summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-08-17Merge "Add cinder-backup profiles"Jenkins4-0/+162
2016-08-17Merge "Align hiera keys with service names"Jenkins5-11/+11
2016-08-15Defaults empty hash to kernel_modules and sysctl_settingsEmilien Macchi1-3/+7
Set empty hash by default to kernel_modules and sysctl_settings so catalog won't fail if the parameters are not set in Hiera. Change-Id: I24ab535b01e2724af457d39c03cd990c574ef0aa
2016-08-11Merge "Handle redirects for keystone"Jenkins1-5/+16
2016-08-11Align hiera keys with service namesSteven Hardy5-11/+11
These hiera keys aren't aligned with the service names, which will be required for composable generation of the ip lists per service. Change-Id: I423b544df174254ac511b906b0c570e701678022 Depends-On: I7febf28bf409e25e8e5961ab551b6d56bb11e0c6 Partially-Implements: blueprint custom-roles
2016-08-11Add cinder-backup profilesDan Prince4-0/+162
Adds a Cinder backup profile for Cinder backup service activation (to be used in https://review.openstack.org/#/c/304563). Cinder backup uses Swift as a default. Change-Id: Ib1dfe52b83ab01819fc669312967950e75d8ddf1 Co-Authored-By: Jon Bernard <jobernar@redhat.com> Co-Authored-By: Boris Kreitchman <bkreitch@gmail.com>
2016-08-10Handle redirects for keystoneJuan Antonio Osorio Robles1-5/+16
If keystone sends a redirect and we have TLS enabled, we need to modify the response in order to indicate https. Change-Id: Icd61f527473bfe5153e058e94f9ed141cf13812d
2016-08-10Merge "Fix use of bootstrap_node in cinder base profile"Jenkins4-18/+19
2016-08-10Merge "Fix mistral sync_db profile steps"Jenkins4-4/+4
2016-08-09Merge "Only db-sync sahara is included in the bootstrapnode"Jenkins3-5/+20
2016-08-09Fix mistral sync_db profile stepsCarlos Camacho4-4/+4
The services in the mistral profiles were limited to be executed only in the bootstrap master node. Change-Id: Iae42ffa37c4c9b1e070b7c3753e04c45bb97703f
2016-08-09Only db-sync sahara is included in the bootstrapnodeJuan Antonio Osorio Robles3-5/+20
Currently, sahara's db-sync is run on every node. We should instead run it if we're on the bootstrap node as race conditions may occur and these will cause issues. Change-Id: I5db281caae17402ff198cb4cd46304338d98c52e
2016-08-09Use modern auth options for NeutronSergey Kolekonov1-4/+4
auth plugins should be used instead of deprecated admin_* options Change-Id: I80da7ce0a3d11859dd9f2ae02cd9761b9b28ac27 Depends-on: I3018932a106df562e94067e037b3bc862be97b51
2016-08-09Fix use of bootstrap_node in cinder base profileGiulio Fidente4-18/+19
By inspecting bootstrap_nodeid in cinder base profile we can set sync_db appropriately and not always default to true. Change-Id: I2484b1d70a17436c0d8eab9ea8df927d57783784
2016-08-08Fix parameters and headers inconsistency in the puppet manifests.Carlos Camacho129-589/+433
As we are staring to manually check overcloud services the first step is to check that the puppet profiles are all aligned. Changes applied: No logic added or removed in this submission. Removed unused parameters. Align header comments structure. All profiles parameters sorted following: "Mandatory params first sorted alphabetically then optional params sorted alphabetically." Note: Following submissions will check pacemaker, cinder, mistral and redis services in the base profiles as some of them has the $pacemaker_master parameter defaulted to true. Change-Id: I2f91c3f6baa33f74b5625789eec83233179a9655
2016-08-08Merge "Convert ceph_pools into a hash type"Jenkins1-8/+10
2016-08-08Convert ceph_pools into a hash typeGiulio Fidente1-8/+10
By using create_resources we can create ceph::pool resources from a hash. This will make it possible to define custom attributes for the single pool from the heat templates. Change-Id: I38978f0f3119e4ab7dd45021e598253cb066cb5a
2016-08-08New composable service: SensuMartin Mágr4-1/+125
Depends-On: Ic095cd1248cc2ffcef363893b20ff57f7befd6fc Change-Id: Ia09d14fa9db07595d2e904bd9918e5645ea590c7
2016-08-07Merge "Add passing of X-Forwarded-Proto to Glance API endpoint"Jenkins1-0/+6
2016-08-07Merge "Add zaqar API endpoint in HAProxy"Jenkins1-0/+20
2016-08-05Merge "Remove keystone PKI cert generation"Jenkins2-31/+0
2016-08-05Merge "Implement aodh profiles"Jenkins5-0/+244
2016-08-05Remove keystone PKI cert generationSteven Hardy2-31/+0
We don't currently offer any parameter interface to enable PKI certs, and these have all been deprecated by keystone, so remove them. Change-Id: I8232262b928c91dcde7bea2f23fa2a7c2660719e
2016-08-05Merge "Fix mistral profile steps"Jenkins4-20/+56
2016-08-05Merge "Configure Ceph/OSD after Ceph/Mon when on same node"Jenkins1-1/+1
2016-08-05Add passing of X-Forwarded-Proto to Glance API endpointJuan Antonio Osorio Robles1-0/+6
Glance supports the http_proxy_to_wsgi middlware, and it was recently enabled in the overcloud [1]. However, for it to work properly, we need to add the X-Forwarded-Proto header which was missing from the HAProxy configuration. [1] I4a8f7fc079ca93c50aa0ef7b0548dc64f6c5cfa0 Change-Id: I82e2db1145b0476cec27676fdfbb97e86cbd8182
2016-08-05Add zaqar API endpoint in HAProxyJuan Antonio Osorio Robles1-0/+20
This will enable us to terminate SSL connections for Zaqar's API. Change-Id: If75e2947a2dca95b3e53e1b1ffd93f36fc7fb1cc
2016-08-04Merge "Next generation HA architecture work"Jenkins2-17/+17
2016-08-04Implement aodh profilesPradeep Kilambi5-0/+244
Change-Id: Ie48a123cc5bc402aee635a5daf118b158c6f3b6a Implements: blueprint refactor-puppet-manifests
2016-08-04Merge "Add base nova-ironic profile"Jenkins1-0/+36
2016-08-04Merge "Fix Ironic dbsync ordering"Jenkins1-6/+7
2016-08-04Merge "Remove unnecessary certmonger manifest"Jenkins1-37/+0
2016-08-03Fix mistral profile stepsCarlos Camacho4-20/+56
Fixing Mistral profile when deploying the service. Change-Id: I942d419be951651e305d01460f394870c30a9878
2016-08-03Remove unused parameter in saharaCarlos Camacho1-12/+1
Remove unused parameter in sahara Change-Id: I46c033b410ab850289b798ee93990b6fb10c80ea
2016-08-03Merge "Fixup nit in manila pacemaker profile, duplicate variable"Jenkins1-1/+0
2016-08-03Merge "Run local CA trust before haproxy deployment"Jenkins1-1/+3
2016-08-02Fixup nit in manila pacemaker profile, duplicate variablemarios1-1/+0
See discussion at https://review.openstack.org/#/c/342961/8 Change-Id: I571b65a5402c1028418476a573ebeb9450ed00c9
2016-08-02Remove unnecessary certmonger manifestJuan Antonio Osorio Robles1-37/+0
The original intent of this manifest was to set the defaults for the CA and some other values when requesting certificates via certmonger. However, this approach doesn't work and in the undercloud we ended up doing this via hieradata instead. So this file is not used. Change-Id: I552d504091acc0d5588e30d14bc2fc85d7b7ecea
2016-08-01Next generation HA architecture workMichele Baldessari2-17/+17
This change moves the cinder-volume/cinder-scheduler constraints in the cinder-scheduler profile as these can't be applied by the cinder-volume service when cinder-scheduler isn't managed by Pacemaker. Blueprint: https://blueprints.launchpad.net/tripleo/+spec/ha-lightweight-architecture Change-Id: I5e7585c08675d8a4bd071523b94210d325d79b59 Implements: blueprint ha-lightweight-architecture Co-Author: cmsj@tenshu.net
2016-08-01New composable service: FluentDMartin Mágr1-0/+40
Change-Id: I278dfee01ed24713dec29aae55d2c7bdcb7e74bc
2016-08-01Run local CA trust before haproxy deploymentJuan Antonio Osorio Robles1-1/+3
Before haproxy tries to use the TLS certificates it should already trust the CA. So it's necessary for the local CA-related manifest to notify the ::tripleo::haproxy class. This works for newly set deployments. deployments that have already ran the ca-trust section will already trust the CA and thus won't need that part. Change-Id: I32ded4e33abffd51f220fb8a7dc6263aace72acd
2016-07-29Move constraints to their respective servicesMichele Baldessari2-0/+36
The openstack-core-then-httpd constraint needs to live in the apache pacemaker manifest and not in the main controller manifest file. The same goes for those specific vsm/cisco neutron resources. Change-Id: I2041d4d163f051427b62eec07b8345ad7006cc1d
2016-07-29Merge "Move nova constraints from controller manifest to each service"Jenkins3-0/+87
2016-07-28Merge "Remove global openstack-core resource"Jenkins2-17/+0
2016-07-28Merge "Create role for the fake openstack-core resource"Jenkins1-0/+59
2016-07-27Move nova constraints from controller manifest to each serviceMichele Baldessari3-0/+87
Currently we are still creating all the pacemaker constraints for nova in the main overcloud_controller_pacemaker.pp manifest file. Let's move those to each role where they belong. Note that given that a constraint depends on two separate pacemaker resources it is a bit arbitrary in which file they end up being (the one of the first resource or the second one). Change-Id: I96a3a313d15fac820b020feae0568437c2cbade3
2016-07-27Remove global openstack-core resourceGiulio Fidente2-17/+0
The openstack-core resource is not needed by the NG Pacemaker architecture. It was moved into an isolated role by [1] so that it could optionally be enabled when wanting the older architecture. This submission removes the old openstack-core global resource. 1. I74a62973146c0261385ecf5fd3d06db51e079caa Change-Id: I16a786ce167c57848551c7245f4344c382c55b3d
2016-07-27Create role for the fake openstack-core resourceGiulio Fidente1-0/+59
Change-Id: I74a62973146c0261385ecf5fd3d06db51e079caa
2016-07-27profile/base/nova: declare nova class and configure cache correctly.Emilien Macchi2-10/+27
Nova {} workaround is not working correctly, we need to merge this patch so we can move out ::nova from THT completely. Also we need to use nova::cache to configure memcached parameters. Co-Authorized-By: Giulio Fidente <gfidente@redhat.com> Co-Authorized-By: Sven Anderson <sven@redhat.com> Co-Authorized-By: Emilien Macchi <emilien@redhat.com> Depends-On: I52d5badb9960124bb8fcb54983db2853c4185e77 Depends-On: I3e400a5f64b85f0d374fc02cc5e4080d19d0f2e4 Depends-On: Iee5f8015cbf40ca0e9a435a7de919ebdb74cf93f Change-Id: Ie4e72e765f6a8ade48d4b2b766f067872554d1a2
2016-07-25Unit tests for HAproxy dual stackEmilien Macchi2-0/+74
Change-Id: I6a959609523bd7fa681cd86522a56fff7c92352b