Age | Commit message (Collapse) | Author | Files | Lines |
|
This takes a subset of the logic from major_upgrade_ceph_storage.sh
and ports it into ansible tasks, which will be applied in a rolling
upgrade after the mon services are upgraded (in the step0 batch).
Change-Id: I6e87969add301e78bb665d7748e5f0df8eeae819
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
Initial support for a rolling upgrade of ceph-mon services which
happens before the OpenStack services are upgraded.
Change-Id: Ifaebbe2ae884bd899cdc6f1c288274e5838792a6
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
Some services (e.g ceph mon) require upgrading in batches (the old
upgrade architecture did the ceph mon upgrade one controller at a
time). This interface enables doing the same, and over time we
can probably move more services into this interface (e.g when
services support rolling upgrades) to reduce downtime.
Change-Id: If581f301a5493ef33ac1386bdc22f9fca4f2544e
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
castellan (the key manager interface used by nova and cinder) is no
longer tied to keystone v3 [1]. So now it's possible to use versionless
endpoints for keystone.
[1] I124c0ea2d9403d6b530b33f18896c4e7bf4eabb5
Change-Id: Id5d893a6a41077ab76ca59295593a27be5c3004c
|
|
The current default is empty which overrides the puppet-gnocchi
os_workers calculated value. Instead default to the os_workers.
Change-Id: I9bf9a107c03172500f7c8c5e4353c20305c8e6b5
|
|
These metadata settings (the hardcoded metadata and the hook override)
are used by the novajoin service when it's deployed in the undercloud,
and will tell it to enroll the overcloud nodes and the services that are
specified by the metadata hook.
bp novajoin
bp tls-via-certmonger
Change-Id: Ia4645cc356688b7bcf82ed7765c0b74d53d64ed1
|
|
|
|
|
|
|
|
|
|
Change-Id: I9e926e66518ffd15c8a83355c87e8eae26742d5e
|
|
We missed to refactor CephExternal when migrating to the new
hiera hook. The old template would have pushed the value of
ceph::profile::params::client_keys as a string causing the
deployment to fail with:
Error while evaluating a Function Call, {...} is not a Hash
The new template emits that same data as a map, as it happened
for the other services in Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
Change-Id: I3cf59b7d8343d7433047e9ccef310d287dbd47b5
|
|
Change-Id: I0d56dfe012d97e8f7206e8777c1b72a6797c328d
|
|
Horizon provides a password validation check, which OpenStack cloud
operators can use to enforce password complexity checks for users
within horizon.
A dictionary containing a regular expression can be used for
password validation with help text that is displayed if the password
does not pass validation.
HORIZON_CONFIG["password_validator"] = {
"regex": '.*',
"help_text": _("Your password does not meet the requirements."),
}
This change allows injection of the regex into horizons local_settings
file from a tripleo heat template
Change-Id: Ib6517c8f96148bea002b0e3442a26367b236928f
Depends-On: If82a80ed6a8e6e65aecc2a25ee6d60640ae03c9a
Closes-Bug: #1640800
|
|
Change-Id: Ifa10b764ae7c67e089c0d2506a49e474135083bb
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
|
|
|
|
|
|
This nested for loop is wrong as it generates all steps for all
roles twice. This works because yaml parsing ignores the duplicate
resources, but it's a big waste of space in swift (this fix reduces
the rendered file size by over 2000 lines with the default roles!)
Change-Id: Ifaf860020839390147c92848d52b1a59e355dc50
Closes-Bug: #1659139
|
|
|
|
These are only used for TLS-everywhere, and fills up the kerberos
principals that will need to be created for the certs used by the
overcloud. With this, the metadata hook will format these principals
correctly and will further pass them on to the nova metadata service.
Where they can be used if there's a plugin enabled.
bp tls-via-certmonger
bp novajoin
Change-Id: I873094bb69200052febda629fda698a7a782c031
|
|
|
|
|
|
We've broken the upgrade job because anyone upgrading with the
glance registry deployed (and defined in their *Services parameters)
will try to deploy with the old glance-registry.yaml defined in heat.
Instead we define a template which stops and disables the service on
upgrade.
Closes-Bug: #1659079
Change-Id: I03561954d794afae2be06811375d16611fa45973
|
|
|
|
|
|
* Import multinode-3nodes roles data
* Import multinode
* Import tenantvm_floatingip pingtest
We are importing these files from tripleo-ci because they contain some
informations that need to be versionned (TripleO services, data binding,
etc), specific to TripleO versions.
Change-Id: I9d4ab144f98e8bd46cad2c29411d1270f6469b91
|
|
Cleanup some TODO.
Change-Id: I84e369a9797359fea124e00e2007ae745a96847a
|
|
this attempts to make the error message more useful. This error message
happens if the environment files containing endpoint map overrides
haven't been updated to match the base endpoint map (or the defaults).
Change-Id: If53d3a9d7848aed62ebb235afe8b14c18d1b284d
|
|
If TLS in the internal network is enabled, we run glance-api beind a
TLS proxy (which is actually httpd's mod_proxy). This passes the
necessary hieradata.
bp tls-via-certmonger
Change-Id: I693213a1f35021b540202240e512d121cc1cd0eb
Depends-On: Id35a846d43ecae8903a0d58306d9803d5ea00bee
|
|
|
|
This change adds the ec2api service using the
tripleo::profile::base::nova::ec2api profile.
The deprecated nova-cert service is not supported, and therefore the
RegisterImage action is not supported either.
Change-Id: I2510fd4ed935d8423216fff9ce3adf2d69c9c804
Depends-On: If4b091e1ca02f43aa9c65392baf8ceea007b7cfb
|
|
|
|
This adds a pacemaker_remote puppet service so that an operator
can automatically deploy pacemaker-remote on nodes of his choice.
Change-Id: I9678606b3de9b9f4c03014b33c1dd27fcba67513
Depends-On: I581552dfa64160e2f82f6a9b8f2ae521c3d6da8d
Depends-On: I92953afcc7d536d387381f08164cae8b52f41605
|
|
https://review.openstack.org/#/c/416672 made the new luks provider required.
Let's use it.
Closes-Bug: #1658755
Change-Id: Icc7c3c933af6621959ce3e6af99c73b4afd87509
|
|
|
|
|
|
|
|
|
|
Allow for passing the output_dir in the process-templates scripts so
that it doesn't overwrites the templates in the src dir. This is a
desired feature when running the script from a t-h-t installed
system-wide.
Change-Id: I47994d34f47a4084a11124bc9075cb2f457889ea
|
|
Don't walk through hidden files. This avoids going through the .git,
.tox and other hidden directories that we don't care about.
Change-Id: I34b83229775d221299c8b572a7049175debac99d
|
|
|
|
|
|
|
|
This patch adds support for using Keystone V3 authentication
with Ceph/RGW. This removes the usage of the admin_token
Change-Id: I3265b787ed1f059f86fdc80a91d0f7ed498c1e16
Depends-On: I42861afcac221478dcb68be13b6dbc2533a7f158
|
|
|
|
|
|
|
|
As part of the composable upgrades current plan is to disable
the composable upgrades steps running on a particular role
(e.g. all compute nodes) in favor of a later operator driven
upgrades process as has previously been the case
This adds the disable_upgrade_deployment flag to roles_data as
a first step. Thanks to shardy for his help with this.
Change-Id: Ice845742a043b34917e61f662885786c73e955fd
|
|
Manila default_share_type config option is by default unset.
This option is used by manila when a user creates a new
share and doesn't specify share type explicitly.
Albeit it's not hard requirement to have this option set
to run Manila service, it's convenient to set a default
share type and also it seems to be a general community
opinion that this option should be set.
Note that setting this option does not create the share
type itself (this still has to be done manually which is
probably best because admins may want customize default type
settings according to their needs).
Change-Id: Iab60e42c7f347bbf074d60eb91dd4a1f6a94d3a6
Closes-Bug: #1654204
|