aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-03-13Merge "Fix bogus parameters in get_param"Jenkins2-2/+2
2017-03-13Merge "Containerize Aodh alarm services"Jenkins6-0/+368
2017-03-13Add certmonger-user profileJuan Antonio Osorio Robles7-0/+51
This profile will request the certificates for the services on the node. So with this, we will remove the requesting of these certs on the services' profiles themselves. The reasoning for this is that for a containerized environment, the containers won't have credentials to the CA while the baremetal node does. So, with this, we will have this profile that still gets executed in the baremetal nodes, and we can subsequently pass the requested certificates by bind-mounting them on the containers. On the other hand, this approach still works well for the TLS-everywhere case when the services are running on baremetal. Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6 Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
2017-03-13congress/tacker: switch auth_uri to use uri_no_suffixEmilien Macchi2-4/+8
Switch Congress and Tacker to use auth_uri with keystone versionless endpoint. Change-Id: I7e17d061344849b0421f3a6c9571f1609e8861fb Partial-Implement: blueprint keystone-v3
2017-03-13Don't try to run os-net-config from yum_update.shLukas Bezdicka1-11/+0
The UpdateDeployment already depends on NetworkDeployment. We should not run os-net-config unconditionally before update. Closes-Bug: #1666227 Change-Id: I48cbf5de00d47c6fdad71ff24c00e9db05cec5d5
2017-03-13Merge "Upgrades: wait for galera to be settled"Jenkins1-2/+4
2017-03-13gnocchi: deploy services with Keystone v3 endpointsEmilien Macchi3-6/+9
* Move swift_authurl to gnocchi-base hieradata, where other swift auth credentials live and switch it to versionless keystone endpoint. * Force swift_auth_version to 3 for Keystone v3. * Switch auth_uri to use versionless Keystone endpoint. * Switch auth_url to use Keystone admin endpoint (instead of internal). * Remove old parameters from gnocchi::api, not used anymore. Partial-blueprint: keystone-v3 Change-Id: I2feed8b1219069128faa1a1e8dcd2ddfbae7e40a
2017-03-13telemetry: switch auth_uri to uri_no_suffixEmilien Macchi3-3/+11
Switch Aodh, Ceilometer and Panko to use auth_uri parameter with keystone versionless endpoint. Change-Id: I5800f4161d0406d3717e1f539d23411b11378fbc Partial-implement: blueprint keystone-v3
2017-03-13cinder: switch auth_uri to uri_no_suffixEmilien Macchi1-1/+3
Switch Cinder to use auth_uri with keystone versionless endpoint. Change-Id: Iccc6e3df6a8bb1aca3667b1783bc7f6eebf262e5 Partial-implement: blueprint keystone-v3
2017-03-13heat: switch auth_uri to use uri_no_suffixEmilien Macchi1-1/+3
Switch Heat to use auth_uri with keystone versionless endpoint. Change-Id: Iddd091a659d37d965b216db9f536d30245cd3c3a Partial-implement: blueprint keystone-v3
2017-03-13ironic: switch auth_uri to uri_no_suffixEmilien Macchi1-1/+3
Switch Ironic to use auth_uri with keystone versionless endpoint. Change-Id: Ia8061a1e08bd31425f8d4192cd45b64b9f8e1f74 Partial-implement: blueprint keystone-v3
2017-03-13manila: switch auth_uri to use uri_no_suffixEmilien Macchi1-1/+3
Switch Manila to use auth_uri with keystone versionless endpoint. Change-Id: If05032a5c7d93b5787d3f18c0aa374bac3cbd478 Partial-implement: blueprint keystone-v3
2017-03-13neutron: switch auth_uri to uri_no_suffixEmilien Macchi1-2/+4
Switch Neutron to use auth_uri with keystone versionless endpoint, also for notifications with Nova. Change-Id: I530e3dcdfe6961e14755a63767c1fb5c0e1cfa22 Partial-implement: blueprint keystone-v3
2017-03-13nova: switch auth_uri to keystone versionless endpointEmilien Macchi2-2/+4
Switch nova authtoken auth_uri to use keystone endpoint without version. Also switch ironic config in nova.conf to use it. Change-Id: I8046f2eed0b9a7da76d6d7c3507a92bf5054b000 Partial-Implement: blueprint keystone-v3
2017-03-13Tasks hook for preparing BM host for deploying containerized servicesJiri Stransky3-2/+33
This implements a host_prep_tasks hook where we can specify Ansible tasks to perform on the host before deploying containerized services. The hook runs in a single step, the assumption is that we will mostly use the hook for creating per-service directories on the host to ensure we are able to mount them into the containers. (We cannot do this operation via Puppet because all containerized services run their Puppet within a config container, so Puppet doesn't have access to host's filesystem.) Change-Id: I7d8bac39e0cd422fd651eefe29f7d10941ab4a1a
2017-03-13Merge "Remove ha-by-default release note"Jenkins1-5/+0
2017-03-13Remove unnecesary code to enable panko-apiCarlos Camacho2-3/+0
We are already enabling panko-api by default `https://github.com/openstack/tripleo-heat-templates/blob/34c46241cda3be567017943560d218ced3bbdc03/overcloud-resource-registry-puppet.j2.yaml#L226` so there is no need to have the environment file or the resource in the ci environment template. Change-Id: I6af6e2196a77320c8d3b5914d161a795b007151a
2017-03-13Upgrades: wait for galera to be settledMichele Baldessari1-2/+4
We also need to wait for the galera resource to settle down before we proceed starting up with the other services. Note that before merging this, we need to land the following change in ansible-pacemaker: https://review.gerrithub.io/#/c/351387/ Change-Id: Id71c9cb41cfd4c17685c922db2683e28ab7588fd Closes-Bug: #1668372
2017-03-13Merge "Move zaqar into services-docker"Jenkins2-2/+2
2017-03-11Merge "Add BGPVPN composable service"Jenkins6-0/+60
2017-03-11Remove double quotes in the "when" Ansible conditional.Carlos Camacho4-4/+4
Change-Id: I677075012a948c7c32959680608255eff919b8d4
2017-03-10Add upgrade tasks for heat over httpdJuan Antonio Osorio Robles3-7/+34
Change-Id: Ia7b8c41d4d8135f58661a74a4298f60abb251fbe
2017-03-10Merge "Pass hieradata relevant for httpd in the Heat APIs"Jenkins4-18/+110
2017-03-10Merge "Add pep8 tests on docker/services/*"Jenkins1-0/+61
2017-03-10horizon: switch keystone_url to use uri_no_suffixEmilien Macchi1-1/+1
Switch Horizon to use keystone_url with keystone versionless endpoint. Change-Id: I7a22136937d414b2c3713894e04b0f093247ad33 Partial-implement: blueprint keystone-v3
2017-03-10Merge "Move mistral into services-docker"Jenkins2-3/+4
2017-03-10Merge "Remove glance-base service"Jenkins2-136/+95
2017-03-10Merge "Move ironic into services-docker"Jenkins2-4/+5
2017-03-10Remove ha-by-default release noteBen Nemec1-5/+0
This has not landed yet but was accidentally release noted for Ocata. The release note should land with the patch that actually makes the change: I0f61016df6a9f07971c5eab51cc9674a1458c66f Change-Id: I7d68899a5892e219b73007b18ab42e06196ae07a
2017-03-10Clarify Kolla build overrides for tripleoBogdan Dobrelya1-1/+5
Add an example build script, and link the current overrides template which can be used to build Kolla packages that work with TripleO. Change-Id: I2ca122bfe797ed7c38a01ed9462cd880681d21f1 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-03-10Containerize Aodh alarm servicesPradeep Kilambi6-0/+368
Closes-bug: #1668930 Change-Id: If5dff4388b255373083e164a74aaacd529a94111
2017-03-10Add BGPVPN composable serviceRicardo Noriega6-0/+60
This project aims at supporting inter-connection between L3VPNs and Neutron resources, i.e. Networks, Routers and Ports. Partially-Implements: blueprint bgpvpn-service-integration Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876 Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442 Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-03-10Cleanup docker services templatesMartin André16-85/+40
Use yaml anchors wherever possible for image definition and drop unused anchors. Renamed parameters to Docker*ConfigImage to clarify that an image is specifically used to generate configuration files. Change-Id: I388bd59de7f1d36a3a881fbb723ba5bcba09e637
2017-03-10Add pep8 tests on docker/services/*Dan Prince1-0/+61
This patch adds the beginning of a set of unit tests for the new docker services templates. This should help us the new interfaces as they evolve. Change-Id: I98a73cf090ebab4593a682f5f34c0950d37e010c
2017-03-10Remove docker_image sections (unused)Dan Prince35-166/+129
We don't use docker_image for anything. It is a remant of the pre-composable docker templates and we can now remove it. This patch removes references to the 'docker_image' section from docker/post.yaml and all of the docker/services* templates. Change-Id: I208c1ef1550ab39ab0ee47ab282f9b1937379810
2017-03-09Merge "Pass hieradata for internal TLS for RabbitMQ"Jenkins5-46/+123
2017-03-09Merge "FQDN validation"Jenkins2-0/+24
2017-03-09Merge "Keystone token flush cron job should log to a file"Jenkins1-1/+1
2017-03-09Pass hieradata relevant for httpd in the Heat APIsJuan Antonio Osorio Robles4-18/+110
The patch this depends on passes through the classes some parameters that are meant to be passed via t-h-t. This patch addresses these and other things required for deploying these services over httpd: * Set the number of workers taking care not to set this value to 0. * Add the apache base hieradata to the service profiles. * Set the servernames and other httpd-specific values. bp tls-via-certmonger Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6 Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
2017-03-09Update docs per new puppet_config interfaceDan Prince1-14/+23
This updates the docker/service README so that it correctly documents the current requirements of the new puppet_config interface. Change-Id: I0f3e00ea3cce24152475abf6df34f4836e32c9c8
2017-03-09Improve SSL support for SensuMartin Mágr1-1/+14
This patch allows operator to create SSL certificates for SSL auth to RabbitMQ. Change-Id: I250aedcfdbe3b7a7e8c611c0e6122cf8fe0edda4
2017-03-09Merge "Move nova-scheduler data into puppet_config"Jenkins1-7/+7
2017-03-09Merge "Add validation for VPP upgrade tasks"Jenkins1-1/+11
2017-03-09Merge "Enable Docker service for Compute role"Jenkins2-21/+6
2017-03-09Merge "Set number of Swift proxy server workers to auto"Jenkins1-2/+2
2017-03-09Pass hieradata for internal TLS for RabbitMQJuan Antonio Osorio Robles5-46/+123
As with other services, this passes the necessary hieradata to enable TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo) that there will only be TLS connections, as the ssl_only option is being used. bp tls-via-certmonger Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5 Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
2017-03-09Merge "sahara: configure keystone_authtoken parameters"Jenkins2-3/+9
2017-03-09Merge "barbican: Use versionless keystone endpoints"Jenkins1-3/+3
2017-03-08Enables increasing mariadb open files for noha deploymentsTim Rozet1-0/+6
There is currently an issue where the max open files limit is hit with MariaDB in noha deployments, because it is defaulted to 1024 by system limits. In HA deployments the limit is bumped to 16384. This patch introduces a flag to be able to increase the limit to 16384 for noHA deployments. In the future we should change this to be an integer, and let the operator decide the setting. Since this setting is set in a different path for HA, we would need to implement a change that allows setting both (ha and nonha) via the same integer param. Depends-On: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6 Closes-Bug: #1648181 Related-Bug: #1524809 Change-Id: I95393fc798b833a8575afbff03ef74a839565c5e Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-08Move zaqar into services-dockerDan Prince2-2/+2
This patch moves enabling Zaqar docker services into a separate environment in the environments/services-docker directory. Change-Id: I6755eb7ae2abb2b9c8b213ff6fd21b0392353ef5