The mod_ssl release note was in the wrong place. Moving it so it can be
with it's friends in releasenotes/notes
Change-Id: I33d6a2354f26e5571501d5810ac20bb9c0101634
The log file for nova-metadata service is not configured for fluentd.
This patch adds the configuration
Change-Id: Idb174705f39ea91062f0a9c06c101a3f1a3ae73a
This consolidates the upgrade and ffwd-upgrade related env files,
removing no longer relevant files (like converge vs converge-docker).
In line with recent/ongoing work in tripleoclient [1][2] we now have
cli: overcloud [upgrade|update|ffwd-upgrade] [prepare|run|converge]
With this patch we can also change the set/unset of resource 'noop'
and move it from tripleo-common to python-tripleoclient, like I am
pointing at in related client review below. If others agree then I
will do the same with the upgrade-prepare and also the ffwd cli
in [3], i.e. add explicit inclusion of the upgrade-prepare.yaml
and then similarly include the upgrade-converge.yaml for the
upgrade/ffwd-upgrade converge cli.
Related:
I1288fe68ae8af02a5d77390d237ec467d88e43d2 python-tripleoclient
[1] 96ffa3a325
[2] https://review.openstack.org/#/c/558536/5/tripleoclient/v1/overcloud_update.py
[3] https://review.openstack.org/#/c/557937/4/tripleoclient/v1/overcloud_ffwd_upgrade.py@72
Change-Id: Icfe494e3219d6d6cd3251f75bb4329fc4d793c3c
After [1] iptables rules are not set for memcached service
thus services relying on memcached were not functioning well.
With [2] it's requrired to use hiera interpolation for service
configs, this patch fixes it for memcached_network.
[1] https://review.openstack.org/#/c/551292
[2] https://review.openstack.org/#/c/526692
Related-Bug: #1757556
Closes-Bug: #1763009
Change-Id: If9b274192ea4738f455a6106ff1a62eb4e7a5c91
no-tls-endpoints-public-ip.yaml is a new file that needs to be validated
among other TLS environments, so we can make sure that EndpointMap will
be constructed correctly with all needed endpoints.
Change-Id: I5e83b37d8fa757065a6dab87d6eeac1c345efd32
Ansible yum module installs all packages available in the repo
if you use asterix. We instead will use yum -y update name*.
Change-Id: I8e71367ae91faa06313711c6a954c61af705fd8f
Resolves: rhbz#1549845
Some container yaml file does not get the
service_config_settings from the base file.
This patch makes for the following docker yaml files get
the service_config_settings:
docker/services/neutron-l3.yaml
docker/services/neutron-metadata.yaml
docker/services/neutron-ovs-agent.yaml
Related-Bug: #1757066
Change-Id: Ifc8def10da0b10decd12efaab4452ff46f3c685b
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
containerization case.
Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.
Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
Ironic neutron agent will be installed on controller nodes, or
networker nodes, when environments/services/ironic.yaml or
environments/services-docker/ironic.yaml is used.
It should also be enabled on undercloud.
Also enables ``baremetal`` ML2 mechanism driver on undercloud.
Depends-On: Ic1f44414e187393d35e1382a42d384760d5757ef
Depends-On: I3c40f84052a41ed440758b971975c5c81ace4225
Change-Id: I0b4ef83a5383ff9726f6d69e0394fc544c381a7e
Containerized undercloud without SSL is now failing because of this
missing. The file was added here:
Ia4fb60e2e88cd0f28dd254bb18b3959a9732a7ce
But in the meantime, Designate was implemented.
Change-Id: Ib0ccbe722c61074fb140df6a879e0558be710438
Nova compute and cinder volume uses oslo concurrency
processuitls.execute to run privileged commands.
Containers inherit file descriptor limit from docker daemon
(currently:1048576) which is too high and leads to performance
issue. This patch sets nofile limit to 1024 for nova compute
and 131072 for cinder volume, which is reasonable as before
containers nova compute used host defaults i.e 1024 and cinder
volume systemctl override([1]) i.e 131072. Also updated neutron
l3, dhcp and ovs agent to use Parameters for ulimit configuration.
[1] https://review.rdoproject.org/r/#/c/1360/.
Closes-Bug: #1762455
Related-Bug: #1760471
Related-Bug: #1757556
Change-Id: I4d4b36de32f8a8e311efd87ea1c4095c5568dec4
The GUI feature is no longer supported with ODL and needs to be removed.
We relied on the URL provided by this feature in order to run our docker
healtcheck, which is modified in the depends-on patch to a new URI.
Depends-On: I2f33d2cf6a96005ef1d18468a8d2fcc71b17b6f8
Related-Bug: 1751857
Change-Id: I762789e65913b4f653bbf9019b5d3d05903912f1
Signed-off-by: Tim Rozet <trozet@redhat.com>
Current environment files for DVR setups using OVN as a backend are
missing Metadata service. This patch is adding it for both HA and non
HA configurations.
Change-Id: I9bf016e838f193918dc74278b1aaaaa8e7919421
Closes-Bug: 1763044
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
This service is needed to install CA certificates for the overcloud. We
need it because the plan is to enable public TLS by default. And without
this it won't work.
Change-Id: I168e6a543f7143900fdb855ec29d8532fb9736ae
This init container runs docker-puppet manually and is responsible of
provisioning the mysql users and passwords. This currently doesn't get
ran every time since the configuration stays the same, even if the users
or passwords change (which are gotten from hieradata). Allowing this to
run every time will allow us to change database passwords
Closes-Bug: #1762991
Change-Id: I1f07272499b419079466cf9f395fb04a082099bd
