Manila needs to know the CephFS pool name, which the deployer
might want to customize when the Ceph cluster is externally managed.
Change-Id: I3adaa442b8c53ff902761d1dba283a79494c8ae6
Partial-Bug: 1837099
This review adds the ceph grafana endpoint to
haproxy.
Depends-On: https://review.opendev.org/#/c/672536
Change-Id: If1a111662203896ee51fd61183f720a4cef18a3e
We add initial support for being able to specify tls priorities in
pacemaker. For bundles this will happen via an env variable because
pacemaker_remote is started normally as a process and there is no
sourcing of /etc/sysconfig/pacemaker.
Tested on both queens and stein. Via a deploy and a redeploy against
existing cloud. Observed that:
A) We got PCMK_tls_priorities inside /etc/sysconfig/pacemaker with the
value that was passed in THT
B) Containers had the following env variable set:
"PCMK_tls_priorities=normal",
The '-e' addition is a noop in case the PCMK_tls_priorities is unset
so that we do not change the signature of the resources and hence do
not needlessly restart the HA resource.
Depends-On: I1971810f6a90f244ed5ced972a5fe7fde29dde86
Change-Id: I703b5a429f48063474aace85bc45d948f5c91435
https://review.opendev.org/672415 only sets redis_vip
when service is enabled. Lets also move the redis_vip
and redis_bind_opts to the redis enabled section and
create haproxy_and_redis_vip only if redis is enabled.
Change-Id: I4f575772d80bcfd12019a81dd27d83aa952ddef6
When https://bugzilla.redhat.com/show_bug.cgi?id=1677420 will be merged
in haproxy (via haproxy-1.5.18-9.el7.x86_64) our redis backend will stop
working because the fix around tcp-check is now more correct and
according to the haproxy doc a tcp-check sections *must* start with
tcp-check connect first. From
http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-tcp-check%20connect
:
"""
When there are no TCP port configured on the server line neither server port
directive, then the 'tcp-check connect port <port>' must be the first step
of the sequence.
"""
Change-Id: I261eb30b52a3baee3b0e6d47e8f32f3c579930bf
Co-Authored-By: Luca Miccini <lmiccini@redhat.com>
Closes-Bug: #1837086
Defaults to 'prefork', which ensures there is no upgrade/update impact.
Related-bug: #1829062
Change-Id: I3deb3e944ed4911962d204357bb3134569f153f6
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This was replaced with deployment_type a while back so uuid is now a
proper value based on the system id. See
https://review.opendev.org/#/c/607647/
Change-Id: Ica2f39e6bee697002984d0f28298338edf55ac4b
Currently there is a race with the high-availability of ovn when resetting a
controller. Namely, the VIP that OVN uses (namely the internal_api VIP
by default) only has a colocation constraint with the master role of the
ovn-dbs resource. This leaves the following race open:
1) We reboot ctrl-0 hosting the master role of ovn-dbs
2) OVN becomes master on ctrl-1 from pacemaker's POV (but the
promotion operation running in the background is not completed)
3) OVN VIP moves to ctrl-1 even though it is still in slave mode
(there is only a colocation constraint between vip and master role for
ovn)
4) OVN controllers on the overcloud connect to the VIP but it is in
read-only mode because it was a slave
5) OVN controllers that connected at 4) stay in read-only forever
until they get restarted manually.
With the addition of this constraint we force the VIP move only after
the master role has been promoted. This makes it much more unlikely
for a client to connect to the VIP and get a read-only db in the
background. With only this patch applied I did not manage to reproduce
the issue (even after 7 reboots of controllers).
Note that there is still a small race window possible because the
current OVN resource agent has a bug: it promotes a resource to master
after issuing the promotion command to the DB but without waiting for
this promotion to complete. A patch for OVN-ra will also be submitted
but from initial testing this change seems to be largely sufficient.
Also note that this change introduces a small less desirable
side-effect:
A failover of the internal VIP will now take a bit longer because it
will happen only after ovn-dbs gets promoted to master.
We plan to take care of this fully by decoupling the OVN VIP from the
internal_api one. This change addresses the immediate issue related
to ovn_controllers being stuck in read-only due to premature promotion.
(OVN upstream is discussing how to make connections to read-only VIP
trigger a reconnection eventually)
Closes-Bug: #1835830
Change-Id: I3fa07e28c4e37197890664d12a265f1673c780f2
This will listen on 127.0.0.1 in case ipv6 is disabled.
The localhost_address is set in t-h-t kernel-baremetal-puppet.yaml
in a related patch.
Change-Id: Ic77281cc69230b77224421e3d79d93803ea18bad
Needed-By: Ide761c21dc87dadc722e27c9b8a7b68194164cb2
Related: rhbz#1703460
logrotate.pp should support dateext and related parameters.
By this change, a filename of a rotated file can be easily distinguished
by rotated date.
Change-Id: I798304a472df41b86a88611c97c2c99131faa0ad
In the effort of reducing the number of Hieradata files, the
service_names parameter previously consummed in puppet-tripleo can be
replaced by enabled_services which contains the same list.
It will allow us later to remove the service_names hieradata file.
Change-Id: I457f2c81a2cf6cc2f42dc4585b41b0d91dacc059
Related-Bug: #1835551
THT logic which exposed fluentd logging hieradata even when the service
was not enabled was removed, so the logic in rsyslog file_input working
with such data won't ever work.
Change-Id: I58edc44f859a0b46c1b1ae82c453df9f4d2bc487
Recently the pypi team have reintroduce some deactivated tests
on package deployment and especially tests concerning long_description
syntaxe.
If projects don't specify that they use the markdown format the
package deployment will fail if something went wrong in the markdown format.
By example if a project use inline literal this can be an issue due to
the fact that if `long_description_content_type` is missing [1]. The
default format will be `text/x-rst` where code block is different from
markdown.
These changes force to use the markdown format to avoid this kind of issue
on project who use `README` at markdown format.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-July/007459.html
For more details:
https://github.com/pypa/warehouse/issues/5890#issuecomment-494868157
Change-Id: If1be877b265f36078a5e66a13b7ab55db699af0f
The tuned puppet manifest is being removed because the heat template
which invoked it has been converted to ansible. This change removes
the tuned manifest and spec files accordingly.
Depends-On: I06d07f6f0949095cb716dd706e05f2e567c0d3d8
Change-Id: I1c76efb07474f8b0f5e226712aad30a75f6843af
Signed-off-by: Kevin Carter <kecarter@redhat.com>
The dracut-config-generic package (sometimes installed by default in
the overcloud image) provides a configuration file that turns off the
host-specific initramfs generation with dracut:
$ cat /usr/lib/dracut/dracut.conf.d/02-generic-image.conf
hostonly="no"
The result is that the generated initrams does not contain:
- /etc/systemd/journald.conf
- /etc/systemd/system.conf
- /etc/hostname
- /etc/machine-id
- /etc/vconsole.conf
- /etc/locale.conf
- /etc/modules-load.d/*.conf
- /etc/sysctl.d/*.conf
- /etc/sysctl.conf
Especially problematic is the absence of sysctl.conf when ipv6 is
disabled via "KernelDisableIPv6: 1" because we end up half-disabling
ipv6 and services like rpbcind end up in failed state.
Original issue: https://bugs.launchpad.net/tripleo/+bug/1830574
This commit builds on top of https://review.opendev.org/#/c/661528/
adding the '--hostonly' option to dracut so to bypass 'hostonly="no"'
eventually contained in the default config file.
Change-Id: Ia4a39721268fe9bb0fdcc8bf4eb148263d4df46e
The fluentd tdagent provider is currently wrapped in parser function
rather than just being defined normally. We have a proposed patch to the
main module, but until that time let's pull the fix in for the unit
testing. We don't actually consume this provider in tripleo so it
doesn't affect deployment and only shows up in unit testing.
Change-Id: I73c7e73d3c4f77fcb93bca54157031db0a548b61
Closes-Bug: #1833724
The doc was updated but the actual default value still the one.
See context in I48ec4549552910f3cb8db960b0ff10a6c61b4bb9
Partial-Bug: #1792613
Change-Id: I8e0f4bd90d22617a6451fa591f9ff50821d9c33b
It is possible to provide the config settings
to add an arbitrary and unmanaged backend to Manila
at deployment time via Heat environment files. However,
puppet-tripleo doesn't support extending the
list of enabled backends. Add this capability.
Change-Id: I82f62df0a95f03afbda1b6a4ddaa67ef908030a9
Closes-Bug: #1831938
The SR-IOV agent config was pulling in the host configuration which is
incorrect and will not work under certain conditions.
Change-Id: If5a0861441c1c33431364f2a1f3d7d1296106159
Closes-Bug: #1832335
