Age | Commit message (Collapse) | Author | Files | Lines |
|
In https://review.openstack.org/#/c/444622/7 the sshd_options and banner/motd
are mutually exclusive. This patch, and the next patchset of that review,
resolves the conflict.
Related-Bug: 1668543
Change-Id: I1d09530d69e42c0c36311789166554a889e46556
|
|
Update the gnocchi api to expose the redis information as a class
parameter so it can be tested correctly.
Change-Id: I075b4af5e7bb35f90f7b82f8fb1b6d6ad6363b71
|
|
|
|
|
|
|
|
We configure apache in step3 so we need to configure the gnocchi api in
step 3 as well to prevent unnecessary service restarts during updates.
Change-Id: I30010c9cf0b0c23fde5d00b67472979d519a15be
Related-Bug: #1664418
|
|
Apache is configured in step 3 so if we configure ceilometer in step 4,
the configuration is removed on updates. We need to configure it in step
3 with the other apache services to ensure we don't have issues on
updates.
Change-Id: Icc9d03cd8904c93cb6e17f662f141c6e4c0bf423
Related-Bug: #1664418
|
|
bp secure-etcd
Change-Id: I0759deef7cbcf13b9056350e92f01afd33e9c649
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
Including the ::ssh manifest will manage both client and server config.
Managing the client config was not intended and will clobber the OS
default config with the puppet ssh moduled defaults.
Follow up for https://review.openstack.org/443113 where I found the issue after
the changes merged.
Change-Id: I6329f5ebbe8fc3950449e325e56293872d11e1b5
Related-Bug: 1668543
|
|
This patch adds a new registry_mirror option to help
configure /etc/docker/daemon.json so that we can make use
of HTTP docker mirrors within upstream TripleO CI (infra).
Change-Id: I4b966e9b9b174ca5a6f57974185e0149ea12f232
|
|
|
|
This allows decoupling the Swift ringbuilding logic from the Controller
and ObjectStorage roles. A follow up patch will modify
tripleo-heat-templates and use this modified class.
Actually this downloads the Swift rings even if ring building is
disabled or if there is no need to rebalance. This is required, because
operators can disable ring building, but use the same mechanism to
distribute pre-built rings to the nodes.
If ring building is disabled, these won't be uploaded at the end back to
the undercloud.
Related-Bug: 1665641
Change-Id: Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b
|
|
|
|
|
|
This change adds an `include` statement to bring in the extra
functionality available from the existing puppet-ssh module in
already available in RDO.
By using puppet-ssh it provides a framework to allow the passing in of
server options using just hiera values under ssh::server_options.
For example, sshd_config banner can now be passed a server option, as
well as all the new parameters outlined in the launchpad issue that
the patch references for Closing. For this reason, the former augeas
setting for `Banner /etc/issue` is now managed by the main puppet-ssh
module instead.
The change also allows population of MOTD text to `/etc/motd` as
well as `issue.net`.
$bannertext is refactored in accordance with patch [1]
[1] https://review.openstack.org/#/c/442406/
Change-Id: Id329538fb7b623526f1d91d8a513cf3440c86a7c
Closes-Bug: 1668543
|
|
Added the heat templates for Cinder Pure Storage FlashArray
backend to use composable services
Change-Id: I6f46f45a3af394de85672261c7d72ddc492a07b2
|
|
This patch configures SSH tunneling for nova cold-migration and reuses the
tunnel for libvirt live-migration unless TLS has been enabled.
Change-Id: I367757cbe8757d11943af7e41af620f9ce919a06
Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
|
|
So we avoid useless apache restart and save time during the deployment.
Related-Bug: #1664418
Change-Id: Ie00b717a6741e215e59d219710154f0d2ce6b39e
|
|
We configure apache in step 3 so horizon should be configured at the
same time or else updates will cause horizon to be unvailable during the
update process.
Change-Id: I4032f7c24edc0ff9ed637e213870cdd3beb9a54e
Closes-Bug: #1678338
|
|
|
|
|
|
This adds the ability to manage the securetty file.
By allowing management of securetty, operators can limit root
console access and improve security through hardening.
Change-Id: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
Closes-Bug: #1665042
|
|
Without this gnocchi resources types are not created
as they are skipped initially and the resources from
ceilometer wont make it to gnocchi.
Closes-bug: #1674421
Depends-On: I753f37e121b95813e345f200ad3f3e75ec4bd7e1
Change-Id: Ib45bf1b3e526a58f675d7555fe7bb5038dadeede
|
|
This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.
Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
|
|
We attempt to use iscsi-iname in an exec for our nova compute profile
but we do not ensure that the package providing this command is
installed. This change adds the package definition for
iscsi-initiator-utils to ensure it is installed before trying to use
iscsi-iname.
Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d
Closes-Bug: #1675462
|
|
Create a tripleo profile for the bigswitch neutron agent configuration
to be consumed by THT.
Change-Id: I7a8f7f73c9c8446e21c16a5c378bd7e0f0a4c94e
Partial-Bug: #1674791
|
|
Previously ODL was restricted to only running on the first node in an
tripleO HA deployment. This patches enables clustering for ODL and
allows multiple ODL instances (minimum 3 for HA).
Partially-implements: blueprint opendaylight-ha
Change-Id: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
|
|
Change-Id: I81e0850777f1498ba9b7a213ba02819847a40786
|
|
Change-Id: I81b0b8b54a034817f5791ff7e29f1a3065902642
|
|
Change-Id: Ia002aced6de474022d4aa4e9e3d7d5ee7c31a2b0
|
|
Changes Include:
- Adds spec testing
- Only raise limits if nonha. puppet-systemd will restart the mariadb
service which breaks ha deployments. Hence we only want to do this
in noha.
- Minor fix to hiera value refrenced not as parameter to mysql.pp
Partial-Bug: #1648181
Related-Bug: #1524809
Co-Authored By: Feng Pan <fpan@redhat.com>
Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
Currently tuned uses the wrong profile on compute nodes. This patch will
allow users to update their tuned profile.
Fixes bug 1667524
Change-Id: Ic67aca7f5338ea4bb2d3843201e122c72d97056e
|
|
Change-Id: I1668b749779bf812d8f55b695dd138cde7eb09d6
|
|
|
|
Since the norpm provider can prevent the chronyd package from actually
getting purged, we need to make sure the chronyd service is stopped and
disabled so that it does not conflict with ntpd.
Change-Id: I7a697aba7aa5a27ba4ab6e46018057f7f01dfab2
Closes-Bug: #1665426
|
|
This configures the docker service on the host, as an alternative
to the firstboot script in docker/firstboot/setup_docker_host.sh
Doing this via puppet will enable easier integration with e.g
the multinode jobs where no firstboot scripts run, and also
enables a better error path in the event the service fails to start
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
|
|
|
|
This patch will set neutron's dhcp_agents_per_network equal to the
number of deployed neutron DHCP agents unless otherwise explicitly set.
Partial-bug: #1632721
Change-Id: I5533e42c5ba9f72cc70d80489a07e30ee2341198
|
|
Ceilometer central, compute and ipmi agent classes are
deprecated. Instead we should be using polling agent
with relevant namespace.
Closes-bug: #1662685
Change-Id: I1ee50124bf8936e12414f984e1bcd4545d92e953
|
|
The Nova Placement API's configuration currently relies
on the nova-api profile for its keystone authtoken
configuration. This means that Nova Placement would
fail if it got installed on an isolated node or
docker container (this currently breaks TripleO's
deployment of placement via docker).
This patch creates a new authtoken profile and
calls it via the api and placement roles.
Change-Id: I7b38ab6ba5cae41689ac500d97dec4d09c73d387
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
|
|
This commit adds the transport_url for specifying the oslo.messaging
rpc and notify transport schemes. The rpc or notification backend
can be one of rabbit, amqp, zmq, etc. Oslo.messaging is deprecating
the host, port and auth configuration options. All drivers will
get the options via the transport_url.
This patch:
* Adds transport_url to base services
* Updates the corresponding specs
* Adds to default hierdata
Depends-On: I1cf93d2caebfa1f7373c16754a2ad9bd15eb1a40
Change-Id: Iea5607dbb3ee6b1dd50acc1395de52dc920aa915
|
|
|
|
Per project conventions, should use single quotes.
Also, update comments and defaults to match sample.
Change-Id: I82ddcec230e7a03965d753db60968912b8d7da5c
Closes-Bug: #1663624
|
|
nova placement credentials in nova.conf need to be configured at step 3
so Nova services can use them as soon as they start.
Change-Id: I0abdd305b7e6c8d83f23e25b3872e98eb56dd299
|
|
|
|
|
|
|
|
- transform nova_api_wsgi_enabled in a parameter
- update rspec tests
- fix TLS to run at step 1
Change-Id: I4d3f9c92f0717ae8c3bc8d71065fab281de82008
|