aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-03-06Enable keystone cadf notificationsYolanda Robla2-0/+7
It will allow to configure keystone event notifications using CADF, as documented on: https://docs.openstack.org/developer/keystone/event_notifications.html CADF events provide auditing capabilities for compliance with security. Change-Id: Id16b264c295b9e3adbf960366ff8328ba8dcd485
2017-03-06Merge "Make neutron dhcp agents per network conditional"Jenkins2-16/+31
2017-03-06Merge "Use the new hiera hook in all remaining templates"Jenkins7-160/+153
2017-03-06Merge "ec2-api: Get FQDN from hiera instead of puppet fact"Jenkins1-2/+2
2017-03-06Merge "Removes old environment file references"Jenkins1-13/+0
2017-03-06Merge "Put docker puppet config in puppet_config dict"Jenkins34-180/+261
2017-03-06Use the new hiera hook in all remaining templatesmarios7-160/+153
The new hiera hook in I21639f6aadabf9e49f40d1bb0b1d0edcfc4dbc5e was added to most of the tripleo-heat-templates in Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1 The new hook is installed by default if you use tripleo-common Ia1864933235152b7e899c4442534879f8e22240d and will be installed as part of the Newton to Ocata upgrades workflow in I0c7a32194c0069b63a501a913c17907b47c9cc16 In order to use the new hiera data as part of the upgrade we need to remove the old hieradata which will break anyone still defining and using it. This change updates the remaining vendor plugin manifests to use the new hiera hook. The pre-requisite is that the new hook is installed on their overcloud (as above it comes if you follow the N..O upgrade) Change-Id: Ic95154734cb21e6b941c7f1569295b413963831d
2017-03-04Merge "etcd: Get FQDN from hiera instead of puppet fact"Jenkins1-1/+1
2017-03-03Merge "Fix httpd dir create to not error if exists"Jenkins1-1/+1
2017-03-03Merge "Fix Panko API upgrade process"Jenkins1-1/+5
2017-03-03Removes old environment file referencesChristopher Brown1-13/+0
ODL-l3 env file was removed in commit 7163746 manage-firewall was removed in commit 2064ab8 as this was enabled by default Change-Id: I8ed8d4ed5bf709f2ac581adfaacc24a7582f13bd
2017-03-03Fix httpd dir create to not error if existsPradeep Kilambi1-1/+1
In cases where /var/log/httpd already exists, this exits with error code 1. $ sudo docker logs keystone-init-log mkdir: cannot create directory '/var/log/httpd': File exists Change-Id: I62bf08d9fc9e02d5f3016bd14bb0a090b76ac837
2017-03-03Merge "Enable IronicPxe in the undercloud"Jenkins1-0/+1
2017-03-03Merge "Removes opencontrail reference"Jenkins1-5/+0
2017-03-03etcd: Get FQDN from hiera instead of puppet factJuan Antonio Osorio Robles1-1/+1
The puppet facts will be removed soon and using the hiera value is adviced instead. Change-Id: I318f81abaac997370e950780993dc95cae088327
2017-03-03ec2-api: Get FQDN from hiera instead of puppet factJuan Antonio Osorio Robles1-2/+2
The puppet facts will be removed soon and using the hiera value is adviced instead. Change-Id: I3ba89dd9bd471c5723325efc9041ca6da937ccc5
2017-03-02Fix Panko API upgrade processEmilien Macchi1-1/+5
Upgrade process wasn't consistent and correct. Change-Id: Id1f810d33c2909957be9a2c96d18c96dee939953
2017-03-02Merge "Make UpdateDeployment depend on NetworkDeployment"Jenkins6-0/+6
2017-03-02Enable IronicPxe in the undercloudDan Prince1-0/+1
This enables the IronicPxe services which are split out into separate templates for the containerized undercloud. Change-Id: I0ec3cefec9b47ef3c59de6972541ef9b560aacb7
2017-03-02Merge "Add plan-environment.yaml"Jenkins2-0/+7
2017-03-02Removes opencontrail referenceChristopher Brown1-5/+0
The opencontrail environment file was removed in commit da91bb6 so this is no longer required Change-Id: I835dc665ede7fdb50d5be2c3251b8acf20c3ce37
2017-03-02Merge "Add upgrade task for panko api"Jenkins1-5/+14
2017-03-02Merge "Upgrades: fix up the rabbitmq HA mode like in new ocata deployments"Jenkins1-0/+29
2017-03-02Add upgrade task for panko apiPradeep Kilambi1-5/+14
Change-Id: Icc5fbf99301ae47344e1582767e1e7a4687f491b
2017-03-02Merge "Add mistral service support for composable upgrades"Jenkins3-0/+57
2017-03-02Merge "upgrades/validation: only run validation when services exist"Jenkins36-5/+270
2017-03-02Upgrades: fix up the rabbitmq HA mode like in new ocata deploymentsMichele Baldessari1-0/+29
In ocata we changed the rabbitmq ha policy to "ha-exactly" via the following changes: - tht: Iace6daf27a76cb8ef1050ada0de7ff1f530916c6 - puppet-tripleo: Ib62001c03e1e08f58cf0c6e0ba07a8879a584084 We took care of the upgrade path via I3a97505d2ae1ae27f3080ffe74c33fdabffd2420 With the move to the ansible-based composable upgrades we left this change out. And now an upgraded environment has the following policy: - Upgraded environment Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}" - New environment Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}" We need to add this pcs resource change to the our upgrade scripts. Change-Id: I3c4113c207e9d0c45be43df7c2379ac26cb60692 Closes-Bug: #1668600
2017-03-01Merge "Containerize neutron-l3 agent"Jenkins2-0/+89
2017-03-01Put docker puppet config in puppet_config dictSteve Baker34-180/+261
This approach removes the need for the yaql zip to build the docker-puppet data by building the data in a puppet_config dict. This allows a future change to make docker-puppet.py only accept dict data. Currently the step_config is left where it is and referenced inside puppet_config, but feedback is welcome whether this is necessary or desirable. Change-Id: I4a4d7a6fd2735cb841174af305dbb62e0b3d3e8c
2017-03-01Merge "Associate unmapped hosts with cell mappings"Jenkins1-0/+10
2017-03-01Add mistral service support for composable upgradesSteven Hardy3-0/+57
Change-Id: I189edaf69c0e97a3399e6af939595f98322d7c03 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-03-01upgrades/validation: only run validation when services existEmilien Macchi36-5/+270
During upgrades, validation test if a service is running before the upgrade process starts. In some cases, servies doesn't exist yet so we don't want to run the validation. This patch makes sure we check if the service is actually present on the system before validating it's running correctly. Also it makes sure that services are enabled before trying to stop them. It allows use-cases where we want to add new services during an upgrade. Also install new packages of services added in Ocata, so we can validate upgrades on scenarios jobs. Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
2017-03-01Containerize neutron-l3 agentJohn Trowbridge2-0/+89
This allows to run a containerized neutron on the overcloud. Co-Authored-By: Martin André <m.andre@redhat.com> Depends-On: Iaf6536b1c4d0b2b118af92295136378cdfeee9d1 Change-Id: I86a12248d4f28f4dbe7708be928bcd8a45968d01
2017-03-01Associate unmapped hosts with cell mappingsJohn Trowbridge1-0/+10
Otherwise the containerized nova running in the overcloud fails with "Host 'overcloud-novacompute-0' is not mapped to any cell, Code: 400". Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I9ff77f25bfd1f37167b0638a32fe5049951bc5b4
2017-03-01Merge "Disable exit on error for pacemaker commands for update flow"Jenkins1-1/+4
2017-03-01Merge "Switch to dict format for docker_puppet_tasks"Jenkins4-17/+31
2017-03-01Add plan-environment.yamlAna Krivokapic2-0/+7
This file is needed for plan import and export features. We want to enable the user to store the selection of environment options, so that it can be re-imported, and it does not have to be perfmed manually multiple times. The plan create workflow will look into the Swift container for this file, and import its contents into the Mistral environment. Conversely, plan export will create this file from the Mistral environment contents, so that it can later be re-imported. For more information, see the related blueprint, and the spec at https://specs.openstack.org/openstack/tripleo-specs/specs/ocata/gui-plan-import-export.html Partially implements: blueprint enhance-plan-creation-with-plan-environment Change-Id: I95e3e3a25104623d6fcf38e99403cebbd591b92d
2017-03-01Merge "Adding keystone parameters for Tacker"Jenkins1-3/+11
2017-03-01Merge "Add etcd composable upgrade steps"Jenkins1-0/+15
2017-03-01Merge "Align hyperconverged-ceph.yaml environment and adds some validation"Jenkins2-0/+20
2017-03-01Merge "Put service stop at step1 and quiesce at step2."Jenkins49-55/+68
2017-03-01Make UpdateDeployment depend on NetworkDeploymentSteven Hardy6-0/+6
Prior to https://review.openstack.org/#/c/271450/ os-net-config was applied via os-refresh-config directly, which meant that even though UpdateDeployment and NetworkDeployment can be created concurrently, we'd always do the os-net-config step first. However now that we apply both steps via scripts (which are both handled via the same heat-config hook) we should add an explicit dependency to ensure the network is always fully configured before attempting to run any update. This should avoid the risk of e.g running an update on initial deployment before the network connectivity to access yum repos is in place. Change-Id: Idff7a95afe7b49b6384b1d0c78e76522fb1f8eb7 Related-Bug: #1666227
2017-03-01Merge "Use --disable= in subscription-manager to avoid shell expansion."Jenkins1-1/+1
2017-03-01Merge "upgrades: fix ec2api conditional"Jenkins1-2/+2
2017-03-01Switch to dict format for docker_puppet_tasksSteve Baker4-17/+31
This change gives the option of docker-puppet.py data to be in a dict as well as a list. This allows docker_puppet_tasks data to use the same keys as the top level puppet config data. If the yaql fu can be worked out to build the top level data, docker-puppet.py can later drop the list format entirely. Change-Id: I7e2294c6c898d2340421c93516296ccf120aa6d2
2017-03-01Merge "mysqlclient: Use actual parameter in puppet to set bind-address"Jenkins1-1/+1
2017-03-01Merge "Adding keystone parameters for Congress"Jenkins1-3/+11
2017-02-28Use --disable= in subscription-manager to avoid shell expansion.Vincent S. Cojot1-1/+1
In extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration, there's a line that says: retry subscription-manager repos --disable '*' I believe this is broken and will result in shell expansion being made. The proper line should be: retry subscription-manager repos --disable='*' This regression came from commit 2b06ed8adce2bcc18480b71c0f20a0ec2d21de19. (Also see https://review.openstack.org/#/c/381233 ) This patch fixes the regression while preserving functionality of the above change. Closes-Bug: 1667316 Change-Id: I54f0db3f1f596f6356f7445cdc61737f20f14318 Signed-off-by: Vincent S. Cojot <vincent@cojot.name>
2017-03-01Disable exit on error for pacemaker commands for update flowSaravanan KR1-1/+4
Package update fails on compute node, when yum_update checks for pacemaker status via systemctl command. Because exit on error (-e) option has been enabled recently, this issue is happening. Fixing by, executing the command only on nodes where pacemaker is enabled. Closes-Bug: #1668266 Change-Id: I2aae4e2fdfec526c835f8967b54e1db3757bca17
2017-02-28Put service stop at step1 and quiesce at step2.Sofer Athlan-Guyot49-55/+68
In the previous release[1], the services were stopped before the pacemaker services, so that they get a chance to send last message to the database/rabbitmq queue: Let's do the upgrade in the same order. [1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71 Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218