Age | Commit message (Collapse) | Author | Files | Lines |
|
The staticweb middleware needs to be put after authentication
middlewares to ensure correct functionality as documented in
http://docs.openstack.org/developer/swift/middleware.html#staticweb
Without this Swift sends a HTML response even if the request was done
using a X-Auth-Token. This might result in a faulty handling of the response on
the client side; for example, "swift stat containername" would report an empty,
private container, while the container might actually be public readable with
data stored in it.
Closes-bug: 1494896
Change-Id: Id48840e0041f8d272e08def292fbedfaf76bbfbb
Co-Authored-By: Christian Schwede <cschwede@redhat.com>
|
|
This patch adds settings for swift::storage::all so
that we set the recommended the incoming and outgoing
chmod permissions.
Depends-On: I627ab2255087b0ebc2d3ddc9cd4a7a7d254abb65
Change-Id: I2f14c9afe7b7135ad1bfecb9db0a39bfc3b4d03a
|
|
Setting `show_image_direct_url` to true allows to enable Copy-On-Write
features when using some storage backends across Nova, Cinder & Glance.
It allows for example nearly instantaneous creation of instances root
disk and volumes when using RBD as a storage backend for all projects by
using Ceph features instead of downloading from Ceph via Glance, then
convert the image, then upload to Ceph via Nova or Cinder.
Change-Id: I1f56273c6b7c8d3922799cae07a66eebc0884205
|
|
Updates the /puppet directory templates so that we drop the
'-puppet' from the filenames. This is redundant because
we already have puppet in the directory name and fixes
inconsistencies where we aren't using -puppet in
all the files within the puppet directory.
Depends-On: I71cb07b2f5305aaf9c43ab175cca976e844b8175
Change-Id: I70d6e048a566666f5d6e5c2407f8a6b4fd9f6f87
|
|
This is unused on compute nodes and does not need to be specified.
Further, nova::api is not even included in the compute puppet manifest,
so it had no effect anyway.
Change-Id: I7589bf544fb1ddad3cd371869756cb880c0bac37
|
|
We were calling nova_config resource to define it
but as of Ic060fc18c8f5d7dc8fcf1d7bd921623dc505a515
its now included as part of the nova::api class.
Closes-bug: #1498237
Change-Id: I948f26304536e2d692acf38d994d29167672168b
Depends-On: I2789e782a4fd673e09c6334b6d56819c68414c80
|
|
|
|
This patch updates all network configuration templates so that
we configure the ctlplane network interface with a static IP
instead of using DHCP.
The IP address used for the static IP is passed into each
nested stack network configuration template via the ControlPlaneIp
parameter.
Three new nested stack parameters called ControlPlaneSubnetCidr,
ControlPlaneDefaultRoute, and EC2MetadataIp have been added to help
configure the CIDR, default route, and EC2 metadata route on the ctlplane
statically. These parameters can be customized via the
parameter_defaults section in the heat environment.
A single new template called net-config-static-bridge.yaml has
been added to help migrate towards using the static
configuration templates when not using network isolation.
Depends-On: I257e1cba6dee16f73f75512d1284e1e3b9d4c831
Change-Id: Ib267e6dcf2d5ff77f7a82ee20a123965c2d07565
|
|
The puppet-neutron changes to remove the usage of ERB templates require
changing the format of the 'servers' hash/dictionary to include a key
for use with puppet's create_resources directly from hiera data.
Depends-On: I401371c9e5176de7ce19d4d4e878e9f2e69aab80
Change-Id: I950b7fb019dd8dd072592618b968a19df5c9c884
|
|
Switch the implemention from a pre_deploy ExtraConfig to an
AllNodesExtraConfig, so we can collect the mac->hostname mapping
for all nodes, then calculate a NexusConfig based on that and
a provided mapping of switch ports to mac address.
The same conversion is also done to the NetworkUCSMHostList:
The port mappings are provided via parameter_defaults like:
parameter_defaults:
NetworkNexusConfig: {
"bxb-tor-1": {
"username": "admin",
"ssh_port": 22,
"password": "lab",
"ip_address": "10.86.7.204",
"nve_src_intf": 0,
"physnet": "datacentre",
"servers": {
"fa:16:3e:fa:be:ef": "1/11",
"fa:16:3e:fa:5e:cf": "1/23",
"fa:16:3e:fa:12:34": "2/34"
}
}
}
NetworkUCSMHostList: 'fa:16:3e:fa:be:ef:profile1'
This results in an entry like this appended to
/etc/puppet/hieradata/neutron_cisco_data.yaml:
neutron::plugins::ml2::cisco::nexus::nexus_config:\
{"bxb-tor-1": {"username": "admin", "nve_src_intf": 0, "ssh_port": 22,
"servers": {"overcloud-compute02": "2/34", "overcloud-compute01": "1/23",
"overcloud-control01": "1/11"}, "password": "lab", "ip_address": "10.86.7.204",
"physnet": "datacentre"}}
neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: overcloud-control01:profile1
Co-Authored-By: Rob Pothier <rpothier@cisco.com>
Co-Authored-By: Tim Swanson <tiswanso@cisco.com>
Change-Id: I372c3ffb6bd85b7239fcb9f3fc4fa51cd4a39332
|
|
Adds hook to enable additional "AllNodes" config to be performed prior
to applying puppet - this is useful when you need to build
configuration data which requires knowledge of all nodes in a cluster,
or of the entire deployment.
As an example, there is a sample config template which collects the
hostname and mac addresses for all nodes in the deployment then writes
the data to all Controller nodes. Something similar to this may be
required to enable creation of the nexus_config in
https://review.openstack.org/#/c/198754/
There's also another, simpler, example which shows how you could share
the output of an OS::Heat::RandomString between nodes.
Change-Id: I8342a238f50142d8c7426f2b96f4ef1635775509
|
|
|
|
|
|
|
|
|
|
Add support for Big Switch Neutron ML2 plugin. Makes sure that the
package is present and sets up the [restproxy] section in ml2_conf.ini.
This also adds support for setting the ovs_use_veth option in
l3_agent.ini. There is no support for this in puppet-neutron l3 class
and it probably doesn't make sense adding it there, because this setting
isn't relevant for all l3 agent drivers, it's specific to
OVSInterfaceDriver. The ovs_use_veth option is also added to
dhcp_agent.ini.
Change-Id: I99635e25b2099dacce68154fe14693d6f06ac19f
|
|
|
|
|
|
|
|
This enables support for the Cisco UCS Manager and Cisco
Nexus plugins
Change-Id: I1bc28a4768d5d6857a0504ca1f77dd71259570b8
|
|
Adds a "validate" tox env for basic sanity checking of templates.
Currently it just validates that all of the .yaml files are in fact
valid YAML. In the future we might want to add more, but this
seemed like a reasonable start.
Change-Id: I8091bbad0003b150e23dae5de4f465053c982229
|
|
|
|
|
|
|
|
|
|
|
|
The latest Heat API is a bit more strict in validating
the datatypes for the OS::Neutron::Net value_specs.
This patch converts the default parameter types for
these from string to json.
Change-Id: Iaad6ee6417d3ae55c52ffe2f4e6ed79124161923
Closes-bug: #1493502
|
|
|
|
As of I54a75652efd5e91464b84adf84004400b343c3a5 for rdb
this is being done by the cinder puppet module.
Change-Id: I109e139fcbb859a0d9ed99054656be94975d33b5
|
|
Moves the default KeystoneAdminApiNetwork setting to the ctlplane
so that the undercloud will always have easy access to be able
to configure endpoints.
Change-Id: I1f6aba62b98820b678cce1ca16e72a0c3d045720
|
|
This patch adds explicit nested stack parameters to
help manage use of the Keystone Admin API vs. the
Keystone Public API.
We also add a new output parameter specifically for the Keystone admin
API VIP. This can be useful when configuring keystone endpoints
with network isolation.
Change-Id: I2bd3e61570151e2faeee14ee09b03ad0b3208cc1
|
|
|
|
When using network isolation you might want to selective
move one of the services back to the default ctlplane network
by simply using the ServiceNetMap parameter. This patch
adds ctlplane to the output parameters for both
the net_ip_map and net_ip_list_map nested stacks so that
this is possible.
As part of this patch we also split out the NetIpSubnetMap
into its own unique nested stack so that the Heat input
parameters for this stack are more clearly named.
Change-Id: Iaa2dcaebeac896404e87ec0c635688b2a59a9e0f
|
|
Reinstates the heat-admin user via template user-data, which
replaces the previous boothook injected user provided by the
(deprecated now removed) heat instance_user option.
This has some advantages over the heat.conf option, e.g it allows
for much easier customzation of the user configuration (additional
SSH keys, adding groups etc), and also in future if we support
deploying more than one overcloud you could specify a different
user per deployment.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Change-Id: I2235b9690c01542d8a28ec1c1a4607de751aea29
Closes-Bug: #1229849
|
|
This is another missing constraint. The `require-all=false` part is good
to have, otherwise Ceilometer (and transitively Heat) would switch to
A/P mode. However, at the moment `require-all=false` isn't a recognized
parameter on Fedora, hence the logic fork based on $::operatingsystem.
Change-Id: I2657087192a05b2d8f0ab04ec60631d35331bf6c
|
|
This is required for HA to work correctly.
Change-Id: I9faa8fd7bbbac67de5c468ab6fc4edb2260dffe7
Depends-On: https://github.com/redhat-openstack/puppet-pacemaker/pull/61
|
|
This can probably only be merged when we move CI forward from Fedora 21
to Fedora 22.
Change-Id: I3a3db4b179cc19756f75003dacd2bb4cd957f0de
|
|
We don't have swap space enabled on overcloud-full deploys
as discussed at https://bugs.launchpad.net/tripleo/+bug/1491335
The default is 1.5 so configure Virtual ram to physical ram
allocation ratio to 1:1 so we don't allow overcommit.
Related-Bug: 1491335
Change-Id: I58cfe6dc68e8615a5519428412dec8c653bd6093
|
|
|
|
These were missing and are required for a correct deployment.
Change-Id: I49a61d0ab2f750f2620927a40f798d11b241b2c0
|
|
This change introduces an environment file that includes isolated
networks but does not include a Tenant tunneling network. This is
for deployments where the tenant networking will be provided by
tenant VLANs, or provider networks, or another non-tunneling method.
Change-Id: I8a05e341de80c2add418f22fa7f6f06349d378d6
|
|
This is passed from the heat templates as hiera data (defaulting
to 'openvswitch') but never effected, meaning we get the puppet
module default.
Change-Id: I3f14cdce9b9bf278aa9b107b2d313e1e82a20709
Closes-Bug: 1488176
|
|
VXLAN has better performance (20-25% better)
NICs with VXLAN offload are more common
Change-Id: If57c79a1309ae178b3e82d54bb101dde584c86cc
Related: rhbz#1244864
|
|
|
|
This change enables Keystone notifications and adds two parameters
to control the notification driver and format.
Change-Id: I23ac3c46ee9eb49523d3b8dab027ef21fc6e42df
|
|
This change removes a hardcoded value for the bond name in the NIC
config for the compute node in the bond-with-vlan NIC config
templates. When this hardcoded value of "br-bond" is used, then the
Neutron bridge mappings must be set to set to datacentre:br-bond in
order for VLAN mode networking to recognize the bridge. By using the
input value for bridge_name we will ensure that the controller and
compute nodes have the same bridge name (defaults to "br-ex"), and
that the defaults will work with VLAN mode.
Change-Id: I28654ab93e3c10a8597c8b877f3f2f6b3eca887c
|
|
This patch adds support for using an externally managed Ceph
cluster with the TripleO Heat templates.
For an externally managed Ceph cluster we initially
only deploy the Ceph client tools, install the 'openstack' user
keyring, and generate the ceph.conf. This matches what we do
for managed Ceph installations and is a good first start.
No other Ceph related services are installed or managed.
To enable use of a Ceph external cluster simply add
the custom Heat environment file environments/puppet-ceph-external.yaml
to your heat stack create/update command and make sure to
set the required CephClientKey, CephExternalMonHost, and CephClusterFSID
variables.
Change-Id: I0a8b213ce9dfa2fc4e62ae1e7631466e5179fc2b
|
|
|
|
|
|
This patch adds extra heat environments that can be used
to enable network isolation without using the external
network. Instead of a separate external network the ctlplane
will be used for all of the external/public traffic.
Change-Id: Ia542cee02121771d7d57ac701b62d7608e8d1855
|