2435 Commits

Author SHA1 Message Date
Pradeep Kilambi
321ecf916f Fix the disable expirer to remove crontab
Instead of doing this via puppet which has the consequence of including
the step_config and getting included on the host manifest. Lets disable
via ansible upgrade task instead.

Change-Id: I5f1a4019dd635dea67db4313bd06a228ae7bacd4
2017-06-07 15:00:12 -04:00
Jenkins
2518394c2f Merge "Ability to enable/disable debug mode per OpenStack service" 2017-06-07 17:56:32 +00:00
Emilien Macchi
1e899703cc Ability to enable/disable debug mode per OpenStack service
Add ServiceDebug parameters for each services that will allow operators
to enable/disable Debug for specific services.

We keep the Debug parameters for backward compatibility.

Operators want to enable Debug everywhere:
  Debug: true
Operators want to disable Debug everywhere:
  Debug: false
Operators want to disable Debug everywhere except Glance:
  GlanceDebug: true
Operators want to enable Debug everywhere except Glance:
  Debug: true
  GlanceDebug: false

New parameters: AodhDebug, BarbicanDebug, CeilometerDebug, CinderDebug,
CongressDebug, GlanceDebug, GnocchiDebug, HeatDebug, HorizonDebug,
IronicDebug, KeystoneDebug, ManilaDebug, MistralDebug, NeutronDebug,
NovaDebug, OctaviaDebug, PankoDebug, SaharaDebug, TackerDebug,
ZaqarDebug.

Note: for backward compatibility in Horizon, HorizonDebug is set to
false, so we maintain previous behavior.

Change-Id: Icbf4a38afcdbd8471d1afc11743df9705451db52
Implement-blueprint: composable-debug
Closes-Bug: #1634567
2017-06-07 11:26:30 +02:00
Steven Hardy
03811f176a Convert puppet and docker steps to ansible
Replace the multiple SoftwareDeployment resources with a common
playbook that runs on all roles, consuming the configuration data
written via the HostPrepAnsible tasks.

This hopefully simplifies things, and will enable re-running the
deploy steps for minor updates (we'll need some way to detect
a container should be replaced, but that will be done via a
follow-up patch).

Change-Id: I674a4d9d2c77d1f6fbdb0996f6c9321848e32662
2017-06-06 15:44:01 +01:00
Jenkins
da86aacb66 Merge "Update metric processing delay default" 2017-06-06 12:57:48 +00:00
Jenkins
01c44271e8 Merge "Fix the constraints for THT params NeutronDpdkCoreList and HostCpusList" 2017-06-05 19:26:22 +00:00
Jenkins
1968d4042e Merge "Remove nova placement config for compute service node on upgrade" 2017-06-05 12:59:44 +00:00
Pradeep Kilambi
d6bda4eb14 Update metric processing delay default
This helps with processing the backlog, so lets update
the default out of the box.

Change-Id: I06d4ca95f4a1da2864f4845ef3e7a74a1bce9e41
2017-06-04 23:18:04 +00:00
Jenkins
9df1c37684 Merge "Add support for linuxbridge agent" 2017-06-03 01:48:27 +00:00
Jenkins
5e871e70fe Merge "Server blacklist support" 2017-06-02 23:12:08 +00:00
Jenkins
92cd34c243 Merge "Upgrade gnocchi without skip-storage" 2017-06-02 22:17:51 +00:00
Jenkins
d01de0e985 Merge "Handle upgrading cinder-volume under pacemaker" 2017-06-02 15:33:42 +00:00
Sven Anderson
cbf74d6e61 Increase default for NovaReservedHostMemory to 4096
Idle compute nodes are found to already consume ~1.5GB of memory, so
2GB is a bit tight.  Increasing to 4GB to be on the safe side.  Also
see https://bugzilla.redhat.com/show_bug.cgi?id=1341178

Change-Id: Ic95984b62a748593992446271b197439fa12b376
2017-06-01 13:38:42 +02:00
James Slagle
e3c8803295 Server blacklist support
Adds the ability to blacklist servers from all SoftwareDeployment
resources. The servers are specified in a new list parameter,
DeploymentServerBlacklist by the Heat assigned name
(overcloud-compute-0, etc).

implements blueprint disable-deployments

Change-Id: I46941e54a476c7cc8645cd1aff391c9c6c5434de
2017-05-31 20:23:58 -04:00
Karthik S
61480182f8 Fix the constraints for THT params NeutronDpdkCoreList and HostCpusList
This fix needs to be backported to ocata.

Change-Id: I5938761efa4f56e576f41929e0bc12df246ac81a
Signed-off-by: Karthik S <ksundara@redhat.com>
Closes-Bug: #1694703
2017-05-31 10:04:42 -04:00
Pradeep Kilambi
cb10ab2efe Upgrade gnocchi without skip-storage
When gnocchi-upgrade run, we need to ensure storage is upgraded so we
initialize the necessary storage sacks.

Closes-bug: #1693621

Change-Id: I84e4fc3b6ad7fd966c4097a29678a0fd5b7a20a5
2017-05-31 11:19:29 +00:00
Jenkins
85b07fd36c Merge "Enable arp_accept for all interfaces" 2017-05-30 16:15:56 +00:00
Emilien Macchi
847a1fe793 ceilometer-expirer: remove the crontab during upgrade
When running disabled/ceilometer-expirer.yaml, we want to remove the
crontab that used to run ceilometer-expirer binary in periodic way.
Let's use Puppet to remove this crontab.

We can't easily use Ansible tasks this time, because the Ansible cron
module can only remove Crontabs previously managed by Ansible:
https://docs.ansible.com/ansible/cron_module.html#examples

In this case, Puppet will erase the crontab in Pike. In Queens, we'll be
able to remove these environments files since we wouldn't need it
anymore.

Change-Id: Idb050c3b281d258aea52d6a3ef40441bb9c8bcbe
2017-05-29 19:28:19 +00:00
Alan Bishop
c4e3bbe039 Handle upgrading cinder-volume under pacemaker
Add upgrade tasks for cinder-volume when it's controlled by pacemaker:

o Stop the service before the entire pacemaker cluster is stopped.
  This ensures the service is stopped before infrastructure services
  (e.g. rabbitmq) go away.
o Migrate the cinder DB prior to restarting the service. This covers
  the situation when puppet-cinder (who otherwise would handle the db
  sync) isn't managing the service.
o Start the service after the rest of the pacemaker cluster has been
  started.

Closes-Bug: #1691851
Change-Id: I5874ab862964fadb68320d5c4de39b20f53dc25c
2017-05-26 08:26:49 -04:00
Ihar Hrachyshka
804fd3427e Enable arp_accept for all interfaces
OpenStack heavily relies on gratuitous ARP updates when moving floating
IP addresses between devices. When a floating IP moves, Neutron L3 agent
issues a burst of gratuitous ARP packets that should update any existing
ARP table entries on all nodes that belong to the same network segment.

Due to locktime kernel behavior, some gratuitous ARP packets may be
ignored [1], rendering ARP table entries broken for some time. Due to a
kernel bug [2], the time may be as long as hours, depending on other
traffic flowing to the node.

With the current EL7 kernel, the only way to make sure that nodes honor
all sent gratuitous ARP updates is to set arp_accept to 1; this will
disable locktime mechanism for the packets sent by Neutron L3 agent, and
will make sure ARP tables are always updated.

[1] https://patchwork.ozlabs.org/patch/762732/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1450203

Related-Bug: #1690165
Change-Id: I863b240e0ab4c4d5bb844f91b607fd0937d5cedf
2017-05-25 13:24:51 -07:00
Pradeep Kilambi
37447494de Add ignore_projects to filter gnocchi events
Without this, ceilometer db gets hammered with gnocchi swift events.
Keystone creds are required so middleware can query for id.

Related change:  I5c0f4f1a2c7fe7eb39ea6441970e9ac0946a4ec1

Change-Id: I9a7a80252703e470a69dc10352e7ece45ab23150
2017-05-25 16:44:16 +00:00
Bartosz Stopa
ee2c065be7 Add support for linuxbridge agent
Currently TripleO does not support LinuxBridge driver, setting
NeutronMechanismDrivers to linuxbridge will not force ml2 plugin
to use linuxbridge.

This commit adds new environment file which replaces default ovs
agent with linuxbridge on Compute and Controller nodes.

Change-Id: I433b60a551c1eeb9d956df4d0ffb6eeffe980071
Closes-Bug: #1652211
Depends-On: Iae87dc7811bc28fe86db0c422c363eaed5e5285b
Depends-On: Ie3ac03052f341c26735b423701e1decf7233d935
2017-05-25 14:39:44 +02:00
Jenkins
2cd3c412bf Merge "Enable mistral to run under mod_wsgi" 2017-05-25 10:38:49 +00:00
Jenkins
e7b44a1364 Merge "Role Specific paramaeter support for neutron-ovs-dpdk-agent service" 2017-05-24 09:33:17 +00:00
Jenkins
aeb11f384f Merge "Remove osd_pool_default_min_size to allow Ceph cluster to do the right thing by default" 2017-05-23 15:58:48 +00:00
Jenkins
80925bfe34 Merge "Disable mongodb by default" 2017-05-23 10:01:47 +00:00
Jenkins
9a0d017cc7 Merge "Use disabled suffix for disabled service names" 2017-05-23 00:08:28 +00:00
Keith Schincke
cdfe035663 Remove osd_pool_default_min_size to allow Ceph cluster to do the right thing by default
The default value is 0 which has the minimum number be caluclated based on the replica count
from osd_pool_defaut_size. The default replica count is 3 and the calculated min_size is 2.
If the replica count is 1 then the min_size is 1. ie: min_size = replica - (replica/2)
Add CephPoolDefaultSize parameter to ceph-mon.yaml. This parameter defaults to 3 but can
be overriden. See puppet-ceph-devel.yaml for an example

Change-Id: Ie9bdd9b16bcb9f11107ece614b010e87d3ae98a9
2017-05-22 14:38:52 -04:00
Juan Antonio Osorio Robles
9ede958714 Disable mongodb by default
It's not used by any service that we enable by default. So instead, I
added it to the environment that enables the services that use it.

Change-Id: Id2e6550fb7c319fc52469644ea022cf35757e0ce
2017-05-22 14:32:51 +03:00
Juan Antonio Osorio Robles
780b751601 Use disabled suffix for disabled service names
This changes both the service names and the file names for disabled
services, adding the 'disabled' suffix to them.

This comes with the reasoning that, if a service requires a disabled
service, and checks for the name in the "service_names" hiera entry, it
will appear as if the service was enabled, when it's actually not. So
changing the name and using this convention prevents that issue.

Change-Id: I308d6680a4d9b526f22ba0d7d20e5db638aadb9a
2017-05-22 11:32:05 +03:00
Jenkins
14276d79af Merge "TLS everywhere: configure mongodb's TLS settings" 2017-05-22 07:56:01 +00:00
Jenkins
0900c88428 Merge "Open ports 443 and 80 on haproxy's firewall when horizon is standalone" 2017-05-20 02:57:49 +00:00
Jenkins
cdbc8e8d1d Merge "Support Redfish hardware in the overcloud Ironic" 2017-05-20 00:20:29 +00:00
Jenkins
fcafc264a5 Merge "Dell SC: Add secondary DSM support" 2017-05-20 00:18:44 +00:00
Saravanan KR
6a564b7a87 Role Specific paramaeter support for neutron-ovs-dpdk-agent service
Merge the role specific parmaeter with the default parameter with the
higher precendece given to role specific parameters. Use the merged
settings to the hiera config settings.
Change-Id: I500558dfbf4ac4ddcf850064e654c4fab03d141b
2017-05-19 15:38:02 +05:30
Carlos Camacho
0a0e2ee629 Update the template_version alias for all the templates to pike.
Master is now the development branch for pike
changing the release alias name.

Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
2017-05-19 09:58:07 +02:00
Jenkins
a8366c93ed Merge "Add l2gw neutron agent support" 2017-05-19 06:52:31 +00:00
Jenkins
3ca1a2d99d Merge "neutron: set enable_dvr = False if NeutronEnableDVR is false" 2017-05-18 23:14:45 +00:00
Jenkins
eabb6d7c30 Merge "Enable splay for os-collect-config" 2017-05-18 18:34:35 +00:00
Ihar Hrachyshka
9efa81796e neutron: set enable_dvr = False if NeutronEnableDVR is false
This will make neutron-server stop advertising dvr extension if the
cloud is not configured to support this flavor of Neutron routers.

Change-Id: I38c8208edff07f7887887918729beb7710068078
Related-Bug: #1450067
2017-05-18 17:46:43 +00:00
Jenkins
d0696b9a9b Merge "TLS-everywhere: Configure CA for apache" 2017-05-18 13:19:27 +00:00
Jenkins
8a099a91c2 Merge "Default snmp to less verbose logging" 2017-05-18 11:15:33 +00:00
Peng Liu
633ab23f88 Add l2gw neutron agent support
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging
two or more networks together to make them look at a single broadcast
domain. This patch implements the l2gw agent which is one of the backend
of the l2 gateway service plugin.

Change-Id: I1ae8132ceff9410be7bd82caddf0d14251e720bf
Depends-On: If1501c153b1b170b9550cb7e5a23be463fba1fe9
Partially-Implements: blueprint l2gw-service-integration
Signed-off-by: Peng Liu <pliu@redhat.com>
2017-05-18 16:36:12 +08:00
Juan Antonio Osorio Robles
6bb2d9e5f8 TLS-everywhere: Configure CA for apache
This tells apache which CA certificate was used to sign the certs it's
using. this setting is useful in case we want to enable OCSP stapling or
client authentication via TLS.

Change-Id: I97a7e5332aea8377c7662ca98beb71ed5e236640
2017-05-17 12:27:00 +03:00
Juan Antonio Osorio Robles
30bd4f5189 Only set apache certificates if TLS everywhere is enabled
The Apache certs were were being set even if TLS everywhere isn't
enabled. This fixes that.

Change-Id: If143d1fdeb0102a1c13441f89acaa73af24bf48f
2017-05-17 12:26:57 +03:00
Juan Antonio Osorio Robles
b743b82815 TLS everywhere: configure mongodb's TLS settings
This configures the mongodb server to use TLS in the internal network,
while also passing the necessary attributes to generate the needed cert
and key.

bp tls-via-certmonger

Depends-On: I85dda29bcad686372a74bd7f094bfd62777a3032
Change-Id: If6c603b074cfa7e122579cec29d034fd3312868d
2017-05-17 07:44:47 +00:00
Jenkins
e4c07e2ab0 Merge "Add params to manage and configure pipeline publisher" 2017-05-17 01:34:55 +00:00
Jenkins
3fccf25205 Merge "Optimize kernel neighbour table for large scale environments" 2017-05-16 19:23:02 +00:00
Or Idgar
1651a1805a Optimize kernel neighbour table for large scale environments
Changing the default values of neighbor table (also known as ARP table)
in the kernel to avoid neighbour table overflow and thus fix
communication errors between overcloud nodes.
default kernel values support L2 network up to 1024 hosts (/22).
The patch will allow up to 4096 hosts (/20).

Change-Id: I5fabc766dd75a38cd3d835deee7e168f04dd30ce
Closes-Bug: #1690087
2017-05-16 07:59:27 +00:00
Christian Schwede
00551e744a Fix resource type in ObjectStorage role
The currently used resource type does not exist, therefore changing it.

Closes-Bug: 1691021
Change-Id: Iaf18af546817e0cf6cdfafcc5c54ab4d1a0f819d
2017-05-16 08:58:58 +02:00