| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Recent changes in Nova [0] and Cinder [1] result in Barbican being selected
as the default encryption key manager, even when TripleO is not deploying
Barbican.
This change ensures the legacy key manager is enabled when no key manager
(such as Barbican) has been specified. This restores the previous behavior,
where the legacy key manager was enabled by default.
[0] https://review.openstack.org/484501
[1] https://review.openstack.org/485322
Closes-Bug: #1706389
Change-Id: Idc92f7a77cde757538eaac51c4ad8dc397f9c3d3
|
|
The nova migration config has always been applied by the base::nova profile.
It assumed that libvirtd/nova-compute and are all running on the
same host.
Where this config didn't apply (e.g a nova api host) it was disabled by a flag.
This approach is not compatible with containers. Hieradata for all containers
are combined so per-host flags no longer work, and we can no longer assume
libvirtd and nova-compute run in the same context.
This change refactors the profiles out of the base nova profile and into
a client profile and a target profile that can be included where appropriate.
Change-Id: I063a84a8e6da64ae3b09125cfa42e48df69adc12
Implements: blueprint tripleo-cold-migration
|
|
Allows configurability of maxconn as applies to
the MySQL section of the HAProxy config, both
for clustercheck and single node.
Also adds a new test for the haproxy class
overall to exercise options.
Change-Id: I023682dd5e85cc78d6dd3e5214a53863acc4f303
|
|
The bootstrap_nodeid comparison should be case insensitive.
Change-Id: I1e6672bb0219c1cf56ab21dd911c6f33e2436cc3
Closes-Bug: #1698190
|
|
In order to support vhostuser client mode, a vhostuser_socket_dir
needs to be created with qemu:qemu g+w permissions.
Closes-Bug: #1675690
Co-Authored-By: Sanjay Upadhyay <supadhya@redhat.com>
Change-Id: I255f98c40869e7508ed01a03a96294284ecdc6a8
Signed-off-by: Karthik S <ksundara@redhat.com>
|
|
This change enhances the security of the migration ssh tunnel:
- The ssh authorized_keys file is only writeable by root.
- Creates a new user for migration instead of using root/nova.
- Disables SSH forwarding for this user.
- Optionally restricts the networks that this user can connect from.
- Uses an ssh wrapper command to whitelist the commands that this user can run
over ssh.
Requires the openstack-nova-migration package from
https://review.rdoproject.org/r/6327
bp tripleo-cold-migration
Change-Id: Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293
|
|
Update the gnocchi api to expose the redis information as a class
parameter so it can be tested correctly.
Change-Id: I075b4af5e7bb35f90f7b82f8fb1b6d6ad6363b71
|
|
We configure apache in step3 so we need to configure the gnocchi api in
step 3 as well to prevent unnecessary service restarts during updates.
Change-Id: I30010c9cf0b0c23fde5d00b67472979d519a15be
Related-Bug: #1664418
|
|
We configure apache in step 3 so horizon should be configured at the
same time or else updates will cause horizon to be unvailable during the
update process.
Change-Id: I4032f7c24edc0ff9ed637e213870cdd3beb9a54e
Closes-Bug: #1678338
|
|
This commit adds the transport_url for specifying the oslo.messaging
rpc and notify transport schemes. The rpc or notification backend
can be one of rabbit, amqp, zmq, etc. Oslo.messaging is deprecating
the host, port and auth configuration options. All drivers will
get the options via the transport_url.
This patch:
* Adds transport_url to base services
* Updates the corresponding specs
* Adds to default hierdata
Depends-On: I1cf93d2caebfa1f7373c16754a2ad9bd15eb1a40
Change-Id: Iea5607dbb3ee6b1dd50acc1395de52dc920aa915
|
|
|
|
This change fixes the hiera calls in the base nova profile to use the
parameter rather than continue to call hiera. Additionally this change
includes basic test coverage for the various nova profiles.
Change-Id: If393606eeb3c39ed3a2655bd89c5c276a9cf106e
|
|
This patch add the option for using Keyston V3 authention with
the Ceph/RGW service instead of using the admin_token
Change-Id: I42861afcac221478dcb68be13b6dbc2533a7f158
|
|
This change adds rspec testing for the cinder profiles with in
puppet-tripleo. Additionally while testing, it was found that the
backends may incorrectly have an extra , included in the settings
for cinder volume when running puppet 3. This change includes a fix
the cinder volume backends to make sure we are not improperly
configuring it with a trailing comma.
Change-Id: Ibdfee330413b6f9aecdf42a5508c21126fc05973
|
|
This change adds rspec tests for the barbican profiles to ensure they
function as expected.
Change-Id: I73f5405ade2cc73024efbeb2cfbfc831a2120f51
|
|
This change adds rspec testing for the ceph profiles in puppet-tripleo.
Change-Id: I08954e011848d6b747735f11b3cbff5707460c26
|
|
This change adds rspec testing for the ceilometer profiles. While
writing these tests, the tripleo::profile::base::ceilometer::collector
class needed to have the hiera lookups moved to class parameters to
allow for testing the possible options around the database backend.
These tests add coverage for ipv4 and ipv6 configurations for the
collector profile as well as excluding mongodb on the backend.
Change-Id: I1abae040104e8492a9fe266de74080e1e7701731
|
|
This change adds rspec testing for the aodh profile and serves as an
example as to how to add in spec testing using hieradata to provide some
required parameters. This testing adds improved coverage for
expectations around computed configuration items as well as for
conditions around the steps within the tripleo deployment
Change-Id: Ic763a544289a222fea97020a98821c1e375651a3
|
|
The lookup_hiera_hash function is meant to lookup for the value
of a given key from a given Hiera hash. In the manifests this is
possible by saving the value of the hash in a variable first but
when driving lookups from the Heat templates we can't do it.
Change-Id: Ie31bb70314db44a0a18e86090cc74aa4df5de169
|
Alan Bishop
Oliver Walsh
Mike Bayer
Alex Schultz
Karthik S
Andrew Smith
Jenkins
Keith Schincke
Giulio Fidente