Age | Commit message (Collapse) | Author | Files | Lines |
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: Id2df144b678769def204961236624091d4e5c457
|
|
Mounting host volumes when running containers via puppet_config already
works and is supported with docker-puppet.py. However, the validation in
yaml-validate.py does not allow it. This patch makes it allowed by the
validation.
It is sometimes necessary since some puppet modules expect to make
persistent file system changes other than just configuration data under
/etc.
In particular, ironic inspector expects to configure a http and tftp
root director with an ipxe configuration. See:
https://github.com/openstack/puppet-ironic/blob/master/manifests/inspector.pp
These changes would be lost if the value for those directories are not
mounted as host volumes.
Change-Id: Ie51c653f4c666fbaaef0ea80990e2e61f4b1353b
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Lets just run the ceilometer upgrade once in central agent container
Change-Id: If5e5ca6122f8583c6221bc6b343e483e41f04d29
Closes-bug: #1700056
|
|
This is needed for TLS everywhere.
Change-Id: Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3
Depends-On: I426bfdb9e6c852eb32d10a12e521bb8b47701c41
|
|
If you want debug logging you can set the new DockerPuppetDebug
heat parameter to 'True'.
Change-Id: Iae7bb67379351ea15d61c331867d7005f07ba98e
Closes-bug: 1700570
|
|
This generates tons of unnecessary events when gnocchi uses swift backend.
We end up filtering most of these anyway. So lets disable this so it
doesn't put useless load. Also changing the default project to service as
thats what gnocchi uses to authenticate with swift.
Closes-bug: #1693339
Change-Id: I40f47d46fdb06f31a739b590bf653bca71e33f61
|
|
Swift object replication relies on the rsync server, which is run by
xinetd. This patch adds the missing container and configuration. Note
that xinetd needs bind to a privileged port (873) and has to be started
as root therefore.
Change-Id: I7655c9dd116c0130035d8a2fae81148171ae6448
|
|
This commit consistently defines a heat template parameter in the form
of DockerXXXConfigImage where XXX represents the name of the
config_volume that is used by docker-puppet.
The goal is to mitigate hard to debug errors where the templates would
set different defaults for the image docker-puppet.py uses to run, for
the same config_volume name.
This fixes a couple of inconsistencies on the way.
Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b
Closes-Bug: #1699791
|
|
Upgrades were broken because of this missing parameter.
Change-Id: Ia88a9833ab8aa26ccc40ee235b8554c9a7fbd22d
Closes-Bug: #1700923
|
|
|
|
|
|
|
|
|
|
Let's be clear that the contents of this directory are for ci use
only and should not be used in production.
Change-Id: I3b448b9922c207b29cbdae36ee876368bda23dac
|
|
Add Ceph pool size configuration for CI where PoolDefaultSize is 1
Change-Id: I626d1398e31c3fcb9f100a8b185d71ba5909034a
|
|
|
|
|
|
Many of our parameters are defined in multiple templates, but
currently there is no easy way of checking that all of those
definitions match. It can be confusing when a parameter is defined
one way in one file and another way in a different file. For example,
the NovaWorkers description is:
Number of workers for Nova API service.
and
Number of workers for Nova Placement API service.
and
Number of workers for Nova Conductor service.
Which is it actually? All of them. That one parameter controls
the workers for all of the nova services, and its description should
reflect that, no matter which template you happen to look at.
This change adds a check to yaml-validate.py to catch these sorts of
inconsistencies and allow us to eventually prevent new ones from
getting into the templates.
An exclusion mechanism is included because there are some parameter
definitions we probably can't/shouldn't change. In particular, this
includes the network cidrs which are defaulted to ipv4 addresses in
the ipv4 net-iso templates and ipv6 in the ipv6 templates. It's
possible a user would be relying on one of those defaults in their
configuration, so if we change it they might break.
To get around that, the tool explicitly ignores the default field of
those parameters, while still checking the description and type fields
so we maintain some sanity. There may be other parameters where this
is an issue, but those can be added later as they are found.
For the moment any inconsistencies are soft-fails. A failure message
will be printed, but the return value will not be affected so we can
add the tool without first having to fix every divergent parameter
definition in tripleo-heat-templates (and there appear to be plenty).
This will allow us to gradually fix the parameters over time, and
once that is done we can make this a hard-fail.
Change-Id: Ib8b2cb5e610022d2bbcec9f2e2d30d9a7c2be511
Partial-Bug: 1700664
|
|
On upgrade we map PostDeploySteps to a different implementation
which we missed to update in I36a642fbc2076ad9e4a10ffc56d6d16f3ed6f27a
Change-Id: Ia619ab935c66081769e69c53d1ca41925d86abbb
Closes-Bug: #1700755
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Adds in the execution environment of the workflow steps a list of
per-service network IPs. This can be used by the workflows to
execute actions against the nodes hosting a given service.
Change-Id: Id7c735d53f04f6ad848b2f9f1adaa3c84ecd2fcd
Implements: blueprint tripleo-ceph-ansible
|
|
Introduces a general mechanism meant to allow for the execution
of workflows during the deployment steps.
Services can define workflow actions to be triggered during a step
in the newly added service_workflow_tasks section. The syntax is:
service_workflow_tasks:
step2:
- name: my_action_name
action: std.echo
input:
output: 'hello world'
Implements: blueprint tripleo-ceph-ansible
Depends-On: If02799e7457ca017cc119317dfb2db7198a3559f
Depends-On: Ibc5707f9f06266fe84ad1dd91dcb984157871d30
Change-Id: I36a642fbc2076ad9e4a10ffc56d6d16f3ed6f27a
|
|
This environment file will be used to
deploy an Overcloud without the use
of pacemaker.
Change-Id: I3a486d22b30ffdb6053b3d917dea373c1361df81
|
|
|
|
Depends-On: I270f3f6879737fc29370165e4a8fa8c9c19fffb3
Depends-On: I3a169e3321a26ee373ab873426a2d58acbcfe1bd
Closes-Bug: #1668932
Co-Authored-By: Or Idgar <oidgar@redhat.com>
Co-Authored-By: Brent Eagles <beagles@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I211707072bb0e4ac4aa48e9bbaccb7530f3de0ca
|
|
This was made configurable in a recent commit [1] So this flag makes it
easier for deployers to use that functionality.
[1] Ic68266eaf39d6803f7c3e299095578bbcfd63b88
Change-Id: Iffff20dcda53bc7237586dd240e581bcb0282844
|
|
|
|
The containerized cinder service was merged a bit too soon and it
caused several issues in CI. Disable it temporarily to unblock CI until
it matures.
Change-Id: I8c6c0ce0011fddfec1e2de798d4fc6f34ae78de2
Related-Bug: #1700333
|
|
|
|
|
|
|
|
|
|
This change uses the NeutronPhysicalBridge parameter on all roles,
rather than hard-coding the "br-ex" name. Previously, there were
different parameters for controller and compute roles, but since
we use a unified bridge name with OVS, this is unnecessary.
Change-Id: I6d9189404fae67bcc33ddc2ba3ce1b0385dd989d
Closes-bug: 1669130
|