summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-06-14Enable heat/puppet to manage the fernet keys and make it configurableJuan Antonio Osorio Robles2-1/+15
With the addition of the KeystoneFernetKeys parameter, it's now possible to do fernet key rotations using mistral, by modifying the KeystoneFernetKeys variable in mistral; subsequently a rotation could happen when doing a stack update. So this re-enables the managing of the key files by puppet. However, this is left configurable, as folks might want to manage those files out-of-band. bp keystone-fernet-rotation Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
2017-06-14Use KeystoneFernetKeys instead of individual parametersJuan Antonio Osorio Robles2-7/+29
This uses the newly introduced dict with the keys and paths instead of the individual keys. Having the advantage that rotation will be possible on stack update, as we no longer have a limit on how many keys we can pass (as we did with the individual parameters). bp keystone-fernet-rotation Change-Id: I7d224595b731d9f3390fce5a9d002282b2b4b8f2 Depends-On: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
2017-06-14Merge "Add support for Cinder "NAS secure" driver params"Jenkins3-0/+29
2017-06-14Merge "Execute Swift ring up-/download in containerized environments"Jenkins1-2/+13
2017-06-14Merge "Containerize Sahara"Jenkins3-0/+232
2017-06-14Merge "Containerized Sensu client"Jenkins2-0/+134
2017-06-14Merge "Containerize multipathd"Jenkins2-0/+90
2017-06-14Merge "Move iscsid to a container"Jenkins10-0/+120
2017-06-13Merge "Change HorizonSecureCookies default to False"Jenkins2-1/+2
2017-06-13Merge "Add support to configure Num of Storage sacks"Jenkins2-1/+12
2017-06-13Merge "Fix IronicInspectorAdmin to be https"Jenkins1-2/+2
2017-06-13Merge "Make network-isolation environment rendered for all roles"Jenkins14-59/+97
2017-06-13Merge "Fix bug in docker-toool where values are sometimes empty."Jenkins1-0/+3
2017-06-13Merge "Configure credentials for ironic to access cinder"Jenkins1-0/+6
2017-06-13Merge "Unblock CI by reverting to non-containerized HAProxy"Jenkins1-1/+0
2017-06-13Merge "Remove deprecated multinode-container-upgrade.yaml"Jenkins1-70/+0
2017-06-13Make network-isolation environment rendered for all rolesSteven Hardy14-59/+97
Currently there's some hard-coded references to roles here, rendering from the roles_data.yaml is a step towards making the use of isolated networks for custom roles easier. Partial-Bug: #1633090 Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db
2017-06-13Unblock CI by reverting to non-containerized HAProxyJiri Stransky1-1/+0
In change I90253412a5e2cd8e56e74cce3548064c06d022b1 we merged containerized HAProxy setup, but because of a typo in resource registry, CI kept using the non-containerized variant and it went unnoticed that the containerized HAProxy doesn't work yet. We merged a resource registry fix in Ibcbacff16c3561b75e29b48270d60b60c1eb1083 and it brought down the CI, which now used the non-working HAProxy. After putting in the missing haproxy container image to tripleo-common in I41c1064bbf5f26c8819de6d241dd0903add1bbaa we got further, but the CI still fails on HAProxy related problem, so we should revert back to using non-containerized HAProxy for the time being. Change-Id: If73bf28288de10812f430619115814494618860f Closes-Bug: #1697645
2017-06-12Add support to configure Num of Storage sacksPradeep Kilambi2-1/+12
Gnocchi 4 supports storage sacks during upgrade. lets make this configurable if we want to use more metricd workers. Change-Id: Ibb2ee885e59d43c1ae20887ec1026786d58c6b9e
2017-06-12Merge "Fix typo in haproxy docker mapping"Jenkins1-1/+1
2017-06-12Merge "Moving *postconfig where it was *postpuppet"Jenkins3-26/+36
2017-06-12Fix IronicInspectorAdmin to be httpsAlex Schultz1-2/+2
As noted in the original patch review I5e743f789ab7dd731bc7ad26226a92a4e71f95a1 the IronicInspectorAdmin should be https. Change-Id: I6e37427da679775f02ff0c5fe55cfee51c122e3d
2017-06-12Merge "Providing parameters specific to a workflow via plan-environment"Jenkins3-0/+61
2017-06-12Merge "Remove pip install paunch"Jenkins1-4/+0
2017-06-12Merge "Fix containerized SwiftRawDisks usage"Jenkins1-1/+22
2017-06-12Merge "Containerize Manila API service"Jenkins2-0/+114
2017-06-12Moving *postconfig where it was *postpuppetCarlos Camacho3-26/+36
We need to ensure that the pacemaker cluster restarts in the end of the deployment. Due to the resources renaming we added the postconfig resource not in the end of the deployment as it was *postpuppet. Closes-bug: 1695904 Change-Id: Ic6978fcff591635223b354831cd6cbe0802316cf
2017-06-12Add support for Cinder "NAS secure" driver paramsAlan Bishop3-0/+29
Add new parameters that control the NAS security settings in Cinder's NFS and NetApp back end drivers. The settings are disabled by default. Partial-Bug: #1688332 Depends-On: I76e2ce10acf7b671be6a2785829ebb3012b79308 Change-Id: I306a8378dc1685132f7ea3ed91d345eaae70046f
2017-06-12Remove deprecated multinode-container-upgrade.yamlJiri Stransky1-70/+0
This has been renamed to multinode-containers.yaml to reflect that the scenario isn't upgrade-specific. Change-Id: I151792700475643a4088d98eb5e1bd7248e260cd Depends-On: Ib04e2ccb330d73df464ad97a20908f20426a4249
2017-06-12Containerize SaharaDan Prince3-0/+232
Depends-On: I9abe867dfbdc81d14a1b3b3f1529240b5e522be5 Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Luigi Toscano <ltoscano@redhat.com> Co-Authored-By: Telles Nobrega <tenobreg@redhat.com> Change-Id: Id8e3b7e86fa05e0e71cc33414ceae78bab4e29b2 Closes-bug: #1668927
2017-06-12Containerize multipathdDan Prince2-0/+90
Co-Authored-By: Jon Bernard <jobernar@redhat.com> Depends-On: I486de8b6ab2f4235bb4a21c3650f6b9e52a83b80 Change-Id: I6cf70fa05ad1c8aa6d9f837ddcd370eb26e45f97
2017-06-12Move iscsid to a containerDan Prince10-0/+120
This configures iscsid so that it runs as a container on relevant roles (undercloud, controller, compute, and volume). When the iscsid docker service is provision it will also run an ansible snippet that disables the iscsid.socket on the host OS thus disabling the hosts systemd from auto-starting iscsid as it normally does. Co-Authored-By: Jon Bernard <jobernar@redhat.com> Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
2017-06-12Merge "Add support for autofencing to Pacemaker Remote."Jenkins1-0/+38
2017-06-12Merge "Don't mount all of config-data /etc, /etc/httpd"Jenkins19-21/+46
2017-06-12Execute Swift ring up-/download in containerized environmentsChristian Schwede1-2/+13
This patch ensures that Swift rings are downloaded from the undercloud before a rebalance and uploaded afterwards. Depends-On: I51c5795b9893d797bd73e059910f17a98f04cdbe Change-Id: Ief012fed628957e4da63ff3314c4cf01d58b6b16
2017-06-12Add support for autofencing to Pacemaker Remote.Chris Jones1-0/+38
We now pass configuration for autofencing to Pacemaker Remote nodes. Change-Id: Ibb9c65a83cc909528024c538cf3bcc96390c555e Depends-On: I87c60bd56feac6dedc00a3c458b805aa9b71d9ce Closes-Bug: #1686115
2017-06-12Providing parameters specific to a workflow via plan-environmentSaravanan KR3-0/+61
Parameters which are not part of the heat environment template are required by the worflows like derive parameters. In order to seprate from the heat environment parameters, the workflow only parameters will be provided via plan-environement section, workflow_parameters. Implements: blueprint tripleo-derive-parameters Change-Id: I36d295223c28afff1e0996b4885b8a81c00842f0
2017-06-11Merge "Containerized collectd"Jenkins2-0/+96
2017-06-12Don't mount all of config-data /etc, /etc/httpdSteve Baker19-21/+46
This change modifies these mounts to be more specific mounts based on the files which puppet actually modifies. The result is something a bit more self-documenting, and allows for trying other techniques for populating /etc other than directly mounting config-data directories. Change-Id: Ied1eab99d43afcd34c00af25b7e36e7e55ff88e6
2017-06-11Remove pip install paunchMichele Baldessari1-4/+0
We now have python-paunch-1.1.1 [1] in the overcloud images so we do not need to pip install it any longer. [1] https://trunk.rdoproject.org/centos7-master-head/current/python-paunch-1.1.1-0.20170602043913.c8e22e5.el7.centos.noarch.rpm Change-Id: I1ede514a8aee7ac217fa75843e67fb6542e06f99
2017-06-09Merge "Revert "Add support to configure Num of Storage sacks""Jenkins2-12/+1
2017-06-09Configure credentials for ironic to access cinderDmitry Tantsur1-0/+6
Change-Id: Id896e01e24ecc2bfd7a983a3ff9756fefe4a4525 Depends-On: I097c494d3953b7d26d94aecc546ddef5225d1125
2017-06-09Revert "Add support to configure Num of Storage sacks"Pradeep Kilambi2-12/+1
This reverts commit a915b150018bf306a5942782bf93c5faadcd7cde. The argument is renamed and causing promotions to fail. Change-Id: I7e1674cff75b606c20956edddf70eee2990fca78
2017-06-09Merge "Write md5sum for service config directories"Jenkins2-3/+59
2017-06-09Merge "Make container names consistent"Jenkins18-41/+41
2017-06-09Merge "Configure crl file for HAProxy"Jenkins1-0/+6
2017-06-09Merge "Configure CRL URI if TLS in the internal network is enabled"Jenkins1-0/+17
2017-06-09Merge "Containerize Tacker Services"Jenkins2-0/+136
2017-06-09Merge "Containerize Congress API service"Jenkins2-0/+137
2017-06-09Merge "Role Specific parameter for nova-compute service"Jenkins1-3/+23