summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2015-09-17Port Cisco Nexus/UCSM ExtraConfig to AllNodesSteven Hardy3-144/+328
Switch the implemention from a pre_deploy ExtraConfig to an AllNodesExtraConfig, so we can collect the mac->hostname mapping for all nodes, then calculate a NexusConfig based on that and a provided mapping of switch ports to mac address. The same conversion is also done to the NetworkUCSMHostList: The port mappings are provided via parameter_defaults like: parameter_defaults: NetworkNexusConfig: { "bxb-tor-1": { "username": "admin", "ssh_port": 22, "password": "lab", "ip_address": "10.86.7.204", "nve_src_intf": 0, "physnet": "datacentre", "servers": { "fa:16:3e:fa:be:ef": "1/11", "fa:16:3e:fa:5e:cf": "1/23", "fa:16:3e:fa:12:34": "2/34" } } } NetworkUCSMHostList: 'fa:16:3e:fa:be:ef:profile1' This results in an entry like this appended to /etc/puppet/hieradata/neutron_cisco_data.yaml: neutron::plugins::ml2::cisco::nexus::nexus_config:\ {"bxb-tor-1": {"username": "admin", "nve_src_intf": 0, "ssh_port": 22, "servers": {"overcloud-compute02": "2/34", "overcloud-compute01": "1/23", "overcloud-control01": "1/11"}, "password": "lab", "ip_address": "10.86.7.204", "physnet": "datacentre"}} neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: overcloud-control01:profile1 Co-Authored-By: Rob Pothier <rpothier@cisco.com> Co-Authored-By: Tim Swanson <tiswanso@cisco.com> Change-Id: I372c3ffb6bd85b7239fcb9f3fc4fa51cd4a39332
2015-09-17Add "AllNodes" ExtraConfig interfaceSteven Hardy6-6/+244
Adds hook to enable additional "AllNodes" config to be performed prior to applying puppet - this is useful when you need to build configuration data which requires knowledge of all nodes in a cluster, or of the entire deployment. As an example, there is a sample config template which collects the hostname and mac addresses for all nodes in the deployment then writes the data to all Controller nodes. Something similar to this may be required to enable creation of the nexus_config in https://review.openstack.org/#/c/198754/ There's also another, simpler, example which shows how you could share the output of an OS::Heat::RandomString between nodes. Change-Id: I8342a238f50142d8c7426f2b96f4ef1635775509
2015-09-17Merge "Big Switch Neutron ML2 plugin integration"Jenkins5-0/+111
2015-09-17Merge "network validation to ping test each interface"Jenkins5-0/+110
2015-09-17Merge "Add YAML sanity check"Jenkins2-0/+49
2015-09-16Merge "Set pacemaker default resource-stickiness"Jenkins2-0/+4
2015-09-16Big Switch Neutron ML2 plugin integrationJiri Stransky5-0/+111
Add support for Big Switch Neutron ML2 plugin. Makes sure that the package is present and sets up the [restproxy] section in ml2_conf.ini. This also adds support for setting the ovs_use_veth option in l3_agent.ini. There is no support for this in puppet-neutron l3 class and it probably doesn't make sense adding it there, because this setting isn't relevant for all l3 agent drivers, it's specific to OVSInterfaceDriver. The ovs_use_veth option is also added to dhcp_agent.ini. Change-Id: I99635e25b2099dacce68154fe14693d6f06ac19f
2015-09-16Merge "Enable Cisco Nexus and UCSM plugins"Jenkins5-0/+184
2015-09-16Merge "Add 4 pacemaker constraints for keystone"Jenkins1-0/+37
2015-09-15Merge "Ensure mysql root can only connect from localhost"Jenkins1-0/+1
2015-09-15Enable Cisco Nexus and UCSM pluginsRobert Pothier5-0/+184
This enables support for the Cisco UCS Manager and Cisco Nexus plugins Change-Id: I1bc28a4768d5d6857a0504ca1f77dd71259570b8
2015-09-15Add YAML sanity checkBen Nemec2-0/+49
Adds a "validate" tox env for basic sanity checking of templates. Currently it just validates that all of the .yaml files are in fact valid YAML. In the future we might want to add more, but this seemed like a reasonable start. Change-Id: I8091bbad0003b150e23dae5de4f465053c982229
2015-09-15Merge "switch to vxlan by default"Jenkins7-14/+14
2015-09-15Merge "Consume the NeutronMechanismDrivers from the hiera data"Jenkins2-0/+2
2015-09-11Merge "Set NetValueSpecs parameter types to Json"Jenkins5-5/+5
2015-09-10Merge "Set the nova scheduler ram_allocation_ration to 1.0"Jenkins3-0/+3
2015-09-09Merge "Don't add 'host' parameter to cinder.conf"Jenkins2-8/+0
2015-09-08Set NetValueSpecs parameter types to JsonDan Prince5-5/+5
The latest Heat API is a bit more strict in validating the datatypes for the OS::Neutron::Net value_specs. This patch converts the default parameter types for these from string to json. Change-Id: Iaad6ee6417d3ae55c52ffe2f4e6ed79124161923 Closes-bug: #1493502
2015-09-08Merge "Add NodeAdminUserData interface for "heat-admin" user"Jenkins7-5/+123
2015-09-07Don't add 'host' parameter to cinder.confDerek Higgins2-8/+0
As of I54a75652efd5e91464b84adf84004400b343c3a5 for rdb this is being done by the cinder puppet module. Change-Id: I109e139fcbb859a0d9ed99054656be94975d33b5
2015-09-05Set default KeystoneAdminApiNetwork to ctlplaneDan Prince1-1/+1
Moves the default KeystoneAdminApiNetwork setting to the ctlplane so that the undercloud will always have easy access to be able to configure endpoints. Change-Id: I1f6aba62b98820b678cce1ca16e72a0c3d045720
2015-09-05Keystone network isolation fixesDan Prince5-8/+25
This patch adds explicit nested stack parameters to help manage use of the Keystone Admin API vs. the Keystone Public API. We also add a new output parameter specifically for the Keystone admin API VIP. This can be useful when configuring keystone endpoints with network isolation. Change-Id: I2bd3e61570151e2faeee14ee09b03ad0b3208cc1
2015-09-05Merge "Support for using external Ceph clusters"Jenkins7-10/+143
2015-09-05Allow 'ctlplane' to be used within Net IP MapsDan Prince11-13/+75
When using network isolation you might want to selective move one of the services back to the default ctlplane network by simply using the ServiceNetMap parameter. This patch adds ctlplane to the output parameters for both the net_ip_map and net_ip_list_map nested stacks so that this is possible. As part of this patch we also split out the NetIpSubnetMap into its own unique nested stack so that the Heat input parameters for this stack are more clearly named. Change-Id: Iaa2dcaebeac896404e87ec0c635688b2a59a9e0f
2015-09-03Add NodeAdminUserData interface for "heat-admin" userSteven Hardy7-5/+123
Reinstates the heat-admin user via template user-data, which replaces the previous boothook injected user provided by the (deprecated now removed) heat instance_user option. This has some advantages over the heat.conf option, e.g it allows for much easier customzation of the user configuration (additional SSH keys, adding groups etc), and also in future if we support deploying more than one overcloud you could specify a different user per deployment. Co-Authored-By: Dan Prince <dprince@redhat.com> Change-Id: I2235b9690c01542d8a28ec1c1a4607de751aea29 Closes-Bug: #1229849
2015-09-02Set pacemaker default resource-stickinessJiri Stransky2-0/+4
This is required for HA to work correctly. Change-Id: I9faa8fd7bbbac67de5c468ab6fc4edb2260dffe7 Depends-On: https://github.com/redhat-openstack/puppet-pacemaker/pull/61
2015-09-02Set the nova scheduler ram_allocation_ration to 1.0Emilien Macchi3-0/+3
We don't have swap space enabled on overcloud-full deploys as discussed at https://bugs.launchpad.net/tripleo/+bug/1491335 The default is 1.5 so configure Virtual ram to physical ram allocation ratio to 1:1 so we don't allow overcommit. Related-Bug: 1491335 Change-Id: I58cfe6dc68e8615a5519428412dec8c653bd6093
2015-08-31Merge "Enable Keystone notifications"Jenkins5-0/+42
2015-08-31Add 4 pacemaker constraints for keystoneJiri Stransky1-0/+37
These were missing and are required for a correct deployment. Change-Id: I49a61d0ab2f750f2620927a40f798d11b241b2c0
2015-08-25Consume the NeutronMechanismDrivers from the hiera datamarios2-0/+2
This is passed from the heat templates as hiera data (defaulting to 'openvswitch') but never effected, meaning we get the puppet module default. Change-Id: I3f14cdce9b9bf278aa9b107b2d313e1e82a20709 Closes-Bug: 1488176
2015-08-21switch to vxlan by defaultMike Burns7-14/+14
VXLAN has better performance (20-25% better) NICs with VXLAN offload are more common Change-Id: If57c79a1309ae178b3e82d54bb101dde584c86cc Related: rhbz#1244864
2015-08-18Merge "Wire in Compute pre-deployment extraconfig"Jenkins2-1/+13
2015-08-18Enable Keystone notificationsGiulio Fidente5-0/+42
This change enables Keystone notifications and adds two parameters to control the notification driver and format. Change-Id: I23ac3c46ee9eb49523d3b8dab027ef21fc6e42df
2015-08-17Remove hardcoded bridge name in bonded compute NIC configDan Sneddon1-1/+1
This change removes a hardcoded value for the bond name in the NIC config for the compute node in the bond-with-vlan NIC config templates. When this hardcoded value of "br-bond" is used, then the Neutron bridge mappings must be set to set to datacentre:br-bond in order for VLAN mode networking to recognize the bridge. By using the input value for bridge_name we will ensure that the controller and compute nodes have the same bridge name (defaults to "br-ex"), and that the defaults will work with VLAN mode. Change-Id: I28654ab93e3c10a8597c8b877f3f2f6b3eca887c
2015-08-13Support for using external Ceph clustersDan Prince7-10/+143
This patch adds support for using an externally managed Ceph cluster with the TripleO Heat templates. For an externally managed Ceph cluster we initially only deploy the Ceph client tools, install the 'openstack' user keyring, and generate the ceph.conf. This matches what we do for managed Ceph installations and is a good first start. No other Ceph related services are installed or managed. To enable use of a Ceph external cluster simply add the custom Heat environment file environments/puppet-ceph-external.yaml to your heat stack create/update command and make sure to set the required CephClientKey, CephExternalMonHost, and CephClusterFSID variables. Change-Id: I0a8b213ce9dfa2fc4e62ae1e7631466e5179fc2b
2015-08-06Merge "Drive DB initialization via Hiera"Jenkins4-102/+75
2015-08-06Merge "Add a default setting for BondInterfaceOvsOptions"Jenkins1-1/+2
2015-08-04Ensure mysql root can only connect from localhostYanis Guenane1-0/+1
Currently mysql root user can connect in a passwordless way from : * localhost * 127.0.0.1 * ::1 * <HOSTNAME> This patch ensures that the mysql root user can connect only from localhost. Change-Id: If64fd383737c2fbeed4adbe8d98b1f92610956b2
2015-08-03Wire in Compute pre-deployment extraconfigShiva Prasad Rao2-1/+13
This commit provides a way to configure some additional hieradata for compute nodes. This is similar to the earlier added infra for supporting Controller pre-deployment extraconfig. Change-Id: I02dda0685c7df9013693db5eeacb2f47745d05b5
2015-07-30Provide a sample storage environment fileJiri Stransky1-0/+57
Meant to help users configure their storage parameters by copying this file out, amending it and passing it to `heat stack-create` or `openstack overcloud deploy`. Defaults to using Ceph as a backend for Cinder, Glance and also Nova ephemeral storage. Change-Id: Ia8f5ef175439394aacdea98cfd66416bcb9bfe3a
2015-07-29Merge "RHEL registration shouldn't use attach with activation key"Jenkins1-1/+1
2015-07-28Merge "Keystone token flushing"Jenkins3-0/+9
2015-07-24Merge "Set rabbitmq heatbeat timeout threshold to 60"Jenkins1-0/+6
2015-07-24Add a default setting for BondInterfaceOvsOptionsDan Sneddon1-1/+2
This change adds a default setting for the OVS bond options to the bond-with-vlans controller.yaml. This default will attempt to bring up LACP bonding, but should that fail it will bring up the bond in active/backup mode. This is a safe configuration if the switch is not configured for bonding. Change-Id: I91aad1e061ed1ecf26636e60da7a9a6e9cde50a5
2015-07-24network validation to ping test each interfaceDan Prince5-0/+110
This patches wires in a new "all nodes" validation resource that can be used to add validations that occur early on during the deployment process. This occurs after the nodes have been brought online and the initial networks have been configured but before any "post" (puppet, etc.) sort of configuration has been executed. A initial validation script has been added to ping test network IPs on each network. When using network isolation this will ensure network connectivity (vlans, etc) are working on each node and if not the heat stack will fail early, allowing time to fix the network connections and retry the stack creation via an update. Change-Id: I63cf95b27e8ad2aed48718cf84df5f324780e597 Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
2015-07-24Merge "Ensure SELinux is permissive on Ceph OSDs"Jenkins4-2/+46
2015-07-24Merge "Set heat::instance_user to empty string"Jenkins2-1/+1
2015-07-24Keystone token flushingJiri Stransky3-0/+9
Set up a cron job to flush keystone tokens periodically. The job runs once a day near midnight per puppet-keystone defaults, and we pass maxdelay 3600 which means each controller will wait a random delay of up to 1 hour before running the task. Change-Id: I351f0273c61106c182aa3945b7ad1ce8f5c7d12b
2015-07-24Merge "NFS backend for Cinder"Jenkins8-2/+124
2015-07-24Merge "Set default external port to noop for puppet"Jenkins1-1/+1