aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-09-11Enable redis TLS proxy in HA deploymentsMartin André1-26/+67
Redis does not have TLS out of the box. Let's use a proxy container for TLS termination. This commit enables redis TLS proxy for the HA deployment. bp tls-via-certmonger Change-Id: I45e539872a03878337def33c681c4577c1a5629e (cherry picked from commit c6d8df01d7aa8b44af9ac152b3bb08f07e2e02b7)
2017-09-11Merge "Add defaults for ceilometer-agent-compute upgrade tasks" into stable/pikeJenkins1-3/+3
2017-09-11Merge "Enable Ceilometer agent logging for containers" into stable/pikeJenkins3-3/+20
2017-09-11Merge "Add Neutron SR-IOV agent container" into stable/pikeJenkins12-13/+224
2017-09-11Merge "Disables QoS with OpenDaylight deployments" into stable/pikeJenkins5-1/+9
2017-09-11Enable Ceilometer agent logging for containersPradeep Kilambi3-3/+20
Change-Id: Ibeb28d7c497b02253d00a74257989cefba2b0cc4 (cherry picked from commit fc44ee6ff3553754c618349df3be7544b17e9c5f)
2017-09-11Add defaults for ceilometer-agent-compute upgrade tasksMarius Cornea1-3/+3
This change allows the upgrade non controller script, which loops throug all steps, to complete by adding default values to be evaluated in the steps where the vars are not registered. Closes-Bug: 1715574 Change-Id: Ic056fc556240d1acc9f28a75f63c7628cc64da03 (cherry picked from commit d109c1d7a7d2f6302c39369de8a601bc0b2f6704)
2017-09-11Merge "Mount vhost_sockets directory for vhost-user socket creation" into ↵Jenkins1-0/+25
stable/pike
2017-09-08Move the clustercheck service to the DB roleMichele Baldessari2-1/+1
The clustercheck service is currently in the ControllerOpenstack role which represents a controller without the DB. Since the clustercheck service/container always talks to the SQL server via a localhost connection it *has* to run on the very same node that hosts the DB. In a containerized deployment this error shows up with db syncs simply hanging because haproxy will stop serving port 3306 because the clustercheck service on port 9200 cannot talk to mysql locally. Errors like this will be logged when trying to connect to the DB VIP: mysql -u heat -h 172.17.1.13 -p3UazsaeTC64V9UvEcJ3GZ9rbd ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0 Fix this by making sure that the clustercheck service runs on the DB role. Change-Id: Iec4c9678d8b8d44e002c1e53110dedc0674359fb Closes-Bug: #1715847 (cherry picked from commit 1760079dfe5905f2e696b9fc5c729cffa44554ae)
2017-09-08Disables QoS with OpenDaylight deploymentsItzik Brown5-1/+9
QoS is not fully supported and fails to load correctly with networking-odl. Therefore disabling it from Neutron extension drivers until we have it fully working. Change-Id: I89aa3628c1400305f9659f5c0c99942a7fa7d19e Closes-Bug: 1708131 (cherry picked from commit cfd0d185a93ac2922e233e268a32c3574bee37bf)
2017-09-08Mount vhost_sockets directory for vhost-user socket creationSaravanan KR1-0/+25
For DPDK, vhost-user sockets are created on the host at /var/lib/vhost_sockets directory, which will be used by libvirt and openvswitch. This directory has the necessary permissions and SELinux policies. Mount this folder for libvirt container. Change-Id: Id8be208d1b05886ac45dfdcf48fe766ee5724d1c Partial-Bug: #1712732 (cherry picked from commit 3ea04744c22ae4cd2e1f2b77fc7d5ade012899e0)
2017-09-08Merge "Maintain ceph-osd package only on nodes hosting CephOSD service" into ↵Jenkins3-1/+71
stable/pike
2017-09-07Merge "Add tags in upgrade_tasks for mongodb services." into stable/pikeJenkins2-0/+2
2017-09-07Merge "Add CephExternal role for ceph-ansible" into stable/pikeJenkins3-0/+97
2017-09-07Merge "Support HA for OVN DBs containers using pacemaker bundle" into ↵Jenkins3-0/+169
stable/pike
2017-09-07Merge "Use containerized mongodb in scenario002-multinode-containers" into ↵Jenkins1-0/+1
stable/pike
2017-09-07Merge "fluentd: log configuration was not generated correctly" into stable/pikeJenkins2-24/+2
2017-09-07Merge "Add support for deploying RGW with ceph-ansible" into stable/pikeJenkins3-0/+121
2017-09-07Add tags in upgrade_tasks for mongodb services.Jose Luis Franco Arza2-0/+2
Patch Ie09ce2a52128eef157e4d768c1c4776fc49f2324 added a new set of upgrade tasks which were missing the 'tags' keyword. Closes-Bug: 1715631 Change-Id: Ib1c1aadfbf58c9bccc18667934c8b3c5f38fafa4 (cherry picked from commit 7897d38274cb6435289bc4f4928f96b111e5b4f4)
2017-09-07Add Neutron SR-IOV agent containerBrent Eagles12-13/+224
This patch adds support for running the neutron SR-IOV agent in a container. Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935 Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec Closes-Bug: #1715388 Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9 (cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)
2017-09-07Add CephExternal role for ceph-ansibleGiulio Fidente3-0/+97
Previously it was only possible to configure the overcloud with an external Ceph cluster via puppet-ceph-external. This submission adds a CephExternal implementation which uses ceph-ansible. Change-Id: Id0d375f88e27e91e9d89f25a0cd7388b6e45df8b Depends-On: Ifc57c9cf6ca8017a2abc78d6320c0675ad49ca9f Closes-Bug: #1714271 (cherry picked from commit 01e55c314de74579196518d958bf5be30e390409)
2017-09-07Merge "Use DeployedSSLCertificatePath for public TLS via certmonger" into ↵Jenkins1-10/+7
stable/pike
2017-09-07Add support for deploying RGW with ceph-ansibleKeith Schincke3-0/+121
This patch allows usage of ceph-ansible to configure the RGW service in the overcloud. Still uses puppet-keystone to create the necessary user and endpoint in the catalog. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Iafa17bb64c54e40350b2ba7d76dea3d82fcab0e4 (cherry picked from commit 5b3cd1dcacff408bcb482bdea6cded8755a39ebb)
2017-09-07Merge "Containerized mongodb, disable by default, fix upgrade" into stable/pikeJenkins3-1/+8
2017-09-07Merge "Change all references of nsx_v3 to nsx." into stable/pikeJenkins1-9/+9
2017-09-07Use DeployedSSLCertificatePath for public TLS via certmongerJuan Antonio Osorio Robles1-10/+7
As described in the bug report, DeployedSSLCertificatePath is used by the TLS injection script (if you decide to use that). There is an alternative, which is to use FreeIPA to provide the certificate for public TLS (powered by certmonger); however, it doesn't use the same path as what folks expected. This reuses the DeployedSSLCertificatePath parameter and uses that as a path for the resulting PEM file, so its easier to debug. Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d Closes-Bug: #1714932 (cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)
2017-09-07Maintain ceph-osd package only on nodes hosting CephOSD serviceAlan Bishop3-1/+71
The ceph-osd package is only required on nodes hosting the CephOSD service, but the package's presence on other nodes may interfere with software updates. That's because some distros distribute Ceph software in different channels, and not all nodes have access to the ceph-osd channel. There are two parts to the fix, and the first is an enhancement to the yum update process. The process detects when the ceph-osd package is not required, and removes the package from the node. The second part takes ceph-osd out of the default list of packages needed by puppet-ceph. The ceph-osd package is listed only on the nodes hosting the CephOSD service. Closes-Bug: #1713292 Change-Id: I7a581518ed25cf5f264abfaabfcf2041363a065b (cherry picked from commit 5a89ea21f2add98119a10464b020a98999d31c41)
2017-09-07fluentd: log configuration was not generated correctlyLars Kellogg-Stedman2-24/+2
fluentd hiera elements were being set in all_nodes.json, but then were overwritten by values in <role>.json (e.g., controller.json). This commit removes the values from all-nodes.json and ensures that they are set correctly in <role>.json. Closes-Bug: #1713240 Change-Id: I2b4c74c2a807f8e2fed57112f06b3791701bbe95 (cherry picked from commit d9db0c5f4f0fb07832e54b1c7fd7f5c8bfd4134e)
2017-09-07Use containerized mongodb in scenario002-multinode-containersMartin André1-0/+1
The containerized mongodb service was removed from the default service list from 'environments/docker.yaml' in Ie09ce2a52128eef157e4d768c1c4776fc49f2324. This commit re-enable the containerized mongodb in scenario002-multinode-containers. Change-Id: I57958c94022ccac3ec2ebf7c9438b9e47cbad337 Closes-Bug: #1715391 (cherry picked from commit 13d2bdf41ca3b726acff0b94dae6d394dab4af23)
2017-09-06Merge "Add param to configure snat mechanism" into stable/pikeJenkins3-0/+15
2017-09-06Merge "Mount folders and log file" into stable/pikeJenkins1-2/+13
2017-09-06Merge "Mount public certificate in haproxy init container" into stable/pikeJenkins1-0/+1
2017-09-06Merge "Unset default value for the DockerCephDaemonImage" into stable/pikeJenkins2-1/+1
2017-09-06Merge "TLS proxy for redis" into stable/pikeJenkins4-25/+134
2017-09-06Change all references of nsx_v3 to nsx.Jay Jahns1-9/+9
Change-Id: I31c49926b0ba93f79db3d778c574bd9a480e70cd Closes-Bug: #1713193 Depends-On: Id73f675844b0df2eafa45507d1c28f16cd0b15b2
2017-09-06Add param to configure snat mechanismJanki Chhatbar3-0/+15
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726 Closes-Bug: #1710614 (cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
2017-09-06Mount public certificate in haproxy init containerJuan Antonio Osorio Robles1-0/+1
It's being mounted on the actual haproxy container, but not the init one. Change-Id: I66b69e0bb3642dbfeec767ef5216d515786b5b19 Closes-Bug: #1715132 (cherry picked from commit 03622e89ac3037b4d69d913586823e689b210688)
2017-09-06Mount folders and log fileJanki Chhatbar1-2/+13
journal and snapshots folders hold data needed for update. This patch mounts these folders and adds ODL log file in /var/log/containers/opendaylight Change-Id: I65c6183c2867b2ced6e6ef25896d80154857b7dc Closes:Bug: #1714231 (cherry picked from commit 81dd0808d2a180d108f1159bc67f345fe6bf27d4)
2017-09-06Merge "Rabbitmq: Enable Erlang distribution TLS" into stable/pikeJenkins1-0/+1
2017-09-06Merge "Set mode for ansible written files" into stable/pikeJenkins3-8/+9
2017-09-06Merge "Escape ceph capabilities for manila client" into stable/pikeJenkins1-1/+1
2017-09-06Merge "Add support for Dell EMC Isilon Manila backend" into stable/pikeJenkins10-0/+106
2017-09-06Unset default value for the DockerCephDaemonImageGiulio Fidente2-1/+1
We do not want a default value for the container image name parameters and expect deployers to set this value instead. Change-Id: I9377b7c3564360353aa6da2d2457b2cfacd4e9d6 Closes-Bug: #1714221 (cherry picked from commit fcc3259891ee67956d63c37217acdb999bc4bb65)
2017-09-06TLS proxy for redisMartin André4-25/+134
Redis does not have TLS out of the box. Let's use a proxy container for TLS termination. bp tls-via-certmonger Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9 Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147 (cherry picked from commit c2a93cf4c5d9d6b5ee0536380751a7a9540927cc)
2017-09-06Containerized mongodb, disable by default, fix upgradeSteve Baker3-1/+8
This change removes the entry to containerise docker by default because it should now be disabled since the change Id2e6550fb7c319fc52469644ea022cf35757e0ce. Removing the entry means the default mapping to mongodb-disabled.yaml takes effect. This change also modifies the upgrade_tasks so that the mongod service is only disabled when the service exists. There appears to be upgrade scenarios which fail because mongodb was never installed in the first place. Change-Id: Ie09ce2a52128eef157e4d768c1c4776fc49f2324 Closes-Bug: #1715031 (cherry picked from commit cb81cbe3b5f3887f5d690c590e52b728f74d43c3)
2017-09-06Merge "Add support for Dell EMC VMAX Manila Backend" into stable/pikeJenkins10-0/+110
2017-09-06Merge "manila: set "neutron_admin_auth_url" correctly" into stable/pikeJenkins2-1/+5
2017-09-06Escape ceph capabilities for manila clientJan Provaznik1-1/+1
Capabilities were not properly escaped and ignored by ceph. Change-Id: I099c3d9bad95ec69ac85fe406e3e1d4685ede439 Closes: #1713928
2017-09-06Allow upgrade tasks to run when looping through stepsMarius Cornea2-4/+4
Currently for non controller upgrades we're looping through the upgrade steps and run the upgrade tasks based on when conditionals including the step number and the existing upgrade task condition. Some of tasks fail because the variables used in when conditionals are not available through all steps. This change adds default values to these vars where possible or creates them for all steps to avoid failures. Related-Bug: 1708115 Change-Id: I5c731043cec8e31fc82ca98972a301baa7294c4f (cherry picked from commit e2f00ef1dc98140087c81e202a520f549f9a0970)
2017-09-05Add support for Dell EMC Isilon Manila backendrajinir10-0/+106
This change adds support for manila::backend::dellemc_isilon Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd Implements: blueprint dellemc-isilon-manila (cherry picked from commit f6c9906d51fb3268b7a7d61d53181ab5d3c0d2ec)