2913 Commits

Author SHA1 Message Date
Takashi Kajinami
78d1492226 Use memcached for token caching in designate authtoken
Use memcached to cache token in designate authtoken, as in-process
cache, which we currently use, was already deprecated[1].

[1] Ied2b88c8cefe5655a88d0c2f334de04e588fa75a

Change-Id: Iaa8e4fb26cf4677fe151c699a3911f02e30f8d32
2020-01-26 22:12:12 +09:00
Martin Magr
de509dd709 Use ctlplane for internal QDR communication
This patch makes interior metrics QDR use ctlplane interfaces for which
ports are opened on THT side.

Change-Id: Ie1394d6f6977d8ae3a4e57015cc8c3b2ec7a6f3d
2020-01-21 10:14:15 +01:00
Zuul
8c0d43a193 Merge "Make the bundle user configurable via hiera" 2020-01-17 05:15:40 +00:00
Damien Ciabrini
0a64eebb64 HA: Honour all hiera override variables in mysql_bundle
During a major upgrade, upgrade tasks can rebuild a new pacemaker
cluster by adding nodes one at a time. This is implemented by
using two special hiera variables mysql_node_names_override and
mysql_short_node_names_override.

Make sure the mysql_bundle puppet module uses both variables
when such cluster rebuild is in progress.

Change-Id: I6a06269f55a38071c34d2a95109d213fe7e2452c
Closes-Bug: #1859961
Co-Authored-By: Jose Luis Franco Arza <jfrancoa@redhat.com>
2020-01-16 15:37:21 +01:00
Zuul
ffdb230a7d Merge "Make rsyslog file_input bulletproof" 2020-01-15 21:49:56 +00:00
Martin Magr
4443ae7037 Make pipeline config more flexible
This patch:
  - moves Ceilometer notification agent to correct class
  - adds posibility to configure query parameters
  - avoid setting gnocchi publishers by default

Change-Id: I5cd0b6e99f5ffcc495225c61f0773240d90e7930
2020-01-14 17:30:04 +01:00
Jesse Pretorius (odyssey4me)
e1348fecc8 Add short node name override support to manila
In line with the cinder & cinder-backup services, we add
short node name override support to manila when implemented
with pacemaker.

This is required in order to complete the 'scale-up' upgrade
steps for manila similar to the implementation in
I3cfd4272449b207874723682903505d2bbdb435b

Included is also an update to the tests and their fixtures to
ensure that the unit tests for the manila data are consistent
with the other similar services (cinder volume and cinder
backup).

Related-Bug: #1838971
Change-Id: I2c468e608a8f70d031b9ba08521bb75f7094c048
2020-01-14 16:16:03 +00:00
Jesse Pretorius (odyssey4me)
9ca6d5a194 Remove unused manila_share_nodes_count variable
The manila_share_nodes_count variable is defined, but not used
anywhere. In some services this is used for the replica count,
but manila (similar to cinder) has a hard-coded replica count
of 1 and therefore this variable is not needed.

Change-Id: I6398871a0a8c235e626748206dda617dadb06895
2020-01-14 12:11:49 +00:00
Michele Baldessari
d766eb81a3 Make the bundle user configurable via hiera
Allow all bundles --user option to be overridden as some of them might
prefer switching to a non-root user when possible.
The ovn-dbs bundle is a bit special because it never specified any user.
Hence we default that user to undef and do not set anything.

Tested as follows:
1. deployed an overcloud
2. patched it with this change
3. redeployed and and then observed that no HA container has restarted at all
4. verified cinder-volume runs with root by default:
USER  PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root    1  0.0  0.0   4204   716 ?        Ss   09:01   0:00 dumb-init --single-child -- /bin/bash /usr/local/bin/kolla_start
root    7  0.7  0.7 912976 145760 ?       S    09:01   1:04 /usr/bin/python3 /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
root   71  0.1  0.6 925800 124640 ?       S    09:01   0:14 /usr/bin/python3 /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
5. added 'tripleo::profile::pacemaker::cinder::volume_bundle::bundle_user: cinder' to
   the templates and redeployed
6. Observed that cinder-volume got restarted and now runs with cinder
   user:
USER   PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
cinder   1  0.0  0.0   4204   804 ?        Ss   12:23   0:00 dumb-init --single-child -- /bin/bash /usr/local/bin/kolla_start
cinder   7  2.1  0.7 912976 145432 ?       S    12:23   0:04 /usr/bin/python3 /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
cinder  64  0.3  0.5 919908 118452 ?       S    12:23   0:00 /usr/bin/python3 /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf

Change-Id: I985d0d192ef3accf7fdd31503348de80713fded4
2020-01-13 11:40:32 +01:00
Martin Magr
8c813bc8ac Make rsyslog file_input bulletproof
This patch makes rsyslog::file_input accept also $sources as single hash.
Currently when $sources is not array deployment fails.

Change-Id: I91d9f8ffb1e0c8bbdbc90696950aafd797ff380c
2020-01-13 11:07:05 +01:00
Zuul
c89b808c6a Merge "keystone: remove the keystone resource management" 2020-01-09 21:28:01 +00:00
Takashi Kajinami
be3892e601 Add support to configure virtlogd
Include nova::compute::libvirt::virtlogd to manage virtlogd
configuration.

Depends-on: https://review.opendev.org/#/c/685024/
Change-Id: I3d28680b4cf18c06b799e329639bb424e63d1368
2020-01-09 21:34:52 +09:00
Zuul
249f907340 Merge "Allow mysql haproxy stanza do be customized" 2020-01-09 09:27:31 +00:00
Michele Baldessari
c42c5aa678 Allow mysql haproxy stanza do be customized
We introduce a new tripleo::haproxy parameter called mysql_custom_listen_options
which can be used to customize mysql listen options in haproxy's config.

Tested as follows:
parameter_defaults:
  ExtraConfig:
    tripleo::haproxy::haproxy_default_timeout:
      - 'http-request 10s'
      - 'queue 2m'
      - 'connect 10s'
      - 'client 5m'
      - 'server 5m'
      - 'check 10s'
    tripleo::haproxy::cinder::options:
      bind-process: 2
    tripleo::haproxy::glance_api::options:
      bind-process: 2
    tripleo::haproxy::mysql_custom_listen_options:
      bind-process: 2

Observed that haproxy's mysql stanza had:
listen mysql
  bind 172.17.1.91:3306 transparent
  bind-process 2
  option tcpka
  option httpchk

Before this patch this was not the case and the tripleo::haproxy::<mysql>::options just got ignored.

Closes-Bug: #1858775

Change-Id: Ia0ecca5b54c1ca51898035e641665150dbdac9f7
2020-01-08 11:21:23 +01:00
Emilien Macchi
c914a4edb3 keystone: remove the keystone resource management
It's now done by Ansible, we don't need this code anymore.

Depends-On: I96a3351fca26cd8bb122a86cb4c3a58d5f88573e
Change-Id: I3fa4448fc81935d4df61f873a73d3fffc6f9e3bb
2020-01-07 23:39:57 +00:00
Emilien Macchi
ac5c901609 Add keystone_resources_managed option to the cinder api class
Add the keystone_resources_managed toggle so we can let Ansible
controlling that resource and not Puppet.

It's part of the efforts to not rely on Puppet to create Cloud resources
like keystone resources, cinder types, etc.

Change-Id: I557d8f33c9c699aed14b3b6fc1d1c0407365cd08
2020-01-07 23:39:50 +00:00
Rabi Mishra
69c7903db2 Change parameter to 'coordination_uri'
class neutron::plugins::ml2::networking_ansible has 'coordination_uri'
parameter and not 'coordination_url'.

Change-Id: Ic7d9ba1c46e71b9d39cacf541e7c91d5caf48a60
Closes-Bug: #1857605
2019-12-26 10:41:35 +00:00
Zuul
24ac2a2310 Merge "Fix typo in sslProfile conditional" 2019-12-23 01:21:38 +00:00
Zuul
6c68a6e9b2 Merge "Enable metrics qdr to use public VIP" 2019-12-23 00:36:44 +00:00
Zuul
5b4bfac778 Merge "Make sure neutron [placement] config section is set" 2019-12-22 04:37:56 +00:00
Zuul
97640c3611 Merge "Add support to configure pcsd bind address" 2019-12-21 05:14:39 +00:00
Martin Magr
f315d749a5 Fix typo in sslProfile conditional
The fixed typo is causing conditional to be always true.

Depends-On: https://review.opendev.org/700250
Change-Id: Ifb839a9c0d8ffca8a97a0cc97bfc4d3319e17e48
2019-12-20 23:28:42 +00:00
Martin Magr
ec0248d3d8 Enable metrics qdr to use public VIP
This patch adds HAProxy configuration for MetricsQdr service, so that
QDRs running on controller nodes in interior mode can be accessed
by external clients (such as CloudForms)

Depends-On: https://review.opendev.org/700250
Change-Id: I048cebe08d5e63693799b93c649231acfc772922
2019-12-20 23:28:19 +00:00
Martin Schuppert
4717fbea77 Make sure neutron [placement] config section is set
Even if the hiera keys for the [placement] config section
get created [1], the section is not being created/filles as the
::neutron::server::placement class is not included anywhere.

This includes ::neutron::server::placement to have the section
create in the neutron.conf

[1] https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/neutron/neutron-api-container-puppet.yaml#L391-L400

Depends-On: https://review.opendev.org/700250
Change-Id: Iededba802be4b88e3b232a7b7474f2f981e40a08
2019-12-20 23:28:04 +00:00
Takashi Kajinami
b5ee4bacac Add support to configure pcsd bind address
Add support to configure pcsd bind address so that we can
make pcsd listen on specific address instead of all interfaces
on the node.

Related-Bug: #1856626
Depends-on: https://review.opendev.org/#/c/697942
Depends-On: https://review.opendev.org/700250
Change-Id: I442b190b6fa429ee3a81fd2ea84ada6ed9bca7d2
2019-12-20 23:27:40 +00:00
Zuul
b32d6c37ef Merge "Add octavia::nova to Octavia services" 2019-12-19 19:38:21 +00:00
Zuul
bd6da86d80 Merge "Convert all class usage to relative names" 2019-12-17 14:37:56 +00:00
Tobias Urdin
1dff3a811a Add octavia::nova to Octavia services
Change-Id: I2590e46d4fb0c2dff23cb0fa6cacee9d42759e5c
2019-12-17 09:59:26 +01:00
Zuul
b1519ea81a Merge "Enable deployment with external loadbalancers" 2019-12-13 09:22:41 +00:00
Kamil Sambor
fb6b0fa2dc Enable deployment with external loadbalancers
Add posibilities to pass listen_on_master_ip_only param
to ovn dbs. More info:
33f9c9eafa

Change-Id: I4833418c68f866a216d837e624199159ace7f696
2019-12-11 11:31:25 +01:00
Alex Schultz
ea4f77537e Pin rsyslog
They've broken backwards compatibility in master so we need to pin to
the previous version.

Change-Id: Ie384fd450c01a760f426512479e1bd54fa578dff
2019-12-10 16:13:42 -07:00
Tobias Urdin
1523a4b804 Convert all class usage to relative names
Change-Id: Ib2ed745b682cf12f9469a5a64451adcabec400af
2019-12-08 23:23:25 +01:00
Emilien Macchi
03eedf0bff keystone: add a new parameter 'keystone_resources_managed'
keystone_resources_managed, default to
hiera('keystone_resources_managed', true) for backward compatibility,
will allow to disable Puppet to manage the keystone resources, like
endpoints, roles, services, projects and users; and instead use Ansible.

Change-Id: If4b275d3caf6098e7774d938ab89333396fbc15d
2019-12-06 18:30:23 +00:00
Emilien Macchi
950caffea8 Revert "Replace hiera('service_names') by hiera('enabled_services')"
This reverts commit 7970733cf1483fab466f205e57c9ea224f051c94.

Depends-On: I7339b8791817bdaffa65c928d424796114efdf57
Change-Id: I380f631de03eb3baddac80661e4c7632180b1d64

Closes-Bug: #1855138
2019-12-05 00:54:42 +00:00
Zuul
7e922b0f85 Merge "Fix grafana listener options to allow affinity" 2019-12-04 21:35:36 +00:00
Zuul
76fce16d71 Merge "Avoid failing on rsyslog" 2019-12-04 18:24:25 +00:00
Zuul
a80321d3ee Merge "Remove haproxy ironic-inspector http-check workaround" 2019-12-02 22:14:58 +00:00
fpantano
602034a6e5 Fix grafana listener options to allow affinity
Like the other web based services, we need to enable
the source affinity to access the grafana instance
through the haproxy vip.

Closes-Bug: 1854337
Change-Id: I3c6e8dd2d4a48f5c63311d9c37181c2f26b595ea
2019-12-02 17:33:06 +01:00
Martin Magr
1207666e17 Avoid failing on rsyslog
This patch makes deployment pass when value of hiera variable
tripleo_logging_sources_<enabled_service> is undef. This case should
technically not happen, but currently enabled_services contains
services which are not being deployed, so we need to make sure that
Puppet does not fail in this case.

Change-Id: Ib34304dada25a0be1a39f508119adbe9cca4d66f
2019-12-02 12:16:15 +01:00
Michele Baldessari
07c525c8d7 ovn_dbs override support
These hiera keys are needed to support the upgrade-with-os
blueprint. This support was added for other services already
see LP#1832361

Related-Bug: #1854519

Tested-by: Jose Luis Franco Arza <jfrancoa@redhat.com>

Change-Id: I7bff96c0b0238e4aeaa33e0ec343a75e08b6a2f7
2019-11-29 17:04:42 +01:00
Zuul
5d8daace2f Merge "Corrected default value for container_cli" 2019-11-29 02:48:09 +00:00
Steve Baker
71abeb12c4 Remove haproxy ironic-inspector http-check workaround
When werkzeug was used as the WSGI service for ironic-inspector, it
wrote stack traces to the logs whenever haproxy did a http check; this
listen_options line was the workaround for that. Reverting that change
is done for the following reasons:

- since ironic-inspector now uses oslo-service, the log stack traces
  are no longer written
- setting listen_options overrides the default 'option httplog', which is
  making diagnosing bug #1854399 harder
- this http-check override may well be the root cause of bug #1854399
  (any non-200 response will result in other connections to
  ironic-inspector being disconnected?)

Change-Id: I5c397d31650b248660a39e028c98c779871d07ba
Partial-Bug: #1854399
Related-Bug: #1691971
2019-11-29 01:12:15 +00:00
Cédric Jeanneret
86eab6ce8c Corrected default value for container_cli
Since Stein (OSP-15), we're using podman by default. We therefore must
reflect this in certmonger refresh secripts.

Change-Id: I377511aa0be7efbf58cd2a70e8b9a774bb679f61
2019-11-28 09:12:51 +01:00
Luca Miccini
3991edcae0 Explicitly convert stonith_level fact to int
Apparently the implicit conversion done via '0 + string' is not robust
enough. Adding a "to_i" to make sure we don't break if output is empty.

Change-Id: I1e31761fd2129f57f61707d1920db835df7f7346
2019-11-27 16:51:02 +01:00
Emilien Macchi
4db4af996c Prepare first U release - 12.0.0
Change-Id: I571dacaf0de7d22e87d862b35aa68a73f5173e90
2019-11-27 05:15:54 -05:00
Zuul
4d623490c2 Merge "Synchronize connection configuration for metrics" 2019-11-26 17:16:04 +00:00
Zuul
de4a1bc0bc Merge "Add the ability to configure ovn-remote-probe-interval" 2019-11-25 16:55:58 +00:00
Zuul
c151758b3e Merge "Check for crm_node presence before collecting fact" 2019-11-23 01:02:25 +00:00
Luca Miccini
57ef37990a Check for crm_node presence before collecting fact
This commit adds a check to make sure 'crm_node' is present on the
system (or inside a container, fwiw) before attempting to collect
the stonith level info, so preventing errors like:

~~~
Error: Facter: error while resolving custom fact
\"stonith_levels\": execution of command \"crm_node -n 2> /dev/null\"
failed: command not found."
~~~

Change-Id: I4b4304b54a8aec76fad50b503a007b2bfcc41bd1
2019-11-22 16:47:19 +01:00
Flavio Fernandes
373ad6a6c0 Add the ability to configure ovn-remote-probe-interval
This parameter sets inactive probe interval of the JSON
session from ovn-metadata to the OVN SB database.
By default this it is 5s which not be sufficient in
loaded systems or during high control-plane activity spikes,
leading to unnecessary reconnections to OVSDB server.
Now it is extended by default to 1 min and it
is configurable.

Depends-On: https://review.opendev.org/#/c/695577
Change-Id: I0ff2f1b01abc4bad74532f4954c80509c02a2375
2019-11-22 10:31:54 -05:00