| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fetch the host public keys from each node, combine them all and write to the
system-wide ssh known hosts. The alternative of disabling host key
verification is vulnerable to a MITM attack.
Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
|
|
Adds a validation to ensure at least one NTP source
is available.
Misconfigured or inaccessible NTP servers is a
common source of erratic behavior and failures. This
validation will ensure a NTP source is available
or fail with debug output from ntpdate.
The heat boolean: ValidateNtp can be set to disable
this check.
Change-Id: Ie93f943b53bf3a1b60a536df4a28ae203d98988f
|
|
The server resource type, OS::TripleO::Server can now be mapped per role
instead of globally. This allows users to mix baremetal
(OS::Nova::Server) and deployed-server (OS::Heat::DeployedServer) server
resources in the same deployment.
blueprint pluggable-server-type-per-role
Change-Id: Ib9e9abe2ba5103db221f0b485c46704b1e260dbf
|
|
|
|
|
|
|
|
|
|
Previously Ansible upgrade steps failed with: Could not find the
requested service nova-compute: cannot disable.
Change-Id: I14e8bc89aca0a3f7308d88488b431e23251cc043
Closes-Bug: #1682373
|
|
The rest of the services are using underscores, so this helps
uniformity.
Change-Id: I4ce3cc76f430a19fa08c77b004b86ecad02119ae
|
|
When containerizing ceilometer agents, keystone auth is not getting
set correctly as we're not including the service config settings.
Change-Id: Ic17d64eb39e1fcb64c198410f27adbe94c84b7d4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Change-Id: I99b96343742ee5c40d8786e26b2336427e225c82
Implements: blueprint update-plan-environment-yaml
|
|
|
|
|
|
|
|
Prior to Ocata, the Controller role was hardcoded for various lookups.
When we switched to having the primary role name being dynamically
pulled from the roles_data.yaml using the first role as the primary
role as part of I36df7fa86c2ff40026d59f02248af529a4a81861, it
introduced a regression for folks who had previously been using
a custom roles file without the Controller being listed first.
Instead of relying on the position of the role in the roles data, this
change adds the concepts of tags to the role data that can be used when
looking for specific functionality within the deployment process. If
no roles are specified with this the tags indicating a 'primary'
'controller', it will fall back to using the first role listed in the
roles data as the primary role.
Change-Id: Id3377e7d7dcc88ba9a61ca9ef1fb669949714f65
Closes-Bug: #1677374
|
|
Non-working containers upgrade CI is caused by the fact that all
multinode jobs deploy pacemaker environments.
Currently we cannot upgrade Pacemakerized deployments
anyway (containerization of pacemakerized services is WIP), upgrades
have only been tested with non-Pacemaker deployments so far.
We need a new environment which will not try deploying in a
pacemakerized way. When pacemaker-managed services are containerized, we
can change the job to upgrade an HA deployment (or single-node "HA" at
least), and perhaps even get rid of the environment file introduced
here, and reuse multinode.yaml.
Change-Id: Ie635b1b3a0b91ed5305f38d3c76f6a961efc1d30
Closes-Bug: #1682051
|
|
This allows us to better configure these parametes, e.g. we could set
the cron job to run more times per day, and not just one.
Change-Id: I0a151808804809c0742bcfa8ac876e22f5ce5570
Closes-Bug: #1682097
|
|
This is only done when TLS-everywhere is enabled, and depends on those
directories being exclusive for services that run over httpd. Which is
the commit this is on top of.
Also, an environment file was added that's similar to
environments/docker.yaml. The difference is that this one will contain
the services that can run containerized with TLS-everywhere. This file
will be updated as more services get support for this.
bp tls-via-certmonger-containers
Change-Id: I87bf59f2c33de6cf2d4ce0679a5e0e22bc24bf78
|
|
The containers also need to trust the CA's that the overcloud node
trusts, else we'll get SSL verification failures.
bp tls-via-certmonger-containers
Change-Id: I7d3412a6273777712db2c90522e365c413567c49
|
|
|
|
|
|
We pass the short hostname to docker-puppet.py. In order to satisfy the
factor FQDN check for the short hostname we need to run the container
with --net=host in some cases.
Change-Id: I2929f122f23ee33e8ea5d4c5006d2bbb8b928b67
Closes-bug: #1681903
|
|
To enable easier detection of the IPs associated with nodes (such
as to enable the tripleo-validations ansible inventory to work with
custom roles more easily) expose the data we already have about the
nodes/roles and the list of IPs for each network.
Change-Id: I5667a142f47fbff120c703bedadd8b6e163c9480
|
|
Per puppet-nova commit 2c743a6bff5b17a85d1e0500f3a9ecb21468204e
there is now a custom resource for Nova_cell_v2 configuration.
As this resource runs automatically regardless of our use
of puppet tags we need to explicitly disable it to be able to
generate Nova API configs for docker.
Change-Id: Id675dc124464acddc3fc5a88b017a351e93ba685
Closes-bug: #1681841
|
|
This moves the directories containing the certs/keys for httpd one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.
bp tls-via-certmonger-containers
Change-Id: Ibe6e66ae4589b9eab7db330dd8b178e0f8775639
Depends-On: I0b71902358b754fa8bd7fdbb213479503c87aa46
|
|
|
|
We need the service to be present to run jobs involving containers. Note
that this is effectively a no-op for the current CI jobs, as by default
the Docker service is mapped to OS::Heat::None. Docker will actually be
deployed only if environments/docker.yaml is included in the deploy
command.
Change-Id: I97a35e30e428ff64feeb411bf63dbb7aa54f9829
|
|
This is cluttering up the logs with useless error messages, making it
more difficult than necessary to debug the CI job.
Change-Id: Icbdc4c74d99fea39b8722955dab56e5f538849aa
|
|
This will give user the ability to set these values,
if IPv6 is not to be used, it's recommended that it be
disabled to reduce the attack surface of the system.
Change-Id: Ib3142cce49b93a421ca142a59961ce49a77e66b1
Co-Authored-By: Luke Hinds <lhinds@redhat.com>
Signed-off-by: zshi <zshi@redhat.com>
|
|
|
|
|
|
|
|
Add services for Dell EMC Cinder back ends to the resource registry
and to the Controller role (defaulting to OS::Heat::None).
Closes-Bug: #1681497
Change-Id: I694fd7738abd3601851bdcd38e3633607ce6152c
|
|
Implements: blueprint fdio-integration-tripleo
Change-Id: I412f7a887ca4b95bcf1314e8c54cb1e7d03b1e41
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
Convert NetApp Cinder back end to support composable roles via new
"CinderBackendNetApp" service.
Closes-Bug: #1680568
Change-Id: Ia3a78a48c32997c9d3cbe1629c2043cfc5249e1c
|
|
|
|
Change-Id: I43c35bbf959e5dcdd7e87a8f6a604d5fe5b4f2a9
|
|
|
|
Following change I1393d65ffb20b1396ff068def237418958ed3289 the ctlplane
network will be 192.168.24 by default and not 192.0.2 anymore.
This change removes old references left to 192.0.2 network from the
overcloud templates.
Change-Id: I1986721d339887741038b6cd050a46171a4d8022
|
|
|
|
This uses the coalesce function to take null values into account, else
these resources will fail validation.
Change-Id: Iaf4218dd731826f80b76ff8f7a902adc8c865be5
Closes-Bug: #1681332
|
|
yaql calls are fairly expensive. Let's try to not nest them when we can
avoid it.
Change-Id: I5e7dbc42be625bbfe7989867794a67ebae08687d
|
|
Ironic is going to change the default boot_option from netboot to local in the
near future. Let's be pro-active, and change it in advance. Users cano change
it back via new IronicDefaultBootOption configuration.
Partial-Bug: #1619339
Change-Id: Idddc2e384c6cd9a1595777090500bf04f230edd4
|
|
This reverts commit b323f8a16035549d84cdec4718380bde3d23d6c3 and uses
the new logic in puppet-tripleo (see Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b
), basically doing the same.
Closes-Bug: 1665641
Change-Id: Ib5cb0578be2993af0a0b8675005d838640bdb139
|
Oliver Walsh
Matthew Flusche
James Slagle
Jenkins
Jiri Stransky
Juan Antonio Osorio Robles
Pradeep Kilambi
Ana Krivokapic
Alex Schultz
Dan Prince
Steven Hardy
Martin André
zshi
Alan Bishop
Feng Pan
Giulio Fidente
Thomas Herve
Dmitry Tantsur
Christian Schwede