summaryrefslogtreecommitdiffstats
path: root/spec
AgeCommit message (Collapse)AuthorFilesLines
2017-04-05Merge "SSHD Service extensions"Jenkins1-8/+54
2017-04-04Merge "Configure migration SSH tunnel"Jenkins1-2/+116
2017-04-04SSHD Service extensionslhinds1-8/+54
This change adds an `include` statement to bring in the extra functionality available from the existing puppet-ssh module in already available in RDO. By using puppet-ssh it provides a framework to allow the passing in of server options using just hiera values under ssh::server_options. For example, sshd_config banner can now be passed a server option, as well as all the new parameters outlined in the launchpad issue that the patch references for Closing. For this reason, the former augeas setting for `Banner /etc/issue` is now managed by the main puppet-ssh module instead. The change also allows population of MOTD text to `/etc/motd` as well as `issue.net`. $bannertext is refactored in accordance with patch [1] [1] https://review.openstack.org/#/c/442406/ Change-Id: Id329538fb7b623526f1d91d8a513cf3440c86a7c Closes-Bug: 1668543
2017-04-03Configure migration SSH tunnelOliver Walsh1-2/+116
This patch configures SSH tunneling for nova cold-migration and reuses the tunnel for libvirt live-migration unless TLS has been enabled. Change-Id: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
2017-04-03Deploy WSGI apps at the same step (3)Emilien Macchi1-4/+4
So we avoid useless apache restart and save time during the deployment. Related-Bug: #1664418 Change-Id: Ie00b717a6741e215e59d219710154f0d2ce6b39e
2017-04-02Move horizon to step 3Alex Schultz2-0/+58
We configure apache in step 3 so horizon should be configured at the same time or else updates will cause horizon to be unvailable during the update process. Change-Id: I4032f7c24edc0ff9ed637e213870cdd3beb9a54e Closes-Bug: #1678338
2017-03-30Merge "Tuned should be configured properly"Jenkins1-0/+44
2017-03-30Merge "Adds service for managing securetty"Jenkins1-0/+72
2017-03-29Adds service for managing securettylhinds1-0/+72
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: Ic4647fb823bd112648c5b8d102913baa8b4dac1c Closes-Bug: #1665042
2017-03-27Re-run gnocchi and ceilometer upgrade in step 5Pradeep Kilambi1-0/+26
Without this gnocchi resources types are not created as they are skipped initially and the resources from ceilometer wont make it to gnocchi. Closes-bug: #1674421 Depends-On: I753f37e121b95813e345f200ad3f3e75ec4bd7e1 Change-Id: Ib45bf1b3e526a58f675d7555fe7bb5038dadeede
2017-03-26Remove certificate request bits from service profilesJuan Antonio Osorio Robles1-4/+0
This is now the job of the certmonger_user profile. So these bits are not needed anymore in the service profiles. Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800 Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
2017-03-23Ensure iscsi-initiator-utils installedAlex Schultz1-0/+3
We attempt to use iscsi-iname in an exec for our nova compute profile but we do not ensure that the package providing this command is installed. This change adds the package definition for iscsi-initiator-utils to ensure it is installed before trying to use iscsi-iname. Change-Id: I1bfdb68170931fd05a09859cf8eefb50ed20915d Closes-Bug: #1675462
2017-03-16Enables OpenDaylight Clustering in HA deploymentsTim Rozet1-0/+88
Previously ODL was restricted to only running on the first node in an tripleO HA deployment. This patches enables clustering for ODL and allows multiple ODL instances (minimum 3 for HA). Partially-implements: blueprint opendaylight-ha Change-Id: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-16Merge "Add spec tests for tripleo::certmonger::mysql class"Jenkins1-0/+64
2017-03-16Merge "Add spec tests for tripleo::certmonger::ca::local class"Jenkins1-0/+46
2017-03-16Add spec tests for tripleo::certmonger::ca::local classJuan Antonio Osorio Robles1-0/+46
Change-Id: I81e0850777f1498ba9b7a213ba02819847a40786
2017-03-16Add spec tests for tripleo::certmonger::mysql classJuan Antonio Osorio Robles1-0/+64
Change-Id: I81b0b8b54a034817f5791ff7e29f1a3065902642
2017-03-16Add spec test for tripleo::certmonger::httpd resourceJuan Antonio Osorio Robles1-0/+63
Change-Id: Ia002aced6de474022d4aa4e9e3d7d5ee7c31a2b0
2017-03-13Fixes issues with raising mysql file limitTim Rozet1-0/+75
Changes Include: - Adds spec testing - Only raise limits if nonha. puppet-systemd will restart the mariadb service which breaks ha deployments. Hence we only want to do this in noha. - Minor fix to hiera value refrenced not as parameter to mysql.pp Partial-Bug: #1648181 Related-Bug: #1524809 Co-Authored By: Feng Pan <fpan@redhat.com> Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5 Signed-off-by: Tim Rozet <trozet@redhat.com> Signed-off-by: Feng Pan <fpan@redhat.com>
2017-03-13Tuned should be configured properlyJoe Talerico1-0/+44
Currently tuned uses the wrong profile on compute nodes. This patch will allow users to update their tuned profile. Fixes bug 1667524 Change-Id: Ic67aca7f5338ea4bb2d3843201e122c72d97056e
2017-03-09Add tests for tripleo::certmonger::rabbitmq classJuan Antonio Osorio Robles1-0/+64
Change-Id: I1668b749779bf812d8f55b695dd138cde7eb09d6
2017-03-07Merge "Stop the chronyd service"Jenkins1-0/+39
2017-03-06Stop the chronyd serviceAlex Schultz1-0/+39
Since the norpm provider can prevent the chronyd package from actually getting purged, we need to make sure the chronyd service is stopped and disabled so that it does not conflict with ntpd. Change-Id: I7a697aba7aa5a27ba4ab6e46018057f7f01dfab2 Closes-Bug: #1665426
2017-03-06Add docker profileSteven Hardy1-0/+68
This configures the docker service on the host, as an alternative to the firstboot script in docker/firstboot/setup_docker_host.sh Doing this via puppet will enable easier integration with e.g the multinode jobs where no firstboot scripts run, and also enables a better error path in the event the service fails to start Co-Authored-By: Alex Schultz <aschultz@redhat.com> Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
2017-02-28Merge "Default neutron dhcp_agents_per_network to number of agents"Jenkins1-0/+76
2017-02-27Default neutron dhcp_agents_per_network to number of agentsBrent Eagles1-0/+76
This patch will set neutron's dhcp_agents_per_network equal to the number of deployed neutron DHCP agents unless otherwise explicitly set. Partial-bug: #1632721 Change-Id: I5533e42c5ba9f72cc70d80489a07e30ee2341198
2017-02-25Add ceilometer polling agent profilePradeep Kilambi1-0/+72
Ceilometer central, compute and ipmi agent classes are deprecated. Instead we should be using polling agent with relevant namespace. Closes-bug: #1662685 Change-Id: I1ee50124bf8936e12414f984e1bcd4545d92e953
2017-02-21Configure authtoken in Nova PlacementDan Prince3-0/+196
The Nova Placement API's configuration currently relies on the nova-api profile for its keystone authtoken configuration. This means that Nova Placement would fail if it got installed on an isolated node or docker container (this currently breaks TripleO's deployment of placement via docker). This patch creates a new authtoken profile and calls it via the api and placement roles. Change-Id: I7b38ab6ba5cae41689ac500d97dec4d09c73d387 Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2017-02-17Use rpc and notify transport_url for oslo_messaging backendsAndrew Smith29-75/+96
This commit adds the transport_url for specifying the oslo.messaging rpc and notify transport schemes. The rpc or notification backend can be one of rabbit, amqp, zmq, etc. Oslo.messaging is deprecating the host, port and auth configuration options. All drivers will get the options via the transport_url. This patch: * Adds transport_url to base services * Updates the corresponding specs * Adds to default hierdata Depends-On: I1cf93d2caebfa1f7373c16754a2ad9bd15eb1a40 Change-Id: Iea5607dbb3ee6b1dd50acc1395de52dc920aa915
2017-02-15Merge "Make quotes consistent to match the sample config"Jenkins1-14/+14
2017-02-14Make quotes consistent to match the sample configMikeG4511-14/+14
Per project conventions, should use single quotes. Also, update comments and defaults to match sample. Change-Id: I82ddcec230e7a03965d753db60968912b8d7da5c Closes-Bug: #1663624
2017-02-13nova: move placement credentials config at step 3Emilien Macchi1-0/+4
nova placement credentials in nova.conf need to be configured at step 3 so Nova services can use them as soon as they start. Change-Id: I0abdd305b7e6c8d83f23e25b3872e98eb56dd299
2017-02-11Merge "nova/api: more cleanup"Jenkins1-11/+29
2017-02-10Merge "Add module to support ScaleIO backend in Cinder"Jenkins1-0/+58
2017-02-10Merge "Rebranding of Eqlx to Dell EMC PS Series"Jenkins2-15/+15
2017-02-10nova/api: more cleanupEmilien Macchi1-11/+29
- transform nova_api_wsgi_enabled in a parameter - update rspec tests - fix TLS to run at step 1 Change-Id: I4d3f9c92f0717ae8c3bc8d71065fab281de82008
2017-02-09Run nova-cell_v2-discover_hosts at step 5Emilien Macchi1-2/+2
We need to run nova-cell_v2-discover_hosts at the very end of the deployment because nova database needs to be aware of all registred compute hosts. 1. Move keystone resources management at step 3. 2. Move nova-compute service at step 4. 3. Move nova-placement-api at step 3. 5. Run nova-cell_v2-discover_hosts at step 5 on one nova-api node. 6. Run neutron-ovs-agent at step 5 to avoid racy deployments where it starts before neutron-server when doing HA deployments. With that change, we expect Nova aware of all compute services deployed in TripleO during an initial deployment. Depends-On: If943157b2b4afeb640919e77ef0214518e13ee15 Change-Id: I6f2df2a83a248fb5dc21c2bd56029eb45b66ceae Related-Bug: #1663273 Related-Bug: #1663458
2017-02-09Add module to support ScaleIO backend in CinderGiulio Fidente1-0/+58
Also adds an initial spec file for basic testing of the module. Change-Id: I5534aab53b70de215336a076d25263c73b8d7b5b Partial-Bug: #1661316
2017-02-09Rebranding of Eqlx to Dell EMC PS Seriesrajinir2-15/+15
This changes rebrands Dell Eqlx to Dell PS series and matches the tripleo-heat-templates. Change-Id: I3536147a06b426ace18cf415e99361c47b4cf5d9
2017-02-09start nova-compute when keystone resources are createdEmilien Macchi1-4/+4
1. Move keystone resources management at step 4. 2. Move nova-compute startup at step 5. That way, we make sure nova-compute will start when all Keystone resources are ready. Change-Id: I6e153e11b8519254d2a67b9142bf774a25bce69d Closes-Bug: #1663273
2017-02-08Disable midonet unit testsEmilien Macchi1-58/+0
'https://github.com/midonet/puppet-midonet' doesn't exist anymore, we need to migrate to 'https://github.com/openstack/puppet-midonet' but tests will fail. We need to work with Midokura to get them fixed. In the meantime, let's disable it. Change-Id: Id39bc5a8cd229df3e9b597a0a0f3eada838f4953
2017-02-07Merge "Proxy API endpoints that UI uses"Jenkins1-21/+43
2017-02-06Stop deploying Nova API in WSGI with ApacheEmilien Macchi1-4/+4
It was suggested by Nova team to not deploying Nova API in WSGI with Apache in production. It's causing some issues that we didn't catch until now (see in the bug report). Until we figure out what was wrong, let's disable it so we can move forward in the upgrade process. Related-Bug: 1661360 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
2017-02-03Proxy API endpoints that UI usesDan Trainor1-21/+43
Add support to enable the UI to use paths via mod_proxy to access API endpoints instead of connecting to each endpoint directly on a port other than where the UI is served from. This is necessary to prevent certificate acceptance errors from non-Chrome browsers which take exception to connections made to other ports on the same hostname, using one SSL certificate. This change extends the UI's Apache configuration to create one mod_proxy location for each of the API endpoints that UI calls upon. These mod_proxy (using ProxyPass, ProxyPassReverse) endpoints are configured using new heira variables provided in the dependent commit. Additionally, this change modifies the default UI configuration file to include endpoint URLs formatted to use the new endpoint paths that are created. Removed puppet variables which were previously used to generate the contents of the tripleo_ui_config.js template, since they are no longer used to generate this file, replaced with the new endpoint URLs formatted to use the new endpoint paths that are created. Change-Id: I55e375ad462fa98e181277ec0bd88658e620e8ad Implements: blueprint proxy-undercloud-api-services Depends-On: Ib20f4b0891563ae90ec80675635a64c39bd2fdb7
2017-01-31Fix test failure caused by change to puppet-octaviaBrent Eagles1-0/+3
Fixes a test failure caused by Ic38d4f9f9a8e69ffcee6ccc4bba9a9ab0f161d0e which pulls in a class with a required parameter. Change-Id: I0740290bff0ea7c4af6e3420775ac3e72871d372
2017-01-27nova: deploy basic setup for cellsEmilien Macchi1-5/+2
it's not required in Ocata, let's configure the basic setup for cells. note: it also cleanup old code that is not valid anymore. Change-Id: Iac5b2fbe1b03ec7ad4cb8cab2c7694547be6957d
2017-01-25Merge "Make sure we bind the rabbit inter-cluster to a specific interface"Jenkins1-0/+11
2017-01-23Merge "Add Ceph RBD mirror Pacemaker profile"Jenkins1-0/+64
2017-01-20Merge "cinder: move glance params into common"Jenkins2-4/+6
2017-01-20Make sure we bind the rabbit inter-cluster to a specific interfaceMichele Baldessari1-0/+11
Currently the inter-cluster communication port listens to all ip addresses: tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 25631/beam.smp In order to limit it to listen only to the network assigned to rabbitmq we need to add the following: {kernel, [ ... {inet_dist_use_interface, {172,17,0,16}}, ... ]} In order to do the conversion from an ip address to the Erlang representation we add a function that takes a string and returns a converted output. The (~400 randomly generated) IPv6/4 addresses at [1] have been parsed both via erl's built-in inet:parse_address() function and our ruby implementation. All converted ip addresses resulted in the same output [2], [3]. The only difference is that Erlang's parse_address() considers network ip addresses (e.g. 10.0.0.0) invalid whereas the ruby function does not. This should not be a problem as the use case here is to bind a service to a specific ip address on an interface and if anything we likely prefer the less strict behaviour, given that at least in theory it is perfectly valid for an interface to have a network address assigned to it. [1] http://acksyn.org/files/tripleo/ip-addresses.txt [2] http://acksyn.org/files/tripleo/ip-addresses-ruby.txt [3] http://acksyn.org/files/tripleo/ip-addresses-erl.txt Change-Id: I211c75b9bab25c545bcc7f90f34edebc92bba788 Partial-Bug: #1645898