Age | Commit message (Collapse) | Author | Files | Lines |
|
With the addition of the KeystoneFernetKeys parameter, it's now possible
to do fernet key rotations using mistral, by modifying the
KeystoneFernetKeys variable in mistral; subsequently a rotation could
happen when doing a stack update.
So this re-enables the managing of the key files by puppet. However,
this is left configurable, as folks might want to manage those files
out-of-band.
bp keystone-fernet-rotation
Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
|
|
This uses the newly introduced dict with the keys and paths instead of
the individual keys. Having the advantage that rotation will be
possible on stack update, as we no longer have a limit on how many keys
we can pass (as we did with the individual parameters).
bp keystone-fernet-rotation
Change-Id: I7d224595b731d9f3390fce5a9d002282b2b4b8f2
Depends-On: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Currently there's some hard-coded references to roles here, rendering
from the roles_data.yaml is a step towards making the use of isolated
networks for custom roles easier.
Partial-Bug: #1633090
Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab
Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db
|
|
In change I90253412a5e2cd8e56e74cce3548064c06d022b1 we merged
containerized HAProxy setup, but because of a typo in resource
registry, CI kept using the non-containerized variant and it went
unnoticed that the containerized HAProxy doesn't work yet.
We merged a resource registry fix in
Ibcbacff16c3561b75e29b48270d60b60c1eb1083 and it brought down the CI,
which now used the non-working HAProxy.
After putting in the missing haproxy container image to tripleo-common
in I41c1064bbf5f26c8819de6d241dd0903add1bbaa we got further, but the
CI still fails on HAProxy related problem, so we should revert back to
using non-containerized HAProxy for the time being.
Change-Id: If73bf28288de10812f430619115814494618860f
Closes-Bug: #1697645
|
|
Gnocchi 4 supports storage sacks during upgrade. lets make this
configurable if we want to use more metricd workers.
Change-Id: Ibb2ee885e59d43c1ae20887ec1026786d58c6b9e
|
|
|
|
|
|
As noted in the original patch review
I5e743f789ab7dd731bc7ad26226a92a4e71f95a1 the IronicInspectorAdmin
should be https.
Change-Id: I6e37427da679775f02ff0c5fe55cfee51c122e3d
|
|
|
|
|
|
|
|
|
|
We need to ensure that the pacemaker cluster restarts
in the end of the deployment.
Due to the resources renaming we added the
postconfig resource not in the end of the
deployment as it was *postpuppet.
Closes-bug: 1695904
Change-Id: Ic6978fcff591635223b354831cd6cbe0802316cf
|
|
Add new parameters that control the NAS security settings in Cinder's
NFS and NetApp back end drivers. The settings are disabled by default.
Partial-Bug: #1688332
Depends-On: I76e2ce10acf7b671be6a2785829ebb3012b79308
Change-Id: I306a8378dc1685132f7ea3ed91d345eaae70046f
|
|
This has been renamed to multinode-containers.yaml to reflect that the
scenario isn't upgrade-specific.
Change-Id: I151792700475643a4088d98eb5e1bd7248e260cd
Depends-On: Ib04e2ccb330d73df464ad97a20908f20426a4249
|
|
Depends-On: I9abe867dfbdc81d14a1b3b3f1529240b5e522be5
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Ian Main <imain@redhat.com>
Co-Authored-By: Luigi Toscano <ltoscano@redhat.com>
Co-Authored-By: Telles Nobrega <tenobreg@redhat.com>
Change-Id: Id8e3b7e86fa05e0e71cc33414ceae78bab4e29b2
Closes-bug: #1668927
|
|
Co-Authored-By: Jon Bernard <jobernar@redhat.com>
Depends-On: I486de8b6ab2f4235bb4a21c3650f6b9e52a83b80
Change-Id: I6cf70fa05ad1c8aa6d9f837ddcd370eb26e45f97
|
|
This configures iscsid so that it runs as a container on
relevant roles (undercloud, controller, compute, and volume).
When the iscsid docker service is provision it will also run
an ansible snippet that disables the iscsid.socket on the host
OS thus disabling the hosts systemd from auto-starting iscsid
as it normally does.
Co-Authored-By: Jon Bernard <jobernar@redhat.com>
Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
|
|
|
|
|
|
This patch ensures that Swift rings are downloaded from the undercloud
before a rebalance and uploaded afterwards.
Depends-On: I51c5795b9893d797bd73e059910f17a98f04cdbe
Change-Id: Ief012fed628957e4da63ff3314c4cf01d58b6b16
|
|
We now pass configuration for autofencing to Pacemaker Remote nodes.
Change-Id: Ibb9c65a83cc909528024c538cf3bcc96390c555e
Depends-On: I87c60bd56feac6dedc00a3c458b805aa9b71d9ce
Closes-Bug: #1686115
|
|
Parameters which are not part of the heat environment template
are required by the worflows like derive parameters. In order to
seprate from the heat environment parameters, the workflow only
parameters will be provided via plan-environement section,
workflow_parameters.
Implements: blueprint tripleo-derive-parameters
Change-Id: I36d295223c28afff1e0996b4885b8a81c00842f0
|
|
|
|
This change modifies these mounts to be more specific mounts based on
the files which puppet actually modifies.
The result is something a bit more self-documenting, and allows for
trying other techniques for populating /etc other than directly mounting
config-data directories.
Change-Id: Ied1eab99d43afcd34c00af25b7e36e7e55ff88e6
|
|
We now have python-paunch-1.1.1 [1] in the overcloud images so we do not
need to pip install it any longer.
[1] https://trunk.rdoproject.org/centos7-master-head/current/python-paunch-1.1.1-0.20170602043913.c8e22e5.el7.centos.noarch.rpm
Change-Id: I1ede514a8aee7ac217fa75843e67fb6542e06f99
|
|
|
|
Change-Id: Id896e01e24ecc2bfd7a983a3ff9756fefe4a4525
Depends-On: I097c494d3953b7d26d94aecc546ddef5225d1125
|
|
This reverts commit a915b150018bf306a5942782bf93c5faadcd7cde.
The argument is renamed and causing promotions to fail.
Change-Id: I7e1674cff75b606c20956edddf70eee2990fca78
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|