aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-11-29Test encrypted volumes in scenario002Juan Antonio Osorio Robles2-0/+18
This effectively adds barbican-api to the deployment in scenario002 and uses it to provide encrypted volumes for cinder that a nova instance boots from in the test. Change-Id: I132e346755fb49c9563247b4404be06b97f77872
2016-11-29Merge "Stop using puppet to configure VIPs in /etc/hosts"Jenkins7-98/+55
2016-11-28get-occ-config.sh replace deprecated heat commandsSteve Baker1-10/+10
The modern openstack equivalent heat commands require no awk and will be slightly more efficient. The roles variable is optionally populated by OVERCLOUD_ROLES so that a subset of roles can be specified. Change-Id: I6b66cb3bd81825fba726dd45b0db25896908f6dd
2016-11-28Apply os-net-config with a script instead of elementDan Prince35-1841/+2137
Wire in os-net-config via a normal script heat deployment, which has the following advantages: 1. Improved error path, currently o-a-c deployments don't report any errors, thus hang and eventually the deployment times out 2. It's far more hackable from a deployer perspective, e.g it's much easier to change the os-net-config options or include a mapping file 3. Reduces our dependencies on o-a-c (it's only os-net-config and hiera which requires it), although the script does currently still use oac to get the metadata IP. 4. May enable passing os-net-config yaml via a json parameter in future, reducing the need for resource_registry mappings (although we'll have to support that for backwards compatibility) The script used is based directly on 20-os-net-config (from t-i-e at cf94c5e, we can probably improve this now that we have an error path, but for this initial commit it's a straight copy other than the changes to replace o-a-c for rendering the json config file. Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: I0ed08332cfc49a579de2e83960f0d8047690b97a
2016-11-28Use correct type for SensuRedactVariables parameterMartin Mágr1-1/+1
The parameter type is invalid making it impossible to enable monitoring-environment. Change-Id: I835d1e82480edb0b6d082a7496d7ceebb1781728 Closes-Bug: #1641080 Closes-Bug: rhbz#1392473
2016-11-28Merge "Enable TLS in the internal networkf or Mysql"Jenkins4-39/+94
2016-11-28Merge "adding swift middleware that is typically enabled by default"Jenkins1-0/+5
2016-11-28Revert "Set NeutronL3HA to false when deploying DVR"John Schwarz1-8/+0
DVR+HA routers are officially supported, so this patch can be reverted. This reverts commit ce39dbac56123354576d2c31674e1b18535b0111. Conflicts: environments/neutron-ovs-dvr.yaml Change-Id: Ifeceb0c3ba01e81403903401ebfe69b9e9d7d2f2
2016-11-27Merge "Cleanup some inline comments in network/config"Jenkins10-46/+0
2016-11-27Stop using puppet to configure VIPs in /etc/hostsDan Prince7-98/+55
This patch drops use of the vip-hosts.yaml service which can cause issues during deployment because puppet 'hosts' resources overwrite the data in /etc/hosts. The only reason things seem to work at all at the moment is because our hosts element in t-i-e runs on each os-refresh-config iteration and re-adds the dropped hosts entries. To work around the issue we add a conditional which selectively adds the extra hosts entries only if the AddVipsToEtcHosts is set to true. Closes-bug: 1645123 Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
2016-11-25Fix puppet/services/README.rst step descriptionSteven Hardy1-6/+0
We removed Step 6 in Iae33149e4a03cd64c5831e689be8189ad0cf034b but forgot to update the README. Similarly we made all roles use the same steps in Ia2ea559e8eeb64763908f75705e3728ee90b5744 so the comment is no longer true. Change-Id: If5482ebd22a2547ed2165199992840a0dcacb04c
2016-11-25Show team and repo badges on READMEFlavio Percoco1-0/+9
This patch adds the team's and repository's badges to the README file. The motivation behind this is to communicate the project status and features at first glance. For more information about this effort, please read this email thread: http://lists.openstack.org/pipermail/openstack-dev/2016-October/105562.html To see an example of how this would look like check: b'https://gist.github.com/8e6d63aff05dc9e2a946f9012a34b334\n' Change-Id: I0090c60b91624f6cc446bc020b1445b3919e0d40
2016-11-25Import TripleO CI environments from tripleo-ciEmilien Macchi8-0/+668
Import TripleO CI environments from tripleo-ci into THT for some reasons: 1) THT is branched while tripleo-ci is not. Having them here would allow to make scenarios able to evolve over the releases without adding more scenarios. 2) Help our developers to run TripleO CI scenarios themselves from THT by exposing the templates here. The whole discussion is here: http://lists.openstack.org/pipermail/openstack-dev/2016-November/107816.html Change-Id: I3527a64c0c8f56ca77115d32849fa23fe710112d
2016-11-25Provide full list of services for Compute role in HCI scenarioGiulio Fidente1-4/+22
Until bug #1635409 is fixed, we can provide the full list of services needed on the Compute role, plus CephOSD, in the hyperconverged-ceph environment file, preserving the user experience. Change-Id: I42409bc098c740759b378969526e13efaf002d3c Related-Bug: #1635409
2016-11-25Enable TLS in the internal networkf or MysqlJuan Antonio Osorio Robles4-39/+94
This adds the necessary hieradata for enabling TLS for MySQL (which happens to run on the internal network). It also adds a template so this can be done via certmonger. As with other services, this will fill the necessary specs for the certificate to be requested in a hash that will be consumed in puppet-tripleo. Note that this only enables that we can now use TLS, however, we still need to configure the services (or limit the users the services use) to only connect via SSL. But that will be done in another patch, as there is some things that need to land before we can do this (changes in puppetlabs-mysql and puppet-openstacklib). Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118 Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
2016-11-24Merge "Increase reserved memory for computes when enabling DVR"Jenkins1-0/+13
2016-11-24Merge "Disable Neutron agents with OVN."Jenkins1-0/+3
2016-11-24Merge "Make Ceilometer notifications non-blocking"Jenkins1-0/+1
2016-11-24Merge "Remove conditional for neutron l3_ha"Jenkins1-28/+10
2016-11-24Merge "Run os-net-config before restarting cluster on update"Jenkins1-0/+11
2016-11-24Disable Neutron agents with OVN.Joe Talerico1-0/+3
OVN natively implements services that are provided by Neutron agents. This patch disables the Neutron DHCP agent as well as the OVS agent for compute nodes. Closes-bug: 1634580 Change-Id: I70631c2facbbf08257868e26e14af942ad7f2893
2016-11-24Merge "Explicitly set rabbit hosts so its not overridden during upgrade"Jenkins1-1/+7
2016-11-24Merge "Add panko api support to service templates"Jenkins12-0/+434
2016-11-23Merge "Add necessary parameters for encrypted volumes support"Jenkins1-0/+14
2016-11-23Run os-net-config before restarting cluster on updateBrent Eagles1-0/+11
Running os-net-config before restarting the cluster prevents changes to the interface files caused by changes to implementation from bouncing network interfaces after the cluster has restarted. Closes-Bug: #1644138 Change-Id: I65fb104465ff3d37ddc791634302994334136014
2016-11-23Merge "Make the CloudDomain defaults match the doc strings"Jenkins6-0/+6
2016-11-23Merge "Remove Combination alarms support"Jenkins1-6/+0
2016-11-23Explicitly set rabbit hosts so its not overridden during upgradePradeep Kilambi1-1/+7
During ceilometer pre upgrade, rabbit host config gets overridden in ceilometer conf as its setting to defaults. This explicitly sets the host info in standalone manifest. Closes-Bug: #1644278 Change-Id: I862ea7165c5d42ba1f9a19111a8be8934c0ef883
2016-11-23Cleanup some inline comments in network/configDan Prince10-46/+0
This patch cleans up some inline comments that are a bit non-standardly formatted so that we can more easily parse these templates in an automated fashion. Change-Id: Ibf91f3478fd894f9323d8805729ece9c5fab256f
2016-11-23Merge "Configure Keystone Fernet Keys"Jenkins1-0/+11
2016-11-23Merge "Fix resource_registry path in enable-internal-tls"Jenkins1-1/+1
2016-11-23Merge "Fix ovs 2.4 to 2.5 upgrade - minor update non controllers"Jenkins1-14/+13
2016-11-23Merge "Containerized Services for Composable Roles"Jenkins13-360/+769
2016-11-23Merge "Enables auto-detection for VIP interfaces"Jenkins2-17/+9
2016-11-22Make the CloudDomain defaults match the doc stringsJulie Pichon6-0/+6
Not having the default easily accessible is causing issues for the UI, as it cannot guess at it and can accidentally overwrite the value with an empty string (the expected default when unset). The default is already helpfully spelled out in the doc string for each file, this updates the parameter to match it. Change-Id: Ic284f9904e8f1d01cc717d59a0759f679d94106d Closes-Bug: #1643670
2016-11-22Fix ovs 2.4 to 2.5 upgrade - minor update non controllersmarios1-14/+13
In I9b1f0eaa0d36a28e20b507bec6a4e9b3af1781ae and I11fcf688982ceda5eef7afc8904afae44300c2d9 we landed a workaround for the openvswitch 2.4 to 2.5 upgrade discussed in the bug below. Unfortunately testing has revealed a problem with the minor update case specifically for non controllers. It seems we would exit before the ovs workaround has had a chance to execute. This moves the block up a few lines to avoid this condition. As with the other two reviews noted here, this will need to go into newton and then mitaka too. Change-Id: If905de82d96302334ebe02de9c43f00faed9b72b Related-Bug: 1635205
2016-11-22Fix resource_registry path in enable-internal-tlsJuan Antonio Osorio Robles1-1/+1
It had a wrong path and thus crashed when one tried to use it. Change-Id: Ida4f899c76cce6e819d7e0effaf038f699763bee Closes-Bug: #1643863
2016-11-22Containerized Services for Composable RolesIan Main13-360/+769
This change modifies the template interface to support containers and converts the compute services to composable roles. Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Steve Baker <sbaker@redhat.com> Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b
2016-11-22Merge "Disable Options Indexes in horizon"Jenkins1-0/+1
2016-11-21Merge "Enable enforce_password_check"Jenkins1-0/+1
2016-11-21Add necessary parameters for encrypted volumes supportJuan Antonio Osorio Robles1-0/+14
If barbican is set, it will configure cinder and nova-compute with the necessary parameters to enable encrypted volumes to be created if requested. Change-Id: Id13811cf8e090706c590ffff46c237ff8131efd9
2016-11-18Make Ceilometer notifications non-blockingChristian Schwede1-0/+1
Ceilometer notifications can be sent in a background thread, unblocking the Swift proxy in case the RabbitMQ is not processing notifications quick enough or even unavailable. There is a default queue size of 1000 notifications. If more messages are added to the queue these will be discarded, and a warning log entry will be emitted. Change-Id: I98022dcbf661a5bb7425f49ba8525225d61212dc
2016-11-18Disable keepalived for HA deployments via t-h-tSteven Hardy2-2/+3
Currently this is disabled via a conditional in the keepalived profile in puppet-tripleo, but this will be incompatible with the planned composable upgrades implementation. Instead we should disable the service template by mapping to OS::Heat::None, and ensure the haproxy manifest uses the t-h-t generated hiera value keepalived_enabled instead of hard-coding a hiera override in the haproxy template. Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef Partial-Bug: #1642936 Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
2016-11-18Merge "Use j2 loops in post.j2.yaml"Jenkins1-56/+13
2016-11-18Merge "Correct AllNodesDeploySteps depends_on"Jenkins1-1/+1
2016-11-17Disable Options Indexes in horizonAndreas Karis1-0/+1
Security scanners complain that directory listings are enabled in horizon. Change-Id: I1d7cfcb3521e8235a99bc452f1b7b92c20ce72ac Closes-Bug: #1637576
2016-11-17No longer hard coding to a specifc network interface name.Harald Jensas1-2/+2
Instead of using a specific network interface name, thi fix fetch all ethernet mac addresses. Then uses this list of mac addresses to do a check if any entries in the list match any of the values in NetConfigDataLookup for a node. If there is a match, the /etc/os-net-config/mapping.yaml file for the node will be written. This fix removes the hard coded interface name 'eth0' used to get a mac address as identifyer for the specific node before. Using a hard coded interface name such as 'eth0' would have failed on most hardware because of "consistent network device names". Fix Bug: #1642551 Change-Id: I6c1d1b4d70b916bc5d9049469df8221f8ab2eb95
2016-11-17Add panko api support to service templatesPradeep Kilambi12-0/+434
This integrates panko service api into tripleo heat templates. By default, we will disable this service, an environment service file is included to enable if needed. Depends-On: I35f283bdf8dd0ed979c65633724f0464695130a4 Change-Id: I07da3030c6dc69cce7327b54091da15a0c58798e
2016-11-17Remove conditional for neutron l3_haSteven Hardy1-28/+10
This is handled in puppet-tripleo instead so we can remove the hard-coded reference to ControllerCount and instead use the hiera neutron_api_node_names to derive the number of neutron API nodes regardless of roles. Note that the NeutronL3HA parameter is maintained despite being marked deprecated because we need to backport this bugfix so we can't just remove it. I'm not sure if we want to consider removing the deprecation as leaving the override parameter in place seems fairly low overhead. Closes-Bug: #1629187 Change-Id: I7a77836dcaf809cc7959fca7691a4cd7d4af5d6a Depends-On: I01c50973eec8138ec61304f2982d5026142f267c
2016-11-17Configure Keystone Fernet KeysAdam Young1-0/+11
Provision the Keystone Fernet Token provider by installing 2 keys with dynamic content generated by python-tripleoclient. Note that this only sets up the necessary keys to use fernet as a token provider, however, this does not intend to set it up as the default provider; This will be discussed and will come as part of another commit. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: Ic070d160b519b8637997dbde165dbf15275e0dfe Change-Id: Iaa5499614417000c1b9ba42a776a50cb22c1bb30