marios [Wed, 20 Jan 2016 10:34:07 +0000 (12:34 +0200)]
Fixup the memcached servers string in nova.conf for v6
As discussed at https://bugzilla.redhat.com/show_bug.cgi?id=
1299265
when providing a list of IPv6 addresses as the memcache_node_ips
the resulting nova.conf entry can't be parsed properly.
This adds a memcache_node_ips_v6 which has the required format like
inet6:[ADDR1],inet6:[ADDR2],inet6:[ADDR3]
Closes-Bug:
1536103
Change-Id: I7f95fa063cbba279c4c2e270841f0a279d2be2f6
Jenkins [Sat, 5 Mar 2016 02:20:16 +0000 (02:20 +0000)]
Merge "Add IPv6 Support to Isolated Networks"
Jenkins [Fri, 4 Mar 2016 19:29:53 +0000 (19:29 +0000)]
Merge "Allow for usage of pre-allocated IPs for the management network"
Jenkins [Fri, 4 Mar 2016 17:57:21 +0000 (17:57 +0000)]
Merge "Run keystone-manage bootstrap for HA deployment too"
Jiri Stransky [Fri, 4 Mar 2016 13:54:51 +0000 (14:54 +0100)]
Run keystone-manage bootstrap for HA deployment too
This is necessary to keep creating the Default domain.
Change-Id: Ib9911819e89f30270d4f7597639b33f30ad2e3a6
Closes-Bug: #
1549867
Jenkins [Fri, 4 Mar 2016 14:13:05 +0000 (14:13 +0000)]
Merge "Set notification driver for nova to send"
Dan Sneddon [Thu, 15 Oct 2015 15:10:44 +0000 (08:10 -0700)]
Add IPv6 Support to Isolated Networks
This change adds a new set of network templates with IPv6 subnets
that can be used instead of the existing IPv4 networks. Each network
can use either the IPv4 or IPv6 template, and the Neutron subnet will
be created with the specified IP version.
The default addresses used for the IPv6 networks use the fd00::/8
prefix for the internal isolated networks (this range is reserved
for private use similar to 10.0.0.0/8), and 2001:db8:fd00:1000::/64
is used as an example default for the External network
(2001:db8::/32 are the documentation addresses [RFC3849]), but this
would ordinarily be a globally addressable subnet. These
parameters may be overridden in an environment file.
This change will require updates to the OpenStack Puppet
Modules to support IPv6 addresses in some of the hieradata values.
Many of the OPM modules already have IPv6 support to support IPv6
deployments in Packstack, but some OPM packages that apply only to
Instack/TripleO deployments need to be updated.
IPv6 addresses used in URLs need to be surrounded by brackets in
order to differentiate IP address from port number. This change
adds a new output to the network/ports resources for
ip_address_uri, which is an IP address with brackets in the case
of IPv6, and a raw IP address without brackets for IPv4 ports.
This change also updates some URLs which are constructed in Heat.
This has been tested and problems were found with Puppet not
accepting IPv6 addresses. This is addressed in the latest Puppet.
Additional changes were required to make this work with Ceph.
IPv6 tunnel endpoints with Open vSwitch are not yet supported
(although support is coming soon), so this review leaves the
Tenant network as an isolated IPv4 network for the time being.
Change-Id: Ie7a742bdf1db533edda2998a53d28528f80ef8e2
Steven Hardy [Thu, 11 Feb 2016 10:57:54 +0000 (10:57 +0000)]
Allow for usage of pre-allocated IPs for the management network
Id3d4f12235501ae77200430a2dc022f378dce336 added support for pre-allocated
IPs on the other overlay networks, but because the patch adding the
managment network (I0813a13f60a4f797be04b34258a2cffa9ea7e84f) was
under review around the same time, we missed adding the from_pool
capability to the ManagementNetwork.
Change-Id: If99f37634d5da7e7fb7cfc31232e926bd5ff074a
Jenkins [Thu, 3 Mar 2016 20:40:03 +0000 (20:40 +0000)]
Merge "Deploy Aodh services, replacing Ceilometer Alarm"
Emilien Macchi [Tue, 3 Nov 2015 23:09:34 +0000 (18:09 -0500)]
Deploy Aodh services, replacing Ceilometer Alarm
Ceilometer Alarm is deprecated in Liberty by Aodh.
This patch:
* manage Aodh Keystone resources
* deploy Aodh API under WSGI, Notifier, Listener and Evaluator
* manage new parameters to customize Aodh deployment
* uses ceilometer DB for the upgrade path
* pacemaker config
Depends-On: I9e34485285829884d9c954b804e3bdd5d6e31635
Depends-On: I891985da9248a88c6ce2df1dd186881f582605ee
Depends-On: Ied8ba5985f43a5c5b3be5b35a091aef6ed86572f
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com>
Change-Id: I58d419173e80d2462accf7324c987c71420fd5f6
Jenkins [Thu, 3 Mar 2016 15:33:04 +0000 (15:33 +0000)]
Merge "endpoint_map: bump nova api from 2.0 to 2.1"
Jenkins [Thu, 3 Mar 2016 15:12:13 +0000 (15:12 +0000)]
Merge "Use set -e for validation-scripts/all-nodes.sh"
Jenkins [Thu, 3 Mar 2016 12:48:53 +0000 (12:48 +0000)]
Merge "Moves the swift start/stop into the common_functions.sh file"
Jenkins [Thu, 3 Mar 2016 12:00:31 +0000 (12:00 +0000)]
Merge "Add Satellite 5 support"
Jenkins [Thu, 3 Mar 2016 09:51:24 +0000 (09:51 +0000)]
Merge "Cisco nexus config template - obsolete parameter (replay count)."
marios [Wed, 2 Mar 2016 16:31:51 +0000 (18:31 +0200)]
Moves the swift start/stop into the common_functions.sh file
Since swift isn't managed by pacemaker we need to manually (systemctl)
stop and start the swift services. This moves the duplicate blocks for
start/stop into a common function (we already include that
pacemaker_common_functions.sh here so may as well)
Change-Id: Ic4f23212594c1bf9edc39143bf60c7f6d648fd1d
Jenkins [Wed, 2 Mar 2016 15:39:24 +0000 (15:39 +0000)]
Merge "Upgrades: install zaqarclient"
Jenkins [Wed, 2 Mar 2016 15:32:28 +0000 (15:32 +0000)]
Merge "Upgrades: quiet yum update"
Jenkins [Wed, 2 Mar 2016 12:14:39 +0000 (12:14 +0000)]
Merge "Support adding a swap file to overcloud nodes"
Jiri Stransky [Mon, 29 Feb 2016 16:44:37 +0000 (17:44 +0100)]
Upgrades: install zaqarclient
Old overcloud images don't have python-zaqarclient installed, and new
overclouds' os-collect-config are configured with Zaqar support. This
together means that on upgrade we need to install python-zaqarclient,
otherwise os-collect-config will be restarted during yum update and
crash due to trying to import missing Python module from zaqarclient.
Change-Id: I3e875e14cb60b1b78aec0d9ddc412ccf865abd01
Jiri Stransky [Mon, 29 Feb 2016 16:38:42 +0000 (17:38 +0100)]
Upgrades: quiet yum update
Quiet down yum during major upgrades to reduce the output size. This is
consistent with what was introduced into minor updates in change
I517271e8465885421a78b73c5af756816c37a977.
Change-Id: Ie6b470e383fdf42870ac6f60ca43e44b4c446ebe
Jenkins [Wed, 2 Mar 2016 08:48:31 +0000 (08:48 +0000)]
Merge "Use service tenant for ceilometer"
Jenkins [Wed, 2 Mar 2016 07:15:22 +0000 (07:15 +0000)]
Merge "Add HostnameMap to allow granular control of hostnames"
James Slagle [Thu, 28 Jan 2016 20:34:54 +0000 (15:34 -0500)]
Support adding a swap file to overcloud nodes
Create a new SoftwareDeployment that can be used to add a swap file to
all nodes The amount of swap and the location of the swap file can be
customized via parameter_defaults and the swap_size_megabytes/swap_path
parameters.
Change-Id: I1fb14c0fab2255410fceb26c3a7d5cfe0ba57b3b
Jenkins [Tue, 1 Mar 2016 18:03:35 +0000 (18:03 +0000)]
Merge "Enable heat-manage purge_deleted cron job"
Jenkins [Tue, 1 Mar 2016 18:01:24 +0000 (18:01 +0000)]
Merge "Update the path to the Docker file"
Emilien Macchi [Tue, 1 Mar 2016 16:43:24 +0000 (11:43 -0500)]
endpoint_map: bump nova api from 2.0 to 2.1
Nova v2.1 allows to use the same API as 2.0 but with microversions
support, which is the recommended way to discover the latest API
version supported in the cloud.
Change-Id: Id011de03d883001fd48dbbcfed53cb821607c7f3
Emilien Macchi [Tue, 1 Mar 2016 01:48:27 +0000 (20:48 -0500)]
controller/ha: disable keystone-manage bootstrap.
Because Overcloud Keystone resources are not managed by puppet-keystone
but by os-cloud-config, we need to let os-cloud-config managing keystone
bootstrap otherwise the Exec will fail since some data is already in
place.
Later, when Keystone resources will be managed by Puppet, drop this
parameter, because puppet-keystone is able to manage the boostrap
itself.
Change-Id: I027deaae5cf90c27a6b5e9d236ae61145cab3c3f
Closes-Bug: #
1551501
Jenkins [Mon, 29 Feb 2016 20:56:04 +0000 (20:56 +0000)]
Merge "Convert port cidr splitting to str_split"
Leon Zachery [Mon, 29 Feb 2016 19:06:44 +0000 (14:06 -0500)]
Cisco nexus config template - obsolete parameter (replay count).
Due to fix: https://bugs.launchpad.net/networking-cisco/+bug/
1469839,
the replay count parameter is no longer used. This needs to be
reflected in the Triple O templates.
Change-Id: I666c4394108287adcb4989e897ab3936667a602b
Closes-bug: #
1551387
James Slagle [Tue, 12 Jan 2016 22:34:22 +0000 (17:34 -0500)]
Add Satellite 5 support
Add Satellite 5 support to the RHEL registration environment and
resources. The registration script is updated to support both satellite
versions in place given the similarity of the options for both
scenarios.
The satellite version is detected based on $REG_SAT_URL, and that
determines whether subscription-manager or rhnreg_ks is used.
Change-Id: Ic261c8a16a7d6d3978f8bfc6e53f75dbe1b716db
Jenkins [Mon, 29 Feb 2016 15:31:51 +0000 (15:31 +0000)]
Merge "OpenContrail heat templates"
Jenkins [Mon, 29 Feb 2016 15:11:48 +0000 (15:11 +0000)]
Merge "Change the default value for NetworkNexusVxlanGlobalConfig"
Dan Prince [Mon, 29 Feb 2016 01:19:49 +0000 (20:19 -0500)]
Use set -e for validation-scripts/all-nodes.sh
Update this script to use 'set -e' for all commands except
the ping checks themselves which we allow to fail so we
can give enhanced output.
This resolves an issue where some commands could fail and cause
an undetectable error (the scripted exits with success) thus causing
a case where Heat won't detect any network errors at all. This
was recently the case with git commit
45be848 where we switched
to use python -c 'import ipaddr' which wasn't even installed as a
library on our overcloud nodes, thus causing all network validations
to silently fail.
Change-Id: I40ed6a537136e866357cc0d9304e905afdd28522
Depends-On: Ia617f44b4673b89202e5e5cdcac9b50f46b3e6c8
Related-bug: #
1551048
Jenkins [Mon, 29 Feb 2016 10:03:15 +0000 (10:03 +0000)]
Merge "Write the compute upgrade script for tripleo major upgrade workflow"
Jenkins [Mon, 29 Feb 2016 09:29:27 +0000 (09:29 +0000)]
Merge "Enable notifications on the overcloud"
Jenkins [Sat, 27 Feb 2016 00:20:48 +0000 (00:20 +0000)]
Merge "Add support for DeployArtifactURLs"
Jenkins [Fri, 26 Feb 2016 23:37:23 +0000 (23:37 +0000)]
Merge "Add NovaVNCProxy back into endpoint_map"
Jenkins [Fri, 26 Feb 2016 23:28:25 +0000 (23:28 +0000)]
Merge "Emits a different hostname for each network the node is on"
Dan Prince [Fri, 13 Nov 2015 20:01:13 +0000 (15:01 -0500)]
Add support for DeployArtifactURLs
Adds a new nested stack deployment which allows operators to
opt-in to deploy tarball's and RPM packages by setting
DeployArtifactURLs as a parameter_default in a Heat
environment.
The intent is to use this setting to allow t-h-t to
transparently deploy things like tarballs of puppet modules
via a Swift Temp URL.
Change-Id: I1bad4a4a79cf297f5b6e439e0657269738b5f326
Implements: blueprint puppet-modules-deployment-via-swift
Jenkins [Fri, 26 Feb 2016 15:40:55 +0000 (15:40 +0000)]
Merge "Nova RPC unpinning"
Jenkins [Fri, 26 Feb 2016 10:29:30 +0000 (10:29 +0000)]
Merge "Add meta notify=true to rabbitmq resource"
marios [Mon, 22 Feb 2016 15:18:16 +0000 (17:18 +0200)]
Write the compute upgrade script for tripleo major upgrade workflow
As part of the major upgrade workflow non-controller nodes are to
be updated by the operator, out-of-band and only after an initial
heat stack-update that invokes the upgrade of the controller nodes.
This review adds a ComputeDeliverUpgradeConfigDeployment_Step3
SoftwareDeploymentGroup to be applied only to compute nodes, and
that depends on the controllers having been upgraded after
ControllerPacemakerUpgradeConfig_Step2.
Its purpose is to deliver but not invoke the upgrade script on
compute nodes to /root/tripleo_upgrade_node.sh .
The non-controller nodes will then be upgraded later by an
operator that will run the script provided for that purpose, like
at https://review.openstack.org/#/c/284722/1 for example.
Change-Id: Ic6115fc8cf5320abfcf500112ff563bde8b88661
Jenkins [Fri, 26 Feb 2016 09:58:54 +0000 (09:58 +0000)]
Merge "Add a sample network-environment.yaml file to environments"
Zane Bitter [Tue, 2 Feb 2016 17:32:37 +0000 (12:32 -0500)]
Add NovaVNCProxy back into endpoint_map
Due to an incorrect rebase,
d0dcb9401c868786df58f5801a431392b8e89df8
dropped the changes made in
dd7602ad82100617126be26d80a6d3f67cb739ac to
add a vncproxy to the endpoint map. This change restores them.
Change-Id: Ifef7f955481405d5fe39ba48c8b1a79aa9c170f2
Pradeep Kilambi [Tue, 23 Feb 2016 16:45:57 +0000 (11:45 -0500)]
Set notification driver for nova to send
Currently since nova compute is not configured to
send notifications to ceilometer, tempest tests
fail on tempest.api.telemetry.test_telemetry_notification_api.
Change-Id: I763b7d246ae3f5955b6f555c8fd107d2cac89787
Ben Nemec [Wed, 4 Nov 2015 00:40:36 +0000 (18:40 -0600)]
Enable notifications on the overcloud
Configures all services to send notifications to rabbit. The puppet
modules are not consistent regarding how this is done - some expose
notification config as a top-level param, others you need to set it
through a *_config structure, and cinder provides a separate class
dedicated to enabling ceilometer notifications.
Change-Id: I23e2ddad3c59a06cfbfe5d896a16e6bad2abd943
Jenkins [Thu, 25 Feb 2016 12:15:16 +0000 (12:15 +0000)]
Merge "Add UpgradeLevelNovaCompute parameter"
Jenkins [Thu, 25 Feb 2016 11:00:49 +0000 (11:00 +0000)]
Merge "Introduce update/upgrade workflow"
Jenkins [Thu, 25 Feb 2016 11:00:41 +0000 (11:00 +0000)]
Merge "Add resources for major upgrade in Pacemaker scenario"
Jenkins [Thu, 25 Feb 2016 10:09:36 +0000 (10:09 +0000)]
Merge "Generate the endpoint map statically"
Dan Sneddon [Tue, 23 Feb 2016 20:51:40 +0000 (12:51 -0800)]
Add a sample network-environment.yaml file to environments
This change adds a sample network-environment.yaml file to the
environments. This sample includes pointers to NIC config files,
as well as default network subnets and allocation pools.
This is meant to be a demonstration of the default settings for
a virtual deployment. In a real deployment, the operator would
customize the settings here and point to custom NIC config
templates.
Change-Id: I0288c0680effea06b5f805a0d955e8bbf6152ba6
Jenkins [Wed, 24 Feb 2016 22:25:30 +0000 (22:25 +0000)]
Merge "Rename tox env to pep8"
Jenkins [Wed, 24 Feb 2016 18:46:05 +0000 (18:46 +0000)]
Merge "Adds v6 capability to the deploy validation test (pings)"
Giulio Fidente [Wed, 20 Jan 2016 13:36:55 +0000 (14:36 +0100)]
Emits a different hostname for each network the node is on
Populates /etc/hosts with an entry for each IP address the node
is on, which will be useful to migrate services configuration from
using IPs into using hostnames.
This is how the lines look like on a host which doesn't have all ports:
172.16.2.6 overcloud-novacompute-0.localdomain overcloud-novacompute-0
192.0.2.9 overcloud-novacompute-0-external
172.16.2.6 overcloud-novacompute-0-internalapi
172.16.1.6 overcloud-novacompute-0-storage
192.0.2.9 overcloud-novacompute-0-storagemgmt
172.16.0.4 overcloud-novacompute-0-tenant
192.0.2.9 overcloud-novacompute-0-management
the network against which the default (or primary) name is resolved
can be configured (for computes) via ComputeHostnameResolveNetwork
Change-Id: Id480207c68e5d68967d67e2091cd081c17ab5dd7
Jiri Stransky [Wed, 24 Feb 2016 16:29:50 +0000 (17:29 +0100)]
Nova RPC unpinning
During upgrades, we only run Puppet on the whole deployment to converge
the state, after the upgrade workflow itself has been fully
completed. That is an opportunity to utilize Puppet to make sure Nova
Compute RPC doesn't remain pinned to the older version.
Change-Id: I6ebc813a80dfd9dfbbb213c38724487e044507b8
Zane Bitter [Tue, 2 Feb 2016 17:32:37 +0000 (12:32 -0500)]
Generate the endpoint map statically
A stack is an extremely heavyweight abstraction in Heat. Particularly in
TripleO, every stack includes a copy of all the template and environment
data for all of the stacks in the tree, all of which must be stored anew
in the database.
The EndpointMap abstraction created no fewer than 30 nested stacks, none
of which contained any resources but which existed purely for the
purpose of abstracting out some intrinsic functions used to calculate
the endpoint URLs for the various services. This likely adds several GB
to the memory requirements of the undercloud, and can cause things to
slow to a crawl since all 30 nested stacks need to be queried whenever
we need data from any one of them.
This change eliminates the nested stacks and instead generates the
endpoint map statically. This can be done offline in less than 250ms,
allows the input data to be expressed in an even more human-readable
form, and reduces the runtime overhead of the endpoints map by a factor
of 31, all with no loss of functionality, compatibility or flexibility.
Since we don't run a setup script to generate the tarball, the
endpoint_map.yaml output is checked in to source control. The build
script offers a --check option that can be used to make sure that the
output file is up-to-date with the input data.
Change-Id: I2df8f5569d81c1bde417ff5b12b06b7f1e19c336
Eugene Bagdasaryan [Thu, 18 Feb 2016 16:51:11 +0000 (19:51 +0300)]
Change the default value for NetworkNexusVxlanGlobalConfig
This parameter leads to the nonoperational state
in Nexus Vxlan topology when set to True, when VNIs created
but the nve peers do not get discovered on the Nexus.
It is time consuming process to debug the configuration
and find out that this parameter should be changed
to False. To prevent future problems for the future
deployment we want to default this parameter to False.
Change-Id: I685ad7d212af0d9e568acbf1ccf1607d120c195e
Jenkins [Wed, 24 Feb 2016 10:07:48 +0000 (10:07 +0000)]
Merge "Nova Neutron configuration now uses keystone v3 endpoint"
Jenkins [Wed, 24 Feb 2016 10:04:18 +0000 (10:04 +0000)]
Merge "Update nova::network::neutron variables to drop deprecated parameters"
Jenkins [Wed, 24 Feb 2016 09:32:46 +0000 (09:32 +0000)]
Merge "Allow vncproxy to work with ssl enabled"
Jiri Stransky [Tue, 23 Feb 2016 13:01:59 +0000 (14:01 +0100)]
Add UpgradeLevelNovaCompute parameter
This parameter can be used for pinning (and later unpinning) the Nova
Compute RPC version.
Change-Id: I2f181f3b01f0b8059566d01db0152a12bbbd1c3e
Jiri Stransky [Thu, 21 Jan 2016 12:11:23 +0000 (13:11 +0100)]
Introduce update/upgrade workflow
Change-Id: I7226070aa87416e79f25625647f8e3076c9e2c9a
Derek Higgins [Thu, 3 Dec 2015 23:45:15 +0000 (23:45 +0000)]
Add resources for major upgrade in Pacemaker scenario
Add Heat software deployments to be used to upgrade major versions of
OpenStack on the controller nodes. All controller services are taken
down while the upgrade is in progress.
The new updated yum repositories should be configured by another process
e.g. the deployment artifacts transfer via Swift.
Change-Id: Ia0a04e4a11d67e7a5acc53c1f8a8f01ed5ca8675
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
David Moreau Simard [Thu, 11 Feb 2016 16:55:54 +0000 (11:55 -0500)]
Nova Neutron configuration now uses keystone v3 endpoint
Our current nova-neutron configuration does not work with
the latest puppet-nova. In particular, this patch[1].
This commit adds keystone v3 endpoints to the map and gets the
nova::network::neutron configuration to use them.
[1] https://github.com/openstack/puppet-nova/commit/
d09868a59c451932d67c66101b725182d7066a14
Change-Id: Ifb8c23c81c665c2732fa5cd757760668b06a449a
Michele Baldessari [Tue, 23 Feb 2016 07:42:55 +0000 (08:42 +0100)]
Add meta notify=true to rabbitmq resource
See RHBZ
1311005 and
1247303. In short: sometimes when a controller
node gets fenced, rabbitmq is unable to rejoin the cluster. To fix this
we need two steps:
1) The fix for the RA in BZ
1247303
2) Add notify=true to the meta parameters of the rabbitmq resource on
fresh installs and updates
Note that if this change is applied on systems that do not
have the fix for the rabbitmq resource agent, no action is taken.
So when the resource agent will be updated, the notify
operation will start to work as soon as the first monitor
action will take place.
Fixes RH Bug #
1311005
Change-Id: I513daf6d45e1a13d43d3c404cfd6e49d64e51d5a
xinwu [Mon, 25 Jan 2016 07:51:37 +0000 (23:51 -0800)]
Add extra config yaml files for big switch agents.
This change adds extra config yaml files for big switch agent
and big switch lldp.
This change is mainly for compute nodes. The changes related
to controller nodes are landed at
e78e1c8d9b5a7ebf327987b22091bff3ed42d1c1
This change also removes the neutron_enable_bigswitch_ml2 flag. Instead,
User needs to specify NeutronMechanismDrivers: bsn_ml2 in environment file.
Previous discussion about this change can be found at an abandoned
review request https://review.openstack.org/#/c/271940/
Depends-On: Iefcfe698691234490504b6747ced7bb9147118de
Change-Id: I81341a4b123dc4a8312a9a00f4b663c7cca63d7c
David Moreau Simard [Tue, 9 Feb 2016 22:37:39 +0000 (17:37 -0500)]
Update nova::network::neutron variables to drop deprecated parameters
This commit ensures we are not using any deprecated parameters for
nova::network::neutron and are using the right variable names.
Change-Id: Ic1b41e2cdbb6b180496822cc363c433e9388aa02
Jenkins [Fri, 19 Feb 2016 11:29:45 +0000 (11:29 +0000)]
Merge "Use the class param to configure Cinder 'host' setting"
Jenkins [Fri, 19 Feb 2016 09:36:07 +0000 (09:36 +0000)]
Merge "Add TripleO Heat Template Parameters for Neutron Tenant MTU"
Giulio Fidente [Thu, 18 Feb 2016 13:34:37 +0000 (14:34 +0100)]
Use the class param to configure Cinder 'host' setting
By configuring the Cinder 'host' setting via the appropriate class
param instead of cinder_config we don't risk to override it if the
user is to pass additional config settings using cinder_config in
ExtraConfig.
Change-Id: Idf33d87e08355b5b4369ccb0001db8d4c3b4c20f
Jenkins [Thu, 18 Feb 2016 19:04:48 +0000 (19:04 +0000)]
Merge "Configure keystone public_endpoint"
Jenkins [Thu, 18 Feb 2016 19:03:29 +0000 (19:03 +0000)]
Merge "Enable the ML2 port security extension driver by default"
Jenkins [Thu, 18 Feb 2016 16:28:10 +0000 (16:28 +0000)]
Merge "Add missing : in hieradata key name"
Dan Sneddon [Sun, 7 Feb 2016 15:17:09 +0000 (16:17 +0100)]
Add sysctl settings to disable IPv6 autoconfig and accept_ra
This change adds puppet hieradata settings which disable IPv6
autoconfiguration and accept_ra by default on all interfaces.
When IPv6 is used, the interfaces are individually enabled and
configured with static IP addresses.
The networking on the compute host needs to be completely
separate from the tenant networking, in order to safeguard the
compute host and isolate tenant traffic. This change disables
IPv6 autoconfiguration and acceptance of RAs by default on
interfaces unless specifically enabled.
Without these settings, IPv6 is enabled on all interfaces, as well
as autoconfiguration and accept_ra, so when the compute host
creates a bridge interface for the router (qbr-<ID>), the
compute node will automatically assign an IPv6 address and will
install a default IPv6 route on the bridge interface when it
receives the RAs from the Neutron router.
The change to turn off autoconfiguration means that interfaces
will not self-assign an IPv6 address, and the change to not accept
RAs is a security hardening feature. This requires that a
static gateway address be declared in the network environment
in the parameter ExternalNetworkDefaultRoute. Alternately, sysctl
can be modified to change the accept_ra behavior for specific
interfaces.
Change-Id: I8a8d311a14b41baf6e7e1b8ce26a63abc2eaabef
Closes-bug:
1544296
Jenkins [Thu, 18 Feb 2016 07:32:55 +0000 (07:32 +0000)]
Merge "Make injected CA file readable by others"
Jenkins [Thu, 18 Feb 2016 00:45:17 +0000 (00:45 +0000)]
Merge "Increase size of connection tracking table"
Dan Sneddon [Fri, 29 Jan 2016 02:14:30 +0000 (18:14 -0800)]
Add TripleO Heat Template Parameters for Neutron Tenant MTU
This change adds the TripleO Heat Parameters and Puppet hieradata
to support setting the MTU for Neutron tenant networks. A new
parameter, NeutronTenantMtu is introduced, and this gets used for
the NeutronDnsmasqOptions and in Puppet hieradata.
NeutronTenantMtu is also used in the Puppet hieradata for both the
compute and control nodes. Two values are set:
nova::compute::network_device_mtu
which sets /etc/nova/nova.conf: network_device_mtu = <NeutronTenantMtu>
neutron::network_device_mtu
which sets in /etc/neutron/neutron.conf:
network_device_mtu = <NeutronTenantMtu>
finally, the NeutronDnsmasqOptions parameter becomes a str_format
that maps the NeutronTenantMtu onto the DHCP options,
so a default of 'dhcp-option-force=26,%MTU%' would be formatted to
'dhcp-option-force=26,1300' if NeutronTenantMtu were 1300.
This will set dnsmasq to serve an MTU via DHCP that matches the
NeutronTenantMtu:
/etc/neutron/dnsmasq-neutron.conf:dhcp-option-force=26,1300
Typically, you would change all three of these settings to use small
or jumbo frames in VMs. When using tunneling, NeutronTenantMtu
should be set at least 50 bytes smaller than the physical network
MTU in order to make room for tunneling overhead.
Note that this change does not support setting the MTU on veth
interfaces if veth patches are used to br-int instead of OVS
patches.
Change-Id: I38840e082ee01dc3b6fc78e1dd97f53fa4e63039
Jenkins [Wed, 17 Feb 2016 14:02:39 +0000 (14:02 +0000)]
Merge "Wire the Glance rbd user correctly into the external Ceph template"
Juan Antonio Osorio Robles [Wed, 17 Feb 2016 13:48:36 +0000 (15:48 +0200)]
Make injected CA file readable by others
Currently the permissions for the CA file that is injected (if the
environment is set), doesn't permit users that don't belong to the group
that owns the file to read it. This is too restrictive and isn't
necessary, as the certificate should be public.
This is useful in the case where we want a service that can't read the
certificate chain (or bundle) to be able to read that CA certificate.
This is the case for the MariaDB version that is being used in CentOS
7.1 for example.
Change-Id: I6ff59326a5570670c031b448fb0ffd8dfbd8b025
Jenkins [Wed, 17 Feb 2016 10:11:26 +0000 (10:11 +0000)]
Merge "Bind Galera on a hostname for compat with IPv6 addresses"
Jenkins [Wed, 17 Feb 2016 10:11:08 +0000 (10:11 +0000)]
Merge "Remove start-delay=10s for the Nova resources monitor"
Giulio Fidente [Tue, 16 Feb 2016 11:41:20 +0000 (12:41 +0100)]
Wire the Glance rbd user correctly into the external Ceph template
We were incorrectly wiring the rbd user to the relevant glance
module parameter, making it was impossible to customize the
rbd user when using an external Ceph.
Change-Id: Ibe4eaedf986a9077f869c6530381e69ee0281f5b
Jenkins [Tue, 16 Feb 2016 11:23:34 +0000 (11:23 +0000)]
Merge "Split pacemaker common check_service function out of _restart.sh"
Jenkins [Tue, 16 Feb 2016 11:23:26 +0000 (11:23 +0000)]
Merge "Use timeout to check for services status"
Jenkins [Tue, 16 Feb 2016 11:13:40 +0000 (11:13 +0000)]
Merge "Remove DNS hack."
Jenkins [Mon, 15 Feb 2016 22:47:19 +0000 (22:47 +0000)]
Merge "Update Dell Storage Center api port setting"
Jenkins [Mon, 15 Feb 2016 21:53:05 +0000 (21:53 +0000)]
Merge "Switch to POLL_TEMP_URL for config transport"
Jenkins [Mon, 15 Feb 2016 19:24:01 +0000 (19:24 +0000)]
Merge "Minor fixes to allow local docker registry usage"
Jenkins [Mon, 15 Feb 2016 15:16:20 +0000 (15:16 +0000)]
Merge "Enable SSL middleware for cinder"
Dougal Matthews [Wed, 6 Jan 2016 11:29:47 +0000 (11:29 +0000)]
Update the path to the Docker file
The file was renamed in
db16fd6b59257ea9eacbf071e9e799041822dcab
(Change-Id I7837ed7ed3e807ec5c1276904893695918bef293).
Change-Id: Ia8bdd705fddf00acc20116d21f39cb80b9fd693e
Jenkins [Fri, 12 Feb 2016 21:29:09 +0000 (21:29 +0000)]
Merge "Update the capabilities map file name to be more consistent"
Jeff Peeler [Fri, 8 Jan 2016 17:20:53 +0000 (12:20 -0500)]
Minor fixes to allow local docker registry usage
Changed the heat-docker-agents namespace to use the namespacing
specified in the environment file, which reduces modifications required
on the user when using a local registry.
Changed the start agents script to handle using a local registry both
with a namespace and without.
Change-Id: I16cc96b7ecddeeda07de45f50ffc6a880dabbba6
James Slagle [Fri, 12 Feb 2016 18:08:37 +0000 (13:08 -0500)]
Add missing : in hieradata key name
This hieradata key, neutron::agents::ml2::ovs:bridge_mappings was
missing a : before bridge_mappings causing the value to be blank in
/etc/neutron/plugins/ml2/openvswitch_agent.ini even if a value had been
specified.
Change-Id: I377565d3fb821be1bb2dc7d92ec1ad25a4a3b1f1
Ian Main [Fri, 12 Feb 2016 15:11:08 +0000 (10:11 -0500)]
Remove DNS hack.
With a properly configured undercloud the DNS is fine. We can remove
the 8.8.8.8 dns setting.
Change-Id: I8ba98e76f95fd0a6f3f34cb5578e6c3ea7a1d15e
Jenkins [Fri, 12 Feb 2016 13:19:44 +0000 (13:19 +0000)]
Merge "Nova now requires an api database to be created"
Giulio Fidente [Fri, 22 Jan 2016 14:16:05 +0000 (15:16 +0100)]
Remove start-delay=10s for the Nova resources monitor
As per conversation in [1], these settings should have probably never
been there.
1. https://bugzilla.redhat.com/show_bug.cgi?id=
1262409
Change-Id: I116f825ba0fe3e4faac8dd347bb087e1b4c70e57
Steve Baker [Fri, 12 Feb 2016 01:07:25 +0000 (14:07 +1300)]
Enable heat-manage purge_deleted cron job
Without this the heat database tables will grow without limit.
Change-Id: I687e733db1a73ebc2047609a03be768093010dd4
DependsOn: Ia2b80e5003450cd794ebb0c9ca72200ec8616e81
Jenkins [Thu, 11 Feb 2016 21:29:13 +0000 (21:29 +0000)]
Merge "Increase default Cinder LVM backing file to 10G"
Jenkins [Thu, 11 Feb 2016 20:22:31 +0000 (20:22 +0000)]
Merge "puppet: run keystone in wsgi"
Code Review / apex-tripleo-heat-templates.git / log