Commit Graph

5053 Commits (b19b88bd1c9944aec1ba96e6d8b99099d54a95f0)

Author SHA1 Message Date
Dan Sneddon b19b88bd1c Render VIPs dynamically based on network_data.yaml
This change modifies the templates to dynamically define the VIPs
based on network_data.yaml. If a network is defined and marked
with "vip: true" in network_data.yaml, it will be included in the
overcloud.yaml which defines the deployment-level resources.

This should make it possible to create custom networks and
use them for services which use high-availability through VIPs.

Also, extraconfig/nova_metadata/krb-service-pricipals.yaml
was modified to dynamically produce the FQDN map for VIPs on
isolated networks, to match overcloud.j2.yaml.

Depends-On: If074f87494a46305c990a0ea332c7b576d3c6ed8
Depends-On: Iab8aca2f1fcaba0c8f109717a4b3068f629c9aab
Partially-implements: blueprint composable-networks
Closes-bug: 1667104
Change-Id: I71339a6ac41133e95dbc3f93abb7a9fdeb0f2da0
2017-08-04 09:44:31 -04:00
Jenkins fd1b1f8ec6 Merge "Copy scheduler configuration from service/ironic to services-docker/ironic" 2017-08-04 13:20:11 +00:00
Jenkins bbe2244c69 Merge "Fix up multipath docker indentation" 2017-08-04 12:31:57 +00:00
Jenkins f96e07c909 Merge "Adds environment file for ODL + SRIOV" 2017-08-04 10:16:42 +00:00
Jenkins 4d2bb6fcec Merge "Changing the default port-binding configuration" 2017-08-04 06:33:48 +00:00
Pradeep Kilambi 0800daaae5 Update EventPipelinePublisher param description to include zaqar
Since we now support zaqar:// publisher, Enhance the description to indicate
how to set the zaqar publisher.

Change-Id: Ib7eba98d199fade2346620672e33b74686d4685b
2017-08-03 22:38:06 +00:00
Jenkins 1ea7c35f4f Merge "Make UpgradeLevelNovaCompute parameters consistent" 2017-08-03 21:53:09 +00:00
Jenkins 45c95100cf Merge "Add environment for setting a custom domain name" 2017-08-03 21:52:28 +00:00
Jenkins 2bc6d68676 Merge "Update capabilities map to match latest environments" 2017-08-03 17:59:45 +00:00
Jenkins b3b9e953a9 Merge "Make many networking parameters consistent" 2017-08-03 14:19:44 +00:00
Jenkins 2cf0a6843a Merge "Fix CA file bind mounting in containers" 2017-08-03 06:46:16 +00:00
Jenkins 39a6e47109 Merge "Render isolated network templates using jinja2" 2017-08-03 04:30:48 +00:00
Jenkins 8ef458559e Merge "Make RoleParameters and key_name descriptions consistent" 2017-08-03 01:40:17 +00:00
Jenkins fd002f479a Merge "Set redis password hiera value in compute agent" 2017-08-03 01:02:42 +00:00
Jenkins fbccdd58bc Merge "Cinder volume/backup containers shouldn't mount two paths at same point" 2017-08-03 01:02:35 +00:00
Jenkins 010d9ce2ca Merge "Update TLS-everywhere docker environment" 2017-08-03 00:45:30 +00:00
Jenkins 7aff429265 Merge "Fix keystone, cinder, heat-api cron containers" 2017-08-03 00:44:41 +00:00
Ben Nemec 7f84409a6a Make UpgradeLevelNovaCompute parameters consistent
There is logic in nova-base.yaml that depends on the default for
this parameter being '', and the nova-compute service only needs it
set to auto during upgrade.  That will be done by [1] anyway, so it
doesn't matter what the default is.  It's also not clear to me that
the nova-compute task is even needed now that we're post-Ocata, but
that's not a change I feel comfortable making.


Change-Id: Iccfcb5b68e406db1b942375803cfedbb929b4307
Partial-Bug: 1700664
2017-08-02 16:20:12 -05:00
Ben Nemec c05e72cd72 Make many networking parameters consistent
These are mostly the low hanging fruit that only required a few
minor changes to fix.  There are more that require a lot of changes
or might be more controversial that will be done later.

Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62
Partial-Bug: 1700664
2017-08-02 16:20:08 -05:00
Ben Nemec 4502b7cba6 Make RoleParameters and key_name descriptions consistent
The key_name default is ignored because the parameter is used in
some mutually exclusive environments where the default doesn't
need to be the same.

Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7
Partial-Bug: 1700664
2017-08-02 16:18:25 -05:00
Jenkins 303a5be491 Merge "Fix ceilometer agent compute service name" 2017-08-02 21:04:45 +00:00
Jiri Tomasek 6a3ad6fa45 Update capabilities map to match latest environments
This change updates capabilities-map.yaml to properly map existing

Closes-Bug: 1708159
Change-Id: I4104b6b59b3e9b19a06cdc233dae4f68fe033580
2017-08-02 14:05:14 +02:00
Michele Baldessari 25dab32c2d Fix up multipath docker indentation
Deploying a multipathd container gives the following error:
failed: [localhost] (item={'key': u'config_files', 'value': [{u'dest': u'/', u'merge': True, u'source':
u'/var/lib/kolla/config_files/src-iscsid/*', u'preserve_properties': True}]}) =>
{\"checksum\": \"72ad81489381571c5043b7613f6828b06ae364bd\", \"failed\": true, \"item\":
{\"key\": \"config_files\", \"value\": [{\"dest\": \"/\", \"merge\": true, \"preserve_properties\": true,
\"source\": \"/var/lib/kolla/config_files/src-iscsid/*\"}]}, \"msg\": \"Destination directory does not exist\"}

The reason is the wrong indentation of the config_files key in the
multipath docker service.

Change-Id: I0e1fbb9eb188a903994b9e5da90ab4a6fb81f00a
Closes-Bug: #1708129
2017-08-02 11:55:23 +02:00
Jenkins 0adf7553f4 Merge "Fix iscsid role data's section" 2017-08-02 05:11:22 +00:00
John Fulton 50c1187375 Cinder volume/backup containers shouldn't mount two paths at same point
Docker refuses to start the container because config_files/src-ceph:ro
is mounted at both /etc/ceph and config-data/puppet-generated/ceph.
The mount to /var/lib/config-data/puppet-generated/ceph should have
been removed in commit ed0b77ff93.

Change-Id: I411b4764a54fc21e97e4c41a5fef00c7e6e2b64d
Closes-Bug: #1707956
2017-08-02 02:54:56 +00:00
Jenkins d8649e0252 Merge "Fix network-isolation.j2.yaml to ignore VIPs for disabled networks" 2017-08-02 01:35:47 +00:00
Jenkins 453f51f81a Merge "Remove empty metadata_settings from iscsid and multipathd templates" 2017-08-02 01:30:11 +00:00
Jenkins 1e6a5b36e5 Merge "Adds stop and disable for libvirtd on upgrade to containers" 2017-08-02 01:29:22 +00:00
Pradeep Kilambi f04235c3eb Set redis password hiera value in compute agent
Without this config defaults to undef in containers

Change-Id: Id47f365364e7b0d399de92995871b136550cd625
2017-08-01 21:26:24 +00:00
Pradeep Kilambi 1dd72e5faa Fix ceilometer agent compute service name
Make sure this matches whats in roles_data.yaml

Change-Id: Id41c457914f557af7c9ec195c4c6f98669523ac1
2017-08-01 21:26:04 +00:00
Jenkins 56d4563935 Merge "Generate MySQL client config if service requires database" 2017-08-01 20:00:18 +00:00
Jenkins 24349715ca Merge "Add missing metadata_settings from docker services" 2017-08-01 17:20:06 +00:00
marios 94a3c82c03 Adds stop and disable for libvirtd on upgrade to containers
Adds this into the executed by the
operator for the major upgrade see the bug for more info

Change-Id: Ic54b48b149594e8ea08e95152111bcdaf7b252b7
Closes-Bug: 1707926
2017-08-01 17:24:18 +03:00
Dan Prince 975d862bc3 Fix keystone, cinder, heat-api cron containers
The cron containers need to run as root in order to create PID files

Additionally, the keystone_cron container was misconfigured to
use /usr/bin/cron instead of the correct /usr/bin/crond.

Additionally we have an issue where the Kolla keystone container has
hard coded ARGS for the docker container which causes -DFOREGROUND
(an Apache specific argument) to get appended onto the kolla_start
command thus causing crond to fail to startup correctly. This
works around the issue by overriding the command and calling
kolla_set_configs manually. Once we fix this in Kolla we can
revisit this.

Change-Id: Ib8fb2bef9a3bb89131265051e9ea304525b58374
Related-bug: 1707785
2017-08-01 10:06:47 -04:00
Juan Antonio Osorio Robles 7fb7ed7a84 Fix CA file bind mounting in containers
The syntax was wrong and wasn't actually bind mounting the CA file.
This fixes it.

Change-Id: Icfa2118ccd2a32fdc3d1af27e3e3ee02bdfbb13b
2017-08-01 07:28:33 +00:00
Juan Antonio Osorio Robles 4767b2f71c Update TLS-everywhere docker environment
Some resources have changed. So the environment needed syncing

Change-Id: I9aa310ae80edfccd3ed28e67a431aad6e1ed8a7f
2017-08-01 08:54:05 +03:00
Juan Antonio Osorio Robles 52649405a2 Remove empty metadata_settings from iscsid and multipathd templates
metadata_settings is meant to have a specific format or be completely
absent. Unfortunately the hook [1] doesn't an empty value for this. So
we remove it as an easy fix before figuring out how to add such a
functionality to the hook.


Co-Authored-By: Thomas Herve <>
Change-Id: Ieac62a8076e421b5c4843a3cbe1c8fa9e3825b38
2017-08-01 08:44:32 +03:00
Jenkins 960b980201 Merge "Enable Dpdk after rebooting with Hugepages for OvS2.7" 2017-07-31 19:32:47 +00:00
Jenkins 865c65b8f4 Merge "Fix creation of iptables rules for non-HA containerized HAproxy" 2017-07-31 15:26:54 +00:00
Juan Antonio Osorio Robles e3ee5965fd Add missing metadata_settings from docker services
These are needed for the TLS everywhere bits.

Change-Id: I81fcf453fc1aaa2545e0ed24013f0f13b240a102
2017-07-31 18:22:44 +03:00
Jenkins 04d797c09e Merge "Add 'ovn-controller' service" 2017-07-31 14:23:06 +00:00
Dmitry Tantsur 17804c7740 Copy scheduler configuration from service/ironic to services-docker/ironic
That was missed back then. Without it bug 1697724 is not fixed for containers.

Change-Id: Ie859f10129cbdeebd9ea4522510768cec99a1df3
Related-Bug: #1697724
2017-07-31 15:47:23 +02:00
Saravanan KR c3f9eaf0e4 Enable Dpdk after rebooting with Hugepages for OvS2.7
With OvS2.7, DPDK is initialized immediately after setting
dpdk-init flag. DPDK requires hugepages configuration to be
available on kernel args with a reboot. This patch reboots
the node after applying the kernel args. And once the node
is rebooted, DPDK will be enabled and then the deployment

Change-Id: Ide442e09c2bea56a38399247de588e63b4272326
2017-07-31 09:30:30 +05:30
Jenkins 599c6740eb Merge "add lbaasv2 to NeutronServicePlugins in octavia containers" 2017-07-29 00:59:17 +00:00
Jenkins 951ba92f55 Merge "Also log puppet output to console" 2017-07-28 15:57:33 +00:00
Jenkins 9e74d2d0ac Merge "Enable Zaqar API SSL" 2017-07-28 15:46:58 +00:00
Bogdan Dobrelya 6073155d62 Also log puppet output to console
Running puppet apply with --logdest syslog results in all the output
being redirected to syslog. You get no error messages. In the case where this fails, the subsequent debug task shows nothing useful
as there was no stdout/stderr.

Also pass --logdest console to docker-puppet's puppet apply so that
we get the output for the debug task.

Related-Bug: #1707030

Change-Id: I67df5eee9916237420ca646a16e188f26c828c0e
Signed-off-by: Bogdan Dobrelya <>
2017-07-28 11:25:42 +02:00
Jenkins 19e89d8d6e Merge "Consistent hostname format env for split-stack" 2017-07-28 02:57:20 +00:00
Itzik Brown 52e8df6614 Changing the default port-binding configuration
networking-odl no longer supports the network-topology port
binding controller and instead now relies on a pseudo-agent binding
controller.  This means that each OVS node must be configured with
host configuration in OVSDB about which VIF types, network types,
functions, etc that this OVS node supports.  The end result is this
affects where nova and neutron will schedule instances.

Changes Include:
 - Modifying default port binding controller to use pseudo agent
 - Adds necessary per role parameters to be able to configure host
   config on a per role basis to allow for heterogenous compute node

Change-Id: I50458abf6a8a6bf724ad97accb6444d9c497d287
Closes-Bug: 1674995
Signed-off-by: Tim Rozet <>
2017-07-27 16:20:51 -04:00
Numan Siddique 5f313f27c9 Add 'ovn-controller' service
Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml)
is started only on compute nodes. But for the cases where the controller nodes
provide the north/south traffic, we need ovn-controller service runninng in controller
nodes as well.

This patch
 - Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more
   sense and sets the service name as 'ovn-controller'.
 - Adds the service 'ovn-controller' to Controller and Compute roles.
 - Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml

Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3
Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53
Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5
2017-07-27 18:22:03 +00:00