Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Adds the ability to perform a yum update after performing the RHEL
registration.
Change-Id: Id84d156cd28413309981d5943242292a3a6fa807
Partial-Bug: #1640894
|
|
This will add the Docker service to all roles. Note that currently by
default the Docker service is mapped to OS::Heat::None by default. It
will only be deployed if environments/docker.yaml file is included in
the deployment.
Change-Id: I9d8348b7b6576b94c872781bc89fecb42075cde0
Related-Bug: #1680395
|
|
|
|
This ports the fixes made to the legacy 51-hosts script, which this
script is derived from, to tht.
See related t-i-e patch Ibe0a9f6ec10d55750e3b0e16301236141f988d69
Change-Id: Ide922af93a5d185bd592e220327326f1d244c4e2
Closes-Bug: #1674732
|
|
Current puppet module miss password section hence congress is not
available due to missing password in congress.conf. This fix is to
add password.
Change-Id: I277c03ca93130a0337d5085f09c375fb0ac9331d
Signed-off-by: Tomofumi Hayashi <s1061123@gmail.com>
|
|
This submission will enable the BGPVPN API
on scenario004.
This addition to scenario004 does not
provide any sanity check for the Neutron API
extension. At this stage is meant to
install the required packages and prerequisites,
configure the extension and
having the services started correctly.
In the README.rst file, this is displayed as
neutron-bgpvpn, so for further integrations
should be added as neutron-<extension_name>
for an easier reading.
Depends-On: I4d0617b0d7801426ea6827e70f5f31f10bbcc038
Depends-On: I2be0fab671ec1a804d029afc6dc27d19a193b064
Change-Id: I6c257417a9231c44e13535bc408d67d2a3cacbf8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ip_conntrack_proto_sctp is the old name for the module and it is now
nf_conntrack_proto_sctp. In order for the kmod module to not keep trying
to modprobe the module, we need to use the correct name.
Change-Id: Ieaed235e71e9e6e41a46d9be0e02beb8f4341b1a
Closes-Bug: #1680579
|
|
|
|
|
|
|
|
This adds the ability to manage the securetty file.
By allowing management of securetty, operators can limit root
console access and improve security through hardening.
Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7
Partial-Bug: #1665042
Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This patch adds
- setting nova config param 'force_config_meta' to True
as metadata service is not supported by OVN yet.
- Add the necessary iptables rules to allow ovsdb-server
traffic for Northbound and Southboud databases.
- Update the release notes for OVN.
Change-Id: If1a2d07d66e493781b74aab2fc9b76a6d58f3842
Closes-bug: #1670562
|
|
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo
who will call a define in puppet-keysone ldap_backend.pp.
Given the following environment:
parameter_defaults:
KeystoneLDAPDomainEnable: true
KeystoneLDAPBackendConfigs:
tripleoldap:
url: ldap://192.0.2.250
user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com
password: Secrete
suffix: dc=redhat,dc=example,dc=com
user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com
user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)"
user_objectclass: person
user_id_attribute: cn
user_allow_create: false
user_allow_update: false
user_allow_delete: false
ControllerExtraConfig:
nova::keystone::authtoken::auth_version: v3
cinder::keystone::authtoken::auth_version: v3
It would then create a domain called tripleoldap with an LDAP
configuration as defined by the hash. The parameters from the
hash are defined by the keystone::ldap_backend resource in
puppet-keystone.
More backends can be added as more entries to that hash.
This also enables multi-domain support for horizon.
Closes-Bug: 1677603
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db
Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
|
|
OS::TripleO::Services::Core is still referenced in the CI roles
enviornment file. Because of which CI is failing when service
template is modified. Removing the obsolete service.
Closes-Bug: #1680043
Change-Id: I168452fa5c2e6d6d8fdf829b9b02996d9ca5532a
|
|
|
|
|
|
|
|
This patch integrates with the db_sync_timeout
parameter recently added to puppet-nova
and puppet-neutron in
I6b30a4d9e3ca25d9a473e4eb614a8769fa4567e7, which allow for the full
db_sync install to have more time than just Pupppet's
default of 300 seconds. Ultimately, similar timeouts
can be added for all other projects that feature
db sync phases, however Nova and Neutron are currently
the ones that are known to time out in some
environments.
Closes-bug: #1661100
Change-Id: Ic47439a0a774e3d74e844d43b58956da8d1887da
|
|
The current check tends to produce a false positive causing unnecessary
service restarts. yum check-update will exit with return code 100 if
updated packages are available.
Change-Id: I8bd89f2b24bafc6c991382b9eb484cfa9a2f8968
|
|
This updates the docker version of ironic-conductor.yaml so
that it sets permissions on the entire /var/lib/ironic
tree correctly. Since 1a4ece16cea40075fe7332ed048b9c289b3ff424
we bind mount in /var/lib/ironic from the host (created via
Ansible if it didn't already exist). This caused a subtle
permissions issue in that the Ironic conductor service
can no longer create sub-directories it needs to operate.
Change-Id: I1eb6b5ddad7cd89ee887e2e429ebe245aa7b80dc
Closes-bug: 1677086
|
|
|
|
|
|
|
|
Change-Id: I397a6ad430cef5ddb4eee48347ad4c89144ad01e
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|
|
Move the Zaqar WSGI service to use httpd in docker deployment.
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: If9b16c1aa3529386e68961e3dda5f613ac57b44b
|
|
Kolla provides a way to set ownership of files and directory inside the
containers. Use it instead of running an additional container to do the
job.
Change-Id: I554faf7c797f3997dd3ca854da032437acecf490
|
|
This adds the necessary parameter for swift proxy to be terminiated
internally by a TLS proxy.
bp tls-via-certmonger
Change-Id: I3cb9d53d75f982068f1025729c1793efaee87380
Depends-On: I6e7193cc5b4bb7e56cc89e0a293c91b0d391c68e
|
|
os-collect-config is already configured to use json files in
/var/lib/os-collect-config/local-data/ as a data source, so this can
be used in the deployed-server get-occ-config.sh to copy in the
required json to generate the required os-collect-config.conf.
Co-Authored-By: James Slagle <jslagle@redhat.com>
Closes-Bug: #1679705
Change-Id: Ibde9e6bf360277d4ff64f66d637a5c7f0360e754
|
|
|
|
|
|
This patch enables deployment of sensu-client service in scenario001.
Depends-On: I4895e3b6d3d0e2c12c083133e423cafeecbafe88
Depends-On: Ibabd4688c00c6a12ea22055c95563d906716954d
Change-Id: I377811878712b7615c38094ecbf55dcc67d9ddd5
|
|
|
|
|
|
If we really want upgrade_batch_tasks before the upgrade_tasks
as described in the README then we should enforce the ordering
Noticed this working on bug 1671504 upgrade tasks were being
executed before batch upgrade tasks.
Closes-Bug: 1678101
Change-Id: Iaa1bce960a37c072b5f8441132705a6bb6eb6ede
|
|
Currently we don't enforce step ordering across role, only within
role. With custom role, we can reach a step5 on one role while the
cluster is still at step3, breaking the contract announced in the
README[1] where each step has a guarantied cluster state.
We have to remove the conditional here as well as jinja has no way to
access this information, but we need jinja to iterate over all enabled
role to create the orchestration.
This deals only with Upgrade tasks, there is another review to deal
with UpgradeBatch tasks.
[1] https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/README.rst
Closes-Bug: #1679486
Change-Id: Ibc6b64424cde56419fe82f984d3cc3620f7eb028
|