aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-21Merge "Add environment to preselect only VIP IP addresses"Jenkins5-1/+55
2017-04-21Merge "Add NeutronDnsDomain heat option, undercloud fix"Jenkins2-0/+6
2017-04-20Merge "Add all hosts to HostsEntry output"Jenkins2-1/+10
2017-04-20Merge "N->O Manual puppet commands have the right modulepath."Jenkins2-2/+5
2017-04-20Add defaults for docker puppet tasksSteven Hardy1-4/+10
Currently we're referencing some steps that don't exist in the output from the OS::Heat::Value resource, but as noted in the heat bug #1681749 I think this isn't valid and probably should not be allowed, so instead merge defaults with the non-empty step tasks. To avoid further duplication of the loop variables, I made the max step a variable. Change-Id: Icf3d639b53c97006a0c370c12600449fba6f3323 Related-Bug: #1681749
2017-04-20N->O Manual puppet commands have the right modulepath.Sofer Athlan-Guyot2-2/+5
In two places during upgrade we manually trigger puppet. There can be a problem when new puppet modules are added, and their corresponding symlinks in /etc/puppet/modules are not created during the installation as their are installed in /usr/share/openstack-puppet/modules. To prevent the issue tripleo set modulepath in the templates. We must use the same modulepath to make sure that we don't fail because of missing module in the manual puppet run. This particulary happens when you upgrade from M->N->O, as the base image in Mitaka doesn't have the proper symlinks and they are not created during the installation of the package. Closes-Bug: #1684587 Change-Id: I79df6ea33f1c58e13309176a6de41b7572541fd6
2017-04-20Merge "TLS-everywhere: Enable for TLS libvirt live migration"Jenkins2-0/+88
2017-04-20Run Zaqar with httpd in puppet serviceThomas Herve2-12/+57
This switches Zaqar to run with httpd when configured by puppet. Change-Id: I69b923dd76a60e9ec786cae886c137ba572ec906
2017-04-20Merge "N->O upgrade, fix wrong parameters to nova placement."Jenkins1-1/+2
2017-04-20Merge "Pluggable server type per Role"Jenkins8-6/+17
2017-04-20glance: deploy services with Keystone v3 endpointsEmilien Macchi2-2/+9
* Switch auth_uri to point to Keystone versionless endpoint. * Switch Swift auth url to use Keystone versionless endpoint and Keystone v3 API. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I78cdd2286b5a5094f36d4f3c7c58340745664449 Partial-blueprint: keystone-v3
2017-04-19Merge "Remove root_template and root_environment from capabilities-map.yaml"Jenkins1-8/+0
2017-04-19SSHD Service extensionsLuke Hinds11-4/+46
This change implements a MOTD message and provides a hash of sshd config options which are sourced to the puppet-ssh module as a hash. The SSHD puppet service is enabled by default, as it is required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293. Also added the service to the CI roles. Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e Depends-On: I1d09530d69e42c0c36311789166554a889e46556 Closes-Bug: #1668543 Co-Authored-By: Oliver Walsh <owalsh@redhat.com>
2017-04-19Containers: disable downloading rabbitmqadminJiri Stransky1-1/+4
There's no need for puppet to download rabbitmqadmin script from rabbitmq, as the script would be immediately deleted together with the ephemeral puppet container. Also, since rabbitmq isn't running at the time we run the puppet container (rabbitmq doesn't have config files generated at that point), puppet couldn't connect to rabbitmq anyway. Change-Id: Ia59e1013c24ab02037246135024418cc9b674606 Closes-Bug: #1684104
2017-04-19N->O upgrade, fix wrong parameters to nova placement.Sofer Athlan-Guyot1-1/+2
According to [1] we need os_region_name, not region_name. Furthermore the os_interface is configured as well. The hard check on this parameter was introduced in ocata[2], explaining why the newton version did not chock on it. [1] https://docs.openstack.org/ocata/config-reference/compute/config-options.html [2] https://github.com/openstack/nova/commit/d486315e0 Closes-Bug: #1684058 Change-Id: If6118bf03e832fe3fa5ea4fcb1b436afd2adf80a
2017-04-19containers: TLS in the internal network for telemetry servicesJuan Antonio Osorio Robles4-0/+65
This covers aodh, gnocchi and panko. cp tls-via-certmonger-containers Change-Id: I6dabb0d82755c28b8940c0baab0e23cfcc587c42
2017-04-19Merge "Introduce common CAs to be mounted to the containers"Jenkins1-0/+5
2017-04-19Merge "Introduce common resources for docker templates"Jenkins36-349/+644
2017-04-19Merge "Rework DOCKER_PUPPET_CONFIG validate tool"Jenkins1-7/+11
2017-04-19TLS-everywhere: Enable for TLS libvirt live migrationJuan Antonio Osorio Robles2-0/+88
This relies on using the default paths for certs/keys used by libvirt and is only enabled if TLS-everywhere is enabled. bp tls-via-certmonger Depends-On: If18206d89460f6660a81aabc4ff8b97f1f99bba7 Depends-On: I0a1684397ebefaa8dc00237e0b7952e9296381fa Change-Id: I0538bbdd54fd0b82518585f4f270b4be684f0ec4
2017-04-19Merge "Use underscore for Aodh and Gnocchi's container names"Jenkins2-4/+4
2017-04-19Merge "Use tripleo profile for bigswitch agent"Jenkins1-3/+1
2017-04-19Merge "Add migration SSH tunneling support"Jenkins3-1/+22
2017-04-18Merge "SSH known_hosts config"Jenkins11-1/+324
2017-04-18Merge "Run token flush cron job hourly by default"Jenkins2-1/+8
2017-04-18Merge "Support for external swift proxy"Jenkins5-0/+89
2017-04-18scenario001/pingtest: enable Gnocchi resource againEmilien Macchi1-15/+13
We disabled it because it stopped working. Let's see how it works now. Change-Id: If1efb86cb1d6ada357d4562408a566ac702fb6be Closes-Bug: #1646506
2017-04-18Merge "Fix nova-compute service name in upgrade steps"Jenkins2-2/+2
2017-04-18Merge "Non-ha multinode environment for container upgrade job"Jenkins1-0/+61
2017-04-18Merge "Add RoleNetIpMap output to overcloud.j2.yaml"Jenkins1-0/+6
2017-04-18Run token flush cron job hourly by defaultJuan Antonio Osorio Robles2-1/+8
Running this job once a day has proven problematic for large deployments as seen in the bug report. Setting it to run hourly would be an improvement to the current situation, as the flushes wouldn't need to process as much data. Note that this only affects people using UUID as the token provider. Change-Id: I462e4da2bfdbcba0403ecde5d613386938e2283a Related-Bug: #1649616
2017-04-18Introduce common CAs to be mounted to the containersJuan Antonio Osorio Robles1-0/+5
When TLS is enabled, the containers need to trust the CAs that the host trusts. Change-Id: I0434b0ac10290970857cad3d1a89d00f5b054196
2017-04-18Introduce common resources for docker templatesJuan Antonio Osorio Robles36-349/+644
This enables common resources that the docker templates might need. The initial resource only is common volumes, and two volumes are introduced (localtime and hosts). Change-Id: Ic55af32803f9493a61f9b57aff849bfc6187d992
2017-04-18Support for external swift proxyLuca Lorenzetto5-0/+89
Users may have an external swift proxy already available (i.e. radosgw from already existing ceph, or hardware appliance implementing swift proxy). With this change user may specify an environment file that registers the specified urls as endpoint for the object-store service. The internal swift proxy is left as unconfigured. Change-Id: I5e6f0a50f26d4296565f0433f720bfb40c5d2109 Depends-On: Ia568c3a5723d8bd8c2c37dbba094fc8a83b9d67e
2017-04-17Add all hosts to HostsEntry outputJames Slagle2-1/+10
Previously only the VIPs and their associated hostnames were present in the HostsEntry output, due to the hosts_entries output on the hosts-config.yaml nested stack being empty. It was referencing an invalid attribute. Change-Id: Iec41926e27bdbf86eb30f230f904df1b7dbfa9c2 Closes-Bug: #1683517
2017-04-17aodh-base.yaml uses a hard coded keystone region nameKeith Schincke1-1/+1
aodh::auth::auth_region in aodh-base.yaml is hardcoded to regionOne instead of using the available KeystoneRegion Change-Id: I521b7e226675062225085e1d5f0296e53b152e81
2017-04-16Revert "Use httpd in Zaqar docker service"Dan Prince1-6/+3
This reverts commit 57a26486128982c9887edd02eb8897045215b10a. Change-Id: I1bbe16a1a7a382ae0c898bd19cd64d3d49aa84c7 Closes-bug: #1683210
2017-04-15Add migration SSH tunneling supportOliver Walsh3-1/+22
This enables nova cold migration. This also switches to SSH as the default transport for live-migration. The tripleo-common mistral action that generates passwords supplies the MigrationSshKey parameter that enables this. The TCP transport is no longer used for live-migration and the firewall port has been closed. Change-Id: I4e55a987c93673796525988a2e4cc264a6b5c24f Depends-On: I367757cbe8757d11943af7e41af620f9ce919a06 Depends-On: I9e7a1862911312ad942233ac8fc828f4e1be1dcf Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
2017-04-14Merge "Allow for update after RHEL registration"Jenkins2-0/+43
2017-04-14Rework DOCKER_PUPPET_CONFIG validate toolBogdan Dobrelya1-7/+11
* Split it to REQUIRED/OPTIONAL * Move puppet_tags to OPTIONAL as it already has a default set of tags that need not to be repeated explicitly. Change-Id: Ib70176f1edf61228771c983b0c3231fb7939a316 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-04-13Merge "Add name and description fields to plan-environment.yaml"Jenkins2-5/+11
2017-04-13SSH known_hosts configOliver Walsh11-1/+324
Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
2017-04-13Pluggable server type per RoleJames Slagle8-6/+17
The server resource type, OS::TripleO::Server can now be mapped per role instead of globally. This allows users to mix baremetal (OS::Nova::Server) and deployed-server (OS::Heat::DeployedServer) server resources in the same deployment. blueprint pluggable-server-type-per-role Change-Id: Ib9e9abe2ba5103db221f0b485c46704b1e260dbf
2017-04-13Merge "Add tags to roles"Jenkins5-7/+52
2017-04-13Merge "Use comma_delimited_list for token flush cron time settings"Jenkins1-5/+5
2017-04-13Merge "Do not log errors on non-existing container"Jenkins1-1/+4
2017-04-13Merge "Add Docker to services list in multinode CI environments"Jenkins7-0/+8
2017-04-13Fix nova-compute service name in upgrade stepsJiri Stransky2-2/+2
Previously Ansible upgrade steps failed with: Could not find the requested service nova-compute: cannot disable. Change-Id: I14e8bc89aca0a3f7308d88488b431e23251cc043 Closes-Bug: #1682373
2017-04-13Use underscore for Aodh and Gnocchi's container namesJuan Antonio Osorio Robles2-4/+4
The rest of the services are using underscores, so this helps uniformity. Change-Id: I4ce3cc76f430a19fa08c77b004b86ecad02119ae
2017-04-12Add service config settings to agent servicesPradeep Kilambi3-0/+6
When containerizing ceilometer agents, keystone auth is not getting set correctly as we're not including the service config settings. Change-Id: Ic17d64eb39e1fcb64c198410f27adbe94c84b7d4