Age | Commit message (Collapse) | Author | Files | Lines |
|
The creation of /etc/my.cnf.d is not idempotent and is run anytime the
mysql client profile is included. This change adds an unless parameter
to ensure it is only run if not used.
Change-Id: I4a30eaccf72f5687dc22ba93c19136e55d36dcab
Closes-Bug: #1680570
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This change adds an `include` statement to bring in the extra
functionality available from the existing puppet-ssh module in
already available in RDO.
By using puppet-ssh it provides a framework to allow the passing in of
server options using just hiera values under ssh::server_options.
For example, sshd_config banner can now be passed a server option, as
well as all the new parameters outlined in the launchpad issue that
the patch references for Closing. For this reason, the former augeas
setting for `Banner /etc/issue` is now managed by the main puppet-ssh
module instead.
The change also allows population of MOTD text to `/etc/motd` as
well as `issue.net`.
$bannertext is refactored in accordance with patch [1]
[1] https://review.openstack.org/#/c/442406/
Change-Id: Id329538fb7b623526f1d91d8a513cf3440c86a7c
Closes-Bug: 1668543
|
|
bp tls-via-certmonger
Change-Id: I8a66d3a067f934ea30b668308237cbca1d58fbb8
Depends-On: I3cb9d53d75f982068f1025729c1793efaee87380
|
|
This adds the necessary bits for a TLS Proxy to be placed in front of
swift proxy when TLS-everywhere is enabled.
This will be furtherly cleaned up once the t-h-t bits are added.
bp tls-via-certmonger
Change-Id: I6e7193cc5b4bb7e56cc89e0a293c91b0d391c68e
|
|
|
|
Currently, mongodb has no limits on how much memory
it can consume. This enforces restriction so mongodb
service limits through systemd.
The puppet-systemd module has support for limits. The
MemoryLimit support is added in the follwoing pull
request https://github.com/camptocamp/puppet-systemd/pull/23
Closes-bug: #1656558
Change-Id: Ie9391aa39532507c5de8dd668a70d5b66e17c891
|
|
This causes issues in deployments that is not using ML2
ComputeNeutronCorePlugin or OVS agent on the compute nodes.
Closes-Bug: 1679202
Change-Id: I9cdfd115add8c0d2d3ae6802e7bde007c1677c67
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
This patch configures SSH tunneling for nova cold-migration and reuses the
tunnel for libvirt live-migration unless TLS has been enabled.
Change-Id: I367757cbe8757d11943af7e41af620f9ce919a06
Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
|
|
So we avoid useless apache restart and save time during the deployment.
Related-Bug: #1664418
Change-Id: Ie00b717a6741e215e59d219710154f0d2ce6b39e
|
|
We configure apache in step 3 so horizon should be configured at the
same time or else updates will cause horizon to be unvailable during the
update process.
Change-Id: I4032f7c24edc0ff9ed637e213870cdd3beb9a54e
Closes-Bug: #1678338
|
|
|
|
|
|
|
|
Ceilometer user is needed for other ceilometer services to
authenticate with keystone even when API is not present.
So the data can be dispatched to gnocchi. Lets keep these
separate so user always exists even when api is not.
Depends-On: Iffebd40752eafb1d30b5962da8b5624fb9df7d48
Closes-bug: #1677354
Change-Id: I8f4e543a7cef5e50a35a191fe20e276d518daf20
|
|
|
|
This patch moves fluentd deployment to step 4 (the same as openstack services)
and makes resource for user fluentd be dependent on all openstack packages,
so that we avoid errors such as "usermod: group 'cinder' does not exist".
Change-Id: Ibabd4688c00c6a12ea22055c95563d906716954d
|
|
|
|
|
|
Change-Id: I1e79407ec6f360a2b205cec6cf8e812a11b799ea
|
|
|
|
This adds the ability to manage the securetty file.
By allowing management of securetty, operators can limit root
console access and improve security through hardening.
Change-Id: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
Closes-Bug: #1665042
|
|
Depends-On: I4b56417ce8ee7502ad32da578bdc29c46e459bd5
Change-Id: Idecbbabdd4f06a37ff0cfb34dc23732b1176a608
Author: John Eckersberg <jeckersb@redhat.com>
|
|
Implements: blueprint l2gw-service-integration
Change-Id: If1501c153b1b170b9550cb7e5a23be463fba1fe9
|
|
|
|
|
|
|
|
|
|
|
|
Change-Id: Id933276fab16eebd72751dca136ad805547e6291
Related-Bug: #1676491
|
|
Without this gnocchi resources types are not created
as they are skipped initially and the resources from
ceilometer wont make it to gnocchi.
Closes-bug: #1674421
Depends-On: I753f37e121b95813e345f200ad3f3e75ec4bd7e1
Change-Id: Ib45bf1b3e526a58f675d7555fe7bb5038dadeede
|
|
Introduce profile to configure l2 gateway Neutron
service plugin.
Implements: blueprint l2gw-service-integration
Change-Id: I01a8afdc51b2a077be1bbc7855892f68756e1fd3
Signed-off-by: Peng Liu <pliu@redhat.com>
|
|
This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.
Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
|
|
We attempt to use iscsi-iname in an exec for our nova compute profile
but we do not ensure that the package providing this command is
installed. This change adds the package definition for
iscsi-initiator-utils to ensure it is installed before trying to use
iscsi-iname.
Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d
Closes-Bug: #1675462
|
|
The rabbitmq user check is moved to step >= 2 from step >= 1. There is
no gaurantee that rabbitmq is running at step 1, especially if updating
a failed stack that never made it past step 1 to begin with.
Change-Id: I029193da4c180deff3ab516bc8dc2da14c279317
Closes-Bug: #1675194
|
|
This submission moves the neutron profile
`::tripleo::profile::base::neutron`
our of step 4.
Change-Id: I4d0617b0d7801426ea6827e70f5f31f10bbcc038
|
|
This commit conditionally includes messaging amqp class for the
oslo.messaging AMQP 1.0 driver to support notifications.
This patch:
* include keystone::messaging::amqp class for oslo_messaging_amqp opts
Change-Id: I8eb23a21d2499795c3a76ae3197bda7773165a8c
|
|
|
|
|
|
Previously ODL was restricted to only running on the first node in an
tripleO HA deployment. This patches enables clustering for ODL and
allows multiple ODL instances (minimum 3 for HA).
Partially-implements: blueprint opendaylight-ha
Change-Id: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.
As a side effect, this change makes it possible to potentially enable
ironic-inspector support in the future (it's not enabled yet).
Change-Id: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #1661250
|
|
Setting cluster_enabled to false causes ETCD_INITIAL_ADVERTISE_PEER_URLS
to be unset, which will cause deployment failure when etcd is deployed
in a single node mode.
Closes-Bug: #1673188
Change-Id: Iadff36bf7beb247d0408913c89f83fa5c8ac6874
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
|