aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-11-11Use default Sensu redactMartin Mágr1-3/+14
By default sensu-puppet is overring default list of varibles which should be redacted. This patch enables to configure redact list and uses default value given by [1]. This patch also serves as a workaround until [2] is merged in the module itself (or in case it won't get merged). [1] https://sensuapp.org/docs/0.24/reference/clients.html [2] https://github.com/sensu/sensu-puppet/pull/580 Closes-Bug: #1641080 Closes-Bug: rhbz#1392473 Change-Id: I21201f734d2fbf5f571091603126cf11cfdd8c40
2016-11-07Merge "Move per role Services defaults into environment file"Jenkins2-1/+5
2016-11-07Merge "Change nova ram_allocation_ratio to match puppet-nova"Jenkins1-1/+1
2016-11-07Merge "Add an optional extra node admin ssh key parameter"Jenkins1-1/+7
2016-11-07Move per role Services defaults into environment fileSteven Hardy2-1/+5
For parameter merge strategies to work we need to merge multiple environment files, which doesn't consider the defaults defined in the heat template. Moving where we define these defaults will enable the merge strategies applied when appending services to roles in environment files to work. Change-Id: I1ef1ad685c8a15308d051665c576a98b277f2496 Closes-Bug: #1635409
2016-11-07Merge "Move db settings from manila-api to manila-base"Jenkins4-27/+36
2016-11-07Merge "Include keystone authtoken config in manila-share service"Jenkins1-0/+8
2016-11-07Merge "Ensure we update ceph and composable nodes"Jenkins2-0/+2
2016-11-07Add an optional extra node admin ssh key parameterSteven Hardy1-1/+7
This can be used to pass the e.g. the tripleo-validations ssh key into the deployment. Change-Id: I861b9e2252a9c8122dcf7df261386f1ea5200c4f Related-Bug: #1635226
2016-11-05Merge "swift/proxy: remove swift::proxy::ceilometer::rabbit_host"Jenkins1-1/+0
2016-11-05Merge "nova: add missing vnc console port in firewall"Jenkins3-2/+6
2016-11-05Merge "nova/libvirt: add missing ports for live-migration"Jenkins1-0/+2
2016-11-04Move db settings from manila-api to manila-baseBen Nemec4-27/+36
manila-share also needs the db configuration so the db-sync works correctly when manila-api is running on a non-controller node. Change-Id: Ib8a6f10ef6a650275fc011e51acfc4b5c7c99164 Closes-Bug: 1633077
2016-11-04Include keystone authtoken config in manila-share serviceBen Nemec1-0/+8
Because manila-share is a pacemaker-managed service, it has to be on the controller node. If you deploy the api services to a different node, then manila-share loses access to the authtoken hieradata generated by manila-api. Adding it explicitly to the manila-share config allows this setup to deploy sanely. Note that I'm having a different problem with manila db-syncs in this setup, so there's likely another patch required to get it fully working. Change-Id: Iac782fa67ea912d24b9905dd8bbafb8ff28dd669 Partial-Bug: 1633077
2016-11-04Merge "Updated Nuage neutron plugin name"Jenkins1-1/+1
2016-11-04swift/proxy: remove swift::proxy::ceilometer::rabbit_hostEmilien Macchi1-1/+0
The param is now managed in puppet-tripleo like other services. Change-Id: I306aa6ac6e2cfc0d4602e15e11564a6be096a121 Depends-On: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d
2016-11-04Merge "Update openstack-puppet-modules dependencies"Jenkins1-1/+2
2016-11-04Merge "Fixup the start of swift services"Jenkins1-1/+1
2016-11-04Merge "Add option to disable "d1" Swift device"Jenkins1-2/+5
2016-11-03nova: add missing vnc console port in firewallEmilien Macchi3-2/+6
- Remove vncproxy firewall rules from nova-api service - Add vncproxy firewall rules to nova-vncproxy service - Add console port range firewall rules to nova-libvirt service Change-Id: I421ae21c130cac6f25e7c0869b941ba77441172c
2016-11-03nova/libvirt: add missing ports for live-migrationEmilien Macchi1-0/+2
Some ports are missing to support live-migration. This patch adds them. Documented here: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/migrating-instances/chapter-1-how-to-migrate-a-live-instance Change-Id: I72634a9940c11602522322235e51bf27cb664e57
2016-11-03Merge "Rework gnocchi-upgrade to run in a separate upgrade step"Jenkins5-18/+68
2016-11-03Merge "gnocchi statsd should be able to send data to port 8125"Jenkins1-0/+4
2016-11-03Fixup the start of swift servicesmarios1-1/+1
Seems the conditional has changed and we should pickup the tripleo::profile::base::swift::storage::enable_swift_storage hiera data. After controller nodes are upgraded the swift services were down even though there was no stand-alone swift node (the current conditional was failing as that hiera isn't set any more) Closes-Bug: 1638821 Change-Id: Id1383c1e54f9cae13fd375e90da525230e5d23eb
2016-11-02Ensure we update ceph and composable nodesLukas Bezdicka2-0/+2
The update configuration is generated into ceph.yaml and into {rolename}.yaml. We should ensure puppet hiera is looking for these files. Change-Id: I261d16bc365b3d19adc502385edcc509a53ffc2a Closes-Bug: #1638346 Resolves: rhbz#1388977
2016-11-01gnocchi statsd should be able to send data to port 8125Pradeep Kilambi1-0/+4
currently udp port 8125 is blocked by default. This can cause issues when sending statsd data. Change-Id: Icb5569c4e3dc981e9a8accf32eedd3370552cb34
2016-11-01Merge "Add Barbican to the overcloud"Jenkins10-0/+398
2016-11-01Update openstack-puppet-modules dependenciesLukas Bezdicka1-1/+2
OPM package is metadata package with unversioned requirements which means that update does not update the dependencies. This leaves us with old puppet modules and old puppet during the puppet run. Change-Id: I80f8a73142a09bb4178bb5a396d256ba81ba98a8 Closes-Bug: #1638266 Resolves: rhbz#1390559
2016-11-01Rework gnocchi-upgrade to run in a separate upgrade stepPradeep Kilambi5-18/+68
gnocchi when configured with swift will require keystone to be available to authenticate to migrate to v3. At this step keystone is not available and gnocchi upgrade fails with auth error. Instead start apache in step 3, start apache first and then run gnocchi upgrade in a separate step and let upgrade happen here. Closes-Bug: #1634897 Change-Id: I22d02528420e4456f84b80905a7b3a80653fa7b0
2016-11-01Merge "Re-add NFS backend for Glance"Jenkins2-11/+29
2016-11-01Change nova ram_allocation_ratio to match puppet-novaSteven Hardy1-1/+1
The interface for this moved to init.pp, the one we currently use now only outputs a warning, it doesn't actually set anything. Change-Id: Idc40cf0dc4ff0f598e0918e0de8b3233b524cdd5 Closes-Bug: 1638254
2016-10-31Merge "Add replacepkgs to the manual ovs upgrade workaround and fix a typo"Jenkins6-16/+13
2016-10-31Updated Nuage neutron plugin namelokesh-jain1-1/+1
Updated plugin name for configuring Nuage. Nuage plugin name changed after Liberty release and needs to be updated at all instances. Updated neutron-nuage-config.yaml file to reflect the change. Change-Id: I7cce9a07b909ab59bf249439eec0833afce5cca6 Closes-Bug: #1635033
2016-10-31Merge "Enable internal TLS for aodh"Jenkins1-2/+11
2016-10-31Merge "Fix Swift proxy pipeline ordering"Jenkins1-1/+1
2016-10-31Merge "Enable internal TLS for ceilometer"Jenkins1-3/+11
2016-10-28Fix Swift proxy pipeline orderingChristian Schwede1-1/+1
The Ceilometer middleware is in the wrong place; actually any middleware should be deployed after catch_errors to catch any errors that would otherwise crash the proxy service. Additionally the ceilometer middleware should be deployed after any authentication middleware. Closes-Bug: 1637471 Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: I710ff2f51271a78582fa502e7eecfa687800c664
2016-10-28Add option to disable "d1" Swift deviceChristian Schwede1-2/+5
A default TripleO installation uses a local directory named "d1" to be used by Swift. With SwiftRawDisks set it is highly unlikely that that an operator wants to use this any longer, because it affects system perforamce and might result in an overfilled the system disk. In this case d1 should be no longer when building rings. This patch makes it possible to disable the d1 device usage in the ring building process by using a new option "SwiftUseLocalDir". This is set by default to true, not changing the default behavior. If set to false, the d1 device won't be used when building rings. Closes-Bug: 1634051 Change-Id: Ia9ad38e3ffa533e170f4cedd0518d830e9b2fa69
2016-10-27Set cinder's service name to httpd via t-h-tJuan Antonio Osorio Robles1-0/+1
With this, we can clean it from puppet-tripleo. Change-Id: I13638cd1af52537bef8540f0d5fa5f5f7decd392 Depends-On: Ic1967a6f4f60a273965811516f33121115d518b4
2016-10-27Add replacepkgs to the manual ovs upgrade workaround and fix a typoMathieu Bultel6-16/+13
rpm command will return an exit 1 if ovs package is already there and will exit the step_1.sh script. To get around this force the update with --replacepkgs Also remove the \ just before the $ which cause a syntax error for the ceph storage Change-Id: I11fcf688982ceda5eef7afc8904afae44300c2d9 Closes-bug: 1636748
2016-10-26Merge "Remove double tcp_listen_options entries for rabbit"Jenkins1-1/+1
2016-10-26Merge "Remove duplicate bind_host from nova-api profile"Jenkins1-1/+0
2016-10-26Fix usage of SwiftRawDisksChristian Schwede1-1/+1
Using the SwiftRawDisks parameter neither created the XFS filesystem nor mounted the device, requiring manual intervention by an operaror. Partial-Bug: 1634051 Change-Id: I2da0f12635a37c1f339a3be59a7d00f352adf283
2016-10-25Merge "Fix the stonith property during upgrades"Jenkins1-4/+8
2016-10-22Fix the rabbitmq/redis pacemaker resource timeouts on updatesMichele Baldessari1-0/+19
With the following two changes we increased the timeout for redis and rabbit for both starting and stopping to 200s: https://review.openstack.org/386618 newton (merged) https://review.openstack.org/385555 master (merged) We want to also fix that on minor updates on all our supported releases upstream and downstream (newton, mitaka, liberty, kilo). This way we can guarantee that we have a uniform timeout for sart and stop for rabbit and redis across all our releases. Change-Id: If59bf3386832ee78d3a654f01077aff2e8be76e8 Closes-Bug: #1634851
2016-10-21Merge "Composable Mistral services"Jenkins11-0/+498
2016-10-21Merge "Prefill Sensu client custom config"Jenkins2-26/+27
2016-10-21Merge "Clarify horizon allowed hosts setting"Jenkins1-1/+2
2016-10-21Merge "Use correct password for keystone bootstrap"Jenkins1-0/+1
2016-10-21Clarify horizon allowed hosts settingMatthias Runge1-1/+2
Horizon allowed hosts should name the IP addresses/ DNS names (short/long) the Horizon node is listening to. Allowed hosts is used for header checks and is a security mechanism. Change-Id: I81c96357f969a1a436eecd35eb178579159bc719