From e854582388e00bcc9bee34266b7630b6b7027607 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Fri, 14 Jun 2019 10:03:10 -0500
Subject: [PATCH 1/2] Extend Ironic conductor heartbeat timeout

In single node virtual environments, the system can get so overloaded
during deployment of the masters that the heartbeat times out, which
causes #617. This change overrides the heartbeat timeout to change
it from the default of 60 seconds to 120 seconds. In my experience,
this is sufficient to prevent the timeouts.

Note that this is making use of the environment driver[0] in oslo.config
for setting the value. I don't think we want to change the value
in the container config since it's primarily for virtual dev
environments.

0: https://docs.openstack.org/oslo.config/latest/reference/drivers.html#environment
---
 04_setup_ironic.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/04_setup_ironic.sh b/04_setup_ironic.sh
index ff8d0ef6d..366dc0757 100755
--- a/04_setup_ironic.sh
+++ b/04_setup_ironic.sh
@@ -73,6 +73,7 @@ sudo podman run -d --net host --privileged --name mariadb --pod ironic-pod \
 
 sudo podman run -d --net host --privileged --name ironic --pod ironic-pod \
      --env MARIADB_PASSWORD=$mariadb_password \
+     --env OS_CONDUCTOR__HEARTBEAT_TIMEOUT=120 \
      -v $IRONIC_DATA_DIR:/shared ${IRONIC_IMAGE}
 
 # Start Ironic Inspector 

From 4a07de30f9b40d2388c5549430e6c220454cfca8 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Mon, 17 Jun 2019 16:45:54 -0500
Subject: [PATCH 2/2] Deploy using openshift keepalived-ipfailover image

---
 assets/files/etc/kubernetes/manifests/keepalived.yaml |  2 +-
 .../keepalived/keepalived.conf.template               | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/assets/files/etc/kubernetes/manifests/keepalived.yaml b/assets/files/etc/kubernetes/manifests/keepalived.yaml
index 6ce1012d6..d9584f911 100644
--- a/assets/files/etc/kubernetes/manifests/keepalived.yaml
+++ b/assets/files/etc/kubernetes/manifests/keepalived.yaml
@@ -94,7 +94,7 @@ spec:
   - name: keepalived
     securityContext:
       privileged: true
-    image: quay.io/celebdor/keepalived:latest
+    image: registry.svc.ci.openshift.org/ocp/4.2@sha256:daa9f390c43563b67546cd5b4cf3d8e351c3530f8091f523a73061fa441e8818
     command:
     - /usr/sbin/keepalived
     args:
diff --git a/assets/files/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.template b/assets/files/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.template
index a0b3b2af4..aff40fd60 100644
--- a/assets/files/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.template
+++ b/assets/files/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.template
@@ -1,17 +1,22 @@
+global_defs {
+    enable_script_security
+    script_user root
+}
+
 vrrp_script chk_ocp {
-    script "curl -o /dev/null -kLs https://0:6443/readyz"
+    script "/usr/bin/curl -o /dev/null -kLs https://0:6443/readyz"
     interval 1
     weight 50
 }
 
 vrrp_script chk_dns {
-    script "host -t SRV _etcd-server-ssl._tcp.${DOMAIN} localhost"
+    script "/usr/bin/host -t SRV _etcd-server-ssl._tcp.${DOMAIN} localhost"
     interval 1
     weight 50
 }
 
 vrrp_script chk_ingress {
-    script "curl -o /dev/null -kLs https://0:1936/healthz"
+    script "/usr/bin/curl -o /dev/null -kLs https://0:1936/healthz"
     interval 1
     weight 50
 }