This adds the option to get the heat containers to log to stdout.
The option is disabled by default.
If enabled, It also adds a sidecar container that reads the apache
nova-manage cell_v2 create_cell just uses a dumb string comparison to detect
when a cell already exists. If there is a slight difference (e.g ordering of
params in the db uri query string) it can result in duplicate cells.
With this patch we should detect that the default cell already exists and
update it to use the current transport_url/database_connection instead of
attempting to create a new cell.
The compute service list is polled until all expected hosts are reported or a
timeout occurs (600s).
Adds a cellv2_discovery flag to puppet services. Used to generate a list of
hosts that should have cellv2 host mappings.
Adds a canonical fqdn and that should match the fqdn reported by a host.
Adds the ability to upload a config script for docker config instead of using
complex bash on-liners.
I2b564610721152c4f4dab9da79442256ba8d0b33 unexpectedly switched the
default firewall driver for security groups from iptables_hybrid to
openvswitch for neutron-server. (openvswitch agent is still configured
for iptables_hybrid.) This made openvswitch ml2 mechanism driver to
disable hybrid bridges in vif details unless the agent explictly
Good news is that openvswitch agent does request hybrid bridges if
its firewall driver has OVS_HYBRID_PLUG_REQUIRED set to True, which is
the case for iptables_hybrid, and we still configure firewall_driver to
iptables_hybrid for the agent, so it still worked out as if there was
no change for the driver. That being said, this all worked out by mere
chance, and so we should not rely on it.
Besides, changing default configuration to a driver that is not the
default one in integrated gate unnecessarily diverges tripleo from main
OpenStack components. And there is no established migration path between
those drivers for brown field deployments. Long story short, TripleO
should stick to neutron choices.
We could just remove the TripleO knob and allow puppet to do its job
(that would pick iptables_hybrid), but it's not backwards compatible
with existing users of the knob. The change doesn't remove the newly
introduced option to avoid breaking templates using it, but just falls
back to iptables_hybrid as default option.
For some reasonf that directory doesn't have r/x rights, so when
compress is ran as root, it can access config files in it, but when
horizon is run by apache, it can't, and expects different theme files,
thus failing with OfflineGenerationError. Giving apache access to that
directory fixes the problem and makes the custom theme work.
Add new CinderRbdExtraPools Heat parameter, which specifies a list of
Ceph pools for use with RBD backends for Cinder. An extra Cinder RBD
backend driver is created for each pool in the list. This is in addition
to the standard RBD backend driver associated with the CinderRbdPoolName.
The new parameter is optional, and defaults to an empty list.
Adding this feature requires changes in two areas:
o The extra Cinder RBD backends get created via a new Puppet parameter
o The Ceph client key that permits access to specific Ceph pools is
updated to allow client access to the extra RBD pools
Implements: blueprint multiple-cinder-rbd-backend
Since the undercloud is localhost, ansible skips ssh and just runs local
commands. That will cause problems when running ansible-playbook under
the mistral workflow because the mistral user can not use sudo. Set
become:false on all the undercloud plays as sudo is not actually needed.
implements: blueprint ansible-config-download
This is required for nfs exports mounted by the nova_compute container to be
visible to nova_libvirt.
When SELinux is enforcing, use the docker volume mount flag
:z for the docker-puppet tool's bind-mounted volumes in RW mode.
Note, if a volume mount with a Z, then the label will be specific
to the container, and not be able to be shared between containers.
Volumes from /etc/pki mounted RO do not require the context changes.
For those RO volumes that do require it, use :ro,z.
For deploy-steps, make sure ansible file resources in /var/lib/
are enforced the same SELinux context attributes what docker's :z
Signed-off-by: Bogdan Dobrelya <email@example.com>
This add two conditionals:
- first check that os-net-config needs upgrade
- second verify that the configuration file exist and non empty.
This prevent unnecessary run of os-net-config and error in certain