1698 Commits

Author SHA1 Message Date
Zuul
1d49a2bd44 Merge "low-memory-usage: configure NovaSchedulerWorkers to 1" 2018-11-02 09:49:00 +00:00
Zuul
ade495ab5a Merge "Split designate envs" 2018-11-02 09:48:53 +00:00
Jiri Stransky
6c435ab3e0 Deprecate environments/docker.yaml
Default resource registry points to containerized services too, we
shouldn't use docker.yaml anymore.

Change-Id: I6106e223d9c1e399d396d745ad28274107074b06
2018-11-01 22:39:40 +00:00
Emilien Macchi
379fd58600 low-memory-usage: configure NovaSchedulerWorkers to 1
Like other Nova services, let's reduce the number of workers of Nova
Scheduler to 1.

Change-Id: I5fd418a263a70e7d64a676d5b8ab3c49ad8557f9
2018-11-01 15:53:32 +00:00
Dan Prince
94499c209b Disable MistralDockerGroup creation with podman
I'm testing podman without docker/docker registry
installed and it failed. This resolves issues with
the Mistral puppet execution so that it ignores
the docker group creation.

Change-Id: I1deb31dce021796f3ea98f1c1030c362108397bb
2018-10-31 09:26:41 -04:00
Alex Schultz
653649ebbc Add OpenStack clients service
We did not have a easy way to ensure all the openstack clients are
installed on a given system. In the old instack-undercloud installation,
we were installing some additional clients outside of the ones required
via python-tripleoclient. To allow a user to quickly install all the
clients on a given system, this change adds an OpenStack clients
"service" which can be added to a role to ensure the clients are
available. In the future if we provide a client container, this service
can be converted into a container deployment mechanism.

Change-Id: If878c2ab7679eea2fff42b410bec9c8c9b92ed6f
Closes-Bug: #1800001
2018-10-26 16:25:35 -06:00
Zuul
1fd31e4270 Merge "Standardize path to prepare log file" 2018-10-25 19:10:07 +00:00
Juan Antonio Osorio Robles
dfa015d273 Standalone: Disable persisting VIPs on /etc/hosts
This adds the needed parameter to the standalone environment file.

Change-Id: I9c7151b0085cd2d341e17f78dc75d1781cb7ae9d
Related-Bug: #1799724
2018-10-25 17:38:06 +03:00
trown
62418388b2 Fix typo in standalone-tripleo environment
Change-Id: I4dde00e615be3a3c13fa8a21f8a5eb4ca9dbfbec
2018-10-23 14:48:50 -06:00
Alan Bishop
dc2d0de810 Add parameters for cinder storage availability zones
Add CinderStorageAvailabilityZone parameter that configures
cinder's DEFAULT/storage_availability_zone. The default value
of 'nova' matches cinder's own default value.

Add several CinderXXXAvailabilityZone parameters, where XXX is
any of the cinder volume service's storage backends. The
parameters are optional, and when set they override the
"backend_availability_zone" for the corresponding backend.

Implements: blueprint split-controlplane-cinder-volume-az
Depends-On: Ic407b747474b567858ad36beabc8a7d8c5022343
Change-Id: Idb035bf112cbab41547bd89935df4c175bf665f4
2018-10-23 09:18:53 -04:00
Christophe Fontaine
dbd8959e38 Fix NeutronSriovHostConfig path for ODL deployment with SRIOV
Change-Id: Ibadd4629eccaed30d15d3c50926e71c26255a65c
2018-10-23 14:57:55 +02:00
Zuul
83a2d262b6 Merge "Dell EMC Sc: Add support for excluded_domain_ips" 2018-10-23 06:30:15 +00:00
Zuul
df431ad344 Merge "Implements: liquidio-containerization" 2018-10-23 04:07:49 +00:00
Zuul
440fd70277 Merge "Allow standalone to manage selinux" 2018-10-22 21:31:07 +00:00
Zuul
1bd8888d79 Merge "Rename no-tls environment" 2018-10-20 02:03:33 +00:00
Zuul
52fe342a36 Merge "Update no-tls environment in ssl/ directory" 2018-10-20 02:03:31 +00:00
Zuul
ee4c55ca9b Merge "Correct a minor typo in the doc that could lead to some issues" 2018-10-19 18:55:34 +00:00
Zuul
faea5fa62a Merge "Add sample designate environment for ha" 2018-10-19 04:52:21 +00:00
Cédric Jeanneret
4ca6c5c71c Correct a minor typo in the doc that could lead to some issues
If we don't pass the right param, we can end up with a broken service.

Change-Id: Ia55ce808063acac8803a54b7ffac8e689c9b4d69
2018-10-17 14:36:37 +02:00
Alex Schultz
7451fc44de Allow standalone to manage selinux
In some cases we may need to disable selinux (like in CI). The role
needs the SELinux service so that the management can be done during the
deployment.

Change-Id: Ife3c4600f5bd70490a68059eb27c5100743a5298
Closes-Bug: #1797910
2018-10-17 08:43:49 +00:00
Zuul
e6b376c7a7 Merge "Use single replica for standalone AIO deployments" 2018-10-17 06:54:45 +00:00
Zuul
35ba498322 Merge "Collectd documentation refactor" 2018-10-16 19:16:52 +00:00
Zuul
03a2fd061d Merge "Disable Swift auditors/replicators on undercloud" 2018-10-16 01:16:35 +00:00
Zuul
0b86ebf6be Merge "Ensure the needed openshift resources are set" 2018-10-16 01:16:32 +00:00
Bogdan Dobrelya
1c56834aa8 Use single replica for standalone AIO deployments
Similarly to undercloud, Swift is using only a single replica on AIO
(all-in-one standalone). Therefore recovering from a corrupted or lost object
is not possible, and running replicators and auditors only wastes resources.
And may create some trouble. For example, the DB replicators and auditors will
lock the DB, and new objects won't be stored during that time.

Related-Bug: #1797167

Change-Id: I839393bf6cbb2303a0359f8aed32b2fc67d46f6a
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-10-15 20:15:33 +00:00
Bogdan Dobrelya
47f93e1792 Disable Swift auditors/replicators on undercloud
Maintain parity with instack-undercloud
Ic93082282e9ea481c13832f8ce1265a47f0ef3d5

Swift is using only a single replica on the undercloud. Therefore
recovering from a corrupted or lost object is not possible, and running
replicators and auditors only wastes resources. And may create some
trouble. For example, the DB replicators and auditors will lock the DB,
and new objects won't be stored during that time.

Related-Bug: #1632885
Closes-Bug: #1797167

Change-Id: I584cdb03b99721fbdc28bf7f6019d914586341d2
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-10-15 15:06:32 +00:00
Zuul
ad06ebce20 Merge "Remove obsolete code for handling Pacemakerized resource restarts" 2018-10-15 11:31:45 +00:00
Steve Baker
8fe38fb7ed Standardize path to prepare log file
This change makes the default ContainerImagePrepareLogFile be
/var/log/tripleo-container-image-prepare.log for both undercloud and
overcloud deploy.

Previously, undercloud prepare logged to $HOME/install-undercloud.log
and overcloud prepare logged to
$(pwd)/tripleo-container-image-prepare.log.

With this change, both will be logged to
/var/log/tripleo-container-image-prepare.log

Depends-On: Id4b776de808ea329a299430078c6f3efdb604e02
Change-Id: Icd3c5d612a9c42d1d3d8e374f10eb56d5737d516
Closes-Bug: #1789871
2018-10-14 12:53:44 +00:00
Martin André
633379f779 Ensure the needed openshift resources are set
We expect the the Keepalived and HAproxy services to be deployed on the
OpenShift master nodes, let's require them in the openshift heat
environment file. This prevents an issue when the docker-ha environment
is loaded because it would redefine these resources.

Change-Id: I57a7ea854bd8db4e20af1a608a6937604c0e3bd2
2018-10-12 16:34:20 +02:00
Juan Antonio Osorio Robles
3ecbf827ec Rename no-tls environment
It was using a wrong name, which came by accident since it was
introduced to the sample environment generator.

Change-Id: I154af6d0b7ebf5cd339d5d06eaaf9b1ab66814b0
Related-Bug: #1796022
2018-10-12 11:16:35 +03:00
Ben Nemec
3abb38ae14 Split designate envs
Because the designate parameters will always need to be edited for
a deployment, a copy of the environment must be made.  However,
because there were resource_registry entries in the previous
enable-designate environments those relative paths would become
invalid if the file was moved.  Splitting the resource_registry
entries from the user-configured parameters should eliminate this
problem.

Change-Id: I8817a36e20e7a75b340a0d6cb0abf09e57b1fd63
2018-10-11 15:15:16 +00:00
Ben Nemec
0244ae08cd Add sample designate environment for ha
The pool configuration for an ha deployment of designate looks quite
a bit different from the nonha one, so it's useful to provide a
separate example environment for it.

Change-Id: I69b3c44b368bab3fff885e67fa6523fbb1c80347
2018-10-11 15:15:11 +00:00
Juan Antonio Osorio Robles
d6a5c04b72 Update no-tls environment in ssl/ directory
It was out of date (including extra entries)

Change-Id: Ib1258b8b9d8141cf534ab674c494c82f64f9ad9b
2018-10-11 15:30:18 +03:00
Jiri Stransky
7a438651af Remove obsolete code for handling Pacemakerized resource restarts
Remove scripts and templates which dealt with Pacemaker and its
resource restarts before we moved to containerized deployments. These
should all now be unused.

Many environments had this mapping:

    OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
    OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
    OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml

The ControllerPostPuppetRestart is only ever referenced from
ControllerPostConfig, so if ControllerPostConfig is OS::Heat::None, it
doesn't matter what ControllerPostPuppetRestart is mapped to.

Change-Id: Ibca72affb3d55cf62e5dfb52fe56b3b1c8b12ee0
Closes-Bug: #1794720
2018-10-11 10:41:15 +02:00
Marios Andreou
0ec9a3db94 Remove deprecated Ram/Disk filters in NovaSchedulerDefaultFilters
As reported in the related bug below and merged for the undercloud
with https://review.openstack.org/#/c/598167 the Ram/Disk filters
are deprecated since [1] so we should stop using them.

[1] https://review.openstack.org/#/c/596502/
Related-Bug: 1787910
Change-Id: Ib3585b4c04c974c34d61b868d0454df03c1a2aed
2018-10-09 12:09:03 +00:00
hanish gogada
a800ee0c11 Implements: liquidio-containerization
Modified heat templates to add support for containerization for
Liquidio compute service. Fixed a issue in the ProviderMappings
in Liquidio heat templates.

Depends-On: Ice2baafae2fb1011e16d83c83b5c85f721f6d679
Change-Id: Id4c754f402091e17a974972408919332aa06cd11
2018-10-09 12:10:02 +05:30
Zuul
6adc2f3f85 Merge "Add config option for ODL IPv6 deployment" 2018-10-07 23:11:50 +00:00
Zuul
17933be619 Merge "Fix TLS when using a containerized undercloud" 2018-10-07 00:52:09 +00:00
Zuul
ca47673df9 Merge "This file intorduces OVN as a controller. I've cloned the neutron-sfc.yaml file and added to the parameter_defaults NeutronSfcDriver:'ovn' There could be other param defaults needs to be added and i'm not aware of." 2018-10-07 00:36:08 +00:00
Zuul
57e90388d5 Merge "Introduce OpenShiftGlusterNodeVars heat param" 2018-10-06 15:19:14 +00:00
Michele Baldessari
c2139a7db2 Fix TLS when using a containerized undercloud
Since we moved to containerized UC, TLS Everywhere deployments are broken.
Namely we miss two things:

A. The NAT iptables rule for the nova metadata service to be reachable
B. The setting 'service_metadata_proxy=false' needs to be set for nova
   metadata otherwise the curl calls to setup ipa will fail with the
   following:
[root@overcloud-controller-0 log]# curl http://169.254.169.254/openstack/2016-10-06
<html>
 <head>
  <title>400 Bad Request</title>
 </head>
 <body>
  <h1>400 Bad Request</h1>
  X-Instance-ID header is missing from request.<br /><br />
 </body>
</html>

A. Is fixed by adding a conditional iptables rule that is only triggered
   when deploying an undercloud (where we set MetadataNATRule to true)

B. Is fixed by setting NeutronMetadataProxySharedSecret to '' on the
   undercloud and then setting the corresponding hiera keys only when
   the parameter != ''. We tried alternative simpler approaches like
   setting NeutronMetadataProxySharedSecret to null but that will break
   heat as the parameter is required and setting it to null breaks heat
   validation (we also tried to make the parameter optional with a
   default: '', but that broke as well)

While we're at it we also remove the neutron metadata service from the
undercloud as it is not needed.

Tested by deploying an undercloud with this change and observing:
A.
Chain PREROUTING (policy ACCEPT 106 packets, 6698 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REDIRECT   tcp  --  br-ctlplane *       0.0.0.0/0            169.254.169.254      multiport dports 80 state NEW /* 999 undercloud nat ipv4 */ redir ports 8775

B.
grep -ir ^service_metadata_proxy /var/lib/config-data/puppet-generated/nova/etc/nova/nova.conf
service_metadata_proxy=False

Also a deployment of a TLS overcloud was successful.

Change-Id: Id48df6db012fb433f9a0e618d0269196f4cfc2c6
Co-Authored-By: Martin Schuppert <mschuppe@redhat.com>
Closes-Bug: #1795722
2018-10-06 13:25:18 +00:00
Zuul
5d2b9a420e Merge "Configure haproxy for openshift infra" 2018-10-06 12:46:01 +00:00
Janki Chhatbar
53b2cc0b56 Add config option for ODL IPv6 deployment
Add a flag to specify which IP version to
deploy ODL on via Puppet-ODL.

Change-Id: Idd257cf4666b853eb4c52861f9f400b6dbdeeadb
Closes-Bug: #1783196
2018-10-05 07:49:51 +00:00
Martin André
bd5dddb58d Introduce OpenShiftGlusterNodeVars heat param
Removes conflict on OpenShiftGlobalVariables param that was overwritten
by the openshift-cns.yaml environment file. The default options for CNS
as now moved into the extraconfig/services/openshift-cns.yaml template
and can be overwritten by setting the OpenShiftGlusterNodeVars heat
parameter.

Change-Id: I43052662e913a02945f22e9f541a45ce2d9d828c
2018-10-03 18:49:33 +00:00
Zuul
3a8956cee8 Merge "Set the number of RPC workers to 1 for non SRIOV OVN setups" 2018-10-03 16:03:12 +00:00
Zuul
7ea21fff23 Merge "Mount /usr/share/ceph-ansible into mistral-executor" 2018-10-03 16:00:19 +00:00
Zuul
77088da1b8 Merge "Add UseNotifySSL to environments/ssl/enable-internal-tls.yaml" 2018-10-03 09:37:28 +00:00
Zuul
51410f0e88 Merge "Add a zaqar-swift-backend environment file" 2018-10-03 01:44:37 +00:00
Zuul
42a6e65632 Merge "Remove unused parameter NeutronEnableDHCPAgent" 2018-10-03 01:42:49 +00:00
Zuul
714706ff6e Merge "Don't configure BIND to listen on localhost" 2018-10-02 18:52:03 +00:00