aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-12Use comma_delimited_list for token flush cron time settingsJuan Antonio Osorio Robles1-5/+5
This allows us to better configure these parametes, e.g. we could set the cron job to run more times per day, and not just one. Change-Id: I0a151808804809c0742bcfa8ac876e22f5ce5570 Closes-Bug: #1682097
2017-04-12Bind mount directories that contain the key/certs for keystoneJuan Antonio Osorio Robles2-0/+45
This is only done when TLS-everywhere is enabled, and depends on those directories being exclusive for services that run over httpd. Which is the commit this is on top of. Also, an environment file was added that's similar to environments/docker.yaml. The difference is that this one will contain the services that can run containerized with TLS-everywhere. This file will be updated as more services get support for this. bp tls-via-certmonger-containers Change-Id: I87bf59f2c33de6cf2d4ce0679a5e0e22bc24bf78
2017-04-12docker/all: Bind-mount OpenSSL CA bundleJuan Antonio Osorio Robles1-0/+6
The containers also need to trust the CA's that the overcloud node trusts, else we'll get SSL verification failures. bp tls-via-certmonger-containers Change-Id: I7d3412a6273777712db2c90522e365c413567c49
2017-04-12Merge "Grouped all the Operational tools"Jenkins1-1/+9
2017-04-11Merge "Add missing name properties on deloyment resources"Jenkins2-0/+3
2017-04-11Use -net=host for docker-puppet.py config genDan Prince1-0/+4
We pass the short hostname to docker-puppet.py. In order to satisfy the factor FQDN check for the short hostname we need to run the container with --net=host in some cases. Change-Id: I2929f122f23ee33e8ea5d4c5006d2bbb8b928b67 Closes-bug: #1681903
2017-04-11Add RoleNetIpMap output to overcloud.j2.yamlSteven Hardy1-0/+6
To enable easier detection of the IPs associated with nodes (such as to enable the tripleo-validations ansible inventory to work with custom roles more easily) expose the data we already have about the nodes/roles and the list of IPs for each network. Change-Id: I5667a142f47fbff120c703bedadd8b6e163c9480
2017-04-11docker: use noop_resource for Nova_cell_v2Dan Prince1-1/+4
Per puppet-nova commit 2c743a6bff5b17a85d1e0500f3a9ecb21468204e there is now a custom resource for Nova_cell_v2 configuration. As this resource runs automatically regardless of our use of puppet tags we need to explicitly disable it to be able to generate Nova API configs for docker. Change-Id: Id675dc124464acddc3fc5a88b017a351e93ba685 Closes-bug: #1681841
2017-04-11Change the directory for httpd certs/keys to be service-specificJuan Antonio Osorio Robles1-2/+4
This moves the directories containing the certs/keys for httpd one step further inside the hierarchy. This way we will be able to bind-mount this certificate into the container without bind-mounting any other certs/keys from other services. bp tls-via-certmonger-containers Change-Id: Ibe6e66ae4589b9eab7db330dd8b178e0f8775639 Depends-On: I0b71902358b754fa8bd7fdbb213479503c87aa46
2017-04-11Merge "Decouple Swift ringbuilding logic"Jenkins5-94/+10
2017-04-11Add Docker to services list in multinode CI environmentsJiri Stransky7-0/+8
We need the service to be present to run jobs involving containers. Note that this is effectively a no-op for the current CI jobs, as by default the Docker service is mapped to OS::Heat::None. Docker will actually be deployed only if environments/docker.yaml is included in the deploy command. Change-Id: I97a35e30e428ff64feeb411bf63dbb7aa54f9829
2017-04-11Do not log errors on non-existing containerMartin André1-1/+4
This is cluttering up the logs with useless error messages, making it more difficult than necessary to debug the CI job. Change-Id: Icbdc4c74d99fea39b8722955dab56e5f538849aa
2017-04-11Add IPv6 disable optionzshi2-0/+15
This will give user the ability to set these values, if IPv6 is not to be used, it's recommended that it be disabled to reduce the attack surface of the system. Change-Id: Ib3142cce49b93a421ca142a59961ce49a77e66b1 Co-Authored-By: Luke Hinds <lhinds@redhat.com> Signed-off-by: zshi <zshi@redhat.com>
2017-04-11Merge "Replace references to the 192.0.2 network"Jenkins13-16/+39
2017-04-10Merge "Add BGPVPN services to scenario004"Jenkins3-1/+7
2017-04-10Merge "metadatahook: Use coalesce to handle null values"Jenkins1-3/+3
2017-04-10Update Dell EMC Cinder back end servicesAlan Bishop2-0/+6
Add services for Dell EMC Cinder back ends to the resource registry and to the Controller role (defaulting to OS::Heat::None). Closes-Bug: #1681497 Change-Id: I694fd7738abd3601851bdcd38e3633607ce6152c
2017-04-10Add composable role support for NetApp Cinder back endAlan Bishop6-159/+132
Convert NetApp Cinder back end to support composable roles via new "CinderBackendNetApp" service. Closes-Bug: #1680568 Change-Id: Ia3a78a48c32997c9d3cbe1629c2043cfc5249e1c
2017-04-10Merge "Remove yaql call when building logging_groups"Jenkins1-7/+4
2017-04-10Add upgrade tasks for gnocchi container servicesPradeep Kilambi3-0/+12
Change-Id: I43c35bbf959e5dcdd7e87a8f6a604d5fe5b4f2a9
2017-04-10Merge "sensu: fix upgrade case when service is added"Jenkins1-1/+1
2017-04-10Replace references to the 192.0.2 networkGiulio Fidente13-16/+39
Following change I1393d65ffb20b1396ff068def237418958ed3289 the ctlplane network will be 192.168.24 by default and not 192.0.2 anymore. This change removes old references left to 192.0.2 network from the overcloud templates. Change-Id: I1986721d339887741038b6cd050a46171a4d8022
2017-04-10Merge "Timeout early on pcs cluster status check0 during upgrade."Jenkins1-0/+2
2017-04-10metadatahook: Use coalesce to handle null valuesJuan Antonio Osorio Robles1-3/+3
This uses the coalesce function to take null values into account, else these resources will fail validation. Change-Id: Iaf4218dd731826f80b76ff8f7a902adc8c865be5 Closes-Bug: #1681332
2017-04-10Remove yaql call when building logging_groupsThomas Herve1-7/+4
yaql calls are fairly expensive. Let's try to not nest them when we can avoid it. Change-Id: I5e7dbc42be625bbfe7989867794a67ebae08687d
2017-04-10Decouple Swift ringbuilding logicChristian Schwede5-94/+10
This reverts commit b323f8a16035549d84cdec4718380bde3d23d6c3 and uses the new logic in puppet-tripleo (see Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b ), basically doing the same. Closes-Bug: 1665641 Change-Id: Ib5cb0578be2993af0a0b8675005d838640bdb139
2017-04-09Enable internal network TLS for etcdFeng Pan1-21/+56
bp secure-etcd Depends-on: I0759deef7cbcf13b9056350e92f01afd33e9c649 Change-Id: I049e35f3158435a0a82ca666911f2337b38e30ce Signed-off-by: Feng Pan <fpan@redhat.com>
2017-04-07Merge "Avoid awk error in hosts-config.sh for large deployments"Jenkins1-8/+10
2017-04-07Merge "Prepare 7.0.0.0b1 (pike-1)"Jenkins1-2/+2
2017-04-07Merge "Update ceph-rgw acccepted roles to fix OSP upgrade"Jenkins1-1/+1
2017-04-07Prepare 7.0.0.0b1 (pike-1)Emilien Macchi1-2/+2
Change-Id: I93de22a4aa2d90966c24349e765475576947f2e0
2017-04-07Use conditionals for neutron and glance worker defaultsBrent Eagles2-10/+20
Using an empty string to signal that the default value in the puppet module is to be used no longer seems to work, resulting in the puppet specified defaults being overridden by empty string values. The impact on configuration will differ depending on the actual configuration item, the puppet code and the service, so it is just safer to omit the hieradata if the user has not explicitly set a value. Change-Id: Iefbc8f8669680e4f9d01db6b49543bfbe9b7661b Closes-Bug: #1669452
2017-04-07Merge "Add Docker service to all roles"Jenkins3-0/+10
2017-04-07Add environment to preselect only VIP IP addressesDan Sneddon5-3/+57
This change adds two files which demonstrate manipulation of the VIP IP addresses without using an external load balancer. This allows the configuration of DNS, or allows for continuity when replacing an existing environment. The fixed IPs for the virtual IPs are set using the new parameters, and this change also adds a RedisVirtualFixedIPs parameter for setting the Redis VIP. Partial-Bug: https://bugs.launchpad.net/tripleo/+bug/1604946 Change-Id: I4e926f1c6b30d4009d24a307bc21e07e1731b387
2017-04-07sensu: fix upgrade case when service is addedEmilien Macchi1-1/+1
When service is added during an upgrade, fix the ansible syntax to use the right variable for return code. Change-Id: I974699fb8b0dcbe5ffa6935c394df4ac8e7b21d4
2017-04-07Timeout early on pcs cluster status check0 during upgrade.Sofer Athlan-Guyot1-0/+2
There is a windows for the pcs cluster status to hang forever[1]. We add a timeout during check0 to avoid this situation. 2 minutes should be more than enought to get all the pcsd nodes to reply. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1292858 Closes-Bug: #1680477 Change-Id: Icb3dc76e031a3d4f26294f37d169f2f61d30973e
2017-04-07Merge "Add password to authtoken section in congress.conf"Jenkins1-0/+1
2017-04-07Merge "Add support for "neutron" Ironic networking plugin"Jenkins2-0/+30
2017-04-07Allow for update after RHEL registrationAlex Schultz2-0/+43
Adds the ability to perform a yum update after performing the RHEL registration. Change-Id: Id84d156cd28413309981d5943242292a3a6fa807 Partial-Bug: #1640894
2017-04-07Add Docker service to all rolesJiri Stransky3-0/+10
This will add the Docker service to all roles. Note that currently by default the Docker service is mapped to OS::Heat::None by default. It will only be deployed if environments/docker.yaml file is included in the deployment. Change-Id: I9d8348b7b6576b94c872781bc89fecb42075cde0 Related-Bug: #1680395
2017-04-07Merge "ovn: Add missing configurations required"Jenkins3-0/+13
2017-04-07Avoid awk error in hosts-config.sh for large deploymentsSteven Hardy1-8/+10
This ports the fixes made to the legacy 51-hosts script, which this script is derived from, to tht. See related t-i-e patch Ibe0a9f6ec10d55750e3b0e16301236141f988d69 Change-Id: Ide922af93a5d185bd592e220327326f1d244c4e2 Closes-Bug: #1674732
2017-04-07Add password to authtoken section in congress.confTomofumi Hayashi1-0/+1
Current puppet module miss password section hence congress is not available due to missing password in congress.conf. This fix is to add password. Change-Id: I277c03ca93130a0337d5085f09c375fb0ac9331d Signed-off-by: Tomofumi Hayashi <s1061123@gmail.com>
2017-04-07Add BGPVPN services to scenario004Carlos Camacho3-1/+7
This submission will enable the BGPVPN API on scenario004. This addition to scenario004 does not provide any sanity check for the Neutron API extension. At this stage is meant to install the required packages and prerequisites, configure the extension and having the services started correctly. In the README.rst file, this is displayed as neutron-bgpvpn, so for further integrations should be added as neutron-<extension_name> for an easier reading. Depends-On: I4d0617b0d7801426ea6827e70f5f31f10bbcc038 Depends-On: I2be0fab671ec1a804d029afc6dc27d19a193b064 Change-Id: I6c257417a9231c44e13535bc408d67d2a3cacbf8
2017-04-07Merge "Fix conntrack proto sctp module"Jenkins1-1/+1
2017-04-07Replace six.iteritems() with .items()loooosy1-1/+1
1.As mentioned in [1], we should avoid using six.iteritems to achieve iterators. We can use dict.items instead, as it will return iterators in PY3 as well. And dict.items/keys will more readable. 2.In py2, the performance about list should be negligible, see the link [2]. [1] https://wiki.openstack.org/wiki/Python3 [2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html Change-Id: I7c8f540eced0731f4dfb1dfd045828b5a9bb6c67
2017-04-06Merge "Adds Horizon secure cookie map."Jenkins1-0/+5
2017-04-06Merge "Fixing acronym for BGPVPN composable service"Jenkins3-3/+3
2017-04-06Merge "Add trigger to setup a LDAP backend as keystone domaine"Jenkins3-0/+50
2017-04-06Merge "Adds service for managing securetty"Jenkins7-0/+69