aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-06-13Merge "Support for proxying ironic-inspector via Apache"Jenkins3-12/+34
2017-06-12Merge "Puppet module to deploy cinder-backup bundle for HA"Jenkins1-0/+146
2017-06-12Merge "Puppet module to deploy cinder-volume bundle for HA"Jenkins1-0/+141
2017-06-12Changed authorLuong Anh Tuan1-1/+1
Changed author to OpenStack Change-Id: I5f8806d1a765a1b5ae823b9e537e0ba672d81545
2017-06-12Update README with info for new contributorsJulie Pichon1-0/+9
Add the same footer to the README that most other TripleO projects have. People new to TripleO might not know we use a single bug tracker for all projects, or how to test puppet projects in OpenStack. Change-Id: I6044ea98ec4480c8c1e431921df43ee425d9cba4 Closes-Bug: #1697091
2017-06-12Remove condition to match hdr(host) in haproxy redirect ruleRyan O'Hara1-1/+1
The horizon proxy should redirect all HTTP requests to HTTPS, regardless of the 'Host' field in the header. The current rule will cause haproxy to redirect HTTP requests if the 'Host' field contains the public virtual IP address. It will not redirect if the 'Host' field contains a hostname, FQDN, etc. Change-Id: I6c8f58a30f97cdf4c668734793197ea976297733 Signed-off-by: Ryan O'Hara <rohara@redhat.com>
2017-06-12Add environment variableZhongShengping1-1/+1
Add environment variable {toxinidir} in tox.ini Change-Id: Iee0e6e1f5ea49a7307bdfd493b4203df17369d75
2017-06-11Merge "Install rsync package for galera"Jenkins2-0/+15
2017-06-11Do not create VIP for pacemaker OVN OCF resourceNuman Siddique1-29/+7
The commit with change id [1], added the pacemaker HA support for OVN DB servers. That commit created a new VIP which is really not required. This patch removes the code to create a new ip resource. Instead it expects the pacemaker ip resource (with the ip address in the 'ovn_dbs_vip' parameter and with the name "ip-$ovn_dbs_vip") to be created before ovn_northd class is called, which is the case anyway if 'ovn_dbs_vip' is taken from the ServiceNetMapDefaults (in t-h-t). [1] - I9dc366002ef5919339961e5deebbf8aa815c73db Change-Id: I94d3960e6c5406e3af309cc8c787ac0a6c9b1756 Partial-bug: #1670564
2017-06-09Make sure the resource bundles use a location_ruleMichele Baldessari4-0/+16
In composable HA we bind resources to nodes that have special node properties. We need to do this also for bundle resources otherwise there is a potential race where the bundle might be started on nodes where it is not supposed to during a small window of time. Tested with the depends-on and correctly obtained a containerized composable HA deployment: Docker container set: rabbitmq-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-rabbitmq:latest] rabbitmq-bundle-0 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-0 rabbitmq-bundle-1 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-1 rabbitmq-bundle-2 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-2 Docker container set: galera-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-mariadb:latest] galera-bundle-0 (ocf::heartbeat:galera): Master overcloud-galera-0 galera-bundle-1 (ocf::heartbeat:galera): Master overcloud-galera-1 galera-bundle-2 (ocf::heartbeat:galera): Master overcloud-galera-2 Docker container set: redis-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-redis:latest] redis-bundle-0 (ocf::heartbeat:redis): Master overcloud-controller-0 redis-bundle-1 (ocf::heartbeat:redis): Slave overcloud-controller-1 redis-bundle-2 (ocf::heartbeat:redis): Slave overcloud-controller-2 ip-192.168.24.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0 ip-10.0.0.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1 ip-172.16.2.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2 ip-172.16.2.9 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0 ip-172.16.1.6 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1 ip-172.16.3.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2 Docker container set: haproxy-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-haproxy:latest] haproxy-bundle-docker-0 (ocf::heartbeat:docker): Started overcloud-controller-0 haproxy-bundle-docker-1 (ocf::heartbeat:docker): Started overcloud-controller-1 haproxy-bundle-docker-2 (ocf::heartbeat:docker): Started overcloud-controller-2 Depends-On: I44449861cbfe56304b8829c9ca10fd648353b3ae Change-Id: I48fb490040497ba08cae19937159c0efdf99e3f8
2017-06-09Configure credentials for ironic to access cinderDmitry Tantsur1-0/+1
Change-Id: I097c494d3953b7d26d94aecc546ddef5225d1125 Depends-On: I2f0eb779b711e57f1532b1227896542d0ecffc89
2017-06-09Merge "Update global requirements"Jenkins1-2/+2
2017-06-09Fix Swift ring rebalance orderChristian Schwede1-2/+2
The current order is broken if there were changes to the account and container devices, but not to the object devices. In these cases it can happen that the rebalance happens before modifying devices. Change-Id: I15641c32266939c9a00936cc471cc59b1bb54eec
2017-06-09Merge "Use CRL for HAProxy"Jenkins3-1/+28
2017-06-09Merge "Add resource to fetch CRL"Jenkins3-0/+257
2017-06-08Merge "Move tripleo::certmonger::httpd to defines folder and fix suffix"Jenkins1-0/+2
2017-06-08Use CRL for HAProxyJuan Antonio Osorio Robles3-1/+28
This sets up the CRL file to be triggered on the certmonger_user resource. Furtherly, HAProxy uses this CRL file in the member options, thus effectively enabling revocation for proxied nodes. So, if a certificate has been revoked by the CA, HAProxy will not proxy requests to it. bp tls-via-certmonger Change-Id: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
2017-06-08Add resource to fetch CRLJuan Antonio Osorio Robles3-0/+257
This will fetch the CRL file from the specified file or URL. Furtherly it will set up a cron job to refresh the crl file once a week and notify the needed services. bp tls-via-certmonger Change-Id: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
2017-06-08Puppet module to deploy cinder-volume bundle for HADamien Ciabrini1-0/+141
This module is used by tripleo-heat-templates to configure and deploy Kolla-based cinder-volume containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1668920 Change-Id: I95ad4dd89b47396bea672813d87de35e64c04b2d
2017-06-08Puppet module to deploy cinder-backup bundle for HADamien Ciabrini1-0/+146
This module is used by tripleo-heat-templates to configure and deploy Kolla-based cinder-backup containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1668920 Change-Id: If53495ff75d4832cc6be80dc0dc9bd540ab6583b
2017-06-08Merge "Add _spec suffix to class spec tests"Jenkins5-0/+0
2017-06-08Merge "Add polkit rule to allow kolla nova user access to libvirtd socket on ↵Jenkins2-0/+138
docker host"
2017-06-08Merge "Add novajoin profile"Jenkins2-0/+209
2017-06-08Move tripleo::certmonger::httpd to defines folder and fix suffixJuan Antonio Osorio Robles1-0/+2
It's a define, not a class. And it also needs the _spec suffix. Change-Id: Ie5e0cf81d03379d8b791fd77a5c78d12048ebfef
2017-06-08Add _spec suffix to class spec testsJuan Antonio Osorio Robles5-0/+0
Some of them didn't have it. So I added it to them for uniformity. Change-Id: I2ea57d0ecfe151f9a14db9f7722a26f09aa8a506
2017-06-08Update global requirementsZhongShengping1-2/+2
Pin reno version to reno!=2.0.0,!=2.3.1,>=1.8.0 Pin sphinx version to sphinx!=1.6.1,>=1.5.1 reno=2.3.1 and sphinx=1.6.1 break releasenotes and doc tests. Change-Id: I9daab4d970f387ae20ded1bf920ec3b98c7e4597
2017-06-08Fix the port for Panko APIZhongShengping1-2/+2
The port used for Panko is conflicts with Trove[1]. According to the official documentation[2] this should be 8777. The 8777 port has been occupied by ceilometer. So set the panko api port to 8977. [1]https://github.com/openstack/trove/blob/master/etc/apache2/trove#L20 [2]https://docs.openstack.org/developer/panko/install/manual.html#installing-the-api-server Change-Id: I5ccfc97765fc8b8bf9686b2451eda9c44c77dffc Closes-Bug: #1691283 Depends-On: I53b286d1d6466b574fdb286cc45f3138f96dff59
2017-06-07Remove unnecessary references to neutron core plugin hieraBrent Eagles1-11/+3
If the tripleo::profile::base::neutron::sriov is included it is expected that the SR-IOV agent should be deployed and configured so references to core plugin configuration is out of place and currently breaks deployment. Change-Id: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
2017-06-07Fix Swift ring management in container deploymentsChristian Schwede2-7/+33
The ring up- and downloading was never executed if run within a containerized environment. This is due to the fact that this manifest gets executed within step 6(5) only. There is also an ordering issue, which actually tries to create the tarballs before rebalancing. This patch fixes the step conditions and also chains the tarball creation to the rebalance. The check to query rings on all nodes can now be disabled. This is required on containerized environments: the local ring will be modified and rebalanced, but rings on the existing servers are not yet modified. Therefore a recon-check will fail, and needs to be disabled. Closes-Bug: 1694211 Change-Id: I51c5795b9893d797bd73e059910f17a98f04cdbe
2017-06-06Add polkit rule to allow kolla nova user access to libvirtd socket on docker ↵Oliver Walsh2-0/+138
host The polkit rules are currently evaluated in the context of the docker host. As a result the check fails for the kolla nova compute user, as the uids are not consistent with the host uids (in fact we probably can't assume a nova user exists on the docker host). As a short-term workaround a 'docker_nova' user group is created on the docker host and the polkit rule is updated to grant this user access to the libvirtd socket. Longer term solution probably requires running polkitd in a container too. Change-Id: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6 Related-bug: #1693844
2017-06-05Merge "Add Mistral event engine"Jenkins2-0/+50
2017-06-05Merge "Drop un-needed 'else' in noop_resource"Jenkins1-1/+0
2017-06-05Merge "Pacemaker support for OVN DB servers"Jenkins3-1/+135
2017-06-05Support for proxying ironic-inspector via ApacheJenkins3-12/+34
Future work in the UI requires Apache to proxy for the ironic-inspector service the same as it has for other related services. This adds support for ironic-inspector through Apache's mod_proxy Closes-Bug: 1695202 Depends-On: Id395604f1dfbc4bf4f26adbe05f484a10227fd76 Change-Id: I9dcb0769ff90a2fc9561cb86bb822be8087ffe8e
2017-06-05Add novajoin profileJuan Antonio Osorio Robles2-0/+209
This is needed in order to deploy novajoin in a containerized undercloud environment. Change-Id: Iea461f66b8f4e3b01a0498e566a2c3684144df80
2017-06-05Prepare for release 7.1.0Emilien Macchi2-3/+3
Change-Id: I6306429e37a50fb30ec5704d8192a29e6da586ec
2017-06-03Merge "Clustercheck, monitor service for galera containers"Jenkins1-0/+65
2017-06-03Merge "Puppet module to deploy MySQL bundle for HA"Jenkins1-0/+302
2017-06-03Merge "Puppet module to deploy RabbitMQ bundle for HA"Jenkins1-0/+194
2017-06-02Merge "Puppet module to deploy Redis bundle for HA"Jenkins1-0/+178
2017-06-02Puppet module to deploy MySQL bundle for HADamien Ciabrini1-0/+302
This module is used by tripleo-heat-templates to configure and deploy Kolla-based mysql containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1692842 Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f Change-Id: I3b4d8ad2eec70080419882d5d822f78ebd3721ae
2017-06-02Merge "Puppet module to deploy HAProxy bundle for HA"Jenkins2-3/+211
2017-06-02Drop un-needed 'else' in noop_resourceDan Prince1-1/+0
Change-Id: Id45ac93d482ff23c4c834e2d345a926fc408573f
2017-06-02Merge "Add conditional for setting authlogin_nsswitch_use_ldap selboolean"Jenkins1-0/+6
2017-06-01Merge "Composable Role for Neutron LBaaS"Jenkins3-0/+91
2017-06-01Add conditional for setting authlogin_nsswitch_use_ldap selbooleanJacob Liberman1-0/+6
If selinux is enabled the authlogin_nsswitch_use_ldap Boolean must be enabled. This setting allows LDAP communications to the confined LDAP/server port. This change includes a conditional for enabling this Boolean only when selinux is in use. Change-Id: If985f2434d28fcd33198929bf61f2a3a82e601fe Closes-Bug: #1695002
2017-06-01Merge "Restart docker after changing storage driver"Jenkins1-0/+2
2017-06-01Install rsync package for galeraJames Slagle2-0/+15
Since galera is configured to use rsync, we ought to make sure the package is installed. Particularly when using deployed-server, the package is not always installed by default depending on what was used to install the servers. Change-Id: I92ee78f2dd2c0f7fd4d393b104166407d7c654e2 Closes-Bug: #1693003
2017-06-01do not include remote name in branch spec for release notesDoug Hellmann1-1/+1
Reno will add the origin prefix if there is no local branch with the desired name. Change-Id: I76cc3199edacc4e35af44e01c57720100faee529 Signed-off-by: Doug Hellmann <doug@doughellmann.com>
2017-06-01make release note a list of stringsDoug Hellmann1-2/+3
Change-Id: I806e15f24309261bb4bf108aacc43a5c4d2d33bc Signed-off-by: Doug Hellmann <doug@doughellmann.com>