aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-02-03Simplify/fix config enabled conditions for upgradesSteven Hardy1-12/+6
We should enable each kind of upgrade per role, not per step so rework the conditions, and also only apply it to the deployment (to save the round-trip to the nodes applying an empty config) but don't disable the *Config resources as the overhead of these is small, and we reference the Step1 config in the outputs, even if it's empty. Change-Id: Iee2f1fb5b1d8b0b6001c6ab0f2a4ef2858cef281 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-02-03Disable puppet on upgrade for roles not upgradingSteven Hardy8-116/+136
Where the role has disabled upgrades, we need to skip both the ansible and puppet steps. To do this we refactor the post.j2.yaml so that it can be included in the upgrade template with an adjusted list of roles. Note this requires https://review.openstack.org/#/c/425220/ - this change will be required for local testing of this patch (run mistral-db-mange populate after updating tripleo-common and restart the mistral services, or update your repos and re-run openstack undercloud install). Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: Ie7d0fa6fef3528bd93e6cde076b964ea8de3185a
2017-02-03Merge "Moving the validation for using the template alias version for all ↵Jenkins3-6/+9
templates"
2017-02-03Merge "Switch item notation to jinja format"Jenkins1-2/+2
2017-02-02CI: enable debug on multinode and upgrade jobEmilien Macchi2-0/+2
We're running TripleO CI jobs outside TripleO projects (nova, gnocchi, etc), folks need more debug to be helpful. Change-Id: I512ad89d9ac82ae62f9cbe7d0029fb1ac7445cc9
2017-02-02Switch item notation to jinja formatMarius Cornea1-2/+2
This change fixes the item variable notation in puppet/services/ceph-osd.yaml. Change-Id: I4d105619e4ac913b4a711bf91fea5f6e3c9b4caa Closes-Bug: 1661339
2017-02-02Merge "Allow the override of pacemaker::corosync::settle_tries"Jenkins1-0/+7
2017-02-02Merge "Don't run yum_update.sh inside docker"Jenkins1-0/+5
2017-02-02Merge "Temporary UCSM mapping files should be opened with write mode"Jenkins1-2/+6
2017-02-02Merge "Use common directory in CI scenario for net-config"Jenkins1-2/+2
2017-02-02Merge "Don't run ceilometer-upgrade via upgrade_tasks"Jenkins1-3/+0
2017-02-02Moving the validation for using the template alias version for all templatesCarlos Camacho3-6/+9
Currently we are applying this validation for the services templates, this submission moves it to run with all templates. Also fixed those templates not using the alias name. Change-Id: I3a2c0ce6adcc8061fdc51f73fdc6b9748c0fead9
2017-02-01Merge "Add more explicit messagae to build_endpoint_map's check option"Jenkins1-2/+3
2017-02-01Merge "Add deployed server bootstrap for RHEL"Jenkins3-0/+42
2017-02-01Merge "Validate that endpoint_map.yaml is up to date in the gate"Jenkins1-0/+1
2017-02-01Merge "Add ability to toggle swift's ceilometer transport_url SSL"Jenkins1-0/+7
2017-02-01Add more explicit messagae to build_endpoint_map's check optionJuan Antonio Osorio Robles1-2/+3
This will hopefully help developers know what to do if their patch fails this verification. Change-Id: I01fe9ca30295c6264affdbdb773b039a744289ea
2017-02-01Validate that endpoint_map.yaml is up to date in the gateZane Bitter1-0/+1
Change-Id: I72aa48c72c825151739cb478c58e9a6c841c9130
2017-02-01Don't run ceilometer-upgrade via upgrade_tasksSteven Hardy1-3/+0
This needs to be run by puppet or ansible runs it as root and the later run by puppet fails due to permissions on the logfile. Probably we need to remove the *sync calls for most services to avoid similar issues, now that we're running puppet as part of the pre-converge upgrade process but that will be done in another patch. Change-Id: I808db2c175325a25058226842684558ea06fb5c5 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-02-01Remove Gemfile and RakefileEmilien Macchi2-31/+0
We are not running syntax and lint jobs in THT for master & newton, let's remove useless files. Change-Id: Ia572a0eb8872ab199bc68a51750dfc17ca5ee034
2017-02-01Disable the deprecation warnings as errors for puppet-syntaxEmilien Macchi1-0/+1
Recently puppet4 started deprecating ruby 2.0 with the following commit: https://github.com/puppetlabs/puppet/commit/e9eda7ed56fddcf185fc155d7e0ae054ea327504 One way to work-around this (in the absence of a more recent ruby version) is to not treat this deprecation warnings as fatal when doing the puppet syntax check Change-Id: Id49c5068ab4609e3da0417af4714e8cb8485f3d1 Closes-Bug: #1660943
2017-01-31Add ability to toggle swift's ceilometer transport_url SSLJuan Antonio Osorio Robles1-0/+7
So, if RabbitClientUseSSL is set, this will enable TLS for the swift's ceilometer message broker connection. Change-Id: Ide70a509aefc9e7eb9d7cc5b3a60520fa42b4010 Depends-On: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
2017-01-31Merge "Configure DPDK options to isolate PMD cores and ovs process cores"Jenkins1-1/+7
2017-01-31Merge "docker: eliminate copy-json.py in favor of json-file"Jenkins7-107/+54
2017-01-31Merge "Removes deprecated neutron-opendaylight-l3 env file"Jenkins1-14/+0
2017-01-31Use common directory in CI scenario for net-configMathieu Bultel1-2/+2
The multinode_major_upgrade scenario is using an external directory for net-config. Moving this to the internal directory in tht common/ Change-Id: I41692d2ddb9fbd2002fd7910933ab4edff74f33e
2017-01-30Merge "Add upgrade support for CephRGW service"Jenkins1-0/+11
2017-01-30Merge "multinode/upgrade: set heat::rpc_response_timeout to 600"Jenkins1-0/+1
2017-01-29docker: eliminate copy-json.py in favor of json-fileDan Prince7-107/+54
This patch rewires how we configure the Kolla external config files via Heat templates and uses a more simple json-file heat hook to directly write out Kolla config files to disk. By using a heat hook instead of a shell script we can avoid Json conversion issues. Additionally, This generic json file hook will be useful for other ad-hoc Json file configuration within the TripleO docker architecture. Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I8c72a4a9a7022f722bfe1cef3e18517605720cce Depends-On: I2b372ac2e291339e436202c9fe58a681ed6a743f Depends-On: Id3f779b11e23fd3122ef29b7ccbae116667d4520
2017-01-27Merge "Add AuditD composable service"Jenkins6-0/+184
2017-01-27Merge "Pass parameters for TLS proxy in front of neutron server"Jenkins1-1/+32
2017-01-27multinode/upgrade: set heat::rpc_response_timeout to 600Emilien Macchi1-0/+1
Continue the work done on https://review.openstack.org/#/c/423302/ Change-Id: I931534e0ec33e131809186f74068eb479d38a0f9
2017-01-27Merge "Remove create-legacy-resource-types opts"Jenkins1-1/+1
2017-01-27Merge "Use os-net-config in multinode jobs"Jenkins6-10/+124
2017-01-27Pass parameters for TLS proxy in front of neutron serverJuan Antonio Osorio Robles1-1/+32
If TLS in the internal network is enabled, we run neutron-server behind a TLS proxy (which is actually httpd's mod_proxy). This passes the necessary hieradata. bp tls-via-certmonger Depends-On: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e Change-Id: I9252512dbf9cf2e3eec50c41bf10629d36070bbd
2017-01-27Use os-net-config in multinode jobsEmilien Macchi6-10/+124
Full credits to James Slagle, author of this code in TripleO CI: https://review.openstack.org/#/c/409346 This patch adds a new template for configuring networking on the Overcloud nodes using os-net-config in multinode jobs. Previously we were not using os-net-config at all. Also updates the multinode.yaml environment to use this network config template. The IP of each subnode is used when the vxlan tunnels are configured in OVS, given that, each node needs its own unique network configuration. To accomodate that, the templates makes use of the network_config_hook function to influence run-os-net-config.sh This patch is just the first step to totally switching to os-net-config in multinode jobs. The devstack-gate code is still in use to bootstrap the initial networking on the undercloud and subnodes. That will be switched over in subsequent patches. Change-Id: I6efa71eb23109d0b3b480061135c572ab89f5981 Co-Authorized-By: James Slagle <jslagle@redhat.com> Implements: blueprint multinode-ci-os-net-config
2017-01-27Add support for Jinja2 includesOliver Walsh1-1/+8
This replicates the behavior of the custom Jinja2 loader from tripleo-common to allow template validation on the local filesystem using tox. Change-Id: I27683ab31187c6334dc5b4b5363a3347874b9a90 Partially-Implements: blueprint overcloud-upgrades-per-service Depends-On: Idc5c3f49c7a2fc7f3622c76da001992cc657384e
2017-01-27Add AuditD composable serviceSteven Hardy6-0/+184
This patch allows the management of the AuditD service and its associated files (such as `audit.rules`) This is achieved by means of the `puppet-auditd` puppet module. Also places ssh banner capabilities map on top of patch Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
2017-01-27Merge "Adds a pre-upgrade check that service is running (step0)"Jenkins30-1/+92
2017-01-27Merge "Adds SSH Banner text into sshd_config"Jenkins5-0/+63
2017-01-27Adds a pre-upgrade check that service is running (step0)marios30-1/+92
Adds a step0 for most services to check that the state is running before continuing with any of the other upgrades steps (these are tagged step0). You can skip this service check by overriding the SkipUpgradeConfigTags parameter as follows: parameter_defaults: SkipUpgradeConfigTags: validation Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
2017-01-27Allow the override of pacemaker::corosync::settle_triesMichele Baldessari1-0/+7
When replacing a controller node, Exec['wait-for-settle'] needs to timeout, which means that the command pcs cluster auth will be executed 360 times with 10 seconds in between. So that means waiting for an hour for no reason. Let's allow to override the settle_tries counter so an operator can shorten it accordingly. Tested this by setting CorosyncSettleTries to 100 and I correctly get proper hiera settings: $ hiera pacemaker::corosync::settle_tries 100 And effectively we try a number of 100 times as opposed to the 360 default: /Stage[main]/Pacemaker::Corosync/Exec[reauthenticate-across-all-nodes]/returns (debug): Exec try 1/100 Change-Id: I5e21b4215cb0b8686d2059b3d71e2444a96719dc Closes-Bug: #1659741
2017-01-27Merge "Allow to separate Horizon from Neutron"Jenkins1-0/+3
2017-01-27Merge "Add a release note for using deployed-servers (aka split-stack)"Jenkins1-0/+8
2017-01-27Merge "Add release note for composable upgrades"Jenkins1-0/+14
2017-01-26Merge "Add novajoin entries to the TLS-everywhere environment file"Jenkins1-0/+9
2017-01-26Allow to separate Horizon from NeutronEmilien Macchi1-0/+3
Allow to deploy 2 different nodes with Neutron and another with Horizon. Horizon will get the right hieradata to collect the mechanism driver and configure the dashboard correctly. Change-Id: I24621f6a7d053cff487984bab0d10a4a97204675 Closes-Bug: 1659662
2017-01-26Merge "Add telemetry service support for composable upgrades"Jenkins13-0/+64
2017-01-26Add deployed server bootstrap for RHELJames Slagle3-0/+42
This is similar to the bootstrap for CentOS, except we don't set SELinux to permissive on RHEL. Change-Id: I52b8fa017ee2821d2fa91e5ec806a55fcb92566d Partially-implements: blueprint split-stack-software-configuration
2017-01-26Merge "Do not try to update the 'ceph' metapackage from CephMon role"Jenkins2-1/+7