| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Currently the description of CI matrix is defined
in tripleo-ci, but the services for each scenario
lives now in THT. This submission moves this table
to the repo in which the configuration is defined.
Change-Id: I9ef1acefc6e1f347528a48edcb4d997a9628fcf6
|
|
This enables the deployer to dynamically add nova metadata to the
servers based on the output of service profiles that implement the
metadata_settings key in the role_data output for the profiles.
One can set an implementation via the OS::TripleO::ServerMetadataHook
resource, which currently is set as OS::Heat::None. So, because of
the default implementation, if left untouched it actually does
nothing.
Currently, besides the list, which is metadata_settings, this hook also
takes the name of the node that it's setting the metadata for.
This is useful for nova vendordata plugins that can parse said metadata.
Change-Id: I8a937f711f0b90156fbb6c4632760435ef846474
|
|
|
|
|
|
|
|
This script is meant for CI and it deploys an instance of FreeIPA.
This instance is needed for deploying TLS everywhere and will serve as
the CA. The parameters relevant to this instance will then be passed to
the overcloud deploy command.
Change-Id: I38b880250c3b30d7fa1c9e56e82a1be8b59b7e30
|
|
In order to call commands that need to be run on a single node, we
create a new per-service variable that will contain the first node of
each role containing the service.
Change-Id: I03e8685f939e8ae1fcd8b16883b559615042505d
Partial-Bug: #1615983
|
|
|
|
|
|
Custom role deployments were not working when ODL API was on a different
node due to firewall rules blocking traffic. This patch adds the
missing rules for the REST communication to ODL (8081 by default), OVSDB
connection (6640), and OpenFlow protocol (6653).
Closes-Bug: 1651476
Depends-On: I1f2af2793d040fda17bf73252afe59434d99f31f
Change-Id: Ic0119c783d01e864c49fa06a66fdd68c059a726b
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
|
|
ODL username and password are already present in the OpenDaylightApi
service. However, when moving the OpenDaylightApi service to its own
custom role, the Controller/Compute nodes no longer have access to these
hiera values. This patch adds them also to the OpenDaylightOvs service.
Closes-Bug: 1651499
Depends-On: I418643810ee6b8a2c17a4754c83453140ebe39c7
Change-Id: I169fdad4c94bd6dfc1fe7cde3d6b19b36d916af7
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Depends-On: Ice921f0fdd4bec6de50e62c39c447ee40dc0e8f5
Change-Id: I4109ac83c32ee2365695611009579a8b117134ff
|
|
Depends-On: I53b156505e08625d56ed6a302cf5b5c30e8e288c
Change-Id: Id9791d8a19a74c1f0855e794170f66542f88a548
|
|
Since we have aodh enabled for alarms, we should set the
notifier to the default queue alarm.all.
Closes-bug: #1590473
Change-Id: Ibcb5076424ac2ddcd18ff717d82da1aec4c035cb
|
|
This patch updates the endpoint map for Zaqar websockets
so that we use ws (or wss for SSL) instead of the http varients.
This should help resolve protocol issues when trying to make
connections to the websocket API.
Change-Id: Iea88d1e30299cb621424740a39d498defa371ca4
|
|
|
|
|
|
|
|
In the freeipa-enroll.yaml, it can be the case that the node has been
enrolled (via a cloud-init script); in this case, the OTP and the
FreeIPA server are optional. However, we still need to get a kerberos
ticket, which is the last step of this script, since this ticket is what
certmonger will use to request the certificates in subsequent steps.
Change-Id: I7e9d6a747cdcbe81c9a74a17db5e91aa9d459f65
|
|
|
|
|
|
It turns out the puppet-mistral change this depends on broke
introspection, so we need to back it out for now.
This reverts commit ed029e5bf279945e82bff8766af4093856a7ac6a.
Change-Id: I828478267935cdc68aa24de8c9dc2d12fcadb631
|
|
|
|
This switches to using overcloud-full as the OS image for
containerized compute. It includes the following changes:
- install docker, until this change lands
I1eab2a6de721c8f3c21c7df0019f2d4d1cc3775f
- agent image pull has been removed. This avoids a race between docker
starting and the current call to pull. This relies on "docker run"
to do the initial pull and leaves open the option of some other
prefetch mechanism to do the initial pull
- rely on unit Conflicts= to ensure heat-docker-agents and
os-collect-config do not run at the same time
- tweaks to host bind mounts
- removal of commands which only apply to atomic
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I2e82634785834a877a4dbdbdcd788a9ac1c14a9d
|
|
Currently when the docker environments are invoked, every node has the
boot script run which replaces os-collect-config with the heat-agents
container. This should only be happening on Compute nodes currently,
and each role will be converted to heat-agents one at a time.
This change implements a role-specific NodeUserData resource and uses
that mechanism to run docker/firstboot/install_docker_agents.yaml only
on Compute nodes.
Change-Id: Id81811dbcaf0e661c3980aa25f3ca80db5ef0954
|
|
These ensure that software configuration tasks are not re-run when the
heat-agents container is restarted.
Change-Id: Ieb84fe1f6dd849737ff22f51daa12ddc467dcdde
|
|
|
|
|
|
We can't run this during the upgrade steps, because there are things
which need to happen before any role configuration happens, e.g
installing the new hiera heat-config hook, which must be done before
e.g "ControllerDeployment" runs or the stack update hangs.
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I365b57513590662c3f78a33dc625747f457c48c5
|
|
For some upgrade scenarios, e.g all-in-one deployments, it may
be possible to run the upgrade steps, then apply puppet in one
stack update, so reverse the order here. For normal deployments
the upgrade steps are mapped to OS::Heat::None so this will have
no effect.
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I3c78751349a6ac2bc5dff82f67bffe13750ac21c
|
|
|
|
|
|
|
|
This allows us to take advantage of the composable roles hiera
settings to connect the plugin to the northd/ovndb API without
needing to hard-code the IP of the node running the service.
Change-Id: I2508d48f81c1819ae3521fff271c0bdc50724604
Depends-On: I9af7bd837c340c3df016fc7ad4238b2941ba7a95
Closes-Bug: #1634171
|
|
|
|
This patch swaps out the noop ctlplane port for a more
proper fake neutron port stack. This stack is a swap
in for the OS::Neutron::Port heat resource and can be
controlled via the DeployedServerPortMap parameter.
By relying on <hostname>-<network> naming conventions in the
map we can map IPs to specific servers without using the
Neutron API. This will allow us to inject IP information
into the Heat stack within the new t-h-t undercloud installer
which currently does not run a Neutron service.
Change-Id: I29fbc720c3d582cbb94385e65e4b64b101f7eac9
|
|
Update the run-os-net-config.sh so that we make the
bridge_name and interface_name parameters (supplied by
the SoftwareConfig) optional. This allows operators to
create custom network templates to be used on roles other than
compute and controller which appear to be the only two roles which
set bridge_name and interface_name parameters.
Change-Id: I8997cf8177c1bf0e1f19de5f93dc4e81da1a951f
|
|
When Nova and/or Cinder are using Ceph as backend, qemu will need
to open a connection and two threads for each and every Ceph OSD.
This change raises the max_files (set to 1024 by default) to 32768
and the max_processes (set to 4096 by default) to 131072. The max
number of FDs is per-process, while the max number of processes is
per-user. The values can be overridden via ExtraConfig, no params
are added to the templates.
A more detailed description of the values were chosen can be
found at: https://access.redhat.com/solutions/1602683
Change-Id: I1e79675f6aac1b0fe6cc7269550fa6bc8586e1fb
Depends-On: I258afd3ee6633e4b2ebc45aa8611be652476be0c
|
|
We could already pass metadata to the nova server instances (on
creation) via the ServerMetadata parameter, however, there was no
way of doing this per-role. This introduces that by adding a
{{role}}ServerMetadata parameter for each role. This parameter gets
merged with the ServerMetadata parameter and allows this
functionality.
Note that both default to {}, and so does the result of merging those
parameters with their default values. So nothing changes for the
default settings.
Change-Id: I334edcc51ce7ee82fc13b6cf4c0d74ccb7db099c
|
|
Without this Zaqar API will fail to run due to a missing bind
IP address in the config file.
Change-Id: Icd0a6e85b7455e89f37f05399146d5e743359da8
Closes-bug: #1650307
|
|
There are some requirements for early configuration that involves
e.g setting kernel parameters then rebooting. Currently this can
be done via cloud-init, e.g firstboot templates, but there's been
discussion around enabling a SoftwareDeployment approach instead.
The main advantage of doing it this way is there's an error path
if something goes wrong with the config (except triggering the
reboot as we have to use NO_SIGNAL for that).
Change-Id: Ia54ee654f755631b8062eb5c209a60c6f9161500
|
|
|
|
This patch updates the deployed-server interface to use a
simple hostname -s. The previous hostnamectl --transient
can pick up extra domain name configuration in some cases
that can cause very odd hostname generation if used
with the tripleo-heat-template host file generation.
This would actually break the new undercloud t-h-t installer
in that some of the /etc/hosts entries would be invalid
(no IP address) due to substring replacements failing in
a variety of odd hostname situations. Simplifying the
hostname of deployed servers to just the short version seems
the most sensable way to avoid all this.
Change-Id: Ia7e636d021f948ea5234475cef02f666d8ce6999
|
|
In I9b1f0eaa0d36a28e20b507bec6a4e9b3af1781ae and
I11fcf688982ceda5eef7afc8904afae44300c2d9 we added a manual step
for upgrading openvswitch in order to specify the --nopostun
as discussed in the bug below.
This change adds a minor update to make this workaround more
robust. It removes any existing rpms that may be around from
an earlier run, and also checks that the rpms installed are
at least newer than the version we are on.
This also refactors the code into a common definition in the
pacemaker_common_functions.sh which is included even for the
heredocs generating upgrade scripts during init. Thanks
Sofer Athlan-Guyot and Jirka Stransky for help with that.
Change-Id: Idc863de7b5a8c116c990ee8c1472cfe377836d37
Related-Bug: 1635205
|
|
The RabbitMQ's puppet manifest configures the node's IP and port through
environment variables. While this would usually be fine, it doesn't
allow us to use TLS-only, since it will always try to start a TCP
listener. So, by setting these values through the config file, when
setting ssl_only for rabbitmq, they will effectively be discarded and
thus allow us to use an SSL listener on the same port.
Change-Id: I33d051a8c740baf69b99517378e1f9b0f3cc1681
|
|
This reads makes Django take the X-Forwarded-Proto header into account
when forming URLs.
Change-Id: Ice64de9a11d7819ae7f380279ff356342d9b6673
Depends-On: Ifed7d4c3409419c01c5b20c707221c1fc76ea09e
|
Jenkins
Carlos Camacho
Juan Antonio Osorio Robles
Michele Baldessari
Tim Rozet
Pradeep Kilambi
Dan Prince
Ben Nemec
Steve Baker
Steven Hardy
Giulio Fidente
marios