Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Via commit 0327fc2bbb1be9972d99e2e83d54d07410ad01d9 we added sahara
as a composable service. Let's make sure sahara-api and sahara-engine
run via systemd and not as a pacemaker resource. This is inline with the
HA NG spec.
Change-Id: I5634ad43771fba798892df6d2297c2634dcb6756
|
|
We only create the /etc/puppet/modules symlinks during image building,
so as we update the openstack-puppet-modules RPM during the lifecycle
of a deployment, the symlinks can get out of date and some modules
aren't find.
This patch adds modulepath for puppet deployments, getting rid of the
need for our Puppet modules to be symlinked from /etc/puppet/modules. If
there are some already symlinked, they will take precedence. Also
modules installed from source to /opt/stack/puppet-modules will take
precedence over packaged modules in /usr/share/openstack-puppet/modules.
Change-Id: I626a596478be7c55500f9e3c7118ef64ff28aaae
Closes-Bug: #1613211
|
|
In Newton, Aodh will be using its own mysql DB rather than
using ceilometer's mongo instance. This means we need to
migrate any existing alarm and alrm history data from
ceilometer DB to aodh mysqlDB. Upstream aodh provides us
with a aodh-data-migration utility. We need to invoke this
during the mitaka->newton upgrade procedure so data is
migrated as expected and aodh mysql backend takes over.
Closes-bug: #1611794
Change-Id: I17888b57ecf98cd83e92af2f9cdbead066b03aa3
|
|
This creates a new service to help manage the puppet-tripleo
class that enables firewall features. Currently has no settings
but this will keep our interfaces consistent.
Change-Id: I5ac85fa1e460b19ee2b1a9280413aebefe300845
|
|
This creates a new service to help manage the puppet-tripleo
class that enables and disables package installation features.
NOTE: we can't move the upgrade setting into the new composable
service yet due to coupling with the UpgradeDeployment resources.
Change-Id: If35cf6a6f023e12ae8ebbc2d9929d244eb3ffa3a
|
|
|
|
|
|
|
|
|
|
|
|
Configure Gnocchi with authtoken new class in the Puppet module, and
also remove the useless parameters that didn't exist in the module.
Change-Id: I414990c4fd5c5c1cd43d50c7a3947a4a29f4587a
|
|
|
|
|
|
|
|
|
|
Given the new HA architecture with less pacemaker managed resources, we
need to update this script to reflect those changes. Without these
changes, stack-updates using the exact same templates will fail since
this script is always executed on update.
Change-Id: I2ce1681d19d4a24a7561e3dd9c5efdae40d030b7
Closes-Bug: #1612667
|
|
We will lookup bind addresses using map_replace within the templates
so dumping net_ip_map as hieradata is unneeded.
Change-Id: If54c9033fc58d2cfaa040e30adeed7f58e44fd88
|
|
Takes the net_ip_uri_map value from the *_uri values emitted
by net_ip_map instead.
Also removes TenantIp and TenantIpUri from net_vip_map_external
templates as there won't be any VIP on the tenant network.
Change-Id: Icdac3d58162891f5ca3d5c20f14fcdff1781996f
|
|
Change-Id: I83ca923140d7f8ca3101e851e88ca3107a99555a
|
|
|
|
This finishes moving most of the config settings out of
compute.yaml for Neutron and Rabbit. Also removes some
other misc unused parameters.
Change-Id: Ie340c33fb3434eb70e131ff6e252d0909aabd37c
Related-Bug: #1604412
|
|
This finishes moving most of the config settings out of
compute.yaml for Ceilometer.
Change-Id: I96369ebba28f0af4eb2d6d520b478213d8021822
Related-Bug: #1604412
|
|
This finishes moving most of the config settings out of
compute.yaml for Nova and into the proper nova-* services.
Only the bind port/VIP related Nova settings remain now and those
will be dealt with in a follow up patch.
Change-Id: I1c40e7d54c11dfff2aaa6438c7701e98da17ebe6
Related-Bug: #1604412
|
|
|
|
|
|
|
|
As described in https://bugs.launchpad.net/tripleo/+bug/1532830,
the OVS agent no longer uses enable_tunneling, which is controlled by
NeutronEnableTunnelling, so this change removes NeutronEnableTunnelling
from the Heat templates.
This change depends on NeutronEnableTunnelling also being removed
from python-tripleoclient and puppet-neutron no longer using the
enable_tunneling hieradata.
Change-Id: I1ff6902ebd15041fc57ffff20a07455f171a004b
Closes-Bug: 1532830
Depends-On: I28d33592374f60cb5222a866efaf9d137aca1c5a
Depends-On: I73630653330c67444827f32740c44e9d25b5db31
|
|
The new composable service name conflicts with the existing ServiceNetMap
naming, so align with NeutronApi since ServiceNetMap exists in current
released versions.
This is required so we can correctly generate the neutron_api_node_ips
list (needed by puppet-tripleo) based on the service_name.
Change-Id: Ic1d45cbaa77bc6ac9ca247c880a9845ca49905da
Partially-Implements: blueprint custom-roles
|
|
This aligns with the new naming conventions in puppet-tripleo, so
the keys can be more easily generated from the service_names.
Change-Id: Idb4a740e70257e3c69d8ec7d0c88594cc091b6a7
Partially-Implements: blueprint custom-roles
Depends-On: I423b544df174254ac511b906b0c570e701678022
|
|
We introduce a new ServiceNetMap resource which enables some more flexible
mappings between the services and their networks.
Specifically this patch means:
1. ServiceNetMap no longer has to specify the entire list of all services,
operators may if they wish, but a subset is now valid where you want to
accept the defaults for some services (the defaults are now accessible via
the ServiceNetMapDefaults parameter.
2. We can map some keys which don't fit a pattern that enables conversion
from CamelCase to snake_case which is required for compatibility with the
service_names in puppet/services*
This should be backwards compatible, and in future when we remove internal
dependency on the CamelCase names, we could also enable operators to
specify e.g heat_api_network in ServiceNetMap which would be more consistent.
Change-Id: Ib60198adf76bb69ffbafbfac739e356d153f6194
Partially-Implements: blueprint custom-roles
|
|
|
|
|
|
|
|
Having the endpoint map in the same environment as the SSL
certificate parameters means that every time a service is added to
the overcloud, the user must remember to update their copy of
enable-tls.yaml to reflect the new service.
To avoid this, let's separate the SSL EndpointMap from the SSL
certificates so users can simply pass the shipped list of SSL
endpoints and only have to customize the certificate env file. As
and added bonus, this means they won't have to put the certificates
in enable-tls.yaml specifically. The parameters can be set
anywhere, and will be used as long as one of the tls-endpoints
envs is also specified.
inject-trust-anchor.yaml is not changed, but it could already be
used in the same fashion. The root certificate param could be set
in any env passed after inject-trust-anchor.yaml, and then
inject-trust-anchor.yaml would only be responsible for setting the
appropriate resource_registry entry. This way there is no need to
customize the in-tree inject-trust-anchor.yaml either.
Change-Id: I38eabb903b8382e6577ccc97e21fbb9d09c382b3
|
|
|
|
Change-Id: I8107b84eaea8baf3ed664c70d4cf16537d869bcb
|
|
* Add service for configuring Nova compute with Ironic
* Fix authentication in Ironic APU
* Provide a separate environment file for enabling Ironic
Change-Id: I211e6d91eacd238b04a1aa37528d5a91523407d9
Partially-Implements: blueprint ironic-integration
|
|
These were removed in https://review.openstack.org/#/c/347050
but it turns out the defaults in the role templates is bad, as
an empty string results in a malformed hosts file fqdn.
So, partially revert that patch so we always pass the global
CloudDomain from overcloud.yaml, accepting the default configured
there, and remove the empty-string defaults in the role templates.
Change-Id: I0ea4190a23488986a3ee9e887328e0e7a03fe3aa
|
|
Currently we have a hard-coded set of per-service parameters, which
will cause problems for custom roles and full composability.
As a first step towards making this more configurable, remove the
hard-coded per-service parameters from overcloud.yaml, and adjust
the EndpointMap generation to instead accept two mappings, the
ServiceNetMap and a mapping of networks to IPs (effectively this
just moves the map lookup inside the endpoint map instead of
inside overcloud.yaml)
Change-Id: Ib522e89c36eed2115a6586dd5a6770907d9b33db
Partially-Implements: blueprint custom-roles
|
|
|
|
To enable composable generation of this switch the key names
to align with the service_name of each service.
Note that this should depend on I423b544df174254ac511b906b0c570e701678022
and previously passed CI with that defined, but because we now run
gate validation jobs on puppet-tripleo it's impossible to land, so
this now contains both old and new hiera keys temporarily, which will
be removed when the puppet-tripleo patch lands.
Change-Id: I7febf28bf409e25e8e5961ab551b6d56bb11e0c6
Partially-Implements: blueprint custom-roles
|
|
|
|
manila::keystone::auth assumes that two endpoints will be created;
one for each version of Manila. This is not consistent with what we
provide to the manifest. So we then add the needed endpoint to the
EndpointMap.
v2 is left as the default (not needing to specify a version when
getting the value from the endpoint map), and v1 was added as an
extra suffix.
Change-Id: Ie8754fbb21f50c2613a2c05a52d771f4d1aeb4bb
|
|
|
|
|
|
This adds the needed parts for the keystone endpoint of cinder v3
API.
Change-Id: Ic56446095e72b9e469a7b0e9ea5159fa31847381
|
|
Tempest tests for cinder contain backup tests that fail
unless cinder-backup service is started. This patch facilitates
the service start upon the overcloud deployment.
Original patch converted to composable role.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Depends-On: Ib1dfe52b83ab01819fc669312967950e75d8ddf1
Change-Id: I9ca97b3f1c26aac6d81b3525377e1f5fb962313f
|
|
This patch adds a parameter, EnableConfigPurge, to the base nova and
neutron service files. The value is passed to their respective puppet
modules to control whether resources not managed by puppet are purged
from the config files. The default value is set to true.
Change-Id: I32732dc2ed7a7b3187e8727592cb4add0c6b9cf6
Closes-Bug: #1611800
|