Make sure that all the sevices will attempt to
connect to the database an infinite about of times.
If the database ever disappears for some reason we
want the services to try and reconnect more than just
10 times.
Closes-bug: #1505636
Change-Id: I77abbf72ce5bfd68faa451bb9a72bd2544963f4b
When horizon is used to launch 2000 VMs, nova-conductor is very
busy making database connections. All 55 database connections are
in use, resulting in an inability to garbage collect database
connections. Instead raise the max pool to 50 which will allow
50 concurrent database connections and the max overflow to 1000
which permits the database connections to finish the job at
large nodecount scales.
Closes-Bug: #1565105
Change-Id: I26dc2f7fda8760197888a1d61fbc45dfada2dd06
At high scale, such as 64 nodes with 13TB ram and 2600 cores, nova
seems to struggle when scheduling 100+ VMs at the same time. The
issue is unrelated to the database, as the error printed indicates
the max_scheduling_attempts have been reached. Increase that value
to something more fitting of a 100 node cluster.
Change-Id: I8982d77c7c66db8f7c95b9fd73f58ceb66dbd723
Closes-Bug: #1563664
These options have all be deprecated/removed. This switches all
options to thier proper mitaka values.
TrivialFix
Change-Id: Ica8d5ea0d48da01ee11672a32890431acd6a306d
The in-process cache for keystone tokens has been deprecated due to
"incosistent results and high memory usage" with the expectation we
switch to memcached_servers if we want to stay performant.
Add memcache_servers [cache] section to the appropriate servers as the
[DEFAULT]\memcache_servers options was deprecated.
TrivialFix
Related-Id: Ied2b88c8cefe5655a88d0c2f334de04e588fa75a
Change-Id: Ic971bdddc0be3338b15924f7cc0f97d4a3ad2440
The security_group_api option is deprecated since
https://review.openstack.org/#/c/288602 , the security_group_api
will be detected through use_neutron.
TrivialFix
Change-Id: I4e4dd9397b67243ed7268529d9ed0d9b86c846dd
TLS can be used to encrypt and authenticate the connection with
OpenStack endpoints. This patch provides the necessary
parameters and changes the resulting service configurations to
enable TLS for the Kolla deployed OpenStack cloud.
The new input parameters are:
kolla_enable_tls_external: "yes" or "no" (default is "no")
kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem"
kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt"
Implements: blueprint kolla-ssl
Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that
This also includes removal of unused variables (transforms them into
endpoint url variables)
TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
Due to poor planning on our variable names we have a situation where
we have "internal_address" which must be a VIP, but "external_address"
which should be a DNS name. Now with two vips "external_vip_address"
is a new variable.
This corrects that issue by deprecating kolla_internal_address and
replacing it with 4 nicely named variables.
kolla_internal_vip_address
kolla_internal_fqdn
kolla_external_vip_address
kolla_external_fqdn
The default behaviour will remain the same, and the way the variable
inheritance is setup the kolla_internal_address variable can still be
set in globals.yml and propogate out to these 4 new variables like it
normally would, but all reference to kolla_internal_address has been
completely removed.
Change-Id: I4556dcdbf4d91a8d2751981ef9c64bad44a719e5
Partially-Implements: blueprint ssl-kolla
HAProxy: change to use option forwardfor to pass origin IP address
to backend via X-Forwarded-For header
Keystone: Apache does the audit logs for keystone. Change the
LogFormat to display the passed address instead of the connection
address which is that of the load balancer.
Nova, Cinder, Glance: these services can make use of the address
passed in X-Forwarded-For. With this setting the API logs for
these services include the client IP address.
Change-Id: Ia861ecc11a7c7d463d0366586926d1a842853f69
Closes-Bug: #1548935
To allow for TLS to protect the service endpoints, the protocol
in the URLs for the endpoints will be either http or https.
This patch removes the hardcoded values of http and replaces them
with variables that can be adjusted accordingly in future patches.
Change-Id: Ibca6f8aac09c65115d1ac9957410e7f81ac7671e
Partially-implements: blueprint ssl-kolla
Option "verbose" from group "DEFAULT" is deprecated for removal.
Its value may be silently ignored in the future.
If this option is not set explicitly, there is no such warning.
Furthermore, the default value of verbose is true, so there is
no need to set this value in config files.
TrivialFix
Change-Id: I3ec2a8900c984a64bc0645672ef89a63975f7f4e
Currently the state of master has nova_compute unable to talk to
nova-libvirt. There have been some efforts to fix this, but they have
failed for various reasons. This puts the connection type for libvirt
from a socket to connecting to the already-open tcp connection thus
restoring the ability for nova-compute to talk to nova-libvirt and
function.
Change-Id: I5a6c39bb16159a2924a93a831e3c53cedd0ca7a1
Partially-Implements: blueprint drop-root
- See instructions in doc/nova-fake-driver.rst
Implements: blueprint nova-fake-driver
Change-Id: I553a40c2df39bdcc391eb1b8b2b8fd5f4ed48c33
Signed-off-by: Hui Kang <kangh@us.ibm.com>
Signed-off-by: Marcio D. Silva <marcios@us.ibm.com>
In heterogeneous environment, api_interfaces are different each other.
So we should specify it from hostvars.
Implements: bp configure-network-interface
Change-Id: Id15d70bfb9ebb62a64a3847a6b77407efb171dbe
As part of upgrade process we need new services to detect what is the oldest
version running on compute nodes.
Change-Id: Id65f2bc765828054bf5d5562de27255031254821
Partially-Implements: blueprint upgrade-nova
Due bad rebases there is a huge section of the spice patch missing
from the implementation unfortunately. This patch finishes the rest
of this patch out properly.
Change-Id: I693c6745e9594fd91eb6453f6de9dfcbd410e89c
Paritally-Implements: blueprint nova-proxies
Adjust all the configs to list all the rabbitmq hosts rather than
running rabbitmq through the VIP. This is made possible by clusterer
which has already merged.
Change-Id: I5db48f5f10ec68f4c8863a29bc13984f6845a4f9
Partially-Implements: blueprint rabbitmq-clusterer
Nova should use Neutron credentials to interact with Neutron.
Backport: liberty
Closes-Bug: #1512070
Change-Id: I78ec4c032d457b519ccfed9cab190afd65027048
Unfortunately there was no was to avoid memcache for consoleauth, so
we might as well take advantage of it for Horizon as well.
Change-Id: Idd338a025b031f6b50fe0c9f03c2c8d862f9d4c0
Closes-Bug: #1504606
Closes-Bug: #1504800
Configuration based off upstream documentation here:
http://docs.openstack.org/developer/ironic/deploy/install-guide.html
A few notes:
-ironic-api is not configured to use mod_wsgi
-several places it's noted that discoverd is going away and needs to be
replaced with ironic-inspector - (sqlite connection should be changed
too)
-currently enabling ironic reconfigures nova compute (driver and
scheduler) as well as changes neutron network settings
-a nice enhancement would be to configure the web console
Required post-deployment configuration:
Create the flat network to launch the instances:
neutron net-create --tenant-id $TENANT_ID sharednet1 --shared \
--provider:network_type flat --provider:physical_network physnet1
neutron subnet-create sharednet1 $NETWORK_CIDR --name $SUBNET_NAME \
--ip-version=4 --gateway=$GATEWAY_IP --allocation-pool \
start=$START_IP,end=$END_IP --enable-dhcp
And then the above ID is used to set cleaning_network_uuid in the neutron
section of ironic.conf.
Change-Id: I572e7ff1f23c4e57a2c50817cafe9269fd9950dd
Implements: blueprint ironic-container
This implements all the openstack pieces needed to make ceph work.
DocImpact
Change-Id: I1d24476a966602cf955e5ef872b0efb01319894a
Partially-Implements: blueprint ceph-container
Implements: blueprint kolla-live-migration
nova.conf was not using the proper port value for glance and would
only work with the default port in that situation.
Additionally, the state_path defaults to the python directory rather
that the expected /var/lib/nova/ directory.
Paritially-Implements: blueprint update-configs
Change-Id: I9cc2117c1d786fc1b81c53848e543d27afaf8979
