summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-08-08Remove outdated Neutron auth optionsSergey Kolekonov1-3/+1
Currently Keystone auth plugins should be used to perform authorization. admin_* parameters as well as identity_uri are deprecated and not needed Change-Id: I3018932a106df562e94067e037b3bc862be97b51
2016-08-08Merge "Convert AllNodesConfig hosts config to a map"Jenkins2-29/+18
2016-08-08Merge "Add EnabledServices output to overcloud.yaml"Jenkins1-0/+8
2016-08-06Add Sahara services to ControllerServices listSteven Hardy8-37/+44
https://review.openstack.org/#/c/318840/ decomposed the Sahara services but they weren't added to the ControllerServices list, thus are now disabled. Since we shipped mitaka with sahara enabled by default, we should probably add them so the behavior is consistent when folks upgrade. This also fixes a couple of issues we missed when landing the initial service templates (partly because CI didn't test them). In order for each service to operate independently when used with Pacemaker, the roles needed to be separated. This commit also does this. Depends-On: Id61eb15b1e2366f5b73c6e7d47941651e40651b1 Change-Id: I0846b328e9d938275e373d58f0b99219b19b326c Closes-Bug: #1592284 Co-Authored-By: Brad P. Crochet <brad@redhat.com>
2016-08-05Merge "Remove keystone PKI related parameters"Jenkins1-16/+0
2016-08-05Add Aodh composable rolesPradeep Kilambi17-212/+224
Implements: blueprint composable-services-within-roles Depends-On: Ie48a123cc5bc402aee635a5daf118b158c6f3b6a Closes-Bug: #1601850 Change-Id: Ifcfe0e3937fa8577635d803d46c3dfc2e873e553
2016-08-05Merge "Add environment file to enable DVR"Jenkins7-0/+86
2016-08-05Remove keystone PKI related parametersSteven Hardy1-16/+0
These interfaces have all been deprecated by keystone, and we don't offer any parameter interface to select PKI token format anyway, so remove these to align with keystone reccomendations. The keystone.conf.sample says these values may be silently ignored or removed, so it seems reasonable to do the same here (parameter_defaults should be ignored from old stacks). Change-Id: Ic88d584863a98ed49fc335825fbfba7a52b0f14e Depends-On: I8232262b928c91dcde7bea2f23fa2a7c2660719e
2016-08-05Merge "Move *Image parameters into role templates"Jenkins6-45/+19
2016-08-05Merge "Remove KeyName parameter from overcloud template"Jenkins1-10/+0
2016-08-05Merge "Move per-role *SchedulerHints parameters into role templates"Jenkins6-35/+10
2016-08-04Merge "Next generation HA architecture work"Jenkins11-37/+19
2016-08-04Merge "Remove some properties from overcloud.yaml Controller group"Jenkins1-127/+1
2016-08-04Add environment file to enable DVRBrent Eagles7-0/+86
This patch adds support for conditionally enabling DVR by deploying the L3 and metadata agents on the compute node and setting the proper configuration values throughout. Implements: blueprint neutron-dvr-support Change-Id: I24099795e76ecd520c990ba49d3511288dec7a12
2016-08-04Next generation HA architecture workMichele Baldessari11-37/+19
This is the THT part that brings us the next generation architecture as described in the following spec: https://review.openstack.org/#/c/299628/ Blueprint: https://blueprints.launchpad.net/tripleo/+spec/ha-lightweight-architecture So far we tested deployment + tripleo.sh --overcloud-pingtest and failover + tripleo.sh --overcloud-pingtest Note that many of the Pacemaker template files become redundant with this change, but to simplify the process of getting this change landed, those templates will not be removed until a future commit. Depends-On: I5e7585c08675d8a4bd071523b94210d325d79b59 Change-Id: I00bccb2563c006f80baed623b64f1e17af20dd4e Implements: blueprint ha-lightweight-architecture Co-Author: cmsj@tenshu.net
2016-08-04Merge "Replace hard-coded regionOne with parameter references"Jenkins2-3/+7
2016-08-03Merge "Enable Manila integration - as a composable controller service"Jenkins15-1/+475
2016-08-03Replace hard-coded regionOne with parameter referencesSteven Hardy2-3/+7
In a few places we hard-code the config values to regionOne, but there is a parameter available to set this. Change-Id: I9f5138103deb45f7432ee44e03a08dcf54c2990d
2016-08-02Enable Manila integration - as a composable controller serviceRyan Hefner15-1/+475
Allows the installation and configuration of Manila. Supports the generic driver only. This has a dependency on the puppet-tripleo classes for manila where the puppet specific config now lives. The review at https://review.openstack.org/#/c/315658/ has been merge into this one, as of v68, so manila lands as a composable service. This was brought up on the mailing list at [1] [1] http://lists.openstack.org/pipermail/openstack-dev/2016-May/096126.html Co-Authored-By: Marios Andreou <marios@redhat.com> Implements: blueprint composable-services-within-roles Depends-On: I444916d60a67bf730bf4089323dba1c1429e2e71 Depends-On: I9eda4b3364e5c59342761a1ec71b0eb567c69cf1 Depends-On: I571b65a5402c1028418476a573ebeb9450ed00c9 Change-Id: I7acebac4354fca1f8d7ff6c343c1346bf29b81c6
2016-08-01Merge "Enable glance to use the SSL middleware"Jenkins1-0/+1
2016-08-01Merge "Enable keystone to use the SSL middleware"Jenkins1-2/+1
2016-08-01Merge "Update heat-agents setup files"Jenkins2-30/+31
2016-08-01Merge "move hieradata/ceph into ceph-base service"Jenkins8-12/+17
2016-08-01Merge "Add default value for `RoleData`"Jenkins1-0/+3
2016-07-29Remove usage of ::nova class in THTEmilien Macchi2-26/+0
The ::nova class definition is now done in puppet-tripleo. Depends-On: Ie4e72e765f6a8ade48d4b2b766f067872554d1a2 Change-Id: Ic394e50aa2e288f12d7287a68ea5f691fb7ef07c
2016-07-29Enable glance to use the SSL middlewareJuan Antonio Osorio Robles1-0/+1
The http_proxy_to_wsgi middleware was recently added to glance as default in the pipeline [1]. We already enable this middleware for nova, cinder and heat. [1] I481d88020b6e8420ce4b9072dd30ec82fe3fb4f7 Change-Id: I4a8f7fc079ca93c50aa0ef7b0548dc64f6c5cfa0 Depends-On: I51fbc6050dfbdc72f7ee56a2d17dd5223a208a17
2016-07-29Enable keystone to use the SSL middlewareJuan Antonio Osorio Robles1-2/+1
The http_proxy_to_wsgi middleware was recently added to keystone as default in the pipeline [1]. So this takes it into use instead of the non-standard option we were using before, which will be deprecated. We already enable this middleware for nova, cinder and heat. [1] Iad628a863e55cbf20c89ef23ebc7527ba8e1a835 Depends-On: I0fec98a6e1d9c8be4d8b8df382b78ba2815790f9 Change-Id: I8c1b84adc828a2b8c9ea11c4e2b8349427b1b206
2016-07-29move hieradata/ceph into ceph-base serviceEmilien Macchi8-12/+17
Part of composable roles work, move hieradata/ceph into the ceph-base profile directly. Also add a comment in all hieradata files to stop adding more data and use composable services. Change-Id: I97cc22a253b547be6b99312b6072f53b428aae2c
2016-07-29Merge "Move constraints to their respective services"Jenkins1-36/+0
2016-07-29Merge "Stop passing charset=utf8 for neutron database connection option"Jenkins2-2/+2
2016-07-29Convert AllNodesConfig hosts config to a mapSteven Hardy2-29/+18
Currently we have hard-coded parameters for each role, but to enable custom roles, we need to pass a generic hosts list that can be joined for all enabled roles. Change-Id: I0606f462ff61c3a541342b63fee7d46ebfd1f4e0 Partially-Implements: blueprint custom-roles
2016-07-29Add EnabledServices output to overcloud.yamlSteven Hardy1-0/+8
This is essentially the same data as defined in the *Services parameter, but it shows what's enabled for all roles in the format output from the service templates, so is useful for debugging, and possibly for things like conditional endpoint generation in future. Change-Id: Ia4b1694e419533b05d2757d2925471cae75fb5b6
2016-07-29Merge "Filter null/None service names"Jenkins1-2/+7
2016-07-29Update heat-agents setup filesFlavio Percoco2-30/+31
This patch moves the image pull step out of the service heat-agent service script to ease the service init process and to make it more reliable. By doing this outside of the service script, it's possible to know when the `firstboot` script failed and report back. It also updates the firstboot yaml file to point to the `tripleoupstream` org. Co-Authored-By: Flavio Percoco <flavio@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I2f0b8092ec69320ee370e1d7d20b8c15c95a1d0d
2016-07-29Add default value for `RoleData`Flavio Percoco1-0/+3
This just adds a default value for `RoleData` in docker/compute-post.yaml Change-Id: I96a01dc22e03980b93b32f0f9990f35b83ecfb24
2016-07-29Move constraints to their respective servicesMichele Baldessari1-36/+0
The openstack-core-then-httpd constraint needs to live in the apache pacemaker manifest and not in the main controller manifest file. The same goes for those specific vsm/cisco neutron resources. Change-Id: Ifce6c253db004a98f8feb51b84a2f1731253f178 Depends-On: I2041d4d163f051427b62eec07b8345ad7006cc1d
2016-07-29Merge "We don't need to set a default for the CephX keys and cluster FSID"Jenkins3-6/+0
2016-07-29Merge "Convert service_name to underscore syntax"Jenkins95-95/+96
2016-07-29Merge "Move nova constraints from controller manifest to each service"Jenkins1-82/+0
2016-07-28We don't need to set a default for the CephX keys and cluster FSIDGiulio Fidente3-6/+0
Change-Id: I28021f27a5adc8433df8abdadf0b571b20674fa6 Partial-Bug: 1607407
2016-07-28Convert service_name to underscore syntaxSteven Hardy95-95/+96
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml we have a lot of references to services (e.g for AllNodesConfig) by underscore, e.g cinder_api. To enable dynamic generation of this data, we need the service name in underscore format. Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-28Merge "Allow to manually disable post-puppet restarts"Jenkins4-13/+34
2016-07-28Merge "Create role for the fake openstack-core resource"Jenkins4-0/+23
2016-07-27Move nova constraints from controller manifest to each serviceMichele Baldessari1-82/+0
Currently we are still creating all the pacemaker constraints for nova in the main overcloud_controller_pacemaker.pp manifest file. Let's move those to each role where they belong. Note that given that a constraint depends on two separate pacemaker resources it is a bit arbitrary in which file they end up being (the one of the first resource or the second one). Depends-On: I96a3a313d15fac820b020feae0568437c2cbade3 Change-Id: I4f15485b1f355b3b38fc6c16552f204aa8bba7bc
2016-07-27Create role for the fake openstack-core resourceGiulio Fidente4-0/+23
Change-Id: Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8 Depends-On: I16a786ce167c57848551c7245f4344c382c55b3d
2016-07-27Migrate Puppet Hieradata to composable servicesEmilien Macchi42-302/+242
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml except for some services that are not composable yet. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-27Move *Image parameters into role templatesSteven Hardy6-45/+19
We've got some inconsistent naming here, but I'm not attempting to fix that yet, only move the current parameters inside each role template. This should be backwards compatible because the parameter names don't change, but also enable progress on custom-roles. We can figure out a strategy for deprecating these and aligning per-role parameter naming in a subsequent patch. Also moves ImageUpdatePolicy, which wasn't consistently passed to all roles anyway, and aligns the default image and constraints for each role. Change-Id: I85ec979934df220acbab9f7c3a6055f23e3bfc29 Partially-Implements: blueprint custom-roles
2016-07-27Remove KeyName parameter from overcloud templateSteven Hardy1-10/+0
This is already defined in all the per-role templates and is passed via parameter_defaults: Change-Id: Ifde54d3d29a3f0754f0f05740d6b6030aa871d38 Partially-Implements: blueprint custom-roles
2016-07-27Move per-role *SchedulerHints parameters into role templatesSteven Hardy6-35/+10
To enable custom roles, move these into the role templates where they can be passed via parameter defaults. Because the Compute role uses an inconsistent NovaCompute naming, these parameters cannot be generated in overcloud.yaml, so moving them enables backwards compatibility to be maintained when we move to a fully jinja generated overcloud (e.g including the role ResourceGroup resources) Change-Id: I3f9b2275f2b1daeb8b83f09548a089dadcfe9eee Partially-Implements: blueprint custom-roles
2016-07-27Remove some properties from overcloud.yaml Controller groupSteven Hardy1-127/+1
Remove those parameters which simply shadow parameters defined in puppet/controller.yaml, these can be passed via parameter_defaults, which is the default. The remaining properties are more tricky so will be handled via subsequent patches. Partially-Implements: blueprint custom-roles Change-Id: I9bbbd12631de8cb1ad83e265f6ddc9e942dff9ab