| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
ceph-ansible will take care of setting up client keys both
in ceph and on client side. It will also create filesystem
for manila. To assure that manila manifest can work in future
both with puppet and with ceph-ansible, creation of filesystem
is moved to ceph-mds manifest and creation of manila key on ceph
side is moved to ceph-base (so manila key is always created),
manila key is added to ceph-external for external ceph deployments.
Key creation is removed from manila.pp in patch
I2b5567a39ac8737e80758b705818cc1807dc8bf1
Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68
Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
|
|
|
|
We need to tag the HA containers with a special tag so
that the RA definition never changes. We do this step in THT
as opposed to puppet because we need to guarantee
that all images are tagged on all nodes *before* step 2 where the bundle
gets created.
NB: Getting the image name without the tag will require some more
yaql work to get all the cases right. Right now this works only
if we enforce that the image has a ':tag' at the end of the name.
So far this is always the case. If things change we will need to
amend this code.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Change-Id: I362e6cf26fba77d3f949b7d2fc4b35a3eab9087e
|
|
Bind mounts and adds the appropriate permissions for the cert and
key that's used for TLS.
bp tls-via-certmonger-containers
Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813
Change-Id: I48325893a00690e2f5d6f1d685f903234545d5b8
|
|
This is addressed by the patch this depends on.
bp tls-via-certmonger
Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813
Change-Id: Ibecc461b0c9af02500f590a1f7469d7e4ff20d95
|
|
Updates ci/environments/scenario001-multinode-containers.yaml
to use ceph-ansible instead of puppet-ceph.
Change-Id: Idbd02a3c7404daecdc6e2c45ea6d3478bf70552c
Depends-On: Ifa4937624ed14a3ece48dd92ba4f69b5e4928e77
|
|
|
|
|
|
|
|
This sets the flag that tells the horizon manifest to use TLS for the
configuration.
bp tls-via-certmonger
Depends-On: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e
Change-Id: I13d59e7663538884b34b5a910b741de8721abbb9
|
|
|
|
|
|
|
|
I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7 changed nova api to http from
eventlet, however we need to continue running the eventlet service as
it is required for the nova metadata api.
However this should be tied to the OS::TripleO::Services::NovaMetadata
service, so duplicate the required config in nova-metadata.yaml.
Change-Id: I398575d565d5527bcaa1c8b33b9de2e1e0f2f6fd
Depends-On: Id3407e151566d16c6ae1e1ea8c1b021dac22e727
Closes-bug: #1711425
|
|
|
|
|
|
Workaround systems getting registered as "localhost" during
RHEL registration if they don't have a fqdn set by first
rm'ing the /etc/rhsm/facts directory. When the directory does not
exist, the katello-rshm-consumer which runs when installing
the katello-ca-consumer will not set the hostname.override fact to
"localhost".
Change-Id: Ia29aa9c775f715f9745bb7e1e4022cc395a7d092
Partial-Bug: #1711435
|
|
This also tells the neutron metadata agent to use TLS for contacting
nova-metadata.
bp tls-via-certmonger
Depends-On: I97ac2da29be468c75713fe2fae7e6d84cae8f67c
Depends-On: I9df395dc699090bd73265d10395e155e9b8adb26
Change-Id: I9a8c54f6e052852b8f9d06a42da87773f4da3a15
|
|
This is needed for TLS everywhere, else the certs won't be requested.
Change-Id: I9849e009843683a75fefa6e9f4b8213bcff3a889
Closes-Bug: #1711424
|
|
Ceilometer api and collector are disabled in pike. During upgrade case,
if its not in the roles_data the disable task doesnt get picked
up and continue to run. This should be removed in Queen cycle.
Change-Id: I3bf555ac9488fc6622e6a62a809150082a85ea54
|
|
|
|
|
|
|
|
|
|
Previously what we've been doing with setup_docker_host.sh can now be
achieved with host_prep_tasks, and we can free up the NodeUserData
interface for other use cases.
Closes-Bug: #1711387
Change-Id: Iaac90efd03e37ceb02c312f9c15c1da7d4982510
|
|
Creating a sample environment generator configuration to generate basic
environment files for the following architectures:
* Monolithic HA (3 Controller, 3 Compute, 1 Ceph)
* Monolithic Non-HA (1 Controller, 1 Compute, 1 Ceph)
* Standalone (3 Controller, 3 Database, 3 Messaging, 2 Networker,
1 Compute, 1 Ceph)
Change-Id: Id0b967d3b2356f38a51e1028b2dccc122d59888c
Related-Blueprint: example-custom-role-environments
|
|
|
|
When performing an overcloud upgrade, we need to run a different
ceph-ansible playbook from what we run for fresh deployments.
This change adds the logic to parse StackUpdateType and set the
playbook path accordingly.
Change-Id: I2882f62a80954e6e7324bb86e5ac91c059698a60
|
|
This change adds a new define for cinder::backend::dellemc_unity.
Change-Id: I7f9dbb707cf9b5c90ec2f31dcff82cd578805b80
Implements: blueprint dellemc-unity-cinder
|
|
Most nova services are working with TLS everywhere, so they can be
added to the environment.
The compute and libvirt services are still pending.
bp tls-via-certmonger-containers
Change-Id: I80745fff5fbd9a6ccd701c1d154b38ad41b0cc3c
|
|
Since nova-compute is not containerized with TLS yet, using containerized
iscsid causes errors when trying to spawn a VM with a volume. Since
the path is different in this case.
I will re-add iscsid to this environment once nova-compute is
containerized with TLS.
bp tls-via-certmonger-containers
Change-Id: Ida87b187e56ae852c5a4ef6f78cc04a0870fe3f4
|
|
|
|
It doesn't work yet, see:
https://bugs.launchpad.net/tripleo/+bug/1710959
Change-Id: I05d5325aa704f8e18737e98d3bd6b4d00fc1dca6
|
|
... until https://review.openstack.org/#/c/474327 is merged.
In the meantime, let's test the scenario with Barbican like before.
Depends-On: Ib5c99482f62397fc5fb79a9dc537dfb06ee7f4df
Change-Id: Ia96736ad3ddabd33c5ee4518a3f63bafeffcf391
|
|
|
|
|
|
|
|
|
|
|
|
This service allows configuring and deploying manila-share
containers in a HA overcloud managed by pacemaker.
The containers are managed and run by pacemaker. Pacemaker runs the
standard Kolla image but overrides the initial command so that
it explicitely calls manila-share. This way, we shield ourselves
from any unexpected future change in Kolla.
This container needs to use the 'docker_config' section to invoke
puppet (as opposed to 'docker_puppet_tasks'), because due to the HA
composability each resource creation needs to happen on the bootstrap
node of that service and 'docker_puppet_tasks' will only run on the
controller/primary role.
Based on work done in fdb233e64e3d78014dd7e351abfed5aec5035866
Partial-Bug: #1668922
Change-Id: Ifa94c506db5eb667690a19d594115a93d2a790b2
Depends-On: I797eea2f7788f65411964ccb852b5707e916416f
|
|
Change-Id: Ib892f54781e568fb267a34390fec1a7e0323de2c
|
|
Pre existing Ceph clusters are migrated to containers using a
playbook in ceph-ansible which requires setting some 'ireallymeanit'
variable.
1. https://github.com/ceph/ceph-ansible/issues/1758
Change-Id: I5c2f46b91cf032913931275ce62315f293f21c8b
Closes-Bug: #1711159
|
|
|
|
Based on puppet/services/ceph-mds.yaml. Nodes in the CephMds role
will already be in the Ansible inventory but this change provides
a way pass their parameters to ceph-ansible.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
|
|
This change renders the network IP maps and hostname maps for
all networks defined in network_data.yaml. This should make it
possible to create custom networks that will be rendered for
all applicable roles.
Note that at this time all networks will be rendered whether
they are enabled or not. All networks will be present in all
roles, but ports will be associated with noop.yaml in roles
that do not use the network. This is in accordance with
previous behavior, although we may wish to change this in
the future to limit the size of the role definitions and
reduce the number of placeholder resources in deployments
with many networks.
Note that this patch is a replacement for original patch
https://review.openstack.org/#/c/486280, which I was having
trouble rebasing to current.
Change-Id: I445b008fc1240af57c2b76a5dbb6c751a05b7a2a
Depends-on: I662e8d0b3737c7807d18c8917bfce1e25baa3d8a
Partially-implements: blueprint composable-networks
|
|
When the OSD pool size is unset it defaults to 3, while we only
have a single OSD in CI so the pools are created but not writable.
We did set the default pool size to 1 in the non-containerized
scenarios but apparently missed it in the containerized version.
Change-Id: I1ac1fe5c2effd72a2385ab43d27abafba5c45d4d
Closes-Bug: #1710773
|
|
Ensure both the older compute and newer generic polling host services
are stopped during a compute upgrade.
Closes-Bug: #1710866
Change-Id: I2c63d6d50977eed112707c3c8aa6d46d8b796679
|
|
|
|
|
|
|
Jan Provaznik
Jenkins
Michele Baldessari
Juan Antonio Osorio Robles
Giulio Fidente
Oliver Walsh
James Slagle
Pradeep Kilambi
Jiri Stransky
Alex Schultz
rajinir
Emilien Macchi
Victoria Martinez de la Cruz
John Fulton
Dan Sneddon
Lee Yarwood