aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-06-14Merge "Enable heat/puppet to manage the fernet keys and make it configurable"Jenkins2-1/+15
2017-06-14Merge "Use KeystoneFernetKeys instead of individual parameters"Jenkins2-7/+29
2017-06-14Merge "Fix network names when using network isolation"Jenkins1-1/+1
2017-06-14Merge "Dell SC: Add exclude_domain_ip option"Jenkins2-0/+5
2017-06-14Merge "Docker service for Cinder Volume"Jenkins2-0/+164
2017-06-14Merge "Docker services for Cinder Backup"Jenkins2-0/+133
2017-06-14Merge "Add fqdn_external"Jenkins6-0/+6
2017-06-14Merge "Generate HAproxy iptables rules for containerized HA deployments"Jenkins1-10/+13
2017-06-14Merge "Replace NO_ARCHIVE block with single call to rsync"Jenkins1-27/+13
2017-06-14Merge "Docker services for Cinder Api and Scheduler"Jenkins3-0/+278
2017-06-14Fix network names when using network isolationMichele Baldessari1-1/+1
When we merged If3989f24f077738845d2edbee405bd9198e7b7db we correctly used name_lower for most things but we left out the the OS::TripleO::Network resource which would cause errors like the following: Could not fetch contents for file:///tmp/tripleoclient-LdqQGJ/tripleo-heat-templates/network/internalapi.yaml The reason is that the network filename is called internal_api.yaml. Change-Id: I40f268668ed948e5d41ed0ff5a8fc954cef7b17c Closes-Bug: #1697883
2017-06-14Enable heat/puppet to manage the fernet keys and make it configurableJuan Antonio Osorio Robles2-1/+15
With the addition of the KeystoneFernetKeys parameter, it's now possible to do fernet key rotations using mistral, by modifying the KeystoneFernetKeys variable in mistral; subsequently a rotation could happen when doing a stack update. So this re-enables the managing of the key files by puppet. However, this is left configurable, as folks might want to manage those files out-of-band. bp keystone-fernet-rotation Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
2017-06-14Use KeystoneFernetKeys instead of individual parametersJuan Antonio Osorio Robles2-7/+29
This uses the newly introduced dict with the keys and paths instead of the individual keys. Having the advantage that rotation will be possible on stack update, as we no longer have a limit on how many keys we can pass (as we did with the individual parameters). bp keystone-fernet-rotation Change-Id: I7d224595b731d9f3390fce5a9d002282b2b4b8f2 Depends-On: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
2017-06-14Merge "Add support for Cinder "NAS secure" driver params"Jenkins3-0/+29
2017-06-14Replace NO_ARCHIVE block with single call to rsyncSteve Baker1-27/+13
Also attempts to move the workaround for bug #1696283 to before the puppet apply call. Closes-Bug: #1696622 Change-Id: I3a195466a5039e7641e843c11e5436440bfc5a01
2017-06-14Merge "Execute Swift ring up-/download in containerized environments"Jenkins1-2/+13
2017-06-14Merge "Containerize Sahara"Jenkins3-0/+232
2017-06-14Merge "Containerized Sensu client"Jenkins2-0/+134
2017-06-14Merge "Containerize multipathd"Jenkins2-0/+90
2017-06-14Merge "Move iscsid to a container"Jenkins10-0/+120
2017-06-13Merge "Change HorizonSecureCookies default to False"Jenkins2-1/+2
2017-06-13Merge "Add support to configure Num of Storage sacks"Jenkins2-1/+12
2017-06-13Merge "Fix IronicInspectorAdmin to be https"Jenkins1-2/+2
2017-06-13Merge "Make network-isolation environment rendered for all roles"Jenkins14-59/+97
2017-06-13Merge "Fix bug in docker-toool where values are sometimes empty."Jenkins1-0/+3
2017-06-13Merge "Configure credentials for ironic to access cinder"Jenkins1-0/+6
2017-06-13Add fqdn_externalAlex Schultz6-0/+6
In newton, we used to construct the fqdn_$NETWORK in puppet-tripleo for external, internal_api, storage, storage_mgmt, tenant, management, and ctrlplane. When this was moved into THT, we accidently dropped external which leads to deployment failures if a service is moved to the external network and the configuration consumes the fqdn_external hiera key. Specifically this is reproduced if the MysqlNetwork is switch to to exernal, then the deployment fails because the bind address which is set to use fqdn_external is blank. Change-Id: I01ad0c14cb3dc38aad7528345c928b86628433c1 Closes-Bug: #1697722
2017-06-13Merge "Unblock CI by reverting to non-containerized HAProxy"Jenkins1-1/+0
2017-06-13Merge "Remove deprecated multinode-container-upgrade.yaml"Jenkins1-70/+0
2017-06-13Make network-isolation environment rendered for all rolesSteven Hardy14-59/+97
Currently there's some hard-coded references to roles here, rendering from the roles_data.yaml is a step towards making the use of isolated networks for custom roles easier. Partial-Bug: #1633090 Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db
2017-06-13Unblock CI by reverting to non-containerized HAProxyJiri Stransky1-1/+0
In change I90253412a5e2cd8e56e74cce3548064c06d022b1 we merged containerized HAProxy setup, but because of a typo in resource registry, CI kept using the non-containerized variant and it went unnoticed that the containerized HAProxy doesn't work yet. We merged a resource registry fix in Ibcbacff16c3561b75e29b48270d60b60c1eb1083 and it brought down the CI, which now used the non-working HAProxy. After putting in the missing haproxy container image to tripleo-common in I41c1064bbf5f26c8819de6d241dd0903add1bbaa we got further, but the CI still fails on HAProxy related problem, so we should revert back to using non-containerized HAProxy for the time being. Change-Id: If73bf28288de10812f430619115814494618860f Closes-Bug: #1697645
2017-06-12Add support to configure Num of Storage sacksPradeep Kilambi2-1/+12
Gnocchi 4 supports storage sacks during upgrade. lets make this configurable if we want to use more metricd workers. Change-Id: Ibb2ee885e59d43c1ae20887ec1026786d58c6b9e
2017-06-12Merge "Fix typo in haproxy docker mapping"Jenkins1-1/+1
2017-06-12Merge "Moving *postconfig where it was *postpuppet"Jenkins3-26/+36
2017-06-12Fix IronicInspectorAdmin to be httpsAlex Schultz1-2/+2
As noted in the original patch review I5e743f789ab7dd731bc7ad26226a92a4e71f95a1 the IronicInspectorAdmin should be https. Change-Id: I6e37427da679775f02ff0c5fe55cfee51c122e3d
2017-06-12Merge "Providing parameters specific to a workflow via plan-environment"Jenkins3-0/+61
2017-06-12Merge "Remove pip install paunch"Jenkins1-4/+0
2017-06-12Merge "Fix containerized SwiftRawDisks usage"Jenkins1-1/+22
2017-06-12Merge "Containerize Manila API service"Jenkins2-0/+114
2017-06-12Moving *postconfig where it was *postpuppetCarlos Camacho3-26/+36
We need to ensure that the pacemaker cluster restarts in the end of the deployment. Due to the resources renaming we added the postconfig resource not in the end of the deployment as it was *postpuppet. Closes-bug: 1695904 Change-Id: Ic6978fcff591635223b354831cd6cbe0802316cf
2017-06-12Add support for Cinder "NAS secure" driver paramsAlan Bishop3-0/+29
Add new parameters that control the NAS security settings in Cinder's NFS and NetApp back end drivers. The settings are disabled by default. Partial-Bug: #1688332 Depends-On: I76e2ce10acf7b671be6a2785829ebb3012b79308 Change-Id: I306a8378dc1685132f7ea3ed91d345eaae70046f
2017-06-12Remove deprecated multinode-container-upgrade.yamlJiri Stransky1-70/+0
This has been renamed to multinode-containers.yaml to reflect that the scenario isn't upgrade-specific. Change-Id: I151792700475643a4088d98eb5e1bd7248e260cd Depends-On: Ib04e2ccb330d73df464ad97a20908f20426a4249
2017-06-12Containerize SaharaDan Prince3-0/+232
Depends-On: I9abe867dfbdc81d14a1b3b3f1529240b5e522be5 Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Luigi Toscano <ltoscano@redhat.com> Co-Authored-By: Telles Nobrega <tenobreg@redhat.com> Change-Id: Id8e3b7e86fa05e0e71cc33414ceae78bab4e29b2 Closes-bug: #1668927
2017-06-12Docker service for Cinder VolumeDan Prince2-0/+164
Adds docker service for Cinder Volume Co-Authored-By: Jon Bernard <jobernar@redhat.com> Depends-On: Ic1585bae27c318bd6bafc287e905f2ed250cce0f Partial-bug: #1668920 Change-Id: Ifadb007897f3455b90de6800751a0d08991ebca2
2017-06-12Docker services for Cinder BackupDan Prince2-0/+133
Adds docker services for Cinder Backup Co-Authored-By: Gorka Eguileor <geguileo@redhat.com> Co-Authored-By: Jon Bernard <jobernar@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Alan Bishop <abishop@redhat.com> Partial-bug: #1668920 Change-Id: I26fc31e59b28da017f0b028b74bde40aaac53ad5
2017-06-12Docker services for Cinder Api and SchedulerDan Prince3-0/+278
Adds docker services for Cinder API and Scheduler. Co-Authored-By: Gorka Eguileor <geguileo@redhat.com> Co-Authored-By: Jon Bernard <jobernar@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Alan Bishop <abishop@redhat.com> Depends-On: Ic1585bae27c318bd6bafc287e905f2ed250cce0f Change-Id: I5cff9587626a3b2a147e03146d5268242d1c9658 Partial-bug: #1668920
2017-06-12Containerize multipathdDan Prince2-0/+90
Co-Authored-By: Jon Bernard <jobernar@redhat.com> Depends-On: I486de8b6ab2f4235bb4a21c3650f6b9e52a83b80 Change-Id: I6cf70fa05ad1c8aa6d9f837ddcd370eb26e45f97
2017-06-12Move iscsid to a containerDan Prince10-0/+120
This configures iscsid so that it runs as a container on relevant roles (undercloud, controller, compute, and volume). When the iscsid docker service is provision it will also run an ansible snippet that disables the iscsid.socket on the host OS thus disabling the hosts systemd from auto-starting iscsid as it normally does. Co-Authored-By: Jon Bernard <jobernar@redhat.com> Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
2017-06-12Merge "Add support for autofencing to Pacemaker Remote."Jenkins1-0/+38
2017-06-12Generate HAproxy iptables rules for containerized HA deploymentsDamien Ciabrini1-10/+13
The containerized HAproxy service can only specify steps to be run in containers, i.e. it cannot runs the regular puppet steps on bare metal at the same time. A side effect is that the dedicated HAproxy iptables rules are no longer generated. Update the docker_config step to fix the creation of iptables rules for HAproxy and persist them on-disk as before. Co-Authored-By: Michele Baldessari <michele@acksyn.org> Closes-Bug: 1697387 Change-Id: Ib5a083ba3299a82645f1a0f9da0d482c6b89ee23