aboutsummaryrefslogtreecommitdiffstats
path: root/manifests
AgeCommit message (Collapse)AuthorFilesLines
2017-06-13Merge "Configure Galera cluster with FQDNs instead of shortnames"Jenkins1-11/+13
2017-06-13Merge "Configure credentials for ironic to access cinder"Jenkins1-0/+1
2017-06-13Configure Galera cluster with FQDNs instead of shortnamesJuan Antonio Osorio Robles1-11/+13
This takes into use the cluster_host_map, which allows to give aliases to the pacemaker nodes (which are FQDNs), and allows us to configure the cluster using FQDNs. We need FQDNs in order to request certificates, since the default CA (FreeIPA) only allows certificates for FQDNs. Change-Id: I2f146afdd32aef2d11cf25a65fa8d67428f621f5
2017-06-13Merge "Support for proxying ironic-inspector via Apache"Jenkins1-12/+27
2017-06-12Merge "Puppet module to deploy cinder-backup bundle for HA"Jenkins1-0/+146
2017-06-12Merge "Puppet module to deploy cinder-volume bundle for HA"Jenkins1-0/+141
2017-06-12Remove condition to match hdr(host) in haproxy redirect ruleRyan O'Hara1-1/+1
The horizon proxy should redirect all HTTP requests to HTTPS, regardless of the 'Host' field in the header. The current rule will cause haproxy to redirect HTTP requests if the 'Host' field contains the public virtual IP address. It will not redirect if the 'Host' field contains a hostname, FQDN, etc. Change-Id: I6c8f58a30f97cdf4c668734793197ea976297733 Signed-off-by: Ryan O'Hara <rohara@redhat.com>
2017-06-11Merge "Install rsync package for galera"Jenkins1-0/+9
2017-06-11Do not create VIP for pacemaker OVN OCF resourceNuman Siddique1-29/+7
The commit with change id [1], added the pacemaker HA support for OVN DB servers. That commit created a new VIP which is really not required. This patch removes the code to create a new ip resource. Instead it expects the pacemaker ip resource (with the ip address in the 'ovn_dbs_vip' parameter and with the name "ip-$ovn_dbs_vip") to be created before ovn_northd class is called, which is the case anyway if 'ovn_dbs_vip' is taken from the ServiceNetMapDefaults (in t-h-t). [1] - I9dc366002ef5919339961e5deebbf8aa815c73db Change-Id: I94d3960e6c5406e3af309cc8c787ac0a6c9b1756 Partial-bug: #1670564
2017-06-09Make sure the resource bundles use a location_ruleMichele Baldessari4-0/+16
In composable HA we bind resources to nodes that have special node properties. We need to do this also for bundle resources otherwise there is a potential race where the bundle might be started on nodes where it is not supposed to during a small window of time. Tested with the depends-on and correctly obtained a containerized composable HA deployment: Docker container set: rabbitmq-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-rabbitmq:latest] rabbitmq-bundle-0 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-0 rabbitmq-bundle-1 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-1 rabbitmq-bundle-2 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-rabbit-2 Docker container set: galera-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-mariadb:latest] galera-bundle-0 (ocf::heartbeat:galera): Master overcloud-galera-0 galera-bundle-1 (ocf::heartbeat:galera): Master overcloud-galera-1 galera-bundle-2 (ocf::heartbeat:galera): Master overcloud-galera-2 Docker container set: redis-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-redis:latest] redis-bundle-0 (ocf::heartbeat:redis): Master overcloud-controller-0 redis-bundle-1 (ocf::heartbeat:redis): Slave overcloud-controller-1 redis-bundle-2 (ocf::heartbeat:redis): Slave overcloud-controller-2 ip-192.168.24.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0 ip-10.0.0.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1 ip-172.16.2.11 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2 ip-172.16.2.9 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0 ip-172.16.1.6 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1 ip-172.16.3.7 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2 Docker container set: haproxy-bundle [192.168.24.1:8787/tripleoupstream/centos-binary-haproxy:latest] haproxy-bundle-docker-0 (ocf::heartbeat:docker): Started overcloud-controller-0 haproxy-bundle-docker-1 (ocf::heartbeat:docker): Started overcloud-controller-1 haproxy-bundle-docker-2 (ocf::heartbeat:docker): Started overcloud-controller-2 Depends-On: I44449861cbfe56304b8829c9ca10fd648353b3ae Change-Id: I48fb490040497ba08cae19937159c0efdf99e3f8
2017-06-09Configure credentials for ironic to access cinderDmitry Tantsur1-0/+1
Change-Id: I097c494d3953b7d26d94aecc546ddef5225d1125 Depends-On: I2f0eb779b711e57f1532b1227896542d0ecffc89
2017-06-09Fix Swift ring rebalance orderChristian Schwede1-2/+2
The current order is broken if there were changes to the account and container devices, but not to the object devices. In these cases it can happen that the rebalance happens before modifying devices. Change-Id: I15641c32266939c9a00936cc471cc59b1bb54eec
2017-06-09Merge "Use CRL for HAProxy"Jenkins2-1/+22
2017-06-09Merge "Add resource to fetch CRL"Jenkins1-0/+149
2017-06-08Use CRL for HAProxyJuan Antonio Osorio Robles2-1/+22
This sets up the CRL file to be triggered on the certmonger_user resource. Furtherly, HAProxy uses this CRL file in the member options, thus effectively enabling revocation for proxied nodes. So, if a certificate has been revoked by the CA, HAProxy will not proxy requests to it. bp tls-via-certmonger Change-Id: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd
2017-06-08Add resource to fetch CRLJuan Antonio Osorio Robles1-0/+149
This will fetch the CRL file from the specified file or URL. Furtherly it will set up a cron job to refresh the crl file once a week and notify the needed services. bp tls-via-certmonger Change-Id: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
2017-06-08Puppet module to deploy cinder-volume bundle for HADamien Ciabrini1-0/+141
This module is used by tripleo-heat-templates to configure and deploy Kolla-based cinder-volume containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1668920 Change-Id: I95ad4dd89b47396bea672813d87de35e64c04b2d
2017-06-08Puppet module to deploy cinder-backup bundle for HADamien Ciabrini1-0/+146
This module is used by tripleo-heat-templates to configure and deploy Kolla-based cinder-backup containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1668920 Change-Id: If53495ff75d4832cc6be80dc0dc9bd540ab6583b
2017-06-08Merge "Add polkit rule to allow kolla nova user access to libvirtd socket on ↵Jenkins1-0/+59
docker host"
2017-06-08Merge "Add novajoin profile"Jenkins1-0/+83
2017-06-08Fix the port for Panko APIZhongShengping1-2/+2
The port used for Panko is conflicts with Trove[1]. According to the official documentation[2] this should be 8777. The 8777 port has been occupied by ceilometer. So set the panko api port to 8977. [1]https://github.com/openstack/trove/blob/master/etc/apache2/trove#L20 [2]https://docs.openstack.org/developer/panko/install/manual.html#installing-the-api-server Change-Id: I5ccfc97765fc8b8bf9686b2451eda9c44c77dffc Closes-Bug: #1691283 Depends-On: I53b286d1d6466b574fdb286cc45f3138f96dff59
2017-06-07Remove unnecessary references to neutron core plugin hieraBrent Eagles1-11/+3
If the tripleo::profile::base::neutron::sriov is included it is expected that the SR-IOV agent should be deployed and configured so references to core plugin configuration is out of place and currently breaks deployment. Change-Id: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
2017-06-07Fix Swift ring management in container deploymentsChristian Schwede1-7/+25
The ring up- and downloading was never executed if run within a containerized environment. This is due to the fact that this manifest gets executed within step 6(5) only. There is also an ordering issue, which actually tries to create the tarballs before rebalancing. This patch fixes the step conditions and also chains the tarball creation to the rebalance. The check to query rings on all nodes can now be disabled. This is required on containerized environments: the local ring will be modified and rebalanced, but rings on the existing servers are not yet modified. Therefore a recon-check will fail, and needs to be disabled. Closes-Bug: 1694211 Change-Id: I51c5795b9893d797bd73e059910f17a98f04cdbe
2017-06-06Add polkit rule to allow kolla nova user access to libvirtd socket on docker ↵Oliver Walsh1-0/+59
host The polkit rules are currently evaluated in the context of the docker host. As a result the check fails for the kolla nova compute user, as the uids are not consistent with the host uids (in fact we probably can't assume a nova user exists on the docker host). As a short-term workaround a 'docker_nova' user group is created on the docker host and the polkit rule is updated to grant this user access to the libvirtd socket. Longer term solution probably requires running polkitd in a container too. Change-Id: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6 Related-bug: #1693844
2017-06-05Merge "Add Mistral event engine"Jenkins1-0/+46
2017-06-05Merge "Pacemaker support for OVN DB servers"Jenkins2-1/+131
2017-06-05Support for proxying ironic-inspector via ApacheJenkins1-12/+27
Future work in the UI requires Apache to proxy for the ironic-inspector service the same as it has for other related services. This adds support for ironic-inspector through Apache's mod_proxy Closes-Bug: 1695202 Depends-On: Id395604f1dfbc4bf4f26adbe05f484a10227fd76 Change-Id: I9dcb0769ff90a2fc9561cb86bb822be8087ffe8e
2017-06-05Add novajoin profileJuan Antonio Osorio Robles1-0/+83
This is needed in order to deploy novajoin in a containerized undercloud environment. Change-Id: Iea461f66b8f4e3b01a0498e566a2c3684144df80
2017-06-03Merge "Clustercheck, monitor service for galera containers"Jenkins1-0/+65
2017-06-03Merge "Puppet module to deploy MySQL bundle for HA"Jenkins1-0/+302
2017-06-03Merge "Puppet module to deploy RabbitMQ bundle for HA"Jenkins1-0/+194
2017-06-02Merge "Puppet module to deploy Redis bundle for HA"Jenkins1-0/+178
2017-06-02Puppet module to deploy MySQL bundle for HADamien Ciabrini1-0/+302
This module is used by tripleo-heat-templates to configure and deploy Kolla-based mysql containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1692842 Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f Change-Id: I3b4d8ad2eec70080419882d5d822f78ebd3721ae
2017-06-02Merge "Puppet module to deploy HAProxy bundle for HA"Jenkins2-3/+211
2017-06-02Merge "Add conditional for setting authlogin_nsswitch_use_ldap selboolean"Jenkins1-0/+6
2017-06-01Merge "Composable Role for Neutron LBaaS"Jenkins2-0/+88
2017-06-01Add conditional for setting authlogin_nsswitch_use_ldap selbooleanJacob Liberman1-0/+6
If selinux is enabled the authlogin_nsswitch_use_ldap Boolean must be enabled. This setting allows LDAP communications to the confined LDAP/server port. This change includes a conditional for enabling this Boolean only when selinux is in use. Change-Id: If985f2434d28fcd33198929bf61f2a3a82e601fe Closes-Bug: #1695002
2017-06-01Merge "Restart docker after changing storage driver"Jenkins1-0/+2
2017-06-01Install rsync package for galeraJames Slagle1-0/+9
Since galera is configured to use rsync, we ought to make sure the package is installed. Particularly when using deployed-server, the package is not always installed by default depending on what was used to install the servers. Change-Id: I92ee78f2dd2c0f7fd4d393b104166407d7c654e2 Closes-Bug: #1693003
2017-06-01Pacemaker support for OVN DB serversBabu Shanmugam2-1/+131
This patch enables OVN DB servers to be started in master/slave mode in the pacemaker cluster. A virtual IP resource is created first and then the pacemaker OVN OCF resource - "ovn:ovndb-servers" is created. The OVN OCF resource is configured to be colocated with the vip resource. The ovn-controller and Neutron OVN ML2 mechanism driver which depends on OVN DB servers will always connect to the vip address on which the master OVN DB servers listen on. The OVN OCF resource itself takes care of (re)starting ovn-northd service on the master node and we don't have to manage it. When HA is enabled for OVN DB servers, haproxy does not configure the OVN DB servers in its configuration. This patch requires OVS 2.7 in the overcloud. Co-authored:by: Numan Siddique <nusiddiq@redhat.com> Change-Id: I9dc366002ef5919339961e5deebbf8aa815c73db Partial-bug: #1670564
2017-05-31Merge "Add missing octavia mysql user creation"Jenkins1-0/+3
2017-05-30Puppet module to deploy RabbitMQ bundle for HADamien Ciabrini1-0/+194
This module is used by tripleo-heat-templates to configure and deploy Kolla-based RabbitMQ containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldessari <michele@acksyn.org> Co-Authored-By: John Eckersberg <jeckersb@redhat.com> Partial-Bug: #1692909 Change-Id: I0722e4a4d4716f477e8304cfa1aadd3eef7c2f31 Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f
2017-05-26Restart docker after changing storage driverSteve Baker1-0/+2
This likely explains why CI appears to still be running the devicemapper driver even though overlay2 is now the default. Change-Id: Ic2d80bae1fddbdb1c80bae297031521dd78d896a Closes-Bug: #1692502
2017-05-26Merge "Move ceilometer upgrade step out of base"Jenkins4-20/+54
2017-05-26Merge "Pass mistral::api service_name from t-h-t"Jenkins1-11/+3
2017-05-25Puppet module to deploy HAProxy bundle for HADamien Ciabrini2-3/+211
This module is used by tripleo-heat-templates to configure and deploy Kolla-based haproxy containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1692908 Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f Change-Id: Ifcf890a88ef003d3ab754cb677cbf34ba8db9312
2017-05-25Puppet module to deploy Redis bundle for HADamien1-0/+178
This module is used by tripleo-heat-templates to configure and deploy Kolla-based Redis containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Co-Authored-By: Michele Baldesari <michele@acksyn.org> Partial-Bug: #1692924 Depends-On: I44fbd7f89ab22b72e8d3fc0a0e3fe54a9418a60f Depends-On: Ie9b7e7d2a3cec4b121915a17c1e809e4ec950e7f Change-Id: Ia1131611d15670190b7b6654f72e6290bf7f8b9e
2017-05-24Move ceilometer upgrade step out of basePradeep Kilambi4-20/+54
ceilometer-upgrade should only run on controller nodes. Since its currently in base profile, it gets triggered on compute as well. So instead split out the upgrade into its own and include when we deploy notification and central agents instead. Change-Id: I2910e8aa5da7fded4cf94b57fb0a14fefd88adbe Closes-bug: #1693339
2017-05-24Merge "Add support for autofencing to Pacemaker Remote."Jenkins1-0/+27
2017-05-24Merge "Enable mistral to run under mod_wsgi"Jenkins1-4/+52