summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-06-22Revert "Blacklist support for ExtraConfig"Alex Schultz11-192/+7
This reverts commit d6c0979eb3de79b8c3a79ea5798498f0241eb32d. This seems to be causing issues in Heat in upgrades. Change-Id: I379fb2133358ba9c3c989c98a2dd399ad064f706 Related-Bug: #1699463
2017-06-16Blacklist support for ExtraConfigJames Slagle11-7/+192
Commit I46941e54a476c7cc8645cd1aff391c9c6c5434de added support for blacklisting servers from triggered Heat deployments. This commit adds that functionality to the remaining Deployments in tripleo-heat-templates for the ExtraConfig interfaces. Since we can not (should not) change the interface to ExtraConfig, Heat conditions are used on the actual <role>ExtraConfigPre and NodeExtraConfig resources instead of using the actions approach on Deployments. Change-Id: I38fdb50d1d966a6c3651980c52298317fa3bece4
2017-06-15Merge "Bind mount internal CA file to all containers"Jenkins1-12/+57
2017-06-15Merge "Containerize Cinder-volume for HA"Jenkins1-0/+170
2017-06-15Merge "Containerize Ceilometer Agent Ipmi"Jenkins5-0/+117
2017-06-15Merge "Modify PreNetworkConfig config inline with role-specific parameters"Jenkins13-20/+159
2017-06-15Merge "Fix race conditions between containers"Jenkins19-48/+43
2017-06-15Merge "Containerize Manila Scheduler service"Jenkins2-0/+106
2017-06-14Merge "Update Panko api port"Jenkins7-15/+19
2017-06-14Merge "Role Specific parameters for neutron-sriov-agent service"Jenkins1-3/+19
2017-06-14Merge "Sample environment generator"Jenkins11-0/+808
2017-06-14Merge "Add Nova Consoleauth service to containerized deployment"Jenkins2-0/+109
2017-06-14Merge "Add Nova Vncproxy service to containerized deployment"Jenkins2-0/+109
2017-06-14Merge "Enable heat/puppet to manage the fernet keys and make it configurable"Jenkins2-1/+15
2017-06-14Merge "Use KeystoneFernetKeys instead of individual parameters"Jenkins2-7/+29
2017-06-14Update Panko api portPradeep Kilambi7-15/+19
The current port conflicts with trove. This is updated in puppet module. See related change: https://review.openstack.org/#/c/471551/ Change-Id: Iefacb98320eef0bca782055e3da5d243993828d7
2017-06-14Merge "Fix network names when using network isolation"Jenkins1-1/+1
2017-06-14Merge "Dell SC: Add exclude_domain_ip option"Jenkins2-0/+5
2017-06-14Merge "Docker service for Cinder Volume"Jenkins2-0/+164
2017-06-14Fix race conditions between containersJiri Stransky19-48/+43
In many occasions we had log directory initialization containers without `detach: false`, which didn't guarantee that they'll finish before the container depending on them will start using the log directory. This is now fixed by moving the initialization container one global step earlier, so that we can keep the concurrency when creating the log dirs. (Using `detach: false` makes paunch handle just one container at a time, and as such it can have negative performance impact.) For services which have their container(s) starting in step_1, initialization cannot be moved to an earlier step, so the solution here was to just add `detach: false`. As a minor related change, cinder DB sync container now mounts the log directory from host to put cinder-manage.log into the expected location. Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
2017-06-14Merge "Docker services for Cinder Backup"Jenkins2-0/+133
2017-06-14Merge "Add fqdn_external"Jenkins6-0/+6
2017-06-14Merge "Generate HAproxy iptables rules for containerized HA deployments"Jenkins1-10/+13
2017-06-14Merge "Replace NO_ARCHIVE block with single call to rsync"Jenkins1-27/+13
2017-06-14Merge "Docker services for Cinder Api and Scheduler"Jenkins3-0/+278
2017-06-14Fix network names when using network isolationMichele Baldessari1-1/+1
When we merged If3989f24f077738845d2edbee405bd9198e7b7db we correctly used name_lower for most things but we left out the the OS::TripleO::Network resource which would cause errors like the following: Could not fetch contents for file:///tmp/tripleoclient-LdqQGJ/tripleo-heat-templates/network/internalapi.yaml The reason is that the network filename is called internal_api.yaml. Change-Id: I40f268668ed948e5d41ed0ff5a8fc954cef7b17c Closes-Bug: #1697883
2017-06-14Enable heat/puppet to manage the fernet keys and make it configurableJuan Antonio Osorio Robles2-1/+15
With the addition of the KeystoneFernetKeys parameter, it's now possible to do fernet key rotations using mistral, by modifying the KeystoneFernetKeys variable in mistral; subsequently a rotation could happen when doing a stack update. So this re-enables the managing of the key files by puppet. However, this is left configurable, as folks might want to manage those files out-of-band. bp keystone-fernet-rotation Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
2017-06-14Use KeystoneFernetKeys instead of individual parametersJuan Antonio Osorio Robles2-7/+29
This uses the newly introduced dict with the keys and paths instead of the individual keys. Having the advantage that rotation will be possible on stack update, as we no longer have a limit on how many keys we can pass (as we did with the individual parameters). bp keystone-fernet-rotation Change-Id: I7d224595b731d9f3390fce5a9d002282b2b4b8f2 Depends-On: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
2017-06-14Merge "Add support for Cinder "NAS secure" driver params"Jenkins3-0/+29
2017-06-14Replace NO_ARCHIVE block with single call to rsyncSteve Baker1-27/+13
Also attempts to move the workaround for bug #1696283 to before the puppet apply call. Closes-Bug: #1696622 Change-Id: I3a195466a5039e7641e843c11e5436440bfc5a01
2017-06-14Merge "Execute Swift ring up-/download in containerized environments"Jenkins1-2/+13
2017-06-14Merge "Containerize Sahara"Jenkins3-0/+232
2017-06-14Merge "Containerized Sensu client"Jenkins2-0/+134
2017-06-14Merge "Containerize multipathd"Jenkins2-0/+90
2017-06-14Merge "Move iscsid to a container"Jenkins10-0/+120
2017-06-13Merge "Change HorizonSecureCookies default to False"Jenkins2-1/+2
2017-06-13Containerize Ceilometer Agent IpmiPradeep Kilambi5-0/+117
Depends-On: I3e865f2e9b6935eb3dfa4b4579c803f0127848ae Change-Id: I09327a63d238a130b6ac0f2361f80e2b244b4b52
2017-06-13Merge "Add support to configure Num of Storage sacks"Jenkins2-1/+12
2017-06-13Merge "Fix IronicInspectorAdmin to be https"Jenkins1-2/+2
2017-06-13Merge "Make network-isolation environment rendered for all roles"Jenkins14-59/+97
2017-06-13Merge "Fix bug in docker-toool where values are sometimes empty."Jenkins1-0/+3
2017-06-13Merge "Configure credentials for ironic to access cinder"Jenkins1-0/+6
2017-06-13Add fqdn_externalAlex Schultz6-0/+6
In newton, we used to construct the fqdn_$NETWORK in puppet-tripleo for external, internal_api, storage, storage_mgmt, tenant, management, and ctrlplane. When this was moved into THT, we accidently dropped external which leads to deployment failures if a service is moved to the external network and the configuration consumes the fqdn_external hiera key. Specifically this is reproduced if the MysqlNetwork is switch to to exernal, then the deployment fails because the bind address which is set to use fqdn_external is blank. Change-Id: I01ad0c14cb3dc38aad7528345c928b86628433c1 Closes-Bug: #1697722
2017-06-13Add Nova Vncproxy service to containerized deploymentSven Anderson2-0/+109
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481 Change-Id: Ifd138ea553a45a637a1a9fe3d0e946f8be51e119
2017-06-13Add Nova Consoleauth service to containerized deploymentSven Anderson2-0/+109
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481 Change-Id: I808a5513decab1bd2cce949d05fd1acb17612a42
2017-06-13Bind mount internal CA file to all containersJuan Antonio Osorio Robles1-12/+57
This will allow the services running in the containers to trust the CA. bp tls-via-certmonger-containers Change-Id: Ib7eb682da64473a651b34243c92ab76009964aba
2017-06-13Merge "Unblock CI by reverting to non-containerized HAProxy"Jenkins1-1/+0
2017-06-13Merge "Remove deprecated multinode-container-upgrade.yaml"Jenkins1-70/+0
2017-06-13Make network-isolation environment rendered for all rolesSteven Hardy14-59/+97
Currently there's some hard-coded references to roles here, rendering from the roles_data.yaml is a step towards making the use of isolated networks for custom roles easier. Partial-Bug: #1633090 Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db
2017-06-13Unblock CI by reverting to non-containerized HAProxyJiri Stransky1-1/+0
In change I90253412a5e2cd8e56e74cce3548064c06d022b1 we merged containerized HAProxy setup, but because of a typo in resource registry, CI kept using the non-containerized variant and it went unnoticed that the containerized HAProxy doesn't work yet. We merged a resource registry fix in Ibcbacff16c3561b75e29b48270d60b60c1eb1083 and it brought down the CI, which now used the non-working HAProxy. After putting in the missing haproxy container image to tripleo-common in I41c1064bbf5f26c8819de6d241dd0903add1bbaa we got further, but the CI still fails on HAProxy related problem, so we should revert back to using non-containerized HAProxy for the time being. Change-Id: If73bf28288de10812f430619115814494618860f Closes-Bug: #1697645