Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Having the endpoint map in the same environment as the SSL
certificate parameters means that every time a service is added to
the overcloud, the user must remember to update their copy of
enable-tls.yaml to reflect the new service.
To avoid this, let's separate the SSL EndpointMap from the SSL
certificates so users can simply pass the shipped list of SSL
endpoints and only have to customize the certificate env file. As
and added bonus, this means they won't have to put the certificates
in enable-tls.yaml specifically. The parameters can be set
anywhere, and will be used as long as one of the tls-endpoints
envs is also specified.
inject-trust-anchor.yaml is not changed, but it could already be
used in the same fashion. The root certificate param could be set
in any env passed after inject-trust-anchor.yaml, and then
inject-trust-anchor.yaml would only be responsible for setting the
appropriate resource_registry entry. This way there is no need to
customize the in-tree inject-trust-anchor.yaml either.
Change-Id: I38eabb903b8382e6577ccc97e21fbb9d09c382b3
|
|
|
|
Change-Id: I8107b84eaea8baf3ed664c70d4cf16537d869bcb
|
|
* Add service for configuring Nova compute with Ironic
* Fix authentication in Ironic APU
* Provide a separate environment file for enabling Ironic
Change-Id: I211e6d91eacd238b04a1aa37528d5a91523407d9
Partially-Implements: blueprint ironic-integration
|
|
These were removed in https://review.openstack.org/#/c/347050
but it turns out the defaults in the role templates is bad, as
an empty string results in a malformed hosts file fqdn.
So, partially revert that patch so we always pass the global
CloudDomain from overcloud.yaml, accepting the default configured
there, and remove the empty-string defaults in the role templates.
Change-Id: I0ea4190a23488986a3ee9e887328e0e7a03fe3aa
|
|
Currently we have a hard-coded set of per-service parameters, which
will cause problems for custom roles and full composability.
As a first step towards making this more configurable, remove the
hard-coded per-service parameters from overcloud.yaml, and adjust
the EndpointMap generation to instead accept two mappings, the
ServiceNetMap and a mapping of networks to IPs (effectively this
just moves the map lookup inside the endpoint map instead of
inside overcloud.yaml)
Change-Id: Ib522e89c36eed2115a6586dd5a6770907d9b33db
Partially-Implements: blueprint custom-roles
|
|
|
|
To enable composable generation of this switch the key names
to align with the service_name of each service.
Note that this should depend on I423b544df174254ac511b906b0c570e701678022
and previously passed CI with that defined, but because we now run
gate validation jobs on puppet-tripleo it's impossible to land, so
this now contains both old and new hiera keys temporarily, which will
be removed when the puppet-tripleo patch lands.
Change-Id: I7febf28bf409e25e8e5961ab551b6d56bb11e0c6
Partially-Implements: blueprint custom-roles
|
|
|
|
manila::keystone::auth assumes that two endpoints will be created;
one for each version of Manila. This is not consistent with what we
provide to the manifest. So we then add the needed endpoint to the
EndpointMap.
v2 is left as the default (not needing to specify a version when
getting the value from the endpoint map), and v1 was added as an
extra suffix.
Change-Id: Ie8754fbb21f50c2613a2c05a52d771f4d1aeb4bb
|
|
|
|
|
|
This adds the needed parts for the keystone endpoint of cinder v3
API.
Change-Id: Ic56446095e72b9e469a7b0e9ea5159fa31847381
|
|
Tempest tests for cinder contain backup tests that fail
unless cinder-backup service is started. This patch facilitates
the service start upon the overcloud deployment.
Original patch converted to composable role.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Depends-On: Ib1dfe52b83ab01819fc669312967950e75d8ddf1
Change-Id: I9ca97b3f1c26aac6d81b3525377e1f5fb962313f
|
|
This patch adds a parameter, EnableConfigPurge, to the base nova and
neutron service files. The value is passed to their respective puppet
modules to control whether resources not managed by puppet are purged
from the config files. The default value is set to true.
Change-Id: I32732dc2ed7a7b3187e8727592cb4add0c6b9cf6
Closes-Bug: #1611800
|
|
|
|
To allow per-node data such as bind_ip's to move into the
composable services templates, we do a value substitution
on the config settings hiera map, where e.g internal_api
will be replaced with the NetIpMap IP assigned to that.
To enable subnet/uri lookup via the same method, we add
all the subnet/uri mappings to the main net_ip_map output.
Change-Id: I7850d4dc8bf4db5f7ac6a6b53c1d900b561b4580
|
|
this is no longer needed here as it's not used anymore.
Change-Id: I8aa9cc5f991fccc8c9acc81fb96e71b7e3fc145e
|
|
In the move to composable services, these parameters are not
necessary in the controller, but in the profile itself. They are not
yet in use but will be used to populate the keystone endpoint.
Change-Id: Iab3ab05e16872d94d3b3ab4827e2f87f4970aee3
|
|
|
|
To enable custom-roles we need to pass these directly into th
role template (where these are already defined with the same
names). The remaining parameters which will be removed in
subsequent patches, as some will require additional work to
ensure backwards compatibility.
Change-Id: I5a7e4f12aa7b9697086c1e19a4f7fcb24198c1d4
Partially-Implements: blueprint custom-roles
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Change-Id: I21c09b2b0bad7736f3c84c55bf14ef7986c2d108
|
|
In the move to composable services, these parameters are not
necessary in the controller, but in the profile itself. They are not
yet in use but will be used to populate the keystone endpoint.
Change-Id: I42e30243b631c10d9454da444afdb50e551bbb2c
|
|
|
|
HDP plugin was deprecated in newton and not supported in sahara
replace it with supported ambari plugin
Change-Id: I6998e3e1e1fe9a81c7941aec90c876ee133a601d
Closes-bug: 1611107
|
|
|
|
|
|
This change adds the ManagementInterfaceDefaultRoute parameter
for setting the Management network as the default route in some
deployments. Notes were added to indicate that if the Management
network is used as the default gateway, then the default route
on the control plane should be commented out.
The sample network-environment.yaml was modified to include the
ManagementInterfaceDefaultRoute, but this is commented out like
the rest of the Management network parameters.
This change also adds the ControlPlaneDefaultRoute and
ExternalInterfaceDefaultRoute to all templates, so that if the
networks are customized, the NIC configs can be modified without
having to modify the parameters section of the template. The
default for the ExternalInterfaceDefaultRoute is '10.0.0.1', and
the default for ManagementInterfaceDefaultRoute is set to 'unset'.
This change also converts the single-nic-linux-bridge-vlans from
DHCP to static IPs on the Control Plane Interface, bringing these
templates in line with the rest of the NIC config templates. The
parameters needed to be updated in these templates as well.
The controller-v6.yaml templates had a default value of "10.0.0.1"
for the ExternalInterfaceDefaultRoute. This was confusing, and is
now undefined.
This change also sets a default gateway on the Control Plane in
controller-no-external.yaml templates.
Change-Id: I8ea6733fe46902e1baeff4ccfbcd42ecc5a1825f
|
|
Static hieradata moved to composable services, we don't need the files
anymore. It also cleanup how we construct Hieradata configuration by
removing unused hiera files.
Change-Id: I19f85b6c1b734473cf908ddaca29ad966f9f5405
|
|
This change adds a CephPools parameter which can be used to
provide custom settings for any Ceph pool.
It also removes our custom setting for the default pg_num,
pgp_num and size so that these are used for the managed
pools (and can be overridden) but aren't enforced globally.
Change-Id: Idcf28bec46beabb1b590fc8e78b43e58d8e35717
Closes-Bug: 1517969
Depends-On: I38978f0f3119e4ab7dd45021e598253cb066cb5a
|
|
|
|
This is not necessary in the controller.yaml and is more appropriate
in the profile.
Change-Id: Ie2badbd87eabb8404acff77e9aa5d091fbdd1499
|
|
Heat API and CFN API both need to have teh keystone::auth*::tenant
parameters configured.
Change-Id: Ibdc3d693f5a63362add3fc71064fc01bb4593403
|
|
In the move to composable services, these parameters are not
necessary in the controller, but in the profile itself. They are not
yet in use but will be used to populate the keystone endpoint.
Change-Id: Ib9b0e474f875a4b2ffbda11c01cb882149997b0c
|
|
In the move to composable services, these parameters are not
necessary in the controller, but in the profile itself. They are not
yet in use but will be used to populate the keystone endpoint.
Change-Id: Ia0866d893c2f3258b0e00efcb8894c7643980173
|
|
|
|
Currently Keystone auth plugins should be used to perform authorization.
admin_* parameters as well as identity_uri are deprecated and not needed
Change-Id: I3018932a106df562e94067e037b3bc862be97b51
|
|
|
|
|
|
The overcloud stack now contains a parameter RedisVirtualFixedIPs which will
allow people to specify the IP address they would like to be assigned as a vip
used by Redis. This will allow people full control over what IPs are used as
VIPs during a deployment.
Change-Id: Ib24e62847c4ac43fcd2a09bc84b4a76e992add4b
|
|
This patch makes it possible to set
OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None
in your resource_registry and thereby avoid the creation of
a neutron port for the deployed server. This is useful if
you are bootstrapping things in an environment without
Neutron.
Also, includes a new deployed-server-noop-ctlplane.yaml
environment file.
Change-Id: I2990dc816698e0f6e3193a8fc7c9c6767c6e50e5
|