aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-05-18neutron: set enable_dvr = False if NeutronEnableDVR is falseIhar Hrachyshka2-0/+7
This will make neutron-server stop advertising dvr extension if the cloud is not configured to support this flavor of Neutron routers. Change-Id: I38c8208edff07f7887887918729beb7710068078 Related-Bug: #1450067
2017-05-18Add containerized neutron-metadata agentBrent Eagles2-0/+111
This patch adds support for running the neutron metadata agent in a container. Change-Id: I53c62516c95d62f5ced70818d4eb4c2c341df0d7 Partial-Bug: #1668922
2017-05-18Merge "TLS-everywhere: Configure CA for apache"Jenkins1-0/+6
2017-05-18Merge "Default snmp to less verbose logging"Jenkins2-0/+11
2017-05-18Comment parameters for registry in docker.yamlSteven Hardy1-4/+4
These duplicate the defaults in puppet/services/docker.yaml and break things if you include an environment file (e.g that generated by quickstart containers-default-parameters.yaml) before the docker.yaml. Instead it's probably more helpful to include the commented lines showing how to enable use of a local docker registry. Change-Id: I3896fa2ea7caa603186f0af04f6d8382d50dd97a Closes-Bug: #1691524
2017-05-18Add l2gw neutron agent supportPeng Liu6-6/+124
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging two or more networks together to make them look at a single broadcast domain. This patch implements the l2gw agent which is one of the backend of the l2 gateway service plugin. Change-Id: I1ae8132ceff9410be7bd82caddf0d14251e720bf Depends-On: If1501c153b1b170b9550cb7e5a23be463fba1fe9 Partially-Implements: blueprint l2gw-service-integration Signed-off-by: Peng Liu <pliu@redhat.com>
2017-05-18Merge "Use upper-constraints for tox"Jenkins1-0/+1
2017-05-17Merge "docker/internal TLS: spawn extra container for neutron server's TLS ↵Jenkins2-14/+49
proxy"
2017-05-17Merge "Don't delete failed docker-puppet containers"Jenkins1-1/+3
2017-05-17Use upper-constraints for toxAlex Schultz1-0/+1
Use the openstack upper-constraints when running tox. Change-Id: I9eef36eec749beec0effdb2309fe2ceb9bc557f8 Related-Bug: #1691511
2017-05-17Store role_data in an OS::Heat::Value resourceSteven Hardy1-8/+16
Looking up role_data is very slow, particularly when referencing the RoleData output, as it re-resolves every output for all the (many) nested stacks in the *ResourceChain resources. There is work ongoing to optimize this in heat, but this approach improves performance considerably (my local output-show for RoleData is 10x faster) so we can consider including RoleData in the tripleo dynamic ansible inventory, which may be needed for validations and minor updates in future. Change-Id: I5e6665703e859dc1ec6b60dece70f858c9afaf66
2017-05-17Merge "Only set apache certificates if TLS everywhere is enabled"Jenkins1-15/+18
2017-05-17Consolidate writing json configs with HostPrepTasksSteven Hardy2-98/+56
We already have an ansible deployment that applies the per-service host_prep_tasks, so we can simplify the dependencies here by just doing the docker-steps host preparation at the same time. The motivation behind this is to both simplify the depends_on web we have here, reduce the number of discrete deployments, and also to potentially make running ansible directly e.g for debugging easier. In a future patch we'll convert the configuration steps to work in a similar way, such that they can be more easily reapplied e.g for rolling minor updates, possibly outside of heat. Change-Id: I9a201fc5a9e82c7fba4c2de36eb5332e21a81d37
2017-05-17Merge "Containerize Ceilometer Agents"Jenkins7-0/+330
2017-05-17Merge "Use neutron-server image for neutron services"Jenkins5-7/+14
2017-05-17TLS-everywhere: Configure CA for apacheJuan Antonio Osorio Robles1-0/+6
This tells apache which CA certificate was used to sign the certs it's using. this setting is useful in case we want to enable OCSP stapling or client authentication via TLS. Change-Id: I97a7e5332aea8377c7662ca98beb71ed5e236640
2017-05-17Only set apache certificates if TLS everywhere is enabledJuan Antonio Osorio Robles1-15/+18
The Apache certs were were being set even if TLS everywhere isn't enabled. This fixes that. Change-Id: If143d1fdeb0102a1c13441f89acaa73af24bf48f
2017-05-17TLS everywhere: configure mongodb's TLS settingsJuan Antonio Osorio Robles1-0/+37
This configures the mongodb server to use TLS in the internal network, while also passing the necessary attributes to generate the needed cert and key. bp tls-via-certmonger Depends-On: I85dda29bcad686372a74bd7f094bfd62777a3032 Change-Id: If6c603b074cfa7e122579cec29d034fd3312868d
2017-05-17Don't delete failed docker-puppet containersSteve Baker1-1/+3
This helps a bit with debugging issues, and the container will be deleted on the next run when the same volume is configured. Change-Id: I4f2f219bd7e40abafd0eb31c1275fdd8ed4db4da
2017-05-17Merge "Add params to manage and configure pipeline publisher"Jenkins1-2/+23
2017-05-16Merge "Fix absolute paths in scenario001-multinode.yaml"Jenkins1-2/+2
2017-05-16Merge "Optimize kernel neighbour table for large scale environments"Jenkins1-0/+29
2017-05-16Containerize Ceilometer AgentsPradeep Kilambi7-0/+330
Depends-on: I30ba93f76171e5993b5f0e1d7f1f5533acb25740 Closes-bug: #1668925 Change-Id: I3cb61d2d8765f9c2601bb00c4bfa24162883b96a
2017-05-16docker/internal TLS: spawn extra container for neutron server's TLS proxyJuan Antonio Osorio Robles2-14/+49
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of neutron server. bp tls-via-certmonger-containers Change-Id: I2529d78e889835f48c51e12d28ecd7c48739b02b
2017-05-16Use neutron-server image for neutron servicesJuan Antonio Osorio Robles5-7/+14
For TLS everywhere, neutron-server needs httpd in the image, since it'll use a separate container that runs a TLS proxy to terminate the connection. This requires the image where the configuration is ran to have httpd installed, since there are several directories and the user/group that's needed. So, we then switch the image to be used to be neutron-server instead of the openvswitch-agent image. Change-Id: Ie16de3004925b7624f106d6c015ec04ef6031a06 Depends-On: I82f10ac0e7e692e6ba4a06dc10da9eaf79c60e7e
2017-05-16Optimize kernel neighbour table for large scale environmentsOr Idgar1-0/+29
Changing the default values of neighbor table (also known as ARP table) in the kernel to avoid neighbour table overflow and thus fix communication errors between overcloud nodes. default kernel values support L2 network up to 1024 hosts (/22). The patch will allow up to 4096 hosts (/20). Change-Id: I5fabc766dd75a38cd3d835deee7e168f04dd30ce Closes-Bug: #1690087
2017-05-16Fix resource type in ObjectStorage roleChristian Schwede1-1/+1
The currently used resource type does not exist, therefore changing it. Closes-Bug: 1691021 Change-Id: Iaf18af546817e0cf6cdfafcc5c54ab4d1a0f819d
2017-05-15Add missing type for RoleParameters parameterMartin André43-1/+43
This was forgotten in I72376a803ec6b2ed93903cc0c95a6ffce718b6dc and broke containerized deployment. Change-Id: I599a87bf06efbfefd3067c77ed6ca866505900f9 Closes-Bug: #1690870
2017-05-15Merge "Disable ComputeNeutron* for cisco-nexus-ucsm"Jenkins1-0/+2
2017-05-15Fix absolute paths in scenario001-multinode.yamlSteven Hardy1-2/+2
All paths should be relative as we should not rely on the package location - this can easily be overridden via --templates, and this is exactly what we do for the upgrades job, where this will break because we'll include the wrong (newer) version of these services when deploying the older pre-upgrade overcloud. Change-Id: Id8aea09305c0857253c44477945e34377cca64ca
2017-05-15Merge "Update the services README documentation"Jenkins1-9/+23
2017-05-15Default snmp to less verbose loggingMichele Baldessari2-0/+11
Currently we just use what puppet-snmp provides in terms of defaults. This means that currently every single snmp query gets logged with the following: May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161 May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161 May 15 10:51:32 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:50566->[127.0.0.1]:161 The reason is that we use '-LS0-6d' as the default content for /etc/sysconfig/snmpd: https://github.com/razorsedge/puppet-snmp/blob/master/manifests/params.pp#L322 This default means that we are logging from 0 (LOG_EMERG) to 6 (LOG_INFO). The above messages bring nothing in a default installation and only spam the log files, so let's lower the upper log level to 5 (LOG_NOTICE) by default, so we properly do not see every single query in the logs. We add an option so the operator can still configure the desired log level via a Heat parameter. Change-Id: I8d3dfdb4d549cd27131346fc477755ad72313449
2017-05-15Merge "Change neutron-metadata number of workers determination method"Jenkins1-1/+8
2017-05-15Update the services README documentationSaravanan KR1-9/+23
Service template's parameter documentation has been update by correcting few of the wrong informations and added more information with examples. Change-Id: I2d92fd01cbeb6fdc6f030255dc4b71166509b4f6
2017-05-15Merge "Add role specific information to the service template"Jenkins224-45/+2094
2017-05-15Merge "multinode-container-upgrade.yaml usable for mixed upgrade"Jenkins1-0/+8
2017-05-15Add role specific information to the service templateSaravanan KR224-45/+2094
When a service is enabled on multiple roles, the parameters for the service will be global. This change enables an option to provide role specific parameter to services and other templates. Two new parameters - RoleName and RoleParameters, are added to the service template. RoleName provides the role name of on which the current instance of the service is being applied on. RoleParameters provides the list of parameters which are configured specific to the role in the environment file, like below: parameters_default: # Default value for applied to all roles NovaReservedHostMemory: 2048 ComputeDpdkParameters: # Applied only to ComputeDpdk role NovaReservedHostMemory: 4096 In above sample, the cluster contains 2 roles - Compute, ComputeDpdk. The values of ComputeDpdkParameters will be passed on to the templates as RoleParameters while creating the stack for ComputeDpdk role. The parameter which supports role specific configuration, should find the parameter first in in the RoleParameters list, if not found, then the default (for all roles) should be used. Implements: blueprint tripleo-derive-parameters Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
2017-05-12Merge "docker/internal TLS: spawn extra container for glance API's TLS proxy"Jenkins2-10/+40
2017-05-12Merge "Deprecate Ceilometer Expirer"Jenkins7-3/+46
2017-05-12Merge "docker/internal TLS: spawn extra container for swift's TLS proxy"Jenkins2-19/+50
2017-05-12docker/internal TLS: spawn extra container for glance API's TLS proxyJuan Antonio Osorio Robles2-10/+40
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of glance-api. bp tls-via-certmonger-containers Change-Id: If902ac732479832b9aa3e4a8d063b5be68a42a9b
2017-05-12docker/internal TLS: spawn extra container for swift's TLS proxyJuan Antonio Osorio Robles2-19/+50
This spawns an extra container that runs httpd to run the TLS proxy that will go in front of swift. bp tls-via-certmonger-containers Depends-On: Ib01137cd0d98e6f5a3e49579c080ab18d8905b0d Change-Id: I9639af8b46b8e865cc1fa7249bf1d8b1b978adfe
2017-05-11Merge "Disabling replacing fernet keys from puppet"Jenkins1-0/+1
2017-05-11Merge "Make docker-puppet.sh a static file."Jenkins1-21/+22
2017-05-11Add params to manage and configure pipeline publisherPradeep Kilambi1-2/+23
Change-Id: Ifaa3bb0400ee22601fd8f3e1f2f16192b5f8766b
2017-05-11Deprecate Ceilometer ExpirerPradeep Kilambi7-3/+46
We dont need expirer unless we have collector and standard storage enabled. Lets turn it off by default and make it an optional service. In upgrade scenario, we will kill the process and stop the expirer, unless explicitly enabled. Change-Id: Icffb7d1bb2cf7bd61026be7d2dcfbd70cd3bcbda
2017-05-11Merge "Fix paths for optional docker services"Jenkins3-8/+8
2017-05-11Merge "Make upgrade steps unconditional to fix broken dependencies"Jenkins1-19/+0
2017-05-11Disabling replacing fernet keys from puppetJuan Antonio Osorio Robles1-0/+1
Once puppet has written the initial fernet keys, if a deployer wants to rotate them, the keys will be overwritten when another overcloud deploy is executed (for instance, for updates or upgrades). This disables replacing this keys via puppet, so now the operator can rotate the keys out of band. Change-Id: I01fd46ba7c5e0db12524095dc9fe29e90cb0de57
2017-05-10Merge "Add networking-vpp ML2 mechanism driver support"Jenkins6-0/+77