Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I6a959609523bd7fa681cd86522a56fff7c92352b
|
|
|
|
|
|
|
|
|
|
This class will be used on the undercloud to deploy os_net_config.
Change-Id: I507c237a35250b660b37ea8cfc4e8e7f97ae21e2
|
|
|
|
|
|
In some profiles, we were looking up the $step by using Hiera
again, while we already do it in the parameter definition.
When using this class outside THT, it will fail but with this patch, we
could use just set the $step parameter and the rest of the manifest will
work.
Change-Id: I7082f47204fb4e529b164e4c4f1032e7bdd88f02
|
|
This gives the option to generate the service certificate(s) that
HAProxy will use. This will be used for both the overcloud and the
undercloud.
bp tls-via-certmonger
Change-Id: I3d0b729d0bad5252c1ae8852109c3a70c0c6ba7d
|
|
|
|
|
|
This patch updates the tripleo::firewall class so that it will
support loading firewall rules defined in composable services
via the following hiera keys (for nova-api for example):
tripleo.nova_api.firewall_rules
This patch relies on a new 'service_names' hiera array that should be
provided on all TripleO overcloud nodes.
Depends-On: I60861c5aa760534db3e314bba16a13b90ea72f0c
Change-Id: Id370362ab57347b75b1ab25afda877885b047263
|
|
|
|
service"
|
|
|
|
Deploy Keystone and Gnocchi API with the new Apache/Pacemaker profile.
Change-Id: Id28c618133e53e28dfac7e3e9cf9f5f5a6b2421a
|
|
Change-Id: I6ba962c682dc2ab8c6ee5238e0c176d9ae05d696
|
|
|
|
|
|
This class extracts the certificate and adds it to the trusted certs.
bp tls-via-certmonger
Change-Id: I6dc1e0469cd7dbbb51659c8f29975d25b2941ec3
|
|
Change I67a15dc83a754fb6f5fe25c64ae9e7d29c58fcec removed the
gnocchi configuration completely from non-bootstrap nodes. This
changes it so the configuration is included on all nodes, but the
db sync is only included on bootstrap.
Change-Id: If402becc900c175f5b3bb95c3413276e5a04b4f7
Closes-Bug: 1604708
|
|
Deploy Apache with Pacemaker in a new profile.
Change-Id: I9ae6cee2bfb0f8974d41d700454cfde2df06c2d1
|
|
Not used anymore anywhere.
Change-Id: Iae0709cca8faa62698bed977e0e364eb8f88f4f7
|
|
Currently if we manually restart the cluster saometimes gnocchi statsd
doesnt comeup as galera is not up yet. This should tie the metrics to
core and follow the order.
Closes-bug: #1604860
Change-Id: I5ec29622938336410b91785ca49b410bcdd30cdd
|
|
Heat needs stack_user_domain_id or stack_user_domain_name config
options set in the heat.conf before starting. The domain itself
doesn't need to exist until a stack is actually created, but the
value needs to be there. This patch ensures that the heat domain
parameters are configured before starting the heat-engine service
with Pacemaker at step3 and 4, and at step5, Pacemaker will start
the services and Puppet will create the domains.
(note: commit message copied from
https://review.openstack.org/#/c/331652/ to mitaka tht, which came
first)
Change-Id: I58fa53357265c1607d2df1b04cc2296083212ab7
Closes-Bug: 1599232
|
|
|
|
|
|
|
|
The gnocchi db sync is being run from multiple controllers causing errors in
CI. See the bug for more details.
Change-Id: I67a15dc83a754fb6f5fe25c64ae9e7d29c58fcec
Closes-Bug: #1604624
|
|
In the Next Generation HA architecture a number of active/active services
will be run via systemd. In order for this to work we need to make sure that
the sync_db operation only takes place on the bootstrap node, just like it is
done today for the pacemaker profiles.
We do this by removing sync_db as a parameter and instead set it to true
or false depending if the hostname matches the bootstrap_node as it is done
today in the pacemaker role.
Note that we call hiera('bootstrap_nodeid', undef) because if a profile
is included on a non controller node that variable will be undefined.
The following testing was done:
- HA puppet-pacemaker.yaml scenario with three computes
- NonHA with one controller
- NonHA with three controllers
Fixes-Bug: 1600149
Co-Author: cmsj@tenshu.net
Change-Id: I04a7b9e3c18627ea512000a34357acb7f27d6e0e
Implements: blueprint ha-lightweight-architecture
|
|
The principal is needed for kerberos-based solutions like FreeIPA.
bp tls-via-certmonger
Change-Id: Ie27848f522d11135b061aef766de2b696c77fcb9
|
|
The code was in THT before but now in the Nova API profile.
Change-Id: I7035f7998c11dc5508dae8c1a750b93c2944b2d4
|
|
|
|
|
|
The dummy openstack-core resource was meant to replace keystone so that
restarting keystone would not restart the whole cloud. When this
resource was introduced the paramter interleave=true was mistakenly left
out.
This causes a simple promote operation on the galera resource to restart
openstack-core and its children.
Change-Id: Ic590005a9419be87e6e6ea131b0ac0630c5afc19
Closes-Bug: 1603381
|
|
|
|
Add Mistral profiles for non-ha and ha scenarios
Change-Id: I1a072326091fd3b0c21d2f78041e3532b67c60eb
Implements: blueprint refactor-puppet-manifests
Depends-On: I6ce61054384c15876c498ba8cf582f88d9f7f54c
|
|
I think this will need refinement in future, but for now this is
just a copy of what we have in t-h-t
Change-Id: I427f0b5ee93a0870d43419009178e0690ac66bd6
Partially-Implements: blueprint refactor-puppet-manifests
|
|
|
|
|
|
|
|
Add MySQL profiles, for non-ha and ha scenarios.
Change-Id: I7ddae28a6affd55c5bffc15d72226a18c708850e
Closes-Bug: #1601853
|
|
This resource will be used in both the overcloud and the undercloud,
and can be called in several instances (for public-facing or
internal-facing certificates).
bp tls-via-certmonger
Change-Id: I0410fe0dbbed97d16909e911f7318d78a5bd7d7b
|
|
This base class just executes the main certmonger include (which gets
the package and starts the service) and configures the global CA, as
well as some options for the certificates that it will be issuing.
bp tls-via-certmonger
Change-Id: Ib748946130209bf9ccf6670b6f3fbbe0424400ec
|
|
|
|
|
|
|
|
Change-Id: I46215f82480854b5e04aef1ac1609dd99455181b
Closes-Bug: #1601970
|
|
As not having guarantee of being installed on same node, the dbsync
will be on step 3 and the clustercheck on 2.
Change-Id: Id728aae79442c45ab48fe0914c065f1807e8890d
|