Instead of doing this via puppet which has the consequence of including
the step_config and getting included on the host manifest. Lets disable
via ansible upgrade task instead.
Change-Id: I5f1a4019dd635dea67db4313bd06a228ae7bacd4
Add ServiceDebug parameters for each services that will allow operators
to enable/disable Debug for specific services.
We keep the Debug parameters for backward compatibility.
Operators want to enable Debug everywhere:
Debug: true
Operators want to disable Debug everywhere:
Debug: false
Operators want to disable Debug everywhere except Glance:
GlanceDebug: true
Operators want to enable Debug everywhere except Glance:
Debug: true
GlanceDebug: false
New parameters: AodhDebug, BarbicanDebug, CeilometerDebug, CinderDebug,
CongressDebug, GlanceDebug, GnocchiDebug, HeatDebug, HorizonDebug,
IronicDebug, KeystoneDebug, ManilaDebug, MistralDebug, NeutronDebug,
NovaDebug, OctaviaDebug, PankoDebug, SaharaDebug, TackerDebug,
ZaqarDebug.
Note: for backward compatibility in Horizon, HorizonDebug is set to
false, so we maintain previous behavior.
Change-Id: Icbf4a38afcdbd8471d1afc11743df9705451db52
Implement-blueprint: composable-debug
Closes-Bug: #1634567
Replace the multiple SoftwareDeployment resources with a common
playbook that runs on all roles, consuming the configuration data
written via the HostPrepAnsible tasks.
This hopefully simplifies things, and will enable re-running the
deploy steps for minor updates (we'll need some way to detect
a container should be replaced, but that will be done via a
follow-up patch).
Change-Id: I674a4d9d2c77d1f6fbdb0996f6c9321848e32662
Idle compute nodes are found to already consume ~1.5GB of memory, so
2GB is a bit tight. Increasing to 4GB to be on the safe side. Also
see https://bugzilla.redhat.com/show_bug.cgi?id=1341178
Change-Id: Ic95984b62a748593992446271b197439fa12b376
Adds the ability to blacklist servers from all SoftwareDeployment
resources. The servers are specified in a new list parameter,
DeploymentServerBlacklist by the Heat assigned name
(overcloud-compute-0, etc).
implements blueprint disable-deployments
Change-Id: I46941e54a476c7cc8645cd1aff391c9c6c5434de
This fix needs to be backported to ocata.
Change-Id: I5938761efa4f56e576f41929e0bc12df246ac81a
Signed-off-by: Karthik S <ksundara@redhat.com>
Closes-Bug: #1694703
When gnocchi-upgrade run, we need to ensure storage is upgraded so we
initialize the necessary storage sacks.
Closes-bug: #1693621
Change-Id: I84e4fc3b6ad7fd966c4097a29678a0fd5b7a20a5
When running disabled/ceilometer-expirer.yaml, we want to remove the
crontab that used to run ceilometer-expirer binary in periodic way.
Let's use Puppet to remove this crontab.
We can't easily use Ansible tasks this time, because the Ansible cron
module can only remove Crontabs previously managed by Ansible:
https://docs.ansible.com/ansible/cron_module.html#examples
In this case, Puppet will erase the crontab in Pike. In Queens, we'll be
able to remove these environments files since we wouldn't need it
anymore.
Change-Id: Idb050c3b281d258aea52d6a3ef40441bb9c8bcbe
Add upgrade tasks for cinder-volume when it's controlled by pacemaker:
o Stop the service before the entire pacemaker cluster is stopped.
This ensures the service is stopped before infrastructure services
(e.g. rabbitmq) go away.
o Migrate the cinder DB prior to restarting the service. This covers
the situation when puppet-cinder (who otherwise would handle the db
sync) isn't managing the service.
o Start the service after the rest of the pacemaker cluster has been
started.
Closes-Bug: #1691851
Change-Id: I5874ab862964fadb68320d5c4de39b20f53dc25c
OpenStack heavily relies on gratuitous ARP updates when moving floating
IP addresses between devices. When a floating IP moves, Neutron L3 agent
issues a burst of gratuitous ARP packets that should update any existing
ARP table entries on all nodes that belong to the same network segment.
Due to locktime kernel behavior, some gratuitous ARP packets may be
ignored [1], rendering ARP table entries broken for some time. Due to a
kernel bug [2], the time may be as long as hours, depending on other
traffic flowing to the node.
With the current EL7 kernel, the only way to make sure that nodes honor
all sent gratuitous ARP updates is to set arp_accept to 1; this will
disable locktime mechanism for the packets sent by Neutron L3 agent, and
will make sure ARP tables are always updated.
[1] https://patchwork.ozlabs.org/patch/762732/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1450203
Related-Bug: #1690165
Change-Id: I863b240e0ab4c4d5bb844f91b607fd0937d5cedf
Without this, ceilometer db gets hammered with gnocchi swift events.
Keystone creds are required so middleware can query for id.
Related change: I5c0f4f1a2c7fe7eb39ea6441970e9ac0946a4ec1
Change-Id: I9a7a80252703e470a69dc10352e7ece45ab23150
Currently TripleO does not support LinuxBridge driver, setting
NeutronMechanismDrivers to linuxbridge will not force ml2 plugin
to use linuxbridge.
This commit adds new environment file which replaces default ovs
agent with linuxbridge on Compute and Controller nodes.
Change-Id: I433b60a551c1eeb9d956df4d0ffb6eeffe980071
Closes-Bug: #1652211
Depends-On: Iae87dc7811bc28fe86db0c422c363eaed5e5285b
Depends-On: Ie3ac03052f341c26735b423701e1decf7233d935
The default value is 0 which has the minimum number be caluclated based on the replica count
from osd_pool_defaut_size. The default replica count is 3 and the calculated min_size is 2.
If the replica count is 1 then the min_size is 1. ie: min_size = replica - (replica/2)
Add CephPoolDefaultSize parameter to ceph-mon.yaml. This parameter defaults to 3 but can
be overriden. See puppet-ceph-devel.yaml for an example
Change-Id: Ie9bdd9b16bcb9f11107ece614b010e87d3ae98a9
It's not used by any service that we enable by default. So instead, I
added it to the environment that enables the services that use it.
Change-Id: Id2e6550fb7c319fc52469644ea022cf35757e0ce
This changes both the service names and the file names for disabled
services, adding the 'disabled' suffix to them.
This comes with the reasoning that, if a service requires a disabled
service, and checks for the name in the "service_names" hiera entry, it
will appear as if the service was enabled, when it's actually not. So
changing the name and using this convention prevents that issue.
Change-Id: I308d6680a4d9b526f22ba0d7d20e5db638aadb9a
Merge the role specific parmaeter with the default parameter with the
higher precendece given to role specific parameters. Use the merged
settings to the hiera config settings.
Change-Id: I500558dfbf4ac4ddcf850064e654c4fab03d141b
This will make neutron-server stop advertising dvr extension if the
cloud is not configured to support this flavor of Neutron routers.
Change-Id: I38c8208edff07f7887887918729beb7710068078
Related-Bug: #1450067
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging
two or more networks together to make them look at a single broadcast
domain. This patch implements the l2gw agent which is one of the backend
of the l2 gateway service plugin.
Change-Id: I1ae8132ceff9410be7bd82caddf0d14251e720bf
Depends-On: If1501c153b1b170b9550cb7e5a23be463fba1fe9
Partially-Implements: blueprint l2gw-service-integration
Signed-off-by: Peng Liu <pliu@redhat.com>
This tells apache which CA certificate was used to sign the certs it's
using. this setting is useful in case we want to enable OCSP stapling or
client authentication via TLS.
Change-Id: I97a7e5332aea8377c7662ca98beb71ed5e236640
This configures the mongodb server to use TLS in the internal network,
while also passing the necessary attributes to generate the needed cert
and key.
bp tls-via-certmonger
Depends-On: I85dda29bcad686372a74bd7f094bfd62777a3032
Change-Id: If6c603b074cfa7e122579cec29d034fd3312868d
Changing the default values of neighbor table (also known as ARP table)
in the kernel to avoid neighbour table overflow and thus fix
communication errors between overcloud nodes.
default kernel values support L2 network up to 1024 hosts (/22).
The patch will allow up to 4096 hosts (/20).
Change-Id: I5fabc766dd75a38cd3d835deee7e168f04dd30ce
Closes-Bug: #1690087