aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-08Merge "Add missing ec2api::api::keystone_ec2_tokens_url config" into ↵Jenkins1-0/+5
stable/ocata
2017-04-07Add trigger to setup a LDAP backend as keystone domaineCyril Lopez3-0/+50
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo who will call a define in puppet-keysone ldap_backend.pp. Given the following environment: parameter_defaults: KeystoneLDAPDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. This also enables multi-domain support for horizon. Conflicts: puppet/services/keystone.yaml Closes-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643 Signed-off-by: Cyril Lopez <cylopez@redhat.com> (cherry picked from commit 347f5434b3e3793b9fdf2a94f49ab7734c5d923b)
2017-04-07Merge "Generate Pre/Post Puppet Tasks for all roles" into stable/ocataJenkins2-13/+11
2017-04-06Merge "Updated from global requirements" into stable/ocataJenkins1-1/+1
2017-04-06Merge "Add manual ovs upgrade script for workaround ovs upgrade issue" into ↵Jenkins5-26/+112
stable/ocata
2017-04-06Merge "Add environment for deployed-server with pacemaker" into stable/ocataJenkins1-0/+4
2017-04-06Add manual ovs upgrade script for workaround ovs upgrade issueMathieu Bultel5-26/+112
When we upgrade OVS from 2.5 to 2.6, the postrun package update restart the services and drop the connectivity We need to push this manual upgrade script and executed to the nodes for newton to ocata The special case is needed for 2.5.0-14 specifically see related bug for more info (or, older where the postun tries restart). See related review at [1] for the minor update/manual upgrade. Related-Bug: 1669714 Depends-On: I3227189691df85f265cf84bd4115d8d4c9f979f3 Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com> [1] https://review.openstack.org/#/c/450607/ Change-Id: If998704b3c4199bbae8a1d068c31a71763f5c8a2 (cherry picked from commit d2d319ec0ead06b860f8464b001048fb4f723788)
2017-04-06Enforce upgrade_batch_tasks before upgrade_tasks ordermarios1-19/+12
If we really want upgrade_batch_tasks before the upgrade_tasks as described in the README then we should enforce the ordering Noticed this working on bug 1671504 upgrade tasks were being executed before batch upgrade tasks. Closes-Bug: 1678101 Change-Id: Iaa1bce960a37c072b5f8441132705a6bb6eb6ede (cherry picked from commit 299b9f532377a3a0c16ba9cb4fe92c637fc38eeb)
2017-04-06Ensure upgrade step orchestration accross roles.Sofer Athlan-Guyot1-8/+6
Currently we don't enforce step ordering across role, only within role. With custom role, we can reach a step5 on one role while the cluster is still at step3, breaking the contract announced in the README[1] where each step has a guarantied cluster state. We have to remove the conditional here as well as jinja has no way to access this information, but we need jinja to iterate over all enabled role to create the orchestration. This deals only with Upgrade tasks, there is another review to deal with UpgradeBatch tasks. [1] https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/README.rst Closes-Bug: #1679486 Change-Id: Ibc6b64424cde56419fe82f984d3cc3620f7eb028 (cherry picked from commit d286892c785b8b81a866ea3c6a459d1fc4a347e8)
2017-04-06Merge "Make neutron dhcp agents per network conditional" into stable/ocataJenkins2-16/+31
2017-04-06Merge "Fixes port binding controller for OpenDaylight" into stable/ocataJenkins2-0/+46
2017-04-05Merge "Purge initial firewall for deployed-server's" into stable/ocataJenkins3-0/+12
2017-04-05Add environment for deployed-server with pacemakerJames Slagle1-0/+4
A new environment file to be used when using the deployed-server roles data at deployed-server/deployed-server-roles-data.yaml. This ensures the Pre and Post Puppet Tasks for the ControllerDeployedServer role are mapped to the stacks that handle maintenance mode and resource restarts for pacemaker on stack-update. Change-Id: I1ca52dfb3a3b669e128ebb0a28d9e36a1807faad Closes-Bug: #1665060 (cherry picked from commit f8cc35092d8d8c60eee12bd2a550ff5d60e28582)
2017-04-05Generate Pre/Post Puppet Tasks for all rolesJames Slagle2-13/+11
We need to generate the Pre and Post Puppet Tasks for all roles, not just the Controller role. Otherwise, you have to have a role specifically named Controller that is running your pacemaker services, or pacemaker won't be properly handled on stack-updates. When using deployed-server's it's actually not possible to have a role called Controller, since we need to use all custom roles so that we can set disable_contraints on each role. Further, it is not possible to redefine the Controller role since puppet/controller-role.yaml is listed in the excludes file. Change-Id: I737b24db90932e292b50b122640f66385f2d1c23 Partial-Bug: #1665060 (cherry picked from commit 529768ae84f7713f2ae9447ff35ee2d63b4bdcd7)
2017-04-05Updated from global requirementsOpenStack Proposal Bot1-1/+1
Change-Id: I40ecce838d12c2e232d8d4284bfa3ef3b88cebe4
2017-04-05Merge "Add OpenDaylightConnectionProtocol parameter to opendaylight-api ↵Jenkins1-0/+5
service" into stable/ocata
2017-04-04Purge initial firewall for deployed-server'sJames Slagle3-0/+12
We need to purge the initial firewall for deployed-server's, otherwise if you have a default REJECT rule, the pacemaker cluster will fail to initialize. This matches the behavior done when using images, see: Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3 I0dee5ff045fbfe7b55d078583e16b107eec534aa Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911 Closes-Bug: #1679234 (cherry picked from commit a216934f408439e77bf8346dafe30c4752c70946)
2017-04-04Set auth flag so ceilometer auth is enabledPradeep Kilambi3-0/+15
Ceilometer Auth should be enabled even if ceilometer api is not. Lets decouple these, this flag will be used in puppet-tripleo where ceilometer::keystone::auth class is initialized. Change-Id: Iffebd40752eafb1d30b5962da8b5624fb9df7d48 Closes-bug: #1677354 (cherry picked from commit 0d04302abd19f98df3cd700f9cc4ec47273e5dac)
2017-04-04Merge "Setting keystone region for tacker" into stable/ocataJenkins1-0/+1
2017-04-03Merge "FQDN validation" into stable/ocataJenkins2-0/+24
2017-04-03Merge "Setting keystone region for congress" into stable/ocataJenkins1-0/+1
2017-04-03Merge "Re-Add bigswitch agent support" into stable/ocataJenkins5-1/+69
2017-04-03FQDN validationMatthew Flusche2-0/+24
Adds optional validation to ensure FQDN set by Nova matches /etc/hosts as created by overcloud heat configuration. Consistent FQDN requires the nova parameter [Default]/dhcp_domain to match the CloudDomain tht parameter. This validation is disabled by default. Change-Id: Ib5689acae66baf63ecccbc3b1c0b96684781b863 (cherry picked from commit bae2d113938b9bb22d4c291ae312d2299187f72b) Partial-Bug: #1581472
2017-04-03Fixes port binding controller for OpenDaylightTim Rozet2-0/+46
In Ocata and later, the port binding controller for ODL was changed by default to be the pseudo agent controller, which requires a new feature "host config" for OVS. This patch modifies the default to use network-topology, which will work without any new host config features implemented (previous way of port binding). Closes-Bug: 1675211 Depends-On: I5004fdeb238dea81bc4f7e9437843a8a080d5b46 Change-Id: I6a6969d1d6b8d8b8ac31fecd57af85eb653245d2 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 502b3459d9c2b32beba31b37814d7625cd007775)
2017-04-03Merge "Don't check haproxy if external load-balancer is used." into stable/ocataJenkins1-1/+13
2017-04-03Add missing ec2api::api::keystone_ec2_tokens_url configSven Anderson1-0/+5
Change-Id: I9a19aff24dede2bea3bf2959afa7adde00817ee0 Related-Bug: #1676491 (cherry picked from commit 10cb0cfdef9b3a4719f89bcc2cdf1dae4a14dcca)
2017-04-03Setting keystone region for tackerDan Radez1-0/+1
Change-Id: I170b7e4cff66f0a4b1b6d5735f93c9f0295a5ac5 (cherry picked from commit eb426db63c8cc48990a832f8e1b972feb93e7e92)
2017-04-03Merge "Add special case upgrade from openvswitch 2.5.0-14" into stable/ocataJenkins3-4/+11
2017-04-02Include panko in the default dispatcherPradeep Kilambi2-1/+5
panko is enabled by default, we might as well make it the default dispatcher along with gnocchi. Closes-bug: #1676900 Change-Id: Icb6c98ed0810724e4445d78f3d34d8b71db826ae (cherry picked from commit 568573b9b054c3804d9d1be2ce6ec2668ca2dbfb)
2017-04-02Merge "Fixes multiple issues with retry function in rhel-registration." into ↵Jenkins1-17/+31
stable/ocata
2017-04-02Add special case upgrade from openvswitch 2.5.0-14marios3-4/+11
In [1] we removed the previously used special case upgrade code. However we have since discovered that for openvswitch 2.5.0-14 the special case is still required with an extra flag to prevent the restart. This adds the upgrade code back into the minor update and 'manual upgrade' scripts for compute/swift. The review at If998704b3c4199bbae8a1d068c31a71763f5c8a2 is adding this logic for the ansible upgrade steps. Related-Bug: 1669714 [1] https://review.openstack.org/#/q/59e5f9597eb37f69045e470eb457b878728477d7 Change-Id: I3e5899e2d831b89745b2f37e61ff69dbf83ff595 (cherry picked from commit 25983882c2f7a8e8f8fb83bd967a67d008a556a4)
2017-04-02Merge "[N->O] Fix wrong database connection for cell0 during upgrade." into ↵Jenkins2-1/+11
stable/ocata
2017-04-01Don't check haproxy if external load-balancer is used.Sofer Athlan-Guyot1-1/+13
Change-Id: Ia65796b04be9f7cadc57af30ef66788dd8cb7de8 Closes-Bug: 1677539 (cherry picked from commit 56535c89ad6a5db718dc0fb89c19dda9fba251ca)
2017-03-31Merge "Stop openstack-nova-compute during nova-ironic upgrade" into stable/ocataJenkins1-0/+4
2017-03-31Re-Add bigswitch agent supportAlex Schultz5-1/+69
The agent configuration was lost in newton during the puppet-tripleo and THT role conversion. This change adds support for including the bigswitch agent service for composable roles. Change-Id: I46896389e48cdbe2864bf5b609a786f1c84ef908 Closes-Bug: #1673126 (cherry picked from commit 8eaa5f8e10a801be8fc45eeaaa479e7774d97997)
2017-03-31[N->O] Fix wrong database connection for cell0 during upgrade.Sofer Athlan-Guyot2-1/+11
During upgrade the cell0 database has the connection pointing to mysql+pymysql://nova:c2cdagE8PyAbnpers3AD88Hge@10.0.0.19/nova_cell0?bind_address=10.0.0.20 where 10.0.0.20 was the ip of the bootstrap node. This makes the nova-api fails on 2/3 node at the end of the major-upgrade-composable-steps.yaml step. We do have the right value in the hiera database so make sure we use it for cell0 creation and not the nova.conf file which hasn't been updated yet. Change-Id: I09775206cb8fc5e15934f7e4475506a7fe17271e Closes-Bug: #1675359 (cherry picked from commit c9c3813b6a0811a262068d0aab28d0bd535be3e1)
2017-03-31Merge "[N->O] is creating 2 default cell_v2 cells" into stable/ocataJenkins1-4/+4
2017-03-31Merge "Run cluster check on nodes configured in wsrep_cluster_address." into ↵Jenkins1-9/+13
stable/ocata
2017-03-30Stop openstack-nova-compute during nova-ironic upgradeMarius Cornea1-0/+4
This change ensures that that openstack-nova-compute is stopped and disabled during the upgrade process. Closes-Bug: 1675814 Change-Id: Ifd2557b11e4317f1e76e459e8de4162116578eff (cherry picked from commit 276aca7a8145570301e566a8fb3253f57601d171)
2017-03-30Run cluster check on nodes configured in wsrep_cluster_address.Yurii Prokulevych1-9/+13
Attempt to check galera's cluster status fails when galera service is not running on the same node. Change-Id: I27fb0841d85cd0dc86e92ac2e21eedf5f8f863ab Closes-Bug: #1677574 (cherry picked from commit d39c952fd3150d24c9e01c15806181715d0760f8 )
2017-03-30Merge "N->O Upgrade, make sure all nova placement parameter properly set." ↵Jenkins1-3/+6
into stable/ocata
2017-03-30Merge "N->O upgrade, blanks ipv6 rules before activating it." into stable/ocataJenkins1-0/+6
2017-03-30Merge "Nic config mappings for deployed-server" into stable/ocataJenkins2-4/+11
2017-03-29Merge "Enables increasing mariadb open files for noha deployments" into ↵Jenkins1-0/+6
stable/ocata
2017-03-29Merge "Sort ResourceGroup resource list" into stable/ocataJenkins1-1/+1
2017-03-29Merge "Only set EnableConfigPurge on major upgrades" into stable/ocataJenkins5-9/+11
2017-03-28Remove 'Controller' role references from overcloud.j2.yamlDan Prince1-6/+6
This patch again removes hard coded role references to the overcloud.yaml template that was added in fd15a091f7ab6927833275df17b96ecacc2b1827. This breaks the composable undercloud work (undercloud-containers ci job as well). Change-Id: Ie30b2573dc4d2b45ebc0afc0e0d73bfdf41e4d4b Closes-bug: #1676528 (cherry picked from commit f7f1a8a6d8cfd4c78ffd256497b32daa5908641e)
2017-03-28Merge "Fixes missing firewall rules for neutron_ovs_dpdk_agent service" into ↵Jenkins2-1/+9
stable/ocata
2017-03-28Only set EnableConfigPurge on major upgradesSteven Hardy5-9/+11
Bug #1611800 fixed an upgrade issue by enabling purging configs for some services, but this causes issues such as longer updates and restarting services in the minor update case, so only do this for major upgrades, and default to false. Conflicts: (don't exist on this branch) environments/major-upgrade-composable-steps-docker.yaml environments/major-upgrade-converge-docker.yaml Related-Bug: #1611800 Closes-Bug: #1674858 Change-Id: Iff7d715f6730c5633f1146008504b4309ef3133d (cherry picked from commit 947a7148e807e74daf9e30e4e8c891d5bdacc69f)
2017-03-28[N->O] is creating 2 default cell_v2 cellsOliver Walsh1-4/+4
A side-effect of running map_cell_and_hosts is that a default cell is created (unless host mappings already exists). As we are explicitly creating the default cell we need to run discover_hosts to create the host mappings. Change-Id: I1a28e9b85a7c43561700faf692248c5fc06b8ad8 Closes-Bug: #1675418 (cherry picked from commit ab4adb9fb1b1ba003a8045ce4c3879f88ea243b3)