| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This profile will request the certificates for the services on the node.
So with this, we will remove the requesting of these certs on the
services' profiles themselves.
The reasoning for this is that for a containerized environment, the
containers won't have credentials to the CA while the baremetal node
does. So, with this, we will have this profile that still gets executed
in the baremetal nodes, and we can subsequently pass the requested
certificates by bind-mounting them on the containers. On the other hand,
this approach still works well for the TLS-everywhere case when the
services are running on baremetal.
Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
|
|
|
|
|
|
We also need to wait for the galera resource to settle down
before we proceed starting up with the other services.
Note that before merging this, we need to land the following
change in ansible-pacemaker:
https://review.gerrithub.io/#/c/351387/
Change-Id: Id71c9cb41cfd4c17685c922db2683e28ab7588fd
Closes-Bug: #1668372
|
|
|
|
|
|
Change-Id: I677075012a948c7c32959680608255eff919b8d4
|
|
Change-Id: Ia7b8c41d4d8135f58661a74a4298f60abb251fbe
|
|
|
|
|
|
|
|
|
|
|
|
This has not landed yet but was accidentally release noted for
Ocata. The release note should land with the patch that actually
makes the change: I0f61016df6a9f07971c5eab51cc9674a1458c66f
Change-Id: I7d68899a5892e219b73007b18ab42e06196ae07a
|
|
This project aims at supporting inter-connection between L3VPNs
and Neutron resources, i.e. Networks, Routers and Ports.
Partially-Implements: blueprint bgpvpn-service-integration
Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876
Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|
|
This patch adds the beginning of a set of unit tests
for the new docker services templates. This should help
us the new interfaces as they evolve.
Change-Id: I98a73cf090ebab4593a682f5f34c0950d37e010c
|
|
We don't use docker_image for anything. It is a remant of the
pre-composable docker templates and we can now remove it.
This patch removes references to the 'docker_image' section
from docker/post.yaml and all of the docker/services* templates.
Change-Id: I208c1ef1550ab39ab0ee47ab282f9b1937379810
|
|
|
|
|
|
|
|
The patch this depends on passes through the classes some parameters
that are meant to be passed via t-h-t. This patch addresses these and
other things required for deploying these services over httpd:
* Set the number of workers taking care not to set this value to 0.
* Add the apache base hieradata to the service profiles.
* Set the servernames and other httpd-specific values.
bp tls-via-certmonger
Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6
Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
|
|
This updates the docker/service README so that it
correctly documents the current requirements of the new
puppet_config interface.
Change-Id: I0f3e00ea3cce24152475abf6df34f4836e32c9c8
|
|
|
|
|
|
|
|
|
|
As with other services, this passes the necessary hieradata to enable
TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo)
that there will only be TLS connections, as the ssl_only option is being
used.
bp tls-via-certmonger
Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5
Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
|
|
|
|
|
|
This patch moves enabling Zaqar docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I6755eb7ae2abb2b9c8b213ff6fd21b0392353ef5
|
|
This patch moves enabling Mistral docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I8b484532de5f5d61fc0240defbc5fc27789a1279
|
|
This patch moves enabling Ironic docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I236de47d422b3563a0192359f2327610fc1714ca
|
|
Configure keystone_authtoken for Sahara service.
Change-Id: I045b7d1d52851ab0d532a8524fcea95705e3db78
Partial-implement: blueprint keystone-v3
|
|
|
|
This also moves the explicit usages of the Keystone V3 endpoint fromt he
EndpointMap, as using the uri_no_suffix defeats that usage.
Change-Id: I5f07a0cee07fa28b88c419e25e014094004b1bce
Partial-Implement: blueprint keystone-v3
|
|
This is now required per the puppet_config interfaces for docker
services (per I208c1ef1550ab39ab0ee47ab282f9b1937379810)
Change-Id: Iab96919cb0a6b15942f3c19f8d28205261174edc
|
|
A recent commit [1] change how docker is installed and configured on
the overcloud nodes, from a cloud-init script to a proper puppet
profile in puppet-tripleo but forgot to enable the docker service on
the compute nodes.
[1] Ia50169819cb959025866348b11337728f8ed5c9e
Change-Id: I202723d0e48f110e5b0dbfe3dcf6646da9f37948
|
|
|
|
glance-base is not useful anymore since we only run Glance API service
and there is no plan yet to add new services for Glance. Let's cleanup
this useless service and consolidate glance-api service.
Change-Id: I73cd0def2ae73e0bd52104c6710998df4a0d2e58
|
|
This patch makes the neutron-l3 docker service adhere
to the new puppet_config interface.
Change-Id: If5b73ec90637e878af55c8404d1eff8c18e857c3
|
|
|
|
This means we can remove the special BannerText hiera reference
in the puppet-tripleo profile
Change-Id: Id4c8b853fa0e9bcdffe2cf7cd1554a9be7451b25
|
|
|
|
|
|
|
|
|
|
|
|
|
|
It will allow to configure keystone event notifications
using CADF, as documented on:
https://docs.openstack.org/developer/keystone/event_notifications.html
CADF events provide auditing capabilities for compliance with
security.
Change-Id: Id16b264c295b9e3adbf960366ff8328ba8dcd485
|
|
This aligns the docker based services with the new composable upgrades
architecture we landed for ocata, and does a first-pass adding upgrade_tasks
for the services (these may change, atm we only disable the service on
the host).
To run the upgrade workflow you basically do two steps:
openstack overcloud deploy --templates \
-e environments/major-upgrade-composable-steps-docker.yaml
This will run the ansible upgrade steps we define via upgrade_tasks
then run the normal docker PostDeploySteps to bring up the containers.
For the puppet workflow there's then an operator driven step where
compute nodes (and potentially storage nodes) are upgrades in batches
and finally you do:
openstack overcloud deploy --templates \
-e environments/major-upgrade-converge-docker.yaml
In the puppet case this re-applies puppet to unpin the nova RPC API
so I guess it'll restart the nova containers this affects but otherwise
will be a no-op (we also disable the ansible steps at this point.
Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1
Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
|
Juan Antonio Osorio Robles
Jenkins
Michele Baldessari
Carlos Camacho
Ben Nemec
Ricardo Noriega
Dan Prince
Emilien Macchi
Martin André
Steven Hardy
Yolanda Robla