Vnet interfaces are not supported by the dhcp client.
Bug #1731871
Change-Id: I8c0d6b0885f7e5fac94f78c8d6b6a6bf198ff424
Signed-off-by: Wojciech Dec <wdec@cisco.com>
During step4, /etc/ceph is the one of the host server instead
of the one generated by kolla.
This change uses the one generated by kolla and expose it to the
container.
Closes-bug: #1734134
Change-Id: Ia1cca1c5d228ce0a3ef23a7c92f96a20ab958437
Lets revert the tls support until we know it works.
Revert "TLS proxy for redis"
This reverts commit c2a93cf4c5.
Closes-bug: #1735259
Change-Id: I8157ce04617c094978175f3e4b3071bdf76362fe
Lets revert the tls support until we know it works.
Revert "Enable redis TLS proxy in HA deployments"
This reverts commit c6d8df01d7.
Closes-bug: #1735259
Change-Id: If98acec1b8d0a179d56b8412e5c0ad9341719cea
We have swap enabled in CI, by default Kubespray refuses to run with
swap, and so does Kubelet. Make this behavior configurable and allow
swap in the Kubespray scenario env file. It should be fine to run with
swap for development/testing [1].
[1] https://github.com/kubernetes-incubator/kubespray/issues/1787#issuecomment-336159788
Depends-On: I7a02134970c1b1754d42c4e85ed0a2188a5ecdb6
Change-Id: I023824a31f1278b01c33ce81d4af81247dd5f672
Enables management of shadow password directives in login.defs
By allowing operators to set values in login.defs, they are able
to improve password security for newly created system accounts.
This change will in turn allow operators to adhere with security
hardening frameworks, such as STIG DISA & CIS Security Benchmarks.
bp login-defs
Change-Id: Id4fe88cb9569f18f27f94c35b5c27a85fe7947ae
Depends-On: Iec8c032adb44593da3770d3c6bb5a4655e463637
In order to support compute services ppc64le, which currently don't
have supported methods for building and distributing container images,
we create a role 'ComputeAlt' which directly uses the puppet/services
templates to configure services that would typically be containers.
This new role is supposed to minimally diverge from the Compute role
The following services have been switch for the puppet versions:
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
The following services have been removed as they're only available as
docker containers:
- OS::TripleO::Services::Docker
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::RsyslogSidecar
Alternate versions for the following services are configured, they are
left as OS::Heat::None the operator will need to define them
appropriately if they're needed:
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Fluentd
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::OVNController
Change-Id: I31d673dd048f687c9125733a77d0c9e6069e0614
In the baremetal deployment, we used to ensure that neutron-server was
started prior to starting up the various agents. In the containerized
deployment we need to ensure that we launch the agents after the server
has been started. We can do this by configuring a start_order for each
of the services.
It should be noted that the ovs agent was actually configured to start
in step5 on baremetal due to previous race conditions under HA
deployments. This change leaves it in step4 but configures the
start_order to be after the neutron-api service.
Change-Id: I3794400ef5c8ae620961914831ff85e3438b0399
Closes-Bug: #1734976
Related-Bug: #1663273
Add an environment that deploys a basic overcloud:
- Pacemaker to test HA on 3 controllers
- Keystone, Glance, Nova, Neutron, Swift
Also change the zuul layout to run ovb-ha scenario when
touching ovb-ha.yaml file.
Change-Id: I865901f38250a13d8ea914a54072d6eb584a050d
Generally this data is looked at because something failed, and in
that case the relevant error is likely to be at the end of stderr.
By concatenating the output stderr first and then stdout as we were
it is possible for the stderr to get lost entirely in the failures
list, and even if that doesn't happen it's best to output the
relevant error right at the end of the output where people will
see it. Previously it would be buried in the middle of the debug
output.
Change-Id: I952fd1af5778ade1eb6b0599d983f98cadeb7f6f
Docker services are missing the pre-upgrade validation task
in the upgrade_tasks section which verifies if the service
is running before going on with the upgrade.
Change-Id: Ib30826c41489cb22174cc083a01c3c3b091f3fe3
Partial-Bug: #1704389
The private key file is not part of the inventory in our case, but
it's a global Ansible parameter. Make sure that we carry the same
--private-key parameter from parent Ansible run into Kubespray.
Change-Id: If6e341ee52f9d4944ee1855d3339e26b9a485dd0
Doing this was useful for playing with Kubespray, but it's suboptimal
for multiple reasons:
1. It gets generated into artifacts directory which we collect for CI
logs. It has around 220 megabytes, which would be very bad for log
collection space usage. Even if Kubespray made the location
configurable, mistral user's external_deploy_tasks don't have
rights to write it e.g. into /usr/local/bin, so usefulness of doing
this at all is questionable.
2. Kubectl on the undercloud, it would ideally be preinstalled via
RPMs rather than relying on the respective COE installers to
produce one by fetching it from the overcloud.
Change-Id: Ia7faeb13537adfc3326302d26965439f5603c5a8
We don't install git by default (at least in CI), so let's use a
tarball instead of git clone to get Kubespray sources.
Change-Id: I8321206b095effbc482779a10ff77fd18299bbdf
Depends-On: I2da025961c584cb1adc83943561b1d9faa3559b1
During an overcloud update it might happen that the rsyncd container
gets killed & restarted, leaving a PID file from rsyncd. rsyncd won't
start because of this, which results in a container restarting loop.
This patch ensures the PID file is absent to fix this.
Closes-Bug: 1734674
Change-Id: Ie5b28005f1079e432cfca6c31d28295174e06986
This fixes a regression which reintroduced bug #1640449 because
we hard-code the node index/name instead of sorting the map of servers
Change-Id: Iaffc66a41edf176dde3b5adf603a9cff6db7aa24
Closes-Bug: #1724888
Ricardo Noriega
Zuul
Wojciech Dec
Mehdi Abaakouk
Bogdan Dobrelya
Emilien Macchi
Pradeep Kilambi
Jiri Stransky
lhinds
Tony Breeds
Alex Schultz
Ben Nemec
Jose Luis Franco Arza
Sofer Athlan-Guyot
Christian Schwede
Steven Hardy