aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-06Merge "Add monitoring agents deployment to CI"Jenkins2-0/+7
2017-04-06Merge "Ensure upgrade step orchestration accross roles."Jenkins1-8/+6
2017-04-06ovn: Add missing configurations requiredNuman Siddique3-0/+13
This patch adds - setting nova config param 'force_config_meta' to True as metadata service is not supported by OVN yet. - Add the necessary iptables rules to allow ovsdb-server traffic for Northbound and Southboud databases. - Update the release notes for OVN. Change-Id: If1a2d07d66e493781b74aab2fc9b76a6d58f3842 Closes-bug: #1670562
2017-04-06Add trigger to setup a LDAP backend as keystone domaineCyril Lopez3-0/+50
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo who will call a define in puppet-keysone ldap_backend.pp. Given the following environment: parameter_defaults: KeystoneLDAPDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. This also enables multi-domain support for horizon. Closes-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643 Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2017-04-06Remove "Core" Service from the CI Environment fileSaravanan KR1-2/+0
OS::TripleO::Services::Core is still referenced in the CI roles enviornment file. Because of which CI is failing when service template is modified. Removing the obsolete service. Closes-Bug: #1680043 Change-Id: I168452fa5c2e6d6d8fdf829b9b02996d9ca5532a
2017-04-06Merge "Add logging agents deployment to CI"Jenkins2-0/+10
2017-04-06Merge "Add parameters for internal TLS for swift proxy"Jenkins1-2/+31
2017-04-05Merge "Ironic containers: chown /var/lib/ironic correctly"Jenkins1-4/+1
2017-04-05add configurable timeouts for DB syncMike Bayer3-0/+14
This patch integrates with the db_sync_timeout parameter recently added to puppet-nova and puppet-neutron in I6b30a4d9e3ca25d9a473e4eb614a8769fa4567e7, which allow for the full db_sync install to have more time than just Pupppet's default of 300 seconds. Ultimately, similar timeouts can be added for all other projects that feature db sync phases, however Nova and Neutron are currently the ones that are known to time out in some environments. Closes-bug: #1661100 Change-Id: Ic47439a0a774e3d74e844d43b58956da8d1887da
2017-04-05yum_update.sh - Use the yum parameter: check-updateMatthew Flusche1-3/+11
The current check tends to produce a false positive causing unnecessary service restarts. yum check-update will exit with return code 100 if updated packages are available. Change-Id: I8bd89f2b24bafc6c991382b9eb484cfa9a2f8968
2017-04-05Ironic containers: chown /var/lib/ironic correctlyDan Prince1-4/+1
This updates the docker version of ironic-conductor.yaml so that it sets permissions on the entire /var/lib/ironic tree correctly. Since 1a4ece16cea40075fe7332ed048b9c289b3ff424 we bind mount in /var/lib/ironic from the host (created via Ansible if it didn't already exist). This caused a subtle permissions issue in that the Ironic conductor service can no longer create sub-directories it needs to operate. Change-Id: I1eb6b5ddad7cd89ee887e2e429ebe245aa7b80dc Closes-bug: 1677086
2017-04-05Merge "Add l2gw neutron service plugin support"Jenkins6-0/+84
2017-04-05Merge "Addition of firewall rules for Nuage"Jenkins3-7/+11
2017-04-05Merge "Disable core dump for setuid programs"Jenkins2-0/+14
2017-04-05Fixing acronym for BGPVPN composable serviceRicardo Noriega3-3/+3
Change-Id: I397a6ad430cef5ddb4eee48347ad4c89144ad01e Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-04-05Allow configuring enabled hardware types for IronicDmitry Tantsur2-0/+15
This enabled ``ipmi`` hardware type with all defaults + support for socat-based nova-compatible serial console. Part of blueprint ironic-driver-composition Depends-On: Ie434609c62cf052ee169a0fac0db3200647a1af0 Change-Id: Iecead2d6581dff7a9cead58de6505567d7cd2402
2017-04-05Use httpd in Zaqar docker serviceThomas Herve1-3/+6
Move the Zaqar WSGI service to use httpd in docker deployment. Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: If9b16c1aa3529386e68961e3dda5f613ac57b44b
2017-04-05Use kolla api to set ownershipMartin André2-21/+10
Kolla provides a way to set ownership of files and directory inside the containers. Use it instead of running an additional container to do the job. Change-Id: I554faf7c797f3997dd3ca854da032437acecf490
2017-04-05Add parameters for internal TLS for swift proxyJuan Antonio Osorio Robles1-2/+31
This adds the necessary parameter for swift proxy to be terminiated internally by a TLS proxy. bp tls-via-certmonger Change-Id: I3cb9d53d75f982068f1025729c1793efaee87380 Depends-On: I6e7193cc5b4bb7e56cc89e0a293c91b0d391c68e
2017-04-04Use the local collector to bootstrap deployed serversSteve Baker2-15/+24
os-collect-config is already configured to use json files in /var/lib/os-collect-config/local-data/ as a data source, so this can be used in the deployed-server get-occ-config.sh to copy in the required json to generate the required os-collect-config.conf. Co-Authored-By: James Slagle <jslagle@redhat.com> Closes-Bug: #1679705 Change-Id: Ibde9e6bf360277d4ff64f66d637a5c7f0360e754
2017-04-04Enables support for configuring Cinder with Pure StorageSimon Dodsley4-0/+89
FlashArray storage backend This adds the necessary parameters for: - Pure Storage FlashArray Block Storage driver configuration Change-Id: I5b5617dd57015c0944a2d0c60187b01ede09b480
2017-04-05Merge "Add params to tweak memory limit on mongodb"Jenkins2-0/+8
2017-04-04Merge "Remove kolla_config copy from services"Jenkins36-473/+133
2017-04-04Add monitoring agents deployment to CIMartin Mágr2-0/+7
This patch enables deployment of sensu-client service in scenario001. Depends-On: I4895e3b6d3d0e2c12c083133e423cafeecbafe88 Depends-On: Ibabd4688c00c6a12ea22055c95563d906716954d Change-Id: I377811878712b7615c38094ecbf55dcc67d9ddd5
2017-04-04Merge "Remove not-working all-in-one upgrade environment"Jenkins1-2/+0
2017-04-04Merge "Purge initial firewall for deployed-server's"Jenkins3-0/+12
2017-04-04Enforce upgrade_batch_tasks before upgrade_tasks ordermarios1-19/+12
If we really want upgrade_batch_tasks before the upgrade_tasks as described in the README then we should enforce the ordering Noticed this working on bug 1671504 upgrade tasks were being executed before batch upgrade tasks. Closes-Bug: 1678101 Change-Id: Iaa1bce960a37c072b5f8441132705a6bb6eb6ede
2017-04-04Ensure upgrade step orchestration accross roles.Sofer Athlan-Guyot1-8/+6
Currently we don't enforce step ordering across role, only within role. With custom role, we can reach a step5 on one role while the cluster is still at step3, breaking the contract announced in the README[1] where each step has a guarantied cluster state. We have to remove the conditional here as well as jinja has no way to access this information, but we need jinja to iterate over all enabled role to create the orchestration. This deals only with Upgrade tasks, there is another review to deal with UpgradeBatch tasks. [1] https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/README.rst Closes-Bug: #1679486 Change-Id: Ibc6b64424cde56419fe82f984d3cc3620f7eb028
2017-04-04Increase documentation about parametersJuan Badia Payno2-3/+33
CollectdServer, CollectdServerPort, CollectdSecurityLevel, CollectdUsername, CollectdPassword Change-Id: I43a0aca6f620f2570bdfd88531e70611867337b0
2017-04-04Merge "Add ceilometer ipmi agent"Jenkins4-0/+82
2017-04-03Add params to tweak memory limit on mongodbPradeep Kilambi2-0/+8
The puppet-tripleo change was added in Ie9391aa39532507c5de8dd668a70d5b66e17c891. Closes-bug: #1656558 Change-Id: Ibe2e4be5b5dc953d8d4b14f680a460409db95585
2017-04-03Add support for "neutron" Ironic networking pluginDmitry Tantsur2-0/+30
This enabled a lot of advanced networking features (see the release note). Related to blueprint ironic-driver-composition Change-Id: I20ea994fec36d73e618107b5c3594ec1c0f8cb93 Depends-On: I72eb8b06cca14073d1d1c82462fb702630e02de3
2017-04-03Addition of firewall rules for Nuagelokesh-jain3-7/+11
Added VxLAN and metadata agent firewall rules to neutron-compute-plugin for Nuage. Removed a deprecated parameter 'OSControllerIp' as well. Change-Id: If10c300db48c66b9ebeaf74b5f5fee9132e75366
2017-04-03Purge initial firewall for deployed-server'sJames Slagle3-0/+12
We need to purge the initial firewall for deployed-server's, otherwise if you have a default REJECT rule, the pacemaker cluster will fail to initialize. This matches the behavior done when using images, see: Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3 I0dee5ff045fbfe7b55d078583e16b107eec534aa Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911 Closes-Bug: #1679234
2017-04-03Remove kolla_config copy from servicesMartin André36-473/+133
Simplify the config of the containerized services by bind mounting in the configurations instead of specifying them all in kolla config. This is change is useful to limit the side effects of generating the config files and running the container is two separate steps as config directories are now bind-mounted inside the container instead of having files being copied to the container. We've seen examples of Apache's mod_ssl configuration file present on the container preventing it to start when puppet configured apache not to load the ssl module (in case TLS is disabled). Co-Authored-By: Ian Main <imain@redhat.com> Change-Id: I4ec5dd8b360faea71a044894a61790997f54d48a
2017-04-03Remove not-working all-in-one upgrade environmentSteven Hardy1-2/+0
This won't work because we need to change the state of UpgradeLevelNovaCompute and EnableConfigPurge during the upgrade - it should have been removed before release, which was an oversight. Removing this now to avoid further confusion in future. Change-Id: I16853cdec6c8fe6ad54f17ae2ad1e0460f1574ea Closes-Bug: #1679214
2017-04-03Merge "Qpid dispatch router composable role"Jenkins6-1/+75
2017-04-03Merge "Remove useless trailing '\n' in /etc/hosts file."Jenkins1-1/+1
2017-04-03Merge "Remove EC2 endpoint from EndpointMap"Jenkins2-83/+0
2017-04-03Disable ceilometer APIPradeep Kilambi5-7/+11
Ceilometer API has been deprecated since Ocata. lets disable it by default and add an env file to enable it if needed. Closes-bug: #1676968 Change-Id: I571f5467466c29271e0235e8fde6bdae07c20daf
2017-04-03Merge "Change heat and mistral to use v3/ec2tokens url"Jenkins2-2/+10
2017-04-03Merge "Fixes port binding controller for OpenDaylight"Jenkins2-0/+46
2017-04-02Merge "Setting keystone region for tacker"Jenkins1-0/+1
2017-04-02Merge "Set auth flag so ceilometer auth is enabled"Jenkins3-0/+15
2017-04-01Merge "Add special case upgrade from openvswitch 2.5.0-14"Jenkins3-4/+11
2017-04-01Add missing name properties on deloyment resourcesJames Slagle2-0/+3
Adds some missing name properties on deployment resources where they were lacking. It's convention in TripleO that all the deployment resources have the name property set. Change-Id: I6464b099e725f8469163c887676d56d769e2f9b1
2017-03-31Merge "Don't check haproxy if external load-balancer is used."Jenkins1-1/+13
2017-03-31Set auth flag so ceilometer auth is enabledPradeep Kilambi3-0/+15
Ceilometer Auth should be enabled even if ceilometer api is not. Lets decouple these, this flag will be used in puppet-tripleo where ceilometer::keystone::auth class is initialized. Change-Id: Iffebd40752eafb1d30b5962da8b5624fb9df7d48 Closes-bug: #1677354
2017-03-31Update ceph-rgw acccepted roles to fix OSP upgradeKeith Schincke1-1/+1
This patch updates ceph::keystone::auth::roles to remove "member" and add "Member". The previous entry breaks OSP N to O upgrades when ceph-rgw is enabled. This patch fixes: https://bugs.launchpad.net/tripleo/+bug/1678126 Closes-bug: 1678126 Change-Id: I2e442eda98e2e083d6f4193fb38a0484919a6d33
2017-03-31Add special case upgrade from openvswitch 2.5.0-14marios3-4/+11
In [1] we removed the previously used special case upgrade code. However we have since discovered that for openvswitch 2.5.0-14 the special case is still required with an extra flag to prevent the restart. This adds the upgrade code back into the minor update and 'manual upgrade' scripts for compute/swift. The review at If998704b3c4199bbae8a1d068c31a71763f5c8a2 is adding this logic for the ansible upgrade steps. Related-Bug: 1669714 [1] https://review.openstack.org/#/q/59e5f9597eb37f69045e470eb457b878728477d7 Change-Id: I3e5899e2d831b89745b2f37e61ff69dbf83ff595