Currently, as discussed in [1], the Erlang Port Mapper Daemon requires that
the loopback interface supports IPv6 in order to initialize properly.
Without that, rabbitmq-server cannot start and deployment fails at step 2.
Until the startup behaviour of epmd is amended, do not disable inet6 support
on loopback device to workaround the problem.
Closes-Bug: #1780065
[1] https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1312507/comments/15
Change-Id: I200acaeaca15e47dc2e3b2462a6254e85477ffb0
With https://review.openstack.org/#/c/561784 we change the default
migration port range to '61152-61215'.
nova::migration::qemu::configure_qemu needs to be set to true that
the config gets applied via puppet-nova.
Change-Id: Iad4b392c9fe7426f2ce10a02fadd8b1aeee34ef6
Closes-bug: 1779820
Depends-On: Idadfc7b3507977f1385e846a48a734ed0e5f0a32
In instack-undercloud we manage the selinux configuration during the
deployment. This change exposes the configuration as a new tripleo
service for selinux so we can configure it.
Change-Id: I2109bf62e307df92b6bdb57600c58dd61482f46d
Partial-Bug: #1779005
Correct option is storage_vnx_pool_names, so environments and puppet
service yamls need to be changed.
Depends-On: https://review.openstack.org/#/c/572720/
Closes-bug: #1775752
Change-Id: I98ec997847443673b49552d1223238bc9da03cf4
The default docker0 brige should be normally given a
value that does not conflict to any of the existing
networks' CIDR ranges.
If there is a conflict for the default value `172.31.0.1/24`,
allow users to alter the the docker service startup ``--bip``
option via ``DockerNetworkOptions``.
Change-Id: I9b3e729ba48811415106c9fa460cd5a677067fb7
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Moving nfs mount task from Docker glance-api template to
host_prep_tasks of Puppet glance-api template which would be
common place for both containerized & baremetal case.
Since, all the nfs related puppet-tripleo parameters are no
longer needed after this cleanup, removing those too.
Change-Id: I232577643c26d7eb0162c09b3c394b7f3e161154
BIND stores dynamically created zones in /var/named by default,
which means that this directory needs to be persistent across
container restarts. However, we can't just bind mount /var/named
into the container because /var/named is empty on the host, but in
the container the BIND package populates some necessary initial files
in it.
To address this, we can point BIND at /var/named-persistent and
copy all of the initial config from /var/named at container start,
just like we do for other configs.
Change-Id: Ic17fb812468f2eb66d9c348b51dfa73a1f216a70
Don't set OpenDaylight password in THT. Let Tripleo-common
generate it.
Partial-Bug: #1778531
Depends-On: I7e51e2bc91b5e24931299f08a709437408b62fec
(https://review.openstack.org/#/c/577831/)
Change-Id: I9a07848b91741320e3393a153d279e7a877a2e1b
networking-ovn optionally expects list of dns server to be defined in the
config -'ovn/dns_servers'. These will be included in the 'dns_server' DHCP
option field when the VMs send DHCP request if the subnet's dns_nameservers field
is not defined by the user.
This patch sets the hieradata - 'neutron::plugins::ml2::ovn::dns_servers' to the
defined OVNDnsServers t-h-t param.
Change-Id: I80574f7badfcc618254266051c8d6661c08e2be0
Closes-bug: #1774052
Enable any_errors_fatal and max_fail_percentage Ansible options
to be set per TripleO role. This change also provides a
structure by which future per-role Ansible options can readily
be added to group_vars.
Closes-Bug: 1760989
Change-Id: I47954717f42f14bae8d9fd2bd17cd8ea1fd787b3
Docker doesn't like it when the time shifts so if we're building
containers when the ntp time sync actually occurs it can lead to
deployment failures. To prevent this, let's force a ntpdate on the host
during step1 to ensure the hardware time is properly synced before
proceeding.
Change-Id: I812c7da90ae06120707fd8795a41e4fd867f510e
Closes-Bug: #1776869
Horizon uses OPENSTACK_KEYSTONE_URL to generate browser redirects for
web sso (in openstack_auth/utils.py). In order to generate valid URLs,
this value must use a versioned keystone endpoint.
Change-Id: Ifd8b7dea83a4566b69f76898952f908395c590a4
This is required for a containerized undercloud to perform workflow
driven container image prepare during overcloud deployment.
This moves the MistralDockerGroup parameter out of mistral-base since
this is only required for the executor.
Further changes will be needed to puppet-tripleo to use 'group' and
'user' instead of ensure_resource, and also to ensure that the created
docker group inside the executor container has the same gid as the
docker group on the host, but these can depend on this change for
testing.
Change-Id: I429c72c0334a177d1ec37c3d9c13b7ba983de734
Blueprint: container-prepare-workflow
Previously BIND listened on all configured interfaces on the system.
This doesn't make sense (why have DNS listening on the storage network,
for example) and could be a security issue in some environments.
This commit makes the BIND network configurable the same as any other
service.
Change-Id: Iaad11b1b4037719954ab17fb171e5804f3cbbe58
Apparently if the name of the firewall rule doesn't match the service
name then the rules don't get applied.
Also, for DNS we need both tcp and udp ports opened.
Change-Id: Iccb1f78508f1231b998d120fe1ccd6edb9e4a14b
There is no auth mode called simple. Fix the mode to
basic so it gets set corretcly when configured in
collectd.
Depends-On: I05632137ed12c59a41a5219189c431983935d461
Change-Id: I2561a35c54e0137f5420de4403e5e20dd08afd28
New compute/cpu_shared_set nova config can be set via parameter
NovaComputeCpuSharedSet.
Some workloads run best when the hypervisor overhead processes
(emulator threads in libvirt/QEMU) can be placed on different
physical host CPUs than other guest CPU resources. This allow
those workloads to prevent latency spikes for guest vCPU threads.
A list or range of physical CPU cores to reserve for for best-
effort guest vCPU resources (e.g. emulator threads in libvirt/QEMU)
can be specified.
Closes-Bug: 1776905
Change-Id: I53c567e8eeef12d582205b6e2d8310635555b5b8
OpenDaylightPort and OpenDaylightConnectionProtocol
were deprecated and are being removed in this patch.
Change-Id: Iac57b2c12735d972c8165bfe7374381a3ffd51e2
It will expose IronicEnabledBiosInterfaces setting
in order to configure it.
Depends-On: I4960b55382b4ef60fefc147a2ae4fca3daa9432b
Change-Id: I5e9368732aa1a22bb5e0ec7240a587958d7bfdeb
Do not activate it with Debug anymore. We are now pushing memcached
log into stdout where they will be collected by journald. When
activating debug, it will log there all the requests/replies to/from
memcached. This will make the journal grows fast and clutter it
will (most of the time) useless information.
So if memcached debug is needed for some reason let the operator says
so explicitly.
Change-Id: I85b6ca421d326c6e764fade66726407b905c796d
the horizon::keystone_url is ultimately used to set the
OPENSTACK_KEYSTONE_URL setting in Horizon's local_settings, and this
is used in browser redirects when utilizing web SSO. In many cases,
the keystone internal endpoint would be inaccessible to browser
clients, so we should use the public endpoint here.
Change-Id: I5b3c0935b1a5c38704e748770b7bac52d674a637
Implement a service that will deploy TripleO Validations package and
user by using Puppet like we did with instack-undercloud. This service
will be included on the undercloud but disabled by default. We'll keep
the same interface in undercloud.conf to enable it or not so no change
for the end user.
Change-Id: Ida09f92010e31d952edd82b42a7fc20451537d42