This adds the option to get the panko container to log to stdout.
The option is disabled by default.
If enabled, It also adds a sidecar container that reads the apache
access logs.
bp logging-stdout-rsyslog
Change-Id: I56fa3de7427330c1d7bc10e0f8b1adbacec00e46
This adds the option to get the heat containers to log to stdout.
The option is disabled by default.
If enabled, It also adds a sidecar container that reads the apache
access logs.
bp logging-stdout-rsyslog
Depends-On: Iae6a86cb93305cb3307e058cfd31e0fca3b1be8e
Change-Id: Iac79232bc981fff365faa818afde72e38fc176fb
This adds the option to get the nova-libvirt container to log to stdout.
The option is disabled by default.
bp logging-stdout-rsyslog
Change-Id: Ie769b4d93f3bd728b7efb84d283509db8213b5fc
This adds the option to get the nova-compute container to log to stdout.
The option is disabled by default.
bp logging-stdout-rsyslog
Change-Id: Id09f4c439987ce3d668d53932e5a4dc6ee3b280d
nova-manage cell_v2 create_cell just uses a dumb string comparison to detect
when a cell already exists. If there is a slight difference (e.g ordering of
params in the db uri query string) it can result in duplicate cells.
With this patch we should detect that the default cell already exists and
update it to use the current transport_url/database_connection instead of
attempting to create a new cell.
Change-Id: If6a32e87b19cb0edf683144367701a115657ad0a
Closes-bug: 1718912
The compute service list is polled until all expected hosts are reported or a
timeout occurs (600s).
Adds a cellv2_discovery flag to puppet services. Used to generate a list of
hosts that should have cellv2 host mappings.
Adds a canonical fqdn and that should match the fqdn reported by a host.
Adds the ability to upload a config script for docker config instead of using
complex bash on-liners.
Closes-bug: 1720821
Change-Id: I33e2f296526c957cb5f96dff19682a4e60c6a0f0
For some reasonf that directory doesn't have r/x rights, so when
compress is ran as root, it can access config files in it, but when
horizon is run by apache, it can't, and expects different theme files,
thus failing with OfflineGenerationError. Giving apache access to that
directory fixes the problem and makes the custom theme work.
Closes-bug: #1730911
Change-Id: I53f6db23b036bc9b5a689bbac958550f384194c6
Add new CinderRbdExtraPools Heat parameter, which specifies a list of
Ceph pools for use with RBD backends for Cinder. An extra Cinder RBD
backend driver is created for each pool in the list. This is in addition
to the standard RBD backend driver associated with the CinderRbdPoolName.
The new parameter is optional, and defaults to an empty list.
Adding this feature requires changes in two areas:
o The extra Cinder RBD backends get created via a new Puppet parameter
o The Ceph client key that permits access to specific Ceph pools is
updated to allow client access to the extra RBD pools
Implements: blueprint multiple-cinder-rbd-backend
Depends-On: I3318b9eaef607d6992f9a8cb605817b6f76dd331
Change-Id: If410ed43b2cc70094a3274c1488833fcaae56cca
This adds the option to get the neutron containers to log to stdout.
The option is disabled by default.
bp logging-stdout-rsyslog
Change-Id: I0f9d201d93da702b702e7ecf4b43a6d705389846
This is required for nfs exports mounted by the nova_compute container to be
visible to nova_libvirt.
Depends-on: I8a63c044e15d7ca0f54654e9fc9c5d878461aa25
Change-Id: I55859e744e3c2ebbd6975c96b84b6b0774dc6700
Closes-bug: 1730533
When SELinux is enforcing, use the docker volume mount flag
:z for the docker-puppet tool's bind-mounted volumes in RW mode.
Note, if a volume mount with a Z, then the label will be specific
to the container, and not be able to be shared between containers.
Volumes from /etc/pki mounted RO do not require the context changes.
For those RO volumes that do require it, use :ro,z.
For deploy-steps, make sure ansible file resources in /var/lib/
are enforced the same SELinux context attributes what docker's :z
provides.
Partial-bug: #1682179
Related-bug: #1723003
Change-Id: Idc0caa49573bd88e8410d3d4217fd39e9aabf8f2
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
During mysql initialization, mysql needs to be able to write in the
database directory.
Change-Id: I82c2e46f66ab01021cb910eb7e0d17c81b00fa09
Closes-bug: #1730349
With the recent change to only mounting the certificate when it's used
[1]. The usecase of autogenerating the public certificate was missed.
This enables a flag to tell the template to mount it if we're
autogenerating the certificate.
[1] Id8ba09902d25689e642f922c43e71649977bf248
Change-Id: I299e6052e6a872c3907184b635d218a806d906e0
Docker services are missing the pre-upgrade validation task
in the upgrade_tasks section which verifies if the service
is running before going on with the upgrade.
Change-Id: I28488b51e6a2e2d0e0ac41d0d7c35be4edb59cbb
Partial-Bug: #1704389
Closes-Bug: #1724478
The cinder-backup and cinder-volume templates were lagging behind the
non-pacemaker version and didn't pass CI. This commit aims at bringing
back parity.
Change-Id: I11a12f52538168c858b16c9786eb83ae88161488
Depends-On: Iea84a291414e515d8c72a60646188e5b37354a38
Closes-Bug: #1729430
For non-pacemaker deployments, this mounts the TLS certificate only if
it's actually going to be used.
Change-Id: Id8ba09902d25689e642f922c43e71649977bf248
Without ipc=host set, cryptsetup/devicemapper will never
see devices created when running "cryptsetup luksOpen",
causing the command to hang.
This is required for attaching encrypted Cinder volumes.
Closes-Bug: #1729419
Change-Id: Ic7184b1fbbafea266f8ec1e7974d0a4a2cf4d750
https://review.openstack.org/500952 initially just did this. Then we assumed
every container should have the selinux sysfs.
This causes issues with the sshd container used for live-migration.
The advice from the selinux experts is that it should not be enabled within
containers, so reverting back to the original fix that enables it only in the
nova-libvirt container.
Closes-bug: 1729405
Change-Id: I80bf38d7d64ab99510574af5c57423fde9b84eca
When deploying a composable HA overcloud with a database role split off
to separate nodes we could observe a deployment failure due to galera
never starting up properly.
The reason for this was that instead of having the firewall rules for
the galera bundle applied (i.e. those with the extra control-port for
the bundle), we would see the firewall rules for the BM galera service.
E.g. we would see the following on the host:
tripleo.mysql.firewall_rules: {
104 mysql galera: {
dport: [ 873, 3306, 4444, 4567, 4568, 9200 ]
Instead of the correct mysq bundle firewall rules:
tripleo.mysql.firewall_rules:
104 mysql galera-bundle:
dport: [ 873, 3123, 3306, 4444, 4567, 4568, 9200 ]
The reason for this is the following piece of code in
https://github.com/openstack/tripleo-heat-templates/blob/master/docker/services/pacemaker/clustercheck.yaml#L62:
...
MysqlPuppetBase:
type: ../../../puppet/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Containerized service clustercheck using composable services.
value:
service_name: clustercheck
config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]}
logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
...
Depending on the ordering of the clustercheck service within the role
(before or after the mysql service), the above code will override the
tripleo.mysql.firewall_rules with the wrong rules because we derive from
puppet/services/... which contain the BM firewall rules.
Let's just switch to derive from the docker service so we do not risk
getting the wrong firewall rules during the map_merge.
Tested this change successfully on a composable HA with split-off DB
nodes.
Change-Id: Ie87b327fe7981d905f8762d3944a0e950dbd0bfa
Closes-Bug: #1728918
This tells the db sync to use stdout instead of a specific log file
when stdout logging is enabled
bp logging-stdout-rsyslog
Depends-On: Id9e8c641a6b00725d2f5c9623b05854a1b4e2af2
Change-Id: I25d15aac6adfab1dfd11d558404930736aace977
We were relying on the sysconfig options to set the memcached log file,
however, this is not happening, as the redirection is being taken as an
option and ends up being ignored by the memcached command. So instead,
we set the redirection in the container template.
Change-Id: Ic94e3fd7884d518eb9558c53acdc6b294823cd0a
Closes-Bug: #1720183
This resolves issues in loading some of Mistral openstack
actions which appears to require endpoints to be running first
before fake clients can be initialized properly.
Change-Id: Ia588e5ec8880da1df95a33696b5b8c9e72ac49e2
Closes-bug: #1728682
Juan Antonio Osorio Robles