Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch allows the management of the AuditD service and its associated
files (such as `audit.rules`)
This is achieved by means of the `puppet-auditd` puppet module.
Also places ssh banner capabilities map on top of patch
Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d
Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
|
|
|
|
|
|
Adds a step0 for most services to check that the state is running
before continuing with any of the other upgrades steps (these are
tagged step0).
You can skip this service check by overriding the
SkipUpgradeConfigTags parameter as follows:
parameter_defaults:
SkipUpgradeConfigTags: validation
Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
|
|
|
|
|
|
|
|
|
|
Allow to deploy 2 different nodes with Neutron and another with Horizon.
Horizon will get the right hieradata to collect the mechanism driver and
configure the dashboard correctly.
Change-Id: I24621f6a7d053cff487984bab0d10a4a97204675
Closes-Bug: 1659662
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Adds an initial release note for composable upgrades - I had to be
vague in the upgrades section as we're still working out some details
of the final upgrade workflow for all roles.
Change-Id: Iac0af86f3b56a07070a9d24b1255953f5fd07b34
|
|
|
|
The 'ceph' metapackage is only provided by some repos so we should
not explicitly pull it.
Also adds a validation step to the CephMon and CephOSD roles to
stop upgrade if the Ceph cluster is in error state.
Change-Id: I5aa275677ada47a352a327b9be21927b852d16f3
|
|
|
|
|
|
|
|
|
|
So we can version it between releases like we do with scenarios.
Change-Id: I3e3aa5d4fa7e03d1f4483bf42fcff17386b58709
|
|
|
|
This change adds a profile to deploy the Ceph RBD mirroring daemon
as a Pacemaker resource.
Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948
Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789
Closes-Bug: #1652177
|
|
|
|
Allow use of ooo template to populate banner text into /etc/issue
Change-Id: If5b2da9415f10652a0a64503b2da4b63d1018640
Depends-On: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e
Closes-Bug: #1640306
|
|
It may be that we want ways to selectively disable certain tasks,
such as pre-flight validations that might fail when restarting an
upgrade from a failed state. This shows a way we might do that.
Depends-On: I18214f80be9f3ad6c2d385fc00f3b786d3e7dda3
Change-Id: Ibffaaf1de0baf47a0450daa5b7cbb57d38746556
|
|
|
|
|
|
|
|
Change-Id: I62735676b45a881a7dac24171b26d88d6eb60d4a
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
Change-Id: Ie1fe7db081d69db4b99869057352367e8e01760c
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
Use heat conditions to skip resources (conditionally create them)
when there are no tasks to deploy.
This requires the heat fix Iefae1fcea720bee4ed69ad1a5fe403d52d54433c
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I2f43fb922d122ffade20e35738f0ba3bb56a4492
|
|
This takes a subset of the logic from major_upgrade_ceph_storage.sh
and ports it into ansible tasks, which will be applied in a rolling
upgrade after the mon services are upgraded (in the step0 batch).
Change-Id: I6e87969add301e78bb665d7748e5f0df8eeae819
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
Initial support for a rolling upgrade of ceph-mon services which
happens before the OpenStack services are upgraded.
Change-Id: Ifaebbe2ae884bd899cdc6f1c288274e5838792a6
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
Some services (e.g ceph mon) require upgrading in batches (the old
upgrade architecture did the ceph mon upgrade one controller at a
time). This interface enables doing the same, and over time we
can probably move more services into this interface (e.g when
services support rolling upgrades) to reduce downtime.
Change-Id: If581f301a5493ef33ac1386bdc22f9fca4f2544e
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
castellan (the key manager interface used by nova and cinder) is no
longer tied to keystone v3 [1]. So now it's possible to use versionless
endpoints for keystone.
[1] I124c0ea2d9403d6b530b33f18896c4e7bf4eabb5
Change-Id: Id5d893a6a41077ab76ca59295593a27be5c3004c
|
|
The current default is empty which overrides the puppet-gnocchi
os_workers calculated value. Instead default to the os_workers.
Change-Id: I9bf9a107c03172500f7c8c5e4353c20305c8e6b5
|
|
These metadata settings (the hardcoded metadata and the hook override)
are used by the novajoin service when it's deployed in the undercloud,
and will tell it to enroll the overcloud nodes and the services that are
specified by the metadata hook.
bp novajoin
bp tls-via-certmonger
Change-Id: Ia4645cc356688b7bcf82ed7765c0b74d53d64ed1
|
|
|
|
|
|
|
|
|
|
Change-Id: I9e926e66518ffd15c8a83355c87e8eae26742d5e
|
|
We missed to refactor CephExternal when migrating to the new
hiera hook. The old template would have pushed the value of
ceph::profile::params::client_keys as a string causing the
deployment to fail with:
Error while evaluating a Function Call, {...} is not a Hash
The new template emits that same data as a map, as it happened
for the other services in Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
Change-Id: I3cf59b7d8343d7433047e9ccef310d287dbd47b5
|
|
Change-Id: I0d56dfe012d97e8f7206e8777c1b72a6797c328d
|
|
Horizon provides a password validation check, which OpenStack cloud
operators can use to enforce password complexity checks for users
within horizon.
A dictionary containing a regular expression can be used for
password validation with help text that is displayed if the password
does not pass validation.
HORIZON_CONFIG["password_validator"] = {
"regex": '.*',
"help_text": _("Your password does not meet the requirements."),
}
This change allows injection of the regex into horizons local_settings
file from a tripleo heat template
Change-Id: Ib6517c8f96148bea002b0e3442a26367b236928f
Depends-On: If82a80ed6a8e6e65aecc2a25ee6d60640ae03c9a
Closes-Bug: #1640800
|
|
Change-Id: Ifa10b764ae7c67e089c0d2506a49e474135083bb
Partially-Implements: blueprint overcloud-upgrades-per-service
|