Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
This is working, so we add it to the list.
bp tls-via-certmonger-containers
Change-Id: Ib545d4e6c130b73b4921eb9b6325d2e8d6ff1e2c
|
|
bind mount the certificates needed for TLS.
bp tls-via-certmonger-containers
Change-Id: Ib9b533249be37665b77396a76133cc42fd15ee2b
|
|
|
|
Add a docker service template to provide containerized services
logs rotation with a crond job.
Add OS::TripleO::Services::LogrotateCrond to CI multinode-containers
and to all environments among with generic services like Ntp or Kernel.
Set it to OS::Heat::None for non containerized environments and
only enable it to the environments/docker.yaml.
Closes-bug: #1700912
Change-Id: Ic94373f0a0758e9959e1f896481780674437147d
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
gnocchi-statsd needs access to ceph config. lets mount the
ceph config files so it doesnt throw conf_read_file errors.
Change-Id: I1426d580c8d8d60e986ca859f89eeb8799ab6bd2
|
|
Change-Id: Ied1d57cd187ffe480912a3820587952aa88936c3
|
|
|
|
|
|
Swift is already deployed on scenario002, and we want to keep
basic multinode as basic as possible with only the minimum so it runs
faster and we can use it for early tests in our CI.
Change-Id: I6d2f434305d7ca0d704a9454b758670c39a0af4a
|
|
|
|
ceph-ansible will take care of setting up client keys both
in ceph and on client side. It will also create filesystem
for manila. To assure that manila manifest can work in future
both with puppet and with ceph-ansible, creation of filesystem
is moved to ceph-mds manifest and creation of manila key on ceph
side is moved to ceph-base (so manila key is always created),
manila key is added to ceph-external for external ceph deployments.
Key creation is removed from manila.pp in patch
I2b5567a39ac8737e80758b705818cc1807dc8bf1
Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68
Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
|
|
|
|
We need to tag the HA containers with a special tag so
that the RA definition never changes. We do this step in THT
as opposed to puppet because we need to guarantee
that all images are tagged on all nodes *before* step 2 where the bundle
gets created.
NB: Getting the image name without the tag will require some more
yaql work to get all the cases right. Right now this works only
if we enforce that the image has a ':tag' at the end of the name.
So far this is always the case. If things change we will need to
amend this code.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Change-Id: I362e6cf26fba77d3f949b7d2fc4b35a3eab9087e
|
|
Bind mounts and adds the appropriate permissions for the cert and
key that's used for TLS.
bp tls-via-certmonger-containers
Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813
Change-Id: I48325893a00690e2f5d6f1d685f903234545d5b8
|
|
This is addressed by the patch this depends on.
bp tls-via-certmonger
Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813
Change-Id: Ibecc461b0c9af02500f590a1f7469d7e4ff20d95
|
|
Updates ci/environments/scenario001-multinode-containers.yaml
to use ceph-ansible instead of puppet-ceph.
Change-Id: Idbd02a3c7404daecdc6e2c45ea6d3478bf70552c
Depends-On: Ifa4937624ed14a3ece48dd92ba4f69b5e4928e77
|
|
|
|
|
|
|
|
This sets the flag that tells the horizon manifest to use TLS for the
configuration.
bp tls-via-certmonger
Depends-On: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e
Change-Id: I13d59e7663538884b34b5a910b741de8721abbb9
|
|
|
|
|
|
|
|
I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7 changed nova api to http from
eventlet, however we need to continue running the eventlet service as
it is required for the nova metadata api.
However this should be tied to the OS::TripleO::Services::NovaMetadata
service, so duplicate the required config in nova-metadata.yaml.
Change-Id: I398575d565d5527bcaa1c8b33b9de2e1e0f2f6fd
Depends-On: Id3407e151566d16c6ae1e1ea8c1b021dac22e727
Closes-bug: #1711425
|
|
|
|
|
|
Workaround systems getting registered as "localhost" during
RHEL registration if they don't have a fqdn set by first
rm'ing the /etc/rhsm/facts directory. When the directory does not
exist, the katello-rshm-consumer which runs when installing
the katello-ca-consumer will not set the hostname.override fact to
"localhost".
Change-Id: Ia29aa9c775f715f9745bb7e1e4022cc395a7d092
Partial-Bug: #1711435
|
|
This also tells the neutron metadata agent to use TLS for contacting
nova-metadata.
bp tls-via-certmonger
Depends-On: I97ac2da29be468c75713fe2fae7e6d84cae8f67c
Depends-On: I9df395dc699090bd73265d10395e155e9b8adb26
Change-Id: I9a8c54f6e052852b8f9d06a42da87773f4da3a15
|
|
This is needed for TLS everywhere, else the certs won't be requested.
Change-Id: I9849e009843683a75fefa6e9f4b8213bcff3a889
Closes-Bug: #1711424
|
|
|
|
|