| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
This commit applies the same change that was applied in
Id2df144b678769def204961236624091d4e5c457 for the non-ha case.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: I93e1ee86197bcf271f18a62a27c2f350ed3966ea
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
|
|
The vhost sockets sockets are created with qemu permission, but ovs
runs with root permission. In order to allow ovs to access vhost sockets
reducing the ovs group permission from root to qemu. This is a temprovary
workaround, until ovs fixes the permission issue. The script supports
both ovs2.6 and ovs2.7 versions.
Change-Id: I172956390c19fc9824bf7590cd48bfcf6201191b
|
|
This solves a problem with bind-mounts when the containers are holding
files descriptors open.
At the same time this makes the template more robust to puppet changes
since new config files will be available in the containers without
needing to update the templates.
Partial-Bug: #1698323
Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
|
|
Sometimes the infracloud gateway refuses to ping even though
everything else is working fine. Since we have coverage of this
functionality in the OVB jobs it should be safe to turn it off
here so it stops spuriously failing our jobs.
We can't just set the resource to OS::Heat::None because there
are other resources with dependencies on it. Instead, this adds
a noop version of the validation software config that always
returns true.
Change-Id: I8361bc8be442b45c3ef6bdccdc53598fcb1d9540
Partial-Bug: 1680167
|
|
|
|
|
|
|
|
|
|
Ceilometer API runs under apache. Since this service is
deprecated and disabled in pike, we need to ensure the
apache files are removed during upgrade.
Change-Id: I0c0913e74396bd463f5a6da46f83512bab77b75e
|
|
With the merging of Iad3e9b215c6f21ba761c8360bb7ed531e34520e6 the
roles_data.yaml should be generated with tripleoclient rather than
edited. This change adds in a pep8 task to verify that the appropriate
role files in roles/ have been modified to match how our default
roles_data.yaml is constructed. Additionally this change adds a new tox
target called 'genrolesdata' that will all you to automatically generate
roles_data.yaml and roles_data_undercloud.yaml
Change-Id: I5eb15443a131a122d1a4abf6fc15a3ac3e15941b
Related-Blueprint: example-custom-role-environments
|
|
Before it was Congress, let's stay consistent and stop using CongressApi
in Docker service, because we release.
Change-Id: Id939b3d70e185da4279f3860812fa5dce27d64dd
|
|
As part of the docs migration work[0] for Pike we need to switch to use the
openstackdocstheme.
[0] https://review.openstack.org/#/c/472275/
Change-Id: Ib2b6afb7075c68fecf1fbeaf650a31a7494af49f
|
|
|
|
|
|
|
|
Render all per-network resources and interfaces via j2 to enable
future support for custom networks via network_data.yaml
Note this doesn't enable custom networks for the built-in roles
as we skip j2 rendering for them, this will be resolved by converting
them to use the generic role template instead of the hard-coded
ones listed in the j2_excludes.yaml.
Depends-On: I18fa3829ff38ac200550d8e36bbe334c0005da22
Change-Id: I49565f9389f3ec9aef4861e23a3bed64a85501e6
Partially-Implements: blueprint composable-networks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Change-Id: I714ecad87a406bc237e3d4fdf88bc7e10555693c
|
|
The captialization mismatch here means the role currently doesn't
work.
Change-Id: Iced5004f993f8c100268361d87580d922e47f983
|
|
Allows the configuration of the Neutron LBaaS agent.
Implements: blueprint lbaasv2-service-integration
Change-Id: Iae2bf7faeea93d5275994b2ee10f9bf863ed6152
Depends-On: Ieeb21fafd340fdfbaddbe7633946fe0f05c640c9
|
|
Currently we only consume the name with a special-case
for the disable constraints boolean, but it will be more
flexible if we consume the whole roles_data mapping for
each role, so that e.g composable networks and other
per-role customizations can be expressed in these
templates
Partially-Implements: blueprint composable-networks
Depends-On: Id1249b78b3dd87e91d572ffa31b7a541f3cde2c7
Change-Id: I355534ec456479944f66106e957404a660d8f2d2
|
|
|
|
Depends-On: I020550ede0ef981582392cf6c48dd5cb5823a074
Depends-On: I610b07a3c2bcf1c3288f76112a08b81c50e06913
Depends-On: I3d378044b3da5309b60967a12df7800520a254dc
Depends-On: I9c32b41ef865a09587f3ebfe8b8a896031fbd285
Depends-On: Ib31bf29bc69f5c58e98b99c3e598b19c99efc77f
Change-Id: I36c7390ddb4192e55ee56006fd6e9c5f8704445c
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
It is not necessary to get the Ceph key issueing a get-key to the Ceph
cluster; this change provides the libvirt key via parameter instead.
Change-Id: Iff3dbcb0f1b4d2373570e184e636a71553cea708
|
|
|
|
|
|
|
|
Change-Id: I521e89994e9be6efd335c5809810d9188dc1742f
Closes-Bug: #1684908
|
|
This is part of a larger series that changes the interface used
for configuring which containers are used. This needs CI and
possibly quickstart updates to use this environment file so CI
will continue to pass.
Change-Id: I125137ba45f608cf84ea0a7146edd744a549d23b
Co-Authored-By: Dan Prince <dprince@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We use ping -w <deadline> -c <count>. This will ping every second until
<count> replies are received, or <deadline> is reached, or a network error occurs.
With the current retry logic a network error will result in a short tight loop
instead of waiting for the network to come up.
This change reduces the deadline to 10s, but sleeps 60s between retries.
Change-Id: Ib00cff6f843c04a00737b40e3ef3d1560d6e6d2d
Related-bug: #1680167
|
|
|
|
|
|
This is necessary for accessing the bind mounted hieradata in the
container in order to determine if the node is the primary node.
With the new validation added to yaml-validate.py, we could spot
potential issues in sahara-api and keystone bootstrap tasks.
The keystone one is a false positive, as the image defaults to the root
user in order to be able to run apache. Still, it is better to be
consistent here and specify the root user nonetheless.
Change-Id: Ib0ff9748d5406f507261e506c19b96750b10e846
Closes-Bug: #1697917
|
|
Change-Id: I6a53a56c534f24cb514d8aeb8cec3d7865b93448
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: Id2df144b678769def204961236624091d4e5c457
|
|
Mounting host volumes when running containers via puppet_config already
works and is supported with docker-puppet.py. However, the validation in
yaml-validate.py does not allow it. This patch makes it allowed by the
validation.
It is sometimes necessary since some puppet modules expect to make
persistent file system changes other than just configuration data under
/etc.
In particular, ironic inspector expects to configure a http and tftp
root director with an ipxe configuration. See:
https://github.com/openstack/puppet-ironic/blob/master/manifests/inspector.pp
These changes would be lost if the value for those directories are not
mounted as host volumes.
Change-Id: Ie51c653f4c666fbaaef0ea80990e2e61f4b1353b
|
Martin André
Saravanan KR
Ben Nemec
Jenkins
Pradeep Kilambi
Alex Schultz
Emilien Macchi
Steven Hardy
OpenStack Proposal Bot
Ryan Hefner
Tim Rozet
Keith Schincke
Or Idgar
Ian Main
Oliver Walsh
Sven Anderson
James Slagle