aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
AgeCommit message (Collapse)AuthorFilesLines
2017-04-06Merge "Adding support for Bagpipe Agent as BGPVPN driver"Jenkins1-0/+37
2017-04-06Merge "Add a trigger to call ldap_backend define"Jenkins1-0/+16
2017-04-06Merge "Clean up TLS-related bits from swift-proxy"Jenkins1-13/+4
2017-04-06Merge "Fix missing groups for fluentd user"Jenkins1-78/+82
2017-04-05Merge "Add TLS in the internal network for Swift Proxy"Jenkins1-1/+68
2017-04-05Merge "Introduce profile to configure l2 gateway Neutron agent."Jenkins1-0/+35
2017-04-05Add a trigger to call ldap_backend defineCyril Lopez1-0/+16
Ldap_backend is a define so we need a resource to talk it. If ldap_backend_enable set by tripleo-heat-templates, we call the ldap_backend as a resource. Given an environment such as the following: parameter_defaults: KeystoneLdapDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. Partial-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Co-Authored-By: Guillaume Coré <gucore@redhat.com> Signed-off-by: Cyril Lopez <cylopez@redhat.com> Change-Id: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db
2017-04-05Adding support for Bagpipe Agent as BGPVPN driverRicardo Noriega1-0/+37
Partially-Implements: blueprint bgpvpn-service-integration Change-Id: I54ef40f9d958e87d187a6d124995aa6951c0651a Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-04-05Merge "SSHD Service extensions"Jenkins1-29/+27
2017-04-04Merge "Configure migration SSH tunnel"Jenkins1-18/+69
2017-04-04Merge "Fixes missing neutron base in sriov"Jenkins1-0/+2
2017-04-04Merge "Remove cluster_enabled setting for etcd"Jenkins1-7/+0
2017-04-04SSHD Service extensionslhinds1-29/+27
This change adds an `include` statement to bring in the extra functionality available from the existing puppet-ssh module in already available in RDO. By using puppet-ssh it provides a framework to allow the passing in of server options using just hiera values under ssh::server_options. For example, sshd_config banner can now be passed a server option, as well as all the new parameters outlined in the launchpad issue that the patch references for Closing. For this reason, the former augeas setting for `Banner /etc/issue` is now managed by the main puppet-ssh module instead. The change also allows population of MOTD text to `/etc/motd` as well as `issue.net`. $bannertext is refactored in accordance with patch [1] [1] https://review.openstack.org/#/c/442406/ Change-Id: Id329538fb7b623526f1d91d8a513cf3440c86a7c Closes-Bug: 1668543
2017-04-04Clean up TLS-related bits from swift-proxyJuan Antonio Osorio Robles1-13/+4
bp tls-via-certmonger Change-Id: I8a66d3a067f934ea30b668308237cbca1d58fbb8 Depends-On: I3cb9d53d75f982068f1025729c1793efaee87380
2017-04-04Add TLS in the internal network for Swift ProxyJuan Antonio Osorio Robles1-1/+68
This adds the necessary bits for a TLS Proxy to be placed in front of swift proxy when TLS-everywhere is enabled. This will be furtherly cleaned up once the t-h-t bits are added. bp tls-via-certmonger Change-Id: I6e7193cc5b4bb7e56cc89e0a293c91b0d391c68e
2017-04-03Merge "Deploy WSGI apps at the same step (3)"Jenkins4-4/+4
2017-04-03Restrict mongodb memory usagePradeep Kilambi1-0/+11
Currently, mongodb has no limits on how much memory it can consume. This enforces restriction so mongodb service limits through systemd. The puppet-systemd module has support for limits. The MemoryLimit support is added in the follwoing pull request https://github.com/camptocamp/puppet-systemd/pull/23 Closes-bug: #1656558 Change-Id: Ie9391aa39532507c5de8dd668a70d5b66e17c891
2017-04-03Fixes missing neutron base in sriovTim Rozet1-0/+2
This causes issues in deployments that is not using ML2 ComputeNeutronCorePlugin or OVS agent on the compute nodes. Closes-Bug: 1679202 Change-Id: I9cdfd115add8c0d2d3ae6802e7bde007c1677c67 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-04-03Configure migration SSH tunnelOliver Walsh1-18/+69
This patch configures SSH tunneling for nova cold-migration and reuses the tunnel for libvirt live-migration unless TLS has been enabled. Change-Id: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
2017-04-03Deploy WSGI apps at the same step (3)Emilien Macchi4-4/+4
So we avoid useless apache restart and save time during the deployment. Related-Bug: #1664418 Change-Id: Ie00b717a6741e215e59d219710154f0d2ce6b39e
2017-04-02Move horizon to step 3Alex Schultz1-1/+1
We configure apache in step 3 so horizon should be configured at the same time or else updates will cause horizon to be unvailable during the update process. Change-Id: I4032f7c24edc0ff9ed637e213870cdd3beb9a54e Closes-Bug: #1678338
2017-04-02Merge "Decouple ceilometer user create from API"Jenkins1-1/+4
2017-03-30Merge "Add missing include of ::ec2api::keystone::authtoken"Jenkins1-0/+1
2017-03-30Merge "Fix deprecated eqlx parameters"Jenkins1-3/+3
2017-03-30Decouple ceilometer user create from APIPradeep Kilambi1-1/+4
Ceilometer user is needed for other ceilometer services to authenticate with keystone even when API is not present. So the data can be dispatched to gnocchi. Lets keep these separate so user always exists even when api is not. Depends-On: Iffebd40752eafb1d30b5962da8b5624fb9df7d48 Closes-bug: #1677354 Change-Id: I8f4e543a7cef5e50a35a191fe20e276d518daf20
2017-03-30Merge "Tuned should be configured properly"Jenkins1-0/+20
2017-03-30Fix missing groups for fluentd userMartin Mágr1-78/+82
This patch moves fluentd deployment to step 4 (the same as openstack services) and makes resource for user fluentd be dependent on all openstack packages, so that we avoid errors such as "usermod: group 'cinder' does not exist". Change-Id: Ibabd4688c00c6a12ea22055c95563d906716954d
2017-03-30Merge "securetty: use validate_array for tty list"Jenkins1-2/+4
2017-03-30Merge "Move neutron profile out of step 4"Jenkins1-2/+3
2017-03-30securetty: use validate_array for tty listJuan Antonio Osorio Robles1-2/+4
Change-Id: I1e79407ec6f360a2b205cec6cf8e812a11b799ea
2017-03-30Merge "Adds service for managing securetty"Jenkins1-0/+46
2017-03-29Adds service for managing securettylhinds1-0/+46
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: Ic4647fb823bd112648c5b8d102913baa8b4dac1c Closes-Bug: #1665042
2017-03-29Qpid dispatch router puppet profileMichele Baldessari1-0/+54
Depends-On: I4b56417ce8ee7502ad32da578bdc29c46e459bd5 Change-Id: Idecbbabdd4f06a37ff0cfb34dc23732b1176a608 Author: John Eckersberg <jeckersb@redhat.com>
2017-03-29Introduce profile to configure l2 gateway Neutron agent.Peng Liu1-0/+35
Implements: blueprint l2gw-service-integration Change-Id: If1501c153b1b170b9550cb7e5a23be463fba1fe9
2017-03-28Merge "Re-run gnocchi and ceilometer upgrade in step 5"Jenkins2-0/+17
2017-03-28Merge "Include oslo.messaging amqp support for rpc and notifications"Jenkins1-0/+4
2017-03-28Merge "Add openstack-kolla to docker-registry profile"Jenkins1-0/+1
2017-03-28Merge "Check rabbitmq user at step >= 2"Jenkins1-0/+3
2017-03-28Merge "Include ceph::profile::client from rgw.pp"Jenkins1-1/+1
2017-03-27Add missing include of ::ec2api::keystone::authtokenSven Anderson1-0/+1
Change-Id: Id933276fab16eebd72751dca136ad805547e6291 Related-Bug: #1676491
2017-03-27Re-run gnocchi and ceilometer upgrade in step 5Pradeep Kilambi2-0/+17
Without this gnocchi resources types are not created as they are skipped initially and the resources from ceilometer wont make it to gnocchi. Closes-bug: #1674421 Depends-On: I753f37e121b95813e345f200ad3f3e75ec4bd7e1 Change-Id: Ib45bf1b3e526a58f675d7555fe7bb5038dadeede
2017-03-27Add l2 gateway Neutron service plugin profilePeng Liu1-0/+37
Introduce profile to configure l2 gateway Neutron service plugin. Implements: blueprint l2gw-service-integration Change-Id: I01a8afdc51b2a077be1bbc7855892f68756e1fd3 Signed-off-by: Peng Liu <pliu@redhat.com>
2017-03-26Remove certificate request bits from service profilesJuan Antonio Osorio Robles17-218/+0
This is now the job of the certmonger_user profile. So these bits are not needed anymore in the service profiles. Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800 Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
2017-03-23Ensure iscsi-initiator-utils installedAlex Schultz1-0/+2
We attempt to use iscsi-iname in an exec for our nova compute profile but we do not ensure that the package providing this command is installed. This change adds the package definition for iscsi-initiator-utils to ensure it is installed before trying to use iscsi-iname. Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d Closes-Bug: #1675462
2017-03-22Check rabbitmq user at step >= 2James Slagle1-0/+3
The rabbitmq user check is moved to step >= 2 from step >= 1. There is no gaurantee that rabbitmq is running at step 1, especially if updating a failed stack that never made it past step 1 to begin with. Change-Id: I029193da4c180deff3ab516bc8dc2da14c279317 Closes-Bug: #1675194
2017-03-22Move neutron profile out of step 4Carlos Camacho1-2/+3
This submission moves the neutron profile `::tripleo::profile::base::neutron` our of step 4. Change-Id: I4d0617b0d7801426ea6827e70f5f31f10bbcc038
2017-03-21Include oslo.messaging amqp support for rpc and notificationsAndrew Smith1-0/+4
This commit conditionally includes messaging amqp class for the oslo.messaging AMQP 1.0 driver to support notifications. This patch: * include keystone::messaging::amqp class for oslo_messaging_amqp opts Change-Id: I8eb23a21d2499795c3a76ae3197bda7773165a8c
2017-03-17Merge "Enables OpenDaylight Clustering in HA deployments"Jenkins3-15/+38
2017-03-17Merge "Explicitly configure credentials used by ironic to access other services"Jenkins1-0/+7
2017-03-16Enables OpenDaylight Clustering in HA deploymentsTim Rozet3-15/+38
Previously ODL was restricted to only running on the first node in an tripleO HA deployment. This patches enables clustering for ODL and allows multiple ODL instances (minimum 3 for HA). Partially-implements: blueprint opendaylight-ha Change-Id: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31 Signed-off-by: Tim Rozet <trozet@redhat.com>