Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This exposes a list of hostnames similar to the RoleNetIpMap, this
will be consumed by the dynamic inventory ref
https://review.openstack.org/465558
Change-Id: I61efac5634e9b6fbb820e693c71a0adae5fa8b6a
|
|
Merge the role specific parmaeter with the default parameter with the
higher precendece given to role specific parameters. Use the merged
settings to the hiera config settings.
Change-Id: I500558dfbf4ac4ddcf850064e654c4fab03d141b
|
|
Master is now the development branch for pike
changing the release alias name.
Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
|
|
The pingtest template creates both default share type and
a share which should use this type. Explicit reference of
the share type should assure that the share is always created
when share type exists.
Change-Id: I756e6a8e477de8d0e46302dda26265ae482dd2e5
Closes-Bug: #1691853
|
|
|
|
|
|
|
|
This will make neutron-server stop advertising dvr extension if the
cloud is not configured to support this flavor of Neutron routers.
Change-Id: I38c8208edff07f7887887918729beb7710068078
Related-Bug: #1450067
|
|
This patch adds support for running the neutron metadata agent in a
container.
Change-Id: I53c62516c95d62f5ced70818d4eb4c2c341df0d7
Partial-Bug: #1668922
|
|
|
|
|
|
These duplicate the defaults in puppet/services/docker.yaml and
break things if you include an environment file (e.g that generated
by quickstart containers-default-parameters.yaml) before the
docker.yaml.
Instead it's probably more helpful to include the commented lines
showing how to enable use of a local docker registry.
Change-Id: I3896fa2ea7caa603186f0af04f6d8382d50dd97a
Closes-Bug: #1691524
|
|
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging
two or more networks together to make them look at a single broadcast
domain. This patch implements the l2gw agent which is one of the backend
of the l2 gateway service plugin.
Change-Id: I1ae8132ceff9410be7bd82caddf0d14251e720bf
Depends-On: If1501c153b1b170b9550cb7e5a23be463fba1fe9
Partially-Implements: blueprint l2gw-service-integration
Signed-off-by: Peng Liu <pliu@redhat.com>
|
|
|
|
proxy"
|
|
|
|
Use the openstack upper-constraints when running tox.
Change-Id: I9eef36eec749beec0effdb2309fe2ceb9bc557f8
Related-Bug: #1691511
|
|
Looking up role_data is very slow, particularly when referencing the
RoleData output, as it re-resolves every output for all the (many) nested
stacks in the *ResourceChain resources.
There is work ongoing to optimize this in heat, but this approach improves
performance considerably (my local output-show for RoleData is 10x faster)
so we can consider including RoleData in the tripleo dynamic ansible inventory,
which may be needed for validations and minor updates in future.
Change-Id: I5e6665703e859dc1ec6b60dece70f858c9afaf66
|
|
|
|
We already have an ansible deployment that applies the per-service
host_prep_tasks, so we can simplify the dependencies here by just
doing the docker-steps host preparation at the same time.
The motivation behind this is to both simplify the depends_on web we
have here, reduce the number of discrete deployments, and also to
potentially make running ansible directly e.g for debugging easier.
In a future patch we'll convert the configuration steps to work in
a similar way, such that they can be more easily reapplied e.g for
rolling minor updates, possibly outside of heat.
Change-Id: I9a201fc5a9e82c7fba4c2de36eb5332e21a81d37
|
|
|
|
|
|
This tells apache which CA certificate was used to sign the certs it's
using. this setting is useful in case we want to enable OCSP stapling or
client authentication via TLS.
Change-Id: I97a7e5332aea8377c7662ca98beb71ed5e236640
|
|
The Apache certs were were being set even if TLS everywhere isn't
enabled. This fixes that.
Change-Id: If143d1fdeb0102a1c13441f89acaa73af24bf48f
|
|
This configures the mongodb server to use TLS in the internal network,
while also passing the necessary attributes to generate the needed cert
and key.
bp tls-via-certmonger
Depends-On: I85dda29bcad686372a74bd7f094bfd62777a3032
Change-Id: If6c603b074cfa7e122579cec29d034fd3312868d
|
|
This helps a bit with debugging issues, and the container will be
deleted on the next run when the same volume is configured.
Change-Id: I4f2f219bd7e40abafd0eb31c1275fdd8ed4db4da
|
|
|
|
|
|
|
|
Depends-on: I30ba93f76171e5993b5f0e1d7f1f5533acb25740
Closes-bug: #1668925
Change-Id: I3cb61d2d8765f9c2601bb00c4bfa24162883b96a
|
|
This spawns an extra container that runs httpd to run the TLS proxy that
will go in front of neutron server.
bp tls-via-certmonger-containers
Change-Id: I2529d78e889835f48c51e12d28ecd7c48739b02b
|
|
For TLS everywhere, neutron-server needs httpd in the image, since
it'll use a separate container that runs a TLS proxy to terminate
the connection. This requires the image where the configuration is
ran to have httpd installed, since there are several directories
and the user/group that's needed.
So, we then switch the image to be used to be neutron-server instead
of the openvswitch-agent image.
Change-Id: Ie16de3004925b7624f106d6c015ec04ef6031a06
Depends-On: I82f10ac0e7e692e6ba4a06dc10da9eaf79c60e7e
|
|
Changing the default values of neighbor table (also known as ARP table)
in the kernel to avoid neighbour table overflow and thus fix
communication errors between overcloud nodes.
default kernel values support L2 network up to 1024 hosts (/22).
The patch will allow up to 4096 hosts (/20).
Change-Id: I5fabc766dd75a38cd3d835deee7e168f04dd30ce
Closes-Bug: #1690087
|
|
The currently used resource type does not exist, therefore changing it.
Closes-Bug: 1691021
Change-Id: Iaf18af546817e0cf6cdfafcc5c54ab4d1a0f819d
|
|
This was forgotten in I72376a803ec6b2ed93903cc0c95a6ffce718b6dc and
broke containerized deployment.
Change-Id: I599a87bf06efbfefd3067c77ed6ca866505900f9
Closes-Bug: #1690870
|
|
|
|
All paths should be relative as we should not rely on the package
location - this can easily be overridden via --templates, and this
is exactly what we do for the upgrades job, where this will break
because we'll include the wrong (newer) version of these services
when deploying the older pre-upgrade overcloud.
Change-Id: Id8aea09305c0857253c44477945e34377cca64ca
|
|
|
|
Currently we just use what puppet-snmp provides in terms of defaults.
This means that currently every single snmp query gets logged with
the following:
May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161
May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161
May 15 10:51:32 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:50566->[127.0.0.1]:161
The reason is that we use '-LS0-6d' as the default content for
/etc/sysconfig/snmpd:
https://github.com/razorsedge/puppet-snmp/blob/master/manifests/params.pp#L322
This default means that we are logging from 0 (LOG_EMERG) to 6
(LOG_INFO). The above messages bring nothing in a default installation
and only spam the log files, so let's lower the upper log level to 5
(LOG_NOTICE) by default, so we properly do not see every single query in
the logs. We add an option so the operator can still configure the
desired log level via a Heat parameter.
Change-Id: I8d3dfdb4d549cd27131346fc477755ad72313449
|
|
|