348 Commits

Author SHA1 Message Date
Jenkins
f87d1539ae Merge "Disables port status updates with ODL in HA" 2017-09-28 02:44:55 +00:00
Jenkins
585f21120b Merge "Add networking-sfc support" 2017-09-26 01:25:56 +00:00
Jenkins
800b761ef4 Merge "Add support for multiple Cinder RBD backends" 2017-09-25 20:06:49 +00:00
Tim Rozet
228d7b456c Disables port status updates with ODL in HA
ODL enables a feature by default to communicate port state to Neutron
via a websocket connection.  The current implementation does not work in
HA, but does work with a noHA deployment.  Therefore this patch disables
port status for HA deployments only until there is proper support.

Depends-On: I7eb752ad692e5522051f8393376890fcac9a09fe

Closes-Bug: 1718508

Change-Id: I13b5b72285d3c70cdee4d81678470d52be385aaf
Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-09-23 09:35:41 -04:00
Alan Bishop
f08484480f Add support for multiple Cinder RBD backends
Add a parameter that allows the user to optionally specify a list of
extra Ceph pools to be used as additional RBD backends for Cinder. A
separate RBD backend is created for each pool in the list.

Implements: blueprint multiple-cinder-rbd-backend
Change-Id: I3318b9eaef607d6992f9a8cb605817b6f76dd331
2017-09-22 11:48:45 -04:00
Jenkins
b77751a711 Merge "Retry Swift ring up-/downloads on failures" 2017-09-22 01:51:44 +00:00
Cédric Jeanneret
9939df4c17 added release note for new haproxy_socket_access
Change-Id: I4024177fdf97bef929d6a699662acbf56abdb0af
2017-09-13 12:18:42 +02:00
Bernard Cafarelli
8445e3bbdf
Add networking-sfc support
Enables configuration for Service Function Chaining plugin with neutron.

Implements: blueprint networking-sfc-support

Co-Authored-By: Tim Rozet <trozet@redhat.com>
Change-Id: Icd433ddc6ae7de19a09f9e33b410a362c317138a
Depends-On: I09ce12298caee6fb2194240f2e19b4771ab797b0
2017-09-12 11:25:51 +02:00
Christian Schwede
46537e0c4b Retry Swift ring up-/downloads on failures
The current way never retries up- or downloading the rings from the
undercloud. This is risky, for example when there are temporary network
issues.

This patch adds retries to the curl commands. It does so in two ways:

1. curl retries up to 3 times if there is an HTTP error. This could
happen for example if the proxy is accessible, but the proxy itself
can't connect to a backend server. Note that curl returns an exit code
of 0 if there is an HTTP error, so curl itself needs to retry in this
case.

2. If curl fails hard (for example due to an network error, proxy being
down etc) the whole command will be re-executed up to 3 times by Puppet
itself. The default timeout has been set to 30 seconds instead of the
default timeout of 300 seconds.

Change-Id: I21f732c1afa9d472f4a2fb840b6ddad9b8d65d07
2017-09-01 11:05:11 +02:00
Thomas Herve
34c4b7211a Allow using redis as a Zaqar messaging backend.
Change-Id: I66ab40f8f993fbf4c3c9b1ded56de1f7a1a26c0c
2017-08-31 11:46:49 +02:00
rajinir
eca5b4dfb2 Support for Dell EMC VNX Manila Driver
This changes adds Dell EMC VNX backend as composable service
and matches the tripleo-heat-templates.

Change-Id: Iab80dc636913610704e1ceb2642ce738b68bb827
Implements: blueprint support-dellemc-vnx-manila
2017-08-30 16:14:10 +00:00
rajinir
2f93b4fc3a Support for Dell EMC Unity Manila Driver
This changes adds Dell EMC Unity backend as composable service
and matches the tripleo-heat-templates.

Change-Id: I0df1e16db89cd53e4f16cd08ccb975d8e7e9a470
Implements: blueprint dellemc-unity-manila
2017-08-26 04:54:24 +00:00
rajinir
75ee7f12f1 Support for Dell EMC Isilon Manila Driver
This changes adds Dell EMC Isilon backend as composable service
and matches the tripleo-heat-templates.

Change-Id: I30f6b4c4ebe0a708a5eb34cd016544f4d2b9c2bb
Implements: blueprint dellemc-isilon-manila
2017-08-26 04:54:18 +00:00
Jenkins
207b1ea97b Merge "Support for Dell EMC VMAX Manila Driver" 2017-08-19 03:07:04 +00:00
rajinir
1500676424 Support for Dell EMC VMAX Manila Driver
This changes adds Dell EMC VMAX backend as composable service
and matches the tripleo-heat-templates.

Change-Id: I6e3b4ed6477c7ee56aef4e9849893229ca648c85
Implements: blueprint dellemc-vmax-manila
2017-08-14 10:13:04 -05:00
Jenkins
760e858d76 Merge "Enable innodb_buffer_pool_size configuration" 2017-08-09 13:51:16 +00:00
Jenkins
193a40edfb Merge "Enable encryption of pacemaker traffic by default" 2017-08-05 07:33:55 +00:00
Mike Bayer
54532632aa Enable innodb_buffer_pool_size configuration
Adds a hiera-enabled setting for mysql.pp to
allow configuration of innodb_buffer_pool_size, a key
configurational element for MySQL performance tuning.

Change-Id: Iabdcb6f76510becb98cba35c95db550ffce44ff3
Closes-bug: #1704978
2017-08-03 12:03:21 -04:00
Juan Antonio Osorio Robles
c5dc851235 Enable encryption of pacemaker traffic by default
We already are setting a pre-shared key by default for the pacemaker
cluster. This was done in order to communicate with TLS-PSK with
pacemaker-remote clusters. This key is also useful for us to enable
encrypted traffic for the regular cluster traffic, which we enable by
default with this patch.

Change-Id: I349b8bf79eeeaa4ddde1c17b7014603913f184cf
2017-08-01 08:39:33 +03:00
Juan Antonio Osorio Robles
e51e796920 Enable TLS for the HAProxy stats interface
This creates a new class for the stats interface and furtherly
configures it to also use the certificates that are provided by
certmonger (via the internal_certificates_specs variable).

Note that the already existing haproxy_stats_certificate still works and
will take precedence if it's set.

bp tls-via-certmonger

Change-Id: Iea65d91648ab13dbe6ec20241a1a7c95ce856e3e
2017-07-31 13:30:14 +00:00
Tim Rozet
13270af790 Deprecates using exec workaround for ODL clustering
Previously we had used an exec defined in puppet-tripleo to do
clustering with OpenDaylight docker containers.  The clustering issue is
now fixed in puppet-opendaylight by:
https://git.opendaylight.org/gerrit/#/c/60491

So removing the custom function and class workaround.  Also,
'ha_node_index' is deprecated for configuring clustering with
puppet-opendaylight so that is also removed.

Depends-On: I21c1eb2eff6d4cb855eff4a1122f55ad625d84cc

Change-Id: I7693b692c74071945fdcc08292542e9b458a540b
Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-21 13:02:51 -04:00
Jenkins
d47c6ae05c Merge "PS Cinder: Added support for password less login" 2017-07-19 21:24:34 +00:00
rajinir
1bde378cf6 PS Cinder: Added support for password less login
Added missing san_private_key parameter used for password less SSH
authentication.

Change-Id: Ia9857064692681172573e9092b53a352cd776cbd
Depends-On: 0743d42ed1ed66e08ab7f4355145b4c06c589801
2017-07-18 12:52:17 -05:00
Jenkins
1b4effb7fd Merge "Add option for innodb_flush_log_at_trx_commit = 2 for Galera only" 2017-07-17 08:20:11 +00:00
Jenkins
9c49a5c39a Merge "Add new profile for the Veritas HyperScale's cinder backend." 2017-07-15 18:33:05 +00:00
Jenkins
152d224c73 Merge "Contrail: Fix controlplane/dataplane network asignments & enable optional dpdk" 2017-07-14 23:44:24 +00:00
abhishek.kane
a87fb12823 Add new profile for the Veritas HyperScale's cinder backend.
Add new hook in the keystone profile for Veritas HyperScale.
Add new hook in the rabbitmq profile for Veritas HyperScale.
Add new hook in the mysql profile for Veritas HyperScale.

Change-Id: I9168bffa5c73a205d1bb84b831b06081c40af549
Depends-On: I316b22f4f7f9f68fe5c46075dc348a70e437fb1d
Depends-On: Id188af5e2f7bf628a97a70b8f20bef28e42b372d
Signed-off-by: abhishek.kane <abhishek.kane@veritas.com>
Signed-off-by: Dnyaneshwar Pawar <dnyaneshwar.pawar@veritas.com>
2017-07-14 12:45:59 +05:30
Jenkins
d875a57472 Merge "Do not fail if PCI device is missing" 2017-07-12 03:28:27 +00:00
Jenkins
76af0ab6a4 Merge "Add Swift dispersion profile" 2017-07-06 18:12:58 +00:00
Mike Bayer
8b2d404777 Add option for innodb_flush_log_at_trx_commit = 2 for Galera only
The innodb_flush_log_at_trx_commit flag changes the timing
of when the log buffer is written to disk for writes.
At its default of 1, transactions are written to disk
and the buffer flushed on a per-transaction basis; but when
set to 2, the flush of the buffer proceeds only once per
second.  This removes the durability guarantee for the
single node.  However the central concept of Galera is
that durability is achieved via the cluster as a whole,
in that transactions are replicated to other nodes before
the commit succeeds (though not necessarily written to disk
unless wsrep_causal_reads is set).  In this model,
data would only be lost of all nodes of the Galera cluster
were killed within one second of each other.  Percona's
blog post at https://www.percona.com/blog/2014/11/17/typical-misconceptions-on-galera-for-mysql/
recommends that the value of 2 should be considered "safe"
for a Galera cluster unless you are in fact worried that
all three nodes will be powered off simultaneously.

The value here is added as an option only, defaulting
to the usual default of "1", flush per transaction.

Change-Id: Id5a30f1daf978e094a74db2d284febbc9ae64bb3
2017-07-06 12:42:38 -04:00
Michael Henkel
8b9e2b3c6c Contrail: Fix controlplane/dataplane network asignments & enable optional dpdk
This patch will move the Contrail roles communication towards
OpenStack APIs from the public/external network to the
internal_api network. I will also add the option to enable
dpdk for Contrail.

Change-Id: Ia835df656031cdf28de20f41ec6ab1c028dced23
Closes-Bug: 1698422
2017-07-05 22:52:58 +02:00
Dan Prince
096e913306 Zaqar: support configurable backends
This patch updates the Zaqar profile so that we have
support for configuring alternate versions of the messaging
and management backends.

In Pike instack-undercloud started using the swift/sqlalchemy
backends and the intent here is to update the new containers
undercloud to use a similar default (thus letting us drop Mongodb).

Change-Id: Ie6a56b9163950cee2c0341afa0c0ddce665f3704
2017-06-29 14:55:17 -04:00
Brent Eagles
d71697a419 Do not fail if PCI device is missing
Fixes a problem where SR-IOV VF count configuration will fail if a
physical function is in use by a guest when 'puppet apply' is executed.
This change substitutes warnings for failures and skips complaints if a
PCI device is unavailable.

Note: this patch has the side-effect of allowing the same configuration
data on hosts that may *not* or *ever* have PCI SR-IOV devices on the
hardware. Time will tell how evil this is in practice.

Closes-Bug: #1701284
Change-Id: I71edc135432ab2193741c37ce977dd11172401e6
2017-06-29 11:55:14 -02:30
Juan Antonio Osorio Robles
ad14f23c11 Always start httpd at the same time
Puppet wipes out whatever is not in it's resource catalog each run for
httpd. This causes httpd to restart if in the next step there are
reasources added that were not there earlier.

This patch, thus changes the instances of httpd to start at the same
time: On step 3 for the bootstrap node, and on step 4 for every other
node.

Closes-Bug: #1699502
Change-Id: I3d29728c1ab7bd5b78100f89e00e5fa082f97b0c
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2017-06-27 14:38:45 +03:00
Christian Schwede
b6a6f3e28e Add Swift dispersion profile
The swift-dispersion-populate command needs to be called when Swift and
Keystone are up and running, and therefore we need to ensure this is
running in step 5 or later.

Change-Id: I5b4c08c252b6083dace5a65367920c475de416ce
2017-06-23 09:46:55 +02:00
Jenkins
64695c7085 Merge "Ignore failures when loading nf_conntrack_proto_sctp kernel module" 2017-06-21 16:21:26 +00:00
Or Idgar
76eb1bbd4f Ignore failures when loading nf_conntrack_proto_sctp kernel module
Ignore failures if nf_conntrack_proto_sctp module failed to load.
Since RHEL 7.4, nf_conntrack_proto_sctp module is compiled into the
kernel instead of as a module as the sctp support.
TripleO will still try to load the module to support RHEL 7.3, but
in the future will remove the module management and rely on the kernel
provided in newer versions of RHEL.

Co-Authored-By: Or Idgar <oidgar@redhat.com>
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>

Change-Id: I8f1c841a7c0f3b1247aba2b959b6dfbe43d8cd79
Closes-Bug: 1695885
2017-06-20 18:47:56 +00:00
Mike Bayer
7e6924c436 Add maxconn parameter to MySQL / HAProxy
Allows configurability of maxconn as applies to
the MySQL section of the HAProxy config, both
for clustercheck and single node.

Also adds a new test for the haproxy class
overall to exercise options.

Change-Id: I023682dd5e85cc78d6dd3e5214a53863acc4f303
2017-06-20 10:48:43 -04:00
Jenkins
322888dc08 Merge "Fix Swift ring management in container deployments" 2017-06-14 01:00:37 +00:00
Jenkins
c7f2163aa4 Merge "Support for proxying ironic-inspector via Apache" 2017-06-13 00:29:03 +00:00
Jenkins
b8a10fbc15 Merge "Install rsync package for galera" 2017-06-11 16:01:33 +00:00
Juan Antonio Osorio Robles
c8d2a1133e Use CRL for HAProxy
This sets up the CRL file to be triggered on the certmonger_user
resource. Furtherly, HAProxy uses this CRL file in the member options,
thus effectively enabling revocation for proxied nodes.

So, if a certificate has been revoked by the CA, HAProxy will not proxy
requests to it.

bp tls-via-certmonger

Change-Id: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
2017-06-08 16:57:18 +03:00
Juan Antonio Osorio Robles
2bb37b6189 Add resource to fetch CRL
This will fetch the CRL file from the specified file or URL. Furtherly
it will set up a cron job to refresh the crl file once a week and notify
the needed services.

bp tls-via-certmonger

Change-Id: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
2017-06-08 16:57:15 +03:00
Christian Schwede
410e05ba63 Fix Swift ring management in container deployments
The ring up- and downloading was never executed if run within a
containerized environment. This is due to the fact that this manifest
gets executed within step 6(5) only. There is also an ordering issue,
which actually tries to create the tarballs before rebalancing.

This patch fixes the step conditions and also chains the tarball
creation to the rebalance.

The check to query rings on all nodes can now be disabled. This is
required on containerized environments: the local ring will be modified
and rebalanced, but rings on the existing servers are not yet modified.
Therefore a recon-check will fail, and needs to be disabled.

Closes-Bug: 1694211
Change-Id: I51c5795b9893d797bd73e059910f17a98f04cdbe
2017-06-07 15:45:04 +02:00
Jenkins
0a75929ade Merge "Add Mistral event engine" 2017-06-05 23:57:49 +00:00
Jenkins
3703cad580 Merge "Pacemaker support for OVN DB servers" 2017-06-05 15:27:18 +00:00
Jenkins
4216c6bff1 Support for proxying ironic-inspector via Apache
Future work in the UI requires Apache to proxy for the
ironic-inspector service the same as it has for other
related services.  This adds support for ironic-inspector
through Apache's mod_proxy

Closes-Bug: 1695202
Depends-On: Id395604f1dfbc4bf4f26adbe05f484a10227fd76
Change-Id: I9dcb0769ff90a2fc9561cb86bb822be8087ffe8e
2017-06-05 10:28:14 -04:00
Jenkins
312b3d47b5 Merge "Composable Role for Neutron LBaaS" 2017-06-01 22:20:36 +00:00
James Slagle
bb826c000f Install rsync package for galera
Since galera is configured to use rsync, we ought to make sure the
package is installed. Particularly when using deployed-server, the
package is not always installed by default depending on what was used to
install the servers.

Change-Id: I92ee78f2dd2c0f7fd4d393b104166407d7c654e2
Closes-Bug: #1693003
2017-06-01 14:55:51 -04:00
Doug Hellmann
c89f8791ae make release note a list of strings
Change-Id: I806e15f24309261bb4bf108aacc43a5c4d2d33bc
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
2017-06-01 12:50:51 -04:00