aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
AgeCommit message (Collapse)AuthorFilesLines
2017-06-13Merge "Make sure the resource bundles use a location_rule"Jenkins4-0/+16
2017-06-13Merge "Configure Galera cluster with FQDNs instead of shortnames"Jenkins1-11/+13
2017-06-13Merge "Configure credentials for ironic to access cinder"Jenkins1-0/+1
2017-06-13Configure Galera cluster with FQDNs instead of shortnamesJuan Antonio Osorio Robles1-11/+13
This takes into use the cluster_host_map, which allows to give aliases to the pacemaker nodes (which are FQDNs), and allows us to configure the cluster using FQDNs. We need FQDNs in order to request certificates, since the default CA (FreeIPA) only allows certificates for FQDNs. Change-Id: I2f146afdd32aef2d11cf25a65fa8d67428f621f5
2017-06-13Merge "Support for proxying ironic-inspector via Apache"Jenkins1-12/+27
2017-06-12Merge "Puppet module to deploy cinder-backup bundle for HA"Jenkins1-0/+146
2017-06-12Merge "Puppet module to deploy cinder-volume bundle for HA"Jenkins1-0/+141
2017-06-11Merge "Install rsync package for galera"Jenkins1-0/+9
2017-06-09Make sure the resource bundles use a location_ruleMichele Baldessari4-0/+16
In composable HA we bind resources to nodes that have special node properties. We need to do this also for bundle resources otherwise there is a potential race where the bundle might be started on nodes where it is not supposed to during a small window of time. Tested with the depends-on and correctly obtained a containerized composable HA deployment: Docker container set: rabbitmq-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-rabbitmq:latest] rabbitmq-bundle-0 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-0 rabbitmq-bundle-1 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-1 rabbitmq-bundle-2 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-2 Docker container set: galera-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-mariadb:latest] galera-bundle-0 (ocf::heartbeat:galera): Master overcloud-galera-0 galera-bundle-1 (ocf::heartbeat:galera): Master overcloud-galera-1 galera-bundle-2 (ocf::heartbeat:galera): Master overcloud-galera-2 Docker container set: redis-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-redis:latest] redis-bundle-0 (ocf::heartbeat:redis): Master overcloud-controller-0 redis-bundle-1 (ocf::heartbeat:redis): Slave overcloud-controller-1 redis-bundle-2 (ocf::heartbeat:redis): Slave overcloud-controller-2 ip-192.168.24.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0 ip-10.0.0.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1 ip-172.16.2.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2 ip-172.16.2.9 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0 ip-172.16.1.6 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1 ip-172.16.3.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2 Docker container set: haproxy-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-haproxy:latest] haproxy-bundle-docker-0 (ocf::heartbeat:docker): Started overcloud-controller-0 haproxy-bundle-docker-1 (ocf::heartbeat:docker): Started overcloud-controller-1 haproxy-bundle-docker-2 (ocf::heartbeat:docker): Started overcloud-controller-2 Depends-On: I44449861cbfe56304b8829c9ca10fd648353b3ae Change-Id: I48fb490040497ba08cae19937159c0efdf99e3f8
2017-06-09Configure credentials for ironic to access cinderDmitry Tantsur1-0/+1
Change-Id: I097c494d3953b7d26d94aecc546ddef5225d1125 Depends-On: I2f0eb779b711e57f1532b1227896542d0ecffc89
2017-06-09Merge "Use CRL for HAProxy"Jenkins2-1/+22
2017-06-09Merge "Add resource to fetch CRL"Jenkins1-0/+149
2017-06-08Use CRL for HAProxyJuan Antonio Osorio Robles2-1/+22
This sets up the CRL file to be triggered on the certmonger_user resource. Furtherly, HAProxy uses this CRL file in the member options, thus effectively enabling revocation for proxied nodes. So, if a certificate has been revoked by the CA, HAProxy will not proxy requests to it. bp tls-via-certmonger Change-Id: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
2017-06-08Add resource to fetch CRLJuan Antonio Osorio Robles1-0/+149
This will fetch the CRL file from the specified file or URL. Furtherly it will set up a cron job to refresh the crl file once a week and notify the needed services. bp tls-via-certmonger Change-Id: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
2017-06-08Puppet module to deploy cinder-volume bundle for HADamien Ciabrini1-0/+141
This module is used by tripleo-heat-templates to configure and deploy Kolla-based cinder-volume containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1668920 Change-Id: I95ad4dd89b47396bea672813d87de35e64c04b2d
2017-06-08Puppet module to deploy cinder-backup bundle for HADamien Ciabrini1-0/+146
This module is used by tripleo-heat-templates to configure and deploy Kolla-based cinder-backup containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1668920 Change-Id: If53495ff75d4832cc6be80dc0dc9bd540ab6583b
2017-06-08Merge "Add polkit rule to allow kolla nova user access to libvirtd socket on ↵Jenkins1-0/+59
docker host"
2017-06-08Merge "Add novajoin profile"Jenkins1-0/+83
2017-06-06Add polkit rule to allow kolla nova user access to libvirtd socket on docker ↵Oliver Walsh1-0/+59
host The polkit rules are currently evaluated in the context of the docker host. As a result the check fails for the kolla nova compute user, as the uids are not consistent with the host uids (in fact we probably can't assume a nova user exists on the docker host). As a short-term workaround a 'docker_nova' user group is created on the docker host and the polkit rule is updated to grant this user access to the libvirtd socket. Longer term solution probably requires running polkitd in a container too. Change-Id: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6 Related-bug: #1693844
2017-06-05Merge "Add Mistral event engine"Jenkins1-0/+46
2017-06-05Merge "Pacemaker support for OVN DB servers"Jenkins2-1/+131
2017-06-05Support for proxying ironic-inspector via ApacheJenkins1-12/+27
Future work in the UI requires Apache to proxy for the ironic-inspector service the same as it has for other related services. This adds support for ironic-inspector through Apache's mod_proxy Closes-Bug: 1695202 Depends-On: Id395604f1dfbc4bf4f26adbe05f484a10227fd76 Change-Id: I9dcb0769ff90a2fc9561cb86bb822be8087ffe8e
2017-06-05Add novajoin profileJuan Antonio Osorio Robles1-0/+83
This is needed in order to deploy novajoin in a containerized undercloud environment. Change-Id: Iea461f66b8f4e3b01a0498e566a2c3684144df80
2017-06-03Merge "Clustercheck, monitor service for galera containers"Jenkins1-0/+65
2017-06-03Merge "Puppet module to deploy MySQL bundle for HA"Jenkins1-0/+302
2017-06-03Merge "Puppet module to deploy RabbitMQ bundle for HA"Jenkins1-0/+194
2017-06-02Merge "Puppet module to deploy Redis bundle for HA"Jenkins1-0/+178
2017-06-02Puppet module to deploy MySQL bundle for HADamien Ciabrini1-0/+302
This module is used by tripleo-heat-templates to configure and deploy Kolla-based mysql containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1692842 Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f Change-Id: I3b4d8ad2eec70080419882d5d822f78ebd3721ae
2017-06-02Merge "Puppet module to deploy HAProxy bundle for HA"Jenkins2-3/+211
2017-06-02Merge "Add conditional for setting authlogin_nsswitch_use_ldap selboolean"Jenkins1-0/+6
2017-06-01Merge "Composable Role for Neutron LBaaS"Jenkins2-0/+88
2017-06-01Add conditional for setting authlogin_nsswitch_use_ldap selbooleanJacob Liberman1-0/+6
If selinux is enabled the authlogin_nsswitch_use_ldap Boolean must be enabled. This setting allows LDAP communications to the confined LDAP/server port. This change includes a conditional for enabling this Boolean only when selinux is in use. Change-Id: If985f2434d28fcd33198929bf61f2a3a82e601fe Closes-Bug: #1695002
2017-06-01Merge "Restart docker after changing storage driver"Jenkins1-0/+2
2017-06-01Install rsync package for galeraJames Slagle1-0/+9
Since galera is configured to use rsync, we ought to make sure the package is installed. Particularly when using deployed-server, the package is not always installed by default depending on what was used to install the servers. Change-Id: I92ee78f2dd2c0f7fd4d393b104166407d7c654e2 Closes-Bug: #1693003
2017-06-01Pacemaker support for OVN DB serversBabu Shanmugam2-1/+131
This patch enables OVN DB servers to be started in master/slave mode in the pacemaker cluster. A virtual IP resource is created first and then the pacemaker OVN OCF resource - "ovn:ovndb-servers" is created. The OVN OCF resource is configured to be colocated with the vip resource. The ovn-controller and Neutron OVN ML2 mechanism driver which depends on OVN DB servers will always connect to the vip address on which the master OVN DB servers listen on. The OVN OCF resource itself takes care of (re)starting ovn-northd service on the master node and we don't have to manage it. When HA is enabled for OVN DB servers, haproxy does not configure the OVN DB servers in its configuration. This patch requires OVS 2.7 in the overcloud. Co-authored:by: Numan Siddique <nusiddiq@redhat.com> Change-Id: I9dc366002ef5919339961e5deebbf8aa815c73db Partial-bug: #1670564
2017-05-31Merge "Add missing octavia mysql user creation"Jenkins1-0/+3
2017-05-30Puppet module to deploy RabbitMQ bundle for HADamien Ciabrini1-0/+194
This module is used by tripleo-heat-templates to configure and deploy Kolla-based RabbitMQ containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldessari <michele@acksyn.org> Co-Authored-By: John Eckersberg <jeckersb@redhat.com> Partial-Bug: #1692909 Change-Id: I0722e4a4d4716f477e8304cfa1aadd3eef7c2f31 Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f
2017-05-26Restart docker after changing storage driverSteve Baker1-0/+2
This likely explains why CI appears to still be running the devicemapper driver even though overlay2 is now the default. Change-Id: Ic2d80bae1fddbdb1c80bae297031521dd78d896a Closes-Bug: #1692502
2017-05-26Merge "Move ceilometer upgrade step out of base"Jenkins4-20/+54
2017-05-26Merge "Pass mistral::api service_name from t-h-t"Jenkins1-11/+3
2017-05-25Puppet module to deploy HAProxy bundle for HADamien Ciabrini2-3/+211
This module is used by tripleo-heat-templates to configure and deploy Kolla-based haproxy containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1692908 Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f Change-Id: Ifcf890a88ef003d3ab754cb677cbf34ba8db9312
2017-05-25Puppet module to deploy Redis bundle for HADamien1-0/+178
This module is used by tripleo-heat-templates to configure and deploy Kolla-based Redis containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1692924 Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f Change-Id: Ia1131611d15670190b7b6654f72e6290bf7f8b9e
2017-05-24Move ceilometer upgrade step out of basePradeep Kilambi4-20/+54
ceilometer-upgrade should only run on controller nodes. Since its currently in base profile, it gets triggered on compute as well. So instead split out the upgrade into its own and include when we deploy notification and central agents instead. Change-Id: I2910e8aa5da7fded4cf94b57fb0a14fefd88adbe Closes-bug: #1693339
2017-05-24Merge "Add support for autofencing to Pacemaker Remote."Jenkins1-0/+27
2017-05-24Merge "Enable mistral to run under mod_wsgi"Jenkins1-4/+52
2017-05-24Add missing octavia mysql user creationMartin André1-0/+3
This patch makes sure the octavia mysql user is created when the octavia_api service is enabled. Change-Id: I270f3f6879737fc29370165e4a8fa8c9c19fffb3
2017-05-23Clustercheck, monitor service for galera containersDamien Ciabrini1-0/+65
In HA overcloud deployments, HAProxy makes use of a helper service called "clustercheck", to check whether galera nodes are available for serving traffic. This change implements a dedicated profile for clustercheck, which was originally part of the pacemaker mysql profile. The profile generates the necessary configuration files for clustercheck and let heat templates manage the associated container's lifecycle. Co-Authored-By: Michele Baldessari <michele@acksyn.org> Partial-Bug: #1692969 Change-Id: I1aabe34fa6a9c8c705a4405f275b66502c313cf2
2017-05-23Enable novajoin user on keystone profileJuan Antonio Osorio Robles1-0/+3
If novajoin is enabled, the keystone profile should create its user. bp tls-via-certmonger-containers Change-Id: Ifb43b72cbf0180cf12e6d3584c92ae01ce5294e5
2017-05-22Merge "TLS everywhere: Add resources for mongodb's TLS configuration"Jenkins2-0/+96
2017-05-19Merge "Bad example in firewall.pp"Jenkins1-1/+1