| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
This adds the ability to manage the securetty file.
By allowing management of securetty, operators can limit root
console access and improve security through hardening.
Change-Id: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
Closes-Bug: #1665042
|
|
Without this gnocchi resources types are not created
as they are skipped initially and the resources from
ceilometer wont make it to gnocchi.
Closes-bug: #1674421
Depends-On: I753f37e121b95813e345f200ad3f3e75ec4bd7e1
Change-Id: Ib45bf1b3e526a58f675d7555fe7bb5038dadeede
|
|
This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.
Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
|
|
We attempt to use iscsi-iname in an exec for our nova compute profile
but we do not ensure that the package providing this command is
installed. This change adds the package definition for
iscsi-initiator-utils to ensure it is installed before trying to use
iscsi-iname.
Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d
Closes-Bug: #1675462
|
|
Previously ODL was restricted to only running on the first node in an
tripleO HA deployment. This patches enables clustering for ODL and
allows multiple ODL instances (minimum 3 for HA).
Partially-implements: blueprint opendaylight-ha
Change-Id: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
|
|
Change-Id: I81e0850777f1498ba9b7a213ba02819847a40786
|
|
Change-Id: I81b0b8b54a034817f5791ff7e29f1a3065902642
|
|
Change-Id: Ia002aced6de474022d4aa4e9e3d7d5ee7c31a2b0
|
|
Changes Include:
- Adds spec testing
- Only raise limits if nonha. puppet-systemd will restart the mariadb
service which breaks ha deployments. Hence we only want to do this
in noha.
- Minor fix to hiera value refrenced not as parameter to mysql.pp
Partial-Bug: #1648181
Related-Bug: #1524809
Co-Authored By: Feng Pan <fpan@redhat.com>
Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
Currently tuned uses the wrong profile on compute nodes. This patch will
allow users to update their tuned profile.
Fixes bug 1667524
Change-Id: Ic67aca7f5338ea4bb2d3843201e122c72d97056e
|
|
Change-Id: I1668b749779bf812d8f55b695dd138cde7eb09d6
|
|
|
|
Since the norpm provider can prevent the chronyd package from actually
getting purged, we need to make sure the chronyd service is stopped and
disabled so that it does not conflict with ntpd.
Change-Id: I7a697aba7aa5a27ba4ab6e46018057f7f01dfab2
Closes-Bug: #1665426
|
|
This configures the docker service on the host, as an alternative
to the firstboot script in docker/firstboot/setup_docker_host.sh
Doing this via puppet will enable easier integration with e.g
the multinode jobs where no firstboot scripts run, and also
enables a better error path in the event the service fails to start
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
|
|
|
|
This patch will set neutron's dhcp_agents_per_network equal to the
number of deployed neutron DHCP agents unless otherwise explicitly set.
Partial-bug: #1632721
Change-Id: I5533e42c5ba9f72cc70d80489a07e30ee2341198
|
|
Ceilometer central, compute and ipmi agent classes are
deprecated. Instead we should be using polling agent
with relevant namespace.
Closes-bug: #1662685
Change-Id: I1ee50124bf8936e12414f984e1bcd4545d92e953
|
|
The Nova Placement API's configuration currently relies
on the nova-api profile for its keystone authtoken
configuration. This means that Nova Placement would
fail if it got installed on an isolated node or
docker container (this currently breaks TripleO's
deployment of placement via docker).
This patch creates a new authtoken profile and
calls it via the api and placement roles.
Change-Id: I7b38ab6ba5cae41689ac500d97dec4d09c73d387
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
|
|
This commit adds the transport_url for specifying the oslo.messaging
rpc and notify transport schemes. The rpc or notification backend
can be one of rabbit, amqp, zmq, etc. Oslo.messaging is deprecating
the host, port and auth configuration options. All drivers will
get the options via the transport_url.
This patch:
* Adds transport_url to base services
* Updates the corresponding specs
* Adds to default hierdata
Depends-On: I1cf93d2caebfa1f7373c16754a2ad9bd15eb1a40
Change-Id: Iea5607dbb3ee6b1dd50acc1395de52dc920aa915
|
|
|
|
Per project conventions, should use single quotes.
Also, update comments and defaults to match sample.
Change-Id: I82ddcec230e7a03965d753db60968912b8d7da5c
Closes-Bug: #1663624
|
|
nova placement credentials in nova.conf need to be configured at step 3
so Nova services can use them as soon as they start.
Change-Id: I0abdd305b7e6c8d83f23e25b3872e98eb56dd299
|
|
|
|
|
|
|
|
- transform nova_api_wsgi_enabled in a parameter
- update rspec tests
- fix TLS to run at step 1
Change-Id: I4d3f9c92f0717ae8c3bc8d71065fab281de82008
|
|
We need to run nova-cell_v2-discover_hosts at the very end of the
deployment because nova database needs to be aware of all registred
compute hosts.
1. Move keystone resources management at step 3.
2. Move nova-compute service at step 4.
3. Move nova-placement-api at step 3.
5. Run nova-cell_v2-discover_hosts at step 5 on one nova-api node.
6. Run neutron-ovs-agent at step 5 to avoid racy deployments where
it starts before neutron-server when doing HA deployments.
With that change, we expect Nova aware of all compute services deployed
in TripleO during an initial deployment.
Depends-On: If943157b2b4afeb640919e77ef0214518e13ee15
Change-Id: I6f2df2a83a248fb5dc21c2bd56029eb45b66ceae
Related-Bug: #1663273
Related-Bug: #1663458
|
|
Also adds an initial spec file for basic testing of the module.
Change-Id: I5534aab53b70de215336a076d25263c73b8d7b5b
Partial-Bug: #1661316
|
|
This changes rebrands Dell Eqlx to Dell PS series
and matches the tripleo-heat-templates.
Change-Id: I3536147a06b426ace18cf415e99361c47b4cf5d9
|
|
1. Move keystone resources management at step 4.
2. Move nova-compute startup at step 5.
That way, we make sure nova-compute will start when all Keystone
resources are ready.
Change-Id: I6e153e11b8519254d2a67b9142bf774a25bce69d
Closes-Bug: #1663273
|
|
'https://github.com/midonet/puppet-midonet' doesn't exist anymore, we
need to migrate to 'https://github.com/openstack/puppet-midonet' but
tests will fail.
We need to work with Midokura to get them fixed. In the meantime, let's
disable it.
Change-Id: Id39bc5a8cd229df3e9b597a0a0f3eada838f4953
|
|
|
|
It was suggested by Nova team to not deploying Nova API in WSGI with
Apache in production.
It's causing some issues that we didn't catch until now (see in the bug
report). Until we figure out what was wrong, let's disable it so we can
move forward in the upgrade process.
Related-Bug: 1661360
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
|
|
Add support to enable the UI to use paths via mod_proxy to access API
endpoints instead of connecting to each endpoint directly on a port
other than where the UI is served from. This is necessary to prevent
certificate acceptance errors from non-Chrome browsers which take
exception to connections made to other ports on the same hostname, using
one SSL certificate.
This change extends the UI's Apache configuration to create one
mod_proxy location for each of the API endpoints that UI calls upon.
These mod_proxy (using ProxyPass, ProxyPassReverse) endpoints are
configured using new heira variables provided in the dependent commit.
Additionally, this change modifies the default UI configuration file to
include endpoint URLs formatted to use the new endpoint paths that are
created.
Removed puppet variables which were previously used to generate the
contents of the tripleo_ui_config.js template, since they are no longer
used to generate this file, replaced with the new endpoint URLs
formatted to use the new endpoint paths that are created.
Change-Id: I55e375ad462fa98e181277ec0bd88658e620e8ad
Implements: blueprint proxy-undercloud-api-services
Depends-On: Ib20f4b0891563ae90ec80675635a64c39bd2fdb7
|
|
Fixes a test failure caused by Ic38d4f9f9a8e69ffcee6ccc4bba9a9ab0f161d0e
which pulls in a class with a required parameter.
Change-Id: I0740290bff0ea7c4af6e3420775ac3e72871d372
|
|
it's not required in Ocata, let's configure the basic setup for cells.
note: it also cleanup old code that is not valid anymore.
Change-Id: Iac5b2fbe1b03ec7ad4cb8cab2c7694547be6957d
|
|
|
|
|
|
|
|
Currently the inter-cluster communication port listens to all ip
addresses:
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 25631/beam.smp
In order to limit it to listen only to the network assigned to rabbitmq
we need to add the following:
{kernel, [
...
{inet_dist_use_interface, {172,17,0,16}},
...
]}
In order to do the conversion from an ip address to the Erlang
representation we add a function that takes a string and returns a
converted output. The (~400 randomly generated) IPv6/4 addresses at [1]
have been parsed both via erl's built-in inet:parse_address() function
and our ruby implementation. All converted ip addresses resulted in the
same output [2], [3]. The only difference is that Erlang's parse_address()
considers network ip addresses (e.g. 10.0.0.0) invalid whereas the ruby
function does not. This should not be a problem as the use case here is
to bind a service to a specific ip address on an interface and if
anything we likely prefer the less strict behaviour, given that at least
in theory it is perfectly valid for an interface to have a network
address assigned to it.
[1] http://acksyn.org/files/tripleo/ip-addresses.txt
[2] http://acksyn.org/files/tripleo/ip-addresses-ruby.txt
[3] http://acksyn.org/files/tripleo/ip-addresses-erl.txt
Change-Id: I211c75b9bab25c545bcc7f90f34edebc92bba788
Partial-Bug: #1645898
|
|
glance params are also used by cinder-volume. This patch aims to use
cinder::glance in common roles for cinder, so we can split cinder api
and cinder volume.
Depends-On: Id81c029318016068481dd614ed62cc4bfaf0f3e8
Change-Id: I9703efb38c2a3166c7f21c5c1b942f33abb9e76c
|
|
Adds initial base profile and profile for API service.
Partially-implements: blueprint octavia-service-integration
Change-Id: I77783029797be4fb488c6e743c51d228eba9c474
|
|
|
|
This change adds a profile for the Ceph RBD mirror service, which
should be managed by Pacemaker to make sure there is always a single
instance running.
Change-Id: Ic63dc5cffece38942d305f538f71dd58a5d50789
Partial-Bug: #1652177
|
|
We dont need this flag anymore as we will disable api
using composable interface instead.
See I67900f7e6816212831aea8ed18f323652857fbd3
Closes-bug: #1656364
Change-Id: Ib6aea02bde6ad7e5223336579f0a99d6cd3ee98f
|
|
|
Jenkins
lhinds
Pradeep Kilambi
Juan Antonio Osorio Robles
Alex Schultz
Tim Rozet
Joe Talerico
Steven Hardy
Brent Eagles
Dan Prince
Andrew Smith
MikeG451
Emilien Macchi
Giulio Fidente
rajinir
Dan Trainor
Michele Baldessari