Before this change, the values were set to haproxy defaults,
however, these should not be used. The keystone endpoint
should be verified by the system's default CA certificates,
which are mounted into the neutron_api container.
Change-Id: I35b39a1bc0e1793116831485180a49da5e0a019a
Closes-Bug: #1883741
Resolves: rhbz#1844592
(cherry picked from commit 9befc582571757cfd2bfd45f491617af3d563af8)
This patch is fixing following issues:
- currently HAProxy is not enabled by default because of wrong hiera key
- QDR connections are not http connections
- the load balanced services are running only controllers and listening
on internal_api interfaces, so the pacemaker_nodes are reused for this
configuration.
Change-Id: I6ae1ceca7ed4ae313c10e6d8be9803d20d68957d
(cherry picked from commit f0f031b26982f89320dbaa20e282adc7cfaa4e05)
Glance has a read-only 'http' backend that is obsolete now that tripleo
supports glance multi-store (multiple backends). Glance's web-download
import method no longer relies on the 'http' backend, so tripleo should
no longer include 'http' in the list of enabled backends.
Change-Id: I64ee3a3c8f0dabdeab16968c39ea00b8879f5405
(cherry picked from commit a2a04ed48874ecc343c5b6c2ef6a2166f909004a)
Adding support for VXFlexOS Volume Backend
Change-Id: I83b4d400947da16229c565c5311ca033b4c76d73
Closes-Bug: 1875176
(cherry picked from commit c71e527f46ffa9898a7def6afacb837d32faae61)
Neutron agent processes launched in containers are failing with
"Error: relabel failed "/var/lib/neutron": \
SELinux relabeling of /var/lib/neutron is not allowed"
Possibly related prior patch:
https://review.opendev.org/#/c/626546/
Change-Id: Ifc7d0cb79214da44d9cd12481f010e2d7d325aa6
Related-Bug: #1881146
(cherry picked from commit 3fa8c735ae75653284906e5a192391cd03a8431d)
Keepalived is deprecated in Ussuri and will be removed in the next cycle.
blueprint replace-keepalived-undercloud
Change-Id: I8b72e35e5ea4bb5c7a8ff60792d96236fa8b3554
(cherry picked from commit 57d04446f3ab2a1ee259e67dceb219e2c6a8105d)
A new Dell EMC VxFlexOS config is added with
new parameters. Use that instead.
See https://review.opendev.org/#/c/728720/
Change-Id: I9a820e4ed83a3e22fafa8e0cfe2153fd33f09090
(cherry picked from commit 6a27375c2a14b8fc821ba6b65abd503d81da5752)
Ussuri tags are in 17.x series, so we need to update the metadata.json
to require the right openstacklib.
Change-Id: I4562380627b903c01b5e633a52156f5cf9d60b14
When we use an external loadbalancer we do not want neither haproxy nor
VIPs on our control plane, since they will be managed externally.
So a user will usually include something like the following template:
/usr/share/openstack-tripleo-heat-templates/environments/external-loadbalancer-vip.yaml
or implement a similar set of parameters/resource mapping.
The main needed params are: EnableLoadBalancer set to false, the
noop-ing of the haproxy service via 'OS::TripleO::Services::HAproxy: OS::Heat::None'
and the hard-coding of the external VIPs via the *VirtualFixedIPs
parameters.
To make sure we do not create the OVNDbs VIP we will use
the listen_on_master_ip_only as the variable to
determine if an external loadbalancer is used:
- no -> external LB used
- yes -> pcmk+haproxy i.e. our own loadbalancer
We cannot use the enable_load_balancer hiera key that is normally
set by haproxy, because the haproxy service will be nooped.
Related-Bug: #1864409
Change-Id: Ie313c0410ed684661aeea77158572035ddfcfcd5
(cherry picked from commit 50c5e1e6a52798ecebd35c3a1892573ec454061b)
While moving to running pcs commands on the host and off short-lived
containers, we are confronted with the issue that pcs usually checks
for the resource agent's existence on the host before creating it.
Since we'd rather avoid installing the needed resource agents on the
host (as it is inside a container), we allow a new 'force_ocf' parameter
to be passed to those situations where we might need it.
Depends-On: I20eb78a061a334b20f6b2274591c5d313a0af532
Related-Bug: #1863442
Change-Id: If9048196b5c03e3cfaba72f043b7f7275568bdc4
(cherry picked from commit d185cbf032e02eec7f051e85c51c19732620e192)
Since the removal of deprecated vendordata parameters in each classes
in puppet-nova[1], we should explicitly include nova::vendordata class
in nova-api and nova-metadata-api so that required parameters are set
in controller nodes.
[1] 296b106916
Closes-Bug: #1879418
Change-Id: I62d21ea910a976b1ba36b3c9a943d3547b40b7fc
(cherry picked from commit 5df2066a87f53976c309c2204e952a121872ba9d)
Change-Id: Ibfd5587476d5a411206f62e8b4b886db662bf7d1
Related-Bug: #1872823
Signed-off-by: Luke Short <ekultails@gmail.com>
(cherry picked from commit 5c3e736e409e661b7e1db51749719eafb86f2f9a)
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.
Until the requirements repository has as stable/ussuri branch, tests will
continue to use the upper-constraints list on master.
Change-Id: I7f00bd7c27ce77946162c7cea308ce7b93c221ed
Function mysql_password is deprecated and has been removed
in recent puppetlabs-mysql [1]. It has been replaced with
the equivalent, namespaced function mysql::password. Use it
instead.
[1] 5a70627674
Change-Id: I405a986f78f865d89b54dffea17e84d75c068ed7
Closes-Bug: #1878153
Recent version of puppetlabs/mysql [1] have removed the
legacy (old API) function mysql_password and now expose
it via the modern Ruby functions API [2].
with the modern functions API, "if a module has a list
of dependencies in its metadata.json file, it loads custom
functions only from those specific dependencies." [3]
Since puppet-tripleo explicitly calls mysql_password,
we now have to fix metadata.json to explicit the
dependency on puppetlabs/mysql.
Related-Bug: #1878153
[1] 39b7bdef1a
[2] https://puppet.com/docs/puppet/5.5/functions_basics.html
[3] https://puppet.com/docs/puppet/5.5/lang_write_functions_in_puppet.html#calling-a-function
Change-Id: I5a89d0bf25c7973a69ee31d3dee6dc8151a9b1e2
... because support for EC2 API was alreday removed from
tripleo-heat-templates[1].
[1] 7adb850fbc6b4544a542111c930e9169e2051ba7
Change-Id: I16ddf16a39c5f7edd9a4ddf669d0993d9aaa676b
Added support for XtremIO volume config options.
Supports both iSCSI and FC drivers.
Supports deploying multiple instances of the
cinder::backend::dellemc_xtremio backend
(e.g. one iscsi + one fc, multiple iscsi, etc.).
Change-Id: I5a02b90530057f616fb84de5b04d04865693ce2f
Haproxy warns us with the following:
stderr F [WARNING] 121/195330 (7) : parsing [/etc/haproxy/haproxy.cfg:116] : HTTP log/header format not usable with proxy 'nova_novncproxy' (needs 'mode http').
stderr F [WARNING] 121/195330 (7) : config : 'http-request' rules ignored for proxy 'nova_novncproxy' as they require HTTP mode.
Let's add mode http to avoid this which is used in most other services
anyways.
Change-Id: Ib3daf19ed7318a0a04349b62ea4c821e1d87e648
Currently when Memcached is disabled in the deployment, puppet-tripleo
fails because some manifests expect that memcached_node_ips is defined
in hieradata.
This patch ensures that we define the default value ([]) for
memcached_node_ips, so that puppet-tripleo doesn't fail even if
the parameter doesn't appear in heradata.
Change-Id: I6d3e32f7f8f0751bdfbd0b6f2e79c5d85e1af284
... because now the parameter is defined in tht.
Depends-on: https://review.opendev.org/#/c/724870/
Change-Id: I19dc7e041a3c5afff348e897150c61f1c0d70969
Added support for SC volume config options.
Supports both iSCSI and FC drivers.
Supports deploying multiple instances of the
cinder::backend::dellemc_sc backend
(e.g. one iscsi + one fc, multiple iscsi, etc.).
Change-Id: I2f441a9df5bda4e1c646b3259d233f760fd3e742
ceilometer-expirer was alreday removed from ceilometer[1], and it is
no longer used in TripleO deployment.
[1] 9323f07f977f320882f8b536c3b54835274826fc
Change-Id: I9b4a2b38de393d050c95060cc9145efad904deca
ceph-ansible specifies GET in the healthcheck
option and this patch just aligns the haproxy
rgw section to the ceph-ansible specs.
Change-Id: I2de78f17ebb5ff50566c4f53f3377322018525d1
A new Dell SC volume config which supports both iSCSI and FC drivers
is added. Deprecating the old Dell SC config
See review https://review.opendev.org/#/c/722538/
Change-Id: I3402f71fde956ede80da0840780ad4bd227103c7