summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-06Add trigger to setup a LDAP backend as keystone domaineCyril Lopez3-0/+50
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo who will call a define in puppet-keysone ldap_backend.pp. Given the following environment: parameter_defaults: KeystoneLDAPDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. This also enables multi-domain support for horizon. Closes-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643 Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2017-04-05Merge "Disable core dump for setuid programs"Jenkins2-0/+14
2017-04-05Merge "Add params to tweak memory limit on mongodb"Jenkins2-0/+8
2017-04-04Merge "Remove kolla_config copy from services"Jenkins36-473/+133
2017-04-04Merge "Remove not-working all-in-one upgrade environment"Jenkins1-2/+0
2017-04-04Merge "Purge initial firewall for deployed-server's"Jenkins3-0/+12
2017-04-04Merge "Add ceilometer ipmi agent"Jenkins4-0/+82
2017-04-03Add params to tweak memory limit on mongodbPradeep Kilambi2-0/+8
The puppet-tripleo change was added in Ie9391aa39532507c5de8dd668a70d5b66e17c891. Closes-bug: #1656558 Change-Id: Ibe2e4be5b5dc953d8d4b14f680a460409db95585
2017-04-03Purge initial firewall for deployed-server'sJames Slagle3-0/+12
We need to purge the initial firewall for deployed-server's, otherwise if you have a default REJECT rule, the pacemaker cluster will fail to initialize. This matches the behavior done when using images, see: Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3 I0dee5ff045fbfe7b55d078583e16b107eec534aa Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911 Closes-Bug: #1679234
2017-04-03Remove kolla_config copy from servicesMartin André36-473/+133
Simplify the config of the containerized services by bind mounting in the configurations instead of specifying them all in kolla config. This is change is useful to limit the side effects of generating the config files and running the container is two separate steps as config directories are now bind-mounted inside the container instead of having files being copied to the container. We've seen examples of Apache's mod_ssl configuration file present on the container preventing it to start when puppet configured apache not to load the ssl module (in case TLS is disabled). Co-Authored-By: Ian Main <imain@redhat.com> Change-Id: I4ec5dd8b360faea71a044894a61790997f54d48a
2017-04-03Remove not-working all-in-one upgrade environmentSteven Hardy1-2/+0
This won't work because we need to change the state of UpgradeLevelNovaCompute and EnableConfigPurge during the upgrade - it should have been removed before release, which was an oversight. Removing this now to avoid further confusion in future. Change-Id: I16853cdec6c8fe6ad54f17ae2ad1e0460f1574ea Closes-Bug: #1679214
2017-04-03Merge "Qpid dispatch router composable role"Jenkins6-1/+75
2017-04-03Merge "Remove useless trailing '\n' in /etc/hosts file."Jenkins1-1/+1
2017-04-03Merge "Remove EC2 endpoint from EndpointMap"Jenkins2-83/+0
2017-04-03Merge "Change heat and mistral to use v3/ec2tokens url"Jenkins2-2/+10
2017-04-03Merge "Fixes port binding controller for OpenDaylight"Jenkins2-0/+46
2017-04-02Merge "Setting keystone region for tacker"Jenkins1-0/+1
2017-04-02Merge "Set auth flag so ceilometer auth is enabled"Jenkins3-0/+15
2017-04-01Merge "Add special case upgrade from openvswitch 2.5.0-14"Jenkins3-4/+11
2017-03-31Merge "Don't check haproxy if external load-balancer is used."Jenkins1-1/+13
2017-03-31Set auth flag so ceilometer auth is enabledPradeep Kilambi3-0/+15
Ceilometer Auth should be enabled even if ceilometer api is not. Lets decouple these, this flag will be used in puppet-tripleo where ceilometer::keystone::auth class is initialized. Change-Id: Iffebd40752eafb1d30b5962da8b5624fb9df7d48 Closes-bug: #1677354
2017-03-31Add special case upgrade from openvswitch 2.5.0-14marios3-4/+11
In [1] we removed the previously used special case upgrade code. However we have since discovered that for openvswitch 2.5.0-14 the special case is still required with an extra flag to prevent the restart. This adds the upgrade code back into the minor update and 'manual upgrade' scripts for compute/swift. The review at If998704b3c4199bbae8a1d068c31a71763f5c8a2 is adding this logic for the ansible upgrade steps. Related-Bug: 1669714 [1] https://review.openstack.org/#/q/59e5f9597eb37f69045e470eb457b878728477d7 Change-Id: I3e5899e2d831b89745b2f37e61ff69dbf83ff595
2017-03-31Merge "Add missing ec2api::api::keystone_ec2_tokens_url config"Jenkins1-0/+5
2017-03-31Setting keystone region for tackerDan Radez1-0/+1
Change-Id: I170b7e4cff66f0a4b1b6d5735f93c9f0295a5ac5
2017-03-31Remove EC2 endpoint from EndpointMapJuan Antonio Osorio Robles2-83/+0
We are removing this in favor of just using the keystone uri and appending /ec2tokens Change-Id: Idab78d61f3931818aa91faad2d68c1fe20f68db6
2017-03-31Change heat and mistral to use v3/ec2tokens urlJuan Antonio Osorio Robles2-2/+10
They were using v2.0 and we're getting rid of v2.0/ec2tokens in the EndpointMap. Change-Id: Ib9fbbdb0144bb4e250c561613bba6219506ff30f
2017-03-30Merge "Re-Add bigswitch agent support"Jenkins5-1/+69
2017-03-30Merge "Output service_metadata_settings in docker services.yaml"Jenkins1-0/+2
2017-03-30Merge "Do not install openstack-heat-agents"Jenkins1-1/+0
2017-03-30Merge "[N->O] Fix wrong database connection for cell0 during upgrade."Jenkins2-1/+11
2017-03-30Merge "[N->O] is creating 2 default cell_v2 cells"Jenkins1-4/+4
2017-03-30Merge "Add NodeCreateBatchSize parameter"Jenkins1-0/+8
2017-03-30Don't check haproxy if external load-balancer is used.Sofer Athlan-Guyot1-1/+13
Change-Id: Ia65796b04be9f7cadc57af30ef66788dd8cb7de8 Closes-Bug: 1677539
2017-03-30Merge "Run cluster check on nodes configured in wsrep_cluster_address."Jenkins1-9/+13
2017-03-30Output service_metadata_settings in docker services.yamlJuan Antonio Osorio Robles1-0/+2
This output gets nova metadata into the servers this is deployed to and is necessary for the TLS-everywhere work. bp tls-via-certmonger-containers Change-Id: Iff54f7af9c63a529f88c6455047f6584d29154b4
2017-03-30Merge "Include panko in the default dispatcher"Jenkins2-1/+5
2017-03-30Merge "Allow to configure policy.json for OpenStack projects"Jenkins24-4/+160
2017-03-30Do not install openstack-heat-agentsSteve Baker1-1/+0
Installing openstack-heat-agents is unnecessary since it has the same effect as installing python-heat-agent-* which happens on the next line. Installing openstack-heat-agents is causing issues when mixing ocata and master repos, since there hasn't been a release on master since ocata was branched. Change-Id: I1a75e16810b6a89cf1dd9ff4f4b3b5dccfc0466e Closes-Bug: #1677278
2017-03-29Add ceilometer ipmi agentPradeep Kilambi4-0/+82
Closes-Bug: #1662679 Change-Id: I3446d59b89d43859caedd2be4583099374944379
2017-03-29Qpid dispatch router composable roleJohn Eckersberg6-1/+75
Note: since it replaces rabbitmq, in order to aim for the smallest amount of changes the service_name is called 'rabbitmq' so all the other services do not need additional logic to use qdr. Depends-On: Idecbbabdd4f06a37ff0cfb34dc23732b1176a608 Change-Id: I27f01d2570fa32de91ffe1991dc873cdf2293dbc
2017-03-29Merge "Modify pci_passthrough hiera value as string"Jenkins2-2/+10
2017-03-28Allow to configure policy.json for OpenStack projectsEmilien Macchi24-4/+160
For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
2017-03-28Include panko in the default dispatcherPradeep Kilambi2-1/+5
panko is enabled by default, we might as well make it the default dispatcher along with gnocchi. Closes-bug: #1676900 Change-Id: Icb6c98ed0810724e4445d78f3d34d8b71db826ae
2017-03-28Merge "Remove 'Controller' role references from overcloud.j2.yaml"Jenkins1-6/+6
2017-03-28Merge "N->O upgrade, blanks ipv6 rules before activating it."Jenkins1-0/+6
2017-03-28Merge "N->O Upgrade, make sure all nova placement parameter properly set."Jenkins1-3/+6
2017-03-28Merge "Stop openstack-nova-compute during nova-ironic upgrade"Jenkins1-0/+4
2017-03-28Merge "Only set EnableConfigPurge on major upgrades"Jenkins7-9/+13
2017-03-28Merge "Updated from global requirements"Jenkins2-2/+2
2017-03-28Merge "Swift auth url should use a suffix"Jenkins1-1/+1