By default collectd polling interval is set to 10 seconds for all plugins,
which is bringing down the entire cloud if the default Gnocchi deployment
(Swift on controllers) is used. We have to override the default higher value.
Closes-Bug: #1771083
Change-Id: I210c72028da35068ed8469b2d2deb75797a2b08f
The Octavia public key configuration is run by Mistral meaning under the
'mistral' user. The previously default /home/stack/.ssh/id_rsa.pub file
may not be readable or not accessible because the of lack of permissions
from its parent directory leading to permission denied and hence failure
to deploy overcloud. It is safer to not default to a file path but to
use the existing 'default' keypair from the undercloud which anyway is
the public key of the 'stack' user. Users can still specify a file path
but will need to ensure it is readable.
Related-Bug: #1770641
Change-Id: I1dea4a8d5bb3c5a64ee7fb8995b837909bc1cafe
This changes the default entries to use TLS as a default for
the public endpoints.
Change-Id: I2d211b51ddb2f9fde5902cfb8004392a66e15a5c
Depends-On: I3d3cad0eb1396e7bee146794b29badad302efdf3
Depends-On: I8b46ce3f9cd6e36d0b8f604b49e4113301461a4c
Depends-On: Ief352f9e54bee95d5e4035725ab6a63ef4be0269
This is in preparation for TLS by default, since the TLS certificate will
use FQDNs for the SubjectAltName, and that will be verified.
This required for us to change both CloudDomain and CloudName to be
required parameters, and not default them to use localdomain. This is to
avoid folks in real deployments using them in their clouds.
Change-Id: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
This flag is on by default, and serves to enable (or disable) the
public TLS by default feature.
It differs from the PublicSSLCertificateAutogenerated flag in the fact
that it works with mistral, while PublicSSLCertificateAutogenerated
works with certmonger in the overcloud.
Change-Id: If553ecff26d5ecd529c37ca438e0ba1795e9ecca
Given that we have now moved all of the places where the keystone auth
URL is used to be versionless. We now make the KeystoneURL output to be
versionless as well.
Story: #2001897
Change-Id: I8c9fbfc77fe47e3ed2e58eac27119f86a045483c
Instead of using host_prep_tasks (which are part of deployment tasks),
we'll use the upgrade tasks that are now well known and tested in
previous releases, when the we containerized the overcloud.
Depends-On: Id25e6280b4b4f060d5e3f78a50ff83aaca9e6b1a
Change-Id: Ic199c7d431e155e2d37996acd0d7b924d14af2b7
Instead of serving images via slow and somewhat unreliable iSCSI protocol,
this deploy method makes IPA download them from the undercloud Swift.
Change-Id: Ic569358b781337ec6ba8ba802ada1f940917bd61
Implements: blueprint ironic-direct-deploy
When sorting by resource_name, first convert it to a number so that
it's sorted correctly. Otherwise, deployments with > 10 nodes could
configure nodes out of order.
Change-Id: I604428dacd63140f4e89b45c55f7eb859df27fe7
Closes-Bug: #1768158
This reverts commit b02740533db5bbb05331f127dc22866cc870f15b. The
CephExternal service is managed like CephClient by ceph-ansible,
except for the additional parameter we need to pass to explicitly
list the MONs.
Change-Id: Icb56b4dffb5c5d813239cb5077b1e3a4ae8f21d1
Closes-Bug: #1765788
Updates overcloud-resource-registry.j2.yaml to include the mappings from
enviornments/config-download-environment.yaml. This enables
config-download by default. The environment to explicitly enable
config-download is deprecated.
An environment at environments/disable-config-download.yaml is added
which can be used to disable config-download but is marked as
deprecated.
Change-Id: I8389a0c48e1aa610fdc6a8580516889340883034
implements: blueprint config-download-default
Currently this is only set when TLS is enabled, which means that with the ssh
transport we cannot control the network used, and we are relying on DNS or
hosts file to be correct, which is not guaranteed (especially with DNS).
Related-Bug: 1765462
Depends-On: Ifdc5fbd05195604ab6ea6564d0905f9385c6df67
Change-Id: I89011d06233dafb5ca3bbb45431387ebda521711
This patch changes some defaults that turned out to be not very good in
practice to be empty values. The default behavior is instead
distribution specific behavior in the ansible playbooks.
Change-Id: Ib5338d0fadc9c1c8fcf73c53e4364d35a5f29fe7
Related-Bug: #1754039
Depends-On: https://review.openstack.org/#/c/562019/
[1] Added a tests which requires "segments" plugin but
we don't have it enabled in overcloud. It is enabled in
neutron jobs from long[2]. This patch adds this plugin
to the default enabled plugins.
[1] https://review.openstack.org/#/c/558609/
[2] https://review.openstack.org/#/c/459439/
Related-Bug: #1765008
Change-Id: I1bc36c4533dcaadd81d7c93a194e9319217c69cd
This avoids any issues where the host/domainname is altered by a DHCP lease.
Also the puppet/facter fqdn can be unpredictable when there are multiple NICs.
Change-Id: I7ed52727d1515ee7f191a82b0b1d645a9d597cd3
Closes-bug: 1758034
This patch makes it possible to use overcloud gnocchi instance as datastore
for collectd.
Closes-Bug: #1766255
Change-Id: I122c705eed80a4ee0cefcbd077e6f03cd320d448
This will enable Octavia Ansible roles in tripleo-common to get these
values and configure keys for accessing Octavia amphorae via SSH.
This patch also makes the Octavia username and project name
configurable.
Change-Id: I80aa324254e6837e8d3c39e9d05a5e152783f0bb
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.
This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
(rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note
Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
SoftwareConfig/StructuredConfig outputs aren't supported with
config-download given that Heat doesn't know what the output values will
since Ansible is applying all configuration after the stack is complete.
This validation will report a warning whenever it finds use of outputs on
these resource types.
After config-download is the default and the Heat driven method is no
longer supported, we can switch this warning to an error.
Change-Id: I44d5ee3bab3d05ab0a59261d15ea915c75b35713
auth_uri option has been depreacted in
favor of www_authenticate_uri from group
keystone_authtoken in puppet-keystone [0]
and keystonemiddleware [1].
This patch adds the new option keeping auth_uri
references in the templates until the replace
will be updated in all puppet packages.
[0] https://review.openstack.org/#/c/558344/
[1] https://review.openstack.org/#/c/508522/
Closes-Bug: #1761171
Change-Id: I804ec73b970844d245dbb0911710ec817359beb0