aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-03-09Pass hieradata for internal TLS for RabbitMQJuan Antonio Osorio Robles5-46/+123
As with other services, this passes the necessary hieradata to enable TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo) that there will only be TLS connections, as the ssl_only option is being used. bp tls-via-certmonger Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5 Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
2017-03-09Merge "sahara: configure keystone_authtoken parameters"Jenkins2-3/+9
2017-03-09Merge "barbican: Use versionless keystone endpoints"Jenkins1-3/+3
2017-03-08Enables increasing mariadb open files for noha deploymentsTim Rozet1-0/+6
There is currently an issue where the max open files limit is hit with MariaDB in noha deployments, because it is defaulted to 1024 by system limits. In HA deployments the limit is bumped to 16384. This patch introduces a flag to be able to increase the limit to 16384 for noHA deployments. In the future we should change this to be an integer, and let the operator decide the setting. Since this setting is set in a different path for HA, we would need to implement a change that allows setting both (ha and nonha) via the same integer param. Depends-On: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6 Closes-Bug: #1648181 Related-Bug: #1524809 Change-Id: I95393fc798b833a8575afbff03ef74a839565c5e Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-08Move zaqar into services-dockerDan Prince2-2/+2
This patch moves enabling Zaqar docker services into a separate environment in the environments/services-docker directory. Change-Id: I6755eb7ae2abb2b9c8b213ff6fd21b0392353ef5
2017-03-08Move mistral into services-dockerDan Prince2-3/+4
This patch moves enabling Mistral docker services into a separate environment in the environments/services-docker directory. Change-Id: I8b484532de5f5d61fc0240defbc5fc27789a1279
2017-03-08Move ironic into services-dockerDan Prince2-4/+5
This patch moves enabling Ironic docker services into a separate environment in the environments/services-docker directory. Change-Id: I236de47d422b3563a0192359f2327610fc1714ca
2017-03-08sahara: configure keystone_authtoken parametersEmilien Macchi2-3/+9
Configure keystone_authtoken for Sahara service. Change-Id: I045b7d1d52851ab0d532a8524fcea95705e3db78 Partial-implement: blueprint keystone-v3
2017-03-08Merge "Remove the openvswitch special case upgrade code"Jenkins2-9/+9
2017-03-08barbican: Use versionless keystone endpointsJuan Antonio Osorio Robles1-3/+3
This also moves the explicit usages of the Keystone V3 endpoint fromt he EndpointMap, as using the uri_no_suffix defeats that usage. Change-Id: I5f07a0cee07fa28b88c419e25e014094004b1bce Partial-Implement: blueprint keystone-v3
2017-03-08Move nova-scheduler data into puppet_configDan Prince1-7/+7
This is now required per the puppet_config interfaces for docker services (per I208c1ef1550ab39ab0ee47ab282f9b1937379810) Change-Id: Iab96919cb0a6b15942f3c19f8d28205261174edc
2017-03-08Enable Docker service for Compute roleMartin André2-21/+6
A recent commit [1] change how docker is installed and configured on the overcloud nodes, from a cloud-init script to a proper puppet profile in puppet-tripleo but forgot to enable the docker service on the compute nodes. [1] Ia50169819cb959025866348b11337728f8ed5c9e Change-Id: I202723d0e48f110e5b0dbfe3dcf6646da9f37948
2017-03-07Merge "sshd template, rename hiera key"Jenkins1-1/+1
2017-03-07Remove glance-base serviceEmilien Macchi2-136/+95
glance-base is not useful anymore since we only run Glance API service and there is no plan yet to add new services for Glance. Let's cleanup this useless service and consolidate glance-api service. Change-Id: I73cd0def2ae73e0bd52104c6710998df4a0d2e58
2017-03-07Add puppet_config to docker neutron-l3 serviceDan Prince1-7/+11
This patch makes the neutron-l3 docker service adhere to the new puppet_config interface. Change-Id: If5b73ec90637e878af55c8404d1eff8c18e857c3
2017-03-07Merge "Enable keystone cadf notifications"Jenkins2-0/+7
2017-03-07sshd template, rename hiera keySteven Hardy1-1/+1
This means we can remove the special BannerText hiera reference in the puppet-tripleo profile Change-Id: Id4c8b853fa0e9bcdffe2cf7cd1554a9be7451b25
2017-03-07Merge "Enable composable upgrades for docker service templates"Jenkins33-328/+476
2017-03-07Merge "Add docker composable service template"Jenkins1-0/+43
2017-03-07Merge "Adds upgrade tasks for OpenDaylight services"Jenkins2-0/+37
2017-03-07Merge "Overwrite nova placement with stub for docker"Jenkins1-0/+6
2017-03-06Merge "Fix a typo"Jenkins1-2/+2
2017-03-06Merge "Cinder-api upgrade: use httpd instead of apachectl"Jenkins1-1/+1
2017-03-06Fix bogus parameters in get_paramBogdan Dobrelya2-2/+2
Change-Id: I1b5658efaaa26c473ceef184a962ec320f267ffe Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-03-06Enable keystone cadf notificationsYolanda Robla2-0/+7
It will allow to configure keystone event notifications using CADF, as documented on: https://docs.openstack.org/developer/keystone/event_notifications.html CADF events provide auditing capabilities for compliance with security. Change-Id: Id16b264c295b9e3adbf960366ff8328ba8dcd485
2017-03-06Enable composable upgrades for docker service templatesSteven Hardy33-328/+476
This aligns the docker based services with the new composable upgrades architecture we landed for ocata, and does a first-pass adding upgrade_tasks for the services (these may change, atm we only disable the service on the host). To run the upgrade workflow you basically do two steps: openstack overcloud deploy --templates \ -e environments/major-upgrade-composable-steps-docker.yaml This will run the ansible upgrade steps we define via upgrade_tasks then run the normal docker PostDeploySteps to bring up the containers. For the puppet workflow there's then an operator driven step where compute nodes (and potentially storage nodes) are upgrades in batches and finally you do: openstack overcloud deploy --templates \ -e environments/major-upgrade-converge-docker.yaml In the puppet case this re-applies puppet to unpin the nova RPC API so I guess it'll restart the nova containers this affects but otherwise will be a no-op (we also disable the ansible steps at this point. Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1 Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
2017-03-06Add docker composable service templateSteven Hardy1-0/+43
This uses a puppet-tripleo profile to configure and start docker in step1 of the deployment, which is before we attempt to deploy any containers (see docker/services/README.rst#docker-steps) This enables existing environments on upgrade to configure things correctly, without using the docker/firstboot/setup_docker_host.sh - the firstboot approach may still be needed for atomic, but for environments where we can run puppet on the host this integrates more cleanly with our existing architecture I think. Depends-On: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea Change-Id: If4ffe21579bcb2770f4e5a96be7960b52927a27b
2017-03-06Merge "Make neutron dhcp agents per network conditional"Jenkins2-16/+31
2017-03-06Merge "Use the new hiera hook in all remaining templates"Jenkins7-160/+153
2017-03-06Add validation for VPP upgrade tasksFeng Pan1-1/+11
Change-Id: I54a3cac11ae63c553f831a3f8eeca2cbe4cc88d3 Signed-off-by: Feng Pan <fpan@redhat.com>
2017-03-06Cinder-api upgrade: use httpd instead of apachectlJuan Antonio Osorio Robles1-1/+1
It doesn't work downstream, so the httpd command was recommended. Change-Id: I4807333b80dad10f16e5deb56cbfdda656cd1e50
2017-03-06Merge "ec2-api: Get FQDN from hiera instead of puppet fact"Jenkins1-2/+2
2017-03-06Merge "Removes old environment file references"Jenkins1-13/+0
2017-03-06Merge "Put docker puppet config in puppet_config dict"Jenkins34-180/+261
2017-03-06Use the new hiera hook in all remaining templatesmarios7-160/+153
The new hiera hook in I21639f6aadabf9e49f40d1bb0b1d0edcfc4dbc5e was added to most of the tripleo-heat-templates in Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1 The new hook is installed by default if you use tripleo-common Ia1864933235152b7e899c4442534879f8e22240d and will be installed as part of the Newton to Ocata upgrades workflow in I0c7a32194c0069b63a501a913c17907b47c9cc16 In order to use the new hiera data as part of the upgrade we need to remove the old hieradata which will break anyone still defining and using it. This change updates the remaining vendor plugin manifests to use the new hiera hook. The pre-requisite is that the new hook is installed on their overcloud (as above it comes if you follow the N..O upgrade) Change-Id: Ic95154734cb21e6b941c7f1569295b413963831d
2017-03-04Update properties being set for octavia rabbit propertiesBrent Eagles1-3/+3
A change to puppet-tripleo (Iea5607dbb3ee6b1dd50acc1395de52dc920aa915) altered altered which hieradata was consumed for octavia. This updates the heat templates to sync with that change. Change-Id: I572dd4c25f25ab2ea8b10cabfa4773fae2a2bc91 Closes-Bug: #1670058
2017-03-04Merge "etcd: Get FQDN from hiera instead of puppet fact"Jenkins1-1/+1
2017-03-03Merge "Fix httpd dir create to not error if exists"Jenkins1-1/+1
2017-03-03Merge "Fix Panko API upgrade process"Jenkins1-1/+5
2017-03-03Removes old environment file referencesChristopher Brown1-13/+0
ODL-l3 env file was removed in commit 7163746 manage-firewall was removed in commit 2064ab8 as this was enabled by default Change-Id: I8ed8d4ed5bf709f2ac581adfaacc24a7582f13bd
2017-03-03Fix httpd dir create to not error if existsPradeep Kilambi1-1/+1
In cases where /var/log/httpd already exists, this exits with error code 1. $ sudo docker logs keystone-init-log mkdir: cannot create directory '/var/log/httpd': File exists Change-Id: I62bf08d9fc9e02d5f3016bd14bb0a090b76ac837
2017-03-03Merge "Enable IronicPxe in the undercloud"Jenkins1-0/+1
2017-03-03Merge "Removes opencontrail reference"Jenkins1-5/+0
2017-03-03etcd: Get FQDN from hiera instead of puppet factJuan Antonio Osorio Robles1-1/+1
The puppet facts will be removed soon and using the hiera value is adviced instead. Change-Id: I318f81abaac997370e950780993dc95cae088327
2017-03-03ec2-api: Get FQDN from hiera instead of puppet factJuan Antonio Osorio Robles1-2/+2
The puppet facts will be removed soon and using the hiera value is adviced instead. Change-Id: I3ba89dd9bd471c5723325efc9041ca6da937ccc5
2017-03-03Remove the openvswitch special case upgrade codemarios2-9/+9
Removed from the tripleo_upgrade_node.sh (major upgrade) & yum_update.sh (minor update). The workaround is no longer needed and in fact has the opposite effect killing connectitivity to the node. The 'normal' yum update on nodes delivers the latest openvswitch 2.6.1 with no drama. Also adds a 'complete' message, some extra debug echo for logs and removes the python-zaqarclient install no longer needed Closes-Bug: 1669714 Change-Id: Icd1517bcade36781fa0da21d045ffd9ec68efc38
2017-03-02Fix Panko API upgrade processEmilien Macchi1-1/+5
Upgrade process wasn't consistent and correct. Change-Id: Id1f810d33c2909957be9a2c96d18c96dee939953
2017-03-02Merge "Make UpdateDeployment depend on NetworkDeployment"Jenkins6-0/+6
2017-03-02Overwrite nova placement with stub for dockerDan Prince1-0/+6
This updates kolla config to overwrite the stock version with the puppet-nova generated mock. Depends-On: Ie16a60c604ecf9f4012b0630f91e6ece2b6855db Change-Id: I320f024adc88102ea24c0212702fe2dce826874f Closes-bug: #440612
2017-03-02Enable IronicPxe in the undercloudDan Prince1-0/+1
This enables the IronicPxe services which are split out into separate templates for the containerized undercloud. Change-Id: I0ec3cefec9b47ef3c59de6972541ef9b560aacb7