aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
AgeCommit message (Collapse)AuthorFilesLines
2016-08-05Add passing of X-Forwarded-Proto to Glance API endpointJuan Antonio Osorio Robles1-0/+6
Glance supports the http_proxy_to_wsgi middlware, and it was recently enabled in the overcloud [1]. However, for it to work properly, we need to add the X-Forwarded-Proto header which was missing from the HAProxy configuration. [1] I4a8f7fc079ca93c50aa0ef7b0548dc64f6c5cfa0 Change-Id: I82e2db1145b0476cec27676fdfbb97e86cbd8182
2016-08-04Merge "Next generation HA architecture work"Jenkins2-17/+17
2016-08-04Merge "Add base nova-ironic profile"Jenkins1-0/+36
2016-08-04Merge "Fix Ironic dbsync ordering"Jenkins1-6/+7
2016-08-04Merge "Remove unnecessary certmonger manifest"Jenkins1-37/+0
2016-08-03Remove unused parameter in saharaCarlos Camacho1-12/+1
Remove unused parameter in sahara Change-Id: I46c033b410ab850289b798ee93990b6fb10c80ea
2016-08-03Merge "Fixup nit in manila pacemaker profile, duplicate variable"Jenkins1-1/+0
2016-08-03Merge "Run local CA trust before haproxy deployment"Jenkins1-1/+3
2016-08-02Fixup nit in manila pacemaker profile, duplicate variablemarios1-1/+0
See discussion at https://review.openstack.org/#/c/342961/8 Change-Id: I571b65a5402c1028418476a573ebeb9450ed00c9
2016-08-02Remove unnecessary certmonger manifestJuan Antonio Osorio Robles1-37/+0
The original intent of this manifest was to set the defaults for the CA and some other values when requesting certificates via certmonger. However, this approach doesn't work and in the undercloud we ended up doing this via hieradata instead. So this file is not used. Change-Id: I552d504091acc0d5588e30d14bc2fc85d7b7ecea
2016-08-01Next generation HA architecture workMichele Baldessari2-17/+17
This change moves the cinder-volume/cinder-scheduler constraints in the cinder-scheduler profile as these can't be applied by the cinder-volume service when cinder-scheduler isn't managed by Pacemaker. Blueprint: https://blueprints.launchpad.net/tripleo/+spec/ha-lightweight-architecture Change-Id: I5e7585c08675d8a4bd071523b94210d325d79b59 Implements: blueprint ha-lightweight-architecture Co-Author: cmsj@tenshu.net
2016-08-01New composable service: FluentDMartin Mágr1-0/+40
Change-Id: I278dfee01ed24713dec29aae55d2c7bdcb7e74bc
2016-08-01Run local CA trust before haproxy deploymentJuan Antonio Osorio Robles1-1/+3
Before haproxy tries to use the TLS certificates it should already trust the CA. So it's necessary for the local CA-related manifest to notify the ::tripleo::haproxy class. This works for newly set deployments. deployments that have already ran the ca-trust section will already trust the CA and thus won't need that part. Change-Id: I32ded4e33abffd51f220fb8a7dc6263aace72acd
2016-07-29Move constraints to their respective servicesMichele Baldessari2-0/+36
The openstack-core-then-httpd constraint needs to live in the apache pacemaker manifest and not in the main controller manifest file. The same goes for those specific vsm/cisco neutron resources. Change-Id: I2041d4d163f051427b62eec07b8345ad7006cc1d
2016-07-29Merge "Move nova constraints from controller manifest to each service"Jenkins3-0/+87
2016-07-28Merge "Remove global openstack-core resource"Jenkins2-17/+0
2016-07-28Merge "Create role for the fake openstack-core resource"Jenkins1-0/+59
2016-07-27Move nova constraints from controller manifest to each serviceMichele Baldessari3-0/+87
Currently we are still creating all the pacemaker constraints for nova in the main overcloud_controller_pacemaker.pp manifest file. Let's move those to each role where they belong. Note that given that a constraint depends on two separate pacemaker resources it is a bit arbitrary in which file they end up being (the one of the first resource or the second one). Change-Id: I96a3a313d15fac820b020feae0568437c2cbade3
2016-07-27Remove global openstack-core resourceGiulio Fidente2-17/+0
The openstack-core resource is not needed by the NG Pacemaker architecture. It was moved into an isolated role by [1] so that it could optionally be enabled when wanting the older architecture. This submission removes the old openstack-core global resource. 1. I74a62973146c0261385ecf5fd3d06db51e079caa Change-Id: I16a786ce167c57848551c7245f4344c382c55b3d
2016-07-27Create role for the fake openstack-core resourceGiulio Fidente1-0/+59
Change-Id: I74a62973146c0261385ecf5fd3d06db51e079caa
2016-07-27profile/base/nova: declare nova class and configure cache correctly.Emilien Macchi2-10/+27
Nova {} workaround is not working correctly, we need to merge this patch so we can move out ::nova from THT completely. Also we need to use nova::cache to configure memcached parameters. Co-Authorized-By: Giulio Fidente <gfidente@redhat.com> Co-Authorized-By: Sven Anderson <sven@redhat.com> Co-Authorized-By: Emilien Macchi <emilien@redhat.com> Depends-On: I52d5badb9960124bb8fcb54983db2853c4185e77 Depends-On: I3e400a5f64b85f0d374fc02cc5e4080d19d0f2e4 Depends-On: Iee5f8015cbf40ca0e9a435a7de919ebdb74cf93f Change-Id: Ie4e72e765f6a8ade48d4b2b766f067872554d1a2
2016-07-25Merge "Implement tripleo::network::os_net_config class"Jenkins1-0/+35
2016-07-25Merge "Add firewall::service_rules define"Jenkins2-0/+56
2016-07-25Merge "Add base constraint so gnocchi metricd is tied to core-clone"Jenkins1-0/+9
2016-07-25Merge "Add swift ringbuilder profile"Jenkins2-0/+136
2016-07-22Implement tripleo::network::os_net_config classEmilien Macchi1-0/+35
This class will be used on the undercloud to deploy os_net_config. Change-Id: I507c237a35250b660b37ea8cfc4e8e7f97ae21e2
2016-07-22Merge "use parameter to lookup the step instead of hiera again"Jenkins4-8/+8
2016-07-22Merge "Remove unused redis_vip parameter"Jenkins1-4/+0
2016-07-22use parameter to lookup the step instead of hiera againEmilien Macchi4-8/+8
In some profiles, we were looking up the $step by using Hiera again, while we already do it in the parameter definition. When using this class outside THT, it will fail but with this patch, we could use just set the $step parameter and the rest of the manifest will work. Change-Id: I7082f47204fb4e529b164e4c4f1032e7bdd88f02
2016-07-22Generate HAProxy certificates in base profileJuan Antonio Osorio Robles1-2/+48
This gives the option to generate the service certificate(s) that HAProxy will use. This will be used for both the overcloud and the undercloud. bp tls-via-certmonger Change-Id: I3d0b729d0bad5252c1ae8852109c3a70c0c6ba7d
2016-07-21Merge "Deploy Keystone and Gnocchi API with new Apache profile"Jenkins2-0/+2
2016-07-21Merge "Include gnocchi config on non-bootstrap nodes"Jenkins1-2/+4
2016-07-21Add firewall::service_rules defineDan Prince2-0/+56
This patch updates the tripleo::firewall class so that it will support loading firewall rules defined in composable services via the following hiera keys (for nova-api for example): tripleo.nova_api.firewall_rules This patch relies on a new 'service_names' hiera array that should be provided on all TripleO overcloud nodes. Depends-On: I60861c5aa760534db3e314bba16a13b90ea72f0c Change-Id: Id370362ab57347b75b1ab25afda877885b047263
2016-07-21Merge "deploy composable firewall rules for HAproxy"Jenkins1-0/+12
2016-07-21Merge "Ensure the Heat Domain parameters before starting heat-engine pcmk ↵Jenkins1-0/+10
service"
2016-07-21Merge "Add class to use certmonger's local CA"Jenkins1-0/+37
2016-07-21Deploy Keystone and Gnocchi API with new Apache profileEmilien Macchi2-0/+2
Deploy Keystone and Gnocchi API with the new Apache/Pacemaker profile. Change-Id: Id28c618133e53e28dfac7e3e9cf9f5f5a6b2421a
2016-07-21Remove unused redis_vip parameterGiulio Fidente1-4/+0
Change-Id: I6ba962c682dc2ab8c6ee5238e0c176d9ae05d696
2016-07-21Merge "nova/api: purge archive_deleted_rows via cron"Jenkins1-0/+6
2016-07-21Add class to use certmonger's local CAJuan Antonio Osorio Robles1-0/+37
This class extracts the certificate and adds it to the trusted certs. bp tls-via-certmonger Change-Id: I6dc1e0469cd7dbbb51659c8f29975d25b2941ec3
2016-07-20Include gnocchi config on non-bootstrap nodesBen Nemec1-2/+4
Change I67a15dc83a754fb6f5fe25c64ae9e7d29c58fcec removed the gnocchi configuration completely from non-bootstrap nodes. This changes it so the configuration is included on all nodes, but the db sync is only included on bootstrap. Change-Id: If402becc900c175f5b3bb95c3413276e5a04b4f7 Closes-Bug: 1604708
2016-07-20Implement Apache pacemaker profileEmilien Macchi2-0/+51
Deploy Apache with Pacemaker in a new profile. Change-Id: I9ae6cee2bfb0f8974d41d700454cfde2df06c2d1
2016-07-20Add base constraint so gnocchi metricd is tied to core-clonePradeep Kilambi1-0/+9
Currently if we manually restart the cluster saometimes gnocchi statsd doesnt comeup as galera is not up yet. This should tie the metrics to core and follow the order. Closes-bug: #1604860 Change-Id: I5ec29622938336410b91785ca49b410bcdd30cdd
2016-07-20Ensure the Heat Domain parameters before starting heat-engine pcmk servicemarios1-0/+10
Heat needs stack_user_domain_id or stack_user_domain_name config options set in the heat.conf before starting. The domain itself doesn't need to exist until a stack is actually created, but the value needs to be there. This patch ensures that the heat domain parameters are configured before starting the heat-engine service with Pacemaker at step3 and 4, and at step5, Pacemaker will start the services and Puppet will create the domains. (note: commit message copied from https://review.openstack.org/#/c/331652/ to mitaka tht, which came first) Change-Id: I58fa53357265c1607d2df1b04cc2296083212ab7 Closes-Bug: 1599232
2016-07-20Merge "Make ::tripleo::profile::base classes work with multiple nodes"Jenkins29-185/+217
2016-07-20Merge "make sure we start nova-compute after nova-conductor"Jenkins2-0/+8
2016-07-20Add base nova-ironic profileDmitry Tantsur1-0/+36
Configures a nova-compute instance to use Ironic. Change-Id: I4f817aba542cfaa386b3c0617feae90c61579b43 Partially-Implements: blueprint ironic-integration
2016-07-20Fix Ironic dbsync orderingDmitry Tantsur1-6/+7
Including ::ironic runs ironic-dbsync by default, so we end up with ironic-dbsync run before the database is created. This patch fixes it. Change-Id: I6fef1de18e52b68caaf4cbd55c0408b98b5c26e0 Partially-Implements: blueprint ironic-integration
2016-07-20Merge "openstack-core resource does not have interleave=true"Jenkins1-1/+1
2016-07-19Only sync the gnocchi db on the pacemaker masterJames Slagle1-6/+1
The gnocchi db sync is being run from multiple controllers causing errors in CI. See the bug for more details. Change-Id: I67a15dc83a754fb6f5fe25c64ae9e7d29c58fcec Closes-Bug: #1604624