aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-12-22Merge "Add hook to generate metadata from service profiles"Jenkins10-0/+47
2016-12-22Merge "Add a per service bootstrap node variable"Jenkins3-0/+28
2016-12-22Add CI matrix to THTCarlos Camacho1-0/+61
Currently the description of CI matrix is defined in tripleo-ci, but the services for each scenario lives now in THT. This submission moves this table to the repo in which the configuration is defined. Change-Id: I9ef1acefc6e1f347528a48edcb4d997a9628fcf6
2016-12-22Add hook to generate metadata from service profilesJuan Antonio Osorio Robles10-0/+47
This enables the deployer to dynamically add nova metadata to the servers based on the output of service profiles that implement the metadata_settings key in the role_data output for the profiles. One can set an implementation via the OS::TripleO::ServerMetadataHook resource, which currently is set as OS::Heat::None. So, because of the default implementation, if left untouched it actually does nothing. Currently, besides the list, which is metadata_settings, this hook also takes the name of the node that it's setting the metadata for. This is useful for nova vendordata plugins that can parse said metadata. Change-Id: I8a937f711f0b90156fbb6c4632760435ef846474
2016-12-21Merge "Use df instead of findmnt in cephstorage upgrade scripts"Jenkins1-1/+1
2016-12-21Merge "Add "deployed server" fake neutron ports"Jenkins5-29/+78
2016-12-21Merge "Synchronize NetworkDeployment inputs for generic roles"Jenkins1-0/+7
2016-12-21Add FreeIPA server installation scriptJuan Antonio Osorio Robles1-0/+94
This script is meant for CI and it deploys an instance of FreeIPA. This instance is needed for deploying TLS everywhere and will serve as the CA. The parameters relevant to this instance will then be passed to the overcloud deploy command. Change-Id: I38b880250c3b30d7fa1c9e56e82a1be8b59b7e30
2016-12-21Add a per service bootstrap node variableMichele Baldessari3-0/+28
In order to call commands that need to be run on a single node, we create a new per-service variable that will contain the first node of each role containing the service. Change-Id: I03e8685f939e8ae1fcd8b16883b559615042505d Partial-Bug: #1615983
2016-12-21Merge "Make the openvswitch 2.4->2.5 upgrade more robust"Jenkins10-80/+57
2016-12-21Merge "net-conf: make bridge and interface name optional"Jenkins1-5/+5
2016-12-20Adds missing firewall rules for OpenDaylight API serviceTim Rozet1-0/+6
Custom role deployments were not working when ODL API was on a different node due to firewall rules blocking traffic. This patch adds the missing rules for the REST communication to ODL (8081 by default), OVSDB connection (6640), and OpenFlow protocol (6653). Closes-Bug: 1651476 Depends-On: I1f2af2793d040fda17bf73252afe59434d99f31f Change-Id: Ic0119c783d01e864c49fa06a66fdd68c059a726b Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-12-20Merge "Set the default event pipeline publisher"Jenkins1-0/+5
2016-12-20Merge "Use OS::Heat::DeployedServer"Jenkins4-42/+10
2016-12-20Adds missing OpenDaylight username/password from ODL OVS serviceTim Rozet1-0/+11
ODL username and password are already present in the OpenDaylightApi service. However, when moving the OpenDaylightApi service to its own custom role, the Controller/Compute nodes no longer have access to these hiera values. This patch adds them also to the OpenDaylightOvs service. Closes-Bug: 1651499 Depends-On: I418643810ee6b8a2c17a4754c83453140ebe39c7 Change-Id: I169fdad4c94bd6dfc1fe7cde3d6b19b36d916af7 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-12-20Set gnocchi wsgi display namePradeep Kilambi1-0/+1
Depends-On: Ice921f0fdd4bec6de50e62c39c447ee40dc0e8f5 Change-Id: I4109ac83c32ee2365695611009579a8b117134ff
2016-12-20Set aodh wsgi display namePradeep Kilambi1-0/+1
Depends-On: I53b156505e08625d56ed6a302cf5b5c30e8e288c Change-Id: Id9791d8a19a74c1f0855e794170f66542f88a548
2016-12-20Set the default event pipeline publisherPradeep Kilambi1-0/+5
Since we have aodh enabled for alarms, we should set the notifier to the default queue alarm.all. Closes-bug: #1590473 Change-Id: Ibcb5076424ac2ddcd18ff717d82da1aec4c035cb
2016-12-20Use ws instead of http for Zaqar websocket endpointsDan Prince4-12/+12
This patch updates the endpoint map for Zaqar websockets so that we use ws (or wss for SSL) instead of the http varients. This should help resolve protocol issues when trying to make connections to the websocket API. Change-Id: Iea88d1e30299cb621424740a39d498defa371ca4
2016-12-20Merge "Expose param to enable legacy ceilometer api"Jenkins1-0/+5
2016-12-20Merge "Move UpgradeInitCommand to role templates"Jenkins7-37/+169
2016-12-20Merge "Run upgrade steps before post-deploy config"Jenkins2-8/+15
2016-12-20FreeIPA: Make OTP and FreeIPA server parameters optionalJuan Antonio Osorio Robles1-5/+16
In the freeipa-enroll.yaml, it can be the case that the node has been enrolled (via a cloud-init script); in this case, the OTP and the FreeIPA server are optional. However, we still need to get a kerberos ticket, which is the last step of this script, since this ticket is what certmonger will use to request the certificates in subsequent steps. Change-Id: I7e9d6a747cdcbe81c9a74a17db5e91aa9d459f65
2016-12-19Merge "Remove unused attr from templates"Jenkins1-1/+0
2016-12-19Merge "Revert "Switch mistral to use authtoken configuration""Jenkins1-4/+2
2016-12-19Revert "Switch mistral to use authtoken configuration"Ben Nemec1-4/+2
It turns out the puppet-mistral change this depends on broke introspection, so we need to back it out for now. This reverts commit ed029e5bf279945e82bff8766af4093856a7ac6a. Change-Id: I828478267935cdc68aa24de8c9dc2d12fcadb631
2016-12-19Merge "Switch mistral to use authtoken configuration"Jenkins1-2/+4
2016-12-19Use overcloud-full instead of atomic-imageSteve Baker3-131/+29
This switches to using overcloud-full as the OS image for containerized compute. It includes the following changes: - install docker, until this change lands I1eab2a6de721c8f3c21c7df0019f2d4d1cc3775f - agent image pull has been removed. This avoids a race between docker starting and the current call to pull. This relies on "docker run" to do the initial pull and leaves open the option of some other prefetch mechanism to do the initial pull - rely on unit Conflicts= to ensure heat-docker-agents and os-collect-config do not run at the same time - tweaks to host bind mounts - removal of commands which only apply to atomic Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I2e82634785834a877a4dbdbdcd788a9ac1c14a9d
2016-12-19Introduce role-specific NodeUserData, use for dockerSteve Baker8-1/+47
Currently when the docker environments are invoked, every node has the boot script run which replaces os-collect-config with the heat-agents container. This should only be happening on Compute nodes currently, and each role will be converted to heat-agents one at a time. This change implements a role-specific NodeUserData resource and uses that mechanism to run docker/firstboot/install_docker_agents.yaml only on Compute nodes. Change-Id: Id81811dbcaf0e661c3980aa25f3ca80db5ef0954
2016-12-19Add bind mounts for agent stateSteve Baker1-0/+3
These ensure that software configuration tasks are not re-run when the heat-agents container is restarted. Change-Id: Ieb84fe1f6dd849737ff22f51daa12ddc467dcdde
2016-12-19Merge "Add a type for the ControlVirtualIP resource"Jenkins2-1/+2
2016-12-19Merge "Correction to SRIOV THT Examples"Jenkins1-2/+3
2016-12-19Move UpgradeInitCommand to role templatesSteven Hardy7-37/+169
We can't run this during the upgrade steps, because there are things which need to happen before any role configuration happens, e.g installing the new hiera heat-config hook, which must be done before e.g "ControllerDeployment" runs or the stack update hangs. Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I365b57513590662c3f78a33dc625747f457c48c5
2016-12-19Run upgrade steps before post-deploy configSteven Hardy2-8/+15
For some upgrade scenarios, e.g all-in-one deployments, it may be possible to run the upgrade steps, then apply puppet in one stack update, so reverse the order here. For normal deployments the upgrade steps are mapped to OS::Heat::None so this will have no effect. Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I3c78751349a6ac2bc5dff82f67bffe13750ac21c
2016-12-19Merge "Set rabbitmq's port and IP via the config file and not the env file"Jenkins1-1/+3
2016-12-19Merge "Introduce role-specific nova-server-metadata"Jenkins6-12/+84
2016-12-19Merge "Enable SECURE_PROXY_SSL_HEADER option for horizon"Jenkins1-0/+1
2016-12-19Split OVN northd and ml2 pluginSteven Hardy6-11/+47
This allows us to take advantage of the composable roles hiera settings to connect the plugin to the northd/ovndb API without needing to hard-code the IP of the node running the service. Change-Id: I2508d48f81c1819ae3521fff271c0bdc50724604 Depends-On: I9af7bd837c340c3df016fc7ad4238b2941ba7a95 Closes-Bug: #1634171
2016-12-17Merge "Use hostname -s instead of hostnamectl --transient"Jenkins1-1/+1
2016-12-17Add "deployed server" fake neutron portsDan Prince5-29/+78
This patch swaps out the noop ctlplane port for a more proper fake neutron port stack. This stack is a swap in for the OS::Neutron::Port heat resource and can be controlled via the DeployedServerPortMap parameter. By relying on <hostname>-<network> naming conventions in the map we can map IPs to specific servers without using the Neutron API. This will allow us to inject IP information into the Heat stack within the new t-h-t undercloud installer which currently does not run a Neutron service. Change-Id: I29fbc720c3d582cbb94385e65e4b64b101f7eac9
2016-12-17net-conf: make bridge and interface name optionalDan Prince1-5/+5
Update the run-os-net-config.sh so that we make the bridge_name and interface_name parameters (supplied by the SoftwareConfig) optional. This allows operators to create custom network templates to be used on roles other than compute and controller which appear to be the only two roles which set bridge_name and interface_name parameters. Change-Id: I8997cf8177c1bf0e1f19de5f93dc4e81da1a951f
2016-12-16Increase libvirt/qemu.conf max_files and max_processesGiulio Fidente1-0/+3
When Nova and/or Cinder are using Ceph as backend, qemu will need to open a connection and two threads for each and every Ceph OSD. This change raises the max_files (set to 1024 by default) to 32768 and the max_processes (set to 4096 by default) to 131072. The max number of FDs is per-process, while the max number of processes is per-user. The values can be overridden via ExtraConfig, no params are added to the templates. A more detailed description of the values were chosen can be found at: https://access.redhat.com/solutions/1602683 Change-Id: I1e79675f6aac1b0fe6cc7269550fa6bc8586e1fb Depends-On: I258afd3ee6633e4b2ebc45aa8611be652476be0c
2016-12-16Introduce role-specific nova-server-metadataJuan Antonio Osorio Robles6-12/+84
We could already pass metadata to the nova server instances (on creation) via the ServerMetadata parameter, however, there was no way of doing this per-role. This introduces that by adding a {{role}}ServerMetadata parameter for each role. This parameter gets merged with the ServerMetadata parameter and allows this functionality. Note that both default to {}, and so does the result of merging those parameters with their default values. So nothing changes for the default settings. Change-Id: I334edcc51ce7ee82fc13b6cf4c0d74ccb7db099c
2016-12-15Add ZaqarApiNetwork to the service net mapDan Prince1-0/+1
Without this Zaqar API will fail to run due to a missing bind IP address in the config file. Change-Id: Icd0a6e85b7455e89f37f05399146d5e743359da8 Closes-bug: #1650307
2016-12-15Add pre-network hook and example showing config-then-rebootSteven Hardy8-0/+85
There are some requirements for early configuration that involves e.g setting kernel parameters then rebooting. Currently this can be done via cloud-init, e.g firstboot templates, but there's been discussion around enabling a SoftwareDeployment approach instead. The main advantage of doing it this way is there's an error path if something goes wrong with the config (except triggering the reboot as we have to use NO_SIGNAL for that). Change-Id: Ia54ee654f755631b8062eb5c209a60c6f9161500
2016-12-15Merge "Deployed server: switch to apply-config hook"Jenkins1-1/+1
2016-12-14Use hostname -s instead of hostnamectl --transientDan Prince1-1/+1
This patch updates the deployed-server interface to use a simple hostname -s. The previous hostnamectl --transient can pick up extra domain name configuration in some cases that can cause very odd hostname generation if used with the tripleo-heat-template host file generation. This would actually break the new undercloud t-h-t installer in that some of the /etc/hosts entries would be invalid (no IP address) due to substring replacements failing in a variety of odd hostname situations. Simplifying the hostname of deployed servers to just the short version seems the most sensable way to avoid all this. Change-Id: Ia7e636d021f948ea5234475cef02f666d8ce6999
2016-12-14Make the openvswitch 2.4->2.5 upgrade more robustmarios10-80/+57
In I9b1f0eaa0d36a28e20b507bec6a4e9b3af1781ae and I11fcf688982ceda5eef7afc8904afae44300c2d9 we added a manual step for upgrading openvswitch in order to specify the --nopostun as discussed in the bug below. This change adds a minor update to make this workaround more robust. It removes any existing rpms that may be around from an earlier run, and also checks that the rpms installed are at least newer than the version we are on. This also refactors the code into a common definition in the pacemaker_common_functions.sh which is included even for the heredocs generating upgrade scripts during init. Thanks Sofer Athlan-Guyot and Jirka Stransky for help with that. Change-Id: Idc863de7b5a8c116c990ee8c1472cfe377836d37 Related-Bug: 1635205
2016-12-14Set rabbitmq's port and IP via the config file and not the env fileJuan Antonio Osorio Robles1-1/+3
The RabbitMQ's puppet manifest configures the node's IP and port through environment variables. While this would usually be fine, it doesn't allow us to use TLS-only, since it will always try to start a TCP listener. So, by setting these values through the config file, when setting ssl_only for rabbitmq, they will effectively be discarded and thus allow us to use an SSL listener on the same port. Change-Id: I33d051a8c740baf69b99517378e1f9b0f3cc1681
2016-12-14Enable SECURE_PROXY_SSL_HEADER option for horizonJuan Antonio Osorio Robles1-0/+1
This reads makes Django take the X-Forwarded-Proto header into account when forming URLs. Change-Id: Ice64de9a11d7819ae7f380279ff356342d9b6673 Depends-On: Ifed7d4c3409419c01c5b20c707221c1fc76ea09e