Age | Commit message (Collapse) | Author | Files | Lines |
|
Depends-On: Iac4a260af6738ed6afd4bcb107221a736d07c1b5
Change-Id: I279f6080b3cd7cf6be8513d94171bf9ff94a4698
Partial-Bug: #1644784
|
|
|
|
|
|
'user' is required or puppet-ceph will complain that the Keystone_user
has no title:
Evaluation Error: Missing title. The title expression resulted in undef
at /etc/puppet/modules/ceph/manifests/rgw/keystone/auth.pp
The value is set to Swift, as we use the same credentials as Swift
service.
Closes-Bug: #1642524
Change-Id: Ib4a7c07086b0b3354c8e589612f330ecdffdc637
|
|
|
|
|
|
|
|
|
|
The resource is failing and it prevents us to add more coverage. Until
we figure what's wrong with it, let's disable it.
Change-Id: If89775bf67d686327d0d27222e0c9179be74a668
|
|
|
|
|
|
|
|
This shows how we could wire in the upgrade steps using Ansible
as was previously proposed e.g in https://review.openstack.org/#/c/321416/
but it's more closely integrated with the new composable services
architecture.
It's also very similar to the approach taken by SpinalStack where
ansible snippets per-service were combined then run in a series of
steps using Ansible tags.
This patch just enables upgrade of keystone - we'll add support for
other patches in subsequent patches.
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I39f5426cb9da0b40bec4a7a3a4a353f69319bdf9
|
|
|
|
|
|
Currently, one can get the network-based FQDNs via a custom puppet
fact. This is currently unreliable, as it's based on the ::hostname
fact which we assume it's set correctly by nova. However, this is not
necessarily the case (for instance, if you use pre-deployed services
such as we do with the multinode-jobs). In these cases, the
::hostname fact will return something other than what we specified in
nova, and effectively breaks the configurations in we relly too much
on the network-based FQDN facts.
By using hiera instead, we avoid this issue as we set those values to
be exactly what we expect (as we set them in the OS::TripleO::Server
resource.
Change-Id: I6ce31237098f57bdc0adfd3c42feef0073c224fb
|
|
This patch optimizes how we deploy hiera by using a new
heat hook specifically designed to help compose hiera
within heat templates. As part of this change:
- we update all the 'hiera' software configurations to set the group to hiera
instead of os-apply-config.
- The new format uses JSON instead of YAML. The hook actually writes
out the hiera JSON directly so no conversion takes place. Arrays,
Strings, Booleans all stay in their native formats. As such we can avoid
having to do many of the awkward string and list conversions in t-h-t to
support the previous YAML formatting.
- The new hook prefers JSON over YAML so upgrading users will have the
new files prefered. (we will post a cleanup routine for the old files
soon but this isn't a new behavior, JSON is now simply prefered.)
- A lot of services required edits to account for default settings that
worked in YAML that no longer work correctly in the native JSON
format. In almost all these cases I think the resulting codes looks
cleaner and is more explicit with regards to what is getting
configured in hiera on the actual nodes.
Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b
Closes-bug: #1596373
Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
|
|
This patch updates the pep8 task (which is executed in CI) so
that it generates templates locally. This will give us extra
CI coverage to ensure our generated templates produce valid
YAML.
Change-Id: I2287802d44c0ebe404d3fce30f04efcc3c6ab27f
|
|
This patch adds a local version of our template processing
routine so that developers can more quickly view the templates
that are actually getting generated. I've noticed multiple developers
now do a full deployment with 'overcloud deploy' only to download
the swift container with the generated templates. This simple task
avoids that step by allowing developers to generate it locally.
It also aims to preserve the ability to use t-h-t templates directly
with Heat (instead of going through Mistral) should users wish to do that.
The new undercloud heat installer requires the ability to generate
templates without requiring Mistral and Swift to do so.
Ideally the Mistral API workflow would use this same code
so perhaps in the future we might modify that routine to:
-download swift tarball containing the templates
-run this local routine that lives in t-h-t
-re-upload the tarball of templates to the swift container
Change-Id: Ie664c9c5f455b7320a58a26f35bc403355408d9b
|
|
This patch moves the t-i-e element code for hosts configuration
into a t-h-t shell script that gets driven by a os-collect-config
script hook.
This helps accomplish several goals:
- moves us away from t-i-e
- gives us better signal handling in the error case (where the
previous element relied on 99-refresh-completed
- Allows the t-h-t undercloud installer to more easily consume this
since it doesn't rely on the old os-apply-config metadata (which
that installer doesn't support).
Change-Id: I73c3d4818ef531a3559fab272521f44519e2f486
|
|
|
|
|
|
|
|
|
|
|
|
To make local testing of scenario patches easier, this changes the paths
to the templates under test to be relative to the scenarios.
Change-Id: I12a45ee917c214a071f5de1e28f632dbf7d1fe9d
|
|
Install Mistral into the test overcloud and create a workflow to
verify the Mistral installation. This does not currently actually
execute the workflow. It merely tests that it can be created.
Change-Id: Ia03a605bcfd92498bf299d3042dca7c9932f5b63
Depends-On: Id5ff9cb498b5a47af38413d211ff0ed6ccd0015b
|
|
|
|
Fix English grammar error I did in a previous commit.
Change-Id: I06209ab782240f05844793e56270135d48792f3d
|
|
|
|
|
|
This effectively adds barbican-api to the deployment in scenario002
and uses it to provide encrypted volumes for cinder that a nova
instance boots from in the test.
Change-Id: I132e346755fb49c9563247b4404be06b97f77872
|
|
|
|
The modern openstack equivalent heat commands require no awk and will
be slightly more efficient.
The roles variable is optionally populated by OVERCLOUD_ROLES so that
a subset of roles can be specified.
Change-Id: I6b66cb3bd81825fba726dd45b0db25896908f6dd
|
|
Wire in os-net-config via a normal script heat deployment, which has the
following advantages:
1. Improved error path, currently o-a-c deployments don't report any
errors, thus hang and eventually the deployment times out
2. It's far more hackable from a deployer perspective, e.g it's
much easier to change the os-net-config options or include a
mapping file
3. Reduces our dependencies on o-a-c (it's only os-net-config and hiera
which requires it), although the script does currently still use oac to
get the metadata IP.
4. May enable passing os-net-config yaml via a json parameter in future,
reducing the need for resource_registry mappings (although we'll have to
support that for backwards compatibility)
The script used is based directly on 20-os-net-config (from t-i-e
at cf94c5e, we can probably improve this now that we have an error path,
but for this initial commit it's a straight copy other than the changes to
replace o-a-c for rendering the json config file.
Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: I0ed08332cfc49a579de2e83960f0d8047690b97a
|
|
The parameter type is invalid making it impossible to enable monitoring-environment.
Change-Id: I835d1e82480edb0b6d082a7496d7ceebb1781728
Closes-Bug: #1641080
Closes-Bug: rhbz#1392473
|
|
|
|
|
|
DVR+HA routers are officially supported, so this patch can be reverted.
This reverts commit ce39dbac56123354576d2c31674e1b18535b0111.
Conflicts:
environments/neutron-ovs-dvr.yaml
Change-Id: Ifeceb0c3ba01e81403903401ebfe69b9e9d7d2f2
|
|
|
|
This patch drops use of the vip-hosts.yaml service which can
cause issues during deployment because puppet 'hosts' resources
overwrite the data in /etc/hosts. The only reason things seem to work
at all at the moment is because our hosts element in t-i-e runs
on each os-refresh-config iteration and re-adds the dropped hosts
entries.
To work around the issue we add a conditional which selectively
adds the extra hosts entries only if the AddVipsToEtcHosts is set
to true.
Closes-bug: 1645123
Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
|
|
We removed Step 6 in Iae33149e4a03cd64c5831e689be8189ad0cf034b
but forgot to update the README. Similarly we made all roles
use the same steps in Ia2ea559e8eeb64763908f75705e3728ee90b5744
so the comment is no longer true.
Change-Id: If5482ebd22a2547ed2165199992840a0dcacb04c
|
|
This patch adds the team's and repository's badges to the README file.
The motivation behind this is to communicate the project status and
features at first glance.
For more information about this effort, please read this email thread:
http://lists.openstack.org/pipermail/openstack-dev/2016-October/105562.html
To see an example of how this would look like check:
b'https://gist.github.com/8e6d63aff05dc9e2a946f9012a34b334\n'
Change-Id: I0090c60b91624f6cc446bc020b1445b3919e0d40
|
|
Import TripleO CI environments from tripleo-ci into THT for some
reasons:
1) THT is branched while tripleo-ci is not. Having them here would allow
to make scenarios able to evolve over the releases without adding
more scenarios.
2) Help our developers to run TripleO CI scenarios themselves from THT
by exposing the templates here.
The whole discussion is here:
http://lists.openstack.org/pipermail/openstack-dev/2016-November/107816.html
Change-Id: I3527a64c0c8f56ca77115d32849fa23fe710112d
|
|
Until bug #1635409 is fixed, we can provide the full list of
services needed on the Compute role, plus CephOSD, in the
hyperconverged-ceph environment file, preserving the user
experience.
Change-Id: I42409bc098c740759b378969526e13efaf002d3c
Related-Bug: #1635409
|
|
This adds the necessary hieradata for enabling TLS for MySQL (which
happens to run on the internal network). It also adds a template so
this can be done via certmonger. As with other services, this will
fill the necessary specs for the certificate to be requested in a
hash that will be consumed in puppet-tripleo.
Note that this only enables that we can now use TLS, however, we still
need to configure the services (or limit the users the services use)
to only connect via SSL. But that will be done in another patch, as
there is some things that need to land before we can do this (changes
in puppetlabs-mysql and puppet-openstacklib).
Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118
Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
|
|
|
|
|
|
|
|
|