aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-02-03Added further security functionality in release notes.lhinds1-7/+17
This patch seeks to add futher security functions present within tripleo for the ocata release. Change-Id: Ie89b85589c2dfd3580de75253b73009b5d06c9f2
2017-02-03Merge "Moving the validation for using the template alias version for all ↵Jenkins3-6/+9
templates"
2017-02-03Merge "Switch item notation to jinja format"Jenkins1-2/+2
2017-02-02CI: enable debug on multinode and upgrade jobEmilien Macchi2-0/+2
We're running TripleO CI jobs outside TripleO projects (nova, gnocchi, etc), folks need more debug to be helpful. Change-Id: I512ad89d9ac82ae62f9cbe7d0029fb1ac7445cc9
2017-02-02Remove old host paramPradeep Kilambi1-6/+0
Change-Id: Ib9e1a4ccdf447455a330687184eae471b9f3f4d4 Depends-On: I2b48d23006e38f56f04456b4556374bf0fcdb14a
2017-02-02Switch item notation to jinja formatMarius Cornea1-2/+2
This change fixes the item variable notation in puppet/services/ceph-osd.yaml. Change-Id: I4d105619e4ac913b4a711bf91fea5f6e3c9b4caa Closes-Bug: 1661339
2017-02-02OVN plugin configuration fixesBabu Shanmugam3-13/+28
This patch renames certain ovn plugin and controller configuration parameters as well as adds some additional ml2 configuration parameters. It also disables the need for the neutron metadata agent. Co-authored-by: Numan Siddique <nusiddiq@redhat.com> Change-Id: Idc9e7ef4a1b88013bca3eac3c136e4710e38a5c0
2017-02-02Merge "Allow the override of pacemaker::corosync::settle_tries"Jenkins1-0/+7
2017-02-02Add pacemaker composable upgrade stepsMathieu Bultel1-0/+15
This review adds the pacemaker ansible upgrade steps into the pacemaker service manifest. It makes use of the ansible-pacemaker module which for now is at https://github.com/redhat-openstack/ansible-pacemaker Change-Id: I33c798a198046d5f66e6b20f86080a8187dc208b
2017-02-02Merge "Don't run yum_update.sh inside docker"Jenkins1-0/+5
2017-02-02Merge "Temporary UCSM mapping files should be opened with write mode"Jenkins1-2/+6
2017-02-02Merge "Use common directory in CI scenario for net-config"Jenkins1-2/+2
2017-02-02Merge "Don't run ceilometer-upgrade via upgrade_tasks"Jenkins1-3/+0
2017-02-02Moving the validation for using the template alias version for all templatesCarlos Camacho3-6/+9
Currently we are applying this validation for the services templates, this submission moves it to run with all templates. Also fixed those templates not using the alias name. Change-Id: I3a2c0ce6adcc8061fdc51f73fdc6b9748c0fead9
2017-02-02Remove unused SR-IOV parameter NeutronSupportedPCIVendorDevsSaravanan KR2-10/+0
This parameter has been removed in neutron from the sriov conf file, in Ocata. Removing the parameter from tripleo. Closes-Bug: #1660929 Change-Id: Icd8a1f6c9049434fd86ceeb24881e1ed49f2bb17
2017-02-01Merge "Add more explicit messagae to build_endpoint_map's check option"Jenkins1-2/+3
2017-02-01Merge "Add deployed server bootstrap for RHEL"Jenkins3-0/+42
2017-02-01Merge "Validate that endpoint_map.yaml is up to date in the gate"Jenkins1-0/+1
2017-02-01Merge "Add ability to toggle swift's ceilometer transport_url SSL"Jenkins1-0/+7
2017-02-01Add more explicit messagae to build_endpoint_map's check optionJuan Antonio Osorio Robles1-2/+3
This will hopefully help developers know what to do if their patch fails this verification. Change-Id: I01fe9ca30295c6264affdbdb773b039a744289ea
2017-02-01Validate that endpoint_map.yaml is up to date in the gateZane Bitter1-0/+1
Change-Id: I72aa48c72c825151739cb478c58e9a6c841c9130
2017-02-01Configure VNC Server listen address through t-h-tJuan Antonio Osorio Robles2-0/+2
This adds an entry for libvirt (which is used by the VNC server) on which we can tell it via t-h-t on which IP address to listen on. Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b Related-Bug: #1660099
2017-02-01FreeIPA: don't preprovision service principals if novajoin is enabledJuan Antonio Osorio Robles1-7/+12
novajoin will do this once it's enabled in CI. Change-Id: I9f19d833f306930704b09de0c4d425461f1f3f63
2017-02-01Don't run ceilometer-upgrade via upgrade_tasksSteven Hardy1-3/+0
This needs to be run by puppet or ansible runs it as root and the later run by puppet fails due to permissions on the logfile. Probably we need to remove the *sync calls for most services to avoid similar issues, now that we're running puppet as part of the pre-converge upgrade process but that will be done in another patch. Change-Id: I808db2c175325a25058226842684558ea06fb5c5 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-02-01Remove Gemfile and RakefileEmilien Macchi2-31/+0
We are not running syntax and lint jobs in THT for master & newton, let's remove useless files. Change-Id: Ia572a0eb8872ab199bc68a51750dfc17ca5ee034
2017-02-01Disable the deprecation warnings as errors for puppet-syntaxEmilien Macchi1-0/+1
Recently puppet4 started deprecating ruby 2.0 with the following commit: https://github.com/puppetlabs/puppet/commit/e9eda7ed56fddcf185fc155d7e0ae054ea327504 One way to work-around this (in the absence of a more recent ruby version) is to not treat this deprecation warnings as fatal when doing the puppet syntax check Change-Id: Id49c5068ab4609e3da0417af4714e8cb8485f3d1 Closes-Bug: #1660943
2017-01-31Add ability to toggle swift's ceilometer transport_url SSLJuan Antonio Osorio Robles1-0/+7
So, if RabbitClientUseSSL is set, this will enable TLS for the swift's ceilometer message broker connection. Change-Id: Ide70a509aefc9e7eb9d7cc5b3a60520fa42b4010 Depends-On: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
2017-01-31Merge "Configure DPDK options to isolate PMD cores and ovs process cores"Jenkins1-1/+7
2017-01-31Merge "docker: eliminate copy-json.py in favor of json-file"Jenkins7-107/+54
2017-01-31Merge "Removes deprecated neutron-opendaylight-l3 env file"Jenkins1-14/+0
2017-01-31Use common directory in CI scenario for net-configMathieu Bultel1-2/+2
The multinode_major_upgrade scenario is using an external directory for net-config. Moving this to the internal directory in tht common/ Change-Id: I41692d2ddb9fbd2002fd7910933ab4edff74f33e
2017-01-30Merge "Add upgrade support for CephRGW service"Jenkins1-0/+11
2017-01-30Introduce Octavia implementation servicesBrent Eagles3-0/+233
Initial service definition files for Octavia backend services. Change-Id: I1ae2bc0387dff5218f731f1860277dc1ad2b9528 Partially-implements: blueprint octavia-service-integration Depends-On: Ic6f945cdf36744382a4a63fcc374d5562964ca68 Depends-On: I1dd1873b646e8569ed0a85c5ee7eb3bec3a8b1fa
2017-01-30Describe use of Manila/CephFS in capabilites_mapGiulio Fidente2-10/+41
This is meant to describe in the UI how to use the manila-cephfsnative-config environment file to deploy Manila with Ceph as backend using either a TripleO managed or an externally managed Ceph cluster. Also adds a puppet-ceph.yaml environment file meant to enable the deployment of a Ceph cluster, given that storage-environment.yaml is meant to be customized by the user instead. Change-Id: Iefd7056a9bc079025e6ac4dd50edcd2e2635e1b0
2017-01-30Merge "multinode/upgrade: set heat::rpc_response_timeout to 600"Jenkins1-0/+1
2017-01-29docker: eliminate copy-json.py in favor of json-fileDan Prince7-107/+54
This patch rewires how we configure the Kolla external config files via Heat templates and uses a more simple json-file heat hook to directly write out Kolla config files to disk. By using a heat hook instead of a shell script we can avoid Json conversion issues. Additionally, This generic json file hook will be useful for other ad-hoc Json file configuration within the TripleO docker architecture. Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I8c72a4a9a7022f722bfe1cef3e18517605720cce Depends-On: I2b372ac2e291339e436202c9fe58a681ed6a743f Depends-On: Id3f779b11e23fd3122ef29b7ccbae116667d4520
2017-01-27Merge "Add AuditD composable service"Jenkins6-0/+184
2017-01-27Merge "Pass parameters for TLS proxy in front of neutron server"Jenkins1-1/+32
2017-01-27multinode/upgrade: set heat::rpc_response_timeout to 600Emilien Macchi1-0/+1
Continue the work done on https://review.openstack.org/#/c/423302/ Change-Id: I931534e0ec33e131809186f74068eb479d38a0f9
2017-01-27Merge "Remove create-legacy-resource-types opts"Jenkins1-1/+1
2017-01-27Merge "Use os-net-config in multinode jobs"Jenkins6-10/+124
2017-01-27Pass parameters for TLS proxy in front of neutron serverJuan Antonio Osorio Robles1-1/+32
If TLS in the internal network is enabled, we run neutron-server behind a TLS proxy (which is actually httpd's mod_proxy). This passes the necessary hieradata. bp tls-via-certmonger Depends-On: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e Change-Id: I9252512dbf9cf2e3eec50c41bf10629d36070bbd
2017-01-27Use os-net-config in multinode jobsEmilien Macchi6-10/+124
Full credits to James Slagle, author of this code in TripleO CI: https://review.openstack.org/#/c/409346 This patch adds a new template for configuring networking on the Overcloud nodes using os-net-config in multinode jobs. Previously we were not using os-net-config at all. Also updates the multinode.yaml environment to use this network config template. The IP of each subnode is used when the vxlan tunnels are configured in OVS, given that, each node needs its own unique network configuration. To accomodate that, the templates makes use of the network_config_hook function to influence run-os-net-config.sh This patch is just the first step to totally switching to os-net-config in multinode jobs. The devstack-gate code is still in use to bootstrap the initial networking on the undercloud and subnodes. That will be switched over in subsequent patches. Change-Id: I6efa71eb23109d0b3b480061135c572ab89f5981 Co-Authorized-By: James Slagle <jslagle@redhat.com> Implements: blueprint multinode-ci-os-net-config
2017-01-27Add support for Jinja2 includesOliver Walsh1-1/+8
This replicates the behavior of the custom Jinja2 loader from tripleo-common to allow template validation on the local filesystem using tox. Change-Id: I27683ab31187c6334dc5b4b5363a3347874b9a90 Partially-Implements: blueprint overcloud-upgrades-per-service Depends-On: Idc5c3f49c7a2fc7f3622c76da001992cc657384e
2017-01-27Add AuditD composable serviceSteven Hardy6-0/+184
This patch allows the management of the AuditD service and its associated files (such as `audit.rules`) This is achieved by means of the `puppet-auditd` puppet module. Also places ssh banner capabilities map on top of patch Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
2017-01-27Merge "Adds a pre-upgrade check that service is running (step0)"Jenkins30-1/+92
2017-01-27Merge "Adds SSH Banner text into sshd_config"Jenkins5-0/+63
2017-01-27Adds a pre-upgrade check that service is running (step0)marios30-1/+92
Adds a step0 for most services to check that the state is running before continuing with any of the other upgrades steps (these are tagged step0). You can skip this service check by overriding the SkipUpgradeConfigTags parameter as follows: parameter_defaults: SkipUpgradeConfigTags: validation Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
2017-01-27Allow the override of pacemaker::corosync::settle_triesMichele Baldessari1-0/+7
When replacing a controller node, Exec['wait-for-settle'] needs to timeout, which means that the command pcs cluster auth will be executed 360 times with 10 seconds in between. So that means waiting for an hour for no reason. Let's allow to override the settle_tries counter so an operator can shorten it accordingly. Tested this by setting CorosyncSettleTries to 100 and I correctly get proper hiera settings: $ hiera pacemaker::corosync::settle_tries 100 And effectively we try a number of 100 times as opposed to the 360 default: /Stage[main]/Pacemaker::Corosync/Exec[reauthenticate-across-all-nodes]/returns (debug): Exec try 1/100 Change-Id: I5e21b4215cb0b8686d2059b3d71e2444a96719dc Closes-Bug: #1659741
2017-01-27Merge "Allow to separate Horizon from Neutron"Jenkins1-0/+3