aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-27TLS-everywhere: Add missing profiles to docker compute servicesJuan Antonio Osorio Robles1-0/+2
the CA and certmonger user profiles were needed in the compute services list from the tls-everywhere in containers environment. bp tls-via-certmonger-containers Change-Id: Ib584ac0745d68828467bcfad7f6472ab66adbac3
2017-04-26upgrades: deploy mod_ssl when upgrading apacheEmilien Macchi10-95/+150
1) When Apache is upgraded, install mod_ssl rpm. See https://bugs.launchpad.net/tripleo/+bug/1682448 to understand why we need mod_ssl. 2) All services that run Apache for API will use the snippet from Apache service to deploy mod_ssl, so we don't duplicate the code in all services. It's using the same mechanism as ovs upgrade to compile upgrade_tasks between both services. Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84 Closes-Bug: #1686503
2017-04-26Merge "Containerize Redis service"Jenkins2-0/+79
2017-04-26Open ports 443 and 80 on haproxy's firewall when horizon is standaloneRadomir Dopieralski1-0/+7
Change-Id: Ifec9839ac0fc688678f0221bb731fb64bd86d2d9
2017-04-26Change the default for rabbitmq back to ha-mode: allMichele Baldessari3-33/+15
In change Ib62001c03e1e08f58cf0c6e0ba07a8879a584084 we switched the rabbitmq queues HA mode from ha-all to ha-exactly. While this gives us a nice performance boost with rabbitmq, it makes rabbit less resilient to network glitches as we painfully found out via https://bugzilla.redhat.com/show_bug.cgi?id=1441635. This is the THT part of the change that changes the default to ha-mode: all. Closes-Bug: #1686337 Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Co-Authored-By: John Eckersberg <jeckersb@redhat.com> Change-Id: I7afcf2b3c8deb13fc2134e4cae9c06a44e775384 Depends-On: I9a90e71094b8d8d58b5be0a45a2979701b0ac21c
2017-04-26Fix etcd_init_task volumeBogdan Dobrelya1-1/+1
Docker puppet hook writes to /etc of containers. Mount /etc as rw for etcd container. Change-Id: I8e45de18a91022690c19888cbfaa68d2fdfe46ce Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-04-26Upgrade failure when service parameter is changed for PankoApiSaravanan KR1-0/+1
scenario001 env in ocata has mapped PankoApi locally and it has been removed master scenario001 env file. In tripleo.sh upgrade command, both old (ocata) and new (master) env files are included, because of which new service file is not used, as it has been removed. This change is to add the PankoApi mapping back to scenario001 env file for now. Actual fix will be remove old env file from upgrade command of tripleo.sh. Partial-Bug: #1685759 Change-Id: I4a8ee38d990a1980eea6ec63f2780357d040ded4
2017-04-25Merge "Fix dependencies for PreConfig/PostConfig resources"Jenkins1-17/+6
2017-04-25Merge "Enable internal network TLS for etcd"Jenkins1-21/+56
2017-04-25Deprecate ceilometer collectorPradeep Kilambi8-37/+89
Ceilometer collector is deprecated in Pike release. Do not deploy by default. Instead use the pipeline yaml to configure the publisher directly. Closes-bug: #1676961 Change-Id: Ic71360c6307086d5393cd37d38ab921de186a2e0
2017-04-25Merge "Updated from global requirements"Jenkins1-1/+1
2017-04-25Merge "Containerize etcd service"Jenkins2-0/+107
2017-04-25Fix dependencies for PreConfig/PostConfig resourcesSteven Hardy1-17/+6
We have a circular dependency errror since https://review.openstack.org/#/c/452734/ landed. This adjusts the dependencies to ensure we run pre-config before the first puppet deploy step, and removes the duplicate declaration of the ControllerPostConfig resource. Also we ensure the first container step always depends on the same step puppet deploy. Change-Id: I70c5a39fb36b951bdeb04c15bddac7d00eebf08a Closes-Bug: #1686098
2017-04-25Deploy ceilometer_auth_enabled to node containing keystoneJuan Antonio Osorio Robles1-1/+1
This hiera key is used by keystone to create the ceilometer service user. It works in CI cause keystone and the ceilometer services are in the same node. However, this fails if keystone is deployed on a separate note. We should only deploy it in the nodes containing the keystone service since it's only relevant to create the service user. Change-Id: Ic0f02fe9a78a1fe14ac2b87197692fbd80c003b8 Closes-Bug: #1685828
2017-04-25Pass httpd service_name to ZaqarThomas Herve1-0/+1
This removes the need to do it in puppet-tripleo Change-Id: I6f44a6a02041c0fbbafb770a087a0032c3a53a76
2017-04-25Merge "Disable Manila CephFS snapshots by default"Jenkins4-2/+8
2017-04-25Merge "Add initial support for NSX plugin"Jenkins5-0/+90
2017-04-24Updated from global requirementsOpenStack Proposal Bot1-1/+1
Change-Id: I8dabf83907b2e50f6611f1ef93702b6bd5ac5e19
2017-04-24Dell SC: Add secondary DSM supportrajinir2-3/+23
Adds support for a secondary DSM in case the primary becomes unavailable. Change-Id: I0887e15a7e1c90a4f333bef6cdbb5d43ba0cd838 Closes-Bug: #1681492 Depends-On: I331466e4f254b2b8ff7891b796e78cd30c2c87f7
2017-04-24Merge "Merge pre|post puppet resources into pre|post config."Jenkins13-44/+30
2017-04-24Merge "Fix containerized RabbitMQ service deployment"Jenkins1-3/+16
2017-04-24Containerize etcd serviceBogdan Dobrelya2-0/+107
Depends-On: I3ad463217ed3f2d6374627248236b274cfed72fb Depends-On: If4b01934a9a5cb6ca2ff6c1831e4fe073f1b04ea Closes-bug: #1668938 Change-Id: I6cb902d712849bf11f331ed776cd0ed6e200dcd9 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-04-24Merge "Don't attempt to configure live migration"Jenkins2-2/+18
2017-04-24Merge "Run Zaqar with httpd in puppet service"Jenkins2-12/+57
2017-04-24Merge "Remove no longer used environment files - older upgrade workflows"Jenkins6-37/+0
2017-04-24Merge pre|post puppet resources into pre|post config.Carlos Camacho13-44/+30
The [Pre|Post]Puppet resources were renamed in https://review.openstack.org/#/c/365763. This was intended for having a pre/post deployment steps using an agnostic name instead of being attached to a technology. The renaming was unintentionally reverted in https://review.openstack.org/#/c/393644/ and https://review.openstack.org/#/c/434451. This submission merge both resources into one, and remove the old pre|post hooks. Closes-bug: #1669756 Change-Id: Ic9d97f172efd2db74255363679b60f1d2dc4e064
2017-04-24Fix containerized RabbitMQ service deploymentBogdan Dobrelya1-3/+16
* Use default puppet tags instead of the 'file' tag only * Noop user/policy providers for puppet_config docker step and move them into docker_puppet_tasks (init container) Change-Id: I98a54808aae6fca060b23f074b71178f2d4c815e Closes-bug: #1684138 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-04-24Merge "Allow configuring enabled hardware types for Ironic"Jenkins2-0/+15
2017-04-24Merge "Containers: disable downloading rabbitmqadmin"Jenkins1-1/+4
2017-04-22Merge "Replace six.iteritems() with .items()"Jenkins1-1/+1
2017-04-22Merge "Increase documentation about parameters"Jenkins2-3/+33
2017-04-21Containerize Redis servicePradeep Kilambi2-0/+79
Closes-bug: #1668919 Change-Id: Ie750caa34c6fa22ca6eae6834b9ca20e15d97f7f
2017-04-21Merge "Add service config settings to agent services"Jenkins3-0/+6
2017-04-21Merge "scenario001/pingtest: enable Gnocchi resource again"Jenkins1-15/+13
2017-04-21Remove no longer used environment files - older upgrade workflowsmarios6-37/+0
In I7831d20eae6ab9668a919b451301fe669e2b1346 we removed some of the old upgrades but left the environment files removed here. Change-Id: Ib3eca5687285b280832d19b647c3b4aa3d9ac36d
2017-04-21Don't attempt to configure live migrationJiri Stransky2-2/+18
When configuring nova containers via puppet, the puppet class chain includes a class for live migration, which configures live migration aspects in nova and libvirt. Some of the libvirt config parts try to notify Service[libvirt], but that service definition is only included in nova-libvirt service, it's not included in the control plan nova services. However, our hieradata is currently global on the node, it's not per-service, which means even though only nova-compute and nova-libvirt service set tripleo::profile::base::nova::manage_migration: true this hiera setting is applied to all containers running puppet, most notably the ones which configure nova control plane services. As a result, configuration of nova control plane services failed, and in turn the whole deployment failed. This commit disables the libvirt part of live migration config until we implement some better solution (e.g. hieradata separation between different puppet containers, or move the libvirt config parts only to nova-compute manifests in puppet-tripleo). Change-Id: I0328406607d451e6bdce4d92c441c03648925fa7 Closes-Bug: #1684107
2017-04-21Merge "Use -net=host for docker-puppet.py config gen"Jenkins1-0/+4
2017-04-21Merge "Add defaults for docker puppet tasks"Jenkins1-4/+10
2017-04-21Merge "containers: TLS in the internal network for telemetry services"Jenkins4-0/+65
2017-04-21Merge "glance: deploy services with Keystone v3 endpoints"Jenkins2-2/+9
2017-04-21Merge "SSHD Service extensions"Jenkins11-4/+46
2017-04-21Merge "Use conditionals for neutron and glance worker defaults"Jenkins2-10/+20
2017-04-21Merge "Add network_data.yaml to encapsulate list of networks for j2"Jenkins5-54/+76
2017-04-21Merge "Add environment to preselect only VIP IP addresses"Jenkins5-1/+55
2017-04-21Merge "Add NeutronDnsDomain heat option, undercloud fix"Jenkins2-0/+6
2017-04-20Merge "Add all hosts to HostsEntry output"Jenkins2-1/+10
2017-04-20Merge "N->O Manual puppet commands have the right modulepath."Jenkins2-2/+5
2017-04-20Add defaults for docker puppet tasksSteven Hardy1-4/+10
Currently we're referencing some steps that don't exist in the output from the OS::Heat::Value resource, but as noted in the heat bug #1681749 I think this isn't valid and probably should not be allowed, so instead merge defaults with the non-empty step tasks. To avoid further duplication of the loop variables, I made the max step a variable. Change-Id: Icf3d639b53c97006a0c370c12600449fba6f3323 Related-Bug: #1681749
2017-04-20N->O Manual puppet commands have the right modulepath.Sofer Athlan-Guyot2-2/+5
In two places during upgrade we manually trigger puppet. There can be a problem when new puppet modules are added, and their corresponding symlinks in /etc/puppet/modules are not created during the installation as their are installed in /usr/share/openstack-puppet/modules. To prevent the issue tripleo set modulepath in the templates. We must use the same modulepath to make sure that we don't fail because of missing module in the manual puppet run. This particulary happens when you upgrade from M->N->O, as the base image in Mitaka doesn't have the proper symlinks and they are not created during the installation of the package. Closes-Bug: #1684587 Change-Id: I79df6ea33f1c58e13309176a6de41b7572541fd6
2017-04-20Merge "TLS-everywhere: Enable for TLS libvirt live migration"Jenkins2-0/+88