aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-27Prepare 6.1.0 (ocata)Emilien Macchi1-2/+2
Change-Id: Idb0423f9cf76234b9f44cacf32dd34cd9ae4e655
2017-04-26Increase documentation about parametersJuan Badia Payno2-3/+33
CollectdServer, CollectdServerPort, CollectdSecurityLevel, CollectdUsername, CollectdPassword Change-Id: I43a0aca6f620f2570bdfd88531e70611867337b0 (cherry picked from commit f209f0aa48d277ecb8300ef33225f6ce6e24a4ae)
2017-04-25Merge "SSHD Service extensions" into stable/ocataJenkins10-5/+46
2017-04-25Merge "sensu: fix upgrade case when service is added" into stable/ocataJenkins1-1/+1
2017-04-25Merge "Deploy ceilometer_auth_enabled to node containing keystone" into ↵Jenkins1-1/+1
stable/ocata
2017-04-25Merge "Remove no longer used environment files - older upgrade workflows" ↵Jenkins6-37/+0
into stable/ocata
2017-04-25Merge "Add migration SSH tunneling support" into stable/ocataJenkins3-1/+22
2017-04-25Merge "SSH known_hosts config" into stable/ocataJenkins11-1/+324
2017-04-25Deploy ceilometer_auth_enabled to node containing keystoneJuan Antonio Osorio Robles1-1/+1
This hiera key is used by keystone to create the ceilometer service user. It works in CI cause keystone and the ceilometer services are in the same node. However, this fails if keystone is deployed on a separate note. We should only deploy it in the nodes containing the keystone service since it's only relevant to create the service user. Change-Id: Ic0f02fe9a78a1fe14ac2b87197692fbd80c003b8 Closes-Bug: #1685828 (cherry picked from commit f1f6b5dc7d698a36f04186856fb94b4115d121dc)
2017-04-24Remove no longer used environment files - older upgrade workflowsmarios6-37/+0
In I7831d20eae6ab9668a919b451301fe669e2b1346 we removed some of the old upgrades but left the environment files removed here. Related-Bug: 1673447 Change-Id: Ib3eca5687285b280832d19b647c3b4aa3d9ac36d (cherry picked from commit 61632a621b1ef0fc0e3d20080eb8a5ff05952bbe)
2017-04-24sensu: fix upgrade case when service is addedEmilien Macchi1-1/+1
When service is added during an upgrade, fix the ansible syntax to use the right variable for return code. Change-Id: I974699fb8b0dcbe5ffa6935c394df4ac8e7b21d4 (cherry picked from commit deb9b4cad5a59e650922067841604a4bc121c228)
2017-04-21Merge "Fix bogus parameters in get_param" into stable/ocataJenkins2-2/+2
2017-04-21SSHD Service extensionsLuke Hinds10-5/+46
This change implements a MOTD message and provides a hash of sshd config options which are sourced to the puppet-ssh module as a hash. The SSHD puppet service is enabled by default, as it is required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293. Also added the service to the CI roles. Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e Depends-On: I1d09530d69e42c0c36311789166554a889e46556 Closes-Bug: #1668543 Co-Authored-By: Oliver Walsh <owalsh@redhat.com> (cherry picked from commit 5e14f95a4a46fcf88293f1b0fa93327566614d43)
2017-04-21Merge "N->O Manual puppet commands have the right modulepath." into stable/ocataJenkins2-2/+5
2017-04-21Merge "Run token flush cron job hourly by default" into stable/ocataJenkins2-1/+8
2017-04-21Merge "Update Dell EMC Cinder back end services" into stable/ocataJenkins2-0/+6
2017-04-21Merge "Add composable role support for NetApp Cinder back end" into stable/ocataJenkins6-159/+132
2017-04-21Merge "Replace references to the 192.0.2 network" into stable/ocataJenkins13-16/+39
2017-04-21Merge "N->O upgrade, fix wrong parameters to nova placement." into stable/ocataJenkins1-1/+2
2017-04-20Add migration SSH tunneling supportOliver Walsh3-1/+22
This enables nova cold migration. This also switches to SSH as the default transport for live-migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. The TCP transport is no longer used for live-migration and the firewall port has been closed. Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec (cherry picked from commit 0271a63e52b961eab0da2f5c6a61811a7a1498f7)
2017-04-20SSH known_hosts configOliver Walsh11-1/+324
Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c (cherry picked from commit 7d3552a105ad5aa62cad0998c11df5ec6bd06ed6)
2017-04-20Merge "Use comma_delimited_list for token flush cron time settings" into ↵Jenkins1-5/+5
stable/ocata
2017-04-20N->O Manual puppet commands have the right modulepath.Sofer Athlan-Guyot2-2/+5
In two places during upgrade we manually trigger puppet. There can be a problem when new puppet modules are added, and their corresponding symlinks in /etc/puppet/modules are not created during the installation as their are installed in /usr/share/openstack-puppet/modules. To prevent the issue tripleo set modulepath in the templates. We must use the same modulepath to make sure that we don't fail because of missing module in the manual puppet run. This particulary happens when you upgrade from M->N->O, as the base image in Mitaka doesn't have the proper symlinks and they are not created during the installation of the package. Closes-Bug: #1684587 Change-Id: I79df6ea33f1c58e13309176a6de41b7572541fd6 (cherry picked from commit 79c2d0f3d411da9e57731d9da79d25a3e0364eb2)
2017-04-20Merge "Touch /etc/httpd/conf.d/ssl.conf" into stable/ocataJenkins1-0/+4
2017-04-20N->O upgrade, fix wrong parameters to nova placement.Sofer Athlan-Guyot1-1/+2
According to [1] we need os_region_name, not region_name. Furthermore the os_interface is configured as well. The hard check on this parameter was introduced in ocata[2], explaining why the newton version did not chock on it. [1] https://docs.openstack.org/ocata/config-reference/compute/config-options.html [2] https://github.com/openstack/nova/commit/d486315e0 Closes-Bug: #1684058 Change-Id: If6118bf03e832fe3fa5ea4fcb1b436afd2adf80a (cherry picked from commit 88a3168b3019f7c8232c14b95d4c7c6fb5080f03)
2017-04-19Merge "Decouple Swift ringbuilding logic" into stable/ocataJenkins5-94/+10
2017-04-19Merge "Modify pci_passthrough hiera value as string" into stable/ocataJenkins2-2/+10
2017-04-19Run token flush cron job hourly by defaultJuan Antonio Osorio Robles2-1/+8
Running this job once a day has proven problematic for large deployments as seen in the bug report. Setting it to run hourly would be an improvement to the current situation, as the flushes wouldn't need to process as much data. Note that this only affects people using UUID as the token provider. Change-Id: I462e4da2bfdbcba0403ecde5d613386938e2283a Related-Bug: #1649616 (cherry picked from commit 65e643aca2202f031db94f1ccd3d44e195e5e772)
2017-04-19Use comma_delimited_list for token flush cron time settingsJuan Antonio Osorio Robles1-5/+5
This allows us to better configure these parametes, e.g. we could set the cron job to run more times per day, and not just one. Change-Id: I0a151808804809c0742bcfa8ac876e22f5ce5570 Closes-Bug: #1682097 (cherry picked from commit df36f221dd402a5b93585a6851fb1eb43de91967)
2017-04-18Touch /etc/httpd/conf.d/ssl.confLukas Bezdicka1-0/+4
To ensure that yum update passes without issues we touch ssl.conf. Proper fix is https://review.openstack.org/#/c/456712/ Depends-On: Ic5a0719f67d3795a9edca25284d1cf6f088073e8 Closes-Bug: #1682448 Resolves: rhbz#1441977 Change-Id: I73e5272c64df4aa5900f544a5d9f0670544ca679
2017-04-18Fix bogus parameters in get_paramBogdan Dobrelya2-2/+2
Change-Id: I1b5658efaaa26c473ceef184a962ec320f267ffe Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com> (cherry picked from commit e88dfbc4ca115be9522ee0fc0bdb5b60f9ddd7a7)
2017-04-17Merge "Add params to tweak memory limit on mongodb" into stable/ocataJenkins2-0/+8
2017-04-17Merge "Update ceph-rgw acccepted roles to fix OSP upgrade" into stable/ocataJenkins1-1/+1
2017-04-17Add params to tweak memory limit on mongodbPradeep Kilambi2-0/+8
The puppet-tripleo change was added in Ie9391aa39532507c5de8dd668a70d5b66e17c891. Closes-bug: #1656558 Change-Id: Ibe2e4be5b5dc953d8d4b14f680a460409db95585 (cherry picked from commit 75d48838020ad9ff2bbd739212599ec8eb932649)
2017-04-12Update Dell EMC Cinder back end servicesAlan Bishop2-0/+6
Add services for Dell EMC Cinder back ends to the resource registry and to the Controller role (defaulting to OS::Heat::None). Closes-Bug: #1681497 Change-Id: I694fd7738abd3601851bdcd38e3633607ce6152c (cherry picked from commit 5fb637c611c3c8c4daf8e8d2f06d5579b9ef34fd)
2017-04-12yum_update.sh - Use the yum parameter: check-updateMatthew Flusche1-3/+11
The current check tends to produce a false positive causing unnecessary service restarts. yum check-update will exit with return code 100 if updated packages are available. Change-Id: I8bd89f2b24bafc6c991382b9eb484cfa9a2f8968 (cherry picked from commit 9e4375d2762f4a26e8b0b8375f9265ad6e439ea1) Closes-Bug: #1680634
2017-04-12Add composable role support for NetApp Cinder back endAlan Bishop6-159/+132
Convert NetApp Cinder back end to support composable roles via new "CinderBackendNetApp" service. Closes-Bug: #1680568 Change-Id: Ia3a78a48c32997c9d3cbe1629c2043cfc5249e1c (cherry picked from commit c533a3219e47c5a6155e85e089b9f8acdb4a3dd6)
2017-04-12Replace references to the 192.0.2 networkGiulio Fidente13-16/+39
Following change I1393d65ffb20b1396ff068def237418958ed3289 the ctlplane network will be 192.168.24 by default and not 192.0.2 anymore. This change removes old references left to 192.0.2 network from the overcloud templates. (cherry picked from commit b5b6681a74e001448a836e7eea5e75fba859b88c) Closes-Bug: #1682144 Change-Id: I49bd1ac8d594105665010bd898670b17e72fa763
2017-04-11Merge "Use --disable= in subscription-manager to avoid shell expansion." ↵Jenkins1-1/+1
into stable/ocata
2017-04-11Update ceph-rgw acccepted roles to fix OSP upgradeKeith Schincke1-1/+1
This patch updates ceph::keystone::auth::roles to remove "member" and add "Member". The previous entry breaks OSP N to O upgrades when ceph-rgw is enabled. This patch fixes: https://bugs.launchpad.net/tripleo/+bug/1678126 Closes-bug: 1678126 (cherry picked from commit 4656323fc30e67f43d3dbd1ada42b608aa6f79e7) Change-Id: I70e70f96c4aba2c89a9f81973f732d4348b91515
2017-04-11Decouple Swift ringbuilding logicChristian Schwede5-94/+10
This reverts commit b323f8a16035549d84cdec4718380bde3d23d6c3 and uses the new logic in puppet-tripleo, basically doing the same. Closes-Bug: 1665641 Depends-On: Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b Change-Id: Ib5cb0578be2993af0a0b8675005d838640bdb139 (cherry picked from commit 76c1c0cbba38b2f25290f5ad80e38ddd97ae834b)
2017-04-08Merge "Add missing ec2api::api::keystone_ec2_tokens_url config" into ↵Jenkins1-0/+5
stable/ocata
2017-04-07Add trigger to setup a LDAP backend as keystone domaineCyril Lopez3-0/+50
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo who will call a define in puppet-keysone ldap_backend.pp. Given the following environment: parameter_defaults: KeystoneLDAPDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. This also enables multi-domain support for horizon. Conflicts: puppet/services/keystone.yaml Closes-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643 Signed-off-by: Cyril Lopez <cylopez@redhat.com> (cherry picked from commit 347f5434b3e3793b9fdf2a94f49ab7734c5d923b)
2017-04-07Merge "Generate Pre/Post Puppet Tasks for all roles" into stable/ocataJenkins2-13/+11
2017-04-06Merge "Updated from global requirements" into stable/ocataJenkins1-1/+1
2017-04-06Merge "Add manual ovs upgrade script for workaround ovs upgrade issue" into ↵Jenkins5-26/+112
stable/ocata
2017-04-06Merge "Add environment for deployed-server with pacemaker" into stable/ocataJenkins1-0/+4
2017-04-06Add manual ovs upgrade script for workaround ovs upgrade issueMathieu Bultel5-26/+112
When we upgrade OVS from 2.5 to 2.6, the postrun package update restart the services and drop the connectivity We need to push this manual upgrade script and executed to the nodes for newton to ocata The special case is needed for 2.5.0-14 specifically see related bug for more info (or, older where the postun tries restart). See related review at [1] for the minor update/manual upgrade. Related-Bug: 1669714 Depends-On: I3227189691df85f265cf84bd4115d8d4c9f979f3 Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com> [1] https://review.openstack.org/#/c/450607/ Change-Id: If998704b3c4199bbae8a1d068c31a71763f5c8a2 (cherry picked from commit d2d319ec0ead06b860f8464b001048fb4f723788)
2017-04-06Enforce upgrade_batch_tasks before upgrade_tasks ordermarios1-19/+12
If we really want upgrade_batch_tasks before the upgrade_tasks as described in the README then we should enforce the ordering Noticed this working on bug 1671504 upgrade tasks were being executed before batch upgrade tasks. Closes-Bug: 1678101 Change-Id: Iaa1bce960a37c072b5f8441132705a6bb6eb6ede (cherry picked from commit 299b9f532377a3a0c16ba9cb4fe92c637fc38eeb)
2017-04-06Ensure upgrade step orchestration accross roles.Sofer Athlan-Guyot1-8/+6
Currently we don't enforce step ordering across role, only within role. With custom role, we can reach a step5 on one role while the cluster is still at step3, breaking the contract announced in the README[1] where each step has a guarantied cluster state. We have to remove the conditional here as well as jinja has no way to access this information, but we need jinja to iterate over all enabled role to create the orchestration. This deals only with Upgrade tasks, there is another review to deal with UpgradeBatch tasks. [1] https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/README.rst Closes-Bug: #1679486 Change-Id: Ibc6b64424cde56419fe82f984d3cc3620f7eb028 (cherry picked from commit d286892c785b8b81a866ea3c6a459d1fc4a347e8)