aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-03-22Remove unused KeystoneRegion parameter from gnocchi-baseJuan Antonio Osorio Robles1-4/+0
This is used in gnocchi-api.yaml and is not needed on the base template. Change-Id: I5ebd27dff3dca7053647a57eb4cdef56d38526c6
2017-03-22Only set EnableConfigPurge on major upgradesSteven Hardy7-9/+13
Bug #1611800 fixed an upgrade issue by enabling purging configs for some services, but this causes issues such as longer updates and restarting services in the minor update case, so only do this for major upgrades, and default to false. Related-Bug: #1611800 Closes-Bug: #1674858 Change-Id: Iff7d715f6730c5633f1146008504b4309ef3133d
2017-03-22Remove useless trailing '\n' in /etc/hosts file.Gael Chamoulaud1-1/+1
In HA deployment mode, we've got some trailing '\n' generated at the beginning of each controller role nodes line in the undercloud /etc/hosts [1]. [1] - http://paste.openstack.org/show/603721/ Closes-Bug: #1674697 Change-Id: Ic38bc2a5df79dadf72025f207e91a38cc0ab0a92 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2017-03-22docker/keystone: Actually set fernet as the default token providerJuan Antonio Osorio Robles1-1/+1
A previous commit [1] added support for fernet in the keystone docker service; however, this was not set as the default token provider. This patch makes it the default. [1] Id92039b3bad9ecda169323e01de7bebae70f2ba0 Change-Id: Ib44ab61eba0be8ba54bc7d0bdb22437d769cb960
2017-03-22docker-puppet: skip empty volume entriesJuan Antonio Osorio Robles1-1/+2
This allows to optionally add volumes, where we could use a heat conditional to either put the volume path we want or put an empty string which should be safely skipped. Change-Id: I68f91ffdd8ceb14735adad1322fcf124c47b160c
2017-03-22Merge "Enables OpenDaylight clustering in HA deployments"Jenkins2-1/+7
2017-03-22Merge "Change kolla_config from required to optional in pep8."Jenkins1-3/+3
2017-03-22Restrict Access to Kernel Message Bufferzshi2-0/+13
Unprivileged access to the kernel syslog can expose sensitive kernel address information. Change-Id: If40f1b883dfde6c7870bf9c463753d037867c9e2 Signed-off-by: zshi <zshi@redhat.com>
2017-03-21Merge "Keep existing data for containerized ironic-conductor"Jenkins2-12/+45
2017-03-21Merge "Cleanup docker services templates"Jenkins16-85/+40
2017-03-20Change kolla_config from required to optional in pep8.Ian Main1-3/+3
We've decided to use volumes for configuration wherever possible. This means moving away from kolla_config blocks in the templates. Update pep8 to reflect this. Change-Id: If1ec40d0e5a515eed35e0cd04711079294f358c3
2017-03-20Merge "Containerize panko api service"Jenkins3-1/+121
2017-03-20Merge "Don't try to run os-net-config from yum_update.sh"Jenkins1-11/+0
2017-03-20Merge "Bind redis-sentinel to its network"Jenkins1-0/+1
2017-03-20Setting keystone region for congressDan Radez1-0/+1
Change-Id: I4958b886cbd6c2b34da0c265e8774105474ace13
2017-03-20Enables OpenDaylight clustering in HA deploymentsTim Rozet2-1/+7
Port 2550 is required for inter-ODL communication when clustering. odl-jolokia feature is required to expose REST APIs from ODL for monitoring the cluster. Implements: blueprint opendaylight-ha Depends-On: Ic9a955a1c2afc040b2f9c6fb86573c04a60f9f31 Change-Id: Ie108ab75cce0cb7d89e72637c600e30fc241d186 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-20Merge "Fixes multiple issues with retry function in rhel-registration."Jenkins1-17/+31
2017-03-20Keep existing data for containerized ironic-conductorJiri Stransky2-12/+45
Use mounts instead of docker volumes, and preserve existing data when moving from baremetal to containerized ironic-conductor. We cannot keep the data in the same directory to avoid hard-linking errors in ironic, because of this issue: https://github.com/docker/docker/issues/7457 This means we need to copy the data over to a new location before we start the containers. Change-Id: If98460120212f887b06adf117c5d88b97682638e
2017-03-18Merge "Make sure PrePuppet runs before any Deployment_Step"Jenkins1-1/+1
2017-03-18Merge "Add certmonger-user profile"Jenkins7-0/+51
2017-03-17Re-Add bigswitch agent supportAlex Schultz5-1/+69
The agent configuration was lost in newton during the puppet-tripleo and THT role conversion. This change adds support for including the bigswitch agent service for composable roles. Change-Id: I46896389e48cdbe2864bf5b609a786f1c84ef908 Closes-Bug: #1673126
2017-03-17Merge "docker/keystone: add metadata_settings to output"Jenkins1-0/+2
2017-03-17Merge "Keep existing data for containerized Swift"Jenkins2-16/+26
2017-03-17Merge "Keep existing data for containerized RabbitMQ"Jenkins1-2/+7
2017-03-17Make sure PrePuppet runs before any Deployment_StepMichele Baldessari1-1/+1
We used to have this in mitaka: https://github.com/openstack/tripleo-heat-templates/blob/stable/mitaka/puppet/controller-post.yaml#L45 but we lost it along the way. The problem without this change is that we are open to the following race: 1) ControllerDeployment_Step1 is started and manages to do a successful "systemctl start pacemaker" 2) PrePuppet gets called and in the HA deployment calls pacemaker_maintenance_mode.sh 3) pacemaker_maintenance_mode.sh will set the maintenance-mode=true property because the pacemaker service is already up: https://github.com/openstack/tripleo-heat-templates/blob/master/extraconfig/tasks/pacemaker_maintenance_mode.sh#L8-L9 4) If the maintenance property is set to true at this stage, the creation of any resource will take place but they won't really start. Change-Id: Icb7495edd00385b2975dd42f63085d20292ef9a9 Closes-Bug: #1673795 Co-Authored-By: Jiri Stransky <jstransk@redhat.com>
2017-03-17Containerize panko api serviceFlavio Percoco3-1/+121
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Closes-bug: #1668918 Change-Id: Ie1ebd25965bd2dbad2a22161da0022bad0b9e554
2017-03-17Merge "docker: Add metadata_settings to optional parameters for yaml validate"Jenkins1-1/+2
2017-03-17Merge "Keep existing data for containerized MongoDB"Jenkins1-1/+15
2017-03-17Merge "Explicitly configure credentials used by ironic to access other services"Jenkins1-4/+39
2017-03-17Bind redis-sentinel to its networkMichele Baldessari1-0/+1
We currently do not bind redis-sentinel to any IP: redis 21144 0.0 0.0 142908 5908 ? Ssl 07:43 0:11 /usr/bin/redis-sentinel *:26379 [sentinel] Let's bind it to the same network as redis. Change-Id: I8a782ae1db84eb614aa3995a1638a2f370e70d06 Partial-Bug: #1673715
2017-03-17Add NodeCreateBatchSize parameterSteven Hardy1-0/+8
This uses the heat resource group batched create feature to ensure we don't create more than 30 nodes at a time, which has been reported as the maximum supported by the default ironic ipxe/TFTP configuration. Change-Id: If3651e4c465d8d7bd4c8f2b48d45b1272ff2d272
2017-03-17Pick dynamically the first node for stack validationLuca Lorenzetto1-6/+18
When replacing the controller node with resource id 0, AllNodesValidation will fail because there is an hardcoded reference to resource.0. With this commit the id for validation is extracted dynamically with yaql query, picking the first available. Thanks to Steven Hardy for pointing to the right direction. Change-Id: I8f2bfacbc005d948bd31ebd51c3d3df3182d5a3c Closes-Bug: #1673439
2017-03-16Merge "Added release note for NeutronExternalNetworkBridge deprecation"Jenkins1-0/+10
2017-03-16Explicitly configure credentials used by ironic to access other servicesDmitry Tantsur1-4/+39
Using keystone_authtoken credentials for this purpose is deprecated, and also prevents ironic-conductor from being used as a separate role. Also remove neutron_url, it can be fetched from the catalog instead. Change-Id: I12822568cb4db31808aec5fd407d71fe4b7b09e0 Depends-On: I21180678bec911f1be36e3b174bae81af042938c Partial-Bug: #1661250
2017-03-16Merge "Keep existing data when moving to containerized MariaDB"Jenkins1-4/+21
2017-03-16docker/keystone: add metadata_settings to outputJuan Antonio Osorio Robles1-0/+2
This is used for the TLS-everywhere bits. It will be taken into account by a metadata hook that outputs relevant entries for the nova-metadata service; and subsequently kerberos principals will be created from these. Subsequent patches will add support for TLS in the internal network for the containerized keystone. Change-Id: Ic747ad9c8d6e76c8c16e347c1cdcabc899dd9f9a
2017-03-16docker: Add metadata_settings to optional parameters for yaml validateJuan Antonio Osorio Robles1-1/+2
This section will be needed for TLS-everywhere. So it should be added as optional in the yaml-validate. Change-Id: Ic6ea563b6c8e454cb51f640bb5aaa3adda82a5dd
2017-03-16Merge "etcd: secure EtcdInitialClusterToken parameter"Jenkins2-1/+7
2017-03-16Keep existing data for containerized LibvirtJiri Stransky2-3/+16
Use mounts instead of docker volumes to preserve existing data when moving from baremetal to containerized Libvirt. Change-Id: I2215d451a4ef4023741f0750ac1b45a94652026a
2017-03-16Keep existing data for containerized SwiftJiri Stransky2-16/+26
Use mounts instead of docker volumes to preserve existing data when moving from baremetal to containerized Swift. Change-Id: Ib7cbca2ef674a0245a67b69ee2c77f574d74c181
2017-03-16Merge "Add upgrade tasks for aodh containers"Jenkins4-0/+16
2017-03-15etcd: secure EtcdInitialClusterToken parameterEmilien Macchi2-1/+7
Secure EtcdInitialClusterToken parameter by: * removing the default value. * make it hidden. Change-Id: I938af697f9faaadb9c9aeb950e9410db24b1b961 Depends-On: I6e30cce469736e84a3c483fafa29d542b8347ba9 Closes-Bug: #1673266
2017-03-15Merge "Cleanup no longer used upgrade files"Jenkins13-1014/+0
2017-03-15Add upgrade tasks for aodh containersPradeep Kilambi4-0/+16
Change-Id: I936b31fd24c43e35092b3bfef4454a8da81d19c8
2017-03-15Cleanup no longer used upgrade filesmarios13-1014/+0
Removes some of the no longer used scripts and templates used by the upgrades workflow in previous versions. Change-Id: I7831d20eae6ab9668a919b451301fe669e2b1346
2017-03-14Switch keystone default provider to fernetJuan Antonio Osorio Robles2-1/+7
UUID is to be deprecated, and we should be using fernet. Change-Id: I61b999e65ba5eb771776344d38eb90fc52d49d56
2017-03-14keystone/containers: Add support for fernet keysJuan Antonio Osorio Robles1-0/+19
Since the 'file' resource is included in the tags that puppet takes into account, we already generate the fernet keys if it's enabled as a token provider. This merely adds the keys to the container. However, if fernet is not the provider, we make this file addition optional. Change-Id: Id92039b3bad9ecda169323e01de7bebae70f2ba0
2017-03-14Merge "Update properties being set for octavia rabbit properties"Jenkins1-3/+3
2017-03-14Keep existing data for containerized RabbitMQJiri Stransky1-2/+7
Use mounts instead of docker volumes to preserve existing data when moving from baremetal to containerized RabbitMQ. Change-Id: I8de6610d13d2d878ffba12eb742880eed694eb3e
2017-03-14Keep existing data for containerized MongoDBJiri Stransky1-1/+15
We used named Docker volume for MongoDB storage, which meant that when moving from bare metal to containerized, we lost data and reinitialized the storage from scratch. With this commit we keep the data by mounting the original data into the container. We also need make sure that file ownership is correct according to the uid/gid used within MongoDB container image. Change-Id: I86ef2cb37a068b767462d6d50fe451389b7cbb58