aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-06-14Fix race conditions between containersJiri Stransky19-48/+43
In many occasions we had log directory initialization containers without `detach: false`, which didn't guarantee that they'll finish before the container depending on them will start using the log directory. This is now fixed by moving the initialization container one global step earlier, so that we can keep the concurrency when creating the log dirs. (Using `detach: false` makes paunch handle just one container at a time, and as such it can have negative performance impact.) For services which have their container(s) starting in step_1, initialization cannot be moved to an earlier step, so the solution here was to just add `detach: false`. As a minor related change, cinder DB sync container now mounts the log directory from host to put cinder-manage.log into the expected location. Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
2017-06-14Merge "Docker services for Cinder Backup"Jenkins2-0/+133
2017-06-14Remove reference too puppet/services/ironic-pxe.yamlDerek Higgins1-1/+0
The file doesn't exist. The pxe setup is part of puppet/services/ironic-conductor.yaml Change-Id: I3a6f038ed69ea44f0594064b6f9657ff1b72e1bb Closes-Bug: #1697927
2017-06-14Merge "Add fqdn_external"Jenkins6-0/+6
2017-06-14Merge "Generate HAproxy iptables rules for containerized HA deployments"Jenkins1-10/+13
2017-06-14Merge "Replace NO_ARCHIVE block with single call to rsync"Jenkins1-27/+13
2017-06-14Merge "Docker services for Cinder Api and Scheduler"Jenkins3-0/+278
2017-06-14Fix network names when using network isolationMichele Baldessari1-1/+1
When we merged If3989f24f077738845d2edbee405bd9198e7b7db we correctly used name_lower for most things but we left out the the OS::TripleO::Network resource which would cause errors like the following: Could not fetch contents for file:///tmp/tripleoclient-LdqQGJ/tripleo-heat-templates/network/internalapi.yaml The reason is that the network filename is called internal_api.yaml. Change-Id: I40f268668ed948e5d41ed0ff5a8fc954cef7b17c Closes-Bug: #1697883
2017-06-14Enable heat/puppet to manage the fernet keys and make it configurableJuan Antonio Osorio Robles2-1/+15
With the addition of the KeystoneFernetKeys parameter, it's now possible to do fernet key rotations using mistral, by modifying the KeystoneFernetKeys variable in mistral; subsequently a rotation could happen when doing a stack update. So this re-enables the managing of the key files by puppet. However, this is left configurable, as folks might want to manage those files out-of-band. bp keystone-fernet-rotation Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
2017-06-14Use KeystoneFernetKeys instead of individual parametersJuan Antonio Osorio Robles2-7/+29
This uses the newly introduced dict with the keys and paths instead of the individual keys. Having the advantage that rotation will be possible on stack update, as we no longer have a limit on how many keys we can pass (as we did with the individual parameters). bp keystone-fernet-rotation Change-Id: I7d224595b731d9f3390fce5a9d002282b2b4b8f2 Depends-On: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
2017-06-14Merge "Add support for Cinder "NAS secure" driver params"Jenkins3-0/+29
2017-06-14Replace NO_ARCHIVE block with single call to rsyncSteve Baker1-27/+13
Also attempts to move the workaround for bug #1696283 to before the puppet apply call. Closes-Bug: #1696622 Change-Id: I3a195466a5039e7641e843c11e5436440bfc5a01
2017-06-14Merge "Execute Swift ring up-/download in containerized environments"Jenkins1-2/+13
2017-06-14Merge "Containerize Sahara"Jenkins3-0/+232
2017-06-14Merge "Containerized Sensu client"Jenkins2-0/+134
2017-06-14Merge "Containerize multipathd"Jenkins2-0/+90
2017-06-14Merge "Move iscsid to a container"Jenkins10-0/+120
2017-06-13Merge "Change HorizonSecureCookies default to False"Jenkins2-1/+2
2017-06-13Containerize Ceilometer Agent IpmiPradeep Kilambi5-0/+117
Depends-On: I3e865f2e9b6935eb3dfa4b4579c803f0127848ae Change-Id: I09327a63d238a130b6ac0f2361f80e2b244b4b52
2017-06-13Merge "Add support to configure Num of Storage sacks"Jenkins2-1/+12
2017-06-13Merge "Fix IronicInspectorAdmin to be https"Jenkins1-2/+2
2017-06-13Merge "Make network-isolation environment rendered for all roles"Jenkins14-59/+97
2017-06-13Merge "Fix bug in docker-toool where values are sometimes empty."Jenkins1-0/+3
2017-06-13Merge "Configure credentials for ironic to access cinder"Jenkins1-0/+6
2017-06-13Add fqdn_externalAlex Schultz6-0/+6
In newton, we used to construct the fqdn_$NETWORK in puppet-tripleo for external, internal_api, storage, storage_mgmt, tenant, management, and ctrlplane. When this was moved into THT, we accidently dropped external which leads to deployment failures if a service is moved to the external network and the configuration consumes the fqdn_external hiera key. Specifically this is reproduced if the MysqlNetwork is switch to to exernal, then the deployment fails because the bind address which is set to use fqdn_external is blank. Change-Id: I01ad0c14cb3dc38aad7528345c928b86628433c1 Closes-Bug: #1697722
2017-06-13Configuration for containerized MySQL clientsDamien Ciabrini2-0/+67
This service generates the /etc/my.cnf.d/tripleo.cnf file which is being used to configured MySQL clients (e.g. client bind address, client SSL configuration...) We generate the config file in this service and let containerized MySQL clients mount /var/lib/config-data/mysql_client/etc/my.cnf.d/tripleo.cnf it in their own container. This way, when this MySQLClient service is updated, the other containers will automatically pick the updated configuration at next restart. Partial-Bug: #1692317 Change-Id: Idc56d27fb9645ad3b07df8ef08b7e2ce29e6d499
2017-06-13Add Nova Vncproxy service to containerized deploymentSven Anderson2-0/+109
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481 Change-Id: Ifd138ea553a45a637a1a9fe3d0e946f8be51e119
2017-06-13Add Nova Consoleauth service to containerized deploymentSven Anderson2-0/+109
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481 Change-Id: I808a5513decab1bd2cce949d05fd1acb17612a42
2017-06-13Bind mount internal CA file to all containersJuan Antonio Osorio Robles1-12/+57
This will allow the services running in the containers to trust the CA. bp tls-via-certmonger-containers Change-Id: Ib7eb682da64473a651b34243c92ab76009964aba
2017-06-13Merge "Unblock CI by reverting to non-containerized HAProxy"Jenkins1-1/+0
2017-06-13Merge "Remove deprecated multinode-container-upgrade.yaml"Jenkins1-70/+0
2017-06-13Conditional LVM storage setup for cinder-volumeJiri Stransky1-2/+6
Set up the LVM storage only if we're using iSCSI backend. Change-Id: I62e8f9cc38b201aebd1799e05ffc1398d13a9aa0
2017-06-13Make network-isolation environment rendered for all rolesSteven Hardy14-59/+97
Currently there's some hard-coded references to roles here, rendering from the roles_data.yaml is a step towards making the use of isolated networks for custom roles easier. Partial-Bug: #1633090 Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db
2017-06-13Unblock CI by reverting to non-containerized HAProxyJiri Stransky1-1/+0
In change I90253412a5e2cd8e56e74cce3548064c06d022b1 we merged containerized HAProxy setup, but because of a typo in resource registry, CI kept using the non-containerized variant and it went unnoticed that the containerized HAProxy doesn't work yet. We merged a resource registry fix in Ibcbacff16c3561b75e29b48270d60b60c1eb1083 and it brought down the CI, which now used the non-working HAProxy. After putting in the missing haproxy container image to tripleo-common in I41c1064bbf5f26c8819de6d241dd0903add1bbaa we got further, but the CI still fails on HAProxy related problem, so we should revert back to using non-containerized HAProxy for the time being. Change-Id: If73bf28288de10812f430619115814494618860f Closes-Bug: #1697645
2017-06-13Modify PreNetworkConfig config inline with role-specific parametersSaravanan KR13-20/+159
Existing host_config_and_reboot.role.j2.yaml is done in ocata to configure kernel args. This can be enhanced with use of role-specific parameters, which is done in the current patch. The earlier method is deprecated and will be removed in Q releae. Implements: blueprint ovs-2-6-dpdk Change-Id: Ib864f065527167a49a0f60812d7ad4ad12c836d1
2017-06-12Add support to configure Num of Storage sacksPradeep Kilambi2-1/+12
Gnocchi 4 supports storage sacks during upgrade. lets make this configurable if we want to use more metricd workers. Change-Id: Ibb2ee885e59d43c1ae20887ec1026786d58c6b9e
2017-06-12Merge "Fix typo in haproxy docker mapping"Jenkins1-1/+1
2017-06-12Merge "Moving *postconfig where it was *postpuppet"Jenkins3-26/+36
2017-06-12Fix IronicInspectorAdmin to be httpsAlex Schultz1-2/+2
As noted in the original patch review I5e743f789ab7dd731bc7ad26226a92a4e71f95a1 the IronicInspectorAdmin should be https. Change-Id: I6e37427da679775f02ff0c5fe55cfee51c122e3d
2017-06-12Add nested sample environments for inject-trust-anchorBen Nemec8-1/+159
Fix a bug that prevented these working. A unit test and documentation for the nested environment functionality is also included. Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
2017-06-12Add storage sample environmentsBen Nemec13-16/+503
Starts converting storage-related sample environments to the tool, and adds a few new ones for demonstration purposes. This has required the addition of a new category of parameter overrides in the tool. There are some parameters that are part of the public API of roles that should not normally be included in a sample environment for that role. Examples are EndpointMap and ServiceNetMap. Those are both passed into most (all?) roles, but their template defaults are not useful (both default to {}). Unless we are explicitly creating a sample environment that overrides those defaults we don't want them included. Parameters such as RoleName and RoleParameters are similar. We can't change them because they are part of the composable roles interface and that would break any existing custom roles, but we don't really want them included normally either. It's possible these could be made completely private, but there have been some very preliminary discussions about generating role samples that might actually want to set them. In order to avoid issues with editing the unit test file in editors that strip trailing whitespace, the minor formatting bug where params like EndpointMap had a trailing space after the name has also been fixed. Change-Id: If11f30c734bfbc17d463a9890c736d7477186fb9
2017-06-12Add neutron-midonet sample environmentBen Nemec3-0/+102
Change-Id: I34d3a9356b119d549acd6fe4f0c8713b0bfa5957
2017-06-12Support config dir for env generator input filesBen Nemec13-14/+900
We're not going to want to list every single sample environment in a single file, so let's also take a directory and just read every yaml file in it. This commit adds support for that as well as some initial environments to demonstrate its use. Change-Id: If2c608f2a61fc5e16784ab594d23f1fa335e1d3c
2017-06-12Sample environment generatorBen Nemec11-0/+808
This is a tool to automate the generation of our sample environment files. It takes a yaml file as input, and based on the environments defined in that file generates a number of sample environment files from the parameters in the Heat templates. A tox genconfig target is added that mirrors how the other OpenStack services generate their sample config files. A description of the available options for the input file is provided in a README file in the sample-env-generator directory. In this commit only a single sample config is provided as a basic example of how the tool works, but subsequent commits will add more generated sample configs. Change-Id: I855f33a61bba5337d844555a7c41b633b3327f7a bp: environment-generator
2017-06-12Merge "Providing parameters specific to a workflow via plan-environment"Jenkins3-0/+61
2017-06-12Merge "Remove pip install paunch"Jenkins1-4/+0
2017-06-12Merge "Fix containerized SwiftRawDisks usage"Jenkins1-1/+22
2017-06-12Merge "Containerize Manila API service"Jenkins2-0/+114
2017-06-12Moving *postconfig where it was *postpuppetCarlos Camacho3-26/+36
We need to ensure that the pacemaker cluster restarts in the end of the deployment. Due to the resources renaming we added the postconfig resource not in the end of the deployment as it was *postpuppet. Closes-bug: 1695904 Change-Id: Ic6978fcff591635223b354831cd6cbe0802316cf
2017-06-12Containerize Manila Scheduler serviceVictoria Martinez de la Cruz2-0/+106
Change-Id: Ifa8d023acdc42c9ae9a4b2f7652177e6ccb9f649 Depends-On: If44e958a9aa989e44c8c39e50715e92a4257bf1a Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Dan Prince <dprince@redhat.com> Partial-Bug: #1668922