| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We attempt to use iscsi-iname in an exec for our nova compute profile
but we do not ensure that the package providing this command is
installed. This change adds the package definition for
iscsi-initiator-utils to ensure it is installed before trying to use
iscsi-iname.
Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d
Closes-Bug: #1675462
|
|
The rabbitmq user check is moved to step >= 2 from step >= 1. There is
no gaurantee that rabbitmq is running at step 1, especially if updating
a failed stack that never made it past step 1 to begin with.
Change-Id: I029193da4c180deff3ab516bc8dc2da14c279317
Closes-Bug: #1675194
|
|
This submission moves the neutron profile
`::tripleo::profile::base::neutron`
our of step 4.
Change-Id: I4d0617b0d7801426ea6827e70f5f31f10bbcc038
|
|
This commit conditionally includes messaging amqp class for the
oslo.messaging AMQP 1.0 driver to support notifications.
This patch:
* include keystone::messaging::amqp class for oslo_messaging_amqp opts
Change-Id: I8eb23a21d2499795c3a76ae3197bda7773165a8c
|
|
|
|
|
|
Previously ODL was restricted to only running on the first node in an
tripleO HA deployment. This patches enables clustering for ODL and
allows multiple ODL instances (minimum 3 for HA).
Partially-implements: blueprint opendaylight-ha
Change-Id: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.
As a side effect, this change makes it possible to potentially enable
ironic-inspector support in the future (it's not enabled yet).
Change-Id: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #1661250
|
|
|
|
|
|
|
|
Setting cluster_enabled to false causes ETCD_INITIAL_ADVERTISE_PEER_URLS
to be unset, which will cause deployment failure when etcd is deployed
in a single node mode.
Closes-Bug: #1673188
Change-Id: Iadff36bf7beb247d0408913c89f83fa5c8ac6874
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
|
|
Change-Id: I81e0850777f1498ba9b7a213ba02819847a40786
|
|
Change-Id: I81b0b8b54a034817f5791ff7e29f1a3065902642
|
|
Change-Id: Ia002aced6de474022d4aa4e9e3d7d5ee7c31a2b0
|
|
To deploy successfully the RadosGW service on a dedicated node
it is necessary to provision on the node a CephX keyring with the
needed permissions to import the RadosGW service keyring. This
change will provision any keyring passed via client_keys.
It makes possible to deploy the CephRgw service on any custom role
without including the CephClient service.
Change-Id: I5772eeb233ca241887226145a472c7a0363249cb
Closes-Bug: #1673288
|
|
|
|
|
|
This profile will specifically be used to create all the certificates
required in the node. These are fetched from hiera and will be ran in
the first step of the overcloud deployment and in the undercloud.
The reasoning for this is that, with services moving to containers, we
can't yet do these requests for certificates within the containers for
the specific services. this is because the containers won't have
credentials to the CA, while the baremetal node does. So instead we
still do this on the baremetal node, and will subsequently bind mount
the certificates to the containers that need them. Also, this gives us
flexibility since this approach still works for the baremetal case.
There will be a subsequent commit removing the certificate requests from
the service-specific profiles.
Change-Id: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
|
|
Changes Include:
- Adds spec testing
- Only raise limits if nonha. puppet-systemd will restart the mariadb
service which breaks ha deployments. Hence we only want to do this
in noha.
- Minor fix to hiera value refrenced not as parameter to mysql.pp
Partial-Bug: #1648181
Related-Bug: #1524809
Co-Authored By: Feng Pan <fpan@redhat.com>
Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
We currently set the haproxy stat socket to /var/run/haproxy.sock.
On Centos/RHEL with selinux enabled this will break:
avc: denied { link } for pid=284010 comm="haproxy"
name="haproxy.sock" dev="tmpfs" ino=330803
scontext=system_u:system_r:haproxy_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
The blessed/correctly-labeled path is /var/lib/haproxy/stats
Note: I am setting only Partial-Bug because I would still like
to make this a parameter so other distros may just override the path.
But that change is more apt for pike and not for ocata.
Change-Id: I62aab6fb188a9103f1586edac1c2aa7949fdb08c
Patial-Bug: #1671119
|
|
Bindep is an automation tool used by openstack-infra to bootstrap a
worker with default packages. Something not needed for puppet jobs.
Change-Id: I6b4784c233a2abad01da3408f131af2c89586868
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
|
|
This moves the certificate request bits to simplify the profile and move
the logic to the HAProxy/certmonger specific manifest.
This is a small iteration on the effort to separate the certificate
retrieval to its own manifest since this part won't be containerized
yet.
Change-Id: Ibb01cd9a59049e4728615cb4f37e5bfac5800a92
|
|
Currently tuned uses the wrong profile on compute nodes. This patch will
allow users to update their tuned profile.
Fixes bug 1667524
Change-Id: Ic67aca7f5338ea4bb2d3843201e122c72d97056e
|
|
|
|
Introduce profile to configure networking-bgpvpn service
Implements: blueprint bgpvpn-service-integration
Change-Id: I7c1686693a29cc1985f009bd7a3c268c0e211876
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|
|
|
|
|
|
The eqlx_use_chap, eqlx_chap_login and eqlx_chap_password were
previously deprecated and are scheduled to be removed in Pike. This
change updates these parameters to use the replacement params.
See I295d8388ba17dd60e83995e7c82f64f02a3c4258 for more details.
Change-Id: I0f229ed2e7bb65d9da81c5caa69dbe1a4aded814
|
|
The db_sync from panko comes from the panko-api package; So we move the
db_sync to be done in the api manifest as it's done for other services
such as barbican.
This is necessary since in cases where the overcloud deploy requires
puppet to do the installations, with the previous setup it failed since
the command wasn't available in the step it was being done.
Change-Id: I20a549cbaa2ee4b2c762dbae97f5cbf4d0b517c8
Closes-Bug: #1671716
|
|
Change-Id: I1668b749779bf812d8f55b695dd138cde7eb09d6
|
|
This optionally enables TLS for RabbitMQ in the internal network. Note
that this leaves enable_internal_tls as undef instead of using the
regular default. This is because we don't want to enable this just now,
since we first want to pass the necessary hieradata via t-h-t. This will
be cleaned in further commits.
bp tls-via-certmonger
Depends-On: I4f37e77ae12e9582fab7d326ebd4c70127c5445f
Depends-On: Ic32b2cb253fa0dc43aad7226b24919b7e588faa9
Change-Id: Ic2a7f877745a0a490ddc9315123bd1180b03c514
|
|
authtoken class configures the keystone_authtoken parameters, required
to move to Keystone V3 auth.
Change-Id: Ibfd761fef813faa7bf13881c52c34e20d3eac9e5
|
|
The current version information is behind that of stable/ocata. In order
to address some version generation issues in packaging, we need to bump
the version numbers for in preparation for the next version.
Change-Id: I586811d9623c4bb03b1b234eaed2b3b365ba6e3e
Releated-Bug: #1669462
|
|
There were some values that were passed to the classes manually, and
this takes the parameters from t-h-t instead. Also, the release note was
added.
bp tls-via-certmonger
Change-Id: I17c4b7041e16da6489f4b713fdeb28a6e1c5563c
Depends-On: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6
|
|
This deploys the Heat APIs (api, cfn and cloudwatch) over httpd, and
includes the TLS-everywhere bits.
bp tls-via-certmonger
Change-Id: I23971b0164468e67c9b3577772af84bd947e16f1
|
|
|
|
|
|
|
|
Change-Id: I89e544474b3f73a9e00d37dcddb605d5fe979ca8
|
|
Since the norpm provider can prevent the chronyd package from actually
getting purged, we need to make sure the chronyd service is stopped and
disabled so that it does not conflict with ntpd.
Change-Id: I7a697aba7aa5a27ba4ab6e46018057f7f01dfab2
Closes-Bug: #1665426
|
|
This configures the docker service on the host, as an alternative
to the firstboot script in docker/firstboot/setup_docker_host.sh
Doing this via puppet will enable easier integration with e.g
the multinode jobs where no firstboot scripts run, and also
enables a better error path in the event the service fails to start
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
|
|
Kolla will be used to build container images and populate the local
docker registry.
Change-Id: I325a5248754d269d77eaf78224c7379dd81d6053
|
|
|
|
If the norpm provider attempts to do any install/update/remove actions,
we should throw a warning in the logs so people are aware that the
action did not actually take place.
Change-Id: Ieee5cac3412c709ba6b39316e455d7708cc9d22e
Closes-Bug: #1669666
|
|
|
|
|
|
|
|
This also updates a leftover comment.
Change-Id: I870caf20103b044655e699aac09f6621414f5326
Depends-On: I5af5ccb88e644f4dd25503d8e7a93796695d3039
|
Alex Schultz
James Slagle
Carlos Camacho
Andrew Smith
Jenkins
Tim Rozet
Dmitry Tantsur
Feng Pan
Juan Antonio Osorio Robles
Giulio Fidente
Michele Baldessari
Paul Belanger
Joe Talerico
Ricardo Noriega
Emilien Macchi
Steven Hardy
Martin André