aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-06-09Merge "Write md5sum for service config directories"Jenkins2-3/+59
2017-06-09Merge "Make container names consistent"Jenkins18-41/+41
2017-06-09Merge "Configure crl file for HAProxy"Jenkins1-0/+6
2017-06-09Merge "Configure CRL URI if TLS in the internal network is enabled"Jenkins1-0/+17
2017-06-09Merge "Containerize Tacker Services"Jenkins2-0/+136
2017-06-09Merge "Containerize Congress API service"Jenkins2-0/+137
2017-06-09Merge "Role Specific parameter for nova-compute service"Jenkins1-3/+23
2017-06-09Make container names consistentMartin André18-41/+41
This commit change the container names to consistently use the `_` char as a word separator and make the kolla external config file match the container name to make operators' life easier. Change-Id: Ibac9d76dde474b94c3cb86031ead0fd0327e126f
2017-06-09Merge "Modify libvirtd container command line when TLS is enabled"Jenkins1-1/+25
2017-06-09Merge "Run the nova-compute container as the nova user"Jenkins1-1/+1
2017-06-08Fix bug in docker-toool where values are sometimes empty.Ian Main1-0/+3
I was getting empty volumes from the json and it was creating bad docker command lines. Change-Id: Ie90fc1afa5711d6b029e98d621507b9cb70c1dbe
2017-06-08Change HorizonSecureCookies default to FalseBen Nemec2-1/+2
HorizonSecureCookies is incompatible with non-ssl deployments, which is our default deployment method. When SSL is in use, it can be turned on in the enable-tls.yaml file. This does mean that existing users won't automatically get this feature turned on as part of their upgrade because enable-tls.yaml is an environment that is intended to be copied and edited, but it's simple to add the parameter to the file for users who want that behavior after they upgrade to a version where it is available. Change-Id: If83d3d8709fc4e0c09569e8bf524721d332bf560 Closes-Bug: 1696861
2017-06-08Merge "Containerize Horizon"Jenkins2-0/+129
2017-06-08Run the nova-compute container as the nova userOliver Walsh1-1/+1
Change-Id: Ie6469d2fd2119952669f5c9fdaa41fb273185973 Depends-On: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6 Closes-bug: #1693844
2017-06-08Merge "Use Deployment actions for blacklist"Jenkins6-29/+121
2017-06-08Merge "Standardize example role definitions"Jenkins16-187/+898
2017-06-08Containerized collectdMatthias Runge2-0/+96
Change-Id: I05126a108f5ab790e729d1f98399dca5801ebd69
2017-06-08Write md5sum for service config directoriesSteven Hardy2-3/+59
The configuration generated by docker-puppet may change on update, so checksum the combined files from the config-data directories, to enable detecting those that have changed and restarting the appropriate containers - we need to merge this checksum into the environment passed to the containters, as this will cause paunch to correctly restart containers when the configuration generated changes, even if the rest of the json definition provided by heat does not. Change-Id: I40d9080cf3ad708ef4ed91e46d2b2ae1138bb9c3
2017-06-08Merge "Add support to configure Num of Storage sacks"Jenkins2-1/+12
2017-06-08Fix typo in haproxy docker mappingMichele Baldessari1-1/+1
It is 'HAproxy' and not 'HAProxy'. This needs fixing so that the proper service is instantiated when a role includes the HAproxy service. Change-Id: Ibcbacff16c3561b75e29b48270d60b60c1eb1083
2017-06-08Merge "Fix the disable expirer to remove crontab"Jenkins2-16/+9
2017-06-08Containerized Sensu clientMartin Mágr2-0/+134
Implements: blueprint container-healthchecks Depends-On: I9ccf1c4c948e6e347eb8e4d947edf77822a601cb Change-Id: Iff7758623974a69e2c043cf611f46ce11c36cc59
2017-06-08Containerize Tacker ServicesPradeep Kilambi2-0/+136
Closes-bug: #1668935 Change-Id: I83a02735eb445e831bc74ec786f2bb42cd2f87d6
2017-06-08Containerize Congress API servicePradeep Kilambi2-0/+137
Closes-bug: #1668929 Change-Id: I051edcf2980bb9c2521e21c410055690c012a0d1
2017-06-08Fix containerized SwiftRawDisks usageChristian Schwede1-1/+22
This patch partitions the defined devices and mounts them on the hostnode. It also disables the mount_check inside Swift because it is currently not possible to detect wether a given directory is a mounted device or not. This is just a workaround until a better solution has been implemented in Swift itself. Change-Id: I6e8e1328d7ffb18bb96ed1a940013dbb8b6b433e
2017-06-08Role Specific parameter for nova-compute serviceSaravanan KR1-3/+23
The parameters NovaVcpuPinSet, NovaReservedHostMemory and NovaPCIPassthrough are modified to support role-specific parameter inputs. Change-Id: I7c11e8fc2c933f424318e457cb1e96acb8df2ec7
2017-06-08Configure crl file for HAProxyJuan Antonio Osorio Robles1-0/+6
This will enable HAProxy to use CRLs for the nodes it's proxying. bp tls-via-certmonger Depends-On: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd Change-Id: I2558113bf83674ce22d99364b63c0c5be446bf77
2017-06-08Configure CRL URI if TLS in the internal network is enabledJuan Antonio Osorio Robles1-0/+17
This uses by default the URL for the CRL provided by FreeIPA (the default CA in TripleO). bp tls-via-certmonger Depends-On: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04 Change-Id: I87001388f300f3decb3b74bc037fff9d3b3ccdc2
2017-06-08Merge "Mount /var/run/libvirt on ceilo agent compute"Jenkins1-0/+1
2017-06-08Merge "Add host logging for redis service template"Jenkins1-3/+14
2017-06-08Modify libvirtd container command line when TLS is enabledOliver Walsh1-1/+25
Libvirtd needs the --listen arg to enable the TLS socket. Change-Id: I535165f0a2634728045491b2a37a56b1891b13fe Resolves-Bug: #1694958
2017-06-07Merge "Don't create networks if neutron is not enabled"Jenkins1-45/+49
2017-06-07Standardize example role definitionsAlex Schultz16-187/+898
As we create new standard roles, we should include them from a single location for ease of use and to reduce the duplication of the role definitions elsewhere. This change adds a roles folder to the THT that can be used with the new roles commands in python-tripleoclient by the end user to generate a roles_data.yaml from a standard set of roles. Depends-On: I326bae5bdee088e03aa89128d253612ef89e5c0c Change-Id: Iad3e9b215c6f21ba761c8360bb7ed531e34520e6 Related-Blueprint: example-custom-role-environments
2017-06-07Mount /var/run/libvirt on ceilo agent computePradeep Kilambi1-0/+1
Without this evidently agent logs IO errors. Change-Id: I3031212c582381ae6b6147a48101bf83a05caa8a
2017-06-07Add host logging for redis service templateSteven Hardy1-3/+14
This got missed in the patch which added host logging for most other services. Change-Id: I0be8a5bce6558ebaf5b4830138d1f6c31aec6394
2017-06-07Containerize Manila API serviceVictoria Martinez de la Cruz2-0/+114
Co-Authored-By: Martin André <m.andre@redhat.com> Partial-Bug: #1668922 Change-Id: I0c98f26b19caf755bbc80bd6a75fc17b5d191ae4
2017-06-07Fix the disable expirer to remove crontabPradeep Kilambi2-16/+9
Instead of doing this via puppet which has the consequence of including the step_config and getting included on the host manifest. Lets disable via ansible upgrade task instead. Change-Id: I5f1a4019dd635dea67db4313bd06a228ae7bacd4
2017-06-07Add support to configure Num of Storage sacksPradeep Kilambi2-1/+12
Gnocchi 4 supports storage sacks during upgrade. lets make this configurable if we want to use more metricd workers. Change-Id: I27390b8babf8c4ef35f4c9b8a2e5be69fb9a54ee
2017-06-07Use Deployment actions for blacklistJames Slagle6-29/+121
Instead of using the Heat condition directly on the Deployment resources, use it to set the action list to an empty list when the server is blacklisted. This has a couple advantages over the previous approach in that the actual resources are not deleted and recreated when servers are added and removed from the blacklist. Recreating the resources can be problematic, as it would then force the Deployments to re-run when a server is removed from the blacklist. That is likely not always desirable, especially in the case of NetworkDeloyment. Additionally, you will still see the resources for a blacklisted server in the stack, just with an empty set of actions. This has the benefit of preserving the history of the previous time the Deployment was triggered. implements blueprint disable-deployments Change-Id: I3d0263a6319ae4871b1ae11383ae838bd2540d36
2017-06-07Merge "Map /etc/ssh/ssh_known_hosts to all containers"Jenkins1-0/+1
2017-06-07Merge "Ensure /etc/ssh/ssh_known_hosts exist in docker config-data."Jenkins1-0/+4
2017-06-07Merge "Ability to enable/disable debug mode per OpenStack service"Jenkins21-27/+235
2017-06-07Merge "Convert puppet and docker steps to ansible"Jenkins8-99/+83
2017-06-07Merge "Stop/disable l3 agent in docker service upgrade_tasks"Jenkins1-0/+5
2017-06-07Don't create networks if neutron is not enabledFlavio Percoco1-45/+49
With the composable undercloud installer, it's possible to disable services. The extraconfig script assumes both, neutron and nova, are installed and fails if they aren't. This patch checks if those services are available before. Change-Id: Idcc2b9809fcfa92649a0a1f45175ce417dc0e608
2017-06-07Map /etc/ssh/ssh_known_hosts to all containersOliver Walsh1-0/+1
This allows any ssh client spawned from a container to validate ssh host key. Change-Id: I86d95848e5f049e8af98107cd7027098d6cdee7c Closes-bug: #1693841
2017-06-07Ensure /etc/ssh/ssh_known_hosts exist in docker config-data.Oliver Walsh1-0/+4
Works around the issue encountered in 1696283. Change-Id: I1947d9d1e3cabc5dfe25ee1af994d684425bdbf7 Resolves-Bug: #1696283
2017-06-07Stop/disable l3 agent in docker service upgrade_tasksSteven Hardy1-0/+5
This service is missing the task to stop/disable the service on the host prior to it being started in a container. Change-Id: I33d70d32c3b55e1f2738441f57c74b007e7bd766 Closes-Bug: #1695017
2017-06-07Ability to enable/disable debug mode per OpenStack serviceEmilien Macchi21-27/+235
Add ServiceDebug parameters for each services that will allow operators to enable/disable Debug for specific services. We keep the Debug parameters for backward compatibility. Operators want to enable Debug everywhere: Debug: true Operators want to disable Debug everywhere: Debug: false Operators want to disable Debug everywhere except Glance: GlanceDebug: true Operators want to enable Debug everywhere except Glance: Debug: true GlanceDebug: false New parameters: AodhDebug, BarbicanDebug, CeilometerDebug, CinderDebug, CongressDebug, GlanceDebug, GnocchiDebug, HeatDebug, HorizonDebug, IronicDebug, KeystoneDebug, ManilaDebug, MistralDebug, NeutronDebug, NovaDebug, OctaviaDebug, PankoDebug, SaharaDebug, TackerDebug, ZaqarDebug. Note: for backward compatibility in Horizon, HorizonDebug is set to false, so we maintain previous behavior. Change-Id: Icbf4a38afcdbd8471d1afc11743df9705451db52 Implement-blueprint: composable-debug Closes-Bug: #1634567
2017-06-07Merge "Updated from global requirements"Jenkins1-1/+1