2932 Commits

Author SHA1 Message Date
Grzegorz Grasza
c76b60b4ab Fix the default values for ca_file and cert_file
Before this change, the values were set to haproxy defaults,
however, these should not be used. The keystone endpoint
should be verified by the system's default CA certificates,
which are mounted into the neutron_api container.

Change-Id: I35b39a1bc0e1793116831485180a49da5e0a019a
Closes-Bug: #1883741
Resolves: rhbz#1844592
(cherry picked from commit 9befc582571757cfd2bfd45f491617af3d563af8)
2020-06-24 09:21:53 +00:00
Martin Magr
b8568c4bc3 Finish HAProxy config for metrics_qdr
This patch is fixing following issues:
  - currently HAProxy is not enabled by default because of wrong hiera key
  - QDR connections are not http connections
  - the load balanced services are running only controllers and listening
    on internal_api interfaces, so the pacemaker_nodes are reused for this
    configuration.

Change-Id: I6ae1ceca7ed4ae313c10e6d8be9803d20d68957d
(cherry picked from commit f0f031b26982f89320dbaa20e282adc7cfaa4e05)
2020-06-10 11:49:01 +00:00
Zuul
154715ac00 Merge "Support for Dell EMC VXFlexOS Backend" into stable/ussuri 2020-06-09 05:25:17 +00:00
Alan Bishop
b1b435e95d Remove obsolete 'http' backend from glance configuration
Glance has a read-only 'http' backend that is obsolete now that tripleo
supports glance multi-store (multiple backends). Glance's web-download
import method no longer relies on the 'http' backend, so tripleo should
no longer include 'http' in the list of enabled backends.

Change-Id: I64ee3a3c8f0dabdeab16968c39ea00b8879f5405
(cherry picked from commit a2a04ed48874ecc343c5b6c2ef6a2166f909004a)
2020-06-05 22:16:22 -07:00
rajinir
cdee1e3496 Support for Dell EMC VXFlexOS Backend
Adding support for VXFlexOS Volume Backend

Change-Id: I83b4d400947da16229c565c5311ca033b4c76d73
Closes-Bug: 1875176
(cherry picked from commit c71e527f46ffa9898a7def6afacb837d32faae61)
2020-06-04 16:18:12 -05:00
Brent Eagles
d2dfda965e Remove selinux relabel mount option for neutron
Neutron agent processes launched in containers are failing with
 "Error: relabel failed "/var/lib/neutron": \
  SELinux relabeling of /var/lib/neutron is not allowed"

Possibly related prior patch:
 https://review.opendev.org/#/c/626546/

Change-Id: Ifc7d0cb79214da44d9cd12481f010e2d7d325aa6
Related-Bug: #1881146
(cherry picked from commit 3fa8c735ae75653284906e5a192391cd03a8431d)
2020-06-03 09:46:47 +00:00
Emilien Macchi
bfbe25b312 Deprecate Keepalived
Keepalived is deprecated in Ussuri and will be removed in the next cycle.

blueprint replace-keepalived-undercloud
Change-Id: I8b72e35e5ea4bb5c7a8ff60792d96236fa8b3554
(cherry picked from commit 57d04446f3ab2a1ee259e67dceb219e2c6a8105d)
2020-05-29 13:18:10 +00:00
rajinir
a9831936f5 Deprecating ScaleIO Volume Config
A new Dell EMC VxFlexOS  config is added with
new parameters. Use that instead.
See https://review.opendev.org/#/c/728720/

Change-Id: I9a820e4ed83a3e22fafa8e0cfe2153fd33f09090
(cherry picked from commit 6a27375c2a14b8fc821ba6b65abd503d81da5752)
2020-05-28 02:29:08 +00:00
Zuul
872de539dc Merge "metadata/ussuri: fix openstacklib requirement" into stable/ussuri 2020-05-27 23:27:06 +00:00
Zuul
d1c608381b Merge "Allow the Mistral tunnel timeout to be configurable." into stable/ussuri 2020-05-27 20:20:42 +00:00
Zuul
9a0037b803 Merge "Fix ipv6 addrlabel for ceph-nfs" into stable/ussuri 2020-05-27 15:01:04 +00:00
Zuul
1693cff347 Merge "Include vendordata in nova-api and nova-metadata-api" into stable/ussuri 2020-05-27 14:54:21 +00:00
Zuul
13662d55f0 Merge "Allow OCF resources to be created with --force" into stable/ussuri 2020-05-27 14:46:07 +00:00
Zuul
eb7663c34e Merge "Only run the VIP creation code when enable_load_balancer is set to true" into stable/ussuri 2020-05-27 14:34:06 +00:00
Emilien Macchi
6ee41de6d7 metadata/ussuri: fix openstacklib requirement
Ussuri tags are in 17.x series, so we need to update the metadata.json
to require the right openstacklib.

Change-Id: I4562380627b903c01b5e633a52156f5cf9d60b14
2020-05-27 09:07:15 -04:00
Michele Baldessari
7c9cd6e620 Only run the VIP creation code when enable_load_balancer is set to true
When we use an external loadbalancer we do not want neither haproxy nor
VIPs on our control plane, since they will be managed externally.

So a user will usually include something like the following template:
/usr/share/openstack-tripleo-heat-templates/environments/external-loadbalancer-vip.yaml
or implement a similar set of parameters/resource mapping.
The main needed params are: EnableLoadBalancer set to false, the
noop-ing of the haproxy service via 'OS::TripleO::Services::HAproxy: OS::Heat::None'
and the hard-coding of the external VIPs via the *VirtualFixedIPs
parameters.

To make sure we do not create the OVNDbs VIP we will use
the listen_on_master_ip_only as the variable to
determine if an external loadbalancer is used:
- no -> external LB used
- yes -> pcmk+haproxy i.e. our own loadbalancer

We cannot use the enable_load_balancer hiera key that is normally
set by haproxy, because the haproxy service will be nooped.

Related-Bug: #1864409

Change-Id: Ie313c0410ed684661aeea77158572035ddfcfcd5
(cherry picked from commit 50c5e1e6a52798ecebd35c3a1892573ec454061b)
2020-05-27 02:59:34 +00:00
Michele Baldessari
844975ef4b Allow OCF resources to be created with --force
While moving to running pcs commands on the host and off short-lived
containers, we are confronted with the issue that pcs usually checks
for the resource agent's existence on the host before creating it.
Since we'd rather avoid installing the needed resource agents on the
host (as it is inside a container), we allow a new 'force_ocf' parameter
to be passed to those situations where we might need it.

Depends-On: I20eb78a061a334b20f6b2274591c5d313a0af532

Related-Bug: #1863442
Change-Id: If9048196b5c03e3cfaba72f043b7f7275568bdc4
(cherry picked from commit d185cbf032e02eec7f051e85c51c19732620e192)
2020-05-27 02:59:23 +00:00
Takashi Kajinami
c6456e381e Include vendordata in nova-api and nova-metadata-api
Since the removal of deprecated vendordata parameters in each classes
in puppet-nova[1], we should explicitly include nova::vendordata class
in nova-api and nova-metadata-api so that required parameters are set
in controller nodes.

[1] 296b106916

Closes-Bug: #1879418
Change-Id: I62d21ea910a976b1ba36b3c9a943d3547b40b7fc
(cherry picked from commit 5df2066a87f53976c309c2204e952a121872ba9d)
2020-05-27 02:59:15 +00:00
Michele Baldessari
b2ffbe7f5b Fix ipv6 addrlabel for ceph-nfs
No need to comment it out and we can keep it in sync like with the other
VIPs we create:
https://github.com/openstack/puppet-tripleo/blob/master/manifests/pacemaker/haproxy_with_vip.pp#L78
https://github.com/openstack/puppet-tripleo/blob/master/manifests/profile/pacemaker/ovn_dbs_bundle.pp#L305

Change-Id: I680f6c0e7b8369b939a1c90c01a72edbb8e460f9
(cherry picked from commit 91f366c5f6881856f70bb7c8bed5c59c973bc8b2)
2020-05-27 02:59:05 +00:00
Luke Short
ec4e58927f Allow the Mistral tunnel timeout to be configurable.
Change-Id: Ibfd5587476d5a411206f62e8b4b886db662bf7d1
Related-Bug:  #1872823
Signed-off-by: Luke Short <ekultails@gmail.com>
(cherry picked from commit 5c3e736e409e661b7e1db51749719eafb86f2f9a)
2020-05-27 02:46:26 +00:00
b3348f08d4 Update TOX_CONSTRAINTS_FILE for stable/ussuri
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.

Until the requirements repository has as stable/ussuri branch, tests will
continue to use the upper-constraints list on master.

Change-Id: I7f00bd7c27ce77946162c7cea308ce7b93c221ed
2020-05-26 17:14:03 +00:00
388ecb745e Update .gitreview for stable/ussuri
Change-Id: I1d32339cdc8761ce14c65ec380091f09463df461
2020-05-26 17:14:00 +00:00
Wes Hayutin
3273e5589d final release (GA) for ussuri
Change-Id: I907ca0d68d85a9bdb1b1f536a48ed63b79701bc9
2020-05-13 11:26:11 -06:00
Zuul
99c3e515fb Merge "Stop using deprecated function mysql_password" 2020-05-13 15:13:02 +00:00
Zuul
5facfa151c Merge "Fix puppetlabs/mysql dependency in metadata.json" 2020-05-13 14:47:32 +00:00
Damien Ciabrini
b382becab1 Stop using deprecated function mysql_password
Function mysql_password is deprecated and has been removed
in recent puppetlabs-mysql [1]. It has been replaced with
the equivalent, namespaced function mysql::password. Use it
instead.

[1] 5a70627674

Change-Id: I405a986f78f865d89b54dffea17e84d75c068ed7
Closes-Bug: #1878153
2020-05-12 22:59:11 +02:00
Damien Ciabrini
ea6e31cf87 Fix puppetlabs/mysql dependency in metadata.json
Recent version of puppetlabs/mysql [1] have removed the
legacy (old API) function mysql_password and now expose
it via the modern Ruby functions API [2].

with the modern functions API, "if a module has a list
of dependencies in its metadata.json file, it loads custom
functions only from those specific dependencies." [3]

Since puppet-tripleo explicitly calls mysql_password,
we now have to fix metadata.json to explicit the
dependency on puppetlabs/mysql.

Related-Bug: #1878153

[1] 39b7bdef1a
[2] https://puppet.com/docs/puppet/5.5/functions_basics.html
[3] https://puppet.com/docs/puppet/5.5/lang_write_functions_in_puppet.html#calling-a-function

Change-Id: I5a89d0bf25c7973a69ee31d3dee6dc8151a9b1e2
2020-05-12 22:26:53 +02:00
Zuul
d087fd6a94 Merge "Remove EC2 API" 2020-05-12 20:09:39 +00:00
rajinir
d9cae95f0a Powermax Config Fixes
Fixing the issues with Powermax config
and unit tests

Change-Id: Idf5c2f3a9f00833baee4299b8147427938a28df9
2020-05-11 10:45:56 -05:00
Zuul
ca3ce73676 Merge "Support for Dell EMC XtremIO Volume Config" 2020-05-09 05:36:28 +00:00
Zuul
1e3910a361 Merge "Deprecating Old Dell SC Volume Config" 2020-05-07 02:07:40 +00:00
Takashi Kajinami
1854f9a641 Remove EC2 API
... because support for EC2 API was alreday removed from
tripleo-heat-templates[1].

[1] 7adb850fbc6b4544a542111c930e9169e2051ba7

Change-Id: I16ddf16a39c5f7edd9a4ddf669d0993d9aaa676b
2020-05-06 22:10:12 +09:00
Zuul
978115bc8b Merge "Accept missing memcached_node_ips" 2020-05-06 10:08:45 +00:00
Zuul
15d84c3745 Merge "Do not set cache parameter for openidc" 2020-05-06 10:08:43 +00:00
Zuul
48ffe8d0a5 Merge "Rremove manifests for ceilometer-expirer" 2020-05-06 01:08:50 +00:00
rajinir
d9bdd746dc Support for Dell EMC XtremIO Volume Config
Added support for XtremIO volume config options.
Supports both iSCSI and FC drivers.
Supports deploying multiple instances of the
cinder::backend::dellemc_xtremio backend
(e.g. one iscsi + one fc, multiple iscsi, etc.).

Change-Id: I5a02b90530057f616fb84de5b04d04865693ce2f
2020-05-04 12:15:19 -05:00
Michele Baldessari
651e353445 Use http mode for nova_novncproxy
Haproxy warns us with the following:
stderr F [WARNING] 121/195330 (7) : parsing [/etc/haproxy/haproxy.cfg:116] : HTTP log/header format not usable with proxy 'nova_novncproxy' (needs 'mode http').
stderr F [WARNING] 121/195330 (7) : config : 'http-request' rules ignored for proxy 'nova_novncproxy' as they require HTTP mode.

Let's add mode http to avoid this which is used in most other services
anyways.

Change-Id: Ib3daf19ed7318a0a04349b62ea4c821e1d87e648
2020-05-03 17:43:07 +02:00
Takashi Kajinami
e2ea1206c8 Accept missing memcached_node_ips
Currently when Memcached is disabled in the deployment, puppet-tripleo
fails because some manifests expect that memcached_node_ips is defined
in hieradata.

This patch ensures that we define the default value ([]) for
memcached_node_ips, so that puppet-tripleo doesn't fail even if
the parameter doesn't appear in heradata.

Change-Id: I6d3e32f7f8f0751bdfbd0b6f2e79c5d85e1af284
2020-05-02 15:51:17 +00:00
Zuul
7693be73da Merge "Support for Dell EMC SC Volume Config" 2020-05-01 23:02:15 +00:00
Takashi Kajinami
b7ec567884 Do not set cache parameter for openidc
... because now the parameter is defined in tht.

Depends-on: https://review.opendev.org/#/c/724870/
Change-Id: I19dc7e041a3c5afff348e897150c61f1c0d70969
2020-05-02 00:24:45 +09:00
Emilien Macchi
25cf148373 Revert "Remove neutron wrappers"
This reverts commit afe7cecb598441abc0704c868643613428ef850a.

Change-Id: I961262422206c695de79a03de2be1e53defbc41c
2020-04-30 18:47:17 +00:00
Zuul
9e51bf6b9d Merge "CephRgw healthcheck aligned with ceph-ansible" 2020-04-30 18:07:53 +00:00
rajinir
bd15ac0a1f Support for Dell EMC SC Volume Config
Added support for SC volume config options.
Supports both iSCSI and FC drivers.
Supports deploying multiple instances of the
cinder::backend::dellemc_sc backend
(e.g. one iscsi + one fc, multiple iscsi, etc.).

Change-Id: I2f441a9df5bda4e1c646b3259d233f760fd3e742
2020-04-29 21:47:51 -05:00
Zuul
b71d9cb8c4 Merge "Remove fluentd manifests" 2020-04-29 10:20:10 +00:00
Takashi Kajinami
dbbb2c9b13 Rremove manifests for ceilometer-expirer
ceilometer-expirer was alreday removed from ceilometer[1], and it is
no longer used in TripleO deployment.

[1] 9323f07f977f320882f8b536c3b54835274826fc

Change-Id: I9b4a2b38de393d050c95060cc9145efad904deca
2020-04-28 23:55:04 +09:00
Francesco Pantano
d4d03ad098
CephRgw healthcheck aligned with ceph-ansible
ceph-ansible specifies GET in the healthcheck
option and this patch just aligns the haproxy
rgw section to the ceph-ansible specs.

Change-Id: I2de78f17ebb5ff50566c4f53f3377322018525d1
2020-04-28 10:06:46 +02:00
Zuul
3760847eff Merge "Replace deprecated nova::::metadata::novajoin::api::service_password" 2020-04-28 01:45:45 +00:00
Zuul
698a164711 Merge "Remove unnecessory usage of hiera" 2020-04-27 22:42:40 +00:00
Zuul
01412c1428 Merge "Remove plumgrid support" 2020-04-27 22:19:07 +00:00
rajinir
8e074fd166 Deprecating Old Dell SC Volume Config
A new Dell SC volume config which supports both iSCSI and FC drivers
is added. Deprecating the old Dell SC config
See review https://review.opendev.org/#/c/722538/

Change-Id: I3402f71fde956ede80da0840780ad4bd227103c7
2020-04-24 15:05:17 -05:00