ODL enables a feature by default to communicate port state to Neutron
via a websocket connection. The current implementation does not work in
HA, but does work with a noHA deployment. Therefore this patch disables
port status for HA deployments only until there is proper support.
Depends-On: I7eb752ad692e5522051f8393376890fcac9a09fe
Closes-Bug: 1718508
Change-Id: I13b5b72285d3c70cdee4d81678470d52be385aaf
Signed-off-by: Tim Rozet <trozet@redhat.com>
Add a parameter that allows the user to optionally specify a list of
extra Ceph pools to be used as additional RBD backends for Cinder. A
separate RBD backend is created for each pool in the list.
Implements: blueprint multiple-cinder-rbd-backend
Change-Id: I3318b9eaef607d6992f9a8cb605817b6f76dd331
Enables configuration for Service Function Chaining plugin with neutron.
Implements: blueprint networking-sfc-support
Co-Authored-By: Tim Rozet <trozet@redhat.com>
Change-Id: Icd433ddc6ae7de19a09f9e33b410a362c317138a
Depends-On: I09ce12298caee6fb2194240f2e19b4771ab797b0
The current way never retries up- or downloading the rings from the
undercloud. This is risky, for example when there are temporary network
issues.
This patch adds retries to the curl commands. It does so in two ways:
1. curl retries up to 3 times if there is an HTTP error. This could
happen for example if the proxy is accessible, but the proxy itself
can't connect to a backend server. Note that curl returns an exit code
of 0 if there is an HTTP error, so curl itself needs to retry in this
case.
2. If curl fails hard (for example due to an network error, proxy being
down etc) the whole command will be re-executed up to 3 times by Puppet
itself. The default timeout has been set to 30 seconds instead of the
default timeout of 300 seconds.
Change-Id: I21f732c1afa9d472f4a2fb840b6ddad9b8d65d07
This changes adds Dell EMC VNX backend as composable service
and matches the tripleo-heat-templates.
Change-Id: Iab80dc636913610704e1ceb2642ce738b68bb827
Implements: blueprint support-dellemc-vnx-manila
This changes adds Dell EMC Unity backend as composable service
and matches the tripleo-heat-templates.
Change-Id: I0df1e16db89cd53e4f16cd08ccb975d8e7e9a470
Implements: blueprint dellemc-unity-manila
This changes adds Dell EMC Isilon backend as composable service
and matches the tripleo-heat-templates.
Change-Id: I30f6b4c4ebe0a708a5eb34cd016544f4d2b9c2bb
Implements: blueprint dellemc-isilon-manila
This changes adds Dell EMC VMAX backend as composable service
and matches the tripleo-heat-templates.
Change-Id: I6e3b4ed6477c7ee56aef4e9849893229ca648c85
Implements: blueprint dellemc-vmax-manila
Adds a hiera-enabled setting for mysql.pp to
allow configuration of innodb_buffer_pool_size, a key
configurational element for MySQL performance tuning.
Change-Id: Iabdcb6f76510becb98cba35c95db550ffce44ff3
Closes-bug: #1704978
We already are setting a pre-shared key by default for the pacemaker
cluster. This was done in order to communicate with TLS-PSK with
pacemaker-remote clusters. This key is also useful for us to enable
encrypted traffic for the regular cluster traffic, which we enable by
default with this patch.
Change-Id: I349b8bf79eeeaa4ddde1c17b7014603913f184cf
This creates a new class for the stats interface and furtherly
configures it to also use the certificates that are provided by
certmonger (via the internal_certificates_specs variable).
Note that the already existing haproxy_stats_certificate still works and
will take precedence if it's set.
bp tls-via-certmonger
Change-Id: Iea65d91648ab13dbe6ec20241a1a7c95ce856e3e
Previously we had used an exec defined in puppet-tripleo to do
clustering with OpenDaylight docker containers. The clustering issue is
now fixed in puppet-opendaylight by:
https://git.opendaylight.org/gerrit/#/c/60491
So removing the custom function and class workaround. Also,
'ha_node_index' is deprecated for configuring clustering with
puppet-opendaylight so that is also removed.
Depends-On: I21c1eb2eff6d4cb855eff4a1122f55ad625d84cc
Change-Id: I7693b692c74071945fdcc08292542e9b458a540b
Signed-off-by: Tim Rozet <trozet@redhat.com>
Added missing san_private_key parameter used for password less SSH
authentication.
Change-Id: Ia9857064692681172573e9092b53a352cd776cbd
Depends-On: 0743d42ed1ed66e08ab7f4355145b4c06c589801
Add new hook in the keystone profile for Veritas HyperScale.
Add new hook in the rabbitmq profile for Veritas HyperScale.
Add new hook in the mysql profile for Veritas HyperScale.
Change-Id: I9168bffa5c73a205d1bb84b831b06081c40af549
Depends-On: I316b22f4f7f9f68fe5c46075dc348a70e437fb1d
Depends-On: Id188af5e2f7bf628a97a70b8f20bef28e42b372d
Signed-off-by: abhishek.kane <abhishek.kane@veritas.com>
Signed-off-by: Dnyaneshwar Pawar <dnyaneshwar.pawar@veritas.com>
The innodb_flush_log_at_trx_commit flag changes the timing
of when the log buffer is written to disk for writes.
At its default of 1, transactions are written to disk
and the buffer flushed on a per-transaction basis; but when
set to 2, the flush of the buffer proceeds only once per
second. This removes the durability guarantee for the
single node. However the central concept of Galera is
that durability is achieved via the cluster as a whole,
in that transactions are replicated to other nodes before
the commit succeeds (though not necessarily written to disk
unless wsrep_causal_reads is set). In this model,
data would only be lost of all nodes of the Galera cluster
were killed within one second of each other. Percona's
blog post at https://www.percona.com/blog/2014/11/17/typical-misconceptions-on-galera-for-mysql/
recommends that the value of 2 should be considered "safe"
for a Galera cluster unless you are in fact worried that
all three nodes will be powered off simultaneously.
The value here is added as an option only, defaulting
to the usual default of "1", flush per transaction.
Change-Id: Id5a30f1daf978e094a74db2d284febbc9ae64bb3
This patch will move the Contrail roles communication towards
OpenStack APIs from the public/external network to the
internal_api network. I will also add the option to enable
dpdk for Contrail.
Change-Id: Ia835df656031cdf28de20f41ec6ab1c028dced23
Closes-Bug: 1698422
This patch updates the Zaqar profile so that we have
support for configuring alternate versions of the messaging
and management backends.
In Pike instack-undercloud started using the swift/sqlalchemy
backends and the intent here is to update the new containers
undercloud to use a similar default (thus letting us drop Mongodb).
Change-Id: Ie6a56b9163950cee2c0341afa0c0ddce665f3704
Fixes a problem where SR-IOV VF count configuration will fail if a
physical function is in use by a guest when 'puppet apply' is executed.
This change substitutes warnings for failures and skips complaints if a
PCI device is unavailable.
Note: this patch has the side-effect of allowing the same configuration
data on hosts that may *not* or *ever* have PCI SR-IOV devices on the
hardware. Time will tell how evil this is in practice.
Closes-Bug: #1701284
Change-Id: I71edc135432ab2193741c37ce977dd11172401e6
Puppet wipes out whatever is not in it's resource catalog each run for
httpd. This causes httpd to restart if in the next step there are
reasources added that were not there earlier.
This patch, thus changes the instances of httpd to start at the same
time: On step 3 for the bootstrap node, and on step 4 for every other
node.
Closes-Bug: #1699502
Change-Id: I3d29728c1ab7bd5b78100f89e00e5fa082f97b0c
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
The swift-dispersion-populate command needs to be called when Swift and
Keystone are up and running, and therefore we need to ensure this is
running in step 5 or later.
Change-Id: I5b4c08c252b6083dace5a65367920c475de416ce
Ignore failures if nf_conntrack_proto_sctp module failed to load.
Since RHEL 7.4, nf_conntrack_proto_sctp module is compiled into the
kernel instead of as a module as the sctp support.
TripleO will still try to load the module to support RHEL 7.3, but
in the future will remove the module management and rely on the kernel
provided in newer versions of RHEL.
Co-Authored-By: Or Idgar <oidgar@redhat.com>
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Change-Id: I8f1c841a7c0f3b1247aba2b959b6dfbe43d8cd79
Closes-Bug: 1695885
Allows configurability of maxconn as applies to
the MySQL section of the HAProxy config, both
for clustercheck and single node.
Also adds a new test for the haproxy class
overall to exercise options.
Change-Id: I023682dd5e85cc78d6dd3e5214a53863acc4f303
This sets up the CRL file to be triggered on the certmonger_user
resource. Furtherly, HAProxy uses this CRL file in the member options,
thus effectively enabling revocation for proxied nodes.
So, if a certificate has been revoked by the CA, HAProxy will not proxy
requests to it.
bp tls-via-certmonger
Change-Id: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
This will fetch the CRL file from the specified file or URL. Furtherly
it will set up a cron job to refresh the crl file once a week and notify
the needed services.
bp tls-via-certmonger
Change-Id: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
The ring up- and downloading was never executed if run within a
containerized environment. This is due to the fact that this manifest
gets executed within step 6(5) only. There is also an ordering issue,
which actually tries to create the tarballs before rebalancing.
This patch fixes the step conditions and also chains the tarball
creation to the rebalance.
The check to query rings on all nodes can now be disabled. This is
required on containerized environments: the local ring will be modified
and rebalanced, but rings on the existing servers are not yet modified.
Therefore a recon-check will fail, and needs to be disabled.
Closes-Bug: 1694211
Change-Id: I51c5795b9893d797bd73e059910f17a98f04cdbe
Future work in the UI requires Apache to proxy for the
ironic-inspector service the same as it has for other
related services. This adds support for ironic-inspector
through Apache's mod_proxy
Closes-Bug: 1695202
Depends-On: Id395604f1dfbc4bf4f26adbe05f484a10227fd76
Change-Id: I9dcb0769ff90a2fc9561cb86bb822be8087ffe8e
Since galera is configured to use rsync, we ought to make sure the
package is installed. Particularly when using deployed-server, the
package is not always installed by default depending on what was used to
install the servers.
Change-Id: I92ee78f2dd2c0f7fd4d393b104166407d7c654e2
Closes-Bug: #1693003