At the end of keystone.conf file there were some options from
keystone-paste.ini file. These options don't affect anything
that's why they were removed in order to clean up keystone.conf
Change-Id: Ib388c37ac4f622cabc405a4d83ba71f2f35b7e83
Closes-Bug: #1693188
The old syntax that used % symbols, caused some errors upon a restart
of the nova-api. Replacing the % and parentheses with the double quotes
allows the API to start without errors.
Change-Id: I96c00590390c6caf0a17a43e68ede111684b3110
Closes-Bug: #1683496
After introducing the change Iead5167210c4132badb866afc25d4ef14e27f6b2
swift isn't installed if ceph used as a backend for images
and not for object-storage service. In this sutiation we end up
with absence of object-storage at all which is wrong.
The commit introduces changes which makes possible
to swift been installed if ceph used only for image service.
Change-Id: If319845aa9f2d9b3ca07936350ef374f504679cb
Closes-Bug: #1604879
Create node is_pc flag before starting to check if there
is more than one of those flags. Thus, we avoid race condition
when there is 0 is_pc flags and galera starts with --wsrep-new-cluster
on 2 nodes.
We set it before the check and, as setting them is synchronous through
Pacemaker CIB, in that case when >1 nodes attempt to bootstrap with
--wsrep-new-cluster, only one node will see <= 1 is_pc flags. Others
will see more than one and fail and reattempt to start. At that point
one of the nodes will already be bootstrapped, thus reelection will not
be triggered and the section of bootstrap will be skipped
Change-Id: I82a71132eef7877ac7ab1ed04263044b3b1e8d9b
Closes-bug: #1617400
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
apt-get supports a "mirror" method that will automatically select a
closest mirror based on geographical location. So extend URI library
to handle repository sources with mirror://
Change-Id: I7b8018af50e431614d0d5c87ad3f1c8bad94e4d9
Closes-Bug: #1669751
created by l23network in runtime.
This functionality required for correct 'ifdown' command work
first time without ifup (interface created by l23network runtime).
Change-Id: I05aecf2a69158f15eac636e33cedbdfbe817adc0
Closes-bug: #1674430
The server used to be configured to support anonymous cipher suites
with no key authentication. These ciphers are highly vulnerable
to man in the middle attacks.
New configuration applies only strong cipher suites on SSL server.
Change-Id: I8ecac040a77614fd78188995a873b85c94781411
Closes-Bug: #1646761
There are cases when nailgun can send us data where there are nodes
included into list of added nodes and deleted ones. As a result, puppet
manifests failed with resource ensurance for present and absent hosts.
To avoid this situation, subtract added nodes from deleted prior to
actually deleting them from hosts.
Change-Id: I515f7fae4bbe67123d70572a4f861e879ec580f6
Closes-Bug: #1679522
We misconfigured local cache for services with change
https://review.openstack.org/#/q/Id1034e22d79c3ea6b25575d9bcf8e8750a02365d
Thus, it becomes extremely slow when a controller is down.
With this commit we revert things back to normal with local memcached
for all openstack services leaving keystone memcached shared for tokens
(this was thoroughly tested previously)
This commit a529033fdc
pointed all non-keystone services to local memcached for keystone auth tokens, however it also
pointed cache/memcache_servers in nova to local memcached. This led to regression in Nova.
Revert setting local memcached server for swift proxy
Switch back to using all available mamcached servers, because of
failures during swift testing.
Change-Id: I8f6bbf77d27f3d8976985241deb8a948984862f5
Closes-bug: #1657727
Closes-Bug: #1576218
Closes-Bug: 1666837
By doing this we avoid running these graphs when
api handlers are called. Handlers try to
find graphs in the database by thier name and if they are unable
to do this they fall back to plain task managers.
That is what we actually need.
Change-Id: Iba98c3b337c2856bbd29d17bb06d24adf35594e6
Closes-Bug: #1676849
We allow connections to 8002 port in the admin network for
incoming connections from distributed serialization workers.
Distributed serialization workers should be installed and run
on slave and bootstrap nodes.
Change-Id: Idae764bde0b0dd482e6b08d69a97cd5d0717547d
Implements: blueprint distributed-serialization
(cherry picked from commit 97c9ca2c5f)
As of firefly (v0.80), ceph object gateway is running on civetweb
(embedded into the ceph-radosgw daemon) instead of apache and fastcgi.
Using civetweb simplifies the ceph object gateway installation and
configuration.
Change-Id: Idba61e094390e3c75a6e5d9b35a8e8e47a2a696f
Closes-Bug: #1671808
(cherry picked from commit d38e1a399c)
This patch fixes issues with building ironic bootstrap:
* fix if condition that is a trigger to build ironic bootstrap
* build fuel image always, ironic bootstrap only when ironic is enabled
* Drop incorrect condition check for fuel image
Change-Id: Ib7ee0c656ffa71ce913e1924bb80260744319a3a
Closes-Bug: #1653204
`host_ip` parameter is only used in OCF script, and it's used to
connect to management HTTP API - so using host to which rabbit binds
its AMQP listener makes completely no sense.
Change-Id: I029ef9c88f397de11da5ec5048e7314b92ddc441
Closes-Bug: 1668311
Take into account (i.e. make override actions for)
dpdk enabled interfaces as well.
Change-Id: I8d35814ccc9ddda4c904a4abf6a51105baa12b9a
Closes-Bug: #1672695
(cherry picked from commit 221dba9592)
Current value of 5 results in socket operation timeout after ~12.9
seconds. This is a bit too low, e.g. we've seen RabbitMQ network
splits in production.
This 12.9s amount is equal as 0.2*(2^1+2^2+..2^5), where 0.2 is a
retry timeout (RTO) that is calculated by kernel on a per-socket
basis. But in fast local networks it usually almost equal to minimum
values of 0.2s hardcoded in linux kernel (and BTW, RFC says that
minimum value should be 1s).
On the other hand, comment in netconfig.pp says that our target
timeout is ~54 seconds. And changing tcp_retries2 to 7 is consistent
with that comment - tests an live env show that resulting timeout is
~52.2s
Change-Id: Ib52f40ef1017a9da5a29cd62fb744a4597860763
(cherry picked from commit 5d4d53082d)
Write lrmd logs to the /var/log/lrmd.log on controllers.
Also disabled collecting all pacemaker logs into /var/log/pacemaker.log
because Pacemaker already does that itself. In our installation rsyslog
does not write that file because in most cases Pacemaker creates it
first. For example, see the file's owner in any env, it will be
hacluster, not syslog.
Closes-Bug: #1661003
Change-Id: I0acb59a43bd856b1689918a7cf066624efa13a63
(cherry picked from commit 4d18ef0dad)