aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-08-16Render IP map and host maps according to network_data.yamlDan Sneddon47-326/+183
This change renders the network IP maps and hostname maps for all networks defined in network_data.yaml. This should make it possible to create custom networks that will be rendered for all applicable roles. Note that at this time all networks will be rendered whether they are enabled or not. All networks will be present in all roles, but ports will be associated with noop.yaml in roles that do not use the network. This is in accordance with previous behavior, although we may wish to change this in the future to limit the size of the role definitions and reduce the number of placeholder resources in deployments with many networks. Note that this patch is a replacement for original patch https://review.openstack.org/#/c/486280, which I was having trouble rebasing to current. Change-Id: I445b008fc1240af57c2b76a5dbb6c751a05b7a2a Depends-on: I662e8d0b3737c7807d18c8917bfce1e25baa3d8a Partially-implements: blueprint composable-networks
2017-08-16Merge "Don't unregister on system/resource delete"Jenkins2-17/+26
2017-08-16Merge "Bind mount tripleo.cnf in transient bootstrap containers"Jenkins6-0/+6
2017-08-16Merge "Convert network templates to be rendered via j2"Jenkins22-437/+32
2017-08-16Merge "Consolidate deployment in major-upgrade-composable-steps"Jenkins1-1/+1
2017-08-15Merge "Do not run clustercheck on the host after O->P upgrade"Jenkins1-0/+6
2017-08-15Merge "Internal TLS support for mongodb container"Jenkins1-7/+45
2017-08-15Merge "Set file mode permission of Ceph keyrings"Jenkins1-5/+1
2017-08-15Merge "Make network-isolation-v6 environment rendered for all roles"Jenkins5-57/+71
2017-08-15Merge "Fix parsing of DockerCephDaemonImage parameter"Jenkins1-15/+30
2017-08-15Merge "Fix Heat condition for RHEL registration yum update"Jenkins2-2/+14
2017-08-15Convert network templates to be rendered via j2Steven Hardy22-437/+32
Use the network.network.j2.yaml to render these files, instead of relying on the hard-coded versions. Note this doesn't currently consider the _v6 templates as we may want to deprecate these and instead rely on an ipv6 specific network_data file, or perhaps make the network/network.network.j2.yaml generic and able to detect the version from the cidr? Change-Id: I662e8d0b3737c7807d18c8917bfce1e25baa3d8a Partially-Implements: blueprint composable-networks
2017-08-14Merge "Enable TLS configuration for containerized Galera"Jenkins1-0/+35
2017-08-14Merge "Make HA container bundle work on remote nodes"Jenkins1-0/+13
2017-08-14Merge "Convert cephstorage-role.yaml to role.role.j2.yaml"Jenkins2-719/+3
2017-08-14Merge "Fix metadata_settings in containerized mongodb"Jenkins1-0/+2
2017-08-14Merge "Enable TLS for nova api and placement containers"Jenkins2-0/+34
2017-08-14Merge "Make containerized nova-api run with httpd"Jenkins2-12/+8
2017-08-14Set file mode permission of Ceph keyringsJohn Fulton1-5/+1
Pass mode parameter to ceph-ansible in place of ACLs parameter because ACLs are not for same UID in container as container host and because ACLs are not passed by kolla_config. Change-Id: I7e3433eab8e2a62963b623531f223d5abd301d16 Closes-Bug: #1709683
2017-08-14Don't unregister on system/resource deleteJames Slagle2-17/+26
Don't unregister systems from the portal/satellite when deleting from Heat. There are several reasons why it's compelling to fix this behavior. See https://bugs.launchpad.net/tripleo/+bug/1710144 for full information. The previous behavior can be triggered by setting the DeleteOnRHELUnregistration parameter to "true". Closes-Bug: #1710144 Change-Id: I909a6f7a049dc23fc27f2231a4893d428f06a1f1
2017-08-14Fix Heat condition for RHEL registration yum updateJames Slagle2-2/+14
There were 2 problems with this condition making the rhel-registration.yal template broken: "conditions" should be "condition" The condition should refer to just a condition name defined in the "conditions:" section of the template. Change-Id: I14d5c72cf86423808e81f1d8406098d5fd635e66 Closes-Bug: #1709916
2017-08-14Fix metadata_settings in containerized mongodbDamien Ciabrini1-0/+2
The containerized version of the mongodb service omits the metadata_settings definition [1], which confuses certmonger when internal TLS is enabled and make the generation of certificates fail. Use the right setting from the non-containerized profile. [1] https://review.openstack.org/#/c/461780/ Change-Id: I50a9a3a822ba5ef5d2657a12c359b51b7a3a42f2 Closes-Bug: #1709553
2017-08-14Bind mount tripleo.cnf in transient bootstrap containersDamien Ciabrini6-0/+6
Various containerized services (e.g. nova, neutron, heat) run initial set up steps with some ephemeral containers that don't use kolla_start. The tripleo.cnf file is not copied in /etc/my.cnf.d and this can break some deployments (e.g. when using internal TLS, service lack SSL settings). Fix the configuration of transient containers by bind mounting of the tripleo.cnf file when kolla_start is not used. Change-Id: I5246f9d52fcf8c8af81de7a0dd8281169c971577 Closes-Bug: #1710127 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
2017-08-14Consolidate deployment in major-upgrade-composable-stepsJose Luis Franco Arza1-1/+1
After 483293 commit is merged, major-upgrade-composable-steps.yaml file is pointing to the wrong location deployment, which is now under common/ folder. Change-Id: Ic6784533d1c21b5b8fcb422bccd820af72e499d9
2017-08-13Merge "Pass monitor_address_block to ceph-ansible for mon_host"Jenkins1-0/+1
2017-08-13Merge "Add environment to disable deploy steps"Jenkins2-1/+3
2017-08-13Merge "Add support for update_tasks"Jenkins4-1/+46
2017-08-13Merge "Add RoleConfig output"Jenkins2-0/+21
2017-08-13Merge "Default docker_puppet_debug to false"Jenkins1-1/+1
2017-08-13Merge "Move deploy-steps-playbook to deploy-steps-tasks"Jenkins2-4/+12
2017-08-12Merge "Convert blockstorage-role.yaml to role.role.j2.yaml"Jenkins2-706/+0
2017-08-12Merge "Convert objectstorage-role.yaml to role.role.j2.yaml"Jenkins5-704/+22
2017-08-12Fix parsing of DockerCephDaemonImage parameterGiulio Fidente1-15/+30
Splitting by colon using native str_split function did not work well because we needed a right split. This change replaces the str_split calls with yaql rightSplit(). Change-Id: Iab2f69a5fadc6b02e2eacf3c9d1a9024b0212ac6
2017-08-12Pass monitor_address_block to ceph-ansible for mon_hostGiulio Fidente1-0/+1
The ip address which clients and other nodes use to connect to the monitors is derived from the monitor_interface parameter unless a monitor_address or monitor_address_block is given (to set mon_host into ceph.conf); this change adds setting for monitor_address_block to match the public_network so that clients attempt to connect to the mons on the appropriate network. Change-Id: I7187e739e9f777eab724fbc09e8b2c8ddedc552d Closes-Bug: #1709485
2017-08-12Add environment to disable deploy stepsSteven Hardy2-1/+3
This enables either deploying without configuring any services, or temporarily disabling the deploy steps such as will be required for minor updates where we want to re-run the rolling update outside of heat. To deploy directly via ansible-playbook you can do e.g: openstack overcloud config download --config-dir tmpconfig cd tmpconfig/tripleo-6b02U7-config ansible-playbook -vvv -b -i /usr/bin/tripleo-ansible-inventory deploy_steps_playbook.yaml Which will run the same ansible steps as we normally run via heat. Change-Id: I59947b67523dfcc43d454d4ac7d82b06804cf71d
2017-08-12Add support for update_tasksSteven Hardy4-1/+46
These work the same way as upgrade_tasks *but* they use a step variable instead of tags, so we can iterate over a count/sequence which isn't possibly via a wrapper playbook with tags (we may want to align upgrade tasks with the same approach if this works out well). Note the tasks can be run via ansible-playbook on the undercloud, like: openstack overcloud config download --config-dir tmpconfig cd tmpconfig/tripleo-HCrDA6-config ansible-playbook -b -i /usr/bin/tripleo-ansible-inventory update_steps_playbook.yaml --limit controller The above will do a rolling update for the Controller role (note the inconsistent capitalization, we probably need to fix the group naming in tripleo-ansible-inventory) because we specify serial: 1 in the playbook. You can also trigger an update explicitly on one node like this, which is useful for debugging: ansible-playbook -vvv -b -i /usr/bin/tripleo-ansible-inventory update_steps_playbook.yaml --limit overcloud-controller-0 Change-Id: I20bb3e26ab9d9cadf1a31fd304de8a014a901aa9
2017-08-12Add RoleConfig outputSteven Hardy2-0/+21
This exposes the deploy workflow for all roles from deploy-steps via overcloud.j2.yaml - which means we can write it via the new openstack overcloud config download command and/or run the workflow outside of heat via mistral With https://review.openstack.org/#/c/485732/ applied to tripleoclient it becomes possible to do: openstack overcloud config download --config-dir tmpconfig cd tmpconfig/tripleo-EvEZk0-config ansible-playbook -b -i /usr/bin/tripleo-ansible-inventory deploy_steps_playbook.yaml This runs the deploy steps, exactly the same as normally run via heat via ansible-playbook for all overcloud nodes (--limit can be used to restrict to specific nodes/roles). Change-Id: I96ec09bc788836584c4b39dcce5bf9b80e914c71
2017-08-12Default docker_puppet_debug to falseSteven Hardy1-1/+1
This isn't set unless the playbook is run via heat, so default it to false to enable easier use via ansible-playbook combined with tripleo-ansible-inventory Change-Id: I9705e4533831a019dd0051e5522d4b7958682506
2017-08-12Move deploy-steps-playbook to deploy-steps-tasksSteven Hardy2-4/+12
So that we can more easily iterate over an include in an output Change-Id: Idd5bb47589e5c37123caafcded1afbff8881aa33
2017-08-12Merge "Consolidate puppet/docker deployments with one deploy steps workflow"Jenkins15-235/+9
2017-08-12Merge "Correct gnocchi-upgrade command quotes"Jenkins2-4/+14
2017-08-12Merge "Convert compute-role.yaml to role.role.j2.yaml"Jenkins8-757/+57
2017-08-12Merge "Convert controller-role.yaml to role.role.j2.yaml"Jenkins7-857/+177
2017-08-11Merge "TLS everywhere: Configure CA for mongodb"Jenkins1-0/+6
2017-08-11Merge "Add script to create tripleo-admin on deployed servers"Jenkins1-0/+60
2017-08-11Correct gnocchi-upgrade command quotesJose Luis Franco Arza2-4/+14
After merging commit 488796, single quotation marks were missed. This causes the upgrade to fail as the flag --sacks-number is considered a su command flag. Also mounts Ceph config data into the container which seems needed for the gnocchi-upgrade command when configured to use Ceph. Also move the gnocchi db sync to step 4, so ceph is ready. Add a retry loop to ceilometer-upgrade cmd so it doesnt fail while apache is restarted. Closes-Bug: #1709322 Change-Id: I62f3a5fa2d43a2cd579f72286661d503e9f08b90
2017-08-11Merge "openstack-heat-templates: fix deprecation path"Jenkins1-1/+1
2017-08-11Consolidate puppet/docker deployments with one deploy steps workflowSteven Hardy15-235/+9
If we consolidate these we can focus on one implementation (the new ansible based one used for docker-steps) Change-Id: Iec0ad2278d62040bf03613fc9556b199c6a80546 Depends-On: Ifa2afa915e0fee368fb2506c02de75bf5efe82d5
2017-08-11Convert cephstorage-role.yaml to role.role.j2.yamlSteven Hardy2-719/+3
Add some special-casing for backwards compatibility, such that the CephStorage role can be rendered via j2 for support of composable networks. Change-Id: Iee92bb6ee94963717d3a8ef400e7970f62576a0d Partially-Implements: blueprint composable-networks
2017-08-11Convert blockstorage-role.yaml to role.role.j2.yamlSteven Hardy2-706/+0
Add some special-casing for backwards compatibility, such that the BlockStorage role can be rendered via j2 for support of composable networks. Change-Id: Ia5fb5ff6dbe218710e95a69583ac289cf7b4af9e Partially-Implements: blueprint composable-networks