Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
This profile will request the certificates for the services on the node.
So with this, we will remove the requesting of these certs on the
services' profiles themselves.
The reasoning for this is that for a containerized environment, the
containers won't have credentials to the CA while the baremetal node
does. So, with this, we will have this profile that still gets executed
in the baremetal nodes, and we can subsequently pass the requested
certificates by bind-mounting them on the containers. On the other hand,
this approach still works well for the TLS-everywhere case when the
services are running on baremetal.
Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
|
|
Switch Congress and Tacker to use auth_uri with keystone versionless
endpoint.
Change-Id: I7e17d061344849b0421f3a6c9571f1609e8861fb
Partial-Implement: blueprint keystone-v3
|
|
The UpdateDeployment already depends on NetworkDeployment.
We should not run os-net-config unconditionally before update.
Closes-Bug: #1666227
Change-Id: I48cbf5de00d47c6fdad71ff24c00e9db05cec5d5
|
|
|
|
* Move swift_authurl to gnocchi-base hieradata, where other swift auth
credentials live and switch it to versionless keystone endpoint.
* Force swift_auth_version to 3 for Keystone v3.
* Switch auth_uri to use versionless Keystone endpoint.
* Switch auth_url to use Keystone admin endpoint (instead of internal).
* Remove old parameters from gnocchi::api, not used anymore.
Partial-blueprint: keystone-v3
Change-Id: I2feed8b1219069128faa1a1e8dcd2ddfbae7e40a
|
|
Switch Aodh, Ceilometer and Panko to use auth_uri parameter with
keystone versionless endpoint.
Change-Id: I5800f4161d0406d3717e1f539d23411b11378fbc
Partial-implement: blueprint keystone-v3
|
|
Switch Cinder to use auth_uri with keystone versionless endpoint.
Change-Id: Iccc6e3df6a8bb1aca3667b1783bc7f6eebf262e5
Partial-implement: blueprint keystone-v3
|
|
Switch Heat to use auth_uri with keystone versionless endpoint.
Change-Id: Iddd091a659d37d965b216db9f536d30245cd3c3a
Partial-implement: blueprint keystone-v3
|
|
Switch Ironic to use auth_uri with keystone versionless endpoint.
Change-Id: Ia8061a1e08bd31425f8d4192cd45b64b9f8e1f74
Partial-implement: blueprint keystone-v3
|
|
Switch Manila to use auth_uri with keystone versionless endpoint.
Change-Id: If05032a5c7d93b5787d3f18c0aa374bac3cbd478
Partial-implement: blueprint keystone-v3
|
|
Switch Neutron to use auth_uri with keystone versionless endpoint, also
for notifications with Nova.
Change-Id: I530e3dcdfe6961e14755a63767c1fb5c0e1cfa22
Partial-implement: blueprint keystone-v3
|
|
Switch nova authtoken auth_uri to use keystone endpoint without version.
Also switch ironic config in nova.conf to use it.
Change-Id: I8046f2eed0b9a7da76d6d7c3507a92bf5054b000
Partial-Implement: blueprint keystone-v3
|
|
This implements a host_prep_tasks hook where we can specify Ansible
tasks to perform on the host before deploying containerized
services. The hook runs in a single step, the assumption is that we will
mostly use the hook for creating per-service directories on the host to
ensure we are able to mount them into the containers. (We cannot do this
operation via Puppet because all containerized services run their Puppet
within a config container, so Puppet doesn't have access to host's
filesystem.)
Change-Id: I7d8bac39e0cd422fd651eefe29f7d10941ab4a1a
|
|
|
|
We are already enabling panko-api by default
`https://github.com/openstack/tripleo-heat-templates/blob/34c46241cda3be567017943560d218ced3bbdc03/overcloud-resource-registry-puppet.j2.yaml#L226`
so there is no need to have the environment file
or the resource in the ci environment template.
Change-Id: I6af6e2196a77320c8d3b5914d161a795b007151a
|
|
We also need to wait for the galera resource to settle down
before we proceed starting up with the other services.
Note that before merging this, we need to land the following
change in ansible-pacemaker:
https://review.gerrithub.io/#/c/351387/
Change-Id: Id71c9cb41cfd4c17685c922db2683e28ab7588fd
Closes-Bug: #1668372
|
|
|
|
|
|
Change-Id: I677075012a948c7c32959680608255eff919b8d4
|
|
Change-Id: Ia7b8c41d4d8135f58661a74a4298f60abb251fbe
|
|
|
|
|
|
Switch Horizon to use keystone_url with keystone versionless endpoint.
Change-Id: I7a22136937d414b2c3713894e04b0f093247ad33
Partial-implement: blueprint keystone-v3
|
|
|
|
|
|
|
|
This has not landed yet but was accidentally release noted for
Ocata. The release note should land with the patch that actually
makes the change: I0f61016df6a9f07971c5eab51cc9674a1458c66f
Change-Id: I7d68899a5892e219b73007b18ab42e06196ae07a
|
|
Add an example build script, and link the
current overrides template which can be
used to build Kolla packages that work with
TripleO.
Change-Id: I2ca122bfe797ed7c38a01ed9462cd880681d21f1
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
Closes-bug: #1668930
Change-Id: If5dff4388b255373083e164a74aaacd529a94111
|
|
This project aims at supporting inter-connection between L3VPNs
and Neutron resources, i.e. Networks, Routers and Ports.
Partially-Implements: blueprint bgpvpn-service-integration
Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876
Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|
|
Use yaml anchors wherever possible for image definition and drop unused
anchors.
Renamed parameters to Docker*ConfigImage to clarify that an image is
specifically used to generate configuration files.
Change-Id: I388bd59de7f1d36a3a881fbb723ba5bcba09e637
|
|
This patch adds the beginning of a set of unit tests
for the new docker services templates. This should help
us the new interfaces as they evolve.
Change-Id: I98a73cf090ebab4593a682f5f34c0950d37e010c
|
|
We don't use docker_image for anything. It is a remant of the
pre-composable docker templates and we can now remove it.
This patch removes references to the 'docker_image' section
from docker/post.yaml and all of the docker/services* templates.
Change-Id: I208c1ef1550ab39ab0ee47ab282f9b1937379810
|
|
|
|
|
|
|
|
The patch this depends on passes through the classes some parameters
that are meant to be passed via t-h-t. This patch addresses these and
other things required for deploying these services over httpd:
* Set the number of workers taking care not to set this value to 0.
* Add the apache base hieradata to the service profiles.
* Set the servernames and other httpd-specific values.
bp tls-via-certmonger
Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6
Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
|
|
This updates the docker/service README so that it
correctly documents the current requirements of the new
puppet_config interface.
Change-Id: I0f3e00ea3cce24152475abf6df34f4836e32c9c8
|
|
This patch allows operator to create SSL certificates for SSL auth to RabbitMQ.
Change-Id: I250aedcfdbe3b7a7e8c611c0e6122cf8fe0edda4
|
|
|
|
|
|
|
|
|
|
As with other services, this passes the necessary hieradata to enable
TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo)
that there will only be TLS connections, as the ssl_only option is being
used.
bp tls-via-certmonger
Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5
Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
|
|
|
|
|
|
There is currently an issue where the max open files limit is hit with
MariaDB in noha deployments, because it is defaulted to 1024 by system
limits. In HA deployments the limit is bumped to 16384. This patch
introduces a flag to be able to increase the limit to 16384 for noHA
deployments.
In the future we should change this to be an integer, and let the
operator decide the setting. Since this setting is set in a different
path for HA, we would need to implement a change that allows setting
both (ha and nonha) via the same integer param.
Depends-On: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6
Closes-Bug: #1648181
Related-Bug: #1524809
Change-Id: I95393fc798b833a8575afbff03ef74a839565c5e
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
This patch moves enabling Zaqar docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I6755eb7ae2abb2b9c8b213ff6fd21b0392353ef5
|