Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch seeks to add futher security functions present within
tripleo for the ocata release.
Change-Id: Ie89b85589c2dfd3580de75253b73009b5d06c9f2
|
|
templates"
|
|
|
|
We're running TripleO CI jobs outside TripleO projects (nova, gnocchi,
etc), folks need more debug to be helpful.
Change-Id: I512ad89d9ac82ae62f9cbe7d0029fb1ac7445cc9
|
|
Change-Id: Ib9e1a4ccdf447455a330687184eae471b9f3f4d4
Depends-On: I2b48d23006e38f56f04456b4556374bf0fcdb14a
|
|
This change fixes the item variable notation in
puppet/services/ceph-osd.yaml.
Change-Id: I4d105619e4ac913b4a711bf91fea5f6e3c9b4caa
Closes-Bug: 1661339
|
|
This patch renames certain ovn plugin and controller configuration
parameters as well as adds some additional ml2 configuration parameters.
It also disables the need for the neutron metadata agent.
Co-authored-by: Numan Siddique <nusiddiq@redhat.com>
Change-Id: Idc9e7ef4a1b88013bca3eac3c136e4710e38a5c0
|
|
|
|
This review adds the pacemaker ansible upgrade steps
into the pacemaker service manifest.
It makes use of the ansible-pacemaker module which for now
is at https://github.com/redhat-openstack/ansible-pacemaker
Change-Id: I33c798a198046d5f66e6b20f86080a8187dc208b
|
|
|
|
|
|
|
|
|
|
Currently we are applying this validation for the services templates, this
submission moves it to run with all templates.
Also fixed those templates not using the alias name.
Change-Id: I3a2c0ce6adcc8061fdc51f73fdc6b9748c0fead9
|
|
This parameter has been removed in neutron from the sriov conf
file, in Ocata. Removing the parameter from tripleo.
Closes-Bug: #1660929
Change-Id: Icd8a1f6c9049434fd86ceeb24881e1ed49f2bb17
|
|
|
|
|
|
|
|
|
|
This will hopefully help developers know what to do if their patch fails
this verification.
Change-Id: I01fe9ca30295c6264affdbdb773b039a744289ea
|
|
Change-Id: I72aa48c72c825151739cb478c58e9a6c841c9130
|
|
This adds an entry for libvirt (which is used by the VNC server) on
which we can tell it via t-h-t on which IP address to listen on.
Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b
Related-Bug: #1660099
|
|
novajoin will do this once it's enabled in CI.
Change-Id: I9f19d833f306930704b09de0c4d425461f1f3f63
|
|
This needs to be run by puppet or ansible runs it as root and the
later run by puppet fails due to permissions on the logfile.
Probably we need to remove the *sync calls for most services to
avoid similar issues, now that we're running puppet as part of the
pre-converge upgrade process but that will be done in another patch.
Change-Id: I808db2c175325a25058226842684558ea06fb5c5
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
We are not running syntax and lint jobs in THT for master & newton,
let's remove useless files.
Change-Id: Ia572a0eb8872ab199bc68a51750dfc17ca5ee034
|
|
Recently puppet4 started deprecating ruby 2.0 with the following
commit: https://github.com/puppetlabs/puppet/commit/e9eda7ed56fddcf185fc155d7e0ae054ea327504
One way to work-around this (in the absence of a more recent ruby
version) is to not treat this deprecation warnings as fatal when
doing the puppet syntax check
Change-Id: Id49c5068ab4609e3da0417af4714e8cb8485f3d1
Closes-Bug: #1660943
|
|
So, if RabbitClientUseSSL is set, this will enable TLS for the
swift's ceilometer message broker connection.
Change-Id: Ide70a509aefc9e7eb9d7cc5b3a60520fa42b4010
Depends-On: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
|
|
|
|
|
|
|
|
The multinode_major_upgrade scenario is using an external
directory for net-config.
Moving this to the internal directory in tht common/
Change-Id: I41692d2ddb9fbd2002fd7910933ab4edff74f33e
|
|
|
|
Initial service definition files for Octavia backend services.
Change-Id: I1ae2bc0387dff5218f731f1860277dc1ad2b9528
Partially-implements: blueprint octavia-service-integration
Depends-On: Ic6f945cdf36744382a4a63fcc374d5562964ca68
Depends-On: I1dd1873b646e8569ed0a85c5ee7eb3bec3a8b1fa
|
|
This is meant to describe in the UI how to use the
manila-cephfsnative-config environment file to deploy Manila with
Ceph as backend using either a TripleO managed or an externally
managed Ceph cluster.
Also adds a puppet-ceph.yaml environment file meant to enable the
deployment of a Ceph cluster, given that storage-environment.yaml
is meant to be customized by the user instead.
Change-Id: Iefd7056a9bc079025e6ac4dd50edcd2e2635e1b0
|
|
|
|
This patch rewires how we configure the Kolla external config files
via Heat templates and uses a more simple json-file heat hook to
directly write out Kolla config files to disk.
By using a heat hook instead of a shell script we can avoid
Json conversion issues. Additionally, This generic json file hook will
be useful for other ad-hoc Json file configuration within the TripleO
docker architecture.
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I8c72a4a9a7022f722bfe1cef3e18517605720cce
Depends-On: I2b372ac2e291339e436202c9fe58a681ed6a743f
Depends-On: Id3f779b11e23fd3122ef29b7ccbae116667d4520
|
|
|
|
|
|
Continue the work done on https://review.openstack.org/#/c/423302/
Change-Id: I931534e0ec33e131809186f74068eb479d38a0f9
|
|
|
|
|
|
If TLS in the internal network is enabled, we run neutron-server
behind a TLS proxy (which is actually httpd's mod_proxy). This passes
the necessary hieradata.
bp tls-via-certmonger
Depends-On: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e
Change-Id: I9252512dbf9cf2e3eec50c41bf10629d36070bbd
|
|
Full credits to James Slagle, author of this code in TripleO CI:
https://review.openstack.org/#/c/409346
This patch adds a new template for configuring networking on the
Overcloud nodes using os-net-config in multinode jobs. Previously we
were not using os-net-config at all.
Also updates the multinode.yaml environment to use this network config
template.
The IP of each subnode is used when the vxlan tunnels are configured in
OVS, given that, each node needs its own unique network configuration.
To accomodate that, the templates makes use of the network_config_hook
function to influence run-os-net-config.sh
This patch is just the first step to totally switching to os-net-config
in multinode jobs. The devstack-gate code is still in use to bootstrap
the initial networking on the undercloud and subnodes. That will be
switched over in subsequent patches.
Change-Id: I6efa71eb23109d0b3b480061135c572ab89f5981
Co-Authorized-By: James Slagle <jslagle@redhat.com>
Implements: blueprint multinode-ci-os-net-config
|
|
This replicates the behavior of the custom Jinja2 loader from tripleo-common to
allow template validation on the local filesystem using tox.
Change-Id: I27683ab31187c6334dc5b4b5363a3347874b9a90
Partially-Implements: blueprint overcloud-upgrades-per-service
Depends-On: Idc5c3f49c7a2fc7f3622c76da001992cc657384e
|
|
This patch allows the management of the AuditD service and its associated
files (such as `audit.rules`)
This is achieved by means of the `puppet-auditd` puppet module.
Also places ssh banner capabilities map on top of patch
Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d
Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
|
|
|
|
|
|
Adds a step0 for most services to check that the state is running
before continuing with any of the other upgrades steps (these are
tagged step0).
You can skip this service check by overriding the
SkipUpgradeConfigTags parameter as follows:
parameter_defaults:
SkipUpgradeConfigTags: validation
Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
|
|
When replacing a controller node, Exec['wait-for-settle'] needs to
timeout, which means that the command pcs cluster auth will be executed
360 times with 10 seconds in between. So that means waiting for an hour
for no reason. Let's allow to override the settle_tries counter so
an operator can shorten it accordingly.
Tested this by setting CorosyncSettleTries to 100 and I correctly get
proper hiera settings:
$ hiera pacemaker::corosync::settle_tries
100
And effectively we try a number of 100 times as opposed to the 360
default:
/Stage[main]/Pacemaker::Corosync/Exec[reauthenticate-across-all-nodes]/returns
(debug): Exec try 1/100
Change-Id: I5e21b4215cb0b8686d2059b3d71e2444a96719dc
Closes-Bug: #1659741
|
|
|