instack-undercloud is no longer in use by the TripleO project. Removing
the code to avoid confusion. Stable branches will continue to be
maintained for their life however no new features should be added.
Change-Id: I63a813c7c1ffd30ca30017133d31a497b77a9a4d
Blueprint: remove-instack-undercloud
Use the new sync_power_state_interval parameter from puppet-nova to
avoid any breakage in the future, like Puppet resource duplication
error.
Depends-On: Ie82d88f16b42d4405853153460e20f38ba42714a
Change-Id: Ia2cff1c5f4bee28ff1d2b513f2d0b061ab0bbe83
When the PXE filter's dhcp-hostsdir is purged on start/stop
of the ironic-inspector service inspectors dnsmasq service
must also be restarted to ensure that the dhcp server config
is updated as well.
Partial-bug: #1780421
Depends-On: Ie961ec4d3b6b65a462e2d2493f5b9240c2bfa7a6
Change-Id: I22c7be368b62ef93efabcbd2c13599625ea45548
This sets the connect_timeout in mysqld, to work around issues with Heat
losing connection to MySQL in the undercloud under load.
Closes-Bug: #1783995
Change-Id: Ia3799cdaf171892431151e4f2f7d2095081b8242
If the ntp server is not configured in the undercloud.conf, we should
fall back to the defaults provided by puppet-ntp otherwise we end up
with an invalid ntp configuration.
Change-Id: I0000e1cf736b513dbc58c0d39f7e1c0137b660dd
Closes-BUg: #1777140
The neutron global_physnet_mtu must be set to the configured local_mtu
in order to set local_mtu to a value greater than 1500. Otherwise
the neutron configuration will fail during the undercloud install.
Change-Id: Iaadff350a14a2cfb4bf545065f6d12eab49ba125
Closes-Bug: #1774271
They are deprecated and will be removed from Ironic. A similar change
was already done to the containerized undercloud.
Change-Id: If442f103adc03ec97f9e995d5e2bc47dfc097f90
Remove the deprecated rabbit params which have been deprecated
for two years. The default_transport_url has been present for
a while now and should be used. Rabbit params have already been
removed from some puppet modules, see for example change
I337249e64bb5c3379db60f71608fb2d39b600294
Change-Id: I770b2a7f49ee033a01821a6ce2f391397366d995
The baremetal scheduling options were deprecated
in Pike and the ironic_host_manager was deprecated
in Queens and has now been removed. Deployments
must use resource classes now for baremetal scheduling.
Depends-On: I695b250c82c8dcedcd8e2bee00c56bb2df19212c
Change-Id: I20d45db6925f7534837e8d00d4d78f06b7c9897d
Introduce docker_insecure_registries that is an array of host/port
combiniations of docker insecure registries. The default value will
be the previous parameter that were hardcoded, but now we can easily
override it in undercloud.conf.
Note: the feature is already supported for the containerized undercloud
but was only missing in instack-undercloud. This patch will be
backported.
Depends-On: I14fda3481ac88429648bed8edb2f4469b33be957
Change-Id: I402ebb80b1d755cdb0c3c28fd542121bc60cb144
Closes-Bug: #1767373
The default timeout of 5s has proven to be quite tight and tends to
fail. So We up the timeout to 30s instead.
Change-Id: I5717bdaf7bda3c9146aa9d269d0296b74b0ede54
Closes-Bug: #1760118
auth_uri option has been depreacted in favor
of www_authenticate_uri from group keystone_authtoken
in puppet-keystone [0] and keystonemiddleware [1].
This patch adds the new option www_authenticate_uri
until the old auth_uri option is deprecated from
the rest of packages, moment in which auth_uri
references will be removed.
[0] https://review.openstack.org/#/c/558344/
[1] https://review.openstack.org/#/c/508522/
Change-Id: Ie3f59495b1ac43c1a35d912a2da170399652a10e
Related-Bug: #1761171
The slo and dlo middlewares are required to enable support for large
objects (> 5GB). Also enabling the copy & versioned_writes middleware,
which enables object copying and versionining.
Change-Id: Iff73833f1d470750862873f70a4a9aaba50bd164
This makes sure we always include the certmonger_user profile, which
installs the local CA (if that's the one we're using). This is necessary
for when we deploy TLS by default in the overcloud.
It also makes the setting of the certificate specification to be
optional and to depend on the generate_service_certificate flag.
Change-Id: I8b46ce3f9cd6e36d0b8f604b49e4113301461a4c
With the introduction of rotued networks there can be
a situation where baremetal nodes on remote segments
are unintentionally introspected. Using the dnsmasq
based PXE filtering driver in ironic inspector fixes
the issue.
Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Closes-Bug: #1756075
Change-Id: I53d6c5718c7f9112d578ec6f73830830d2c71737
Depends-On: I056cdadc025f35d8b6fd22f510a7c0a8e259a1f0
https://access.redhat.com/security/cve/cve-2018-1000115
Restrict Memcached to only work on TCP and localhost.
The restriction is made at the application and firewall levels.
It will prevent DDoS amplification attacks using memcached.
Change-Id: I8072cc842291d133fde9fdfe9e8ad432623a8ef2
Related-Bug: #1754607
"segments" was needed for routed networks in
I4b384bab2af9f6ba07a137a37f4098a00ce18bc0
it should have been added to the existing list
Closes-Bug: #1754683
Change-Id: I1cfb6b56b520124e8c5b95968dd61f98945f689b
Ironic use binding:vnic_type baremetal for flat interfaces.
The baremetal mechanism driver is required to bind this
vnic_type correctly.
The L2 agent populates segmenthostmapping data in neutron
which is a requirement for routed-networks.
Implements: blueprint tripleo-routed-networks-deployment
Change-Id: I8e192df9068c3f5d6657f5ea92e7e2f44646c290
The new online data migration in ironic will migrate nodes from classic drivers
to hardware types. However, it will skip nodes with one or more target
hardware interfaces not enabled. In the undercloud we don't enable certain
implementations that we do not support (e.g. "agent" RAID and
"ipmitool-shellinabox" console for the "ipmi" hardware type).
To allow the migration to work, set a special option to reset these
interfaces to their no-op equivalents ("no-raid", "no-console", etc).
Change-Id: Iba1e82d47c0e22613b06b99f0a9d0f4b3082bbe7
Related-Bug: #1690185
This has been unsupported since 2016's puppet-ironic commit here:
I0f242a7e1c28c4007b3c2d955dbd3b29086e92f1
Change-Id: Ic219fcdf2695c08b629015a0c387629d01f86a20
Most of the HTTP servers default max body size to 1MB, Apache, Nginx.
That default value is ok as long as users mostly get data from server
but when something needs to be uploaded, 1MB limit is often not enough.
This is what we see with Heat and some of the large templates.
It's not uncommon that WSGI apps have 10MB+ body size limit,
so with the current Heat default value we are still in low range sizes.
Original Heat 'max_template_size' default value was 1M.
In instack-undercloud we bumped it to 2M, bug #1667697.
This change increases it to 4MB.
Change-Id: Ic913ecb44dac800131292d1f3661be5b71f35a78
Closes-Bug: 1752467
This reverts commit da31c6e5ba.
This change didn't actually solve the problem so it's best
not to continue to carry it. The correct fix is for the issue
is https://review.openstack.org/547281.
Change-Id: I4b9b4119cb5d07f74d203350611e83fa85c521da
Newer versions of docker have switched to updating the FORWARD chain to
be DROP by default. This causes issues with the deployment. Update the
FORWARD chains to be ACCEPT by default.
Depends-On: Ib75f97748540b9162d76c9c189d3ca7e082b3784
Closes-Bug: #1750194
Change-Id: I93be7138e6a61cf3aadf19f53097d67469befc17
Other OpenStack services clients are being installed as dependencies of
Heat. Octavia support in Heat was included during Queens development
cycle [1]. TripleO deployments will include python-octaviaclient as
requirement of Heat. This means the Octavia client will be installed in
the undercloud and overcloud regardless.
This reverts commit fef5be332e.
[1] https://review.openstack.org/#/q/topic:bug/1737567+(status:open+OR+status:merged)
Change-Id: I727503b6c1acf1953a0ad864ae6288021a745193
Allow installation of the Octavia client in the Undercloud by setting
new option enable_octavia=True in the undercloud.conf. Default is not to
enable.
Change-Id: I2b27dac2f30a126e6519d19cc135ea6eea59e8a9
Reducing the frequency of the Mistral cron trigger subsystem greatly reduces
the load that is has on the system. Previously it would query the
database every second, now it will only do this every 10 minutes.
Closes-Bug: #1747386
Depends-On: I6445ff1b6691a098f15e8402ae9d971e751f5552
Depends-On: I9060253bc416be28af4ef81f3edf694059d92066
Change-Id: I18ae5bc0b2192a393959186ba756d1e6a6c62d83
* Enable the neutron segments service_plugin for routed
provider networks.
* Update controlplane network code to create segments
for each subnet.
A number of options related to ctlplane network is deprecated.
More details in release notes.
Implements: blueprint tripleo-routed-networks-ironic-inspector
Implements: blueprint tripleo-routed-networks-deployment
Depends-On: I33804bfd105a13c25d6057e8414e09957939e8af
Change-Id: I4b384bab2af9f6ba07a137a37f4098a00ce18bc0
Configure Inspector with the required tags and
per-subnet dhcp router options to enable
inspection of nodes reaching the undercloud via
DHCP-relay on remote networks.
Change-Id: Iba1cadf1d6eef6ba6c028f4ba1689da95047ccea
Implements: blueprint tripleo-routed-networks-ironic-inspector
In this case an additional architecture is any architecture that is NOT
the same as the one running the install.
Blueprint: multiarch-support
Change-Id: I23f438cb41ebc454d4a4351901a86452e2b0d482