| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Using keystone_authtoken credentials for this purpose is deprecated, and also
prevents ironic-conductor from being used as a separate role.
Also remove neutron_url, it can be fetched from the catalog instead.
Change-Id: I12822568cb4db31808aec5fd407d71fe4b7b09e0
Depends-On: I21180678bec911f1be36e3b174bae81af042938c
Partial-Bug: #1661250
|
|
|
|
This is used for the TLS-everywhere bits. It will be taken into account
by a metadata hook that outputs relevant entries for the nova-metadata
service; and subsequently kerberos principals will be created from
these.
Subsequent patches will add support for TLS in the internal network for
the containerized keystone.
Change-Id: Ic747ad9c8d6e76c8c16e347c1cdcabc899dd9f9a
|
|
This section will be needed for TLS-everywhere. So it should be added as
optional in the yaml-validate.
Change-Id: Ic6ea563b6c8e454cb51f640bb5aaa3adda82a5dd
|
|
|
|
Use mounts instead of docker volumes to preserve existing data when
moving from baremetal to containerized Libvirt.
Change-Id: I2215d451a4ef4023741f0750ac1b45a94652026a
|
|
Use mounts instead of docker volumes to preserve existing data when
moving from baremetal to containerized Swift.
Change-Id: Ib7cbca2ef674a0245a67b69ee2c77f574d74c181
|
|
|
|
Secure EtcdInitialClusterToken parameter by:
* removing the default value.
* make it hidden.
Change-Id: I938af697f9faaadb9c9aeb950e9410db24b1b961
Depends-On: I6e30cce469736e84a3c483fafa29d542b8347ba9
Closes-Bug: #1673266
|
|
|
|
Change-Id: I936b31fd24c43e35092b3bfef4454a8da81d19c8
|
|
Removes some of the no longer used scripts and templates used by
the upgrades workflow in previous versions.
Change-Id: I7831d20eae6ab9668a919b451301fe669e2b1346
|
|
UUID is to be deprecated, and we should be using fernet.
Change-Id: I61b999e65ba5eb771776344d38eb90fc52d49d56
|
|
Since the 'file' resource is included in the tags that puppet takes into
account, we already generate the fernet keys if it's enabled as a token
provider.
This merely adds the keys to the container. However, if fernet is not
the provider, we make this file addition optional.
Change-Id: Id92039b3bad9ecda169323e01de7bebae70f2ba0
|
|
|
|
Use mounts instead of docker volumes to preserve existing data when
moving from baremetal to containerized RabbitMQ.
Change-Id: I8de6610d13d2d878ffba12eb742880eed694eb3e
|
|
We used named Docker volume for MongoDB storage, which meant that when
moving from bare metal to containerized, we lost data and reinitialized
the storage from scratch.
With this commit we keep the data by mounting the original data into the
container. We also need make sure that file ownership is correct
according to the uid/gid used within MongoDB container image.
Change-Id: I86ef2cb37a068b767462d6d50fe451389b7cbb58
|
|
We used named Docker volume for MariaDB storage, which meant that when
moving from BM to containerized wit MariaDB, we lost data and
reinitialized the storage from scratch.
With this commit we keep the data by mounting the original data into the
container.
We also need to make sure that file ownership is correct according to
the MariaDB container image used, and that Kolla bootstrap mechanisms
aren't retriggered, as they aren't idempotent.
Change-Id: I1fc955021c6dd83f1a366495dd8c7281fb9e7cc5
|
|
There were multiple issues in retry() in rhel-registration:
- There was no need for it to be recursive (local variables
got overwritten)
- There was no delay between multiple attempts, leading to faster but
more frequent failures.
- The max number of attempts was set too low for some environements.
With this patch, rhel-registration now works more reliably with slow-links
for portal registration and does not attempt to DDos the portal or your
satellite server.
Change-Id: I594d3c94867b45a7a58766dbcc66edead78d6a4e
|
|
|
|
|
|
|
|
|
|
Change-Id: I0c57f7b8a97b854e3c44ff7776ea05e3888e78e8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Bindep is an automation tool used by openstack-infra to bootstrap a
worker with default packages. This is not needed, since we depend on
puppet to automate this step.
Change-Id: I759614ed0cf1fab5433956ed459419e564590398
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
|
|
Closes-bug: #1668928
Change-Id: I291df31be97c3d55cddb3924482aa5976a79c2b1
|
|
|
|
|
|
This profile will request the certificates for the services on the node.
So with this, we will remove the requesting of these certs on the
services' profiles themselves.
The reasoning for this is that for a containerized environment, the
containers won't have credentials to the CA while the baremetal node
does. So, with this, we will have this profile that still gets executed
in the baremetal nodes, and we can subsequently pass the requested
certificates by bind-mounting them on the containers. On the other hand,
this approach still works well for the TLS-everywhere case when the
services are running on baremetal.
Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
|
|
Switch Congress and Tacker to use auth_uri with keystone versionless
endpoint.
Change-Id: I7e17d061344849b0421f3a6c9571f1609e8861fb
Partial-Implement: blueprint keystone-v3
|
|
The UpdateDeployment already depends on NetworkDeployment.
We should not run os-net-config unconditionally before update.
Closes-Bug: #1666227
Change-Id: I48cbf5de00d47c6fdad71ff24c00e9db05cec5d5
|
|
|
|
* Move swift_authurl to gnocchi-base hieradata, where other swift auth
credentials live and switch it to versionless keystone endpoint.
* Force swift_auth_version to 3 for Keystone v3.
* Switch auth_uri to use versionless Keystone endpoint.
* Switch auth_url to use Keystone admin endpoint (instead of internal).
* Remove old parameters from gnocchi::api, not used anymore.
Partial-blueprint: keystone-v3
Change-Id: I2feed8b1219069128faa1a1e8dcd2ddfbae7e40a
|
|
Switch Aodh, Ceilometer and Panko to use auth_uri parameter with
keystone versionless endpoint.
Change-Id: I5800f4161d0406d3717e1f539d23411b11378fbc
Partial-implement: blueprint keystone-v3
|
|
Switch Cinder to use auth_uri with keystone versionless endpoint.
Change-Id: Iccc6e3df6a8bb1aca3667b1783bc7f6eebf262e5
Partial-implement: blueprint keystone-v3
|
|
Switch Heat to use auth_uri with keystone versionless endpoint.
Change-Id: Iddd091a659d37d965b216db9f536d30245cd3c3a
Partial-implement: blueprint keystone-v3
|
|
Switch Ironic to use auth_uri with keystone versionless endpoint.
Change-Id: Ia8061a1e08bd31425f8d4192cd45b64b9f8e1f74
Partial-implement: blueprint keystone-v3
|
|
Switch Manila to use auth_uri with keystone versionless endpoint.
Change-Id: If05032a5c7d93b5787d3f18c0aa374bac3cbd478
Partial-implement: blueprint keystone-v3
|
Dmitry Tantsur
Jenkins
Juan Antonio Osorio Robles
Jiri Stransky
Emilien Macchi
Pradeep Kilambi
marios
Vincent S. Cojot
Paul Belanger
Lukas Bezdicka