aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-11-23Run os-net-config before restarting cluster on updateBrent Eagles1-0/+11
Running os-net-config before restarting the cluster prevents changes to the interface files caused by changes to implementation from bouncing network interfaces after the cluster has restarted. Closes-Bug: #1644138 Change-Id: I65fb104465ff3d37ddc791634302994334136014
2016-11-23Merge "Make the CloudDomain defaults match the doc strings"Jenkins6-0/+6
2016-11-23Merge "Remove Combination alarms support"Jenkins1-6/+0
2016-11-23Explicitly set rabbit hosts so its not overridden during upgradePradeep Kilambi1-1/+7
During ceilometer pre upgrade, rabbit host config gets overridden in ceilometer conf as its setting to defaults. This explicitly sets the host info in standalone manifest. Closes-Bug: #1644278 Change-Id: I862ea7165c5d42ba1f9a19111a8be8934c0ef883
2016-11-23Cleanup some inline comments in network/configDan Prince10-46/+0
This patch cleans up some inline comments that are a bit non-standardly formatted so that we can more easily parse these templates in an automated fashion. Change-Id: Ibf91f3478fd894f9323d8805729ece9c5fab256f
2016-11-23Merge "Configure Keystone Fernet Keys"Jenkins1-0/+11
2016-11-23Merge "Fix resource_registry path in enable-internal-tls"Jenkins1-1/+1
2016-11-23Merge "Fix ovs 2.4 to 2.5 upgrade - minor update non controllers"Jenkins1-14/+13
2016-11-23Merge "Containerized Services for Composable Roles"Jenkins13-360/+769
2016-11-23Merge "Enables auto-detection for VIP interfaces"Jenkins2-17/+9
2016-11-22Make the CloudDomain defaults match the doc stringsJulie Pichon6-0/+6
Not having the default easily accessible is causing issues for the UI, as it cannot guess at it and can accidentally overwrite the value with an empty string (the expected default when unset). The default is already helpfully spelled out in the doc string for each file, this updates the parameter to match it. Change-Id: Ic284f9904e8f1d01cc717d59a0759f679d94106d Closes-Bug: #1643670
2016-11-22Fix ovs 2.4 to 2.5 upgrade - minor update non controllersmarios1-14/+13
In I9b1f0eaa0d36a28e20b507bec6a4e9b3af1781ae and I11fcf688982ceda5eef7afc8904afae44300c2d9 we landed a workaround for the openvswitch 2.4 to 2.5 upgrade discussed in the bug below. Unfortunately testing has revealed a problem with the minor update case specifically for non controllers. It seems we would exit before the ovs workaround has had a chance to execute. This moves the block up a few lines to avoid this condition. As with the other two reviews noted here, this will need to go into newton and then mitaka too. Change-Id: If905de82d96302334ebe02de9c43f00faed9b72b Related-Bug: 1635205
2016-11-22Fix resource_registry path in enable-internal-tlsJuan Antonio Osorio Robles1-1/+1
It had a wrong path and thus crashed when one tried to use it. Change-Id: Ida4f899c76cce6e819d7e0effaf038f699763bee Closes-Bug: #1643863
2016-11-22Containerized Services for Composable RolesIan Main13-360/+769
This change modifies the template interface to support containers and converts the compute services to composable roles. Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Steve Baker <sbaker@redhat.com> Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b
2016-11-22Merge "Disable Options Indexes in horizon"Jenkins1-0/+1
2016-11-21Merge "Enable enforce_password_check"Jenkins1-0/+1
2016-11-21Add necessary parameters for encrypted volumes supportJuan Antonio Osorio Robles1-0/+14
If barbican is set, it will configure cinder and nova-compute with the necessary parameters to enable encrypted volumes to be created if requested. Change-Id: Id13811cf8e090706c590ffff46c237ff8131efd9
2016-11-18Make Ceilometer notifications non-blockingChristian Schwede1-0/+1
Ceilometer notifications can be sent in a background thread, unblocking the Swift proxy in case the RabbitMQ is not processing notifications quick enough or even unavailable. There is a default queue size of 1000 notifications. If more messages are added to the queue these will be discarded, and a warning log entry will be emitted. Change-Id: I98022dcbf661a5bb7425f49ba8525225d61212dc
2016-11-18Disable keepalived for HA deployments via t-h-tSteven Hardy2-2/+3
Currently this is disabled via a conditional in the keepalived profile in puppet-tripleo, but this will be incompatible with the planned composable upgrades implementation. Instead we should disable the service template by mapping to OS::Heat::None, and ensure the haproxy manifest uses the t-h-t generated hiera value keepalived_enabled instead of hard-coding a hiera override in the haproxy template. Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef Partial-Bug: #1642936 Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
2016-11-18Merge "Use j2 loops in post.j2.yaml"Jenkins1-56/+13
2016-11-18Merge "Correct AllNodesDeploySteps depends_on"Jenkins1-1/+1
2016-11-17Disable Options Indexes in horizonAndreas Karis1-0/+1
Security scanners complain that directory listings are enabled in horizon. Change-Id: I1d7cfcb3521e8235a99bc452f1b7b92c20ce72ac Closes-Bug: #1637576
2016-11-17No longer hard coding to a specifc network interface name.Harald Jensas1-2/+2
Instead of using a specific network interface name, thi fix fetch all ethernet mac addresses. Then uses this list of mac addresses to do a check if any entries in the list match any of the values in NetConfigDataLookup for a node. If there is a match, the /etc/os-net-config/mapping.yaml file for the node will be written. This fix removes the hard coded interface name 'eth0' used to get a mac address as identifyer for the specific node before. Using a hard coded interface name such as 'eth0' would have failed on most hardware because of "consistent network device names". Fix Bug: #1642551 Change-Id: I6c1d1b4d70b916bc5d9049469df8221f8ab2eb95
2016-11-17Add panko api support to service templatesPradeep Kilambi12-0/+434
This integrates panko service api into tripleo heat templates. By default, we will disable this service, an environment service file is included to enable if needed. Depends-On: I35f283bdf8dd0ed979c65633724f0464695130a4 Change-Id: I07da3030c6dc69cce7327b54091da15a0c58798e
2016-11-17Remove conditional for neutron l3_haSteven Hardy1-28/+10
This is handled in puppet-tripleo instead so we can remove the hard-coded reference to ControllerCount and instead use the hiera neutron_api_node_names to derive the number of neutron API nodes regardless of roles. Note that the NeutronL3HA parameter is maintained despite being marked deprecated because we need to backport this bugfix so we can't just remove it. I'm not sure if we want to consider removing the deprecation as leaving the override parameter in place seems fairly low overhead. Closes-Bug: #1629187 Change-Id: I7a77836dcaf809cc7959fca7691a4cd7d4af5d6a Depends-On: I01c50973eec8138ec61304f2982d5026142f267c
2016-11-17Configure Keystone Fernet KeysAdam Young1-0/+11
Provision the Keystone Fernet Token provider by installing 2 keys with dynamic content generated by python-tripleoclient. Note that this only sets up the necessary keys to use fernet as a token provider, however, this does not intend to set it up as the default provider; This will be discussed and will come as part of another commit. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: Ic070d160b519b8637997dbde165dbf15275e0dfe Change-Id: Iaa5499614417000c1b9ba42a776a50cb22c1bb30
2016-11-17Enable enforce_password_checkLuke Hinds1-0/+1
By setting ENFORCE_PASSWORD_CHECK to `True`, it displays an 'Admin Password' field on the Change Password form to verify that it is indeed the admin logged-in who wants to change the password. Change-Id: Ib11bef93b6b0c74063052875fa361290bf1e92fd Depends-On: If7af97df7a011569a7e14fbab4f880688d7b82c3 Closes-Bug: #1640806
2016-11-16Remove Combination alarms supportPradeep Kilambi1-6/+0
combination alarms are completely removed in Ocata. Remove this from tripleo. Change-Id: Iec2e26ebdaa108ddbb2cf45fc4b6c68023fb6ce0
2016-11-16Merge "Do not manage overcloud repositories when using external Ceph"Jenkins1-0/+8
2016-11-16Merge "Use keystone profile parameter to pass heat password"Jenkins1-1/+1
2016-11-16Merge "Fix up Newton->Ocata rabbitmq ha policy"Jenkins2-1/+21
2016-11-16Merge "Replace ceilometer-dbsync by ceilometer-upgrade"Jenkins1-1/+1
2016-11-16Do not manage overcloud repositories when using external CephJohn Fulton1-0/+8
ceph::profile::params::manage_repo should default to false when using external Ceph. Overcloud Ceph clients use Ceph packages, which may be provided by the 'ceph' metapackage, but not for all repos, see related bug. So, this change also includes a list of packages as a workaround as used in change Ie55d22301dd22102d471e6002dfcaad4bfadd5f6. Change-Id: I338e51637aa39d3f7bbbad0263740f728d42cb9b Closes-bug: 1641989 Related-Bug: 1629933
2016-11-16Correct AllNodesDeploySteps depends_onSteven Hardy1-1/+1
This is wrong atm, it should loop to create a list for the depends_on not multiple depends_on statements. Note this was first corrected in https://review.openstack.org/#/c/330659/ but we need it as a standalone patch that can be backported. Change-Id: I4d1d6346f2147e573fc0900038f1ad1d782e75ee Closes-Bug: #1642069
2016-11-16Use keystone profile parameter to pass heat passwordJuan Antonio Osorio Robles1-1/+1
Instead of relying on an explicit hiera call to get the stack domain password, this uses the keystone parameter to introduce that value instead. Change-Id: I0e5124d57fdc519262fdec2dbeaaac85afaeebdf
2016-11-15Nova base cleanups for hiera json hookDan Prince1-43/+51
This patch resolves an issue with nova-base.yaml that prevents it from working with the new heat hiera agent hook (which uses Json instead of Yaml). It updates the service so that we only set the upgrade level if it is not an empty string. Partial-bug: #1596373 Change-Id: I595f2e16c33a6f935c7ca8935fec445d19c7b8f3
2016-11-15Horizon service cleanups for hiera json hookDan Prince1-35/+34
This patch resolves a few issues I noticed when porting our Horizon service to support the new heat hiera agent hook (which uses Json instead of Yaml). -we only need to set django_debug if the string is non-empty. This should match previous behavior. -remove the duplicated NeutronMechanismDrivers setting. This is already managed in the neutron services and shouldn't be set here. Change-Id: I473e110bb9b14cb8f57d41c4fc398871548726b0 Partial-bug: #1596373
2016-11-16Merge "Fix external Load Balancer deployment"Jenkins1-2/+1
2016-11-16Merge "Revert "Adjust MTU to compensate for VLAN tag issue""Jenkins1-5/+2
2016-11-15Merge "Enable internal TLS for Barbican API"Jenkins1-1/+4
2016-11-15Merge "Define keystone token provider"Jenkins1-1/+12
2016-11-15Merge "Disable password reveal in horizon"Jenkins1-0/+1
2016-11-15Replace ceilometer-dbsync by ceilometer-upgradeSteven Hardy1-1/+1
https://review.openstack.org/#/c/388688/ has removed ceilometer-dbsync so ceilometer-upgrade must be used instead. Additionally, ceilometer-dbsync enabled option --skip-gnocchi-resource-types and ceilometer-upgrade doesn't, so i'm setting it by default to ensure backwards compatibility. Note this is based on the corresponding fix to puppet-ceilometer ref https://review.openstack.org/#/c/396570 Change-Id: Ic0a15c75d1cd3e3f70eeafd9ba09d50c58cc1293 Closes-Bug: #1641076
2016-11-15Fix external Load Balancer deploymentMichele Baldessari1-2/+1
Deployments using external LB will file like this: deploy_stderr: | + RESTART_FOLDER=/var/lib/tripleo/pacemaker-restarts + [[ -d /var/lib/tripleo/pacemaker-restarts ]] ++ systemctl is-active haproxy + haproxy_status=unknown deploy_status_code: 3 openstack software deployment show 4f339ca4-7600-4ca0-b0ef-f798bc47b6cf The reason is that via https://review.openstack.org/#/c/393644/ we introducted the haproxy restart like this: haproxy_status=$(systemctl is-active haproxy) if [ "$haproxy_status" = "active" ]; then systemctl reload haproxy fi The problem is that if haproxy is not running/installed systemctl is-active can fail and the script will terminate with an error return code. Let's just move the call inside the if so the script does not fail in case haproxy is not there. The snippet before the change (on a system without haproxy installed): [root@mrg-09 tmp]# ./test.sh ++ systemctl is-active haproxy + haproxy_status=unknown [root@mrg-09 tmp]# echo $? 3 After this change: [root@mrg-09 tmp]# ./test.sh ++ systemctl is-active haproxy + '[' unknown = active ']' [root@mrg-09 tmp]# echo $? 0 Change-Id: I837c63a9dbcde8c922f843c442974fa79cf1eede Closes-Bug: #1641904
2016-11-14Define keystone token providerAlex Schultz1-1/+12
In order to eventually enable fernet tokens for keystone, we need to be specify the token provider. This change codifies the current default used by TripleO of uuid tokens and fernet token setup disabled. Change-Id: I7c03ed7b6495d0b9a57986458d020b3e3bf7224a Closes-Bug: #1641763
2016-11-14Composable Zaqar servicesBrad P. Crochet8-0/+597
Adds new puppet and puppet pacemaker specific services for Zaqar. The Pacemaker templates extend the default Zaqar services and swap in the Pacemaker specific puppet-tripleo profile instead. Change-Id: Ia5ca4fe317339dd05b0fa3d5abebca6ca5066bce Depends-On: Ie215289a7be681a2b1aa5495d3f965c005d62f52 Depends-On: I0b077e85ba5fcd9fdfd33956cf33ce2403fcb088 Implements: blueprint composable-services-within-roles
2016-11-14Merge "Fix typo in Keystone Sensu subscription"Jenkins1-1/+1
2016-11-14Merge "Use default Sensu redact"Jenkins1-3/+14
2016-11-14Fix up Newton->Ocata rabbitmq ha policyMichele Baldessari2-1/+21
In ocata we changed the ha policy to "ha-exactly" via the following changes: - tht: Iace6daf27a76cb8ef1050ada0de7ff1f530916c6 - puppet-tripleo: Ib62001c03e1e08f58cf0c6e0ba07a8879a584084 We initially also took care of changing this policy (which is set in the pacemaker resource agent) for the M/N upgrade path: I2468a096b5d7042bc801a742a7a85fb1521c1c02 In the end we decided against changing the policy in Newton as well (it was only for ocata) as it was too close to the release date and we took the safer path. This patch does two things: 1) It renames the upgrade function to "newton_ocata" since that is the only upgrade path we need to take care of 2) It reinstates the actual upgrade function which was mistakenly removed via an unrelated change in the ceilometer upgrade path: If9d6987cd0a8fc5d3f9de518ba422d97d5149732 Closes-Bug: #1628998 Change-Id: I3a97505d2ae1ae27f3080ffe74c33fdabffd2420
2016-11-14Merge "Fixes missing OVS Firewall config with OpenDaylight"Jenkins1-0/+6