Currently, on a containerized undercloud, we get error messages from
keepalived container:
/usr/bin/systemctl status haproxy.service exited with status 1
Even if the undercloud is currently not in HA, it's still a good thing
to get clean logs.
Note: the command is launched by the keepalived container, hence we
cannot use pgrep nor anything else. We also need the /var/lib/haproxy
mount in the keepalived container, shared from the haproxy container on
the host.
Change-Id: Ib5050a3a6af262e26b5523974d1d4a80c4e92834
Add parameters for controlling the docker container settings used to
create the manila-share pacemaker bundle. The parameters eliminate the
need to hard-code the list of docker volumes and environment variables,
making it possible to control the values using hiera data.
For backward compatibility, the previous hard-coded values are used
when no parameter inputs are supplied.
Partial-Bug: #1749752
Change-Id: Ia81602f8a3454fcb0be2eaa9126021331d37b147
With the change in https://review.openstack.org/#/c/561784/3 we need to
make sure that the new port range get applied to the the qemu.conf file.
This change includes ::nova::migration::qemu to
::tripleo::profile::base::nova::libvirt
Change-Id: Idadfc7b3507977f1385e846a48a734ed0e5f0a32
Closes-bug: 1779820
The sync_db variable (which is True only on bootstrap node) needs to be
passed to the ::cinder::api resource to ensure the db sync only happens
on the bootstrap node.
Closes-Bug: #1779112
Change-Id: Ib7fcafbe769aadfcc58323ba3a06fa28a80a488a
Changing group permissions alters the ACL mask, causing the "read"
permission we set explicitly for the openstack users to be ignored.
This change ensures "read" is set for the ACLs mask.
Change-Id: I4f94a3f7ab2c55a8c45363b8354be99d52980a7b
Closes-Bug: 1775549
In I415eee7ddc601d1706a5d7f2a561e11b642fa826 the 'storage_vnx_pool_name'
parameter was essentially renamed to 'storage_vnx_pool_names'. This patch
adds support for the new name, and accepts the old name so current THT
continue work.
Related-Bug: #1775375
Depends-On: I415eee7ddc601d1706a5d7f2a561e11b642fa826
Change-Id: Ia48bbb88f6bc8180bfb6981813333eee70db79bb
Allow to override the default PasswordAuthentication parameter (default
is 'no').
Change-Id: I88b24c82fb3cf2309f45d5d447a9b0c403da7fc9
Related-Bug: #1772519
Neutron uses namespaces with different prefixes depending on
configuration and the nature of the resource. This patch changes the
wrappers to use the "ip netns identify" command to determine the target
namespace for the sidecar instead of trying to guess from the command
line options.
Change-Id: If58bb9dabebf201b592fb450a663ae2f24374e00
Closes-Bug: #1773823
We currently do a requires="unfencing" on a start operation, which is
deprecated and will be removed in pacemaker 2.0
We need to move this to a meta param and since pacemaker has supported
this since the dawn of time we can move to it now.
Closes-Bug: #1771519
Depends-On: I5ec830e092646a3626cacea264de9ad81fcdd124
Change-Id: I788e57b7bff68a934794e008cd6127e19882cd23
Deployment of a managed Ceph cluster using puppet-ceph
is not supported from the Pike release. From Queens it
is not supported use of puppet-ceph when using an
external Ceph cluster either.
This change removes the old manifests necessary to
support deployment of Ceph via puppet-ceph.
Templates removed by I17b94e8023873f3129a55e69efd751be0674dfcb
Depends-On: I8b22917e7436084028ef4fbe7604d28d6a68bee0
Implements: blueprint remove-puppet-ceph
Change-Id: I052af1f755b40a5fefa1f8d37e62b6b36c931271
The neutron agents use subprocesses like dnsmasq and keepalived as part
of their implementation. Running these "subprocesses" in separate
containers prevent dataplane breakages/unnecessary failover on agent
container restart.
Also amends docker daemon options to allow including additional unix
domain sockets to bind to the docker daemon. The paths can be mounted by
containers that launch containers instead of mounting /run/docker.sock.
This avoids issues if the docker daemon is restarted while the containers
are running.
Related-Bug: #1749209
Change-Id: Icd4c24ac686d957391548a04722266cefc1bce27
Allow NFS configuration of storage backend for Nova.
This way the instances files will be stored on a shared
NFS storage.
Implements: bp tripleo-nova-nfs
Change-Id: Id15aec6324814a871e87f19f24999b0e3b8a8f05
Currently there are some services such as horizon, keystone that
have more than one log file, currently only one files is posible to
read.
This patch adds the posiility of having more than one file for a
service.
Change-Id: Id1d58637967ffb0e9bd0a83c3cbca699432f5378
This patch enables deploying fluentd service with enabled REST API
interface for monitoring purposes, which we will then use for container
health check.
Change-Id: Ifd31f7a636d91040d2b12314091c834dbec6b2a2
When enabling masquerading, we need to allow the traffic to go through
so we need the FORWARD rules as well, for source and destination
networks.
Also support multiple destinations or sources for ipv4/ipv6 suffixed
rules with a REGEX.
Change-Id: I48aa95b96c762a72273b5b0b714a04da7ee69a40
It'll be used in the OS::TripleO::Services::MasqueradeNetworks service
to configure masquerade IPtables rules when needed for PoC or CI
environments.
Change-Id: I8dda3c164de90954855979529de4f1100a858b45
Related-Bug: #1760211
This commit introduces separate oslo.messaging services in place of
a single rabbitmq server. This enables the separation of rpc and
notifications, the continued use of single rabbitmq server as well
as the use of alternative oslo.messaging drivers/backends.
This patch:
* adds oslo_messaging_* hiera parameters
* update rabbitmq and qdrourterd services
* add release note
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Depends-On: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: Ie181a92731e254b7f613ad25fee6cc37e985c315
Deployments were failing because the owner/group of the TLS generated
certificate and key were set to 'odl'. This user and group does not
exist in a containerized deployment because the ODL RPM is only
installed in the container.
This patch leaves the owner as root for the files which works because
the files are only used to generate a keystore for ODL (which is owned
by odl), and the cert/key files themselves are never read by ODL.
Closes-Bug: 1757135
Change-Id: Ie5b9e98ea2fc16b820d56272653df4874e81cf68
Signed-off-by: Tim Rozet <trozet@redhat.com>
Disable curl globbing to allow Swift ringbuilder to upload to IPv6
upload addresses. Also dicable globbing in the other places curl
is used.
Change-Id: Iba51cc75bea26b775f790849f0b466a6528ee627
Closes-Bug: #1757118
This commit selects either the rabbitmq hosts or the
hosts associated to oslo.messaging rpc and notify services.
This is required for the transition of t-h-t to the use
of the separated oslo.messaging service backends.
This patch:
*select rpc and notify hosts from rabbitmq or oslo_messaging
*modify qdrouterd inter-router link port
*update qdr unit spec
*add release note
Needed-By: I934561612d26befd88a9053262836b47bdf4efb0
Change-Id: I154e2fe6f66b296b9b643627d57696e5178e1815
There are situations where it would be advantageous to let
an operator specify custom per-service options.
One such use case seen in the wild is to extend the timeout of the cinder
because due to the specific storage backend these cinder operations
sometimes take a bit longer. Letting the user tweak the
haproxy_default_timeout is likely not what we want as for the case
above we only want to tweak a single service.
We explored another approach to fix this by adding a bunch of
<service>_options class parameters in the tripleo::haproxy class but it
made it extremely bloated and confusing, so we opted for this approach
which is much less invasive both code-wise and complexity-wise
Tested by deploying with:
ExtraConfig:
tripleo::haproxy::cinder::options:
"timeout client": '90m'
'timeout server': '90m'
And observing the following cinder haproxy stanza:
listen cinder
bind 10.0.0.4:8776 transparent
bind 172.16.2.9:8776 transparent
mode http
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
option httpchk
option httplog
timeout client 90m
timeout server 90m
server overcloud-controller-0.internalapi.localdomain 172.16.2.7:8776 check fall 5 inter 2000 rise 2
server overcloud-controller-1.internalapi.localdomain 172.16.2.16:8776 check fall 5 inter 2000 rise 2
server overcloud-controller-2.internalapi.localdomain 172.16.2.13:8776 check fall 5 inter 2000 rise 2
Closes-Bug: #1755711
Change-Id: Icb7f026190b310d34c47dc059e2fdb22031b0963