Age | Commit message (Collapse) | Author | Files | Lines |
|
We firewall the undercloud, which is only listening on the
provisioning network anyway, but our default settings leave the
overcloud, which needs to be publicly accessible (for a
deployment-specific definition of "public"), wide open. This
seems like a bad default.
Anyone who is deploying additional services can either open the
firewall ports themselves as part of the deployment or can set the
ManageFirewall param to false.
Change-Id: I3731a0a7bc4be94c8e7a289c90d304599634e928
|
|
Both with and without SSL.
Change-Id: I3163cbac8cb37e03ae298fa02e85bdaa66157471
|
|
This is required to allow ha deployments with ManageFirewall: True
These are the ports documented in [1].
1: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Configuring_the_Red_Hat_High_Availability_Add-On_with_Pacemaker/index.html#s1-firewalls-HAAR
Change-Id: I446cc0ed863df15e28fa8ec1f5e2a06c5c03af8c
Closes-Bug: 1594470
|
|
This has been removed by the puppet-firewall module in favor of
explicit dport and sport params. I believe in every case we are
intending to set dport, so that's what this change does.
Change-Id: I35c9efca691f865f2e2562ee81a7195d48d27d7a
|
|
|
|
|
|
Implement NovaCompute service using nova-base for common parameters.
Depends-On: I57f729daf675674ce37b49e17652c575715fbe23
Implements: blueprint composable-services-within-roles
Change-Id: I4494a94a3813d255b9f2d5a18874efd6a63737df
|
|
Implement NovaVncproxy service using nova-base for common
meters.
Change-Id: I6463cad5aa722d8c8febac1414d03637d6daec37
Depends-On: I5bc2a77b5832706bd9167cf40e5a7e0f95d7b346
Implements: blueprint composable-services-within-roles
|
|
Implement NovaConsoleauth service using nova-base for common
meters.
Depends-On: I955b4fc07dc07d8adc32411848e3e131d77a5123
Implements: blueprint composable-services-within-roles
Change-Id: I7248f9c0a7a575675a2c2551ca9f8f51290a6656
|
|
Implement NovaScheduler service using nova-base for common parameters.
Depends-On: I5e1c90e3c6dc556f872ced73744c5c74caaa3635
Change-Id: Ie50716a09c53d656835b16991128c94b35cf1ed2
Implements: blueprint composable-services-within-roles
|
|
Implement NovaApi service using nova-base for common parameters.
Change-Id: Ibcb89b332ab73f18d05e5b2e454964e322b982e6
Implements: blueprint composable-services-within-roles
Depends-On: I1dde63a5a7d1624494a7157a9679f88f4cb780e0
|
|
|
|
|
|
This patch drops the extraconfig interface in favor
of using the composable services nested stack instead.
The benefit is that it is easier to enable multiple services
(like network and storage backends at the same time) and all
of the plumgrid settings get to live in the same file.
Partially-implements: blueprint composable-services-within-roles
Change-Id: I1c5827e3650a29f7a0258531f84ae0f50f22343d
|
|
Partially-implements: blueprint composable-services-within-roles
Depends-On: I8536782d433f97a9b619e54a1eb1ea0edb8fdaf0
Change-Id: I3309997413998f1d90117e361d1578da3633e56c
|
|
Move the settings/parameters for the neutron core plugin and
neutron service plugins into the base role.
Partially-implements: blueprint composable-services-within-roles
Change-Id: Ieb307fa7bc5ecfbc500787e3f292488476f7d850
|
|
Add MongoDB as a composable service.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Idaa3275def3bcdb302a66fc1c88531ff718bcf67
Depends-On: Idb1e78ebec7682fe68ca5902a22cfb6030498091
|
|
They are already included in puppet-tripleo.
Note: in the case of Midonet pluging, keep including the class because
we set service_plugins parameter. This patch adds a TODO so we'll add it
in Hiera when doing the composable plugin in THT.
Change-Id: Ic9303df2d8622d4d4fc4ce21888f00653cf32207
|
|
|
|
|
|
|
|
|
|
|
|
This patch removes a variety of unused Neutron parameters.
Most of these parameters stem from the old days of
tripleo-image-elements and are either no longer used
with or were never completely implemented to begin with.
Partially-implements: blueprint composable-services-within-roles
Change-Id: I478d282640affa89e38004e465458e79bd2d153b
|
|
Adds new puppet and puppet pacemaker specific services for
the Neutron ml2 configuration and the Ovs agent.
Partially-implements: blueprint composable-services-within-roles
Change-Id: I896e5dfe6fae49371c9fe7f47c4364eb6f621b07
|
|
Adds new puppet and puppet pacemaker specific services for
the Neutron server configuration.
Depends-On: I52815f45a04bf3e39940b9cb116261730580a3e2
Partially-implements: blueprint composable-services-within-roles
Change-Id: I1680d4b7044f16d672e99ca356d954b6734af287
|
|
These stacks effectively do nothing. So better replace them with
the None resource.
Change-Id: If1fc759ca7f03f66229c27560cc4b8e10baa0f11
|
|
Nova Cert service was useful when running EC2 API but is now useless
since we don't run it anymore.
This patch aims to remove it, as this is a useless service.
Change-Id: If5165e98d3c7b982d091f6e80195fb02135e1368
|
|
|
|
|
|
Implement NovaConductor service using nova-base for common parameters.
* Move rabbitmq parameters from controller.yaml to nova-base service, as
an example. More parameters will move in the future.
* Move nova-conductor bits from monolithic manifests to the new service
using new profiles from puppet-tripleo.
Depends-On: Iaaf3a3c2528d9747e41f360a1fe55f95ed37b2d1
Implements: blueprint composable-services-within-roles
Change-Id: I178f092b74ae12f2cb6f006db7cb00e4d6bddfd8
|
|
Split Loadbalancer into HAproxy & Keepalived roles.
Depends-On: I8aa9045fc80205485abab723968b26084f60bf71
Change-Id: If2723358099e78052c351a4a45fdf01d116a89df
|
|
|
|
Uses a shared cinder-base resource to do the database
and messaging configuration for all three services.
Depends-On: I3c6d5226eed5f0f852b0ad9476c7cd9a959fda69
Change-Id: I47c5fd190efca5f02e73fd22aba6cda573daf5cc
|
|
Co-Authored-By: Carlos Camacho <ccamacho@redhat.com>
Change-Id: I0d9332f7f4f9116c5435d338a9c35d4fb3f512c6
Implements: blueprint composable-services-within-roles
Depends-On: I60493a3aa64e5136b763e8e2084d728f5f812f8a
|
|
|
|
|
|
|
|
|
|
Adds new puppet and puppet pacemaker specific services for Sahara API
and Sahara Engine.
The Pacemaker templates extend the default Sahara services and swap
in the pacemaker specific puppet-tripleo profile instead.
Change-Id: I1adda514e9592d149a3d45743a9a00b59c28ca38
Depends-On: I0c8bd68f9a98626e9d67ef713c72c9dd05b7cc12
Implements: blueprint composable-services-within-roles
|
|
Nova is using http_proxy_to_wsgi middleware[1][2]. This parses the
headers provided by the proxy, and helps us properly use TLS for
keystone discovery. There was an option introduced in this middleware
to have it disabled by default, and this change enables it.
[1] Ia78f73e96585ab33a379a0b0be6d9682f7fbd810
[2] I808469f24066d382decf55b9dad5312d6e068da7
Change-Id: I3918f24c0c87cb626a28645b46e3df6360d5f924
|
|
Recently the 'host' parameter was added to the neutron manifest. So we
no longer need to manually add it to the configuration.
Change-Id: I6cb73c6d5da8b99680dec97e03ac4805451835fb
Depends-On: I81b86208826e99beccafd2871ce2afd45394e37f
|
|
Recently the 'host' parameter was added to the nova manifest. So we
no longer need to manually add it to the configuration.
Change-Id: I6f3dc50ea8737e5e7cd859685a9308edff976f31
Depends-On: Icce3ebc401442651942f8de3eabffadaad812377
|
|
|
|
|
|
|
|
Some puppet parameters were deprecated, some of them removed.
This patch reduce the number of warnings to a few, and the rest of
warnings are bugs that are in progress by Puppet OpenStack team.
This patch is mostly some cleanup so we don't have useless warnings in
Puppet catalog.
Changes:
* Update Ceilometer auth params
* Update Neutron auth params
* Update Heat auth params
* Update Swift hash suffix param
* Remove neutron::server::notifications::nova_url, useless.
Change-Id: Ie32681a1fe32735f70ba372630da09f91227298c
|
|
|
|
For upgrades to current master newton, we should pin nova compute
rpc to the previous/current version, mitaka.
Implements: blueprint overcloud-upgrades-workflow-mitaka-to-newton
Change-Id: I89c3a8c50e83e682f83aa0d9eb222313676277e6
|
|
The default journal size is 5 gigs. This change stops us
overwriting it with 1 gig that is too small for production.
The config value is used by ceph only when it creates the
journal so this does not affect upgrades.
Change-Id: I4bfd2ab47e131d8fcdd5dc75a5a56cfae8b22d5a
|