbff489f6324020289afbdcaaca8f5)
Giulio Fidente [Wed, 27 Sep 2017 14:39:19 +0000 (16:39 +0200)]
Make CephConfigOverrides append to ceph.conf[global]
Previously it was mistakenly replacing the contents because we
do not do deep merge.
Change-Id: I145feb0208f135da7c71694ebcecd937244d66b1
Closes-Bug: #
1719919
(cherry picked from commit
17416dcfc56c5148ccc9ab40297f99adfdcd085b)
Jenkins [Wed, 27 Sep 2017 20:54:34 +0000 (20:54 +0000)]
Merge "Stop mapping docker to OS::Heat::None in scenarios" into stable/pike
Jenkins [Wed, 27 Sep 2017 20:38:23 +0000 (20:38 +0000)]
Merge "Add all services to scenario004-containers" into stable/pike
Jenkins [Wed, 27 Sep 2017 18:17:28 +0000 (18:17 +0000)]
Merge "Add a lightweight UC template/role data for deployed-servers" into stable/pike
Jenkins [Wed, 27 Sep 2017 17:42:37 +0000 (17:42 +0000)]
Merge "Fix upgrades that use Management network" into stable/pike
Jiri Stransky [Wed, 27 Sep 2017 09:15:35 +0000 (11:15 +0200)]
Stop mapping docker to OS::Heat::None in scenarios
This was needed to make the upgrade job on Ocata->Pike passing, and we
now need to remove this to improve the argument order in OOOQ for
deployments with scenarios.
This shouldn't be backported to Ocata (at least not before we make the
split between deploy scenario and upgrade scenario).
Change-Id: Ie08bbe08530bd48a0ca58667f0704f360e0a4dd7
Co-Authored-By: Martin André <m.andre@redhat.com>
Related-Bug: #
1714905
Related-Bug: #
1712070
(cherry picked from commit
31550b42027588d82f01db6956c1efaf02d58558)
Jiri Stransky [Tue, 26 Sep 2017 16:31:59 +0000 (18:31 +0200)]
Add all services to scenario004-containers
This commit brings the scenario004 file closer to its BM pendant. We
need to start with this one to address a chicken-and-egg issue with
featureset files.
Change-Id: Ia5c0cefb7051ca42b4d470f5a000eb446d18be30
Co-Authored-By: Martin André <m.andre@redhat.com>
Related-Bug: #
1714905
Related-Bug: #
1712070
(cherry picked from commit
b4d0a81e55ad51ecdaf2e923f794418ac77cfc57)
Tim Rozet [Fri, 22 Sep 2017 19:10:42 +0000 (15:10 -0400)]
Fixes missing keystone authtoken pw for Tacker
Closes-Bug:
1718997
Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
253d9b9107aa158af5bcdafe510ecd96658ef137)
Jenkins [Mon, 25 Sep 2017 17:21:00 +0000 (17:21 +0000)]
Merge "Move neutron api services to ControllerOpenstack" into stable/pike
Jenkins [Mon, 25 Sep 2017 17:20:42 +0000 (17:20 +0000)]
Merge "Fix issue where 2 Redis VIPs are assigned, but only one used." into stable/pike
Jenkins [Mon, 25 Sep 2017 17:01:22 +0000 (17:01 +0000)]
Merge "Fixed resource registry path in neutron-lbaasv2.yaml" into stable/pike
Jenkins [Mon, 25 Sep 2017 14:44:28 +0000 (14:44 +0000)]
Merge "Rename service_workflow_tasks into workflow_tasks" into stable/pike
Jenkins [Mon, 25 Sep 2017 08:48:30 +0000 (08:48 +0000)]
Merge "Remove deploy_steps_tasks.yaml from upgrade_steps_playbook" into stable/pike
Dan Sneddon [Wed, 13 Sep 2017 23:53:36 +0000 (17:53 -0600)]
Fix upgrades that use Management network
Upgrades from older versions using Management network fail.
This patch enables the management network even though it is not
enabled in any of the role definitions. This will allow upgrades
to complete using existing network environment files, without
requiring operators to switch to the new method for defining
which networks are attached to roles. Eventually these older
environment files will be removed.
Change-Id: Iadd12a559f0ad6918958a1355f189187fd327363
Closes-bug:
1717123
(cherry picked from commit
5b9fbc2b2bfa00de2fe0f437f21e05e3fc09a53d)
Dan Sneddon [Thu, 14 Sep 2017 17:20:54 +0000 (11:20 -0600)]
Fix issue where 2 Redis VIPs are assigned, but only one used.
There is an extra RedisVipPort defined in network-isolation.j2.yaml
which is unused. This will waste an IP address, and can lead to
confusion if there are multiple ports named RedisVipPort.
This patch removes the extra (unneeded) instance of the VIP.
Change-Id: I222873859af1b4ed1050cfffe55687b2f8d4c528
Closes-bug:
1717017
(cherry picked from commit
f543752da6e1df3537ffa68d86806e11ac380375)
Aneesh Puttur [Wed, 20 Sep 2017 15:13:32 +0000 (11:13 -0400)]
Fixed resource registry path in neutron-lbaasv2.yaml
Change-Id: Icb58d47a3911e83e2650b2c74b33eae522c84651
Closes-Bug: #
1718451
(cherry picked from commit
edc02b3352d53bdf460a495f689db55944eab432)
Jenkins [Fri, 22 Sep 2017 21:32:55 +0000 (21:32 +0000)]
Merge "Create network-isolation-no-tunneling.yaml using jinja2" into stable/pike
Alex Schultz [Tue, 19 Sep 2017 21:36:43 +0000 (15:36 -0600)]
Move neutron api services to ControllerOpenstack
The Networker role should not have the api services run on it. Instead
these services should run as part of the ControllerOpenstack role that
should be used with this role.
Change-Id: Iabfe276fe700843f3a8da0b9e9220b2f82e20ec9
Closes-Bug: #
1718299
(cherry picked from commit
964a5d738b8dbb6beb077d76448c6f3a84be2500)
Giulio Fidente [Tue, 19 Sep 2017 10:23:17 +0000 (12:23 +0200)]
Set Ceph pgp_num after pg_num
We missed to set the pgp_num default in ceph.conf, causing WARNING
messages like:
pool default.rgw.buckets.data pg_num 32 > pgp_num 8
Also increases the default pg_num to 128 which is the recommended
value for less than 5 OSDs [1].
1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/
Change-Id: Ibd9fb23e04576e95e24af58f856663397886a947
Closes-Bug: #
1718173
(cherry picked from commit
58e6f6533a04eddd2dc897d890737bbccde4ea7b)
Antoni Segura Puimedon [Thu, 31 Aug 2017 09:02:18 +0000 (11:02 +0200)]
Create network-isolation-no-tunneling.yaml using jinja2
The existing network-isolation-no-tunneling.yaml contains
references to missing files. This patch generates the file
with jinja to include custom networks and make it work
with composable networks.
Closes-Bug: #
1718797
Change-Id: Ibcab2f6b5ac880a6b3d7dd5126bd24facfa17322
Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
Co-authored-by: Dan Sneddon <dsneddon@redhat.com>
(cherry picked from commit
47185342bdd247a2e2735ef96c777ecec663086d)
Jenkins [Thu, 21 Sep 2017 16:47:21 +0000 (16:47 +0000)]
Merge "Adds post_upgrade_tasks for any service post-upgrade ansible tasks" into stable/pike
Marius Cornea [Thu, 14 Sep 2017 11:56:47 +0000 (13:56 +0200)]
Remove deploy_steps_tasks.yaml from upgrade_steps_playbook
After landing https://review.openstack.org/#/c/503484/ we run the
puppet host configuration steps twice. This change removes the
deploy_steps_tasks.yaml playbook in order to run the puppet steps
only once.
Closes-bug:
1717244
Change-Id: I09461094618124915841c8390c8bce8daf64d029
(cherry picked from commit
e471c67aab6a8f91011aa2330b3cf80f4427f443)
Jenkins [Thu, 21 Sep 2017 03:30:35 +0000 (03:30 +0000)]
Merge "Make nova patching parameters configurable in Nuage" into stable/pike
Jenkins [Thu, 21 Sep 2017 03:05:45 +0000 (03:05 +0000)]
Merge "Use haproxy-systemd-wrapper as pid1 in containerized Haproxy" into stable/pike
Jenkins [Thu, 21 Sep 2017 03:05:37 +0000 (03:05 +0000)]
Merge "Disable all uses of wsrep-provider in mysql_bootstrap container" into stable/pike
Pradeep Kilambi [Tue, 5 Sep 2017 18:46:52 +0000 (14:46 -0400)]
Update panko port in env ssl yaml files to correct one
Change-Id: Iafe17a91c4695e442881e6fe813a6499f812f4b4
(cherry picked from commit
96667edee266bf2a64f7c8e2488c0eba105eaa8f)
Damien Ciabrini [Fri, 15 Sep 2017 11:00:12 +0000 (13:00 +0200)]
Use haproxy-systemd-wrapper as pid1 in containerized Haproxy
This wrapper binary spawns the HAproxy daemon and implements a
coordinated HAproxy restart on SIGHUP.
From a service's perspective, this allows reloading the HAProxy
configuration with minimal service disruption, i.e. without stopping
and restarting the HAProxy container.
Closes-Bug: #
1717521
Change-Id: Ib3ef0c0bcf1a8151e179ff4d7509cf0d6b3ac5a1
(cherry picked from commit
91cd44cd7266c15ce07fafbee9d2e33f226096ba)
Damien Ciabrini [Thu, 14 Sep 2017 12:49:04 +0000 (14:49 +0200)]
Disable all uses of wsrep-provider in mysql_bootstrap container
During the bootstrap of the mariadb database, galera replication
must be disabled while the users credentials are being set up. This
is done by setting wsrep-provider=none when starting mysqld_safe.
Icf67fd2fbf520e8a62405b4d49e8d5169ff3925b already disabled it
when the clustercheck credentials are being set up, but Kolla also
start a temporary server for setting up the root password.
Disable the setting directly at the end of the mysql.cnf in the
running container. That way, the default setting from galera.cnf will
be overriden, all mysqld_safe calls will disable WSREP and the setting
will stay ephemeral.
Change-Id: If14e22992b46a35a05a16a9db5ecb360ea13df8f
Closes-Bug: #
1717250
(cherry picked from commit
b0f50db80b10e9cd6263c4d6b3ca8dd818b658ba)
marios [Tue, 15 Aug 2017 13:41:04 +0000 (16:41 +0300)]
Adds post_upgrade_tasks for any service post-upgrade ansible tasks
This adds a new config/deployment per role that will come after any
post deploy steps. It drives the same ansible config as the
upgrade_tasks but instead collects the post_upgrade_tasks for any
service in the given role.
The workflow is upgrade_tasks, then post deploy steps (either
puppet/ or docker/ depending on the env) and then the
post_upgrade_tasks added here.
This is added to the pacemaker/cinder-volume.yaml service for now
see the bug below for more info
Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680
Closes-Bug:
1706951
(cherry picked from commit
2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
Dan Prince [Sat, 26 Aug 2017 02:08:25 +0000 (22:08 -0400)]
Run gnocchi statsd and metrcd at step 5
Running these daemons at step 5 should avoid seeing error messages in
the gnocchi-statsd log files on startup which starts at step4.
Change-Id: Idb82f864a2e1c623dab7a2a87054443036670453
Closes-bug: #
1713182
(cherry picked from commit
9d8e496f3e8a825d48d9eba9aab540001bb780ea)
Tong Liu [Tue, 5 Sep 2017 11:27:18 +0000 (11:27 +0000)]
Change to boolean for boolean type params
Some boolean params are set to string type. Although it works, but
it is better to use boolean type for better validation. This patch
changes them to boolean type.
Change-Id: I9f1d223619ea14fbab26033b24eb1144796e5ef2
Closes-Bug: #
1715209
(cherry picked from commit
cab8ab1d342c6ffada3f2adea5834b4549240af5)
Marius Cornea [Thu, 7 Sep 2017 13:38:54 +0000 (15:38 +0200)]
One time delete pacemaker resources during upgrade to containers
This change allows running the major upgrade composable docker
steps multiple times by not trying to delete the pacemaker resources
if they're not reported as started or in master state.
Closes-bug:
1716031
Depends-On: I8da03f5c4a6d442617b81be5793a9724cc8842bf
Change-Id: Ifcf9de8c82550a90a9fb118052d43fdbcdc6ca7e
(cherry picked from commit
64d7be1e3d4552e06cbc53f788572e530cc5c3bb)
Lokesh Jain [Wed, 23 Aug 2017 22:12:37 +0000 (18:12 -0400)]
Make nova patching parameters configurable in Nuage
Nova patching parameters are available in nova.conf but are not
configurable from tripleo-heat-templates. Exposing these parameters
from Nuage composable services to make them configurable. It enables
setting the patching parameters in environment files. This change
depends on the addition of nova patching configuration parameters.
Change-Id: Iacad25da044f2bac83ee5f577ddcd70650eb61e5
Depends-On: I51ef3e19daff1d98cfe5c2c16475c16e6a3e3e0f
(cherry picked from commit
f0041153eca8d82bb7f72dc68676cab8448ef037)
Giulio Fidente [Tue, 12 Sep 2017 20:29:13 +0000 (22:29 +0200)]
Rename service_workflow_tasks into workflow_tasks
Using the service_ prefix seems incoherent with its use in
service_config_settings (vs config_settings).
Change-Id: Ia39f181415bee0071409dabddfa0c5c312915e1f
(cherry picked from commit
09137304b98a02ed024c0288da907cfe35ca5fe1)
Mathieu Bultel [Mon, 28 Aug 2017 15:24:47 +0000 (17:24 +0200)]
Retry if the pacemaker_resource commands failed
Add a retry when the pacemaker_resource command
wasn't apply correctly, more info here:
https://bugzilla.redhat.com/show_bug.cgi?id=
1482116
This is the same approach puppet-pacemaker uses
and provides eventual consistency when multiple
nodes change the cluster CIB concurrently.
This change depends-on :
https://review.gerrithub.io/375982
The return code is not available in the current
ansible-pacemaker package.
Change-Id: I8da03f5c4a6d442617b81be5793a9724cc8842bf
(cherry picked from commit
e92430d8d03fc2ce2d0ce192b96209f2c5c04169)
Jenkins [Wed, 13 Sep 2017 22:34:26 +0000 (22:34 +0000)]
Merge "Enable redis TLS proxy in HA deployments" into stable/pike
Jenkins [Wed, 13 Sep 2017 21:26:58 +0000 (21:26 +0000)]
Merge "Add CephConfigOverrides to allow arbitrary configs in ceph.conf" into stable/pike
Jenkins [Wed, 13 Sep 2017 17:46:35 +0000 (17:46 +0000)]
Merge "Add RoleConfig output to major_upgrade_steps.j2.yaml" into stable/pike
Jenkins [Wed, 13 Sep 2017 04:57:05 +0000 (04:57 +0000)]
Merge "Enable selinux in containers" into stable/pike
Jenkins [Wed, 13 Sep 2017 04:55:53 +0000 (04:55 +0000)]
Merge "Add verbose output to containerized cell_v2 host discovery" into stable/pike
Steven Hardy [Mon, 11 Sep 2017 13:39:06 +0000 (14:39 +0100)]
Add RoleConfig output to major_upgrade_steps.j2.yaml
I96ec09bc788836584c4b39dcce5bf9b80e914c71 added this output to the
deploy-steps.j2, but missed adding this to the major upgrade template
which means the overcloud RoleConfig output is broken after the upgrade
(until the converge update switches back to the deploy-steps.j2 derived
template)
Closes-Bug: #
1716404
Change-Id: I331fa18b456ca2d6c124316d513374e3fe5a5007
(cherry picked from commit
27018b4182d77abf612697cfe54a4fc3ceeb6be5)
Vineet Paul [Wed, 16 Aug 2017 09:49:40 +0000 (05:49 -0400)]
Drop extraconfig for nova-nuage
Made the Compute as a composable service with Nuage.
Moved all the Nuage specific parameters from extraconfig to be part of this service.
Change-Id: Ic83e9c18d09fbba62bb5d8a12e28a23127f4197d
(cherry picked from commit
4b1276b8f6fec22ac3764d58c4ef647535c85cb9)
Giulio Fidente [Wed, 6 Sep 2017 07:39:12 +0000 (09:39 +0200)]
Add CephConfigOverrides to allow arbitrary configs in ceph.conf
We need to reuse the ceph_conf_overrides structure provided by
ceph-ansible for both user provided configs and TripleO managed
configs. This change merges the special user facing parameter
with the TripleO generated configs.
Also adds osd_scenario and osd_objectstore params for compatibility
with newer ceph-ansible versions.
Change-Id: I29c689c6c689590da5b6a3f581fdbec98a52e207
Closes-Bug: #
1715321
(cherry picked from commit
32bc2abf14af4ca1449e18b848e2be3cff013987)
Jenkins [Tue, 12 Sep 2017 04:22:36 +0000 (04:22 +0000)]
Merge "Add panko config to ceilometer notification agent container" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:22:29 +0000 (04:22 +0000)]
Merge "Fixes OpenDaylight updating port status" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:22:22 +0000 (04:22 +0000)]
Merge "Add a docker pull retry to docker-puppet.py" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:21:38 +0000 (04:21 +0000)]
Merge "Add DhcpAgentNotification param to neutron base" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:20:52 +0000 (04:20 +0000)]
Merge "Persist containerized services httpd logs" into stable/pike
Oliver Walsh [Tue, 5 Sep 2017 18:19:17 +0000 (19:19 +0100)]
Enable selinux in containers
We cannot use the --selinux-enabled docker daemon option on CentOS/RHEL 7.3.
It will fail if security_inode_copy_up is not found in the kernel symbols:
https://github.com/projectatomic/docker/blob/docker-1.12.6/daemon/daemon_unix.go#L661
NB this has been reduced to a warning upstream:
https://github.com/moby/moby/commit/
885b29df096db1d6746ece4b3a298a1ffe85716d
Instead this just bind mounts /sys/fs/selinux in containers-common.yaml.
Everything appears to work at initial glance. Pingtest succeeds, and
live-migration between baremetal and containerized computes works.
Change-Id: I018221bf7ae9ab9ece193b55f1ce31eb1591046c
Closes-bug: #
1715171
(cherry picked from commit
520f889a31f1ea6ee2bad86d1dbb3c0435604d10)
Oliver Walsh [Fri, 25 Aug 2017 15:11:24 +0000 (16:11 +0100)]
Add verbose output to containerized cell_v2 host discovery
Required to debug issues.
Change-Id: I4d86c8d9ecc353a916475977eb6f2d842c812556
(cherry picked from commit
dc64a1108e7bc23f92d77e75001fb42549731e3b)
Pradeep Kilambi [Wed, 6 Sep 2017 13:03:37 +0000 (09:03 -0400)]
Add panko config to ceilometer notification agent container
Without this, ceilometer notification agent cant find panko
and skips posting events to it.
Change-Id: Ibfeef5c557d1ceb11a999aa947597014ca94ec34
(cherry picked from commit
5437086ee744469b9daf8cd9edd600f7aa98dde6)
Martin André [Mon, 28 Aug 2017 14:50:28 +0000 (16:50 +0200)]
Enable redis TLS proxy in HA deployments
Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.
This commit enables redis TLS proxy for the HA deployment.
bp tls-via-certmonger
Change-Id: I45e539872a03878337def33c681c4577c1a5629e
(cherry picked from commit
c6d8df01d7aa8b44af9ac152b3bb08f07e2e02b7)
Jenkins [Mon, 11 Sep 2017 17:49:26 +0000 (17:49 +0000)]
Merge "Add defaults for ceilometer-agent-compute upgrade tasks" into stable/pike
Jenkins [Mon, 11 Sep 2017 17:47:47 +0000 (17:47 +0000)]
Merge "Enable Ceilometer agent logging for containers" into stable/pike
Tong Liu [Wed, 30 Aug 2017 17:53:33 +0000 (17:53 +0000)]
Add DhcpAgentNotification param to neutron base
Add DhcpAgentNotification param in neutron base yaml file to allow
user to toggle dhcp_agent_notification for neutron.
Change-Id: I31715f58e885ac0c1cd9d813f79df9906b780d99
Closes-Bug: #
1713193
(cherry picked from commit
5ea728cba456f3833a626f86043f17427bca5d4f)
Jenkins [Mon, 11 Sep 2017 15:57:52 +0000 (15:57 +0000)]
Merge "Add Neutron SR-IOV agent container" into stable/pike
Jenkins [Mon, 11 Sep 2017 15:40:15 +0000 (15:40 +0000)]
Merge "Disables QoS with OpenDaylight deployments" into stable/pike