aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-03-17Containerize panko api serviceFlavio Percoco3-1/+121
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Closes-bug: #1668918 Change-Id: Ie1ebd25965bd2dbad2a22161da0022bad0b9e554
2017-03-17Merge "docker: Add metadata_settings to optional parameters for yaml validate"Jenkins1-1/+2
2017-03-17Merge "Keep existing data for containerized MongoDB"Jenkins1-1/+15
2017-03-17Merge "Explicitly configure credentials used by ironic to access other services"Jenkins1-4/+39
2017-03-17Bind redis-sentinel to its networkMichele Baldessari1-0/+1
We currently do not bind redis-sentinel to any IP: redis 21144 0.0 0.0 142908 5908 ? Ssl 07:43 0:11 /usr/bin/redis-sentinel *:26379 [sentinel] Let's bind it to the same network as redis. Change-Id: I8a782ae1db84eb614aa3995a1638a2f370e70d06 Partial-Bug: #1673715
2017-03-17Pick dynamically the first node for stack validationLuca Lorenzetto1-6/+18
When replacing the controller node with resource id 0, AllNodesValidation will fail because there is an hardcoded reference to resource.0. With this commit the id for validation is extracted dynamically with yaql query, picking the first available. Thanks to Steven Hardy for pointing to the right direction. Change-Id: I8f2bfacbc005d948bd31ebd51c3d3df3182d5a3c Closes-Bug: #1673439
2017-03-16Merge "Added release note for NeutronExternalNetworkBridge deprecation"Jenkins1-0/+10
2017-03-16Explicitly configure credentials used by ironic to access other servicesDmitry Tantsur1-4/+39
Using keystone_authtoken credentials for this purpose is deprecated, and also prevents ironic-conductor from being used as a separate role. Also remove neutron_url, it can be fetched from the catalog instead. Change-Id: I12822568cb4db31808aec5fd407d71fe4b7b09e0 Depends-On: I21180678bec911f1be36e3b174bae81af042938c Partial-Bug: #1661250
2017-03-16Merge "Keep existing data when moving to containerized MariaDB"Jenkins1-4/+21
2017-03-16docker/keystone: add metadata_settings to outputJuan Antonio Osorio Robles1-0/+2
This is used for the TLS-everywhere bits. It will be taken into account by a metadata hook that outputs relevant entries for the nova-metadata service; and subsequently kerberos principals will be created from these. Subsequent patches will add support for TLS in the internal network for the containerized keystone. Change-Id: Ic747ad9c8d6e76c8c16e347c1cdcabc899dd9f9a
2017-03-16docker: Add metadata_settings to optional parameters for yaml validateJuan Antonio Osorio Robles1-1/+2
This section will be needed for TLS-everywhere. So it should be added as optional in the yaml-validate. Change-Id: Ic6ea563b6c8e454cb51f640bb5aaa3adda82a5dd
2017-03-16Merge "etcd: secure EtcdInitialClusterToken parameter"Jenkins2-1/+7
2017-03-16Keep existing data for containerized LibvirtJiri Stransky2-3/+16
Use mounts instead of docker volumes to preserve existing data when moving from baremetal to containerized Libvirt. Change-Id: I2215d451a4ef4023741f0750ac1b45a94652026a
2017-03-16Keep existing data for containerized SwiftJiri Stransky2-16/+26
Use mounts instead of docker volumes to preserve existing data when moving from baremetal to containerized Swift. Change-Id: Ib7cbca2ef674a0245a67b69ee2c77f574d74c181
2017-03-16Merge "Add upgrade tasks for aodh containers"Jenkins4-0/+16
2017-03-15etcd: secure EtcdInitialClusterToken parameterEmilien Macchi2-1/+7
Secure EtcdInitialClusterToken parameter by: * removing the default value. * make it hidden. Change-Id: I938af697f9faaadb9c9aeb950e9410db24b1b961 Depends-On: I6e30cce469736e84a3c483fafa29d542b8347ba9 Closes-Bug: #1673266
2017-03-15Merge "Cleanup no longer used upgrade files"Jenkins13-1014/+0
2017-03-15Add upgrade tasks for aodh containersPradeep Kilambi4-0/+16
Change-Id: I936b31fd24c43e35092b3bfef4454a8da81d19c8
2017-03-15Cleanup no longer used upgrade filesmarios13-1014/+0
Removes some of the no longer used scripts and templates used by the upgrades workflow in previous versions. Change-Id: I7831d20eae6ab9668a919b451301fe669e2b1346
2017-03-14Switch keystone default provider to fernetJuan Antonio Osorio Robles2-1/+7
UUID is to be deprecated, and we should be using fernet. Change-Id: I61b999e65ba5eb771776344d38eb90fc52d49d56
2017-03-14keystone/containers: Add support for fernet keysJuan Antonio Osorio Robles1-0/+19
Since the 'file' resource is included in the tags that puppet takes into account, we already generate the fernet keys if it's enabled as a token provider. This merely adds the keys to the container. However, if fernet is not the provider, we make this file addition optional. Change-Id: Id92039b3bad9ecda169323e01de7bebae70f2ba0
2017-03-14Merge "Update properties being set for octavia rabbit properties"Jenkins1-3/+3
2017-03-14Keep existing data for containerized RabbitMQJiri Stransky1-2/+7
Use mounts instead of docker volumes to preserve existing data when moving from baremetal to containerized RabbitMQ. Change-Id: I8de6610d13d2d878ffba12eb742880eed694eb3e
2017-03-14Keep existing data for containerized MongoDBJiri Stransky1-1/+15
We used named Docker volume for MongoDB storage, which meant that when moving from bare metal to containerized, we lost data and reinitialized the storage from scratch. With this commit we keep the data by mounting the original data into the container. We also need make sure that file ownership is correct according to the uid/gid used within MongoDB container image. Change-Id: I86ef2cb37a068b767462d6d50fe451389b7cbb58
2017-03-14Keep existing data when moving to containerized MariaDBJiri Stransky1-4/+21
We used named Docker volume for MariaDB storage, which meant that when moving from BM to containerized wit MariaDB, we lost data and reinitialized the storage from scratch. With this commit we keep the data by mounting the original data into the container. We also need to make sure that file ownership is correct according to the MariaDB container image used, and that Kolla bootstrap mechanisms aren't retriggered, as they aren't idempotent. Change-Id: I1fc955021c6dd83f1a366495dd8c7281fb9e7cc5
2017-03-14Fixes multiple issues with retry function in rhel-registration.Vincent S. Cojot1-17/+31
There were multiple issues in retry() in rhel-registration: - There was no need for it to be recursive (local variables got overwritten) - There was no delay between multiple attempts, leading to faster but more frequent failures. - The max number of attempts was set too low for some environements. With this patch, rhel-registration now works more reliably with slow-links for portal registration and does not attempt to DDos the portal or your satellite server. Change-Id: I594d3c94867b45a7a58766dbcc66edead78d6a4e
2017-03-14Merge "Update README for Glance coverage"Jenkins1-1/+1
2017-03-14Merge "Tasks hook for preparing BM host for deploying containerized services"Jenkins3-2/+33
2017-03-14Merge "Add bindep support"Jenkins1-0/+2
2017-03-14Merge "congress/tacker: switch auth_uri to use uri_no_suffix"Jenkins2-4/+8
2017-03-13Update README for Glance coverageEmilien Macchi1-1/+1
Change-Id: I0c57f7b8a97b854e3c44ff7776ea05e3888e78e8
2017-03-13Merge "cinder: switch auth_uri to uri_no_suffix"Jenkins1-1/+3
2017-03-13Merge "Containerize gnocchi services"Jenkins5-0/+280
2017-03-13Merge "Pass the DOCKER_* env vars when running docker"Jenkins1-0/+5
2017-03-13Merge "neutron: switch auth_uri to uri_no_suffix"Jenkins1-2/+4
2017-03-13Merge "gnocchi: deploy services with Keystone v3 endpoints"Jenkins3-6/+9
2017-03-13Merge "manila: switch auth_uri to use uri_no_suffix"Jenkins1-1/+3
2017-03-13Merge "heat: switch auth_uri to use uri_no_suffix"Jenkins1-1/+3
2017-03-13Merge "ironic: switch auth_uri to uri_no_suffix"Jenkins1-1/+3
2017-03-13Merge "telemetry: switch auth_uri to uri_no_suffix"Jenkins3-3/+11
2017-03-13Merge "nova: switch auth_uri to keystone versionless endpoint"Jenkins2-2/+4
2017-03-13Merge "horizon: switch keystone_url to use uri_no_suffix"Jenkins1-1/+1
2017-03-13Merge "Improve SSL support for Sensu"Jenkins1-1/+14
2017-03-13Add bindep supportPaul Belanger1-0/+2
Bindep is an automation tool used by openstack-infra to bootstrap a worker with default packages. This is not needed, since we depend on puppet to automate this step. Change-Id: I759614ed0cf1fab5433956ed459419e564590398 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-03-13Containerize gnocchi servicesPradeep Kilambi5-0/+280
Closes-bug: #1668928 Change-Id: I291df31be97c3d55cddb3924482aa5976a79c2b1
2017-03-13Merge "Fix bogus parameters in get_param"Jenkins2-2/+2
2017-03-13Merge "Containerize Aodh alarm services"Jenkins6-0/+368
2017-03-13Add certmonger-user profileJuan Antonio Osorio Robles7-0/+51
This profile will request the certificates for the services on the node. So with this, we will remove the requesting of these certs on the services' profiles themselves. The reasoning for this is that for a containerized environment, the containers won't have credentials to the CA while the baremetal node does. So, with this, we will have this profile that still gets executed in the baremetal nodes, and we can subsequently pass the requested certificates by bind-mounting them on the containers. On the other hand, this approach still works well for the TLS-everywhere case when the services are running on baremetal. Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6 Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
2017-03-13congress/tacker: switch auth_uri to use uri_no_suffixEmilien Macchi2-4/+8
Switch Congress and Tacker to use auth_uri with keystone versionless endpoint. Change-Id: I7e17d061344849b0421f3a6c9571f1609e8861fb Partial-Implement: blueprint keystone-v3
2017-03-13Don't try to run os-net-config from yum_update.shLukas Bezdicka1-11/+0
The UpdateDeployment already depends on NetworkDeployment. We should not run os-net-config unconditionally before update. Closes-Bug: #1666227 Change-Id: I48cbf5de00d47c6fdad71ff24c00e9db05cec5d5