Feng Pan [Fri, 13 Apr 2018 21:47:09 +0000 (17:47 -0400)]
Change flat network name for nosdn fdio scenario
Since we use networking-vpp's router functionality, we need to create
a tap interface on VPP to connect to br-ex on the host for external
connectivity.
Change-Id: Ia25db8456f1ad6beb96c7b9b5f318b166ef4576a
Signed-off-by: Feng Pan <fpan@redhat.com>
(cherry picked from commit
f19a086d771a1719bbd5d94a18f2ba1e5e243d61)
Feng Pan [Fri, 16 Mar 2018 20:22:46 +0000 (16:22 -0400)]
Add vpp-router config to vpp ml2 environment file
Change-Id: I5dfaf85d67fb038109edaf5c5d8a3e901b9148f4
Signed-off-by: Feng Pan <fpan@redhat.com>
(cherry picked from commit
afa11d5946303191d2791b0751d34b9e7d66d9c5)
Tim Rozet [Mon, 12 Mar 2018 21:33:47 +0000 (21:33 +0000)]
Merge "Fixing L2GW Opendaylight's environment file"
Maryam Tahhan [Fri, 26 Jan 2018 15:29:53 +0000 (15:29 +0000)]
Add Barometer service as a Compute role.
Change-Id: I3250b57316b4ec85e0558f1b512f6f3ed7c349fb
Signed-off-by: Maryam Tahhan <maryam.tahhan@intel.com>
Signed-off-by: jhinman1 <john.hinman@intel.com>
Ricardo Noriega [Wed, 31 Jan 2018 16:28:24 +0000 (17:28 +0100)]
Fixing L2GW Opendaylight's environment file
This will restore L3 connectivity and trunk ports.
Change-Id: I37039207bc7cf9965d26e6dfa034e84bf9b7224d
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
Tim Rozet [Thu, 18 Jan 2018 20:42:35 +0000 (15:42 -0500)]
Enables trunk ports in bgpvpn scenario
This is enabled in regular ODL deployments but is missing from the
bgpvpn scenario. Trunk ports are requested by SDNVPN team for testing
with bgpvpn.
Change-Id: I1b4d3eea61e29e1ede0e06d78fde842ef13b7b8e
Signed-off-by: Tim Rozet <trozet@redhat.com>
tomsou [Fri, 1 Dec 2017 12:27:07 +0000 (14:27 +0200)]
Update OpenDaylight BGPVPN driver
JIRA: APEX-555
Change-Id: Ib94b0182fd5fbc3a254cae5862a82982bf3131be
Signed-off-by: tomsou <soth@intracom-telecom.com>
Tim Rozet [Tue, 14 Nov 2017 20:33:57 +0000 (15:33 -0500)]
Fix .gitreview
Change-Id: Id90ca9975d25cdfa52f266cb6ea578892789efc8
Signed-off-by: Tim Rozet <trozet@redhat.com>
Zuul [Tue, 14 Nov 2017 17:39:33 +0000 (17:39 +0000)]
Merge "Update ansible before the ansible upgrade tasks" into stable/pike
Zuul [Tue, 14 Nov 2017 00:07:05 +0000 (00:07 +0000)]
Merge "Set keystone notification topics if ceilometer is enabled" into stable/pike
Juan Antonio Osorio Robles [Wed, 1 Nov 2017 12:44:23 +0000 (12:44 +0000)]
Keystone: Enable notification topics to be configured
This enables the configuration of notification topics via the
KeystoneNotificationTopics parameter.
Change-Id: I224e730e41e1bcb703e5deebfab3ca74f08faa02
Related-Bug: #
1729293
(cherry picked from commit
3de75ccea06a160f8afb21f9da461109a08f7cbc)
Juan Antonio Osorio Robles [Wed, 1 Nov 2017 12:03:58 +0000 (12:03 +0000)]
Set keystone notification topics if ceilometer is enabled
This sets the keystone notification topics only if ceilometer is
enabled. This mitigates the issue of keystone sending notifications
when nobody is receiving them.
Closes-Bug: #
1729293
Depends-On: I4dcce73446633c08ea37ba567610eec398094036
Change-Id: I063af5e642388acc180cb8e728481c5a36cc8ddc
(cherry picked from commit
4adb82d03ddd72191bb379f277374a0a5720bbc4)
Marius Cornea [Wed, 1 Nov 2017 16:08:31 +0000 (17:08 +0100)]
Update ansible before the ansible upgrade tasks
In case an ansible update is available during the upgrade then
the ansible package gets updated to a new version by the ansible
tasks. This could potentially lead to issues as the one described
in LP#
1729546. This change updates the ansible package via yum
before starting the ansible upgrade tasks in order to avoid having
ansible updating itself.
Related-bug:
1729546
Change-Id: I2ea0aa1f670053578996018663c9fa52dec14b77
(cherry picked from commit
0c1ac1d752aaf88832b34e165f7d147e2304ff1c)
Juan Antonio Osorio Robles [Mon, 6 Nov 2017 11:31:33 +0000 (13:31 +0200)]
Disable live migration over TLS
Due to the fact that it doesn't use a separate CA (or sub CA) for
libvirtd, and that proper SASL is not being used. We are disabling this
option since it doesn't meet the appropriate security requirements.
We'll look into adding this back once these issues get fixed.
Change-Id: I6a5e4db1b6dd6bc8b7e73e53b614b070d15b8a23
Closes-Bug: #
1730370
(cherry picked from commit
645757cbd6bdb1a1b75cb4aa8acce80a178099ce)
Zuul [Fri, 10 Nov 2017 17:15:40 +0000 (17:15 +0000)]
Merge "Update default cell_v2 cell when it already exists" into stable/pike
Zuul [Fri, 10 Nov 2017 17:15:39 +0000 (17:15 +0000)]
Merge "Refactor cellv2 host discovery logic to avoid races" into stable/pike
Zuul [Fri, 10 Nov 2017 13:25:06 +0000 (13:25 +0000)]
Merge "Fix cinder-{backup,volume} container with pacemaker" into stable/pike
Zuul [Fri, 10 Nov 2017 12:26:53 +0000 (12:26 +0000)]
Merge "Configure docker0 bridge address" into stable/pike
Zuul [Fri, 10 Nov 2017 12:11:40 +0000 (12:11 +0000)]
Merge "Re-enable containerized fluentd" into stable/pike
Zuul [Fri, 10 Nov 2017 12:03:11 +0000 (12:03 +0000)]
Merge "Env files for ODL deployments" into stable/pike
Oliver Walsh [Fri, 22 Sep 2017 11:06:43 +0000 (12:06 +0100)]
Update default cell_v2 cell when it already exists
nova-manage cell_v2 create_cell just uses a dumb string comparison to detect
when a cell already exists. If there is a slight difference (e.g ordering of
params in the db uri query string) it can result in duplicate cells.
With this patch we should detect that the default cell already exists and
update it to use the current transport_url/database_connection instead of
attempting to create a new cell.
Change-Id: If6a32e87b19cb0edf683144367701a115657ad0a
Closes-bug:
1718912
(cherry picked from commit
ebcaabcc5c5d2840128b3609c82c4a70a81ea0a0)
Oliver Walsh [Fri, 20 Oct 2017 22:27:15 +0000 (23:27 +0100)]
Refactor cellv2 host discovery logic to avoid races
The compute service list is polled until all expected hosts are reported or a
timeout occurs (600s).
Adds a cellv2_discovery flag to puppet services. Used to generate a list of
hosts that should have cellv2 host mappings.
Adds a canonical fqdn and that should match the fqdn reported by a host.
Adds the ability to upload a config script for docker config instead of using
complex bash on-liners.
Closes-bug:
1720821
Change-Id: I33e2f296526c957cb5f96dff19682a4e60c6a0f0
(cherry picked from commit
61fcfca045aeb5be1ee280d8dd9c260fb39b9084)
Martin André [Thu, 2 Nov 2017 09:19:38 +0000 (10:19 +0100)]
Fix cinder-{backup,volume} container with pacemaker
The cinder-backup and cinder-volume templates were lagging behind the
non-pacemaker version and didn't pass CI. This commit aims at bringing
back parity.
Change-Id: I11a12f52538168c858b16c9786eb83ae88161488
Depends-On: Iea84a291414e515d8c72a60646188e5b37354a38
Closes-Bug: #
1729430
(cherry picked from commit
72c5c73aaafc013d3e2292cded11234ae2b55e80)
Martin André [Tue, 24 Oct 2017 09:36:06 +0000 (11:36 +0200)]
Configure docker0 bridge address
This was previously conflicting with the InternalApiNetCidr value in
environments/network-environment.yaml.
Change-Id: I3f1cb6f056fb19a1ba93d1076191abe7aca4fa21
Depends-On: Ie803b33c93b931f7fefb87b6833eb22fd59cd92d
Closes-Bug: #
1726773
(cherry picked from commit
509209a29be1ac3e72d6ea97eaf328760693daaf)
Zuul [Fri, 10 Nov 2017 03:56:49 +0000 (03:56 +0000)]
Merge "Fix rights to local_settings.d for dockerized Horizon" into stable/pike
Zuul [Thu, 9 Nov 2017 22:19:29 +0000 (22:19 +0000)]
Merge "Only mount selinux sysfs in nova_libvirt container" into stable/pike
Martin André [Fri, 3 Nov 2017 11:26:34 +0000 (12:26 +0100)]
Re-enable containerized fluentd
Now that we got a promotion, there is a container image for fluentd in
tripleomaster registry. We can finally re-enable the containerized
fluentd service in scenario0001.
Change-Id: I636e63f9b66dd47267fa40febf49a6ec9a6b7ef3
Related-Bug: #
1721723
Closes-Bug: #
1726891
(cherry picked from commit
c795e748d2e0fe1299919872250d6951246c1365)
Zuul [Thu, 9 Nov 2017 08:26:44 +0000 (08:26 +0000)]
Merge "Fix wrong permission on database during mysql_init tasks." into stable/pike
Zuul [Thu, 9 Nov 2017 08:25:45 +0000 (08:25 +0000)]
Merge "Set bind mount propegatation to shared for /var/lib/nova." into stable/pike
Zuul [Thu, 9 Nov 2017 08:25:43 +0000 (08:25 +0000)]
Merge "Do not set cluster in maintenance mode during split stack upgrade" into stable/pike
Zuul [Thu, 9 Nov 2017 08:01:06 +0000 (08:01 +0000)]
Merge "Set ipc=host for services attaching encrypted volumes" into stable/pike
Janki Chhatbar [Mon, 23 Oct 2017 05:28:03 +0000 (10:58 +0530)]
Env files for ODL deployments
This patch adds env files for SRIOV, OVS-DPDK, L2GW, BGPVPN
and SFC deployments with ODL.
These files contain configs not present in basic ODL deployment
env file. While deploying, these need to be used along the basic
deployment env file like
openstack overcloud deploy \
-e environments/services-docker/neutron-opendaylight.yaml \
-e environments/services-docker/neutron-opendaylight-dpdk.yaml
and
openstack overcloud deploy \
-e environments/services-docker/neutron-opendaylight.yaml \
-e environments/services-docker/neutron-opendaylight-sriov.yaml
and so forth for all other deployments.
Closes-Bug:
1722881
Change-Id: I2b70d3f4518e0c014cf37f7fecd92f69989f0860
(cherry picked from commit
e0c89d6593dadd9bf6ba9fa6f618e7c44ec7aa2e)
Radomir Dopieralski [Tue, 7 Nov 2017 19:20:38 +0000 (20:20 +0100)]
Fix rights to local_settings.d for dockerized Horizon
For some reasonf that directory doesn't have r/x rights, so when
compress is ran as root, it can access config files in it, but when
horizon is run by apache, it can't, and expects different theme files,
thus failing with OfflineGenerationError. Giving apache access to that
directory fixes the problem and makes the custom theme work.
Closes-bug: #
1730911
Change-Id: I53f6db23b036bc9b5a689bbac958550f384194c6
(cherry picked from commit
2827fa428c757180019dd7c1aacafcca554845ab)
Zuul [Thu, 9 Nov 2017 05:55:15 +0000 (05:55 +0000)]
Merge "Set metric procssing delay for metricd" into stable/pike
Zuul [Thu, 9 Nov 2017 03:21:13 +0000 (03:21 +0000)]
Merge "Add --detailed-exitcodes when running puppet via ansible" into stable/pike
Zuul [Thu, 9 Nov 2017 03:21:12 +0000 (03:21 +0000)]
Merge "Temporarily disable fluentd from scenario001-multinode-containers" into stable/pike
Marius Cornea [Fri, 20 Oct 2017 08:20:50 +0000 (10:20 +0200)]
Do not set cluster in maintenance mode during split stack upgrade
This change noops ControllerDeployedServer{Pre,Post}Config to avoid
getting the upgrade of a split stack deployment getting stuck due
to the cluster being in maintenance mode. For reference a similar
change has been done for the regular Controller role in:
https://review.openstack.org/#/c/487313/
Change-Id: Idd393011b3c4d0d236780e11a04a59d426750de1
Closes-bug:
1725175
(cherry picked from commit
8e92d7c6db6fcae863a250f63b01a98f7a3f3340)
Zuul [Wed, 8 Nov 2017 18:06:00 +0000 (18:06 +0000)]
Merge "Add all services to container scenarios" into stable/pike
Michele Baldessari [Thu, 12 Oct 2017 15:37:50 +0000 (17:37 +0200)]
Add --detailed-exitcodes when running puppet via ansible
puppet run on never fails, even when it should, since we moved
to the ansible way of applying it. The reason is the current following code:
- name: Run puppet host configuration for step {{step}}
command: >-
puppet apply
--modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
--logdest syslog --logdest console --color=false
/var/lib/tripleo-config/puppet_step_config.pp
The above is missing the --detailed-exitcodes switch and so puppet will never
really error out on us and the deployment will keep on running all the
steps even though a previous puppet manifest might have failed. This
cause extra hard-to-debug failures.
Initially the issue was observed on the puppet host runs, but this
parameter is missing also from docker-puppet.py, so let's add it there
as well as it makes sense to return proper error codes whenever we call
puppet.
Besides this being a good idea in general, we actually *have* to do it
because puppet does not fail correctly without this option due to the
following puppet bug:
https://tickets.puppetlabs.com/browse/PUP-2754
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: Ie9df4f520645404560a9635fb66e3af42b966f54
Closes-Bug: #
1723163
(cherry picked from commit
11e599d116cfbf7df4dcd0e7670c3405a4224c1a)
Michele Baldessari [Tue, 24 Oct 2017 14:49:10 +0000 (16:49 +0200)]
Temporarily disable fluentd from scenario001-multinode-containers
Mixing containers and BM is currently not working. Once the master
promotion will take place we will have a fluentd container and
can readd fluentd as a container and the problem should not re-occurr.
Change-Id: Iad97f7e0e4de56f46a46d2381fc1ea5822a2114a
Related-Bug: #
1726891
(cherry picked from commit
35d91ddc6d11bb2696321fff4593d5cca3b0cba8)
Zuul [Wed, 8 Nov 2017 15:27:23 +0000 (15:27 +0000)]
Merge "Switch scenario004-containers to use ceph-ansible" into stable/pike
Oliver Walsh [Tue, 7 Nov 2017 00:31:39 +0000 (00:31 +0000)]
Set bind mount propegatation to shared for /var/lib/nova.
This is required for nfs exports mounted by the nova_compute container to be
visible to nova_libvirt.
Depends-on: I8a63c044e15d7ca0f54654e9fc9c5d878461aa25
Change-Id: I55859e744e3c2ebbd6975c96b84b6b0774dc6700
Closes-bug:
1730533
(cherry picked from commit
ef0493f5ea6a7f5412fcf1e1722d71092aba1398)
Zuul [Wed, 8 Nov 2017 14:43:30 +0000 (14:43 +0000)]
Merge "nova-placement: switch auth_uri to keystone versionless endpoint" into stable/pike
Zuul [Wed, 8 Nov 2017 12:26:17 +0000 (12:26 +0000)]
Merge "Fix /etc/openstack-dashboard/ permissions for access to *policy.json" into stable/pike
Sofer Athlan-Guyot [Mon, 6 Nov 2017 10:45:20 +0000 (11:45 +0100)]
Fix wrong permission on database during mysql_init tasks.
During mysql initialization, mysql needs to be able to write in the
database directory.
Change-Id: I82c2e46f66ab01021cb910eb7e0d17c81b00fa09
Closes-bug: #
1730349
(cherry picked from commit
0d65e380caf89d8c486e8ea87571298a6687b680)
Zuul [Wed, 8 Nov 2017 05:15:21 +0000 (05:15 +0000)]
Merge "Enable Cinder as a backend for Glance" into stable/pike
Zuul [Wed, 8 Nov 2017 05:07:01 +0000 (05:07 +0000)]
Merge "Add tags to baremetal cron removal tasks" into stable/pike
Pradeep Kilambi [Wed, 11 Oct 2017 13:02:23 +0000 (09:02 -0400)]
Set metric procssing delay for metricd
Depends-On:
1d6084045e6019c7ad536a8adfd5249b1d95e37e
Closes-bug: #
1722788
Change-Id: I22a815bbc8dad65366fbc212f35bdb9d7b4faa52
(cherry picked from commit
66f85f17273353c30ae5625d29c367e0a5f513a8)
Zuul [Tue, 7 Nov 2017 05:05:06 +0000 (05:05 +0000)]
Merge "mysql: Only set certificate specs if TLS everywhere is enabled" into stable/pike
Zuul [Mon, 6 Nov 2017 11:50:51 +0000 (11:50 +0000)]
Merge "cinder: switch CinderCronDbPurgeUser to 'cinder'" into stable/pike
Zuul [Sun, 5 Nov 2017 12:41:26 +0000 (12:41 +0000)]
Merge "Fix iptables rules override bug in clustercheck docker service" into stable/pike
Zuul [Sun, 5 Nov 2017 12:41:24 +0000 (12:41 +0000)]
Merge "RHSM: when using proxy, test its connectivity first" into stable/pike
Emilien Macchi [Wed, 1 Nov 2017 14:03:27 +0000 (07:03 -0700)]
cinder: switch CinderCronDbPurgeUser to 'cinder'
... and not 'keystone' or it fails.
Change-Id: Iee4161ec9d8c7a84997ab24ddd234353f3a81dfb
Closes-Bug: #
1729352
(cherry picked from commit
b99a240ccc4f262ee7626518087784eb92b0152f)
Zuul [Sat, 4 Nov 2017 08:38:40 +0000 (08:38 +0000)]
Merge "mysql: expose IPv6 configuration to mysql puppet modules" into stable/pike
Michele Baldessari [Tue, 31 Oct 2017 12:23:17 +0000 (13:23 +0100)]
Fix iptables rules override bug in clustercheck docker service
When deploying a composable HA overcloud with a database role split off
to separate nodes we could observe a deployment failure due to galera
never starting up properly.
The reason for this was that instead of having the firewall rules for
the galera bundle applied (i.e. those with the extra control-port for
the bundle), we would see the firewall rules for the BM galera service.
E.g. we would see the following on the host:
tripleo.mysql.firewall_rules: {
104 mysql galera: {
dport: [ 873, 3306, 4444, 4567, 4568, 9200 ]
Instead of the correct mysq bundle firewall rules:
tripleo.mysql.firewall_rules:
104 mysql galera-bundle:
dport: [ 873, 3123, 3306, 4444, 4567, 4568, 9200 ]
The reason for this is the following piece of code in
https://github.com/openstack/tripleo-heat-templates/blob/master/docker/services/pacemaker/clustercheck.yaml#L62:
...
MysqlPuppetBase:
type: ../../../puppet/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Containerized service clustercheck using composable services.
value:
service_name: clustercheck
config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
...
Depending on the ordering of the clustercheck service within the role
(before or after the mysql service), the above code will override the
tripleo.mysql.firewall_rules with the wrong rules because we derive from
puppet/services/... which contain the BM firewall rules.
Let's just switch to derive from the docker service so we do not risk
getting the wrong firewall rules during the map_merge.
Tested this change successfully on a composable HA with split-off DB
nodes.
Change-Id: Ie87b327fe7981d905f8762d3944a0e950dbd0bfa
Closes-Bug: #
1728918
(cherry picked from commit
3df6a4204a85b119cd67ccf176d5b72f9e550da6)
Juan Antonio Osorio Robles [Wed, 1 Nov 2017 16:12:57 +0000 (18:12 +0200)]
mysql: Only set certificate specs if TLS everywhere is enabled
The conditional was missing.
Change-Id: Ie2617dd9dba1c49f37e82448b6bf229d127ed46a
Closes-Bug: #
1729384
(cherry picked from commit
410e062aa0d91b99c4493fac6940499cc02e4288)
Eric Harney [Wed, 1 Nov 2017 19:47:01 +0000 (15:47 -0400)]
Set ipc=host for services attaching encrypted volumes
Without ipc=host set, cryptsetup/devicemapper will never
see devices created when running "cryptsetup luksOpen",
causing the command to hang.
This is required for attaching encrypted Cinder volumes.
Closes-Bug: #
1729419
Change-Id: Ic7184b1fbbafea266f8ec1e7974d0a4a2cf4d750
(cherry picked from commit
05b61472463d5dbde3f1b1285819044409a80e2e)
Zuul [Fri, 3 Nov 2017 22:57:04 +0000 (22:57 +0000)]
Merge "Fix nova-cpu/collectd hieradata" into stable/pike
Zuul [Fri, 3 Nov 2017 20:25:28 +0000 (20:25 +0000)]
Merge "Upgrade rhel_reg_sat_repo to 6.2" into stable/pike
Zuul [Fri, 3 Nov 2017 17:05:50 +0000 (17:05 +0000)]
Merge "Run containerized mistral-api eventlet" into stable/pike
Zuul [Fri, 3 Nov 2017 13:59:50 +0000 (13:59 +0000)]
Merge "added level of indirection causes incorrect hiera config" into stable/pike
Zuul [Fri, 3 Nov 2017 03:09:30 +0000 (03:09 +0000)]
Merge "Add NetIpMap to hieradata for *ExtraConfig overrides" into stable/pike
Zuul [Fri, 3 Nov 2017 03:09:29 +0000 (03:09 +0000)]
Merge "Providing required priviledges to the mounted NFS volume" into stable/pike
Zuul [Fri, 3 Nov 2017 02:53:24 +0000 (02:53 +0000)]
Merge "Update CephPools format in the docker templates to fit ceph-ansible" into stable/pike
Emilien Macchi [Thu, 19 Oct 2017 21:39:36 +0000 (14:39 -0700)]
RHSM: when using proxy, test its connectivity first
When using RHSM with a proxy, we want to make sure the proxy can be
reached. This patch verify that a tcp socket can be open from the client
to the proxy.
This patch also does a bit of refactoring:
- --retry-delay 10 --max-time 30 is now used in a parameter everytime we
use curl.
- proxy options are now used everytime curl is used, even for detecting
which version of Satellite is running, now we use proxy options.
Co-Authored-By: Vincent S. Cojot <vincent@cojot.name>
Change-Id: I4dcac1528c10f698338383445e27c8a613f9bcd9
Closes-Bug: #
1724970
(cherry picked from commit
f4e46f4b3ddac3f536a3a1955c91447e8b26ffca)
Zuul [Thu, 2 Nov 2017 18:34:55 +0000 (18:34 +0000)]
Merge "RHSM: do not use retry to deploy katello-agent" into stable/pike
Emilien Macchi [Mon, 30 Oct 2017 15:51:44 +0000 (08:51 -0700)]
Upgrade rhel_reg_sat_repo to 6.2
When deploying with RHSM, sat-tools 6.2 will be installed instead of 6.1.
The new version is supported by RHEL 7.4 and provides katello-agent package.
Change-Id: I04a9feab02bf606ad6ca923a17947dcca30258da
Closes-Bug: #
1728638
(cherry picked from commit
b248ae1447940f81513be9904a24197bd4af1126)
Martin André [Thu, 7 Sep 2017 20:50:49 +0000 (22:50 +0200)]
Add all services to container scenarios
This commit brings the multinode containers scenario files closer to
their BM variants to add missing services and turning pacemaker on.
These require refactorings in OOOQ in order to support non-containerized
to containerized upgrade jobs across releases. Ceph-ansible is also
going to be switched separately.
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Depends-On: Ie0e8de54794a9259c0aeb8c67ae0f6a908844093
Change-Id: Icb659509b38575534be27a1881dbe671c40a5436
Related-Bug: #
1714905
Related-Bug: #
1712070
(cherry picked from commit
c504f83c28b986ceb2b92cc0077959158bd11df7)
Emilien Macchi [Thu, 2 Nov 2017 01:22:16 +0000 (18:22 -0700)]
Fix nova-cpu/collectd hieradata
Probably a typo, never caught or even tested.
Change-Id: Iaf75edb421a19cb69bf3ead59c83bf812c653f0b
Closes-Bug: #
1729479
(cherry picked from commit
24f859c01826eb12256cf1a5cd63b8bb1c0e234c)
Zuul [Thu, 2 Nov 2017 12:37:17 +0000 (12:37 +0000)]
Merge "Disable MongoDB in scenario002" into stable/pike
Zuul [Thu, 2 Nov 2017 11:00:14 +0000 (11:00 +0000)]
Merge "Fix standalone ControllerOpenstack vars" into stable/pike
Steven Hardy [Tue, 24 Oct 2017 09:30:39 +0000 (10:30 +0100)]
Add NetIpMap to hieradata for *ExtraConfig overrides
To enable per-node override of bind IPs via the per-role
ExtraConfig paramaters, we need to enable hiera interpolation
that references the keys defined in NetIpMap, so we add them
to the hieradata. To minimise the risk of any conflicts in
keynames it's added near the bottom of the hierarchy, but
I'm not aware of any conflicting names in our templates/modules.
This will allow per-node hieradata override of bind IPs e.g:
parameter_defaults:
ComputeRack1ExtraConfig:
nova::vncproxy::host: "%{hiera('rack1_internal_api')}"
ComputeRack2ExtraConfig:
nova::vncproxy::host: "%{hiera('rack2_internal_api')}"
Closes-Bug: #
1726884
Change-Id: Icf7da1d78176c2ee0197ff2459d69d995cbb16ad
(cherry picked from commit
65a8b65754d2ea77ec2396658d4e73eb837d34bd)
Zuul [Thu, 2 Nov 2017 08:42:20 +0000 (08:42 +0000)]
Merge "Switch RabbitFDLimit to a Puppet integer" into stable/pike
Zuul [Thu, 2 Nov 2017 08:42:17 +0000 (08:42 +0000)]
Merge "Force memcached container log to file" into stable/pike
Zuul [Thu, 2 Nov 2017 07:53:12 +0000 (07:53 +0000)]
Merge "Enable neutron-lbaasv2 UI in Horizon" into stable/pike
Emilien Macchi [Mon, 30 Oct 2017 14:43:04 +0000 (07:43 -0700)]
RHSM: do not use retry to deploy katello-agent
katello-agent is an optional package, we don't want to use retry.
The package is available or not.
Fixing a regression from https://review.openstack.org/#/c/386529
Since we use "| true", we can't really use "retry" here.
Change-Id: Id8cd9ac54e158ee1743b2f72b169b3a066f69168
Closes-Bug: #
1728614
(cherry picked from commit
d9f7b01c6c21b306005bad12fcab103b0a9e7591)
Oliver Walsh [Fri, 27 Oct 2017 23:06:46 +0000 (00:06 +0100)]
Only mount selinux sysfs in nova_libvirt container
https://review.openstack.org/500952 initially just did this. Then we assumed
every container should have the selinux sysfs.
This causes issues with the sshd container used for live-migration.
The advice from the selinux experts is that it should not be enabled within
containers, so reverting back to the original fix that enables it only in the
nova-libvirt container.
Closes-bug:
1729405
Change-Id: I80bf38d7d64ab99510574af5c57423fde9b84eca
(cherry picked from commit
7c8127cf96a281dd5cee96e1a68bc0508b9ba4e7)
Aditya Vaja [Fri, 29 Sep 2017 00:33:13 +0000 (17:33 -0700)]
added level of indirection causes incorrect hiera config
- until Newton this worked fine, however starting with Ocata, we
do not need the key 'mapped_data'
- having it results in extra indirection in the dictionary in
neutron_bigswitch_data.json
Closes-Bug: #
1729453
Change-Id: I3bc9940aeff4e290d83de95a7df294c11f061954
(cherry picked from commit
485339129cee8f5d3223cf47858a5c9f79b0a8de)
Dan Prince [Fri, 25 Aug 2017 13:22:29 +0000 (09:22 -0400)]
Add tags to baremetal cron removal tasks
In
59e29b17f4a9f5f65b6f8a7b8e82ef6426d8a51 we forgot to
add tags to the Ansible tasks to remove the baremetal
cron jobs at step 2.
(cherry picked from commit
1128271b460b120a2a59eac3df95082c55e554d0)
Change-Id: I23fb134b88336ebc4eb1a97a69a2d73d4ef0edb2
Related-bug: #
1708466
Juan Antonio Osorio Robles [Mon, 30 Oct 2017 08:04:18 +0000 (10:04 +0200)]
Force memcached container log to file
We were relying on the sysconfig options to set the memcached log file,
however, this is not happening, as the redirection is being taken as an
option and ends up being ignored by the memcached command. So instead,
we set the redirection in the container template.
Change-Id: Ic94e3fd7884d518eb9558c53acdc6b294823cd0a
Closes-Bug: #
1720183
(cherry picked from commit
ca1fc5848661aacbf14b52e33879190c133c8e48)
Zuul [Wed, 1 Nov 2017 04:58:22 +0000 (04:58 +0000)]
Merge "Fix permissions for dockerized horizon" into stable/pike
Alex Schultz [Fri, 6 Oct 2017 21:04:35 +0000 (15:04 -0600)]
Fix standalone ControllerOpenstack vars
As we've moved to more dynamic generation of variables, the correct
variable names are *ControllerOpenstack* not *Controller* for the
example standalone environment.
Change-Id: Iaa39de9d8794a856e76cc9995d046484632cf604
Closes-Bug: #
1721877
(cherry picked from commit
536d1c4af59dc22164666be5cb1826115fdfdeb9)
Zuul [Tue, 31 Oct 2017 00:29:19 +0000 (00:29 +0000)]
Merge "Set verbosity by default for memcached" into stable/pike
Juan Antonio Osorio Robles [Fri, 27 Oct 2017 07:22:01 +0000 (10:22 +0300)]
persist memcached logs in /var/log/containers/memcached/memcached.log
We used to bind-mount /var/log/memcached.log, but this resulted in the
file being createdin the memcached container as a directory, since this
file didn't exist.
This commit takes the approach of other containers and gets the logs to
a memcached directory in /var/log/containers.
Change-Id: I926b65fa557ad56b4faa2be34452b58f7b01247a
Closes-Bug: #
1720183
(cherry picked from commit
5020f38301a9a0a70f34878196250e24fc639dec)
Juan Antonio Osorio Robles [Fri, 27 Oct 2017 07:32:20 +0000 (10:32 +0300)]
Set verbosity by default for memcached
This sets of one level of verbosity for memcached by default. This
allows us to see any errors or warnings in the logs.
Change-Id: Icc6f56c9e0ee6100286d07c8b6660a08baabb241
Related-Bug: #
1720183
(cherry picked from commit
15ad21ba08e92b302318bdc34112601ce666ff35)
Giulio Fidente [Mon, 2 Oct 2017 12:10:53 +0000 (14:10 +0200)]
Update CephPools format in the docker templates to fit ceph-ansible
The format which ceph-ansible uses to describe the list of pools
to be created in the cluster is different from the one which
puppet-ceph uses; this commit updates the description and the
the docker templates accordingly.
Change-Id: I1e5b2c3cbf6ae02c19a2275ca119fed6e173319d
Closes-Bug: #
1720373
(cherry picked from commit
c10aa7a0439fb7d8e8e964e75d73f3cbb54aa9ec)
Jiri Stransky [Tue, 26 Sep 2017 13:00:13 +0000 (15:00 +0200)]
Switch scenario004-containers to use ceph-ansible
Use ceph-ansible to match the non-containerized variant of
scenario004.
Depends-On: I137ca9a005df6e95a59a4d629eb94bda6ef00d3a
Depends-On: I6acac1826271efcd4d1acf6633bde6eb8a653f44
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: I1b3c57a2cfda9e74457f17504f51d5b30c5d381d
(cherry picked from commit
4e85813d368b94f588471d9bdc4a04d04d3be541)
Alan Bishop [Wed, 11 Oct 2017 15:02:43 +0000 (11:02 -0400)]
Enable Cinder as a backend for Glance
Enable Cinder as a backend for Glance by adding 'cinder' to the list of
allowed choices for the GlanceBackend heat parameter.
Update the glance-api docker configuration to allow the feature to work.
This is necessary because the feature uses iSCSI, which requires additional
privileges.
Closes-Bug: #
1728409
Depends-On: I850047e32f3608b3ce490e52e2e540695cb1a4ff
Change-Id: I42241747de931103a04aa5ee2ed18fd46197d183
(cherry picked from commit
e828e8c7bb2e890b243faa767992226dc270bb6f)
Michele Baldessari [Thu, 19 Oct 2017 06:12:07 +0000 (08:12 +0200)]
Disable MongoDB in scenario002
We have disabled mongo by default in containers via:
Id2e6550fb7c319fc52469644ea022cf35757e0ce Disable mongodb by default
Ie09ce2a52128eef157e4d768c1c4776fc49f2324 Containerized mongodb, disable by default, fix upgrade
Let's not use it in scenario002 either.
NB: Not entirely clean cherry-pick due to scenario002-multinode-containers.yaml
having many more services in master than in pike.
Change-Id: I0d2df25ed797ffb8425ba81736526d3688e5de5c
Closes-Bug: #
1724679
(cherry picked from commit
900416d9809bf4446c0c037128edb033ab9b3bcc)
Cédric Jeanneret [Wed, 18 Oct 2017 08:58:21 +0000 (10:58 +0200)]
Enable neutron-lbaasv2 UI in Horizon
Change-Id: I4a09343c59da86daf4e6f00a59f7734c8adb209f
Depends-On: I66839e2c42e654a02e5409c6137e479cfb7b385f
Partial-Bug:
1724471
(cherry picked from commit
97879c3ce6dcf06908180a06147bd386580ed5ae)
Martin André [Wed, 18 Oct 2017 15:51:09 +0000 (17:51 +0200)]
Run containerized mistral-api eventlet
The mistral-api container image we use doesn't have the necessary
packages to run via wsgi and this cause puppet to error with:
"Notice: /Stage[main]/Mistral::Wsgi::Apache/Openstacklib::Wsgi::Apache[mistral_wsgi]/File[mistral_wsgi]: Dependency File[/var/www/cgi-bin/mistral] has failures: true",
Fallback to eventlet mistral-api for the time being until we get
a usable mistral-api image.
Change-Id: Ic10c579aa3b6d0d6a01f120669be3b5dcc5efcda
Depends-On: I54627f1c5a8867738a55bee42075bb6087830c61
Related-Bug: #
1724607
(cherry picked from commit
e158acb14c4ed92be1a5b961ff1e8ff99b1a5ae3)
Rhys Oxenham [Thu, 12 Oct 2017 09:31:42 +0000 (10:31 +0100)]
Fix /etc/openstack-dashboard/ permissions for access to *policy.json
The Kolla Dockerfile sets the permissions for /etc/openstack-dashboard/
to horizon:horizon. We need this to be readable by the apache user
as the horizon user is not the user in which httpd runs with. We may
want to consider fixing this in the upstream Dockerfile instead, e.g.
checking if we're using centos/rhel and changing the permissions that
way. I'm not sure why it's set to horizon:horizon upstream, and I'm keen
not to break any existing functionality that relies on the horizon based
permissions.
Closes-Bug: #
1723125
Change-Id: If5feebae38f7fdfffa60bfaedc4521f676006484
(cherry picked from commit
fd657aa4e68de7ad239a88525b5ae343acd3bf80)
Zuul [Tue, 24 Oct 2017 20:03:15 +0000 (20:03 +0000)]
Merge "ci-ovn: Disable Swift services in scenario 007 container job" into stable/pike
Zuul [Tue, 24 Oct 2017 19:46:07 +0000 (19:46 +0000)]
Merge "Create short lived ssh key for enable-ssh-admin.sh" into stable/pike
Oliver Walsh [Tue, 24 Oct 2017 16:19:26 +0000 (17:19 +0100)]
nova-placement: switch auth_uri to keystone versionless endpoint
Appears this was missed in I8046f2eed0b9a7da76d6d7c3507a92bf5054b000
Change-Id: I901533f7ab2de2ec0fd1c2bfef8aa8f767c45963
Partial-Implement: blueprint keystone-v3
(cherry picked from commit
4add59c5413e9b36675f07f0c3d0fedbf156b04c)
Zuul [Tue, 24 Oct 2017 10:16:14 +0000 (10:16 +0000)]
Merge "Disable SwiftDispersion when using docker" into stable/pike
Zuul [Tue, 24 Oct 2017 10:03:13 +0000 (10:03 +0000)]
Merge "Support for Satellite Capsule in rhel-registration" into stable/pike
Michele Baldessari [Tue, 17 Oct 2017 12:22:27 +0000 (14:22 +0200)]
Disable SwiftDispersion when using docker
We currently have the following in the registry:
OS::TripleO::Services::SwiftDispersion: puppet/services/swift-dispersion.yaml
Since this service is included by default in the Controller role
it will be installed on the host even on a containerized deployment.
Let's noop this in docker.yaml until a containerized version of it
gets merged.
Change-Id: Ic2793d0cfb7b20f4661cb1a45793cae67a4868b4
Closes-Bug: #
1723788
(cherry picked from commit
0c8ba9651734a0e6180ca443c87c8c8ca5169d6c)
Numan Siddique [Wed, 11 Oct 2017 09:56:02 +0000 (15:26 +0530)]
ci-ovn: Disable Swift services in scenario 007 container job
Closes-bug: #
1722758
Change-Id: I0161c534807ca45e2d2b6fcace5fc3e26eb450a2
(cherry picked from commit
7e398bf18910e062415ce4e70236ce98577aed13)
Jiri Stransky [Wed, 18 Oct 2017 13:19:44 +0000 (15:19 +0200)]
Create short lived ssh key for enable-ssh-admin.sh
Instead of using the key provided by user on the command line, create
a new short-lived key, give it to Mistral to create a tripleo-admin
user with it, and remove the short-lived key.
Co-Authored-By: John Fulton <fulton@redhat.com>
Change-Id: I6e6ed83fa62319d59d7289b16a1412a340ea6b26
Closes-Bug: #
1724578
(cherry picked from commit
b0e72c1413c9441aa592b56583e87715e7096152)
Code Review / apex-tripleo-heat-templates.git / log