1179 Commits

Author SHA1 Message Date
Zuul
fc02bef9bc Merge "Replace LOG.warn with LOG.warning" 2018-04-12 13:46:21 +00:00
Zuul
7cdfd46dd5 Merge "Add validation task in docker services [Octavia]" 2018-04-12 08:40:26 +00:00
Zuul
8dfab08d67 Merge "Fix typo in ovn_cms_options config" 2018-04-12 08:20:29 +00:00
Sergii Golovatiuk
bf99d30f56 Replace LOG.warn with LOG.warning
logging.warn is deprecated in Python 3 [1].

[1] https://docs.python.org/3/library/logging.html#logging.warning

Change-Id: I61218125ebf85b7951163360279645d7ad4d176c
2018-04-11 16:11:21 +00:00
Zuul
e9418e171c Merge "Mount the public TLS certificate for HAProxy on up(date|grade) on pacemaker" 2018-04-11 08:58:18 +00:00
Zuul
b6ddcc7fa4 Merge "Use sensu-client healthcheck parameter" 2018-04-11 03:23:11 +00:00
Zuul
1595e2739f Merge "Containerized Designate" 2018-04-10 20:44:21 +00:00
Zuul
5e59b0252c Merge "Add nfs as a cinder backup driver option to CinderBackupBackend" 2018-04-10 20:36:17 +00:00
Zuul
7a829c128d Merge "Set ulimit for neutron agent containers" 2018-04-10 12:37:18 +00:00
Juan Antonio Osorio Robles
8b85faf7e6 Mount the public TLS certificate for HAProxy on up(date|grade) on pacemaker
As part of the minor update workflow and the update workflow, this changes
the pacemaker haproxy bundle resource to add the needed mount for public
TLS to work.

This also handles the reloading of the container to fetch any new certificates
and if needed, it will restart the pacemaker resource (for upgrades), since
we would need pacemaker to re-create the resource.

Change-Id: I850f4de17e7f7e3b46deb27119227ef76658dcb5
Closes-Bug: #1759797
2018-04-10 12:09:21 +00:00
venkata anil
1dc22496a9 Fix typo in ovn_cms_options config
ovn-cms-options config option is mistakenly added as ovn-cms-opts.
As a result ovn_cms_options is never set in SBDB and OVN
mechanism driver is unable to schedule router as expected.

Change-Id: Iaa89a1dbec732c3aa743fa3f5cf1f4931e2ab9ef
2018-04-09 18:09:12 +00:00
Zuul
2ec5bd01dc Merge "Apply the vhost group parameter for the vhost_sockets directory creation" 2018-04-09 16:01:12 +00:00
Zuul
2b883623db Merge "Switch Zaqar to use Redis" 2018-04-09 15:45:12 +00:00
Zuul
b0f581ea67 Merge "Correct the InternalTLSVncCAFile to comply with selinux policy" 2018-04-09 07:01:05 +00:00
Zuul
958914098e Merge "Revert "Run containerized mistral-api eventlet"" 2018-04-09 02:22:19 +00:00
Zuul
78b263c41b Merge "Fixes ceph-external docker service name" 2018-04-07 00:39:48 +00:00
Martin André
3dd0f5cdbc Revert "Run containerized mistral-api eventlet"
This reverts commit e158acb14c4ed92be1a5b961ff1e8ff99b1a5ae3.

Change-Id: I9df015b2051d5adbe90436e33b47aa5b58417aed
2018-04-06 20:55:03 +00:00
Marc Methot
e456e103fb Add nfs as a cinder backup driver option to CinderBackupBackend
Added nfs as an option to where CinderBackupBackend was hardcoded
as either ceph or swift. Also added some parameters for this
driver - CinderBackupNfsShare and CinderBackupNfsMountOptions

Depends-On: Ic0adb294aa2e60243f8adaf167bdd75e42c8e20e
Change-Id: I29a488374726676a28fb82f2f950db891fcf9627
Closes-Bug: #1744174
2018-04-06 15:36:08 -04:00
Oliver Walsh
ab78b1fcc1 Correct the InternalTLSVncCAFile to comply with selinux policy
InternalTLSVncCAFile currently defaults to /etc/ipa/vnc.crt.
Certmonger attempts to save the CA cert to this path as cert_t, however
/etc/ipa is etc_t.
Moving to /etc/pki/CA/certs which is cert_t resolves the issue, and is
arugably a more suitable location.

Change-Id: Ib275fc43dd772851511598a4932c19fcda706479
2018-04-06 17:42:30 +01:00
b77cce2ab8 Set ulimit for neutron agent containers
Neutron agents are using oslo-rootwrap-daemon to run
privileged commands. Containers inherit file descriptor
limit from docker daemon(currently:1048576) which is too
high and leading to performance issues. This patch set
nofile limit for neutron agent containers to 1024 which is
reasonable as before containers they were using host defaults
i.e 1024.

Depends-On: I0cfcf4e3e3e13578ec42e12f459732992fb3a760
Change-Id: Iec722cdfd7642ff3149f50d940d8079b9e1b7147
Related-Bug: #1760471
2018-04-06 21:54:17 +05:30
Alex Schultz
e290824ce3 Switch Zaqar to use Redis
Zaqar was using mongodb by default but we haven't supported mongodb
since pike.  This change switches Zaqar to use redis by default.

Change-Id: If6ed9fddf4a4fcff3bb9105b04df777ec8a8990e
Closes-Bug: #1761239
2018-04-06 07:56:27 -06:00
Zuul
0291b9a151 Merge "Enable Octavia dashboard on horizon container" 2018-04-05 19:37:54 +00:00
Tim Rozet
b02740533d Fixes ceph-external docker service name
Name was defined as ceph_client instead of ceph_external.

Closes-Bug: 1761531

Change-Id: I5fd84bbdbb175d81e247664929f728fa1c5b4bdb
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-04-05 15:29:36 -04:00
Zuul
76a7a1868a Merge "Fixes Neutron certificate and key permissions" 2018-04-03 21:24:28 +00:00
Zuul
04c9f4691f Merge "Collectd needs access to /var/run/ceph to load the ceph plugin" 2018-04-03 16:25:01 +00:00
Tim Rozet
16731819c5 Fixes Neutron certificate and key permissions
The Neutron UID is not static and may be different between the host and
neutron container.  Since we generate certificates and keys on the host
for neutron and then mount them in a container, it is highly likely the
container Neutron UID will not match the one used on the host to
generate the files and reading these files will fail in the container.

This patch modifies the permissions after the files are mounted in the
container to be owned by the correct Neutron UID.

Closes-Bug: 1759049

Depends-On: I83b14b91d1ee600bd9d5863acba34303921368ce

Change-Id: Ibad3f1af4b44459e96a6dc9937e5fcef3e6335f4
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-04-03 13:33:14 +00:00
Pradeep Kilambi
0dfdf1d736 Collectd needs access to /var/run/ceph to load the ceph plugin
collect ceph plugin is using asok file in the plugin configuration file.

Change-Id: I8ae19232a24a71c04513112446a345c56f9bfcb8
Closes-bug: #1760617
2018-04-02 10:01:02 -04:00
Zuul
a421fe993e Merge "Revert "FFU: Add support for panko service upgrade"" 2018-04-02 13:38:48 +00:00
Athlan-Guyot sofer
f3d340fea7 Revert "FFU: Add support for panko service upgrade"
This reverts commit bd48087520c5f0846363bdc0c025508ba450ceb3.

After further inspection It seems that panko dbsync shouldn't be
needed, as it will upgrade an newly created empty db.

And this is assuming we find a way to:
 - configure panko database connection properly
 - create the db

Knowing that we don't have access to this information[1] as the
new hieradata haven't been rendered at this stage.

So all that to upgrade a newly (I guess empty) database seems like too
much trouble.

The db will be created in the last step of the FFU.

[1] https://github.com/openstack/tripleo-heat-templates/blob/stable/ocata/puppet/services/panko-base.yaml#L39..L75

Change-Id: Ie68849a7033c199c339d28cdb10c3dba9419904b
Closes-Bug: #1760135
2018-03-30 19:31:20 +02:00
Carlos Goncalves
562d223dbb Enable Octavia dashboard on horizon container
Depends-On: https://review.openstack.org/#/c/556888/
Change-Id: I41423f7e71cd94d414b33686d9ec3693ab705c14
2018-03-30 16:52:24 +01:00
Juan Antonio Osorio Robles
ffc14e3067 Refresh keystone after deployment
This is necessary for certain setups (such as enabling multiple LDAP
domains). So, instead of always adding checks every time to see if
we need to refresh or not, lets just do it always, thus simplifying
the already convoluted logic here.

Change-Id: Ie1a0b9740ed18663451a3907ec3e3575adb4e778
Closes-Bug: #1748219
Co-Authored-By: Raildo Mascena <rmascena@redhat.com>
2018-03-29 15:30:52 +00:00
Zuul
31c2f7a7e4 Merge "FFU: Add support for panko service upgrade" 2018-03-29 11:10:16 +00:00
Zuul
1058f6aa17 Merge "HAProxy: expose stats socket in HA deployment after upgrade" 2018-03-29 06:52:55 +00:00
Pradeep Kilambi
bd48087520 FFU: Add support for panko service upgrade
Add fast forward upgrade tasks to upgrade panko api service.

bp fast-forward-upgrades

Change-Id: I34368c6831a6c849541a8ccf90dfc4415c115092
2018-03-28 13:41:07 -04:00
Zuul
54bd6f1be7 Merge "Added the missing attributes for roles_data of ovs-dpdk-agent docker service" 2018-03-28 16:36:44 +00:00
Zuul
4ed5eae601 Merge "Fix fluentd upgrade tasks during FFU." 2018-03-27 19:26:23 +00:00
Zuul
f2e4073265 Merge "FFU: Fix gnocchi FFU tasks" 2018-03-27 18:12:39 +00:00
Ben Nemec
c2c908a950 Containerized Designate
bp designate-support

Change-Id: I722d14b1dc47a30936a81a30363a4d7ebf54ea86
2018-03-27 15:45:39 +00:00
Zuul
ee1ca78c15 Merge "Upgrade data on disk on mysql major upgrade - non HA" 2018-03-27 08:44:17 +00:00
Damien Ciabrini
d21bf1865a HAProxy: expose stats socket in HA deployment after upgrade
During major upgrade, ensure that the haproxy bundle exposes
the HAProxy stats socket by ensuring there is a bind mount of
/var/lib/haproxy from the host.

Also create /var/lib/haproxy on the host with host_prep_tasks,
and make sure that permissions will be set by Kolla init
at next container restarts.

Depends-On: Ib833ebe16fcc1356c9e0fc23a7eebe9c4b970c55
Change-Id: I0923375fef9f392d3692afb50b21fee7b57c3ca0
2018-03-27 07:28:42 +00:00
Zuul
b9e69580d6 Merge "Enable nova-metadata health check" 2018-03-27 04:44:45 +00:00
Martin Mágr
47793924c9 Use sensu-client healthcheck parameter
This patch adds possibility to pass non-standard ports of monitoring
RabbitMQ instance to sensu-client container health check

Change-Id: Icc01ce23b3fc538811b4dfc4fbaba18dc7165f89
2018-03-26 23:52:37 +02:00
Zuul
ee99f3977b Merge "Assign Cinder's backend_host when deploying for HA" 2018-03-26 20:11:54 +00:00
Zuul
a98172685e Merge "HAProxy: fix bind mount to expose stats socket" 2018-03-26 14:40:12 +00:00
Damien Ciabrini
624fedb114 Upgrade data on disk on mariadb major upgrade
Add an ansible task to run mysql_upgrade whenever a container
image upgrade causes a major upgrade of mariadb (e.g. 5.5 -> 10.1)

. If the overcloud was containerized prior to the major upgrade, the
  mysql upgrade job is ran in an ephemeral container (where the latest
  version of mysql comes from) and uses credentials from the Kolla
  configuration.

. Otherwise the upgrade job is run from the host (once the mysql
  rpm has been updated) and uses credentials from the host.

We log the output of the script in the journal. Also, the mysql server
needs to be started temporarily, so use a temporary log file for it
when run from the ephemeral container.

Change-Id: Id330d634ee214923407ea893fdf7a189dc477e5c
2018-03-25 19:18:07 +00:00
Saravanan KR
611830fd76 Apply the vhost group parameter for the vhost_sockets directory creation
Directory /var/lib/vhost_sockets will be used to create vhost sockets
which should have the the group name as hugetlbfs, which is common
between qemu and openvswitch to share the vhost_sockets. And the
correct selinux context to be applied on the vhost_sockets directory.
Closes-Bug: #1751711
Change-Id: Ib917cf86bd9a4ce57af243ab43337ea6c88bf76c
2018-03-24 15:28:23 +05:30
Damien Ciabrini
d42c59b0d7 HAProxy: fix bind mount to expose stats socket
I54b5b59ef49de8d66232312bc449559a7f16eaad configures the HAProxy
service to expose the stats socket with a bind mount, however the
main service container doesn't use that bind mount. Fix that.

Change-Id: I316ab408e82cda70bed8b203b3755936392201da
2018-03-23 20:13:27 +00:00
Damien Ciabrini
f4a45b751b Make HA containers log to /var/log/containers after upgrade
HA containerized services currently log under
/var/log/pacemaker/bundles/{service-replica}.

Move the logging of those HA services into /var/log/containers,
like all the paunch-managed containers. Also leave a readme.txt
in the previous location to notify the change (taken from
Ic8048b25a33006a3fb5ba9bf8f20afd2de2501ee)

Only the main service log is being moved, e.g. for mysql:
  . mysqld.log now ends up in /var/log/containers/mysqld.log
  . pacemaker logs stay under /var/log/pacemaker/bundles/{service-replica}

Note: some HA services don't need to be changed during upgrade:
  . cinder-{backup|volume} log under /var/log/containers/cinder
  . manila-share log under /var/log/containers/manila
  . haproxy only logs to the journal

Change-Id: Icb311984104eac16cd391d75613517f62ccf6696
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Partial-Bug: #1731969
2018-03-23 16:19:03 +00:00
Zuul
0299096401 Merge "Fix update of pacemaker container images during major upgrade" 2018-03-23 13:33:50 +00:00
Zuul
5935c86ae3 Merge "Add access to /var/run/openvswitch from collectd" 2018-03-23 12:00:10 +00:00