334 Commits

Author SHA1 Message Date
Zuul
e5c1cd3ecc Merge "Correct vrrp script for haproxy status" 2018-07-24 20:12:48 +00:00
Cédric Jeanneret
50ce48cd28 Correct vrrp script for haproxy status
Currently, on a containerized undercloud, we get error messages from
keepalived container:
/usr/bin/systemctl status haproxy.service exited with status 1

Even if the undercloud is currently not in HA, it's still a good thing
to get clean logs.

Note: the command is launched by the keepalived container, hence we
cannot use pgrep nor anything else. We also need the /var/lib/haproxy
mount in the keepalived container, shared from the haproxy container on
the host.

Change-Id: Ib5050a3a6af262e26b5523974d1d4a80c4e92834
2018-07-23 17:06:29 +02:00
Martin Mágr
6c60a0f21f Collectd QDR connection
This patch enables to configure collectd to QDR by utilizing
collectd-amqp1 plugin.

Change-Id: I4cb6aa95e253b7fd19ed265fbcba0dfe6663592d
2018-07-23 13:36:19 +02:00
Zuul
ac22e9d4ed Merge "Avoid hard-coded settings in Manila HA containers" 2018-07-13 06:09:07 +00:00
Alan Bishop
a33f0c1f21 Avoid hard-coded settings in Manila HA containers
Add parameters for controlling the docker container settings used to
create the manila-share pacemaker bundle. The parameters eliminate the
need to hard-code the list of docker volumes and environment variables,
making it possible to control the values using hiera data.

For backward compatibility, the previous hard-coded values are used
when no parameter inputs are supplied.

Partial-Bug: #1749752
Change-Id: Ia81602f8a3454fcb0be2eaa9126021331d37b147
2018-07-05 09:31:53 -04:00
Martin Schuppert
ed16fdc55d Make sure we apply qemu config changes
With the change in https://review.openstack.org/#/c/561784/3 we need to
make sure that the new port range get applied to the the qemu.conf file.
This change includes ::nova::migration::qemu to
::tripleo::profile::base::nova::libvirt

Change-Id: Idadfc7b3507977f1385e846a48a734ed0e5f0a32
Closes-bug: 1779820
2018-07-03 11:00:26 +02:00
Alan Bishop
34810fc361 Run cinder's db sync only on bootstrap node
The sync_db variable (which is True only on bootstrap node) needs to be
passed to the ::cinder::api resource to ensure the db sync only happens
on the bootstrap node.

Closes-Bug: #1779112
Change-Id: Ib7fcafbe769aadfcc58323ba3a06fa28a80a488a
2018-06-28 09:49:10 -04:00
Giulio Fidente
2a59f98d78 Ensure appropriate ACL mask is set on CephX keyrings
Changing group permissions alters the ACL mask, causing the "read"
permission we set explicitly for the openstack users to be ignored.

This change ensures "read" is set for the ACLs mask.

Change-Id: I4f94a3f7ab2c55a8c45363b8354be99d52980a7b
Closes-Bug: 1775549
2018-06-13 19:09:18 +02:00
Alan Bishop
aa9d35e867 Handle renaming of Cinder VNX backend parameter
In I415eee7ddc601d1706a5d7f2a561e11b642fa826 the 'storage_vnx_pool_name'
parameter was essentially renamed to 'storage_vnx_pool_names'. This patch
adds support for the new name, and accepts the old name so current THT
continue work.

Related-Bug: #1775375
Depends-On: I415eee7ddc601d1706a5d7f2a561e11b642fa826
Change-Id: Ia48bbb88f6bc8180bfb6981813333eee70db79bb
2018-06-12 21:54:15 -07:00
Emilien Macchi
17c1c2ee6d ssh: allow to configure PasswordAuthentication
Allow to override the default PasswordAuthentication parameter (default
is 'no').

Change-Id: I88b24c82fb3cf2309f45d5d447a9b0c403da7fc9
Related-Bug: #1772519
2018-06-01 20:39:02 -07:00
Zuul
b850135279 Merge "Move unfencing to meta_params" 2018-05-31 17:36:36 +00:00
Zuul
95e2dad91d Merge "Neutron sidecar wrappers use netns they were invoked with" 2018-05-31 08:22:05 +00:00
Brent Eagles
684521fc84 Neutron sidecar wrappers use netns they were invoked with
Neutron uses namespaces with different prefixes depending on
configuration and the nature of the resource. This patch changes the
wrappers to use the "ip netns identify" command to determine the target
namespace for the sidecar instead of trying to guess from the command
line options.

Change-Id: If58bb9dabebf201b592fb450a663ae2f24374e00
Closes-Bug: #1773823
2018-05-29 09:09:23 -02:30
Michele Baldessari
ea8457499d Move unfencing to meta_params
We currently do a requires="unfencing" on a start operation, which is
deprecated and will be removed in pacemaker 2.0

We need to move this to a meta param and since pacemaker has supported
this since the dawn of time we can move to it now.

Closes-Bug: #1771519

Depends-On: I5ec830e092646a3626cacea264de9ad81fcdd124
Change-Id: I788e57b7bff68a934794e008cd6127e19882cd23
2018-05-29 11:27:22 +02:00
Giulio Fidente
c796ed32f7 Remove support for puppet-ceph
Deployment of a managed Ceph cluster using puppet-ceph
is not supported from the Pike release. From Queens it
is not supported use of puppet-ceph when using an
external Ceph cluster either.

This change removes the old manifests necessary to
support deployment of Ceph via puppet-ceph.

Templates removed by I17b94e8023873f3129a55e69efd751be0674dfcb

Depends-On: I8b22917e7436084028ef4fbe7604d28d6a68bee0
Implements: blueprint remove-puppet-ceph
Change-Id: I052af1f755b40a5fefa1f8d37e62b6b36c931271
2018-05-25 15:32:53 +02:00
Zuul
08656dc914 Merge "Trivial: fix a comment typo" 2018-05-15 03:30:14 +00:00
Zuul
76b47480aa Merge "logging: fluentd add multi log files on sources" 2018-05-05 04:08:57 +00:00
Zuul
291939f1ab Merge "Add NVMeOF support to configure cinder backend" 2018-05-05 03:59:11 +00:00
Zuul
77aac86259 Merge "Adding wrapper scripts for neutron agent subprocesses" 2018-05-05 03:42:49 +00:00
Zuul
dc21287b21 Merge "Treat IP address as optional in Cisco VTS ML2 configuration" 2018-05-02 00:25:41 +00:00
Zuul
4a399d8409 Merge "Allow configuration of NFS backend for Nova" 2018-05-02 00:15:29 +00:00
Brent Eagles
015c9b757a Adding wrapper scripts for neutron agent subprocesses
The neutron agents use subprocesses like dnsmasq and keepalived as part
of their implementation. Running these "subprocesses" in separate
containers prevent dataplane breakages/unnecessary failover on agent
container restart.

Also amends docker daemon options to allow including additional unix
domain sockets to bind to the docker daemon. The paths can be mounted by
containers that launch containers instead of mounting /run/docker.sock.
This avoids issues if the docker daemon is restarted while the containers
are running.

Related-Bug: #1749209
Change-Id: Icd4c24ac686d957391548a04722266cefc1bce27
2018-04-30 21:58:29 -02:30
Zuul
1a73b868ce Merge "Support separate oslo.messaging services for RPC and Notifications" 2018-04-29 13:02:17 +00:00
Zuul
2a35f3152a Merge "Disable curl globbing" 2018-04-28 13:54:17 +00:00
Wojciech Dec
ffc4ca8e71 Treat IP address as optional in Cisco VTS ML2 configuration
Bug #1766949

Change-Id: I5d8b7f05a2d8d7bff608c8bbe9bd0d837bd1e3dc
Signed-off-by: Wojciech Dec <wdec@cisco.com>
2018-04-26 06:59:57 -07:00
Rajesh Tailor
5eee00d1cc Allow configuration of NFS backend for Nova
Allow NFS configuration of storage backend for Nova.
This way the instances files will be stored on a shared
NFS storage.

Implements: bp tripleo-nova-nfs

Change-Id: Id15aec6324814a871e87f19f24999b0e3b8a8f05
2018-04-25 20:01:49 +05:30
Hamdy Khader
7f592470a8 Add NVMeOF support to configure cinder backend
Depends-On: I74ca80b10e25cbb36f073b8c0310da0c8784fb1f
Change-Id: I33545b5de5d4196848255d7333e799dc481540e2
2018-04-24 06:57:53 +00:00
zhubingbing
87f616abc5 Trivial: fix a comment typo
TrivialFix

Change-Id: I74b414da3b00d7b1192678a22733df1e272f3dd5
2018-04-23 09:29:23 +08:00
Juan Badia Payno
6ced0e21b7 logging: fluentd add multi log files on sources
Currently there are some services such as horizon, keystone that
have more than one log file, currently only one files is posible to
read.

This patch adds the posiility of having more than one file for a
service.

Change-Id: Id1d58637967ffb0e9bd0a83c3cbca699432f5378
2018-04-21 00:17:18 +02:00
Martin Mágr
b2495dcd90 Fluentd monitoring interface
This patch enables deploying fluentd service with enabled REST API
interface for monitoring purposes, which we will then use for container
health check.

Change-Id: Ifd31f7a636d91040d2b12314091c834dbec6b2a2
2018-04-17 15:15:12 +02:00
Zuul
ba1cbbc77f Merge "masquerade: configure FORWARD rules" 2018-04-12 13:41:52 +00:00
Zuul
e2220b6d7f Merge "Fix docker debug/mirrors JSON augeas changes" 2018-04-11 00:31:49 +00:00
Emilien Macchi
f50d381913 masquerade: configure FORWARD rules
When enabling masquerading, we need to allow the traffic to go through
so we need the FORWARD rules as well, for source and destination
networks.
Also support multiple destinations or sources for ipv4/ipv6 suffixed
rules with a REGEX.

Change-Id: I48aa95b96c762a72273b5b0b714a04da7ee69a40
2018-04-10 18:02:29 +00:00
Bogdan Dobrelya
baec322271 Fix docker debug/mirrors JSON augeas changes
Closes-bug: #1762475

Change-Id: I3c6f47751af1c8050dd0a635bda058e4782c0d17
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-04-10 08:56:30 +02:00
Emilien Macchi
2419b95063 firewall/masquerading: configure state and proto
Change-Id: I887741d47fcc20169a1e58ad3f0a003716a4521a
2018-04-07 05:05:02 +00:00
Zuul
408db62e22 Merge "Support both rabbitmq and oslo.messaging service nodes" 2018-04-07 00:39:46 +00:00
Emilien Macchi
03402f207b Implement tripleo::masquerade_networks
It'll be used in the OS::TripleO::Services::MasqueradeNetworks service
to configure masquerade IPtables rules when needed for PoC or CI
environments.

Change-Id: I8dda3c164de90954855979529de4f1100a858b45
Related-Bug: #1760211
2018-04-03 21:22:46 -07:00
Zuul
c64dff0af3 Merge "Add NFS backend for cinder-backup service" 2018-03-26 20:26:26 +00:00
Andrew Smith
c04557fba4 Support separate oslo.messaging services for RPC and Notifications
This commit introduces separate oslo.messaging services in place of
a single rabbitmq server. This enables the separation of rpc and
notifications, the continued use of single rabbitmq server as well
as the use of alternative oslo.messaging drivers/backends.

This patch:
* adds oslo_messaging_* hiera parameters
* update rabbitmq and qdrourterd services
* add release note

Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Depends-On: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: Ie181a92731e254b7f613ad25fee6cc37e985c315
2018-03-20 12:55:02 -04:00
Tim Rozet
e11804237e Fixes incorrect ownership of ODL TLS cert/key
Deployments were failing because the owner/group of the TLS generated
certificate and key were set to 'odl'.  This user and group does not
exist in a containerized deployment because the ODL RPM is only
installed in the container.

This patch leaves the owner as root for the files which works because
the files are only used to generate a keystore for ODL (which is owned
by odl), and the cert/key files themselves are never read by ODL.

Closes-Bug: 1757135

Change-Id: Ie5b9e98ea2fc16b820d56272653df4874e81cf68
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-03-20 12:47:07 -04:00
Derek Higgins
8187a83259 Disable curl globbing
Disable curl globbing to allow Swift ringbuilder to upload to IPv6
upload addresses. Also dicable globbing in the other places curl
is used.

Change-Id: Iba51cc75bea26b775f790849f0b466a6528ee627
Closes-Bug: #1757118
2018-03-20 11:43:24 +00:00
Zuul
23a311f6ca Merge "firewall/rule: add 'table' support" 2018-03-17 05:54:39 +00:00
Zuul
ac9eb6fd46 Merge "Allow custom per-service listen_options for haproxy" 2018-03-17 04:43:58 +00:00
Andrew Smith
79ccad4b8d Support both rabbitmq and oslo.messaging service nodes
This commit selects either the rabbitmq hosts or the
hosts associated to oslo.messaging rpc and notify services.
This is required for the transition of t-h-t to the use
of the separated oslo.messaging service backends.

This patch:
*select rpc and notify hosts from rabbitmq or oslo_messaging
*modify qdrouterd inter-router link port
*update qdr unit spec
*add release note

Needed-By: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: I154e2fe6f66b296b9b643627d57696e5178e1815
2018-03-16 18:16:42 -04:00
Emilien Macchi
8f3c647ea0 firewall/rule: add 'table' support
... so we can create masquerade/nat rules.

Change-Id: Ic9a2626e73d132c3be7ff14a1f4cdba0c16c5b53
2018-03-16 17:25:57 +00:00
Zuul
c3739495e1 Merge "Create vhost_socket_dir with proper permissions" 2018-03-16 13:01:39 +00:00
Alan Bishop
364c76158f Add NFS backend for cinder-backup service
Add a Cinder backup profile that uses NFS for the backend.

Related-Bug: #1744174
Change-Id: Ic0adb294aa2e60243f8adaf167bdd75e42c8e20e
2018-03-15 19:33:51 -04:00
Zuul
8bf696e1f7 Merge "Extract local CA if it expired" 2018-03-15 09:52:48 +00:00
Zuul
7c5b283a49 Merge "Fail more gracefully when passed an empty ip" 2018-03-15 04:42:40 +00:00
Michele Baldessari
ce4576375d Allow custom per-service listen_options for haproxy
There are situations where it would be advantageous to let
an operator specify custom per-service options.
One such use case seen in the wild is to extend the timeout of the cinder
because due to the specific storage backend these cinder operations
sometimes take a bit longer. Letting the user tweak the
haproxy_default_timeout is likely not what we want as for the case
above we only want to tweak a single service.

We explored another approach to fix this by adding a bunch of
<service>_options class parameters in the tripleo::haproxy class but it
made it extremely bloated and confusing, so we opted for this approach
which is much less invasive both code-wise and complexity-wise

Tested by deploying with:
ExtraConfig:
  tripleo::haproxy::cinder::options:
    "timeout client": '90m'
    'timeout server': '90m'

And observing the following cinder haproxy stanza:
listen cinder
  bind 10.0.0.4:8776 transparent
  bind 172.16.2.9:8776 transparent
  mode http
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
  option httpchk
  option httplog
  timeout client 90m
  timeout server 90m
  server overcloud-controller-0.internalapi.localdomain 172.16.2.7:8776 check fall 5 inter 2000 rise 2
  server overcloud-controller-1.internalapi.localdomain 172.16.2.16:8776 check fall 5 inter 2000 rise 2
  server overcloud-controller-2.internalapi.localdomain 172.16.2.13:8776 check fall 5 inter 2000 rise 2

Closes-Bug: #1755711

Change-Id: Icb7f026190b310d34c47dc059e2fdb22031b0963
2018-03-14 15:12:38 +01:00