aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-01-04Add example showing how to set root password via cloud-initSteven Hardy1-0/+38
There have been some requests to enable this, and although it's not something we should enable by default, this shows how you can use the generic NodeUserData interface to have cloud-init do it. To use this you create an environment file like: resource_registry: OS::TripleO::NodeUserData: path/to/userdata_root_password.yaml parameter_defaults: NodeRootPassword: insecure_changeme Obviously this isn't that secure, and thus isn't intended for production environments, but it may be useful for debugging and as a further example showing how to configure things via cloud-init. Change-Id: If87a1e1dbfaf31b84cc0667c9a60bbd3c757d8cd
2017-01-04Merge "DB connection: prevent src address from binding to a VIP"Jenkins19-0/+83
2017-01-04Merge "Specify cell0 db creation"Jenkins1-0/+4
2017-01-03Expose enabled_perf_events libvirt optionsPradeep Kilambi1-0/+9
For cache monitoring technology feature to work, nova config libvirt settings should have the perf events enabled for nova to emit these so telemetry can capture them. Depends-On: Ia27e6831f3f6e9cdeaacb650039be5c81b90cb40 Change-Id: I92c318008b965a6527acbce85b41a545eda7ee18
2017-01-03Specify cell0 db creationAlex Schultz1-0/+4
This change pulls the hard coded value out of puppet-tripleo to later allow people to skip the cell0 creation if they want a more complex cell v2 setup for nova. Change-Id: I08119d781ef60750cc19753bc03190e413159925 Related-Bug: #1649341
2017-01-03Merge "Increase libvirt/qemu.conf max_files and max_processes"Jenkins1-0/+3
2017-01-03Merge "Set gnocchi wsgi display name"Jenkins1-0/+1
2017-01-03Merge "Bump template version for all templates to "ocata""Jenkins325-325/+325
2017-01-03Merge "Set aodh wsgi display name"Jenkins1-0/+1
2017-01-03DB connection: prevent src address from binding to a VIPDamien Ciabrini19-0/+83
When a service connects to the database VIP from the node hosting this VIP, the resulting TCP socket has a src address which is by default bound to the VIP as well. If the VIP is failed over to another node while the socket's Send-Q is not empty, TCP keepalive won't engage and the service will become unavailable for a very long time (by default more than 10m). To prevent failover issues, DB connections should have the src address of their TCP socket bound to the IP of the network interface used for MySQL traffic. This is achieved by passing a new option to the database connection URIs. This option is available starting from PyMySQL 0.7.9-2. We use a new intermediate variable in hiera to hold the IP to be used as a source address for all DB connections. All services adapt their database URI accordingly. Moreover, a new YAML validation check is added to guarantee that new services will construct their database URI appropriately. Change-Id: Ic69de63acbfb992314ea30a3a9b17c0b5341c035 Closes-Bug: #1643487
2017-01-02Merge "Use overcloud-full instead of atomic-image"Jenkins3-131/+29
2016-12-23Merge "Pass nova rabbit information to mysql"Jenkins1-0/+6
2016-12-23Merge "Split OVN northd and ml2 plugin"Jenkins6-11/+47
2016-12-23Bump template version for all templates to "ocata"Steven Hardy325-325/+325
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-23Merge "Manage disallow_iframe_embed"Jenkins1-0/+1
2016-12-23Merge "Add network_config_hook interface to run-os-net-config.sh"Jenkins1-0/+6
2016-12-23Merge "Modify external loadbalancer environments to use new FixedIPs"Jenkins2-26/+14
2016-12-23Merge "Add CI matrix to THT"Jenkins1-0/+61
2016-12-22Merge "Introduce role-specific NodeUserData, use for docker"Jenkins8-1/+47
2016-12-22Merge "FreeIPA: Make OTP and FreeIPA server parameters optional"Jenkins1-5/+16
2016-12-22Merge "Use ws instead of http for Zaqar websocket endpoints"Jenkins4-12/+12
2016-12-22Merge "Add bind mounts for agent state"Jenkins1-0/+3
2016-12-22Merge "Adds missing OpenDaylight username/password from ODL OVS service"Jenkins1-0/+11
2016-12-22Pass nova rabbit information to mysqlAlex Schultz1-0/+6
The cell v2 setup requires the transport url for nova. We need to provide mysql with the rabbit connection information so that it can it when setting up the cell information. Change-Id: I43ba77cd4c8da7c6dc117ab0bd53e5cd330dc3de Related-Bug: #1649341
2016-12-22Merge "Decouple swift-proxy from ceilometer"Jenkins4-21/+46
2016-12-22Add network_config_hook interface to run-os-net-config.shJames Slagle1-0/+6
run-os-net-config.sh only allows for limited customization of the network configuration in config.json. Namely, it only customizes the bridge_name and interface_name. This will likely not be sufficient for all use cases. This patch adds a generic network_config_hook bash function that will be called if it is defined. The function is an entry point for deployers to write custom code to further influence run-os-net-config.sh. A possible alternative approach would be to pass the server resource into the NetworkConfig template. That would allow running arbitrary SoftwareDeployments on the server before NetworkDeployment is executed. However, the interface of NetworkDeployment is likely still not as flexible as this approach as the inputs are hardcoded in the role template files (role.role.j2.yaml), which are not meant to be modified by deployers. The immediate use case for this work is using os-net-config in our multinode CI jobs where we need to create vxlan tunnels between the nodes and we need to know the local private IP of each node for the tunnel endpoint. As the IP is different for each node, it's not a parameter we could specify in the templates. Change-Id: I26d0ebdaba6fcd3fe885e41ed234eb79a2405228 Implements: blueprint multinode-ci-os-net-config
2016-12-22Merge "Add hook to generate metadata from service profiles"Jenkins10-0/+47
2016-12-22Merge "Add a per service bootstrap node variable"Jenkins3-0/+28
2016-12-22Add CI matrix to THTCarlos Camacho1-0/+61
Currently the description of CI matrix is defined in tripleo-ci, but the services for each scenario lives now in THT. This submission moves this table to the repo in which the configuration is defined. Change-Id: I9ef1acefc6e1f347528a48edcb4d997a9628fcf6
2016-12-22Add hook to generate metadata from service profilesJuan Antonio Osorio Robles10-0/+47
This enables the deployer to dynamically add nova metadata to the servers based on the output of service profiles that implement the metadata_settings key in the role_data output for the profiles. One can set an implementation via the OS::TripleO::ServerMetadataHook resource, which currently is set as OS::Heat::None. So, because of the default implementation, if left untouched it actually does nothing. Currently, besides the list, which is metadata_settings, this hook also takes the name of the node that it's setting the metadata for. This is useful for nova vendordata plugins that can parse said metadata. Change-Id: I8a937f711f0b90156fbb6c4632760435ef846474
2016-12-21Merge "Use df instead of findmnt in cephstorage upgrade scripts"Jenkins1-1/+1
2016-12-21Merge "Add "deployed server" fake neutron ports"Jenkins5-29/+78
2016-12-21Merge "Synchronize NetworkDeployment inputs for generic roles"Jenkins1-0/+7
2016-12-21Add a per service bootstrap node variableMichele Baldessari3-0/+28
In order to call commands that need to be run on a single node, we create a new per-service variable that will contain the first node of each role containing the service. Change-Id: I03e8685f939e8ae1fcd8b16883b559615042505d Partial-Bug: #1615983
2016-12-21Merge "Make the openvswitch 2.4->2.5 upgrade more robust"Jenkins10-80/+57
2016-12-21Merge "net-conf: make bridge and interface name optional"Jenkins1-5/+5
2016-12-20Merge "Set the default event pipeline publisher"Jenkins1-0/+5
2016-12-20Merge "Use OS::Heat::DeployedServer"Jenkins4-42/+10
2016-12-20Adds missing OpenDaylight username/password from ODL OVS serviceTim Rozet1-0/+11
ODL username and password are already present in the OpenDaylightApi service. However, when moving the OpenDaylightApi service to its own custom role, the Controller/Compute nodes no longer have access to these hiera values. This patch adds them also to the OpenDaylightOvs service. Closes-Bug: 1651499 Depends-On: I418643810ee6b8a2c17a4754c83453140ebe39c7 Change-Id: I169fdad4c94bd6dfc1fe7cde3d6b19b36d916af7 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-12-20Set gnocchi wsgi display namePradeep Kilambi1-0/+1
Depends-On: Ice921f0fdd4bec6de50e62c39c447ee40dc0e8f5 Change-Id: I4109ac83c32ee2365695611009579a8b117134ff
2016-12-20Set aodh wsgi display namePradeep Kilambi1-0/+1
Depends-On: I53b156505e08625d56ed6a302cf5b5c30e8e288c Change-Id: Id9791d8a19a74c1f0855e794170f66542f88a548
2016-12-20Set the default event pipeline publisherPradeep Kilambi1-0/+5
Since we have aodh enabled for alarms, we should set the notifier to the default queue alarm.all. Closes-bug: #1590473 Change-Id: Ibcb5076424ac2ddcd18ff717d82da1aec4c035cb
2016-12-20Use ws instead of http for Zaqar websocket endpointsDan Prince4-12/+12
This patch updates the endpoint map for Zaqar websockets so that we use ws (or wss for SSL) instead of the http varients. This should help resolve protocol issues when trying to make connections to the websocket API. Change-Id: Iea88d1e30299cb621424740a39d498defa371ca4
2016-12-20Merge "Expose param to enable legacy ceilometer api"Jenkins1-0/+5
2016-12-20Merge "Move UpgradeInitCommand to role templates"Jenkins7-37/+169
2016-12-20Merge "Run upgrade steps before post-deploy config"Jenkins2-8/+15
2016-12-20FreeIPA: Make OTP and FreeIPA server parameters optionalJuan Antonio Osorio Robles1-5/+16
In the freeipa-enroll.yaml, it can be the case that the node has been enrolled (via a cloud-init script); in this case, the OTP and the FreeIPA server are optional. However, we still need to get a kerberos ticket, which is the last step of this script, since this ticket is what certmonger will use to request the certificates in subsequent steps. Change-Id: I7e9d6a747cdcbe81c9a74a17db5e91aa9d459f65
2016-12-19Merge "Remove unused attr from templates"Jenkins1-1/+0
2016-12-19Merge "Revert "Switch mistral to use authtoken configuration""Jenkins1-4/+2
2016-12-19Revert "Switch mistral to use authtoken configuration"Ben Nemec1-4/+2
It turns out the puppet-mistral change this depends on broke introspection, so we need to back it out for now. This reverts commit ed029e5bf279945e82bff8766af4093856a7ac6a. Change-Id: I828478267935cdc68aa24de8c9dc2d12fcadb631