Age | Commit message (Collapse) | Author | Files | Lines |
|
We need to remove the hard-coded roles from overcloud.j2.yaml
as now it's valid to e.g remove BlockStorage completely.
The previous behavior for the per-role upgrade scripts is maintained
but we'll need to rework this for newton->ocata upgrades where we
can no longer be sure the servers mapping will contain all roles.
Change-Id: I25e6c84757e3c00fba2aae834cd8206c62e44acf
Partially-Implements: blueprint custom-roles
|
|
Refactor so the post-deploy steps recently moved into
puppet/post.yaml are generated by jinja2 instead of hard-coded
Change-Id: I488e46aaa449c95571bd3d1de9513c3d0730baf3
Partially-Implements: blueprint custom-roles
|
|
|
|
|
|
To support custom roles we need to generate these lists of role
specific data.
Change-Id: Ide97cd57d1c07f7f7ff260ff7a6bbe2b71753bd0
Partially-Implements: blueprint custom-roles
|
|
This moves the now nearly identical group resources inside the loop
there's a FIXME related to some deprecated compute parameters we'll
need to work around.
Change-Id: Iddd63c42754867125e65e7721ab9d9f46f4d6afb
Partially-Implements: blueprint custom-roles
|
|
|
|
|
|
|
|
|
|
This is done in the vncproxy profile, but for some reason is not in
the compute one. It causes hiera to explode when the brackets are
left, so we need to do the bracket stripping here too.
Also switches both places to just use the host_nobrackets version
of the endpoint instead of stripping them with str_replace.
Change-Id: I7ccd84b575fd652f6412fdb1869c31c79a7bf53b
Closes-Bug: 1618623
|
|
Configure Keystone credentials by installing 2 keys with dynamic content
generated by python-tripleoclient.
Note: this is a first iteration of managing Keystone credentials. It has
a few limitations:
- keys are not exported to external storage.
- keys are not rotated automatically.
Change-Id: I45cf8821eadf528dfcdc8d74e6e0484597b0d2c0
|
|
There was currently no way of getting it and we can't asure that the
primary IP will use it. So it's explicitly needed there.
Change-Id: Idb3ca22ac136691b0bff6f94524d133a4fa10617
|
|
|
|
|
|
|
|
This is necessary for when HAProxy is terminating TLS for manila,
else we will have keystone discovery errors. This is the same we do
for several other services, as manila uses the same middleware.
Change-Id: Ice78b0abceb6a956bb8c1dc6212ee1b56b62b43f
|
|
Change-Id: I8fc855833e8c602e94d0e8b330a713de1c98f901
|
|
|
|
This patch add support for deploying Ceph RGW.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: I88c8659a36c2435834e8646c75880b0adc52e964
|
|
these are needed if we want to be able to generate which nodes the
service and which VIP are they binding to.
Change-Id: I9d40459406f15db3ad9229c75392c4d959d44b3b
Closes-Bug: #1621371
|
|
If these names don't match then we cannot set the service's nodes,
VIP and network.
Change-Id: I8f1c0eaf62eee2704a5f2556a553032106db606b
Closes-Bug: #1621368
|
|
|
|
|
|
|
|
|
|
|
|
Some network configurations uncovered what appears to be an issue where
a spurious 802.1q header is injected into tunnelled traffic. Adjusting
the default value to accomodate the extra overhead should avoid this
problem.
Partial-Bug: #1621533
Change-Id: I9ebad2d6ad34d90fcb998497873059995cdef276
|
|
These are identical for all roles, so move them into the per-role
loop
Partially-Implements: blueprint custom-roles
Change-Id: Id85b830a0e225912a3ea8c8b17a11fc424f68bb0
|
|
These are identical for all roles, so move them into the per-role
loop
Partially-Implements: blueprint custom-roles
Change-Id: I0a9918d5a2e9a73fe3ac68a96bdee02e95799bc1
|
|
The first step of generating the Service chain resources via j2,
we'll then incrementally convert other resources to be created
in a similar way.
Partially-Implements: blueprint custom-roles
Depends-On: I81239991f36ed5f6453184bf9cffe930832cb68b
Change-Id: Iafa9b2afddf18a5a9833ec472a552fb256338b38
|
|
|
|
|
|
|
|
|
|
These per-role parameters are already handled inside the role templates
Change-Id: Ie71c8670ea427ea9c7d94680cff143ad9d524b7a
Partially-Implements: blueprint custom-roles
|
|
To enable steps to be aligned between roles, we need to define
dependencies between the steps, which is only possible if we
move the steps out of distinct nested stacks so we can use
depends_on to serialized the steps for all roles.
Note that we may be able to further refactor later to remove the
per-role -config.yaml nested stacks as well.
Change-Id: Ia2ea559e8eeb64763908f75705e3728ee90b5744
Partially-Implements: blueprint custom-roles
|
|
|
|
|
|
|
|
The management network does not have a VIP, so it's been wrong to
generate a cloud name and hieradata for this. Instead, the network
that actually needs a name and a hosts entry is the ctlplane network,
which actually has a VIP and there are services that use it.
bp tls-via-certmonger
Closes-Bug: #1621742
Change-Id: I163b2c7b5684da6dc290636f54eefe3f2b0c3e3f
|
|
Make use of the new composable per-service node_ips lists by
adding a ServiceNetMap entry for SwiftStorage, then
pass the data to construct the raw device list into puppet-tripleo
instead of mangling it in t-h-t inside the role templates.
This will allow running swift storage services on nodes other than
the Controller and ObjectStorage roles, and is required to enable
custom roles.
Depends-On: I11deed1df712ecccf85d36a75b3bd2e9d226af36
Change-Id: I1bf5f8a9d34b1a5d64ab8656b386226b54ec1a27
Partially-Implements: blueprint custom-roles
|
|
|
|
This patch introduces a parameter to allow customizing the Neutron
OpenvSwitch agent's firewall driver configuration.
Closes-Bug: 1618507
Change-Id: I595c392f7a1afe2164bf562224d9eda9b3dfa982
|
|
|
|
Keystone doesn't provide different flags to indicate that both of its
endpoints are enabled. So currently we have to manually add its
network to all-nodes-config.
bp tls-via-certmogner
Change-Id: Ibecd78706e84853107f698ba411a0c05e6f5be52
|
|
|
|
map_merge in heat templates should start with hypen for
each map group, few templates are missing the hypen for the
second map group, which is added in this patch
Closes-Bug: #1621008
Change-Id: I307fdd7afc374cce46d6e378594f1b688b9fd4f6
|
|
Include the neutron-base service definition to align pull in common
configurations. This might not be *absolutely* necessary as any required
common configuration would likely already be added by and OVS agent
service, etc. but it's better to be safe than sorry and it does keep
things consistent across the Neutron services.
Implements: blueprint tripleo-sriov
Change-Id: I10a9d9b29760475e6cd75e4057051c75a52ffbb7
|
|
This will aid us in using FQDNs instead of IPs if DNS is not set. If
the deployer already has DNS set up, they can easily disable this
profile by adding the use-dns-for-vips.yaml environment file.
bp tls-via-certmonger
Change-Id: I8c1b3f253d0149d575171c208f9a1342a7b26450
Depends-On: I1bdb2701dfb3e7ef072e674c9882d3be5af7296c
|