Use memcached to cache token in designate authtoken, as in-process
cache, which we currently use, was already deprecated[1].
[1] Ied2b88c8cefe5655a88d0c2f334de04e588fa75a
Change-Id: Iaa8e4fb26cf4677fe151c699a3911f02e30f8d32
This patch makes interior metrics QDR use ctlplane interfaces for which
ports are opened on THT side.
Change-Id: Ie1394d6f6977d8ae3a4e57015cc8c3b2ec7a6f3d
During a major upgrade, upgrade tasks can rebuild a new pacemaker
cluster by adding nodes one at a time. This is implemented by
using two special hiera variables mysql_node_names_override and
mysql_short_node_names_override.
Make sure the mysql_bundle puppet module uses both variables
when such cluster rebuild is in progress.
Change-Id: I6a06269f55a38071c34d2a95109d213fe7e2452c
Closes-Bug: #1859961
Co-Authored-By: Jose Luis Franco Arza <jfrancoa@redhat.com>
In line with the cinder & cinder-backup services, we add
short node name override support to manila when implemented
with pacemaker.
This is required in order to complete the 'scale-up' upgrade
steps for manila similar to the implementation in
I3cfd4272449b207874723682903505d2bbdb435b
Included is also an update to the tests and their fixtures to
ensure that the unit tests for the manila data are consistent
with the other similar services (cinder volume and cinder
backup).
Related-Bug: #1838971
Change-Id: I2c468e608a8f70d031b9ba08521bb75f7094c048
The manila_share_nodes_count variable is defined, but not used
anywhere. In some services this is used for the replica count,
but manila (similar to cinder) has a hard-coded replica count
of 1 and therefore this variable is not needed.
Change-Id: I6398871a0a8c235e626748206dda617dadb06895
Allow all bundles --user option to be overridden as some of them might
prefer switching to a non-root user when possible.
The ovn-dbs bundle is a bit special because it never specified any user.
Hence we default that user to undef and do not set anything.
Tested as follows:
1. deployed an overcloud
2. patched it with this change
3. redeployed and and then observed that no HA container has restarted at all
4. verified cinder-volume runs with root by default:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 4204 716 ? Ss 09:01 0:00 dumb-init --single-child -- /bin/bash /usr/local/bin/kolla_start
root 7 0.7 0.7 912976 145760 ? S 09:01 1:04 /usr/bin/python3 /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
root 71 0.1 0.6 925800 124640 ? S 09:01 0:14 /usr/bin/python3 /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
5. added 'tripleo::profile::pacemaker::cinder::volume_bundle::bundle_user: cinder' to
the templates and redeployed
6. Observed that cinder-volume got restarted and now runs with cinder
user:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
cinder 1 0.0 0.0 4204 804 ? Ss 12:23 0:00 dumb-init --single-child -- /bin/bash /usr/local/bin/kolla_start
cinder 7 2.1 0.7 912976 145432 ? S 12:23 0:04 /usr/bin/python3 /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
cinder 64 0.3 0.5 919908 118452 ? S 12:23 0:00 /usr/bin/python3 /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
Change-Id: I985d0d192ef3accf7fdd31503348de80713fded4
This patch makes rsyslog::file_input accept also $sources as single hash.
Currently when $sources is not array deployment fails.
Change-Id: I91d9f8ffb1e0c8bbdbc90696950aafd797ff380c
Include nova::compute::libvirt::virtlogd to manage virtlogd
configuration.
Depends-on: https://review.opendev.org/#/c/685024/
Change-Id: I3d28680b4cf18c06b799e329639bb424e63d1368
We introduce a new tripleo::haproxy parameter called mysql_custom_listen_options
which can be used to customize mysql listen options in haproxy's config.
Tested as follows:
parameter_defaults:
ExtraConfig:
tripleo::haproxy::haproxy_default_timeout:
- 'http-request 10s'
- 'queue 2m'
- 'connect 10s'
- 'client 5m'
- 'server 5m'
- 'check 10s'
tripleo::haproxy::cinder::options:
bind-process: 2
tripleo::haproxy::glance_api::options:
bind-process: 2
tripleo::haproxy::mysql_custom_listen_options:
bind-process: 2
Observed that haproxy's mysql stanza had:
listen mysql
bind 172.17.1.91:3306 transparent
bind-process 2
option tcpka
option httpchk
Before this patch this was not the case and the tripleo::haproxy::<mysql>::options just got ignored.
Closes-Bug: #1858775
Change-Id: Ia0ecca5b54c1ca51898035e641665150dbdac9f7
It's now done by Ansible, we don't need this code anymore.
Depends-On: I96a3351fca26cd8bb122a86cb4c3a58d5f88573e
Change-Id: I3fa4448fc81935d4df61f873a73d3fffc6f9e3bb
Add the keystone_resources_managed toggle so we can let Ansible
controlling that resource and not Puppet.
It's part of the efforts to not rely on Puppet to create Cloud resources
like keystone resources, cinder types, etc.
Change-Id: I557d8f33c9c699aed14b3b6fc1d1c0407365cd08
class neutron::plugins::ml2::networking_ansible has 'coordination_uri'
parameter and not 'coordination_url'.
Change-Id: Ic7d9ba1c46e71b9d39cacf541e7c91d5caf48a60
Closes-Bug: #1857605
The fixed typo is causing conditional to be always true.
Depends-On: https://review.opendev.org/700250
Change-Id: Ifb839a9c0d8ffca8a97a0cc97bfc4d3319e17e48
This patch adds HAProxy configuration for MetricsQdr service, so that
QDRs running on controller nodes in interior mode can be accessed
by external clients (such as CloudForms)
Depends-On: https://review.opendev.org/700250
Change-Id: I048cebe08d5e63693799b93c649231acfc772922
keystone_resources_managed, default to
hiera('keystone_resources_managed', true) for backward compatibility,
will allow to disable Puppet to manage the keystone resources, like
endpoints, roles, services, projects and users; and instead use Ansible.
Change-Id: If4b275d3caf6098e7774d938ab89333396fbc15d
Like the other web based services, we need to enable
the source affinity to access the grafana instance
through the haproxy vip.
Closes-Bug: 1854337
Change-Id: I3c6e8dd2d4a48f5c63311d9c37181c2f26b595ea
This patch makes deployment pass when value of hiera variable
tripleo_logging_sources_<enabled_service> is undef. This case should
technically not happen, but currently enabled_services contains
services which are not being deployed, so we need to make sure that
Puppet does not fail in this case.
Change-Id: Ib34304dada25a0be1a39f508119adbe9cca4d66f
These hiera keys are needed to support the upgrade-with-os
blueprint. This support was added for other services already
see LP#1832361
Related-Bug: #1854519
Tested-by: Jose Luis Franco Arza <jfrancoa@redhat.com>
Change-Id: I7bff96c0b0238e4aeaa33e0ec343a75e08b6a2f7
When werkzeug was used as the WSGI service for ironic-inspector, it
wrote stack traces to the logs whenever haproxy did a http check; this
listen_options line was the workaround for that. Reverting that change
is done for the following reasons:
- since ironic-inspector now uses oslo-service, the log stack traces
are no longer written
- setting listen_options overrides the default 'option httplog', which is
making diagnosing bug #1854399 harder
- this http-check override may well be the root cause of bug #1854399
(any non-200 response will result in other connections to
ironic-inspector being disconnected?)
Change-Id: I5c397d31650b248660a39e028c98c779871d07ba
Partial-Bug: #1854399
Related-Bug: #1691971
Since Stein (OSP-15), we're using podman by default. We therefore must
reflect this in certmonger refresh secripts.
Change-Id: I377511aa0be7efbf58cd2a70e8b9a774bb679f61
Apparently the implicit conversion done via '0 + string' is not robust
enough. Adding a "to_i" to make sure we don't break if output is empty.
Change-Id: I1e31761fd2129f57f61707d1920db835df7f7346
This commit adds a check to make sure 'crm_node' is present on the
system (or inside a container, fwiw) before attempting to collect
the stonith level info, so preventing errors like:
~~~
Error: Facter: error while resolving custom fact
\"stonith_levels\": execution of command \"crm_node -n 2> /dev/null\"
failed: command not found."
~~~
Change-Id: I4b4304b54a8aec76fad50b503a007b2bfcc41bd1
This parameter sets inactive probe interval of the JSON
session from ovn-metadata to the OVN SB database.
By default this it is 5s which not be sufficient in
loaded systems or during high control-plane activity spikes,
leading to unnecessary reconnections to OVSDB server.
Now it is extended by default to 1 min and it
is configurable.
Depends-On: https://review.opendev.org/#/c/695577
Change-Id: I0ff2f1b01abc4bad74532f4954c80509c02a2375