We are noticing several tests failing in our low memory environment
because of timeout in neutron requests.
As an example the test
tempest.api.compute.servers.test_server_actions.ServerActionsTestJSON
fails because it requests to plug a vif, and send request to neutron,
which responds in more than neutron_url_timeout, and since the option
vif_plugging_is_fatal is set to True as default, the test fails.
Shortly thereafter, checking in neutron log you can see the request,
returning with the proper status, after more than neutron_url_timeout,
however, it's already too late once nova already marked the instance
with error status, and so the test fails.
Closes-Bug: #1641135
Change-Id: If0991c114f199490ac0deb71eb569a42d4711359
This patch adds an example increased value for NovaReservedHostMemory
and some documentation around tuning this value when DVR is enabled.
Closes-Bug: #1630583
Change-Id: I2718d72d307a1c90061606e5f36c96f964cd2fb5
By default sensu-puppet is overring default list of varibles which should
be redacted. This patch enables to configure redact list and uses default
value given by [1]. This patch also serves as a workaround until [2]
is merged in the module itself (or in case it won't get merged).
[1] https://sensuapp.org/docs/0.24/reference/clients.html
[2] https://github.com/sensu/sensu-puppet/pull/580
Closes-Bug: #1641080
Closes-Bug: rhbz#1392473
Change-Id: I21201f734d2fbf5f571091603126cf11cfdd8c40
The capitalization of OS::Tripleo is wrong compared to all other services
so correct this for avoidance of confusion when folks write custom roles_data
files or pass custom service lists via *Services parameters.
Change-Id: Ib73c80871b45586edb5774e90280ff89fc0d9895
Closes-Bug: 1640871
Simplify this file by removing the hard-coded resources and instead
generate the resources for each step via a loop.
Change-Id: Id89863b9e75769e1a85ebe8bfa4a554f7b38e357
This patch resolves a few issues I noticed when porting our
Neutron L3 service to support the new heat hiera agent hook (which
uses Json instead of Yaml).
- If NeutronExternalNetworkBridge is an emptry string '' Json was
dropping the single quotes thus causing the bridge to get set
incorrectly in the config file. To correct this we use a heat
conditional to avoid setting the external bridge (the '' default
is what we want in this case) if the bridge is an empty string.
Change-Id: I5037cbde6b76a37a4c22c4616278420e9d759109
Partial-bug: #1596373
This patch updates the Yaql expressions that work on role_data
so that they evaluate properly when the get_attr for role_data
is null.
I hit issues using this for the heat undercloud installer and this
seems to resolve them.
Change-Id: I0493d0525cd3ad280339f26ef9d3aa311af9962e
Modify the syntax used to access the ResourceGroup attributes so we
always select the first node from the group, e.g even if the node
named "0" in the ResourceGroup nested stack has been removed due to
the removal policy.
Change-Id: I8b1c9538976a1518b220187a0034ad41a738d5a6
Closes-Bug: #1640449
Adding these features are typically enabled by default
in any swift cluster.
See upstream sample:
https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample
Change-Id: I29915d1b86da5c47ec34acfb89ab8234e153bf31
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Depends-On: Ie323f68255a73d46e774cbf49d9353c3bf90c35e
When the manila api service is deployed
on a different role than the controller the
iptables rules on that role fail to ACCEPT
tcp at the manila API ports.
Add tripleo.manila_api.firewall_rules to
the relevant puppet services module.
Change-Id: I1c5459f5ba989657fd99fd72c7ac9f8781cc7206
Closes-Bug: #1640568
To improve security, we should disable the password reveal option in
horizon by default. An end user can override this options via their own
custom hiera if they would ultimately like to have this functionality.
Change-Id: Ie88dac5610840eb4b327252b32dc469099ba5f5f
Depends-On: Iacf899d595a2a3c522df1b96ca527731937ec698
Closes-Bug: 1640492
Currently when we call the major-upgrade step we do the following:
"""
...
if [[ -n $(is_bootstrap_node) ]]; then
check_clean_cluster
fi
...
if [[ -n $(is_bootstrap_node) ]]; then
migrate_full_to_ng_ha
fi
...
for service in $(services_to_migrate); do
manage_systemd_service stop "${service%%-clone}"
...
done
"""
The problem with the above code is that it is open to the following race
condition:
1. Code gets run first on a non-bootstrap controller node so we start
stopping a bunch of services
2. Pacemaker notices will notice that services are down and will mark
the service as stopped
3. Code gets run on the bootstrap node (controller-0) and the
check_clean_cluster function will fail and exit
4. Eventually also the script on the non-bootstrap controller node will
timeout and exit because the cluster never shut down (it never actually
started the shutdown because we failed at 3)
Let's make sure we first only call the HA NG migration step as a
separate heat step. Only afterwards we start shutting down the systemd
services on all nodes.
We also need to move the STONITH_STATE variable into a file because it
is being used across two different scripts (1 and 2) and we need to
store that state.
Co-Authored-By: Athlan-Guyot Sofer <sathlang@redhat.com>
Closes-Bug: #1640407
Change-Id: Ifb9b9e633fcc77604cca2590071656f4b2275c60
After compute nodes are upgraded, the ceilometer compute agent
doesnt poll and throws warnings. Restarting the compute agent
at this step gets the service back to its normal state.
Closes-Bug: #1640177
Change-Id: I7392de43e933b1d16002e12e407748ae289d5e99
After deploying a fresh installed Overcloud or updating the stack
the haproxy configuration is updated correctly but no change in the
HA proxy stats happens.
This submission will add the missing resources to run pre and post
puppet tasks.
Closes-bug: 1640175
Change-Id: I2f08704daeee502c618256695a30ce244a1d7ba5
We do not encode the chars like [] possibly found in the artifacts
URL, so curl tries to glob against IPv6 addresses in brackets. This
change adds --globoff to the curl options so that IPv6 addresses in
brackets are not misinterpreted.
Closes-Bug: 1640148
Change-Id: Ic86ba1e5fb674bc15b4bcc6bd3ea9e943c4fbf8e
This adds the necessary hieradata for enabling TLS in the internal
network for Cinder API.
bp tls-via-certmonger
Depends-On: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863
Change-Id: I126e890076bc96b1cd166a919eff6aa1bb80510b
These VIPs were previously used to create endpoints, but are no longer
used. The one exception is KeystoneAdminVip, which is used by the
python-client.
Closes-Bug: 1639956
Change-Id: Iafdf37b6ee91806d683592a99e025a8de4c0ff20
Signed-off-by: Tim Rozet <trozet@redhat.com>
The renaming of the network to conform to correct case parsing was done
and converted OpenDaylightApiNetwork -> OpendaylightApiNetwork. There
was still a reference to the old network name which would result in an
empty value being pass to odl_bind_ip.
Closes-Bug: 1639944
Change-Id: I17fe348c4651420112b9b37711654a454e30b291
Signed-off-by: Tim Rozet <trozet@redhat.com>
The commit that this depends on only works if heat is deployed in the
same node as keystone. Once we deploy them in different nodes, keystone
won't be able to retrieve the appropriate hieradata. This fixes that by
setting the appropriate hieradata to be deployed on the keystone service
by the heat profiles.
Change-Id: I1f08db68a14486526879d1a5a1ff78cb17686924
Depends-On: I7d42d04ef0c53dc1e62d684d8edacfed9fd28fbe
For parameter merge strategies to work we need to merge multiple environment
files, which doesn't consider the defaults defined in the heat template.
Moving where we define these defaults will enable the merge strategies
applied when appending services to roles in environment files to work.
Change-Id: I1ef1ad685c8a15308d051665c576a98b277f2496
Closes-Bug: #1635409
This can be used to pass the e.g. the tripleo-validations ssh key into
the deployment.
Change-Id: I861b9e2252a9c8122dcf7df261386f1ea5200c4f
Related-Bug: #1635226
