aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2015-09-22Put staticweb middleware after keystoneauth in proxy pipelineEmilien Macchi1-1/+1
The staticweb middleware needs to be put after authentication middlewares to ensure correct functionality as documented in http://docs.openstack.org/developer/swift/middleware.html#staticweb Without this Swift sends a HTML response even if the request was done using a X-Auth-Token. This might result in a faulty handling of the response on the client side; for example, "swift stat containername" would report an empty, private container, while the container might actually be public readable with data stored in it. Closes-bug: 1494896 Change-Id: Id48840e0041f8d272e08def292fbedfaf76bbfbb Co-Authored-By: Christian Schwede <cschwede@redhat.com>
2015-09-22swift::storage::all deprecation cleanupDan Prince1-1/+4
This patch adds settings for swift::storage::all so that we set the recommended the incoming and outgoing chmod permissions. Depends-On: I627ab2255087b0ebc2d3ddc9cd4a7a7d254abb65 Change-Id: I2f14c9afe7b7135ad1bfecb9db0a39bfc3b4d03a
2015-09-22Enable glance-api show_image_direct_url for COWFrançois Charlier1-0/+1
Setting `show_image_direct_url` to true allows to enable Copy-On-Write features when using some storage backends across Nova, Cinder & Glance. It allows for example nearly instantaneous creation of instances root disk and volumes when using RBD as a storage backend for all projects by using Ceph features instead of downloading from Ceph via Glance, then convert the image, then upload to Ceph via Nova or Cinder. Change-Id: I1f56273c6b7c8d3922799cae07a66eebc0884205
2015-09-22Rename -puppet.yaml templates.Dan Prince10-9/+9
Updates the /puppet directory templates so that we drop the '-puppet' from the filenames. This is redundant because we already have puppet in the directory name and fixes inconsistencies where we aren't using -puppet in all the files within the puppet directory. Depends-On: I71cb07b2f5305aaf9c43ab175cca976e844b8175 Change-Id: I70d6e048a566666f5d6e5c2407f8a6b4fd9f6f87
2015-09-22Remove default_floating_pool in compute.yamlJames Slagle1-1/+0
This is unused on compute nodes and does not need to be specified. Further, nova::api is not even included in the compute puppet manifest, so it had no effect anyway. Change-Id: I7589bf544fb1ddad3cd371869756cb880c0bac37
2015-09-22Pass default_floating_pool into nova::api classDerek Higgins2-7/+3
We were calling nova_config resource to define it but as of Ic060fc18c8f5d7dc8fcf1d7bd921623dc505a515 its now included as part of the nova::api class. Closes-bug: #1498237 Change-Id: I948f26304536e2d692acf38d994d29167672168b Depends-On: I2789e782a4fd673e09c6334b6d56819c68414c80
2015-09-21Merge "Configure ctlplane network with a static IP"Jenkins24-66/+454
2015-09-17Configure ctlplane network with a static IPDan Prince24-66/+454
This patch updates all network configuration templates so that we configure the ctlplane network interface with a static IP instead of using DHCP. The IP address used for the static IP is passed into each nested stack network configuration template via the ControlPlaneIp parameter. Three new nested stack parameters called ControlPlaneSubnetCidr, ControlPlaneDefaultRoute, and EC2MetadataIp have been added to help configure the CIDR, default route, and EC2 metadata route on the ctlplane statically. These parameters can be customized via the parameter_defaults section in the heat environment. A single new template called net-config-static-bridge.yaml has been added to help migrate towards using the static configuration templates when not using network isolation. Depends-On: I257e1cba6dee16f73f75512d1284e1e3b9d4c831 Change-Id: Ib267e6dcf2d5ff77f7a82ee20a123965c2d07565
2015-09-17Support new form of servers config for ML2 cisco nexus allnodes config.tiswanso1-2/+1
The puppet-neutron changes to remove the usage of ERB templates require changing the format of the 'servers' hash/dictionary to include a key for use with puppet's create_resources directly from hiera data. Depends-On: I401371c9e5176de7ce19d4d4e878e9f2e69aab80 Change-Id: I950b7fb019dd8dd072592618b968a19df5c9c884
2015-09-17Port Cisco Nexus/UCSM ExtraConfig to AllNodesSteven Hardy3-144/+328
Switch the implemention from a pre_deploy ExtraConfig to an AllNodesExtraConfig, so we can collect the mac->hostname mapping for all nodes, then calculate a NexusConfig based on that and a provided mapping of switch ports to mac address. The same conversion is also done to the NetworkUCSMHostList: The port mappings are provided via parameter_defaults like: parameter_defaults: NetworkNexusConfig: { "bxb-tor-1": { "username": "admin", "ssh_port": 22, "password": "lab", "ip_address": "10.86.7.204", "nve_src_intf": 0, "physnet": "datacentre", "servers": { "fa:16:3e:fa:be:ef": "1/11", "fa:16:3e:fa:5e:cf": "1/23", "fa:16:3e:fa:12:34": "2/34" } } } NetworkUCSMHostList: 'fa:16:3e:fa:be:ef:profile1' This results in an entry like this appended to /etc/puppet/hieradata/neutron_cisco_data.yaml: neutron::plugins::ml2::cisco::nexus::nexus_config:\ {"bxb-tor-1": {"username": "admin", "nve_src_intf": 0, "ssh_port": 22, "servers": {"overcloud-compute02": "2/34", "overcloud-compute01": "1/23", "overcloud-control01": "1/11"}, "password": "lab", "ip_address": "10.86.7.204", "physnet": "datacentre"}} neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: overcloud-control01:profile1 Co-Authored-By: Rob Pothier <rpothier@cisco.com> Co-Authored-By: Tim Swanson <tiswanso@cisco.com> Change-Id: I372c3ffb6bd85b7239fcb9f3fc4fa51cd4a39332
2015-09-17Add "AllNodes" ExtraConfig interfaceSteven Hardy6-6/+244
Adds hook to enable additional "AllNodes" config to be performed prior to applying puppet - this is useful when you need to build configuration data which requires knowledge of all nodes in a cluster, or of the entire deployment. As an example, there is a sample config template which collects the hostname and mac addresses for all nodes in the deployment then writes the data to all Controller nodes. Something similar to this may be required to enable creation of the nexus_config in https://review.openstack.org/#/c/198754/ There's also another, simpler, example which shows how you could share the output of an OS::Heat::RandomString between nodes. Change-Id: I8342a238f50142d8c7426f2b96f4ef1635775509
2015-09-17Merge "Big Switch Neutron ML2 plugin integration"Jenkins5-0/+111
2015-09-17Merge "network validation to ping test each interface"Jenkins5-0/+110
2015-09-17Merge "Add YAML sanity check"Jenkins2-0/+49
2015-09-16Merge "Set pacemaker default resource-stickiness"Jenkins2-0/+4
2015-09-16Big Switch Neutron ML2 plugin integrationJiri Stransky5-0/+111
Add support for Big Switch Neutron ML2 plugin. Makes sure that the package is present and sets up the [restproxy] section in ml2_conf.ini. This also adds support for setting the ovs_use_veth option in l3_agent.ini. There is no support for this in puppet-neutron l3 class and it probably doesn't make sense adding it there, because this setting isn't relevant for all l3 agent drivers, it's specific to OVSInterfaceDriver. The ovs_use_veth option is also added to dhcp_agent.ini. Change-Id: I99635e25b2099dacce68154fe14693d6f06ac19f
2015-09-16Merge "Enable Cisco Nexus and UCSM plugins"Jenkins5-0/+184
2015-09-16Merge "Add 4 pacemaker constraints for keystone"Jenkins1-0/+37
2015-09-15Merge "Ensure mysql root can only connect from localhost"Jenkins1-0/+1
2015-09-15Enable Cisco Nexus and UCSM pluginsRobert Pothier5-0/+184
This enables support for the Cisco UCS Manager and Cisco Nexus plugins Change-Id: I1bc28a4768d5d6857a0504ca1f77dd71259570b8
2015-09-15Add YAML sanity checkBen Nemec2-0/+49
Adds a "validate" tox env for basic sanity checking of templates. Currently it just validates that all of the .yaml files are in fact valid YAML. In the future we might want to add more, but this seemed like a reasonable start. Change-Id: I8091bbad0003b150e23dae5de4f465053c982229
2015-09-15Merge "switch to vxlan by default"Jenkins7-14/+14
2015-09-15Merge "Consume the NeutronMechanismDrivers from the hiera data"Jenkins2-0/+2
2015-09-11Merge "Set NetValueSpecs parameter types to Json"Jenkins5-5/+5
2015-09-10Merge "Set the nova scheduler ram_allocation_ration to 1.0"Jenkins3-0/+3
2015-09-09Merge "Don't add 'host' parameter to cinder.conf"Jenkins2-8/+0
2015-09-08Set NetValueSpecs parameter types to JsonDan Prince5-5/+5
The latest Heat API is a bit more strict in validating the datatypes for the OS::Neutron::Net value_specs. This patch converts the default parameter types for these from string to json. Change-Id: Iaad6ee6417d3ae55c52ffe2f4e6ed79124161923 Closes-bug: #1493502
2015-09-08Merge "Add NodeAdminUserData interface for "heat-admin" user"Jenkins7-5/+123
2015-09-07Don't add 'host' parameter to cinder.confDerek Higgins2-8/+0
As of I54a75652efd5e91464b84adf84004400b343c3a5 for rdb this is being done by the cinder puppet module. Change-Id: I109e139fcbb859a0d9ed99054656be94975d33b5
2015-09-05Set default KeystoneAdminApiNetwork to ctlplaneDan Prince1-1/+1
Moves the default KeystoneAdminApiNetwork setting to the ctlplane so that the undercloud will always have easy access to be able to configure endpoints. Change-Id: I1f6aba62b98820b678cce1ca16e72a0c3d045720
2015-09-05Keystone network isolation fixesDan Prince5-8/+25
This patch adds explicit nested stack parameters to help manage use of the Keystone Admin API vs. the Keystone Public API. We also add a new output parameter specifically for the Keystone admin API VIP. This can be useful when configuring keystone endpoints with network isolation. Change-Id: I2bd3e61570151e2faeee14ee09b03ad0b3208cc1
2015-09-05Merge "Support for using external Ceph clusters"Jenkins7-10/+143
2015-09-05Allow 'ctlplane' to be used within Net IP MapsDan Prince11-13/+75
When using network isolation you might want to selective move one of the services back to the default ctlplane network by simply using the ServiceNetMap parameter. This patch adds ctlplane to the output parameters for both the net_ip_map and net_ip_list_map nested stacks so that this is possible. As part of this patch we also split out the NetIpSubnetMap into its own unique nested stack so that the Heat input parameters for this stack are more clearly named. Change-Id: Iaa2dcaebeac896404e87ec0c635688b2a59a9e0f
2015-09-03Add NodeAdminUserData interface for "heat-admin" userSteven Hardy7-5/+123
Reinstates the heat-admin user via template user-data, which replaces the previous boothook injected user provided by the (deprecated now removed) heat instance_user option. This has some advantages over the heat.conf option, e.g it allows for much easier customzation of the user configuration (additional SSH keys, adding groups etc), and also in future if we support deploying more than one overcloud you could specify a different user per deployment. Co-Authored-By: Dan Prince <dprince@redhat.com> Change-Id: I2235b9690c01542d8a28ec1c1a4607de751aea29 Closes-Bug: #1229849
2015-09-02Add redis ordering with ceilometer-centralJiri Stransky1-0/+16
This is another missing constraint. The `require-all=false` part is good to have, otherwise Ceilometer (and transitively Heat) would switch to A/P mode. However, at the moment `require-all=false` isn't a recognized parameter on Fedora, hence the logic fork based on $::operatingsystem. Change-Id: I2657087192a05b2d8f0ab04ec60631d35331bf6c
2015-09-02Set pacemaker default resource-stickinessJiri Stransky2-0/+4
This is required for HA to work correctly. Change-Id: I9faa8fd7bbbac67de5c468ab6fc4edb2260dffe7 Depends-On: https://github.com/redhat-openstack/puppet-pacemaker/pull/61
2015-09-02Re-add constranits between nova-api and nova-novncproxyJiri Stransky1-18/+16
This can probably only be merged when we move CI forward from Fedora 21 to Fedora 22. Change-Id: I3a3db4b179cc19756f75003dacd2bb4cd957f0de
2015-09-02Set the nova scheduler ram_allocation_ration to 1.0Emilien Macchi3-0/+3
We don't have swap space enabled on overcloud-full deploys as discussed at https://bugs.launchpad.net/tripleo/+bug/1491335 The default is 1.5 so configure Virtual ram to physical ram allocation ratio to 1:1 so we don't allow overcommit. Related-Bug: 1491335 Change-Id: I58cfe6dc68e8615a5519428412dec8c653bd6093
2015-08-31Merge "Enable Keystone notifications"Jenkins5-0/+42
2015-08-31Add 4 pacemaker constraints for keystoneJiri Stransky1-0/+37
These were missing and are required for a correct deployment. Change-Id: I49a61d0ab2f750f2620927a40f798d11b241b2c0
2015-08-28Add environment for isolated networks without tunneling VLANDan Sneddon1-0/+37
This change introduces an environment file that includes isolated networks but does not include a Tenant tunneling network. This is for deployments where the tenant networking will be provided by tenant VLANs, or provider networks, or another non-tunneling method. Change-Id: I8a05e341de80c2add418f22fa7f6f06349d378d6
2015-08-25Consume the NeutronMechanismDrivers from the hiera datamarios2-0/+2
This is passed from the heat templates as hiera data (defaulting to 'openvswitch') but never effected, meaning we get the puppet module default. Change-Id: I3f14cdce9b9bf278aa9b107b2d313e1e82a20709 Closes-Bug: 1488176
2015-08-21switch to vxlan by defaultMike Burns7-14/+14
VXLAN has better performance (20-25% better) NICs with VXLAN offload are more common Change-Id: If57c79a1309ae178b3e82d54bb101dde584c86cc Related: rhbz#1244864
2015-08-18Merge "Wire in Compute pre-deployment extraconfig"Jenkins2-1/+13
2015-08-18Enable Keystone notificationsGiulio Fidente5-0/+42
This change enables Keystone notifications and adds two parameters to control the notification driver and format. Change-Id: I23ac3c46ee9eb49523d3b8dab027ef21fc6e42df
2015-08-17Remove hardcoded bridge name in bonded compute NIC configDan Sneddon1-1/+1
This change removes a hardcoded value for the bond name in the NIC config for the compute node in the bond-with-vlan NIC config templates. When this hardcoded value of "br-bond" is used, then the Neutron bridge mappings must be set to set to datacentre:br-bond in order for VLAN mode networking to recognize the bridge. By using the input value for bridge_name we will ensure that the controller and compute nodes have the same bridge name (defaults to "br-ex"), and that the defaults will work with VLAN mode. Change-Id: I28654ab93e3c10a8597c8b877f3f2f6b3eca887c
2015-08-13Support for using external Ceph clustersDan Prince7-10/+143
This patch adds support for using an externally managed Ceph cluster with the TripleO Heat templates. For an externally managed Ceph cluster we initially only deploy the Ceph client tools, install the 'openstack' user keyring, and generate the ceph.conf. This matches what we do for managed Ceph installations and is a good first start. No other Ceph related services are installed or managed. To enable use of a Ceph external cluster simply add the custom Heat environment file environments/puppet-ceph-external.yaml to your heat stack create/update command and make sure to set the required CephClientKey, CephExternalMonHost, and CephClusterFSID variables. Change-Id: I0a8b213ce9dfa2fc4e62ae1e7631466e5179fc2b
2015-08-06Merge "Drive DB initialization via Hiera"Jenkins4-102/+75
2015-08-06Merge "Add a default setting for BondInterfaceOvsOptions"Jenkins1-1/+2
2015-08-06Support network isolation without external netsDan Prince6-0/+288
This patch adds extra heat environments that can be used to enable network isolation without using the external network. Instead of a separate external network the ctlplane will be used for all of the external/public traffic. Change-Id: Ia542cee02121771d7d57ac701b62d7608e8d1855