This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
Change-Id: I6a9123627d754a153ab6cb68a33778a57846aeb7
Related-Blueprint: services-yaml-flattening
This changes moves podman service from puppet to deployment directory.
Change-Id: I31b8299b43158347f4f1f61f1e1fdf38b0a2102f
Related-Blueprint: services-yaml-flattening
Numerous files have incorrect modes set. Correct these so that executables
have 755 and yaml files are 644 to address rpmlint errors.
Change-Id: I8db36209b41a492f6b85e3469994de884bf556e8
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of memcached services has been removed.
Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: Ibb74d9e1673d079a6090efe4215c7ee041fce7d6
Related-Blueprint: services-yaml-flattening
This should have been fixed via:
https://review.openstack.org/#/c/460175/2
where we did:
service_config_settings:
haproxy:
tripleo.horizon.firewall_rules:
'127 horizon':
dport:
- 80
- 443
The problem is that the above does not work. Reason for this is the way
tripleo::firewall works. It will only apply iptables rules for that
show up in hiera('service_names'):
$service_names = hiera('service_names', [])
tripleo::firewall::service_rules { $service_names: }
And since horizon is not in the service running on the haproxy role, the
above rule would never have been created.
Tested this change and now I correctly get the iptables rules on the
haproxy role for horizon:
[root@overcloud-core-0 ~]# iptables -nvL |grep horizon
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 state NEW /* 127 horizon ipv4 */
[root@overcloud-core-0 ~]# hiera -c /etc/puppet/hiera.yaml service_names |grep horizon
[root@overcloud-core-0 ~]#
Closes-Bug: #1808530
Change-Id: Ia4a795d1a7fb926f5900c739c1932b20d81ed7fc
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of glance services has been removed.
Change-Id: Ie2ac2072f0742ec5e521fc6e3734e89f8a007077
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of Ironic services have been removed.
Change-Id: Icb33158a129356d939940433c82dae25a6334baf
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of keepalived service have been removed.
Change-Id: Ic0ddf1174e1d0a62f83f26f0ca6bc29ec7b078b7
Related-Blueprint: services-yaml-flattening
On Octavia-enabled composable role deployments where the Octavia health
manager service doesn't run co-located with the API service, the
firewall rule to allow messages in to the o-hm0 interface was not being
created. As a result of that, the load balancers were not going ONLINE.
Closes-Bug: #1808190
Depends-On: https://review.openstack.org/#/c/624403/
Change-Id: Icc568a551b902e6d9f003250226468ed38a776fc
This exposes parameters to configure OpenIDC federation in Keystone.
Change-Id: I3e06ca5fde65f3e2c3c084f96209d1b38d5f8b86
Depends-on: Id2ef3558a359883bf3182f50d6a082b1789a900a
Adding GlanceImageImportPlugins & GlanceImageConversionOutputFormat
to enable glance image conversion.
Since, glance-image-import.conf has been newly added while adding
plugin framework in glance, passing the conf file to puppet_tags
in docker service.
Depends-on: I098aa0cabf2518b8861d5b58b885d9bdef54a7f6
Change-Id: I81b788e38eecb3e0be88b140df3ae1ebb70cb191
Closes-Bug: #1807366
With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.
This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.
Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
Allow tht parameter IronicInspectorSubnets to specify
per-instance ip range(s) using hostname as key for each
list of ip ranges. For HA deployments use disjoint
address pools to avoid potential address conflict.
Implements: blueprint ironic-inspector-overcloud
Depends-On: Ifae513265b8c35d98012f14f951bac33ae90b66c
Change-Id: Ifdebe9fcc817b4572f1eb461a3396af6b55f1e6b
The container-registry role is idempotent in a way that the
restarting of the docker service will be done only if some
configuration value has changed.
During the upgrade, host_prep_tasks are being run and if the
new templates bring some configuration change then the Docker
service gets restarted. The issue is the point at which they
get restarted, which is after the upgrade_tasks have already
run and prior to the deploy_tasks. This is causing issues with
Pacemaker handled resources.
For that reason, we include the very same task running in host_prep_tasks
into upgrade_tasks for the docker and docker-registry services,
forcing the Docker service reconfiguration to happen during
upgrade_tasks instead of at a latter point.
Closes-Bug: #1807418
Change-Id: I5e6ca987c01ff72a3c7e8900f9572024521164de
When SELinuxMode is set to enforced in thedeployment, configure Docker
to enable SElinux.
It'll wire container_registry_selinux variable in ansible-role-container-registry
which enables --selinux-enabled if set to True.
Change-Id: Ic030ecbe8b6719ba45cb7c27c6cf44bab14fed88
Add TunedCustomProfile parameter which may contain a string in
INI format describing a custom tuned profile. Also provide a new
environment file for users of hypercoverged Ceph deployments
using the Ceph filestore storage backened. The tuned profile is
based on heavy I/O load testing. The provided environment file
creates /etc/tuned/ceph-filestore-osd-hci/tuned.conf whose
content is the following and sets this tuned profile to be active.
[main]
summary=ceph-osd Filestore tuned profile
include=throughput-performance
[sysctl]
vm.dirty_ratio = 10
vm.dirty_background_ratio = 3
[sysfs]
/sys/kernel/mm/ksm/run=0
Depends-On: Iba17d86bbdd710623ba1ba44b1ea5d4c1b99c541
Change-Id: Iaa1c82cefac5c8f2959fd7aeb57bd6860fd9096a
Closes-Bug: #1800232
The puppet apache service uses the cidr map in ServiceData.
Services did not pass the ServiceData to the apache
service template. Because of this the property resolves to
an empty string which is not correct. The empty string
cause problems when yaql in common/services.yaml is merging
config_settings.
Closes-Bug: #1806718
Change-Id: Ia3af9535e3af1dad4ac833983ebe29b6002f0815
The puppet openstack modules have switched the debug setting to a
logging class in the modules. They are starting to remove the base debug
option so we need to switch our usages to use the logging classes
Change-Id: I690448db2de341ec428181f19364c93a3273b565
Needed-By: https://review.openstack.org/#/c/619379/
We don't need upgrade_tasks that stop systemd services since all
services are now containerized.
However, we decided to keep the tasks that remove the rpms in case some
of deployments didn't cleanup them in previous releases, they can still
do it now.
Change-Id: I6abdc9e37966cd818306f7af473958fd4662ccb5
Related-Bug: #1806733
We create user data per instance, but two are global for all, and the
last one per role, so we can move it up the stack.
Change-Id: I1330e54744adef9be159edd8f01aefa3db85a480
Add CinderNfsSnapshotSupport parameter that controls whether cinder's
NFS driver supports snapshots. The default value is True.
Depends-On: I4df8e3941eb074339e399e5a5c44fa411ff21560
Change-Id: I9a42f805fd28fd04bee771cac63bd0080b39c7c0
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of aodh services have been
removed.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: I39645aff0365218d4b841ed0d9c964b3622f143a
Related-Blueprint: services-yaml-flattening