summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-09-20certmonger: improve orchestration for puppet4Emilien Macchi1-4/+6
The extract-and-trust-ca actually needs /var/lib/certmonger/local/creds file to be created, which is created when certmonger is started, not when package is installed. This patch change the exec dependency to run it only when service is started. Also, since the service create the file, let's relax the Exec a little bit by allowing to retry 5 times after 1s break in case the Exec fails, for example if service takes more than 5 seconds to create this file. It will avoid us some race condition in the deployment. Change-Id: I4cf4a04bddb8f042e8e8f7e1d1b69f846c533e3b
2016-09-20Merge "Terminate Zaqar websocket endpoint in HAProxy"Jenkins1-0/+33
2016-09-20Terminate Zaqar websocket endpoint in HAProxyJuan Antonio Osorio Robles1-0/+33
Note that there was a need to modify different timeouts due to the nature of how websockets work. The source where the reasoning and value came from is listed as a comment in the code. Related-Bug: #1625448 Co-Authored-By: Brad P. Crochet <brad@redhat.com> Change-Id: I9de77d5f692c1c9d04e3c59c5de5312e63f81aed
2016-09-17Merge "Swift add_devices.pp IPv6 handling"Jenkins1-1/+4
2016-09-17Merge "Fix dependencies for HAProxy when certmonger is used"Jenkins2-4/+9
2016-09-17release 5.1.0Emilien Macchi1-1/+1
Change-Id: I89fcd94460c995a18fd35800b5736d70687c4f42
2016-09-17Merge "mysql: never add brackets to mysql_bind_host"Jenkins1-1/+1
2016-09-17Merge "Wait for MongoDB connections before creating replset"Jenkins1-0/+7
2016-09-16Wait for MongoDB connections before creating replsetJiri Stransky1-0/+7
Sometimes the mongodb_replset resource fails with: Could not evaluate: Can't find master host for replicaset tripleo. This issue is intermittent so the fix cannot be perfectly verified, but the assumption is that if we wait for MongoDB to be reachable on all nodes, it will assure that the members will appear to the puppet module as alive when creating or verifying the replset. If the validation fails, it should help us uncover which of the members was causing trouble. Change-Id: I0bcd0d063a7a766483426fdd5ea81cbe1dfaa348 Closes-Bug: #1624420
2016-09-16Swift add_devices.pp IPv6 handlingGabriele Cerami1-1/+4
Add brackets to IPv6 addresses before forming $object from $base Change-Id: I4568d538561a0102b69f331a122d4989333a3bfa Closes-Bug: #1623096
2016-09-16Merge "Add manila-netapp backend to manila class and tidy up generic"Jenkins1-81/+41
2016-09-16Add manila-netapp backend to manila class and tidy up genericmarios1-81/+41
This adds support for the manila-netapp backend. The backend specific config is set tht side. So this change also tidies up the manila generic config, which is unnecessarily being duplicated here ( see https://review.openstack.org/#/c/354019/ ) Change-Id: Ic6f8e8d27ca20b9badddea5d16550aa18bff8418
2016-09-16mysql: never add brackets to mysql_bind_hostEmilien Macchi1-1/+1
Don't add brackets on mysql_bind_host parameter in Galera config. Having brackets from this parameter works with old version of Galera but not newest one. So let's remove them at all, so we can safely upgrade Galera in RDO. Change-Id: Ic904d4efda162f18ec8dffb91c2f383f54361f41 Closes-Bug: #1622755
2016-09-15Fix dependencies for HAProxy when certmonger is usedJuan Antonio Osorio Robles2-4/+9
Installing the undercloud with generate_service_certificate=True fails if HAProxy is not pre-installed. This is due to missing dependency setting on our puppet manifests. We need to specify that the PEM file needs to be written only if the haproxy user and group exist (which comes from the package) and that the haproxy frontend configuration needs to be notified if there are changes in the certificates. Change-Id: Iba3030e4489eb31f9c07ab49913687d8b595a91b Closes-Bug: #1623805
2016-09-15Fix wrong flag name for VNC Proxy in HAProxyJuan Antonio Osorio Robles1-2/+2
The name was wrong, and so fixing it will actually enable VNC Proxy when the service is enabled. Change-Id: I65e90479fd33844b4dcd70c19cec3cd838aeff69 Closes-Bug: #1623796
2016-09-14Merge "Add validations profile for tripleo"Jenkins1-0/+29
2016-09-13Merge "Enable X-Forwarded-Proto for manila"Jenkins1-0/+5
2016-09-13Merge "Fill DNS name for haproxy certificates"Jenkins1-0/+1
2016-09-12Merge "Fix value of ctlplane fqdn fact"Jenkins1-13/+3
2016-09-12Add validations profile for tripleoTomas Sedovic1-0/+29
This adds the tripleo::profile::base::validations profile which sets up the `validations` user and installs the openstack-tripleo-validations package. Change-Id: Ib2b1ddcda3a41cb7263171d3024f05ba8bfd2f28
2016-09-12Fix value of ctlplane fqdn factJuan Antonio Osorio Robles1-13/+3
This fact was being retrieving the value of the hostname for the management network. We should instead be using a value set explicitly in t-h-t. Depends-On: Idb3ca22ac136691b0bff6f94524d133a4fa10617 Change-Id: I6fcf7c7853071a9f3377aec475308bc8d10d5b33 Related-Bug: #1621742
2016-09-12Enable X-Forwarded-Proto for manilaJuan Antonio Osorio Robles1-0/+5
This is necessary so the middleware in manila can set the protocol correctly in case we're terminating SSL in HAProxy. Depends-On: Ice78b0abceb6a956bb8c1dc6212ee1b56b62b43f Change-Id: Iedaabaf1379466c22e3b9bb2307e940459d26de7
2016-09-12Fill DNS name for haproxy certificatesJuan Antonio Osorio Robles1-0/+1
This sets the subject alt name field for the certificates we auto-generate, which will remove the security warnings we constantly see in the undercloud. This is the proper way to set certificates, since the usage of the CN as a replacement for the subjectAltName is being deprecated (very slowly). Change-Id: I475cbffd47425e850902838eec06bf461df2acd0 Closes-Bug: #1622446
2016-09-09Merge "Added Contrail Composable Services"Jenkins5-0/+751
2016-09-09Merge "Add Ceph RGW profile"Jenkins1-0/+63
2016-09-08Merge "Add class to write overcloud VIPs into /etc/hosts"Jenkins1-0/+39
2016-09-07gnocchi: move statsd and metricd at step5Emilien Macchi2-2/+6
Gnocchi statsd and metricd require Keystone resources to be in place when using Swift backend, because those services will try to access to Swift containers. To do so, we want to move the service start at step 5 instead of 4 and also require Keystone resource to be managed before starting the services. Change-Id: Ie5bc1481a8700c7cd080a76d0978146a84825767 Closes-Bug: #1621164
2016-09-07Merge "Manage Redis VIP when deploying with keepalived"Jenkins1-0/+18
2016-09-06Merge "Include heat base profile outside of step"Jenkins4-4/+8
2016-09-06Merge "Add Ceph RGW listener to HAProxy"Jenkins2-0/+23
2016-09-06Merge "Convert ringbuilder to build devices array"Jenkins2-4/+65
2016-09-06Add class to write overcloud VIPs into /etc/hostsJuan Antonio Osorio Robles1-0/+39
This will be useful to start using FQDNs instead of IPs if we don't have a DNS set-up. This will effectively grab a map of hosts to add and create them with puppet's host resource. Change-Id: I1bdb2701dfb3e7ef072e674c9882d3be5af7296c
2016-09-06Merge "Map ctlplane network to management fqdn"Jenkins1-0/+11
2016-09-06Merge "Make fqdn fact names match service net map"Jenkins1-3/+3
2016-09-05Merge "Ironic: update included drivers"Jenkins1-3/+7
2016-09-05Merge "Ironic: manage PXE environment for conductors"Jenkins1-0/+8
2016-09-05Map ctlplane network to management fqdnJuan Antonio Osorio Robles1-0/+11
We don't really expose a management network, but a ctlplane one. So when someone requests the ctlplane fqdn, we'll give the management one. Since that's what we actually fill in the hosts. Change-Id: Iede5a06d73206f98f283729f1879484f09d4012a
2016-09-05Make fqdn fact names match service net mapJuan Antonio Osorio Robles1-3/+3
This will make it easier to use and consume from t-h-t, making their use more dynamic. This is still safe to do, since these are not used by anything yet. Change-Id: I4d603938c568320d4ae1cc7a396070ad4ac62132
2016-09-05Merge "updates to fluentd support"Jenkins2-39/+180
2016-09-04Ironic: update included driversDmitry Tantsur1-3/+7
Configure drac, ilo and ssh drivers out of box. Remove deprecated ironic::drivers::deploy. This change brings the default driver list closer to one of undercloud. Change-Id: I8b9a136a0ff22916d7c468bbb0df7248bc35a5c2 Partially-Implements: blueprint ironic-integration
2016-09-03Merge "Make service profiles default to rabbitmq_node_ips"Jenkins11-11/+85
2016-09-02Merge "Plumgrid helper"Jenkins1-0/+45
2016-09-02Merge "Opencontrail vrouter profile"Jenkins1-0/+40
2016-09-02Plumgrid helperDan Prince1-0/+45
Extra settings that need to be applied for plumgrid where compute nodes are running. Change-Id: Ided5483f0f36f0efd5a09112832d07f028a2a7f9
2016-09-02Manage Redis VIP when deploying with keepalivedJiri Stransky1-0/+18
Previously we weren't creating Redis VIP in keepalived, causing Redis to be unusable in non-HA deployments. Change-Id: I0bb37f6fb3eed022288b2dcfc7a88e8ff88a7ace Related-Bug: #1618510
2016-09-02Convert ringbuilder to build devices arraySteven Hardy2-4/+65
Currently we have some hard-coded mangling in t-h-t but we instead need to build the array based on the nodes running swift storage, combined with the SwiftRawDisks parameter. This will enable running SwiftStorage on nodes other than Controller and SwiftStorage roles, and is required for custom-roles due to the hard-coded stuff in the role templates and overcloud.yaml Change-Id: I11deed1df712ecccf85d36a75b3bd2e9d226af36 Partially-Implements: blueprint custom-roles
2016-09-02Merge "Create memcache_servers list in swift proxy profile"Jenkins1-1/+14
2016-09-02Make service profiles default to rabbitmq_node_ipsSteven Hardy11-11/+85
Instead of hard-coded yaml aliases in t-h-t, make each service profile that requires rabbit default to the list of rabbit ips. Note this could still be extended in future to e.g enable per service rabbit clusters, but the default is to lookup the hiera which should be logically equivalent to current t-h-t. Change-Id: Ie53c93456529420588eb1927703ea91b54095d87 Partially-Implements: blueprint custom-roles
2016-09-01Release puppet-tripleo 5.0.0Emilien Macchi1-1/+1
This is the first tag for newton and OpenStack Infra will create a tarball from it. Change-Id: I7a98743bbbd1879426790a9821cadfa7ecbd5d22
2016-09-01Merge "midonet: update neutron parameter"Jenkins1-2/+2