Age | Commit message (Collapse) | Author | Files | Lines |
|
We don't need all the steps currently enabled for either batched
or concurrent updates, so decrease them. In future we can perhaps
introspect the task tags during plan creation and set these
dynamically.
Change-Id: I0358886a332dfbecd03bc4a67086b08d25756c22
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
We should enable each kind of upgrade per role, not per step
so rework the conditions, and also only apply it to the deployment
(to save the round-trip to the nodes applying an empty config)
but don't disable the *Config resources as the overhead of these
is small, and we reference the Step1 config in the outputs, even
if it's empty.
Change-Id: Iee2f1fb5b1d8b0b6001c6ab0f2a4ef2858cef281
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
Where the role has disabled upgrades, we need to skip both the ansible and
puppet steps. To do this we refactor the post.j2.yaml so that it can be
included in the upgrade template with an adjusted list of roles.
Note this requires https://review.openstack.org/#/c/425220/ - this
change will be required for local testing of this patch
(run mistral-db-mange populate after updating tripleo-common
and restart the mistral services, or update your repos and re-run
openstack undercloud install).
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: Ie7d0fa6fef3528bd93e6cde076b964ea8de3185a
|
|
This patch seeks to add futher security functions present within
tripleo for the ocata release.
Change-Id: Ie89b85589c2dfd3580de75253b73009b5d06c9f2
|
|
templates"
|
|
|
|
We're running TripleO CI jobs outside TripleO projects (nova, gnocchi,
etc), folks need more debug to be helpful.
Change-Id: I512ad89d9ac82ae62f9cbe7d0029fb1ac7445cc9
|
|
Change-Id: Ib9e1a4ccdf447455a330687184eae471b9f3f4d4
Depends-On: I2b48d23006e38f56f04456b4556374bf0fcdb14a
|
|
This change fixes the item variable notation in
puppet/services/ceph-osd.yaml.
Change-Id: I4d105619e4ac913b4a711bf91fea5f6e3c9b4caa
Closes-Bug: 1661339
|
|
This patch renames certain ovn plugin and controller configuration
parameters as well as adds some additional ml2 configuration parameters.
It also disables the need for the neutron metadata agent.
Co-authored-by: Numan Siddique <nusiddiq@redhat.com>
Change-Id: Idc9e7ef4a1b88013bca3eac3c136e4710e38a5c0
|
|
|
|
This review adds the pacemaker ansible upgrade steps
into the pacemaker service manifest.
It makes use of the ansible-pacemaker module which for now
is at https://github.com/redhat-openstack/ansible-pacemaker
Change-Id: I33c798a198046d5f66e6b20f86080a8187dc208b
|
|
|
|
|
|
|
|
|
|
Currently we are applying this validation for the services templates, this
submission moves it to run with all templates.
Also fixed those templates not using the alias name.
Change-Id: I3a2c0ce6adcc8061fdc51f73fdc6b9748c0fead9
|
|
This parameter has been removed in neutron from the sriov conf
file, in Ocata. Removing the parameter from tripleo.
Closes-Bug: #1660929
Change-Id: Icd8a1f6c9049434fd86ceeb24881e1ed49f2bb17
|
|
|
|
|
|
|
|
|
|
This will hopefully help developers know what to do if their patch fails
this verification.
Change-Id: I01fe9ca30295c6264affdbdb773b039a744289ea
|
|
Change-Id: I72aa48c72c825151739cb478c58e9a6c841c9130
|
|
This adds an entry for libvirt (which is used by the VNC server) on
which we can tell it via t-h-t on which IP address to listen on.
Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b
Related-Bug: #1660099
|
|
novajoin will do this once it's enabled in CI.
Change-Id: I9f19d833f306930704b09de0c4d425461f1f3f63
|
|
This needs to be run by puppet or ansible runs it as root and the
later run by puppet fails due to permissions on the logfile.
Probably we need to remove the *sync calls for most services to
avoid similar issues, now that we're running puppet as part of the
pre-converge upgrade process but that will be done in another patch.
Change-Id: I808db2c175325a25058226842684558ea06fb5c5
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
We are not running syntax and lint jobs in THT for master & newton,
let's remove useless files.
Change-Id: Ia572a0eb8872ab199bc68a51750dfc17ca5ee034
|
|
Recently puppet4 started deprecating ruby 2.0 with the following
commit: https://github.com/puppetlabs/puppet/commit/e9eda7ed56fddcf185fc155d7e0ae054ea327504
One way to work-around this (in the absence of a more recent ruby
version) is to not treat this deprecation warnings as fatal when
doing the puppet syntax check
Change-Id: Id49c5068ab4609e3da0417af4714e8cb8485f3d1
Closes-Bug: #1660943
|
|
So, if RabbitClientUseSSL is set, this will enable TLS for the
swift's ceilometer message broker connection.
Change-Id: Ide70a509aefc9e7eb9d7cc5b3a60520fa42b4010
Depends-On: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
|
|
|
|
|
|
|
|
The multinode_major_upgrade scenario is using an external
directory for net-config.
Moving this to the internal directory in tht common/
Change-Id: I41692d2ddb9fbd2002fd7910933ab4edff74f33e
|
|
|
|
Initial service definition files for Octavia backend services.
Change-Id: I1ae2bc0387dff5218f731f1860277dc1ad2b9528
Partially-implements: blueprint octavia-service-integration
Depends-On: Ic6f945cdf36744382a4a63fcc374d5562964ca68
Depends-On: I1dd1873b646e8569ed0a85c5ee7eb3bec3a8b1fa
|
|
This is meant to describe in the UI how to use the
manila-cephfsnative-config environment file to deploy Manila with
Ceph as backend using either a TripleO managed or an externally
managed Ceph cluster.
Also adds a puppet-ceph.yaml environment file meant to enable the
deployment of a Ceph cluster, given that storage-environment.yaml
is meant to be customized by the user instead.
Change-Id: Iefd7056a9bc079025e6ac4dd50edcd2e2635e1b0
|
|
|
|
This patch rewires how we configure the Kolla external config files
via Heat templates and uses a more simple json-file heat hook to
directly write out Kolla config files to disk.
By using a heat hook instead of a shell script we can avoid
Json conversion issues. Additionally, This generic json file hook will
be useful for other ad-hoc Json file configuration within the TripleO
docker architecture.
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I8c72a4a9a7022f722bfe1cef3e18517605720cce
Depends-On: I2b372ac2e291339e436202c9fe58a681ed6a743f
Depends-On: Id3f779b11e23fd3122ef29b7ccbae116667d4520
|
|
|
|
|
|
Continue the work done on https://review.openstack.org/#/c/423302/
Change-Id: I931534e0ec33e131809186f74068eb479d38a0f9
|
|
|
|
|
|
If TLS in the internal network is enabled, we run neutron-server
behind a TLS proxy (which is actually httpd's mod_proxy). This passes
the necessary hieradata.
bp tls-via-certmonger
Depends-On: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e
Change-Id: I9252512dbf9cf2e3eec50c41bf10629d36070bbd
|
|
Full credits to James Slagle, author of this code in TripleO CI:
https://review.openstack.org/#/c/409346
This patch adds a new template for configuring networking on the
Overcloud nodes using os-net-config in multinode jobs. Previously we
were not using os-net-config at all.
Also updates the multinode.yaml environment to use this network config
template.
The IP of each subnode is used when the vxlan tunnels are configured in
OVS, given that, each node needs its own unique network configuration.
To accomodate that, the templates makes use of the network_config_hook
function to influence run-os-net-config.sh
This patch is just the first step to totally switching to os-net-config
in multinode jobs. The devstack-gate code is still in use to bootstrap
the initial networking on the undercloud and subnodes. That will be
switched over in subsequent patches.
Change-Id: I6efa71eb23109d0b3b480061135c572ab89f5981
Co-Authorized-By: James Slagle <jslagle@redhat.com>
Implements: blueprint multinode-ci-os-net-config
|
|
This replicates the behavior of the custom Jinja2 loader from tripleo-common to
allow template validation on the local filesystem using tox.
Change-Id: I27683ab31187c6334dc5b4b5363a3347874b9a90
Partially-Implements: blueprint overcloud-upgrades-per-service
Depends-On: Idc5c3f49c7a2fc7f3622c76da001992cc657384e
|
|
This patch allows the management of the AuditD service and its associated
files (such as `audit.rules`)
This is achieved by means of the `puppet-auditd` puppet module.
Also places ssh banner capabilities map on top of patch
Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d
Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
|
|
|
|
|