This has been observed during an IHA FFU process. Namely
after the OS upgrade by LEAPP the fence_compute resource will
fail starting because python3-novaclient is not installed.
Normally this is taken care of by rpm dependencies, but
fence_compute is buggy and does not explicitely have that
dep (https://bugzilla.redhat.com/show_bug.cgi?id=1857247)
So we need to make sure the package is installed before
creating the resource.
Tested this on four consecutive successful IHA FFU runs
and it worked okay.
Related-Bug: #1888398
Change-Id: I6816d414409da3748b2e341ec05ebcad86ad8fd1
... to avoid lint errors by relative_classname_inclusion, which was
re-enabled recently[1].
[1] https://review.opendev.org/#/c/740023/
Change-Id: Ibb80b8b0f4075c00ceb306bcf54bb87df58165af
The change is made because /swift/healthcheck weights less on RGW
and avoids overloading the nodes CPU for basic HAProxy checks
For more information also see [1]
1. https://bugzilla.redhat.com/show_bug.cgi?id=1850036#c16
Change-Id: I3e2805a922c0e90dc493a3e065bbdc229e5fc7a8
This patch fixes the ceph_nfs upgrade process checking
for the short_name variable definition.
This is required to properly handle the FFU process for
this service.
Change-Id: I89c848bdae1b997b38a5164302acdcca94619471
While doing research for this bugzilla[1] I found that since the
actual certificate PEM file is being bind mounted the mount is acting
as a hard link to the inode of the PEM rather than just a pointer to
it's location in the directory. When the new file is copied over the
inode is updated but the container still maintains a link to the stale
inode. This patch copies the contents of the certificate into the
container so that the HUP of HAProxy will reload the certificate.
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1765839
Change-Id: Idf106c9ffa23ed00c497e1e5014e1b5718254320
Closes-Bug: 1871663
Currently when we run with puppet --debug on a non cluster node we get:
overcloud-novacompute-0 ~$ puppet facts --debug --color=false|grep Error
Debug: Facter: Error: unable to get cib
Let's just remove stderr from the pcs command. After the fix:
overcloud-novacompute-0 ~$ puppet facts --debug --color=false|grep Error
overcloud-novacompute-0 ~$
Change-Id: Ie48a78a30d9a2824155a9f7388660cab7b5935dd
In I3bf244a70538209773804eb85fae6be035c587f4 we made sure that
we use the additional_erl_args to define parameters. This all
works well but it requires the corresponding THT change
(I567839785a72813a382a00253562894e19eb6715). Let's make it so
that we can merge all the puppet changes without mandating the
THT change at the same time. This makes things easier when backporting.
Tested by deploying a queens environment with this change,
puppet-rabbitmq from master and correctly got a working rabbitmq
cluster. (I.e. we avoided deploying with the corresponding THT change)
Change-Id: I9fa9ba95410ed3994f608beb2c5e1578dc3a7c7a
Related-Bug: #1884922
This patch removes usage of the keystone::enable_bootstrap parameter,
because it has been deprecated[1] and has no effect now.
Note that we currently implement bootstrap process in t-h-t, thus
we don't need to include keystone::bootstrap in puppet-tripleo.
[1] bc1ff1d7cb01ac02790c3302a3da6e994598d9f6
Change-Id: I9e29f774afe26c56f0091aa28ef5517f26fe1e4b
If grafana is not enabled in the overcloud the
dashboard section shouldn't be created. We
currently hit an issue during upgrades because
the haproxy exists (because of ceph_mgr_enabled)
even though the dashboard bits aren't deployed.
Using the same condition for both services should
be safe enough.
Closes-Bug: #1885122
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: I70d2ef2a64f0a46203d7a60b564eaa287e5708d6
In THT we allow RabbitAdditionalErlArgs to set some additional
parameters which should be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
when starting rabbit. The problem is that when we use internal tls
that parameter gets ignored and so we lose our default '+sbwt none'.
Let's do this via a proper parameter while also considering the fact
that historically the default value of RabbitAdditionalErlArgs had
apices around it.
Change-Id: I3bf244a70538209773804eb85fae6be035c587f4
Related-Bug: #1884922
... because support for EC2 API should have been removed[1].
[1] 1854f9a641fef548e1d5f665fce0030a867c6f80
Change-Id: I9ce13aefb82cbcada5466cd3dddf851cfc51bacc
Allow override of galera promote timeout
This commit removes the hard coded value of pacemaker promote time out
(currently 300s), and allows operators to override it via:
tripleo::profile::pacemaker::database::mysql::promote_timeout
tripleo::profile::pacemaker::database::mysql_bundle::promote_timeout
Closes-Bug: #1883896
Change-Id: I96f5d349b94f05f4f66db6b85ba481deba0015d9
Parameters "minsize" and "notifempty" of /etc/logrotate-crond.conf
in the container logrotate_crond should be changeable even if this
doesn't comply with GDPR. This is because there might be users who
don't want to comply with it for some reason such as their internal
rule, testing purpose, etc.
This patch adds the following Puppet hieradata.
tripleo::profile::base::logging::logrotate::minsize (default: 1)
tripleo::profile::base::logging::logrotate::notifempty (default: True)
Change-Id: I623c711921cf7fe52f15cc1ba4a1dafb3c9479b7
Closes-Bug: #1884415
Before this change, the values were set to haproxy defaults,
however, these should not be used. The keystone endpoint
should be verified by the system's default CA certificates,
which are mounted into the neutron_api container.
Change-Id: I35b39a1bc0e1793116831485180a49da5e0a019a
Closes-Bug: #1883741
Resolves: rhbz#1844592
haproxy.pp assumes that Ceph rgw instances cannot be SSL
encrypted and generates invalid haproxy configuration files
in setups where EnableInternalTLS is set to true.
This patch makes haproxy.pp honor EnableInternalTLS and
include internal_tls_member_options in the member_options
for Ceph rgw instances.
Change-Id: If59a27b28eb61ab2c1ff84f5047261e8695234d4
Closes-Bug: #1883296
Glance has a read-only 'http' backend that is obsolete now that tripleo
supports glance multi-store (multiple backends). Glance's web-download
import method no longer relies on the 'http' backend, so tripleo should
no longer include 'http' in the list of enabled backends.
Change-Id: I64ee3a3c8f0dabdeab16968c39ea00b8879f5405
Switch to openstackdocstheme 2.2.1 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I40a84c827397517b923158e5b8c57b21228b64b6
Neutron agent processes launched in containers are failing with
"Error: relabel failed "/var/lib/neutron": \
SELinux relabeling of /var/lib/neutron is not allowed"
Possibly related prior patch:
https://review.opendev.org/#/c/626546/
Change-Id: Ifc7d0cb79214da44d9cd12481f010e2d7d325aa6
Related-Bug: #1881146
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I67c99ab0f495710b98c0720db79a3c9713fafb6d
Sem-Ver: feature
The nova::vendordata is not automatically loaded now, so we should
explicitly include the class in the manifest for nova-compute to
configure vendordata parameters in nova-compute.
Depends-on: https://review.opendev.org/#/c/730424/
Change-Id: I0843d38bd9fe0cc9bf92f533a7dbe83a0b4f297d
