Giulio Fidente [Wed, 27 Sep 2017 14:39:19 +0000 (16:39 +0200)]
Make CephConfigOverrides append to ceph.conf[global]
Previously it was mistakenly replacing the contents because we
do not do deep merge.
Change-Id: I145feb0208f135da7c71694ebcecd937244d66b1
Closes-Bug: #
1719919
(cherry picked from commit
17416dcfc56c5148ccc9ab40297f99adfdcd085b)
Jenkins [Wed, 27 Sep 2017 20:54:34 +0000 (20:54 +0000)]
Merge "Stop mapping docker to OS::Heat::None in scenarios" into stable/pike
Jenkins [Wed, 27 Sep 2017 20:38:23 +0000 (20:38 +0000)]
Merge "Add all services to scenario004-containers" into stable/pike
Jenkins [Wed, 27 Sep 2017 18:17:28 +0000 (18:17 +0000)]
Merge "Add a lightweight UC template/role data for deployed-servers" into stable/pike
Jenkins [Wed, 27 Sep 2017 17:42:37 +0000 (17:42 +0000)]
Merge "Fix upgrades that use Management network" into stable/pike
Jiri Stransky [Wed, 27 Sep 2017 09:15:35 +0000 (11:15 +0200)]
Stop mapping docker to OS::Heat::None in scenarios
This was needed to make the upgrade job on Ocata->Pike passing, and we
now need to remove this to improve the argument order in OOOQ for
deployments with scenarios.
This shouldn't be backported to Ocata (at least not before we make the
split between deploy scenario and upgrade scenario).
Change-Id: Ie08bbe08530bd48a0ca58667f0704f360e0a4dd7
Co-Authored-By: Martin André <m.andre@redhat.com>
Related-Bug: #
1714905
Related-Bug: #
1712070
(cherry picked from commit
31550b42027588d82f01db6956c1efaf02d58558)
Jiri Stransky [Tue, 26 Sep 2017 16:31:59 +0000 (18:31 +0200)]
Add all services to scenario004-containers
This commit brings the scenario004 file closer to its BM pendant. We
need to start with this one to address a chicken-and-egg issue with
featureset files.
Change-Id: Ia5c0cefb7051ca42b4d470f5a000eb446d18be30
Co-Authored-By: Martin André <m.andre@redhat.com>
Related-Bug: #
1714905
Related-Bug: #
1712070
(cherry picked from commit
b4d0a81e55ad51ecdaf2e923f794418ac77cfc57)
Tim Rozet [Fri, 22 Sep 2017 19:10:42 +0000 (15:10 -0400)]
Fixes missing keystone authtoken pw for Tacker
Closes-Bug:
1718997
Change-Id: I2b347cbc4595e6651b0d4be032cb862fde72e15f
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
253d9b9107aa158af5bcdafe510ecd96658ef137)
Jenkins [Mon, 25 Sep 2017 17:21:00 +0000 (17:21 +0000)]
Merge "Move neutron api services to ControllerOpenstack" into stable/pike
Jenkins [Mon, 25 Sep 2017 17:20:42 +0000 (17:20 +0000)]
Merge "Fix issue where 2 Redis VIPs are assigned, but only one used." into stable/pike
Jenkins [Mon, 25 Sep 2017 17:01:22 +0000 (17:01 +0000)]
Merge "Fixed resource registry path in neutron-lbaasv2.yaml" into stable/pike
Jenkins [Mon, 25 Sep 2017 14:44:28 +0000 (14:44 +0000)]
Merge "Rename service_workflow_tasks into workflow_tasks" into stable/pike
Jenkins [Mon, 25 Sep 2017 08:48:30 +0000 (08:48 +0000)]
Merge "Remove deploy_steps_tasks.yaml from upgrade_steps_playbook" into stable/pike
Dan Sneddon [Wed, 13 Sep 2017 23:53:36 +0000 (17:53 -0600)]
Fix upgrades that use Management network
Upgrades from older versions using Management network fail.
This patch enables the management network even though it is not
enabled in any of the role definitions. This will allow upgrades
to complete using existing network environment files, without
requiring operators to switch to the new method for defining
which networks are attached to roles. Eventually these older
environment files will be removed.
Change-Id: Iadd12a559f0ad6918958a1355f189187fd327363
Closes-bug:
1717123
(cherry picked from commit
5b9fbc2b2bfa00de2fe0f437f21e05e3fc09a53d)
Dan Sneddon [Thu, 14 Sep 2017 17:20:54 +0000 (11:20 -0600)]
Fix issue where 2 Redis VIPs are assigned, but only one used.
There is an extra RedisVipPort defined in network-isolation.j2.yaml
which is unused. This will waste an IP address, and can lead to
confusion if there are multiple ports named RedisVipPort.
This patch removes the extra (unneeded) instance of the VIP.
Change-Id: I222873859af1b4ed1050cfffe55687b2f8d4c528
Closes-bug:
1717017
(cherry picked from commit
f543752da6e1df3537ffa68d86806e11ac380375)
Aneesh Puttur [Wed, 20 Sep 2017 15:13:32 +0000 (11:13 -0400)]
Fixed resource registry path in neutron-lbaasv2.yaml
Change-Id: Icb58d47a3911e83e2650b2c74b33eae522c84651
Closes-Bug: #
1718451
(cherry picked from commit
edc02b3352d53bdf460a495f689db55944eab432)
Jenkins [Fri, 22 Sep 2017 21:32:55 +0000 (21:32 +0000)]
Merge "Create network-isolation-no-tunneling.yaml using jinja2" into stable/pike
Alex Schultz [Tue, 19 Sep 2017 21:36:43 +0000 (15:36 -0600)]
Move neutron api services to ControllerOpenstack
The Networker role should not have the api services run on it. Instead
these services should run as part of the ControllerOpenstack role that
should be used with this role.
Change-Id: Iabfe276fe700843f3a8da0b9e9220b2f82e20ec9
Closes-Bug: #
1718299
(cherry picked from commit
964a5d738b8dbb6beb077d76448c6f3a84be2500)
Giulio Fidente [Tue, 19 Sep 2017 10:23:17 +0000 (12:23 +0200)]
Set Ceph pgp_num after pg_num
We missed to set the pgp_num default in ceph.conf, causing WARNING
messages like:
pool default.rgw.buckets.data pg_num 32 > pgp_num 8
Also increases the default pg_num to 128 which is the recommended
value for less than 5 OSDs [1].
1. http://docs.ceph.com/docs/master/rados/operations/placement-groups/
Change-Id: Ibd9fb23e04576e95e24af58f856663397886a947
Closes-Bug: #
1718173
(cherry picked from commit
58e6f6533a04eddd2dc897d890737bbccde4ea7b)
Antoni Segura Puimedon [Thu, 31 Aug 2017 09:02:18 +0000 (11:02 +0200)]
Create network-isolation-no-tunneling.yaml using jinja2
The existing network-isolation-no-tunneling.yaml contains
references to missing files. This patch generates the file
with jinja to include custom networks and make it work
with composable networks.
Closes-Bug: #
1718797
Change-Id: Ibcab2f6b5ac880a6b3d7dd5126bd24facfa17322
Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
Co-authored-by: Dan Sneddon <dsneddon@redhat.com>
(cherry picked from commit
47185342bdd247a2e2735ef96c777ecec663086d)
Jenkins [Thu, 21 Sep 2017 16:47:21 +0000 (16:47 +0000)]
Merge "Adds post_upgrade_tasks for any service post-upgrade ansible tasks" into stable/pike
Marius Cornea [Thu, 14 Sep 2017 11:56:47 +0000 (13:56 +0200)]
Remove deploy_steps_tasks.yaml from upgrade_steps_playbook
After landing https://review.openstack.org/#/c/503484/ we run the
puppet host configuration steps twice. This change removes the
deploy_steps_tasks.yaml playbook in order to run the puppet steps
only once.
Closes-bug:
1717244
Change-Id: I09461094618124915841c8390c8bce8daf64d029
(cherry picked from commit
e471c67aab6a8f91011aa2330b3cf80f4427f443)
Jenkins [Thu, 21 Sep 2017 03:30:35 +0000 (03:30 +0000)]
Merge "Make nova patching parameters configurable in Nuage" into stable/pike
Jenkins [Thu, 21 Sep 2017 03:05:45 +0000 (03:05 +0000)]
Merge "Use haproxy-systemd-wrapper as pid1 in containerized Haproxy" into stable/pike
Jenkins [Thu, 21 Sep 2017 03:05:37 +0000 (03:05 +0000)]
Merge "Disable all uses of wsrep-provider in mysql_bootstrap container" into stable/pike
Damien Ciabrini [Fri, 15 Sep 2017 11:00:12 +0000 (13:00 +0200)]
Use haproxy-systemd-wrapper as pid1 in containerized Haproxy
This wrapper binary spawns the HAproxy daemon and implements a
coordinated HAproxy restart on SIGHUP.
From a service's perspective, this allows reloading the HAProxy
configuration with minimal service disruption, i.e. without stopping
and restarting the HAProxy container.
Closes-Bug: #
1717521
Change-Id: Ib3ef0c0bcf1a8151e179ff4d7509cf0d6b3ac5a1
(cherry picked from commit
91cd44cd7266c15ce07fafbee9d2e33f226096ba)
Damien Ciabrini [Thu, 14 Sep 2017 12:49:04 +0000 (14:49 +0200)]
Disable all uses of wsrep-provider in mysql_bootstrap container
During the bootstrap of the mariadb database, galera replication
must be disabled while the users credentials are being set up. This
is done by setting wsrep-provider=none when starting mysqld_safe.
Icf67fd2fbf520e8a62405b4d49e8d5169ff3925b already disabled it
when the clustercheck credentials are being set up, but Kolla also
start a temporary server for setting up the root password.
Disable the setting directly at the end of the mysql.cnf in the
running container. That way, the default setting from galera.cnf will
be overriden, all mysqld_safe calls will disable WSREP and the setting
will stay ephemeral.
Change-Id: If14e22992b46a35a05a16a9db5ecb360ea13df8f
Closes-Bug: #
1717250
(cherry picked from commit
b0f50db80b10e9cd6263c4d6b3ca8dd818b658ba)
marios [Tue, 15 Aug 2017 13:41:04 +0000 (16:41 +0300)]
Adds post_upgrade_tasks for any service post-upgrade ansible tasks
This adds a new config/deployment per role that will come after any
post deploy steps. It drives the same ansible config as the
upgrade_tasks but instead collects the post_upgrade_tasks for any
service in the given role.
The workflow is upgrade_tasks, then post deploy steps (either
puppet/ or docker/ depending on the env) and then the
post_upgrade_tasks added here.
This is added to the pacemaker/cinder-volume.yaml service for now
see the bug below for more info
Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680
Closes-Bug:
1706951
(cherry picked from commit
2e182bffeeb099cb5e0b1747086fb0e0f57b7b5d)
Dan Prince [Sat, 26 Aug 2017 02:08:25 +0000 (22:08 -0400)]
Run gnocchi statsd and metrcd at step 5
Running these daemons at step 5 should avoid seeing error messages in
the gnocchi-statsd log files on startup which starts at step4.
Change-Id: Idb82f864a2e1c623dab7a2a87054443036670453
Closes-bug: #
1713182
(cherry picked from commit
9d8e496f3e8a825d48d9eba9aab540001bb780ea)
Tong Liu [Tue, 5 Sep 2017 11:27:18 +0000 (11:27 +0000)]
Change to boolean for boolean type params
Some boolean params are set to string type. Although it works, but
it is better to use boolean type for better validation. This patch
changes them to boolean type.
Change-Id: I9f1d223619ea14fbab26033b24eb1144796e5ef2
Closes-Bug: #
1715209
(cherry picked from commit
cab8ab1d342c6ffada3f2adea5834b4549240af5)
Marius Cornea [Thu, 7 Sep 2017 13:38:54 +0000 (15:38 +0200)]
One time delete pacemaker resources during upgrade to containers
This change allows running the major upgrade composable docker
steps multiple times by not trying to delete the pacemaker resources
if they're not reported as started or in master state.
Closes-bug:
1716031
Depends-On: I8da03f5c4a6d442617b81be5793a9724cc8842bf
Change-Id: Ifcf9de8c82550a90a9fb118052d43fdbcdc6ca7e
(cherry picked from commit
64d7be1e3d4552e06cbc53f788572e530cc5c3bb)
Lokesh Jain [Wed, 23 Aug 2017 22:12:37 +0000 (18:12 -0400)]
Make nova patching parameters configurable in Nuage
Nova patching parameters are available in nova.conf but are not
configurable from tripleo-heat-templates. Exposing these parameters
from Nuage composable services to make them configurable. It enables
setting the patching parameters in environment files. This change
depends on the addition of nova patching configuration parameters.
Change-Id: Iacad25da044f2bac83ee5f577ddcd70650eb61e5
Depends-On: I51ef3e19daff1d98cfe5c2c16475c16e6a3e3e0f
(cherry picked from commit
f0041153eca8d82bb7f72dc68676cab8448ef037)
Giulio Fidente [Tue, 12 Sep 2017 20:29:13 +0000 (22:29 +0200)]
Rename service_workflow_tasks into workflow_tasks
Using the service_ prefix seems incoherent with its use in
service_config_settings (vs config_settings).
Change-Id: Ia39f181415bee0071409dabddfa0c5c312915e1f
(cherry picked from commit
09137304b98a02ed024c0288da907cfe35ca5fe1)
Mathieu Bultel [Mon, 28 Aug 2017 15:24:47 +0000 (17:24 +0200)]
Retry if the pacemaker_resource commands failed
Add a retry when the pacemaker_resource command
wasn't apply correctly, more info here:
https://bugzilla.redhat.com/show_bug.cgi?id=
1482116
This is the same approach puppet-pacemaker uses
and provides eventual consistency when multiple
nodes change the cluster CIB concurrently.
This change depends-on :
https://review.gerrithub.io/375982
The return code is not available in the current
ansible-pacemaker package.
Change-Id: I8da03f5c4a6d442617b81be5793a9724cc8842bf
(cherry picked from commit
e92430d8d03fc2ce2d0ce192b96209f2c5c04169)
Jenkins [Wed, 13 Sep 2017 22:34:26 +0000 (22:34 +0000)]
Merge "Enable redis TLS proxy in HA deployments" into stable/pike
Jenkins [Wed, 13 Sep 2017 21:26:58 +0000 (21:26 +0000)]
Merge "Add CephConfigOverrides to allow arbitrary configs in ceph.conf" into stable/pike
Jenkins [Wed, 13 Sep 2017 17:46:35 +0000 (17:46 +0000)]
Merge "Add RoleConfig output to major_upgrade_steps.j2.yaml" into stable/pike
Jenkins [Wed, 13 Sep 2017 04:57:05 +0000 (04:57 +0000)]
Merge "Enable selinux in containers" into stable/pike
Jenkins [Wed, 13 Sep 2017 04:55:53 +0000 (04:55 +0000)]
Merge "Add verbose output to containerized cell_v2 host discovery" into stable/pike
Steven Hardy [Mon, 11 Sep 2017 13:39:06 +0000 (14:39 +0100)]
Add RoleConfig output to major_upgrade_steps.j2.yaml
I96ec09bc788836584c4b39dcce5bf9b80e914c71 added this output to the
deploy-steps.j2, but missed adding this to the major upgrade template
which means the overcloud RoleConfig output is broken after the upgrade
(until the converge update switches back to the deploy-steps.j2 derived
template)
Closes-Bug: #
1716404
Change-Id: I331fa18b456ca2d6c124316d513374e3fe5a5007
(cherry picked from commit
27018b4182d77abf612697cfe54a4fc3ceeb6be5)
Giulio Fidente [Wed, 6 Sep 2017 07:39:12 +0000 (09:39 +0200)]
Add CephConfigOverrides to allow arbitrary configs in ceph.conf
We need to reuse the ceph_conf_overrides structure provided by
ceph-ansible for both user provided configs and TripleO managed
configs. This change merges the special user facing parameter
with the TripleO generated configs.
Also adds osd_scenario and osd_objectstore params for compatibility
with newer ceph-ansible versions.
Change-Id: I29c689c6c689590da5b6a3f581fdbec98a52e207
Closes-Bug: #
1715321
(cherry picked from commit
32bc2abf14af4ca1449e18b848e2be3cff013987)
Jenkins [Tue, 12 Sep 2017 04:22:36 +0000 (04:22 +0000)]
Merge "Add panko config to ceilometer notification agent container" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:22:29 +0000 (04:22 +0000)]
Merge "Fixes OpenDaylight updating port status" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:22:22 +0000 (04:22 +0000)]
Merge "Add a docker pull retry to docker-puppet.py" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:21:38 +0000 (04:21 +0000)]
Merge "Add DhcpAgentNotification param to neutron base" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:20:52 +0000 (04:20 +0000)]
Merge "Persist containerized services httpd logs" into stable/pike
Oliver Walsh [Tue, 5 Sep 2017 18:19:17 +0000 (19:19 +0100)]
Enable selinux in containers
We cannot use the --selinux-enabled docker daemon option on CentOS/RHEL 7.3.
It will fail if security_inode_copy_up is not found in the kernel symbols:
https://github.com/projectatomic/docker/blob/docker-1.12.6/daemon/daemon_unix.go#L661
NB this has been reduced to a warning upstream:
https://github.com/moby/moby/commit/
885b29df096db1d6746ece4b3a298a1ffe85716d
Instead this just bind mounts /sys/fs/selinux in containers-common.yaml.
Everything appears to work at initial glance. Pingtest succeeds, and
live-migration between baremetal and containerized computes works.
Change-Id: I018221bf7ae9ab9ece193b55f1ce31eb1591046c
Closes-bug: #
1715171
(cherry picked from commit
520f889a31f1ea6ee2bad86d1dbb3c0435604d10)
Oliver Walsh [Fri, 25 Aug 2017 15:11:24 +0000 (16:11 +0100)]
Add verbose output to containerized cell_v2 host discovery
Required to debug issues.
Change-Id: I4d86c8d9ecc353a916475977eb6f2d842c812556
(cherry picked from commit
dc64a1108e7bc23f92d77e75001fb42549731e3b)
Pradeep Kilambi [Wed, 6 Sep 2017 13:03:37 +0000 (09:03 -0400)]
Add panko config to ceilometer notification agent container
Without this, ceilometer notification agent cant find panko
and skips posting events to it.
Change-Id: Ibfeef5c557d1ceb11a999aa947597014ca94ec34
(cherry picked from commit
5437086ee744469b9daf8cd9edd600f7aa98dde6)
Martin André [Mon, 28 Aug 2017 14:50:28 +0000 (16:50 +0200)]
Enable redis TLS proxy in HA deployments
Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.
This commit enables redis TLS proxy for the HA deployment.
bp tls-via-certmonger
Change-Id: I45e539872a03878337def33c681c4577c1a5629e
(cherry picked from commit
c6d8df01d7aa8b44af9ac152b3bb08f07e2e02b7)
Jenkins [Mon, 11 Sep 2017 17:49:26 +0000 (17:49 +0000)]
Merge "Add defaults for ceilometer-agent-compute upgrade tasks" into stable/pike
Jenkins [Mon, 11 Sep 2017 17:47:47 +0000 (17:47 +0000)]
Merge "Enable Ceilometer agent logging for containers" into stable/pike
Tong Liu [Wed, 30 Aug 2017 17:53:33 +0000 (17:53 +0000)]
Add DhcpAgentNotification param to neutron base
Add DhcpAgentNotification param in neutron base yaml file to allow
user to toggle dhcp_agent_notification for neutron.
Change-Id: I31715f58e885ac0c1cd9d813f79df9906b780d99
Closes-Bug: #
1713193
(cherry picked from commit
5ea728cba456f3833a626f86043f17427bca5d4f)
Jenkins [Mon, 11 Sep 2017 15:57:52 +0000 (15:57 +0000)]
Merge "Add Neutron SR-IOV agent container" into stable/pike
Jenkins [Mon, 11 Sep 2017 15:40:15 +0000 (15:40 +0000)]
Merge "Disables QoS with OpenDaylight deployments" into stable/pike
Bogdan Dobrelya [Wed, 2 Aug 2017 09:44:18 +0000 (11:44 +0200)]
Persist containerized services httpd logs
Store the httpd logs under dedicated /var/log/containers/httpd/
paths.
Additionally, add release notes describing upgrade impact
for containerized services logs.
Closes-bug: #
1700045
Change-Id: I8120c56f2315700862bd0f708b8baa8910275b09
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit
287e84585ca9170570ce8d06eebd7f9a3ec3345c)
Dan Prince [Thu, 7 Sep 2017 20:48:28 +0000 (16:48 -0400)]
Add a docker pull retry to docker-puppet.py
Co-Authored-By: Ian Main <imain@redhat.com>
Change-Id: Iad6d38690340f4a064a4527c58ed439d91fa5188
Closes-bug: #
1715136
(cherry picked from commit
d3b3361a76c2e8b188fa8e586d9fb7f3c60bb66f)
Pradeep Kilambi [Wed, 6 Sep 2017 16:14:12 +0000 (12:14 -0400)]
Enable Ceilometer agent logging for containers
Change-Id: Ibeb28d7c497b02253d00a74257989cefba2b0cc4
(cherry picked from commit
fc44ee6ff3553754c618349df3be7544b17e9c5f)
Marius Cornea [Thu, 7 Sep 2017 08:56:29 +0000 (10:56 +0200)]
Add defaults for ceilometer-agent-compute upgrade tasks
This change allows the upgrade non controller script, which loops
throug all steps, to complete by adding default values to be
evaluated in the steps where the vars are not registered.
Closes-Bug:
1715574
Change-Id: Ic056fc556240d1acc9f28a75f63c7628cc64da03
(cherry picked from commit
d109c1d7a7d2f6302c39369de8a601bc0b2f6704)
Jenkins [Mon, 11 Sep 2017 11:50:15 +0000 (11:50 +0000)]
Merge "Mount vhost_sockets directory for vhost-user socket creation" into stable/pike
Michele Baldessari [Fri, 8 Sep 2017 10:31:18 +0000 (12:31 +0200)]
Move the clustercheck service to the DB role
The clustercheck service is currently in the ControllerOpenstack role
which represents a controller without the DB. Since the clustercheck
service/container always talks to the SQL server via a localhost
connection it *has* to run on the very same node that hosts the DB.
In a containerized deployment this error shows up with db syncs simply
hanging because haproxy will stop serving port 3306 because the
clustercheck service on port 9200 cannot talk to mysql locally.
Errors like this will be logged when trying to connect to the DB VIP:
mysql -u heat -h 172.17.1.13 -p3UazsaeTC64V9UvEcJ3GZ9rbd
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
Fix this by making sure that the clustercheck service runs on
the DB role.
Change-Id: Iec4c9678d8b8d44e002c1e53110dedc0674359fb
Closes-Bug: #
1715847
(cherry picked from commit
1760079dfe5905f2e696b9fc5c729cffa44554ae)
Itzik Brown [Wed, 9 Aug 2017 08:00:35 +0000 (11:00 +0300)]
Disables QoS with OpenDaylight deployments
QoS is not fully supported and fails to load correctly with
networking-odl. Therefore disabling it from Neutron extension drivers
until we have it fully working.
Change-Id: I89aa3628c1400305f9659f5c0c99942a7fa7d19e
Closes-Bug:
1708131
(cherry picked from commit
cfd0d185a93ac2922e233e268a32c3574bee37bf)
Tim Rozet [Wed, 6 Sep 2017 20:30:42 +0000 (16:30 -0400)]
Fixes OpenDaylight updating port status
ODL now uses a websocket port to update the port status to Neutron.
This port (8185) was blocked so port updates were never received in
Neutron and instances would not come up properly. This patch opens the
port for ODL deployments.
Closes-Bug:
1715484
Change-Id: Ic59b224c67c02b56b0273700e8e2aa85ae6f8c88
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit
e2558c4a665345e67fcc784c21188bdf06ff1126)
Saravanan KR [Wed, 30 Aug 2017 09:14:53 +0000 (14:44 +0530)]
Mount vhost_sockets directory for vhost-user socket creation
For DPDK, vhost-user sockets are created on the host at
/var/lib/vhost_sockets directory, which will be used by
libvirt and openvswitch. This directory has the necessary
permissions and SELinux policies. Mount this folder for
libvirt container.
Change-Id: Id8be208d1b05886ac45dfdcf48fe766ee5724d1c
Partial-Bug: #
1712732
(cherry picked from commit
3ea04744c22ae4cd2e1f2b77fc7d5ade012899e0)
Jenkins [Fri, 8 Sep 2017 06:22:09 +0000 (06:22 +0000)]
Merge "Maintain ceph-osd package only on nodes hosting CephOSD service" into stable/pike
Jenkins [Thu, 7 Sep 2017 19:31:40 +0000 (19:31 +0000)]
Merge "Add tags in upgrade_tasks for mongodb services." into stable/pike
Jenkins [Thu, 7 Sep 2017 19:31:32 +0000 (19:31 +0000)]
Merge "Add CephExternal role for ceph-ansible" into stable/pike
Jenkins [Thu, 7 Sep 2017 18:32:04 +0000 (18:32 +0000)]
Merge "Support HA for OVN DBs containers using pacemaker bundle" into stable/pike
Jenkins [Thu, 7 Sep 2017 17:32:34 +0000 (17:32 +0000)]
Merge "Use containerized mongodb in scenario002-multinode-containers" into stable/pike
Jenkins [Thu, 7 Sep 2017 16:39:47 +0000 (16:39 +0000)]
Merge "fluentd: log configuration was not generated correctly" into stable/pike
Jenkins [Thu, 7 Sep 2017 13:14:02 +0000 (13:14 +0000)]
Merge "Add support for deploying RGW with ceph-ansible" into stable/pike
Jose Luis Franco Arza [Wed, 6 Sep 2017 09:50:00 +0000 (11:50 +0200)]
Add tags in upgrade_tasks for mongodb services.
Patch Ie09ce2a52128eef157e4d768c1c4776fc49f2324 added a new
set of upgrade tasks which were missing the 'tags' keyword.
Closes-Bug:
1715631
Change-Id: Ib1c1aadfbf58c9bccc18667934c8b3c5f38fafa4
(cherry picked from commit
7897d38274cb6435289bc4f4928f96b111e5b4f4)
Brent Eagles [Tue, 30 May 2017 11:52:55 +0000 (09:22 -0230)]
Add Neutron SR-IOV agent container
This patch adds support for running the neutron SR-IOV agent in a
container.
Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f
Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec
Closes-Bug: #
1715388
Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9
(cherry picked from commit
94c9c2f954e85de0ab895926a969587b90bc4191)
Giulio Fidente [Thu, 31 Aug 2017 14:42:16 +0000 (16:42 +0200)]
Add CephExternal role for ceph-ansible
Previously it was only possible to configure the overcloud with
an external Ceph cluster via puppet-ceph-external.
This submission adds a CephExternal implementation which uses
ceph-ansible.
Change-Id: Id0d375f88e27e91e9d89f25a0cd7388b6e45df8b
Depends-On: Ifc57c9cf6ca8017a2abc78d6320c0675ad49ca9f
Closes-Bug: #
1714271
(cherry picked from commit
01e55c314de74579196518d958bf5be30e390409)
Jenkins [Thu, 7 Sep 2017 11:32:18 +0000 (11:32 +0000)]
Merge "Use DeployedSSLCertificatePath for public TLS via certmonger" into stable/pike
Keith Schincke [Thu, 6 Jul 2017 02:16:26 +0000 (22:16 -0400)]
Add support for deploying RGW with ceph-ansible
This patch allows usage of ceph-ansible to configure the RGW service
in the overcloud. Still uses puppet-keystone to create the necessary
user and endpoint in the catalog.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Iafa17bb64c54e40350b2ba7d76dea3d82fcab0e4
(cherry picked from commit
5b3cd1dcacff408bcb482bdea6cded8755a39ebb)
Jenkins [Thu, 7 Sep 2017 05:34:35 +0000 (05:34 +0000)]
Merge "Containerized mongodb, disable by default, fix upgrade" into stable/pike
Jenkins [Thu, 7 Sep 2017 05:34:28 +0000 (05:34 +0000)]
Merge "Change all references of nsx_v3 to nsx." into stable/pike
Juan Antonio Osorio Robles [Mon, 4 Sep 2017 11:04:28 +0000 (14:04 +0300)]
Use DeployedSSLCertificatePath for public TLS via certmonger
As described in the bug report, DeployedSSLCertificatePath is used by
the TLS injection script (if you decide to use that).
There is an alternative, which is to use FreeIPA to provide the
certificate for public TLS (powered by certmonger); however, it doesn't
use the same path as what folks expected. This reuses the
DeployedSSLCertificatePath parameter and uses that as a path for the
resulting PEM file, so its easier to debug.
Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d
Closes-Bug: #
1714932
(cherry picked from commit
f395d9eab2277061e926f7956bb3a56b0c7b1131)
Alan Bishop [Wed, 30 Aug 2017 13:26:16 +0000 (09:26 -0400)]
Maintain ceph-osd package only on nodes hosting CephOSD service
The ceph-osd package is only required on nodes hosting the CephOSD
service, but the package's presence on other nodes may interfere with
software updates. That's because some distros distribute Ceph software
in different channels, and not all nodes have access to the ceph-osd
channel.
There are two parts to the fix, and the first is an enhancement to the
yum update process. The process detects when the ceph-osd package is not
required, and removes the package from the node.
The second part takes ceph-osd out of the default list of packages
needed by puppet-ceph. The ceph-osd package is listed only on the nodes
hosting the CephOSD service.
Closes-Bug: #
1713292
Change-Id: I7a581518ed25cf5f264abfaabfcf2041363a065b
(cherry picked from commit
5a89ea21f2add98119a10464b020a98999d31c41)
Lars Kellogg-Stedman [Sat, 26 Aug 2017 04:36:44 +0000 (21:36 -0700)]
fluentd: log configuration was not generated correctly
fluentd hiera elements were being set in all_nodes.json, but then were
overwritten by values in <role>.json (e.g., controller.json). This
commit removes the values from all-nodes.json and ensures that they
are set correctly in <role>.json.
Closes-Bug: #
1713240
Change-Id: I2b4c74c2a807f8e2fed57112f06b3791701bbe95
(cherry picked from commit
d9db0c5f4f0fb07832e54b1c7fd7f5c8bfd4134e)
Martin André [Wed, 6 Sep 2017 13:08:05 +0000 (15:08 +0200)]
Use containerized mongodb in scenario002-multinode-containers
The containerized mongodb service was removed from the default service
list from 'environments/docker.yaml' in
Ie09ce2a52128eef157e4d768c1c4776fc49f2324. This commit re-enable the
containerized mongodb in scenario002-multinode-containers.
Change-Id: I57958c94022ccac3ec2ebf7c9438b9e47cbad337
Closes-Bug: #
1715391
(cherry picked from commit
13d2bdf41ca3b726acff0b94dae6d394dab4af23)
Jenkins [Wed, 6 Sep 2017 20:49:24 +0000 (20:49 +0000)]
Merge "Add param to configure snat mechanism" into stable/pike
Jenkins [Wed, 6 Sep 2017 18:06:50 +0000 (18:06 +0000)]
Merge "Mount folders and log file" into stable/pike
Jenkins [Wed, 6 Sep 2017 17:48:09 +0000 (17:48 +0000)]
Merge "Mount public certificate in haproxy init container" into stable/pike
Jenkins [Wed, 6 Sep 2017 15:39:50 +0000 (15:39 +0000)]
Merge "Unset default value for the DockerCephDaemonImage" into stable/pike
Jenkins [Wed, 6 Sep 2017 15:03:28 +0000 (15:03 +0000)]
Merge "TLS proxy for redis" into stable/pike
Jay Jahns [Sat, 26 Aug 2017 03:36:36 +0000 (20:36 -0700)]
Change all references of nsx_v3 to nsx.
Change-Id: I31c49926b0ba93f79db3d778c574bd9a480e70cd
Closes-Bug: #
1713193
Depends-On: Id73f675844b0df2eafa45507d1c28f16cd0b15b2
Janki Chhatbar [Tue, 15 Aug 2017 12:46:17 +0000 (18:16 +0530)]
Add param to configure snat mechanism
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting
to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK
Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726
Closes-Bug: #
1710614
(cherry picked from commit
9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
Juan Antonio Osorio Robles [Tue, 5 Sep 2017 11:12:58 +0000 (14:12 +0300)]
Mount public certificate in haproxy init container
It's being mounted on the actual haproxy container, but not the init
one.
Change-Id: I66b69e0bb3642dbfeec767ef5216d515786b5b19
Closes-Bug: #
1715132
(cherry picked from commit
03622e89ac3037b4d69d913586823e689b210688)
Janki Chhatbar [Fri, 1 Sep 2017 15:02:42 +0000 (20:32 +0530)]
Mount folders and log file
journal and snapshots folders hold data needed for update. This
patch mounts these folders and adds ODL log file in
/var/log/containers/opendaylight
Change-Id: I65c6183c2867b2ced6e6ef25896d80154857b7dc
Closes:Bug: #
1714231
(cherry picked from commit
81dd0808d2a180d108f1159bc67f345fe6bf27d4)
Jenkins [Wed, 6 Sep 2017 09:17:01 +0000 (09:17 +0000)]
Merge "Rabbitmq: Enable Erlang distribution TLS" into stable/pike
Jenkins [Wed, 6 Sep 2017 08:59:38 +0000 (08:59 +0000)]
Merge "Set mode for ansible written files" into stable/pike
Jenkins [Wed, 6 Sep 2017 08:59:22 +0000 (08:59 +0000)]
Merge "Escape ceph capabilities for manila client" into stable/pike
Jenkins [Wed, 6 Sep 2017 06:53:55 +0000 (06:53 +0000)]
Merge "Add support for Dell EMC Isilon Manila backend" into stable/pike
Giulio Fidente [Thu, 31 Aug 2017 11:02:14 +0000 (13:02 +0200)]
Unset default value for the DockerCephDaemonImage
We do not want a default value for the container image name parameters
and expect deployers to set this value instead.
Change-Id: I9377b7c3564360353aa6da2d2457b2cfacd4e9d6
Closes-Bug: #
1714221
(cherry picked from commit
fcc3259891ee67956d63c37217acdb999bc4bb65)
Martin André [Wed, 23 Aug 2017 06:53:12 +0000 (08:53 +0200)]
TLS proxy for redis
Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.
bp tls-via-certmonger
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9
Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b
Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit
c2a93cf4c5d9d6b5ee0536380751a7a9540927cc)
Steve Baker [Mon, 4 Sep 2017 23:23:22 +0000 (11:23 +1200)]
Containerized mongodb, disable by default, fix upgrade
This change removes the entry to containerise docker by default
because it should now be disabled since the change
Id2e6550fb7c319fc52469644ea022cf35757e0ce.
Removing the entry means the default mapping to mongodb-disabled.yaml
takes effect.
This change also modifies the upgrade_tasks so that the mongod service
is only disabled when the service exists. There appears to be upgrade
scenarios which fail because mongodb was never installed in the first
place.
Change-Id: Ie09ce2a52128eef157e4d768c1c4776fc49f2324
Closes-Bug: #
1715031
(cherry picked from commit
cb81cbe3b5f3887f5d690c590e52b728f74d43c3)
Jenkins [Wed, 6 Sep 2017 06:34:44 +0000 (06:34 +0000)]
Merge "Add support for Dell EMC VMAX Manila Backend" into stable/pike
Jenkins [Wed, 6 Sep 2017 06:34:36 +0000 (06:34 +0000)]
Merge "manila: set "neutron_admin_auth_url" correctly" into stable/pike