Proper VLAN support requires adding the IP address to a new device,
rather than br-ex/br-ctlplane. This is added in the
tripleo-image-elements change https://review.openstack.org/103449
(I3f77f72ac623792e844dbb4d501b6ab269141f8e) and here we just expose
it with appropriate glue to get the IP address from Neutron.
With this we can now describe a VLAN public interface scenario
to the undercloud and overcloud control planes.
Change-Id: I4d2194fc813aebb0708d6fddf4f05bae5f091fd8
When change I6730ffe1e27d952d563c16a9480298fbef9f61fe got merged we
introduced some occurrences of list_join which should have been
migrated to Fn::Join (change I039f57ab39c1fcfc319a7a34265ba4fabf4ccd08)
This caused overcloud CI jobs to fail with:
Property error : allNodesConfig: config Items to join must be strings
This change fixes this by replacing newly introduced occurrences
of list_join with Fn::Join
Change-Id: Ibac193781d31d6f81e955e7b9381e13cfdd0ab1d
Previously BlockStorage nodes were using the controller ip instead of the virtual ip to reach rabbit, keystone and mysql.
Change-Id: I23f87511e59d4d3527403b1a81c1b3df65c6a904
Some of the keys defined in block-storage.yaml for neutron and
passed to the BlockStorage nodes were related to neutron, but
BlockStorage nodes do not route instances traffic so do not need
to be deployed with the OVS agent.
Change-Id: Icc7d5ea0d91370ccdf7cb4742d052fea004bae44
Currently there is very weak ordering of StructuredDeployments during
heat stack creation on the undercloud. This can cause the deployment which
sends the completion signal back to Heat to happen before all others have
completed, which in turn leads Heat to state the stack is ready while ORC
is still configuring services
The only workaround to this is to wait an unknown amount of time after the
heat stack completes before the system is usable.
This patch prevents the completion signal from being returned early, by
ensuring these are strictly ordered:
undercloudIronicDeployment (if used)
undercloudNovaDeployment
undercloudPassthroughDeployment
undercloudDeployment
Note: The reference numbering for the undercloud has been removed.
Change-Id: I98499dd54bb907d29cf355fe83b5c285a7375e97
To support underclouds and seeds running older than the very
latest heat.
2013-05-23 lacks function list_join, so this change reverts to
using the equivalent function Fn::Join.
Change-Id: I039f57ab39c1fcfc319a7a34265ba4fabf4ccd08
Closes-Bug: #1354305
This change sets applications to utilize the VIP address for database
connectivity and sets HAProxy in between the applications and MySQL.
Depends upon tripleo-image-elements changes:
Ia6f26305f8e744e4ff938dff85de1193183ecd8f
Iac1274cc52014f25887d696261b32146afc926dd
I5af70abb96021146c098f788db349808d806a348
Related to blueprint tripleo-icehouse-ha-production-configuration
Change-Id: Ia9d6ed2771f756d2a97ae5df7ed737a062a59cf2
The CA certificate is currently passed via ssl-source.yaml as
"stunnel.cacert", but this value is not currently used by stunnel
since we have no use case for client cert authentication.
This change proposes that it also be exposed as
"ssl.ca_certificate", which is consistent with the overall SSL
direction being driven by the PKI spec:
I32473fe797a4c1e28d14c3b82c8892c7c59a4e55
This new CA certificate value will be installed as a trusted CA
on all cloud nodes that issue SSL-secured connection requests to
OpenStack or other infrastructure (MySQL, RabbitMQ) services.
Change-Id: Ibacd7c98980520e11c0df89632013f2ba2dbe370
This makes it possible to remove a dead node (e.g. if NovaCompute2 has
failed, regenerate the template with ,2 in the scale parameter, and
NovaCompute2 will not be enumerated.
Change-Id: I65d85a88152ed4adee60895173f8a05611a6440b
To balance load over the rabbit cluster we want to route access
to it via haproxy.
This also helps workaround bug #856764 as an additional benefit.
This change sets rabbit.host to the ControlVirtualIP (to be used by
the elements) and adds an haproxy listener for the rabbit nodes.
Related to blueprint tripleo-icehouse-ha-production-configuration
Depends on I3ff37ec18b9191ca8e861519bed142cbdbd5faa2
Change-Id: I49b622a604542f456bd9a37da8dae3353218e640
Related-Bug: 856764
Controller scaling was broken by the commit
02772ba2877b9f6d427c6fd760bf19d6334c68a8. Merge.py raises an exception
when it tries to scale the default value "controller0" of the
`BootstrapNodeResource` parameter.
This reverts back to using Fn::Select for specifying the bootstrap host,
the rest of the Fn::Select -> get_attr changes are kept.
Change-Id: I0cdebf75d4752a35f547d4fbb81545ece3172405
As a side effect this fixes invalid keystone host generation
when multiple controller nodes are used.
Change-Id: I081976f0da94fc0232dfa2c34de03bbb4abf1a85
Because services which depend on pacemaker (ceilometer central
agent and neutron services) are used in undercloud too, we need to
set basic pacemaker and corosync metadata for undercloud.
Related to: Ifa83d62c2132bcdcb40d0b7c80ce3adadc0b5587
Related to: I63f054a8c80f9f676a77341c89e605b5b472d078
Change-Id: Icc97e36a1db198b973041346cf2056f68de661a2
These config options are supposed to be under neutron.ovs (see template
for neutron openvswitch agent). They were mistakenly moved to be just
under neutron when the migration to SoftwareConfig was done.
Change-Id: I5769dc1dc501d48c965f8e4e36238cfcaac64a17
With this we populate the hosts key (needed for /etc/hosts editing)
with the BlockStorage and SwiftStorage nodes too.
Change-Id: I6730ffe1e27d952d563c16a9480298fbef9f61fe
The BLOCKSTORAGESCALE and SWIFTSTORAGESCALE vars were incorrectly
ignored in the Makefile (and forcibly set to 0)
Change-Id: I37614153d8c87d25aa17e759fcd228a8a1fda4a4
Fixes a typo in nova-compute-config.yaml file where rabbit_username
was mistakenly written as rabbit_user_name; compute nodes received
null as rabbit username as consequence.
Change-Id: I796b9bdccd1863647a667edbbc96731fc924c55d
Overcloud bootstrap_nodeid is now specified by parameter
BootStrapNodeResource with default value controller0.
This avoids the need to use Fn::Select on the mergy.py
built list of controllers to specify the first controller.
Change-Id: Id9cfeab50b90ceeeae51ea0e35997b7495b28cc4
Partial-Blueprint: tripleo-juno-remove-mergepy
This change was generated and validated by running the following:
make hot clean all validate-all
This converts all templates to be valid HOT.
Fn::Select is not converted in this change but this will actually
work with heat_template_version 2013-05-23. Fn::Select is converted
manually in the next change in this series.
This change also sets the heat_template_version to 2014-10-16 which
includes the list_join intrinsic functions used throughout these
templates.
Partial-Blueprint: tripleo-juno-remove-mergepy
Change-Id: Ib3cbb83f6ae94adb7b793ab1b662bd5c55cbb5b3
This adds a --hot flag to merge.py which will assume source templates
are in the HOT format, and generate a HOT template artifact.
Tests have also been ported to HOT, along with some minor corrections
to the existing tests to make the source and result templates valid
heat templates.
Partial-Blueprint: tripleo-juno-remove-mergepy
Change-Id: If18ff79f89456123c884a1ab2f910ce4cc9a6e0b
Currently there is very weak (no) ordering of StructuredDeployments during
heat stack creation (and, importantly, update) on the overcloud. This can
cause the deployment which sends the completion signal back to Heat to
happen before all others have completed, which in turn leads Heat to state
the stack is ready while ORC is still configuring services
The only workaround to this is to wait an unknown amount of time after the
heat stack completes before the system is usable.
This patch prevents the completion signal from being returned early, by
ensuring these are strictly ordered:
controller0Deploy
controller0Passthrough
controller0AllNodesDeploy
NovaCompute0Deploy
NovaCompute0Passthrough
NovaCompute0AllNodesDeploy
Change-Id: I0a549370b7aca55b1145de521ad51218428deaf5
Inherit passthrough from nova-compute-instance.yaml, rather than
having an exact copy in overcloud-source.yaml.
Change-Id: I4f5a4a7be5835cb68755734aa72f8d9670cba0d4
Rename NovaCompute0Config to NovaCompute0Deploy as this makes
the structured deployment name match the one in
nova-compute-instance.yaml.
Change-Id: I79f66c09006aa7f7118af1f48e1f6f10b87daec6
Rename all occurrences of controller0AllNodesConfig to
controller0AllNodes as this is in line with compute node
deployments. Also the current naming is confusing as this is a
deployment step not a configuration step.
Change-Id: I8efa3b6a64a099e1e8ee43009472152aed5f8ad8
All controller nodes are added into the list of swift devices and into
the list of memcache servers. This patch also removes swift storage nodes
from the list of memcache servers - I don't think that each storage node
should run proxy server (also swift-storage element doesn't depend on
swift-proxy).
Change-Id: Idb2ce2e2050fb84d8f8b564626b20e7b059fd685
Specify NO_SIGNAL for signal_transport on the BlockStorage0Deployment
resource. Otherwise, this resource remains CREATE_IN_PROGRESS forever.
Change-Id: I973d197245ed32612bde9209479e6ae3a443fc69
user_data_format must be set to SOFTWARE_CONFIG on instances of
OS::Nova::Server where there are deployments. Corrects the following
error:
ERROR: Resource BlockStorage0's property user_data_format should be set
to SOFTWARE_CONFIG since there are software deployments on it.
Change-Id: Iba29588374980098d71585ff1bf26ad914a6711c
Prior to this change our heat templates define one virtual IP, which all
the services are bound to.
We wish to be able to segregate these endpoints: some need to be
accessible to "the public"; some are only intended to be accessed within
the cloud; some are only for admin use.
This change adds a second VIP which we can use for binding only the
endpoints that are intended to be publicly accessible, leaving the older
VIP to be used for internal end points.
Haproxy is told to also listen on that new VIP so that we can expose selected
services via the new VIP, and keepalived is in charge of assigning the VIP to
control plane nodes.
This change has a proposed split of services between control-only and
control+public interfaces. Assuming our yaml parsers (in merge.py and
Heat) understand YAML anchors/aliases, and assuming I've got the syntax
right, this should get expanded so that all the control+public services
get their config defined from the same block without needing to repeat
it for each service. (AFAICT both merge.py and heat use pyyaml, which
does support aliases/anchors)
The default is left at binding to only the controlplane interface, so
that new services added to this map will default to being internal-only
This patchset partially completes a spec which will one day live at
https://blueprints.launchpad.net/tripleo/+specs/tripleo-juno-virtual-public-ips
but for now can bee seen in Id9addc65f0d2ed519ce4b3edbd561ed660a2786e
Implements: blueprint tripleo-juno-virtual-public-ips
Change-Id: I9649ee74ebaf62b6b929b28243a07c789a08867c
Co-Authored-By: Robert Collins <rbtcollins@hp.com>
Partial-Bug #1325114
