aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-10Merge "Remove yaql call when building logging_groups"Jenkins1-7/+4
2017-04-10Merge "sensu: fix upgrade case when service is added"Jenkins1-1/+1
2017-04-10Merge "Timeout early on pcs cluster status check0 during upgrade."Jenkins1-0/+2
2017-04-10Remove yaql call when building logging_groupsThomas Herve1-7/+4
yaql calls are fairly expensive. Let's try to not nest them when we can avoid it. Change-Id: I5e7dbc42be625bbfe7989867794a67ebae08687d
2017-04-07Merge "Avoid awk error in hosts-config.sh for large deployments"Jenkins1-8/+10
2017-04-07Merge "Prepare 7.0.0.0b1 (pike-1)"Jenkins1-2/+2
2017-04-07Merge "Update ceph-rgw acccepted roles to fix OSP upgrade"Jenkins1-1/+1
2017-04-07Prepare 7.0.0.0b1 (pike-1)Emilien Macchi1-2/+2
Change-Id: I93de22a4aa2d90966c24349e765475576947f2e0
2017-04-07Merge "Add Docker service to all roles"Jenkins3-0/+10
2017-04-07sensu: fix upgrade case when service is addedEmilien Macchi1-1/+1
When service is added during an upgrade, fix the ansible syntax to use the right variable for return code. Change-Id: I974699fb8b0dcbe5ffa6935c394df4ac8e7b21d4
2017-04-07Timeout early on pcs cluster status check0 during upgrade.Sofer Athlan-Guyot1-0/+2
There is a windows for the pcs cluster status to hang forever[1]. We add a timeout during check0 to avoid this situation. 2 minutes should be more than enought to get all the pcsd nodes to reply. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1292858 Closes-Bug: #1680477 Change-Id: Icb3dc76e031a3d4f26294f37d169f2f61d30973e
2017-04-07Merge "Add password to authtoken section in congress.conf"Jenkins1-0/+1
2017-04-07Merge "Add support for "neutron" Ironic networking plugin"Jenkins2-0/+30
2017-04-07Add Docker service to all rolesJiri Stransky3-0/+10
This will add the Docker service to all roles. Note that currently by default the Docker service is mapped to OS::Heat::None by default. It will only be deployed if environments/docker.yaml file is included in the deployment. Change-Id: I9d8348b7b6576b94c872781bc89fecb42075cde0 Related-Bug: #1680395
2017-04-07Merge "ovn: Add missing configurations required"Jenkins3-0/+13
2017-04-07Avoid awk error in hosts-config.sh for large deploymentsSteven Hardy1-8/+10
This ports the fixes made to the legacy 51-hosts script, which this script is derived from, to tht. See related t-i-e patch Ibe0a9f6ec10d55750e3b0e16301236141f988d69 Change-Id: Ide922af93a5d185bd592e220327326f1d244c4e2 Closes-Bug: #1674732
2017-04-07Add password to authtoken section in congress.confTomofumi Hayashi1-0/+1
Current puppet module miss password section hence congress is not available due to missing password in congress.conf. This fix is to add password. Change-Id: I277c03ca93130a0337d5085f09c375fb0ac9331d Signed-off-by: Tomofumi Hayashi <s1061123@gmail.com>
2017-04-07Merge "Fix conntrack proto sctp module"Jenkins1-1/+1
2017-04-06Merge "Adds Horizon secure cookie map."Jenkins1-0/+5
2017-04-06Merge "Fixing acronym for BGPVPN composable service"Jenkins3-3/+3
2017-04-06Merge "Add trigger to setup a LDAP backend as keystone domaine"Jenkins3-0/+50
2017-04-06Merge "Adds service for managing securetty"Jenkins7-0/+69
2017-04-06Merge "Use the local collector to bootstrap deployed servers"Jenkins2-15/+24
2017-04-06Fix conntrack proto sctp moduleAlex Schultz1-1/+1
ip_conntrack_proto_sctp is the old name for the module and it is now nf_conntrack_proto_sctp. In order for the kmod module to not keep trying to modprobe the module, we need to use the correct name. Change-Id: Ieaed235e71e9e6e41a46d9be0e02beb8f4341b1a Closes-Bug: #1680579
2017-04-06Merge "Disable ceilometer API"Jenkins5-7/+11
2017-04-06Merge "Use kolla api to set ownership"Jenkins2-21/+10
2017-04-06Merge "Don't disable satellite repo after registration"Jenkins2-1/+6
2017-04-06Adds service for managing securettylhinds7-0/+69
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7 Partial-Bug: #1665042 Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
2017-04-06Merge "docker-puppet.py fail if any worker fails"Jenkins1-1/+10
2017-04-06Merge "Add manual ovs upgrade script for workaround ovs upgrade issue"Jenkins5-26/+112
2017-04-06Merge "Enforce upgrade_batch_tasks before upgrade_tasks order"Jenkins1-19/+12
2017-04-06Merge "add configurable timeouts for DB sync"Jenkins3-0/+14
2017-04-06Merge "Remove "Core" Service from the CI Environment file"Jenkins1-2/+0
2017-04-06Merge "Add network sysctl tweaks for security"Jenkins3-0/+46
2017-04-06Merge "Add monitoring agents deployment to CI"Jenkins2-0/+7
2017-04-06Merge "Ensure upgrade step orchestration accross roles."Jenkins1-8/+6
2017-04-06ovn: Add missing configurations requiredNuman Siddique3-0/+13
This patch adds - setting nova config param 'force_config_meta' to True as metadata service is not supported by OVN yet. - Add the necessary iptables rules to allow ovsdb-server traffic for Northbound and Southboud databases. - Update the release notes for OVN. Change-Id: If1a2d07d66e493781b74aab2fc9b76a6d58f3842 Closes-bug: #1670562
2017-04-06Add trigger to setup a LDAP backend as keystone domaineCyril Lopez3-0/+50
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo who will call a define in puppet-keysone ldap_backend.pp. Given the following environment: parameter_defaults: KeystoneLDAPDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. This also enables multi-domain support for horizon. Closes-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643 Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2017-04-06Remove "Core" Service from the CI Environment fileSaravanan KR1-2/+0
OS::TripleO::Services::Core is still referenced in the CI roles enviornment file. Because of which CI is failing when service template is modified. Removing the obsolete service. Closes-Bug: #1680043 Change-Id: I168452fa5c2e6d6d8fdf829b9b02996d9ca5532a
2017-04-06Merge "Add logging agents deployment to CI"Jenkins2-0/+10
2017-04-06Merge "Add parameters for internal TLS for swift proxy"Jenkins1-2/+31
2017-04-05Merge "Ironic containers: chown /var/lib/ironic correctly"Jenkins1-4/+1
2017-04-05add configurable timeouts for DB syncMike Bayer3-0/+14
This patch integrates with the db_sync_timeout parameter recently added to puppet-nova and puppet-neutron in I6b30a4d9e3ca25d9a473e4eb614a8769fa4567e7, which allow for the full db_sync install to have more time than just Pupppet's default of 300 seconds. Ultimately, similar timeouts can be added for all other projects that feature db sync phases, however Nova and Neutron are currently the ones that are known to time out in some environments. Closes-bug: #1661100 Change-Id: Ic47439a0a774e3d74e844d43b58956da8d1887da
2017-04-05Ironic containers: chown /var/lib/ironic correctlyDan Prince1-4/+1
This updates the docker version of ironic-conductor.yaml so that it sets permissions on the entire /var/lib/ironic tree correctly. Since 1a4ece16cea40075fe7332ed048b9c289b3ff424 we bind mount in /var/lib/ironic from the host (created via Ansible if it didn't already exist). This caused a subtle permissions issue in that the Ironic conductor service can no longer create sub-directories it needs to operate. Change-Id: I1eb6b5ddad7cd89ee887e2e429ebe245aa7b80dc Closes-bug: 1677086
2017-04-05Merge "Add l2gw neutron service plugin support"Jenkins6-0/+84
2017-04-05Merge "Addition of firewall rules for Nuage"Jenkins3-7/+11
2017-04-05Merge "Disable core dump for setuid programs"Jenkins2-0/+14
2017-04-05Fixing acronym for BGPVPN composable serviceRicardo Noriega3-3/+3
Change-Id: I397a6ad430cef5ddb4eee48347ad4c89144ad01e Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-04-05Use kolla api to set ownershipMartin André2-21/+10
Kolla provides a way to set ownership of files and directory inside the containers. Use it instead of running an additional container to do the job. Change-Id: I554faf7c797f3997dd3ca854da032437acecf490
2017-04-05Add parameters for internal TLS for swift proxyJuan Antonio Osorio Robles1-2/+31
This adds the necessary parameter for swift proxy to be terminiated internally by a TLS proxy. bp tls-via-certmonger Change-Id: I3cb9d53d75f982068f1025729c1793efaee87380 Depends-On: I6e7193cc5b4bb7e56cc89e0a293c91b0d391c68e