3491 Commits

Author SHA1 Message Date
Zuul
995fa8451a Merge "Set configure_qemu to true to get qemu port range applied" 2018-07-06 18:06:52 +00:00
Zuul
cf77ea0ae0 Merge "Add networking-ansible ML2 plugin support" 2018-07-05 17:44:05 +00:00
Damien Ciabrini
93fb7f08b8 Do not disable ipv6 on loopback interface for epmd
Currently, as discussed in [1], the Erlang Port Mapper Daemon requires that
the loopback interface supports IPv6 in order to initialize properly.
Without that, rabbitmq-server cannot start and deployment fails at step 2.

Until the startup behaviour of epmd is amended, do not disable inet6 support
on loopback device to workaround the problem.

Closes-Bug: #1780065

[1] https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1312507/comments/15

Change-Id: I200acaeaca15e47dc2e3b2462a6254e85477ffb0
2018-07-04 05:47:19 -04:00
Zuul
de62fe3844 Merge "Fix gnocchi auth mode to basic" 2018-07-03 12:37:46 +00:00
Martin Schuppert
547552fc7b Set configure_qemu to true to get qemu port range applied
With https://review.openstack.org/#/c/561784 we change the default
migration port range to '61152-61215'.
nova::migration::qemu::configure_qemu needs to be set to true that
the config gets applied via puppet-nova.

Change-Id: Iad4b392c9fe7426f2ce10a02fadd8b1aeee34ef6
Closes-bug: 1779820
Depends-On: Idadfc7b3507977f1385e846a48a734ed0e5f0a32
2018-07-03 11:24:39 +02:00
Zuul
794b9d527e Merge "Add SELinux management to containerized undercloud" 2018-07-02 12:35:34 +00:00
rabi
6d5b9ab421 Add networking-ansible ML2 plugin support
Depends-On: https://review.openstack.org/577074
Depends-On: https://review.openstack.org/576093

Change-Id: Ib0c2395fbabc654378101527ca065b5c69d3222d
2018-07-02 13:22:04 +05:30
Zuul
423d3bee26 Merge "storage_vnx_pool_name is incorrect for VNX cinder driver." 2018-06-30 09:21:59 +00:00
Zuul
817b41aa0e Merge "Make BIND /var dir persistent" 2018-06-30 05:07:23 +00:00
Zuul
96e79ff989 Merge "Moving glance mount nfs block to puppet glance-api template" 2018-06-30 01:39:47 +00:00
Zuul
5dddc280e2 Merge "Allow custom --bip CIDR for docker options" 2018-06-30 01:32:02 +00:00
Zuul
ddabb32f13 Merge "use versioned keystone endpoint in OPENSTACK_KEYSTONE_URL" 2018-06-29 19:39:04 +00:00
Zuul
07822d782f Merge "Make BIND listen address configurable" 2018-06-29 09:01:24 +00:00
Zuul
f07f33c47a Merge "Delete deprecated parameters" 2018-06-28 18:15:43 +00:00
Alex Schultz
db181732c6 Add SELinux management to containerized undercloud
In instack-undercloud we manage the selinux configuration during the
deployment. This change exposes the configuration as a new tripleo
service for selinux so we can configure it.

Change-Id: I2109bf62e307df92b6bdb57600c58dd61482f46d
Partial-Bug: #1779005
2018-06-28 09:12:30 -06:00
Zuul
8f78a8d747 Merge "Fix DNS firewall rules" 2018-06-28 05:33:43 +00:00
Zuul
8080c4dbee Merge "Delete default ODL Password" 2018-06-27 17:40:28 +00:00
Zuul
20207b0cc3 Merge "Support enabling Debug in OVN metadata agent" 2018-06-27 10:50:52 +00:00
Zuul
7bc1a59483 Merge "ovn: Add dns_servers configuration support" 2018-06-27 00:46:00 +00:00
Zuul
c058fe4b68 Merge "trivialfix:fix a typo" 2018-06-26 20:30:37 +00:00
Zuul
8a36325573 Merge "Enable Ansible error handling per role" 2018-06-26 13:11:42 +00:00
Yong Huang
1fa441479b storage_vnx_pool_name is incorrect for VNX cinder driver.
Correct option is storage_vnx_pool_names, so environments and puppet
service yamls need to be changed.

Depends-On: https://review.openstack.org/#/c/572720/
Closes-bug: #1775752

Change-Id: I98ec997847443673b49552d1223238bc9da03cf4
2018-06-26 17:44:28 +08:00
Bogdan Dobrelya
beff4795a5 Allow custom --bip CIDR for docker options
The default docker0 brige should be normally given a
value that does not conflict to any of the existing
networks' CIDR ranges.

If there is a conflict for the default value `172.31.0.1/24`,
allow users to alter the the docker service startup ``--bip``
option via ``DockerNetworkOptions``.

Change-Id: I9b3e729ba48811415106c9fa460cd5a677067fb7
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-06-26 12:07:54 +03:00
Pranali Deore
2664ddd5b7 Moving glance mount nfs block to puppet glance-api template
Moving nfs mount task from Docker glance-api template to
host_prep_tasks of Puppet glance-api template which would be
common place for both containerized & baremetal case.

Since, all the nfs related puppet-tripleo parameters are no
longer needed after this cleanup, removing those too.

Change-Id: I232577643c26d7eb0162c09b3c394b7f3e161154
2018-06-26 10:03:49 +05:30
Ben Nemec
21bb3bac56 Make BIND /var dir persistent
BIND stores dynamically created zones in /var/named by default,
which means that this directory needs to be persistent across
container restarts.  However, we can't just bind mount /var/named
into the container because /var/named is empty on the host, but in
the container the BIND package populates some necessary initial files
in it.

To address this, we can point BIND at /var/named-persistent and
copy all of the initial config from /var/named at container start,
just like we do for other configs.

Change-Id: Ic17fb812468f2eb66d9c348b51dfa73a1f216a70
2018-06-25 16:52:11 -05:00
Janki Chhatbar
7e2cdc8424 Delete default ODL Password
Don't set OpenDaylight password in THT. Let Tripleo-common
generate it.

Partial-Bug: #1778531
Depends-On: I7e51e2bc91b5e24931299f08a709437408b62fec
(https://review.openstack.org/#/c/577831/)

Change-Id: I9a07848b91741320e3393a153d279e7a877a2e1b
2018-06-25 19:50:38 +05:30
Numan Siddique
371e5d6264 ovn: Add dns_servers configuration support
networking-ovn optionally expects list of dns server to be defined in the
config -'ovn/dns_servers'. These will be included in the 'dns_server' DHCP
option field when the VMs send DHCP request if the subnet's dns_nameservers field
is not defined by the user.

This patch sets the hieradata - 'neutron::plugins::ml2::ovn::dns_servers' to the
defined OVNDnsServers t-h-t param.

Change-Id: I80574f7badfcc618254266051c8d6661c08e2be0
Closes-bug: #1774052
2018-06-25 16:10:56 +05:30
Zuul
bd814b7659 Merge "Add host prep step for ntp time sync" 2018-06-23 00:14:23 +00:00
Zuul
cd61dc0cf2 Merge "Introduces NovaComputeCpuSharedSet parameter" 2018-06-21 18:22:41 +00:00
Jill Rouleau
c16167f3d9 Enable Ansible error handling per role
Enable any_errors_fatal and max_fail_percentage Ansible options
to be set per TripleO role.  This change also provides a
structure by which future per-role Ansible options can readily
be added to group_vars.

Closes-Bug: 1760989
Change-Id: I47954717f42f14bae8d9fd2bd17cd8ea1fd787b3
2018-06-21 09:40:29 -07:00
Alex Schultz
a866f55691 Add host prep step for ntp time sync
Docker doesn't like it when the time shifts so if we're building
containers when the ntp time sync actually occurs it can lead to
deployment failures. To prevent this, let's force a ntpdate on the host
during step1 to ensure the hardware time is properly synced before
proceeding.

Change-Id: I812c7da90ae06120707fd8795a41e4fd867f510e
Closes-Bug: #1776869
2018-06-20 13:08:52 -06:00
Zuul
37ef25cd34 Merge "Allow a containerized mistral-executor to access docker" 2018-06-20 17:00:28 +00:00
Lars Kellogg-Stedman
3aa91b8462 use versioned keystone endpoint in OPENSTACK_KEYSTONE_URL
Horizon uses OPENSTACK_KEYSTONE_URL to generate browser redirects for
web sso (in openstack_auth/utils.py). In order to generate valid URLs,
this value must use a versioned keystone endpoint.

Change-Id: Ifd8b7dea83a4566b69f76898952f908395c590a4
2018-06-20 10:05:27 -04:00
Zuul
4286727ae7 Merge "Activate memcached debug only when using MemcachedDebug param." 2018-06-20 03:57:13 +00:00
Zuul
c3495cdfdf Merge "Adds support to configure enabled bios interfaces" 2018-06-20 03:57:09 +00:00
Steve Baker
9104980524 Allow a containerized mistral-executor to access docker
This is required for a containerized undercloud to perform workflow
driven container image prepare during overcloud deployment.

This moves the MistralDockerGroup parameter out of mistral-base since
this is only required for the executor.

Further changes will be needed to puppet-tripleo to use 'group' and
'user' instead of ensure_resource, and also to ensure that the created
docker group inside the executor container has the same gid as the
docker group on the host, but these can depend on this change for
testing.

Change-Id: I429c72c0334a177d1ec37c3d9c13b7ba983de734
Blueprint: container-prepare-workflow
2018-06-20 10:17:01 +12:00
Ben Nemec
cf2be03500 Make BIND listen address configurable
Previously BIND listened on all configured interfaces on the system.
This doesn't make sense (why have DNS listening on the storage network,
for example) and could be a security issue in some environments.
This commit makes the BIND network configurable the same as any other
service.

Change-Id: Iaad11b1b4037719954ab17fb171e5804f3cbbe58
2018-06-19 16:42:51 -05:00
Ben Nemec
7f278f795c Fix DNS firewall rules
Apparently if the name of the firewall rule doesn't match the service
name then the rules don't get applied.

Also, for DNS we need both tcp and udp ports opened.

Change-Id: Iccb1f78508f1231b998d120fe1ccd6edb9e4a14b
2018-06-19 16:42:17 -05:00
Pradeep Kilambi
ddcca3c64b Fix gnocchi auth mode to basic
There is no auth mode called simple. Fix the mode to
basic so it gets set corretcly when configured in
collectd.

Depends-On: I05632137ed12c59a41a5219189c431983935d461

Change-Id: I2561a35c54e0137f5420de4403e5e20dd08afd28
2018-06-19 11:48:40 +00:00
Martin Schuppert
780d0e5f97 Introduces NovaComputeCpuSharedSet parameter
New compute/cpu_shared_set nova config can be set via parameter
NovaComputeCpuSharedSet.

Some workloads run best when the hypervisor overhead processes
(emulator threads in libvirt/QEMU) can be placed on different
physical host CPUs than other guest CPU resources. This allow
those workloads to prevent latency spikes for guest vCPU threads.

A list or range of physical CPU cores to reserve for for best-
effort guest vCPU resources (e.g. emulator threads in libvirt/QEMU)
can be specified.

Closes-Bug: 1776905

Change-Id: I53c567e8eeef12d582205b6e2d8310635555b5b8
2018-06-19 08:20:58 +02:00
Zuul
8a5b3c8596 Merge "use keystone public endpoint in horizon" 2018-06-18 17:50:03 +00:00
Janki Chhatbar
1ae411e9d2 Delete deprecated parameters
OpenDaylightPort and OpenDaylightConnectionProtocol
were deprecated and are being removed in this patch.

Change-Id: Iac57b2c12735d972c8165bfe7374381a3ffd51e2
2018-06-18 22:39:11 +05:30
Yolanda Robla
80a0415710 Adds support to configure enabled bios interfaces
It will expose IronicEnabledBiosInterfaces setting
in order to configure it.

Depends-On: I4960b55382b4ef60fefc147a2ae4fca3daa9432b
Change-Id: I5e9368732aa1a22bb5e0ec7240a587958d7bfdeb
2018-06-18 16:21:01 +02:00
Sofer Athlan-Guyot
1898cc5c83 Activate memcached debug only when using MemcachedDebug param.
Do not activate it with Debug anymore.  We are now pushing memcached
log into stdout where they will be collected by journald.  When
activating debug, it will log there all the requests/replies to/from
memcached.  This will make the journal grows fast and clutter it
will (most of the time) useless information.

So if memcached debug is needed for some reason let the operator says
so explicitly.

Change-Id: I85b6ca421d326c6e764fade66726407b905c796d
2018-06-18 12:18:52 +00:00
Zuul
9dc0bb32a2 Merge "Implement TripleoValidations composable service" 2018-06-18 12:13:23 +00:00
Zuul
e09ef3df9d Merge "Enable s3api by default" 2018-06-16 02:24:23 +00:00
Lars Kellogg-Stedman
43a39d4b0d use keystone public endpoint in horizon
the horizon::keystone_url is ultimately used to set the
OPENSTACK_KEYSTONE_URL setting in Horizon's local_settings, and this
is used in browser redirects when utilizing web SSO. In many cases,
the keystone internal endpoint would be inaccessible to browser
clients, so we should use the public endpoint here.

Change-Id: I5b3c0935b1a5c38704e748770b7bac52d674a637
2018-06-15 10:46:09 -04:00
Zuul
fe2b2b4e5f Merge "Disable memcached's cachedump" 2018-06-15 10:13:55 +00:00
Zuul
76c8fe9d0a Merge "Enable secure TUNNELLED mode for NFS" 2018-06-14 11:32:06 +00:00
Emilien Macchi
0e0147732c Implement TripleoValidations composable service
Implement a service that will deploy TripleO Validations package and
user by using Puppet like we did with instack-undercloud. This service
will be included on the undercloud but disabled by default. We'll keep
the same interface in undercloud.conf to enable it or not so no change
for the end user.

Change-Id: Ida09f92010e31d952edd82b42a7fc20451537d42
2018-06-13 11:35:49 -07:00