apex-tripleo-heat-templates.git
9 years agoEnsure mysql root can only connect from localhost
Yanis Guenane [Tue, 4 Aug 2015 11:05:38 +0000 (13:05 +0200)]
Ensure mysql root can only connect from localhost

Currently mysql root user can connect in a passwordless way from :

  * localhost
  * 127.0.0.1
  * ::1
  * <HOSTNAME>

This patch ensures that the mysql root user can connect only from localhost.

Change-Id: If64fd383737c2fbeed4adbe8d98b1f92610956b2

9 years agoMerge "RHEL registration shouldn't use attach with activation key"
Jenkins [Wed, 29 Jul 2015 20:37:50 +0000 (20:37 +0000)]
Merge "RHEL registration shouldn't use attach with activation key"

9 years agoMerge "Keystone token flushing"
Jenkins [Tue, 28 Jul 2015 07:34:22 +0000 (07:34 +0000)]
Merge "Keystone token flushing"

9 years agoMerge "Set rabbitmq heatbeat timeout threshold to 60"
Jenkins [Fri, 24 Jul 2015 23:00:07 +0000 (23:00 +0000)]
Merge "Set rabbitmq heatbeat timeout threshold to 60"

9 years agoMerge "Ensure SELinux is permissive on Ceph OSDs"
Jenkins [Fri, 24 Jul 2015 16:24:13 +0000 (16:24 +0000)]
Merge "Ensure SELinux is permissive on Ceph OSDs"

9 years agoMerge "Set heat::instance_user to empty string"
Jenkins [Fri, 24 Jul 2015 16:06:36 +0000 (16:06 +0000)]
Merge "Set heat::instance_user to empty string"

9 years agoKeystone token flushing
Jiri Stransky [Wed, 22 Jul 2015 12:23:30 +0000 (14:23 +0200)]
Keystone token flushing

Set up a cron job to flush keystone tokens periodically. The job runs
once a day near midnight per puppet-keystone defaults, and we pass
maxdelay 3600 which means each controller will wait a random delay of up
to 1 hour before running the task.

Change-Id: I351f0273c61106c182aa3945b7ad1ce8f5c7d12b

9 years agoMerge "NFS backend for Cinder"
Jenkins [Fri, 24 Jul 2015 14:09:57 +0000 (14:09 +0000)]
Merge "NFS backend for Cinder"

9 years agoMerge "Set default external port to noop for puppet"
Jenkins [Fri, 24 Jul 2015 13:53:48 +0000 (13:53 +0000)]
Merge "Set default external port to noop for puppet"

9 years agoMerge "Use 'public' instead of 'nova' as default floating pool name"
Jenkins [Fri, 24 Jul 2015 06:38:52 +0000 (06:38 +0000)]
Merge "Use 'public' instead of 'nova' as default floating pool name"

9 years agoSet default external port to noop for puppet
Dan Prince [Thu, 23 Jul 2015 18:06:19 +0000 (14:06 -0400)]
Set default external port to noop for puppet

In 9b89dd20162d962480d3cb84161ed6bfd4fa9de8 we had a regression
where the default "external" traffic port was set to a VIP
when using puppet. We should not ever specify a VIP to be used
for the actual machine IPs (VIPs are only guaranteed to
work once the load balancer is running).

Also, This doesn't match the non-puppet case.

Change-Id: Icd179a70001f2bd7a97e31c7f6445001330674cd

9 years agoMerge "Wire in hieradata overrides via ExtraConfig for CephStorage"
Jenkins [Thu, 23 Jul 2015 13:51:30 +0000 (13:51 +0000)]
Merge "Wire in hieradata overrides via ExtraConfig for CephStorage"

9 years agoMerge "Wire in hieradata overrides via ExtraConfig for ObjectStorage"
Jenkins [Thu, 23 Jul 2015 13:51:22 +0000 (13:51 +0000)]
Merge "Wire in hieradata overrides via ExtraConfig for ObjectStorage"

9 years agoMerge "Convert PublicVirtualIP to new port creation method"
Jenkins [Thu, 23 Jul 2015 12:52:50 +0000 (12:52 +0000)]
Merge "Convert PublicVirtualIP to new port creation method"

9 years agoUse 'public' instead of 'nova' as default floating pool name
Giulio Fidente [Tue, 21 Jul 2015 10:49:46 +0000 (12:49 +0200)]
Use 'public' instead of 'nova' as default floating pool name

The dafault in nova.conf for default_floating_pool is set to nova
which is confusing given to make Tempest tests to pass one has to
create a public network with such a name.

Change-Id: I148222a9f276309ede062ee5292993898ff899d6

9 years agoMerge "Provide list of memcached servers to Nova"
Jenkins [Thu, 23 Jul 2015 09:53:23 +0000 (09:53 +0000)]
Merge "Provide list of memcached servers to Nova"

9 years agoMerge "Wire in hieradata overrides via ExtraConfig for BlockStorage"
Jenkins [Wed, 22 Jul 2015 11:43:44 +0000 (11:43 +0000)]
Merge "Wire in hieradata overrides via ExtraConfig for BlockStorage"

9 years agoMerge "Wire in hieradata overrides via ExtraConfig for NovaCompute"
Jenkins [Wed, 22 Jul 2015 11:42:04 +0000 (11:42 +0000)]
Merge "Wire in hieradata overrides via ExtraConfig for NovaCompute"

9 years agoConvert PublicVirtualIP to new port creation method
Dan Sneddon [Wed, 24 Jun 2015 21:25:08 +0000 (14:25 -0700)]
Convert PublicVirtualIP to new port creation method

This change brings PublicVirtualIP in line with the rest of the
VIPs in how it is created. This allows the network where
PublicVirtualIP is instantiated to be on cltplane when network
isolation is not used, and on the external network when network
isolation is used. This change removes the PublicVirtualNetwork
parameter, since it is no longer used. In order to continue to
support the PublicVirtualFixedIPs parameter, which is used to
provide a specific IP for the PublicVirtualIP, the FixedIP
parameter was added to cltplane_vip.yaml, vip.yaml, and
noop.yaml. The value of PublicVirtualIP is passed to FixedIP
in the VIP templates. This change also moves the default
network for keystone public api to the external net (which will
fallback to ctlplane if network isolation isn't used).

Change-Id: I3f5d35cbe55d3a148e95cf49dfbaad4874df960b

9 years agoProvide list of memcached servers to Nova
Giulio Fidente [Thu, 16 Jul 2015 18:51:23 +0000 (20:51 +0200)]
Provide list of memcached servers to Nova

Memcached is used by novnc to share the auth tokens.

Change-Id: I18415b6ae38b46e3c92e4ce84b858a014ef8398b

9 years agoIncrease default start timeout for Pacemaker from 20s to 90s
Giulio Fidente [Wed, 15 Jul 2015 12:35:46 +0000 (14:35 +0200)]
Increase default start timeout for Pacemaker from 20s to 90s

On slow environments the start operation of some services can
take longer than 20s so we increase the default for start
operation to 90s, more info can be found at:
https://bugzilla.redhat.com/show_bug.cgi?id=1242052

Systemd defaults to 90s as well.

Change-Id: Ie4652bad518075be77937d47830f263034eda79c

9 years agoMerge "Puppet: wire in tripleo::packages"
Jenkins [Tue, 21 Jul 2015 10:52:53 +0000 (10:52 +0000)]
Merge "Puppet: wire in tripleo::packages"

9 years agoMerge "Fix Puppet Configuring NetApp Cinder Backend"
Jenkins [Tue, 21 Jul 2015 09:27:13 +0000 (09:27 +0000)]
Merge "Fix Puppet Configuring NetApp Cinder Backend"

9 years agoPuppet: wire in tripleo::packages
Dan Prince [Fri, 19 Jun 2015 02:05:00 +0000 (22:05 -0400)]
Puppet: wire in tripleo::packages

This wires in use of a new puppet-tripleo class which
encapsulates the logic to enable/disable package
installation and upgrades.

By using the new class we can remove the global
Package provider declaration at the top of each
module.

Change-Id: I5c6e5fd8600031bd8fb6195649721607c560f9d5
Depends-on:  Ie8fbc344149bc8c9977e127de77636903607617a

9 years agoFix Puppet Configuring NetApp Cinder Backend
Ryan Hefner [Thu, 18 Jun 2015 21:37:31 +0000 (17:37 -0400)]
Fix Puppet Configuring NetApp Cinder Backend

It was incorrectly assumed that Puppet variables assigned to a
defined class (as seen in cinder-netapp.yaml) would be applied to
any resources created with that type. This is not how Puppet works.

The full range of configuration parameters to cinder::backend::netapp
have been added back in. They are still pulling from Hiera like they
were intended before, but it needs to be a little more explicit for
Puppet to be happy.

Change-Id: I2e00eae829713b2dbb1e4a5f296b6d08d0c21100

9 years agoMerge "Ensure compute nodes use internalURL as catalog_info"
Jenkins [Mon, 20 Jul 2015 11:27:18 +0000 (11:27 +0000)]
Merge "Ensure compute nodes use internalURL as catalog_info"

9 years agoMerge "Allow overlapping IPs in Neutron"
Jenkins [Mon, 20 Jul 2015 07:20:11 +0000 (07:20 +0000)]
Merge "Allow overlapping IPs in Neutron"

9 years agoMerge "Ensure CinderStorage nodes use internalURL as catalog_info"
Jenkins [Sun, 19 Jul 2015 00:47:14 +0000 (00:47 +0000)]
Merge "Ensure CinderStorage nodes use internalURL as catalog_info"

9 years agoMerge "Use parameter_defaults in env files"
Jenkins [Sun, 19 Jul 2015 00:45:10 +0000 (00:45 +0000)]
Merge "Use parameter_defaults in env files"

9 years agoSet rabbitmq heatbeat timeout threshold to 60
Dan Prince [Fri, 17 Jul 2015 14:39:23 +0000 (10:39 -0400)]
Set rabbitmq heatbeat timeout threshold to 60

Updates the default settings for Nova, Neutron, Cinder,
Ceilometer, and Heat services so we set the default rabbitmq
threshold to 60 seconds.

Change-Id: If537ae16968eb6b264b2ab071144f1eecab18b64

9 years agoAllow overlapping IPs in Neutron
Jiri Stransky [Fri, 17 Jul 2015 12:56:21 +0000 (14:56 +0200)]
Allow overlapping IPs in Neutron

Change-Id: I7703013b62bd67869c268fb8689389ec0eeb5aad

9 years agoMerge "Increase default max_connections for MySQL from 1024 to 4096"
Jenkins [Fri, 17 Jul 2015 11:17:38 +0000 (11:17 +0000)]
Merge "Increase default max_connections for MySQL from 1024 to 4096"

9 years agoMerge "Enable hieradata ExtraConfig overrides for Controller"
Jenkins [Fri, 17 Jul 2015 08:35:58 +0000 (08:35 +0000)]
Merge "Enable hieradata ExtraConfig overrides for Controller"

9 years agoEnsure CinderStorage nodes use internalURL as catalog_info
Giulio Fidente [Thu, 16 Jul 2015 22:01:33 +0000 (00:01 +0200)]
Ensure CinderStorage nodes use internalURL as catalog_info

By default Cinder will get the publicURL for Nova and Swift, which
is not reachable by the CinderStorage nodes.

Change-Id: I25b7900c9ab261e0f706257ffdf6844533b63b94

9 years agoEnsure compute nodes use internalURL as catalog_info
Giulio Fidente [Thu, 16 Jul 2015 21:45:20 +0000 (23:45 +0200)]
Ensure compute nodes use internalURL as catalog_info

By default Nova will get the publicURL instead, which is not
reachable by the compute nodes.

Change-Id: I57b6a7a7eddb0ffaf6d2d152d932f390c48f908e

9 years agoWire in hieradata overrides via ExtraConfig for CephStorage
Steven Hardy [Thu, 16 Jul 2015 16:50:26 +0000 (17:50 +0100)]
Wire in hieradata overrides via ExtraConfig for CephStorage

Adds support for global (ExtraConfig) and role-specific
(CephStorageExtraConfig) hiera overrides, similar to those added
for the Controller, NovaCompute, BlockStorage, ObjectStorage roles.

Change-Id: Idbe73b86a772491cd3c55ba69b5a95cc291d2598

9 years agoWire in hieradata overrides via ExtraConfig for ObjectStorage
Steven Hardy [Thu, 16 Jul 2015 16:45:32 +0000 (17:45 +0100)]
Wire in hieradata overrides via ExtraConfig for ObjectStorage

Adds support for global (ExtraConfig) and role-specific
(ObjectStorageExtraConfig) hiera overrides, similar to those added
for the Controller, NovaCompute and BlockStorage roles.

Change-Id: I7dd0d8003017e2738366983cb5d8e08b3f3fa334

9 years agoWire in hieradata overrides via ExtraConfig for BlockStorage
Steven Hardy [Thu, 16 Jul 2015 16:40:34 +0000 (17:40 +0100)]
Wire in hieradata overrides via ExtraConfig for BlockStorage

Adds support for global (ExtraConfig) and role-specific
(BlockStorageExtraConfig) hiera overrides, similar to those added
for the Controller and NovaCompute roles.

Change-Id: Iaf9665b53407e6a657f56d6516469f2c88bafbdd

9 years agoWire in hieradata overrides via ExtraConfig for NovaCompute
Steven Hardy [Wed, 15 Jul 2015 17:36:48 +0000 (13:36 -0400)]
Wire in hieradata overrides via ExtraConfig for NovaCompute

Adds support for global (ExtraConfig) and role-specific
(NovaComputeExtraConfig) hiera overrides, similar to those added
for the controller.

For example, you can pass an environment file like:
parameters:
  NovaComputeExtraConfig:
    nova::scheduler::filter::ram_allocation_ratio: 1.8
    compute_classes:
    - ::nova::scheduler::filter

This passes a hiera value for ram_allocation_ratio and enables
a class via the include added in https://review.openstack.org/#/c/197908/

Note this also requires https://review.openstack.org/#/c/188772/
or 40-hiera-datafiles incorrectly quotes the list and the
compute_classes part won't work.

Change-Id: Ic33eed1b5e9c33c0d2f6075c65c8d9649b82c8b4

9 years agoMerge "Provide manage_service to neutron::agents::ml2::ovs"
Jenkins [Thu, 16 Jul 2015 13:39:58 +0000 (13:39 +0000)]
Merge "Provide manage_service to neutron::agents::ml2::ovs"

9 years agoIncrease default max_connections for MySQL from 1024 to 4096
Giulio Fidente [Thu, 16 Jul 2015 11:46:12 +0000 (13:46 +0200)]
Increase default max_connections for MySQL from 1024 to 4096

As a matter of fact it seems that the 1024 connections barrier
can easily be reached with modern hardware, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1240824

Change-Id: I194a0dd725907350ca16ea3c41f3ed4f68a11bcf

9 years agoEnable hieradata ExtraConfig overrides for Controller
Steven Hardy [Wed, 15 Jul 2015 15:04:13 +0000 (11:04 -0400)]
Enable hieradata ExtraConfig overrides for Controller

Wires in the ControllerExtraConfig and ExtraConfig parameters so
that they may be used to specify overrides of the default hieradata.

Note if this is used to override values specified via parameters
rather than hard-coded values in puppet/hieradata caution should
be used as the overridden values will always take precendence
regardless of the parameter input, unless the parameter is provided
directly to the Deployment resource applying the manifiest (e.g
not the pattern currently employed in most of t-h-t)

Also note that ControllerExtraConfig takes precedence over the
deployment-wide ExtraConfig.

For example, here's how you would pass a value which disables the
heat-api-cfn service on all controllers. This would be put into an
environment file, then passed to the heat stack-create via an extra
-e option:

parameters:
  controllerExtraConfig:
    heat::api_cfn::enabled: false

Note the parameter capitalization is different in the top-level
overcloud-without-mergepy template for some reason.

Change-Id: I6d6e3e78460308134d95c01892bb242aba70e9ca

9 years agoMerge "Adds the NeutronTunnelIdRanges and NeutronVniRanges parameters"
Jenkins [Wed, 15 Jul 2015 15:22:03 +0000 (15:22 +0000)]
Merge "Adds the NeutronTunnelIdRanges and NeutronVniRanges parameters"

9 years agoMerge "Configure Heat's ec2 auth uri correctly"
Jenkins [Wed, 15 Jul 2015 12:36:25 +0000 (12:36 +0000)]
Merge "Configure Heat's ec2 auth uri correctly"

9 years agoMerge "Allow a user to disable MongoDB journaling"
Jenkins [Wed, 15 Jul 2015 11:44:28 +0000 (11:44 +0000)]
Merge "Allow a user to disable MongoDB journaling"

9 years agoMerge "Removes the NeutronScale resource from controller pcmk manifest"
Jenkins [Wed, 15 Jul 2015 11:41:48 +0000 (11:41 +0000)]
Merge "Removes the NeutronScale resource from controller pcmk manifest"

9 years agoMerge "neutron-server: Remove start/sleep/stop pattern"
Jenkins [Tue, 14 Jul 2015 09:06:32 +0000 (09:06 +0000)]
Merge "neutron-server: Remove start/sleep/stop pattern"

9 years agoEnsure SELinux is permissive on Ceph OSDs
Jiri Stransky [Mon, 13 Jul 2015 17:11:54 +0000 (19:11 +0200)]
Ensure SELinux is permissive on Ceph OSDs

Currently we build the overcloud image with selinux-permissive element
in CI. However, even in environments where selinux-permissive element is
not used, it should be ensured that SELinux is set to permissive mode on
nodes with Ceph OSD [1].

We have no nice way to manage SELinux status via Puppet at the moment,
so i'm resorting to execs, but with proper "onlyif" guards.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1241422

Change-Id: I31bd685ad4800261fd317eef759bcfd285f2ba80

9 years agoneutron-server: Remove start/sleep/stop pattern
Yanis Guenane [Mon, 13 Jul 2015 11:19:01 +0000 (13:19 +0200)]
neutron-server: Remove start/sleep/stop pattern

Currently the bootstrap of the neutron server happens with the use of a
start/sleep/stop pattern.

Since Pacemaker doesn't mind if the service is already started let
simply start the neutron server on the $pacemaker_master node and wait
for 5 sec.

Change-Id: I894dc3305f7d6685ebcc6828e690c718a63f32bd
Closes-Bug: #1473410

9 years agoProvide manage_service to neutron::agents::ml2::ovs
Giulio Fidente [Mon, 13 Jul 2015 14:16:08 +0000 (16:16 +0200)]
Provide manage_service to neutron::agents::ml2::ovs

Change-Id: Ib945b07dd93f9bdc613f464211745094c4c72836

9 years agoMerge "Output internal API VIPs"
Jenkins [Mon, 13 Jul 2015 14:14:30 +0000 (14:14 +0000)]
Merge "Output internal API VIPs"

9 years agoAdds the NeutronTunnelIdRanges and NeutronVniRanges parameters
marios [Wed, 8 Jul 2015 10:29:59 +0000 (13:29 +0300)]
Adds the NeutronTunnelIdRanges and NeutronVniRanges parameters

This adds the NeutronTunnelIdRanges and NeutronVniRanges parameters
which govern the GRE or VXLAN tunnel IDs (respectively) that are to
be made available for overcloud tenant networks.

These both default to "1:1000," to retain the current behaviour.
They are propagated to the hiera data for puppet deploys and there
is a separate change to support passing these into the config via
the neutron tripleo-image-element at

https://review.openstack.org/#/c/199592/

Change-Id: I967a8cae218a31e888abc438e9de5756ae627adb
Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1240631

9 years agoAllow a user to disable MongoDB journaling
Yanis Guenane [Mon, 13 Jul 2015 07:12:51 +0000 (09:12 +0200)]
Allow a user to disable MongoDB journaling

By default MongoDB enables a journaling system that prevents loss of
data in case of an unexpected shut-down. When journaling is enabled,
MongoDB will create the journal files before actually starting the
daemon[1].

The journaling feature is useful in production environment, but not
really on a CI-like system, where we only want to make sure MongoDB is
setup correctly and running, hence here we allow a user to
enable/disable MongoDB journaling.

[1] http://docs.mongodb.org/manual/core/journaling/

Change-Id: I0e4e65af9f650c10fdf5155ff709b4eb984cf4e1
Closes-bug: #1468246

9 years agoAllow configuration of MySQL max_connections setting
Giulio Fidente [Fri, 10 Jul 2015 01:28:46 +0000 (03:28 +0200)]
Allow configuration of MySQL max_connections setting

The number of connections created to the database depends on the
number of running processes and this is a factor of both the nodes
count and the cores count. We make it configurable so it can be
increased when needed.

Change-Id: I41d511bde95d0942706bf7c28cd913498ea165fb

9 years agoMerge "Add services to ServiceNetMap to select hostnames resolution network"
Jenkins [Fri, 10 Jul 2015 14:44:35 +0000 (14:44 +0000)]
Merge "Add services to ServiceNetMap to select hostnames resolution network"

9 years agoRHEL registration shouldn't use attach with activation key
John Trowbridge [Tue, 30 Jun 2015 14:26:42 +0000 (10:26 -0400)]
RHEL registration shouldn't use attach with activation key

In the case of using portal registration with an
activation key, the RHEL registration script is still
executing a `subscription-manager attach` command. This
should not happen if an activation key is provided. This
is because an activation key already provides the
subscriptions to attach.

Change-Id: I2907bede28a9b7bef71cedeea69c876eb4949df0

9 years agoUse parameter_defaults in env files
James Slagle [Thu, 9 Jul 2015 11:45:54 +0000 (07:45 -0400)]
Use parameter_defaults in env files

Switch to using parameter_defaults in environment files instead of a
parameters section. Using a parameters section to set top level
parameters breaks Tuskar based deployments because Tuskar prefixes the
name of the top level parameters with a role name and version, thus
changing the name of the parameter. When the environment file is then
used to set a top level parameter, Heat fails with an error during
template validation:

ERROR: The Parameter (NeutronExternalNetworkBridge) was not defined in template

Change-Id: I605651a8ebdbd0b2baf7bcea198c2988efb55f31

9 years agoAdds the NeutronDhcpAgentsPerNetwork parameter
marios [Tue, 7 Jul 2015 12:11:02 +0000 (15:11 +0300)]
Adds the NeutronDhcpAgentsPerNetwork parameter

Currently for both puppet and image-elements based deploys we set
the dhcp_agents_per_network in neutron.conf to 2 and there is no
control over that number (in the hieradata for the former and the
image element for the latter). This change adds the
NeutronDhcpAgentsPerNetwork parameter and also changes the default
to 3 when not explicitly set.

In the puppet case propagate this parameter in the hieradata for
the neutron class and in the non-puppet case expose a new item in
the neutron config to be consumed by the neutron image element
(that change will point here)

Change-Id: Id97c7796db7231b636f2001e28412452cf89562b

9 years agoMerge "Add RemovalPolicies param for resource groups"
Jenkins [Thu, 9 Jul 2015 08:25:53 +0000 (08:25 +0000)]
Merge "Add RemovalPolicies param for resource groups"

9 years agoSet heat::instance_user to empty string
Steve Baker [Tue, 7 Jul 2015 03:16:28 +0000 (15:16 +1200)]
Set heat::instance_user to empty string

In the overcloud heat, heat.conf instance_user is set to heat-admin.

The consequence of this is that SSHing into heat created guest VMs will require
the user 'heat-admin'. I predict that this will result in user confusion as to
how to SSH into their VMs since they will be attempting default usernames
(centos, cloud-user etc) or the documented heat default user (ec2-user)

This change sets it to an empty string so that default usernames are used.

This change depends on the puppet-heat fix to allow empty string instance_user:
Depends-On: I9e8be0dd50709d271fc81683770c78380724e405

Change-Id: Id14bf3a4ac1b1c95797dae16c674b32a2da230f8

9 years agoMerge "Add NeutronExternalNetworkBridge parameter"
Jenkins [Wed, 8 Jul 2015 19:28:32 +0000 (19:28 +0000)]
Merge "Add NeutronExternalNetworkBridge parameter"

9 years agoAdd services to ServiceNetMap to select hostnames resolution network
Giulio Fidente [Fri, 3 Jul 2015 08:53:53 +0000 (10:53 +0200)]
Add services to ServiceNetMap to select hostnames resolution network

The *HostnameResolveNetwork services define the network against
which the hostnames in /etc/hosts should be resolved, defaults
to 'internal_api' for all except CephStorage for which it uses
'storage' as they do not have connectivity to 'internal_api'.

Closes-Bug: 1471179
Change-Id: Ia8971f8a63016966236e7975ac2d97921a314255

9 years agoAdd RemovalPolicies param for resource groups
Jan Provaznik [Wed, 8 Jul 2015 13:51:44 +0000 (15:51 +0200)]
Add RemovalPolicies param for resource groups

This allows to specify particular nodes when scaling down
number of nodes in a resource group.

Change-Id: Idc3682ed430f351d533b990b44e8038866434e42

9 years agoMerge "Wire in Controller pre-deployment extraconfig"
Jenkins [Wed, 8 Jul 2015 13:04:09 +0000 (13:04 +0000)]
Merge "Wire in Controller pre-deployment extraconfig"

9 years agoOutput internal API VIPs
Jiri Stransky [Wed, 8 Jul 2015 12:51:08 +0000 (14:51 +0200)]
Output internal API VIPs

Seeding of overcloud keystone endpoints is currently done via a script
that is external to the overcloud heat stack. Previously the script
didn't have a way to figure out what are the IP addresses that it should
use for internal service endpoints. This patch adds those IP addresses
into the stack outputs so that the script can properly configure
internal endpoints.

Change-Id: I9ae4fc4413a79d6b7e2dce1571fd7083c23348ca

9 years agoDon't set heat_stack_user_role to empty string
Ben Nemec [Tue, 7 Jul 2015 17:51:28 +0000 (12:51 -0500)]
Don't set heat_stack_user_role to empty string

This value doesn't work, and the default of heat_stack_user is fine.

See https://github.com/openstack/puppet-heat/blob/989ffa65f4339bfd9612cff3b5ddcc4fd301f695/manifests/engine.pp#L22
Resolves: rhbz#1238844

Change-Id: I247121cb91d2b2a34f0f9f769fb411fcbfe6b571

9 years agoMerge "Drop swift ceilometer middleware for pacemaker"
Jenkins [Tue, 7 Jul 2015 13:41:42 +0000 (13:41 +0000)]
Merge "Drop swift ceilometer middleware for pacemaker"

9 years agoNFS backend for Cinder
Jiri Stransky [Thu, 2 Jul 2015 11:59:31 +0000 (13:59 +0200)]
NFS backend for Cinder

Adds support for NFS backend for Cinder, but remains disabled by
default.

Change-Id: I9ebef072ed115efe980fa4904ea80f02384522af

9 years agoMerge "Allow customization of included classes via hieradata"
Jenkins [Tue, 7 Jul 2015 06:55:22 +0000 (06:55 +0000)]
Merge "Allow customization of included classes via hieradata"

9 years agoMerge "controller: enable HTTP Glance backend"
Jenkins [Mon, 6 Jul 2015 19:09:05 +0000 (19:09 +0000)]
Merge "controller: enable HTTP Glance backend"

9 years agoAdd NeutronExternalNetworkBridge parameter
Dan Prince [Sun, 5 Jul 2015 17:56:28 +0000 (13:56 -0400)]
Add NeutronExternalNetworkBridge parameter

This patch adds a new parameter to configure the
neutron external network bridge. This setting
applies to the bridge used in the Neutron l3_agent.ini file
and can by useful if you wish to set external_network_bridge = ''
in that file.

As part of this fix we also update the environment file for
network isolation so that we automatically set the new
NeutronExternalNetworkBridge to an empty string. This fixes
an issue where overcloud floating IPs did not work correctly
when using the external network interface for floating IP
traffic.

Change-Id: I3bfcda8746780ea0851d88ed6db8557e261cef0d

9 years agoMerge "Add ControlPlaneNetwork to vip.yaml"
Jenkins [Mon, 6 Jul 2015 16:54:33 +0000 (16:54 +0000)]
Merge "Add ControlPlaneNetwork to vip.yaml"

9 years agoConfigure Heat's ec2 auth uri correctly
Ben Nemec [Mon, 6 Jul 2015 16:05:43 +0000 (11:05 -0500)]
Configure Heat's ec2 auth uri correctly

We weren't configuring the Heat ec2 auth uri, so it was using the
default pointing at localhost.  This won't work in most setups
because Keystone listens on specific addresses not including
localhost, so configure it to use the proper Keystone address.

Change-Id: I979a87c68a8f6f558ccfc04662c158c89fcf1388

9 years agoWire in Controller pre-deployment extraconfig
Steven Hardy [Thu, 18 Jun 2015 14:05:06 +0000 (10:05 -0400)]
Wire in Controller pre-deployment extraconfig

The recently added cinder-netapp extraconfig contains some additional
hieradata which needs to be applied during the initial pre-deployment
phase, e.g in controller-puppet.yaml (before the manifests are applied)
so wire in a new OS::TripleO::ControllerExtraConfigPre provider resource
which allows passing in a nested stack (empty by default) which contains
any required "pre deployment" extraconfig, such as applying this hieradata.

Some changes were required to the cinder-netapp extraconfig and environment
such that now the hieradata is actually applied, and the parameter_defaults
specified will be correctly mapped into the StructuredDeployment.

Change-Id: I8838a71db9447466cc84283b0b257bdb70353ffd

9 years agoMerge "Map NovaEnableRbdBackend to ephemeral_storage from nova::compute::rbd"
Jenkins [Mon, 6 Jul 2015 12:16:35 +0000 (12:16 +0000)]
Merge "Map NovaEnableRbdBackend to ephemeral_storage from nova::compute::rbd"

9 years agoMerge "Add IP to HAProxy kind=Optional constraint"
Jenkins [Mon, 6 Jul 2015 12:12:14 +0000 (12:12 +0000)]
Merge "Add IP to HAProxy kind=Optional constraint"

9 years agoMerge "Remove unwanted constraints between the Redis vip and Ceilometer"
Jenkins [Mon, 6 Jul 2015 12:11:19 +0000 (12:11 +0000)]
Merge "Remove unwanted constraints between the Redis vip and Ceilometer"

9 years agoMerge "Allow to enable fencing, pass through fencing config"
Jenkins [Mon, 6 Jul 2015 10:05:57 +0000 (10:05 +0000)]
Merge "Allow to enable fencing, pass through fencing config"

9 years agoAllow customization of included classes via hieradata
Giulio Fidente [Thu, 2 Jul 2015 10:18:52 +0000 (12:18 +0200)]
Allow customization of included classes via hieradata

Allows inclusion of additional arbitrary puppet classes by the
manifests if defined in the *_classes hieradata.

Example: to specify the Nova RAM allocation ratio there is a
param in nova::scheduler::filter but we do not include it
by default; if needed one can use:

  nova::scheduler::filter::ram_allocation_ratio: 1.8
  controller_classes:
    - nova::scheduler::filter

Change-Id: I61d64d2498bed5c49376dee917d106598392db51

9 years agoAdd IP to HAProxy kind=Optional constraint
Giulio Fidente [Thu, 2 Jul 2015 15:15:07 +0000 (17:15 +0200)]
Add IP to HAProxy kind=Optional constraint

Without the constraint the VIP could get assigned to a node without
an active haproxy instance, which ultimately means everything stops
working.

kind=Optional allows a VIP to relocate to a healthy haproxy instance
in the event of a failure without tearing down the entire stack in the
process.

Change-Id: I44d44952fb42cf91a2a248250a4063e3034d119e

9 years agoRemoves the NeutronScale resource from controller pcmk manifest
marios [Thu, 2 Jul 2015 15:04:37 +0000 (18:04 +0300)]
Removes the NeutronScale resource from controller pcmk manifest

As reported in https://bugzilla.redhat.com/show_bug.cgi?id=1238117
and https://bugzilla.redhat.com/show_bug.cgi?id=1236578 the
NeutronScale resource is causing problems during post deploy
configuration of the overcloud (momentary inconsistency in the
host name for the neutron agents, given what NeutronScale does,
discussion in BZ 1238117).

As discussed in the bugs, we may not need NeutronScale, since our
host names should be safe enough for scaling. This change removes
neutron scale completely and links startup of neutron-server
directly to neutron-ovs-cleanup. If we can safely remove
the NeutronScale resource then this change does that.

Change-Id: Ib43a2d60b85fd9bb48eff5919602bb74dc463905

9 years agoDrop swift ceilometer middleware for pacemaker
Dan Prince [Thu, 2 Jul 2015 12:00:11 +0000 (08:00 -0400)]
Drop swift ceilometer middleware for pacemaker

In 88b278f510b0c9351c58dfe67513f3902d415ab6 we dropped
the swift ceilometer middleware but we forgot to do it
for the overcloud pacemaker manifest.

Change-Id: If9fcc5d029492554472edbe3be98a44942f94d20

9 years agoMap NovaEnableRbdBackend to ephemeral_storage from nova::compute::rbd
Giulio Fidente [Thu, 2 Jul 2015 11:28:05 +0000 (13:28 +0200)]
Map NovaEnableRbdBackend to ephemeral_storage from nova::compute::rbd

This maps the template param to the actual class param which optionally
configures Ceph as a backend for the ephemeral storage or for the
persistent storage only. See I4ae0fd605c5a57aa23bea83b06530a50844d24a0

Change-Id: Ic7007da8317e98d450b1362864e65093a184cb25

9 years agoMerge "Add a default route to the external isolated network"
Jenkins [Wed, 1 Jul 2015 14:22:46 +0000 (14:22 +0000)]
Merge "Add a default route to the external isolated network"

9 years agoMerge "Remove bridge from nic1 in network bond templates"
Jenkins [Wed, 1 Jul 2015 14:22:35 +0000 (14:22 +0000)]
Merge "Remove bridge from nic1 in network bond templates"

9 years agoMerge "Add special handling of neutron-server service startup to fix race"
Jenkins [Wed, 1 Jul 2015 14:05:09 +0000 (14:05 +0000)]
Merge "Add special handling of neutron-server service startup to fix race"

9 years agocontroller: enable HTTP Glance backend
Emilien Macchi [Tue, 23 Jun 2015 17:44:38 +0000 (13:44 -0400)]
controller: enable HTTP Glance backend

While trying to download a glance image from a webserver, you need to
enable the HTTP backend store.
This patch aims to merge the configured backend and the HTTP store
backend so it will be enabled anytime.

Change-Id: Ie769831f8d491c1b7fe08b8fc7df9ebea493f9e8

9 years agoAllow to enable fencing, pass through fencing config
Jiri Stransky [Thu, 4 Jun 2015 14:20:52 +0000 (16:20 +0200)]
Allow to enable fencing, pass through fencing config

Add two new parameters: EnableFencing and FencingConfig.

FencingConfig is a json with an expected structure documented in the
templates. It gets passed further to puppet-tripleo, which configures
the fencing devices.

Fencing is configured and enabled in the last step after all pacemaker
resources and constraints have been created, which should be a more
stable approach than the other way round.

Change-Id: Ifd432bfd2443b6d13e7efa006d4120bb0eaa2554
Depends-On: I819fc8c126ec47cd207c59b3dcf92ff699649c5a
Depends-On: I8b7adff6f05f864115071c51810b41efad887584

9 years agoRemove unwanted constraints between the Redis vip and Ceilometer
Giulio Fidente [Wed, 1 Jul 2015 10:32:05 +0000 (12:32 +0200)]
Remove unwanted constraints between the Redis vip and Ceilometer

We do not want to delay Redis vip start to promotion of Redis master,
HAProxy will take care of the validating the backends.

We do not need to force colocation of Redis vip with Redis master.

We do not want to restart the Ceilometer central agent when the vip
moves this can instead cause unwanted cascading restarts due to other
constraints in between services.

More details can be read on the BZ at:
https://bugzilla.redhat.com/show_bug.cgi?id=1236374

Change-Id: I594984cd23db7de57746c3e1018181d61b020f46

9 years agoMerge "Include Redis VIP in example environment"
Jenkins [Wed, 1 Jul 2015 10:08:04 +0000 (10:08 +0000)]
Merge "Include Redis VIP in example environment"

9 years agoAdd a default route to the external isolated network
Dan Sneddon [Mon, 29 Jun 2015 16:17:53 +0000 (09:17 -0700)]
Add a default route to the external isolated network

This change adds a parameter for ExternalInterfaceDefaultRoute
and uses that parameter to set the default route on the controller
nodes. This allows Horizon and the public APIs to be reachable from
routed networks outside the overcloud.

Co-Authored-By: Dan Prince <dprince@redhat.com>
Change-Id: I67a72767342237049f53f5085a6faf891fbf0c30

9 years agoMerge "Drop swift ceilometer middleware."
Jenkins [Mon, 29 Jun 2015 13:54:37 +0000 (13:54 +0000)]
Merge "Drop swift ceilometer middleware."

9 years agoRemove bridge from nic1 in network bond templates
Dan Sneddon [Sat, 27 Jun 2015 22:01:28 +0000 (15:01 -0700)]
Remove bridge from nic1 in network bond templates

The bridge that is built on the bonds in the bond-with-vlans
example has an extraneous bridge on the storage and compute
templates, and an incorrect bridge on the controller template.
There is no reason to do anything on nic1, which is assumed to
be the provisioning interface, because it will be configured by
DHCP. Also, on the controller template we actually want br-ex
to contain the VLAN with the external network, rather than be
configured on the provisioning interface.

Change-Id: Ibe2343d5281f7b63a7b63b17d96d8442d0b96105

9 years agoAdd ControlPlaneNetwork to vip.yaml
Dan Sneddon [Sat, 27 Jun 2015 20:10:54 +0000 (13:10 -0700)]
Add ControlPlaneNetwork to vip.yaml

There are two files in network/ports which control the VIP
behavior called ctlplane_vip.yaml and vip.yaml. One of these
files was missing ControlPlaneNetwork, since it wasn't used
inside the template. Unfortunately, tuskar chokes on this,
even though Heat can build the stack just fine. This change
makes the vip.yaml and ctlplane_vip.yaml equivalent by adding
ControlPlaneNetwork to the vip.yaml template.

Change-Id: Ic20281e58a1130afe18d5aec505a3df199841fd5

9 years agoMerge "Add missing Pacemaker constraint against Keystone"
Jenkins [Fri, 26 Jun 2015 12:27:36 +0000 (12:27 +0000)]
Merge "Add missing Pacemaker constraint against Keystone"

9 years agoMerge "Set MariaDB package name in RedHat.yaml"
Jenkins [Fri, 26 Jun 2015 11:39:53 +0000 (11:39 +0000)]
Merge "Set MariaDB package name in RedHat.yaml"

9 years agoMerge "Enable mysql_clustercheck for Pacemaker scenario"
Jenkins [Fri, 26 Jun 2015 09:52:25 +0000 (09:52 +0000)]
Merge "Enable mysql_clustercheck for Pacemaker scenario"

9 years agoMerge "Increase mongodb_conn_validator timeout to 600"
Jenkins [Fri, 26 Jun 2015 09:14:46 +0000 (09:14 +0000)]
Merge "Increase mongodb_conn_validator timeout to 600"

9 years agoInclude Redis VIP in example environment
Dan Sneddon [Tue, 16 Jun 2015 02:11:03 +0000 (19:11 -0700)]
Include Redis VIP in example environment

The network isolation code in the TripleO Heat templates has files
in the environment folder that can be included to enable network
isolation. This updates the environment file to include the VIP
for Redis.

Change-Id: Ic05720c565d9ecf76bf7485b969cb2d9ead9fd6f

9 years agoAdd missing Pacemaker constraint against Keystone
Giulio Fidente [Thu, 25 Jun 2015 14:59:21 +0000 (16:59 +0200)]
Add missing Pacemaker constraint against Keystone

The Heat contraints group was missing the initial
dependency on Keystone, causing Pacemaker to Heat before or
in parallel to Keystone.

Given Systemd can define dependencies in the unit files, this was
additionally causing an unmanaged start of Keystone making
cluster initialization to fail (with Keystone start timeout blocking
all the depending resources).

Also moves Keystone -> Ceilomter constraint on top of Ceilometer
constraints group for clarity.

Logs and more infos at [1]

1. https://bugzilla.redhat.com/show_bug.cgi?id=1235703

Change-Id: I9505fd46c5bf278afc8ff919c7e768e2de194cb8