summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-01-26Merge "Do not try to update the 'ceph' metapackage from CephMon role"Jenkins2-1/+7
2017-01-26Merge "Conform CephExternal template to the new hiera hook"Jenkins1-17/+17
2017-01-26Merge "Add Ceph RBD mirror Pacemaker profile"Jenkins4-0/+51
2017-01-26Merge "ci: import multinode_major_upgrade.yaml from tripleo-ci"Jenkins1-0/+46
2017-01-26Merge "Allow dnsmasq_dns_servers to be configured for DHCP Agent"Jenkins1-0/+5
2017-01-26Merge "Use versionless keystone endpoint for barbican-related configurations"Jenkins1-2/+2
2017-01-26Merge "Set the correct default for gnocchi workers"Jenkins1-1/+1
2017-01-26Do not try to update the 'ceph' metapackage from CephMon roleGiulio Fidente2-1/+7
The 'ceph' metapackage is only provided by some repos so we should not explicitly pull it. Also adds a validation step to the CephMon and CephOSD roles to stop upgrade if the Ceph cluster is in error state. Change-Id: I5aa275677ada47a352a327b9be21927b852d16f3
2017-01-26Merge "Add ironic service support for composable upgrades"Jenkins2-0/+11
2017-01-26Merge "Skip upgrade steps where no tasks are defined"Jenkins1-0/+21
2017-01-26Merge "Add upgrade support for ceph OSD service"Jenkins1-0/+41
2017-01-26Merge "Add upgrade support for ceph-mon service"Jenkins1-0/+21
2017-01-26ci: import multinode_major_upgrade.yaml from tripleo-ciEmilien Macchi1-0/+46
So we can version it between releases like we do with scenarios. Change-Id: I3e3aa5d4fa7e03d1f4483bf42fcff17386b58709
2017-01-26Merge "Add support for batched upgrades to composable upgrades"Jenkins4-5/+86
2017-01-26Add Ceph RBD mirror Pacemaker profileGiulio Fidente4-0/+51
This change adds a profile to deploy the Ceph RBD mirroring daemon as a Pacemaker resource. Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948 Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789 Closes-Bug: #1652177
2017-01-26Merge "Add snmp service support for composable upgrades"Jenkins1-0/+4
2017-01-26Add SkipUpgradeConfigTags for upgrade configSteven Hardy2-0/+12
It may be that we want ways to selectively disable certain tasks, such as pre-flight validations that might fail when restarting an upgrade from a failed state. This shows a way we might do that. Depends-On: I18214f80be9f3ad6c2d385fc00f3b786d3e7dda3 Change-Id: Ibffaaf1de0baf47a0450daa5b7cbb57d38746556
2017-01-26Merge "Add release notes for Ocata 6.0.0"Jenkins1-0/+95
2017-01-25Merge "Manage password_validator regex"Jenkins3-0/+27
2017-01-25Merge "Auto-set SwiftMountCheck and SwiftUseLocalDir settings"Jenkins2-2/+23
2017-01-25Add ironic service support for composable upgradesSteven Hardy2-0/+11
Change-Id: Ie1fe7db081d69db4b99869057352367e8e01760c Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-25Skip upgrade steps where no tasks are definedSteven Hardy1-0/+21
Use heat conditions to skip resources (conditionally create them) when there are no tasks to deploy. This requires the heat fix Iefae1fcea720bee4ed69ad1a5fe403d52d54433c Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I2f43fb922d122ffade20e35738f0ba3bb56a4492
2017-01-25Add upgrade support for ceph OSD serviceSteven Hardy1-0/+41
This takes a subset of the logic from major_upgrade_ceph_storage.sh and ports it into ansible tasks, which will be applied in a rolling upgrade after the mon services are upgraded (in the step0 batch). Change-Id: I6e87969add301e78bb665d7748e5f0df8eeae819 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-25Add upgrade support for ceph-mon serviceSteven Hardy1-0/+21
Initial support for a rolling upgrade of ceph-mon services which happens before the OpenStack services are upgraded. Change-Id: Ifaebbe2ae884bd899cdc6f1c288274e5838792a6 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-25Add support for batched upgrades to composable upgradesSteven Hardy4-5/+86
Some services (e.g ceph mon) require upgrading in batches (the old upgrade architecture did the ceph mon upgrade one controller at a time). This interface enables doing the same, and over time we can probably move more services into this interface (e.g when services support rolling upgrades) to reduce downtime. Change-Id: If581f301a5493ef33ac1386bdc22f9fca4f2544e Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-25Use versionless keystone endpoint for barbican-related configurationsJuan Antonio Osorio Robles1-2/+2
castellan (the key manager interface used by nova and cinder) is no longer tied to keystone v3 [1]. So now it's possible to use versionless endpoints for keystone. [1] I124c0ea2d9403d6b530b33f18896c4e7bf4eabb5 Change-Id: Id5d893a6a41077ab76ca59295593a27be5c3004c
2017-01-25Set the correct default for gnocchi workersPradeep Kilambi1-1/+1
The current default is empty which overrides the puppet-gnocchi os_workers calculated value. Instead default to the os_workers. Change-Id: I9bf9a107c03172500f7c8c5e4353c20305c8e6b5
2017-01-25Merge "Add Octavia API service definitions"Jenkins8-0/+424
2017-01-25Merge "Add ec2-api service"Jenkins12-0/+393
2017-01-25Merge "Add metadata settings for needed kerberos principals"Jenkins18-20/+175
2017-01-25Merge "Ignore systemctl return code in yum_update.sh"Jenkins1-1/+1
2017-01-25Conform CephExternal template to the new hiera hookGiulio Fidente1-17/+17
We missed to refactor CephExternal when migrating to the new hiera hook. The old template would have pushed the value of ceph::profile::params::client_keys as a string causing the deployment to fail with: Error while evaluating a Function Call, {...} is not a Hash The new template emits that same data as a map, as it happened for the other services in Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1 Change-Id: I3cf59b7d8343d7433047e9ccef310d287dbd47b5
2017-01-25Add release notes for Ocata 6.0.0Emilien Macchi1-0/+95
Change-Id: I0d56dfe012d97e8f7206e8777c1b72a6797c328d
2017-01-25Manage password_validator regexLuke Hinds3-0/+27
Horizon provides a password validation check, which OpenStack cloud operators can use to enforce password complexity checks for users within horizon. A dictionary containing a regular expression can be used for password validation with help text that is displayed if the password does not pass validation. HORIZON_CONFIG["password_validator"] = { "regex": '.*', "help_text": _("Your password does not meet the requirements."), } This change allows injection of the regex into horizons local_settings file from a tripleo heat template Change-Id: Ib6517c8f96148bea002b0e3442a26367b236928f Depends-On: If82a80ed6a8e6e65aecc2a25ee6d60640ae03c9a Closes-Bug: #1640800
2017-01-25Add snmp service support for composable upgradesSteven Hardy1-0/+4
Change-Id: Ifa10b764ae7c67e089c0d2506a49e474135083bb Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-25Merge "Remove spurious for loop from post deploy j2"Jenkins1-7/+2
2017-01-25Merge "Add glance registry service to disable on upgrade"Jenkins2-0/+31
2017-01-25Merge "pacemaker remote profile support"Jenkins5-0/+66
2017-01-24Remove spurious for loop from post deploy j2Steven Hardy1-7/+2
This nested for loop is wrong as it generates all steps for all roles twice. This works because yaml parsing ignores the duplicate resources, but it's a big waste of space in swift (this fix reduces the rendered file size by over 2000 lines with the default roles!) Change-Id: Ifaf860020839390147c92848d52b1a59e355dc50 Closes-Bug: #1659139
2017-01-24Merge "Pass parameters for TLS proxy in front of Glance-API"Jenkins3-1/+36
2017-01-25Add metadata settings for needed kerberos principalsJuan Antonio Osorio Robles18-20/+175
These are only used for TLS-everywhere, and fills up the kerberos principals that will need to be created for the certs used by the overcloud. With this, the metadata hook will format these principals correctly and will further pass them on to the nova metadata service. Where they can be used if there's a plugin enabled. bp tls-via-certmonger bp novajoin Change-Id: I873094bb69200052febda629fda698a7a782c031
2017-01-24Merge "Import multinode + pingtest from tripleo-ci"Jenkins3-0/+266
2017-01-24Merge "cinder-api: cleanup TODO"Jenkins1-3/+0
2017-01-24Add glance registry service to disable on upgradeSteven Hardy2-0/+31
We've broken the upgrade job because anyone upgrading with the glance registry deployed (and defined in their *Services parameters) will try to deploy with the old glance-registry.yaml defined in heat. Instead we define a template which stops and disables the service on upgrade. Closes-Bug: #1659079 Change-Id: I03561954d794afae2be06811375d16611fa45973
2017-01-24Merge "Specify what to do if endpoint map environment don't match"Jenkins1-2/+2
2017-01-24Merge "Add disable_upgrade_deployment flag to roles_data.yaml"Jenkins2-1/+12
2017-01-24Import multinode + pingtest from tripleo-ciEmilien Macchi3-0/+266
* Import multinode-3nodes roles data * Import multinode * Import tenantvm_floatingip pingtest We are importing these files from tripleo-ci because they contain some informations that need to be versionned (TripleO services, data binding, etc), specific to TripleO versions. Change-Id: I9d4ab144f98e8bd46cad2c29411d1270f6469b91
2017-01-24cinder-api: cleanup TODOEmilien Macchi1-3/+0
Cleanup some TODO. Change-Id: I84e369a9797359fea124e00e2007ae745a96847a
2017-01-24Specify what to do if endpoint map environment don't matchJuan Antonio Osorio Robles1-2/+2
this attempts to make the error message more useful. This error message happens if the environment files containing endpoint map overrides haven't been updated to match the base endpoint map (or the defaults). Change-Id: If53d3a9d7848aed62ebb235afe8b14c18d1b284d
2017-01-24Pass parameters for TLS proxy in front of Glance-APIJuan Antonio Osorio Robles3-1/+36
If TLS in the internal network is enabled, we run glance-api beind a TLS proxy (which is actually httpd's mod_proxy). This passes the necessary hieradata. bp tls-via-certmonger Change-Id: I693213a1f35021b540202240e512d121cc1cd0eb Depends-On: Id35a846d43ecae8903a0d58306d9803d5ea00bee