Age | Commit message (Collapse) | Author | Files | Lines |
|
Currently we only consume the name with a special-case
for the disable constraints boolean, but it will be more
flexible if we consume the whole roles_data mapping for
each role, so that e.g composable networks and other
per-role customizations can be expressed in these
templates
Partially-Implements: blueprint composable-networks
Depends-On: Id1249b78b3dd87e91d572ffa31b7a541f3cde2c7
Change-Id: I355534ec456479944f66106e957404a660d8f2d2
|
|
|
|
Depends-On: I020550ede0ef981582392cf6c48dd5cb5823a074
Depends-On: I610b07a3c2bcf1c3288f76112a08b81c50e06913
Depends-On: I3d378044b3da5309b60967a12df7800520a254dc
Depends-On: I9c32b41ef865a09587f3ebfe8b8a896031fbd285
Depends-On: Ib31bf29bc69f5c58e98b99c3e598b19c99efc77f
Change-Id: I36c7390ddb4192e55ee56006fd6e9c5f8704445c
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
It is not necessary to get the Ceph key issueing a get-key to the Ceph
cluster; this change provides the libvirt key via parameter instead.
Change-Id: Iff3dbcb0f1b4d2373570e184e636a71553cea708
|
|
|
|
|
|
The ComputeHCI role is meant to be a copy of the Compute role
except it hosts CephOSD and uses StorageMgmt.
Change-Id: Ic8fc5e672361a652ef19199a941c87247ca6925d
|
|
|
|
Change-Id: I521e89994e9be6efd335c5809810d9188dc1742f
Closes-Bug: #1684908
|
|
This is part of a larger series that changes the interface used
for configuring which containers are used. This needs CI and
possibly quickstart updates to use this environment file so CI
will continue to pass.
Change-Id: I125137ba45f608cf84ea0a7146edd744a549d23b
Co-Authored-By: Dan Prince <dprince@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We use ping -w <deadline> -c <count>. This will ping every second until
<count> replies are received, or <deadline> is reached, or a network error occurs.
With the current retry logic a network error will result in a short tight loop
instead of waiting for the network to come up.
This change reduces the deadline to 10s, but sleeps 60s between retries.
Change-Id: Ib00cff6f843c04a00737b40e3ef3d1560d6e6d2d
Related-bug: #1680167
|
|
|
|
|
|
This is necessary for accessing the bind mounted hieradata in the
container in order to determine if the node is the primary node.
With the new validation added to yaml-validate.py, we could spot
potential issues in sahara-api and keystone bootstrap tasks.
The keystone one is a false positive, as the image defaults to the root
user in order to be able to run apache. Still, it is better to be
consistent here and specify the root user nonetheless.
Change-Id: Ib0ff9748d5406f507261e506c19b96750b10e846
Closes-Bug: #1697917
|
|
Change-Id: I6a53a56c534f24cb514d8aeb8cec3d7865b93448
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: Id2df144b678769def204961236624091d4e5c457
|
|
Mounting host volumes when running containers via puppet_config already
works and is supported with docker-puppet.py. However, the validation in
yaml-validate.py does not allow it. This patch makes it allowed by the
validation.
It is sometimes necessary since some puppet modules expect to make
persistent file system changes other than just configuration data under
/etc.
In particular, ironic inspector expects to configure a http and tftp
root director with an ipxe configuration. See:
https://github.com/openstack/puppet-ironic/blob/master/manifests/inspector.pp
These changes would be lost if the value for those directories are not
mounted as host volumes.
Change-Id: Ie51c653f4c666fbaaef0ea80990e2e61f4b1353b
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The Cisco Nexus-UCSM environment relies on OVS for the communication
with compute nodes. This is a partial revert of
I4c98008107568b3b65decd7640e25c7d2b1ea9ff.
Change-Id: I453d4bc83314a76fd779884fb2f8cd1731d2bcaa
Related-Bug: #1687597
|
|
Upgrades are broken because this was missed from
I36a642fbc2076ad9e4a10ffc56d6d16f3ed6f27a and
Ia619ab935c66081769e69c53d1ca41925d86abbb
Change-Id: I96590e2219df64b94dfecd91d5e25231fc7e514b
Related-Bug: #1700755
|
|
The checksum is changing each run because the mtime is different, so force
a specific date such that we only compare the directory contents.
Change-Id: I5ed2b50176f902d7af12b96e650b67b736d59a4a
|
|
When we re-execute an upgrade and the crontab has already been
removed, the crontab removal returns 1, saying "no crontab for
ceilometer", and the upgrade fails. This change makes the removal
idempotent.
Change-Id: Ic955fb67bb2f7afde44291f7db3293c88f167566
Closes-Bug: #1701250
|
|
Change-Id: I4308032891f0f9f5e93159f4a7ca29dada5850be
|
|
|
|
The stat resources weren't executed in step2, and Ansible failed on
them being undefined.
Change-Id: I93621dd80d97be597eff6b8913ae9d7b2810f837
Closes-Bug: #1701221
|
|
This has been omitted in Ocata image, so we need to install this in
O->P upgrade again. Change Ic8ce72133c47a4c90d581a0925213877b11a471e
adds it to the image, so that we can stop installing it on P->Q
upgrade, and start using it for minor updates too.
Change-Id: I893792e8d82c716b2f3e7b8878b25ba89ea724f1
Co-Authored-By: Marius Cornea <mcornea@redhat.com>
Partial-Bug: #1701208
|
|
This exposes the nova server IDs for each role, and the bootstrap node
so that we can add this data to the tripleo dynamic ansible inventory
Change-Id: I2fc48eec77210805c0139fa4abcbf4dd721e7c37
|
|
|
|
|
|
Change-Id: I4bc74ccfa9bd143b203dd9ad97dacddf56949727
Partial-Bug: 1700664
|
|
The Qdr service appears to have hijacked these parameters for its
own use. I don't think it should have done that in the first place,
but at least the parameter descriptions need to be kept consistent
with the other services.
Partial-Bug: 1700664
Change-Id: I6d9a075a99f33e9deacaf5b10a6ea7b0a234b942
|
|
Also fix one instance of ManagementIpSubnet that was missing a
description.
Change-Id: I7c5b31d9ef464cefee1dd6ae7ebb9c017cbbd894
Partial-Bug: 1700664
|
|
Lets just run the ceilometer upgrade once in central agent container
Change-Id: If5e5ca6122f8583c6221bc6b343e483e41f04d29
Closes-bug: #1700056
|
|
This is needed for TLS everywhere.
Change-Id: Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3
Depends-On: I426bfdb9e6c852eb32d10a12e521bb8b47701c41
|
|
If you want debug logging you can set the new DockerPuppetDebug
heat parameter to 'True'.
Change-Id: Iae7bb67379351ea15d61c331867d7005f07ba98e
Closes-bug: 1700570
|
|
This generates tons of unnecessary events when gnocchi uses swift backend.
We end up filtering most of these anyway. So lets disable this so it
doesn't put useless load. Also changing the default project to service as
thats what gnocchi uses to authenticate with swift.
Closes-bug: #1693339
Change-Id: I40f47d46fdb06f31a739b590bf653bca71e33f61
|
|
Swift object replication relies on the rsync server, which is run by
xinetd. This patch adds the missing container and configuration. Note
that xinetd needs bind to a privileged port (873) and has to be started
as root therefore.
Change-Id: I7655c9dd116c0130035d8a2fae81148171ae6448
|
|
This commit consistently defines a heat template parameter in the form
of DockerXXXConfigImage where XXX represents the name of the
config_volume that is used by docker-puppet.
The goal is to mitigate hard to debug errors where the templates would
set different defaults for the image docker-puppet.py uses to run, for
the same config_volume name.
This fixes a couple of inconsistencies on the way.
Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b
Closes-Bug: #1699791
|