Age | Commit message (Collapse) | Author | Files | Lines |
|
Configure Keystone credentials by installing 2 keys with dynamic content
generated by python-tripleoclient.
Note: this is a first iteration of managing Keystone credentials. It has
a few limitations:
- keys are not exported to external storage.
- keys are not rotated automatically.
Change-Id: I45cf8821eadf528dfcdc8d74e6e0484597b0d2c0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Some network configurations uncovered what appears to be an issue where
a spurious 802.1q header is injected into tunnelled traffic. Adjusting
the default value to accomodate the extra overhead should avoid this
problem.
Partial-Bug: #1621533
Change-Id: I9ebad2d6ad34d90fcb998497873059995cdef276
|
|
These are identical for all roles, so move them into the per-role
loop
Partially-Implements: blueprint custom-roles
Change-Id: Id85b830a0e225912a3ea8c8b17a11fc424f68bb0
|
|
These are identical for all roles, so move them into the per-role
loop
Partially-Implements: blueprint custom-roles
Change-Id: I0a9918d5a2e9a73fe3ac68a96bdee02e95799bc1
|
|
The first step of generating the Service chain resources via j2,
we'll then incrementally convert other resources to be created
in a similar way.
Partially-Implements: blueprint custom-roles
Depends-On: I81239991f36ed5f6453184bf9cffe930832cb68b
Change-Id: Iafa9b2afddf18a5a9833ec472a552fb256338b38
|
|
|
|
|
|
|
|
|
|
These per-role parameters are already handled inside the role templates
Change-Id: Ie71c8670ea427ea9c7d94680cff143ad9d524b7a
Partially-Implements: blueprint custom-roles
|
|
To enable steps to be aligned between roles, we need to define
dependencies between the steps, which is only possible if we
move the steps out of distinct nested stacks so we can use
depends_on to serialized the steps for all roles.
Note that we may be able to further refactor later to remove the
per-role -config.yaml nested stacks as well.
Change-Id: Ia2ea559e8eeb64763908f75705e3728ee90b5744
Partially-Implements: blueprint custom-roles
|
|
|
|
|
|
|
|
The management network does not have a VIP, so it's been wrong to
generate a cloud name and hieradata for this. Instead, the network
that actually needs a name and a hosts entry is the ctlplane network,
which actually has a VIP and there are services that use it.
bp tls-via-certmonger
Closes-Bug: #1621742
Change-Id: I163b2c7b5684da6dc290636f54eefe3f2b0c3e3f
|
|
Make use of the new composable per-service node_ips lists by
adding a ServiceNetMap entry for SwiftStorage, then
pass the data to construct the raw device list into puppet-tripleo
instead of mangling it in t-h-t inside the role templates.
This will allow running swift storage services on nodes other than
the Controller and ObjectStorage roles, and is required to enable
custom roles.
Depends-On: I11deed1df712ecccf85d36a75b3bd2e9d226af36
Change-Id: I1bf5f8a9d34b1a5d64ab8656b386226b54ec1a27
Partially-Implements: blueprint custom-roles
|
|
|
|
This patch introduces a parameter to allow customizing the Neutron
OpenvSwitch agent's firewall driver configuration.
Closes-Bug: 1618507
Change-Id: I595c392f7a1afe2164bf562224d9eda9b3dfa982
|
|
|
|
Keystone doesn't provide different flags to indicate that both of its
endpoints are enabled. So currently we have to manually add its
network to all-nodes-config.
bp tls-via-certmogner
Change-Id: Ibecd78706e84853107f698ba411a0c05e6f5be52
|
|
|
|
Include the neutron-base service definition to align pull in common
configurations. This might not be *absolutely* necessary as any required
common configuration would likely already be added by and OVS agent
service, etc. but it's better to be safe than sorry and it does keep
things consistent across the Neutron services.
Implements: blueprint tripleo-sriov
Change-Id: I10a9d9b29760475e6cd75e4057051c75a52ffbb7
|
|
This will aid us in using FQDNs instead of IPs if DNS is not set. If
the deployer already has DNS set up, they can easily disable this
profile by adding the use-dns-for-vips.yaml environment file.
bp tls-via-certmonger
Change-Id: I8c1b3f253d0149d575171c208f9a1342a7b26450
Depends-On: I1bdb2701dfb3e7ef072e674c9882d3be5af7296c
|
|
The nodes need to be aware of the fqdn's for the specific endpoints
in the cloud. This could be either to set the entries in /etc/hosts
or to select an appropriate hostname for a certificate to be
generated.
bp tls-via-certmonger
Change-Id: I9b4645b937a344f46ec18a9a68c5afa2bc5206d0
|
|
We recently made changes that add data to allNodesConfig, but
we didn't wire the files into the hierarchy on all roles.
Change-Id: I8e838b02bd982e600af54b14350106322244890a
Closes-Bug: #1620485
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Update OpenContrail loadbalancer plugin value to match with Newton
changes.
Closes-Bug: #1620657
Change-Id: I48f1884b95e590c0588c52419ec152bd08bc3992
|
|
|
|
puppet aodh auth type defaults to password type and v2
auth_url doesnt work with domain. This fixes the url to
not include suffix.
Change-Id: I46d53e748d8932ed1183bedbdeb5eefcde679f9e
|
|
Previously we weren't creating Redis VIP in keepalived, causing Redis to
be unusable in non-HA deployments. This is now fixed.
Depends-On: I0bb37f6fb3eed022288b2dcfc7a88e8ff88a7ace
Change-Id: I0ecfda1e6ad5567f6f58d60bf418bc91761833ab
Closes-Bug: #1618510
|
|
Move Redis VIP from controller-only to all nodes so that we don't assume
where Redis is deployed.
Change-Id: I55f8d48e3e077951fbcc88158dd6f21a2fe5f457
Related-Bug: #1618510
Partially-Implements: blueprint custom-roles
|
|
|
|
This adds a mapping of which service is on which network. This
information can be used to fetch a certificate depending on the
network (since they use different hostnames).
Change-Id: I176245da591bea28aeabf3d2b552f24456c98c43
|
|
|
|
- Config
- Control
- Analytics
- Database
- Webui
For puppet modules see https://review.openstack.org/#/c/348905
Implements: blueprint contrail-services
Depends-On: I8de63b6e21f8fdf3c2fd13bf5475cce4a85311d6
Change-Id: I7325b4268c4bec5eb7b777ea2a0639d7a8553e93
|
|
|
|
|
|
|