summaryrefslogtreecommitdiffstats
path: root/deployed-server
AgeCommit message (Collapse)AuthorFilesLines
2017-04-03Purge initial firewall for deployed-server'sJames Slagle2-0/+6
We need to purge the initial firewall for deployed-server's, otherwise if you have a default REJECT rule, the pacemaker cluster will fail to initialize. This matches the behavior done when using images, see: Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3 I0dee5ff045fbfe7b55d078583e16b107eec534aa Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911 Closes-Bug: #1679234
2017-03-27Merge "Sort ResourceGroup resource list"Jenkins1-1/+1
2017-03-22Install openstack-selinux for deployed-serverJames Slagle2-2/+4
No other packages actually require openstack-selinux, so it must be explicity installed. Change-Id: Ic7b39ddfc4cfb28b8a08e9b02043211e4ca4a39a Closes-Bug: #1675170
2017-03-13Add certmonger-user profileJuan Antonio Osorio Robles1-0/+5
This profile will request the certificates for the services on the node. So with this, we will remove the requesting of these certs on the services' profiles themselves. The reasoning for this is that for a containerized environment, the containers won't have credentials to the CA while the baremetal node does. So, with this, we will have this profile that still gets executed in the baremetal nodes, and we can subsequently pass the requested certificates by bind-mounting them on the containers. On the other hand, this approach still works well for the TLS-everywhere case when the services are running on baremetal. Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6 Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
2017-02-17Make the DB URIs host-independent for all servicesMichele Baldessari1-0/+1
When fixing LP#1643487 we added ?bind_address to all DB URIs. Since this clashes with Cellsv2 due to the URIs becoming host dependent, we need a new approach to pass bind_address to pymysql that leaves the DB URIs host-independent. In change Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18 we first create a /etc/my.cnf.d/tripleo.cnf file with a [tripleo] section with the correct bind-address option. In this change we make sure that the DB URIs will point to the added file and to the specific section containing the necessary bind-address option. We do introduce a new MySQLClient profile which will hold all this more client-specific configuration so that this change can fit better in the composable roles work. Also, in the future it might contain the necessary configuration for SSL for example. Note that in case the /etc/my.cnf.d/tripleo.cnf file does not exist (because it is created via the mysqlclient profile), things keep on working as usual and the bind-address option simply won't be set, which has no impact on hosts where there are no VIPs. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: Ieac33efe38f32e949fd89545eb1cd8e0fe114a12 Related-Bug: #1643487 Closes-Bug: #1663181 Closes-Bug: #1664524 Depends-On: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
2017-02-17Sort ResourceGroup resource listJames Slagle1-1/+1
We should sort the results by resource_name when listing resources in the ResourceGroup stack in get-occ-config.sh, as the order is not guaranteed. We want the order to always be numerical ascending by resource_name (which are just integers starting at 0). Change-Id: Iccef81e4dfd9586e0030f20bdde131d1a885eb19 Closes-Bug: #1665458
2017-01-26Add deployed server bootstrap for RHELJames Slagle2-0/+35
This is similar to the bootstrap for CentOS, except we don't set SELinux to permissive on RHEL. Change-Id: I52b8fa017ee2821d2fa91e5ec806a55fcb92566d Partially-implements: blueprint split-stack-software-configuration
2017-01-19Merge "Fix a typo in deployed-server/README.rst"Jenkins1-1/+1
2017-01-18Merge "Bump missing template names to ocata"Jenkins1-1/+1
2017-01-18Merge "Remove Glance Registry service"Jenkins1-1/+0
2017-01-17Nova Placement API composable serviceEmilien Macchi1-0/+1
Add support to deploy Nova Placement API service in TripleO. Change-Id: Ie41ebc362a0695c8f55419e231100c63007405ed
2017-01-17Bump missing template names to ocataCarlos Camacho1-1/+1
Update pending templates to use the release name alias. Change-Id: I39f9be212d3e9f3bec6f45d9757eca7a3b0ccc06
2017-01-16Remove Glance Registry serviceEmilien Macchi1-1/+0
Glance registry is not required for the v2 of the API and there are plans to deprecate it in the glance community. Let's remove v1 support since it has been deprecated for a while in Glance. Depends-On: I77db1e1789fba0fb8ac014d6d1f8f5a8ae98ae84 Co-Authored: Flavio Percoco <flaper87@gmail.com> Change-Id: I0cd722e8c5a43fd19336e23a7fada71c257a8e2d
2017-01-16Fix typo in template descriptionJames Slagle1-1/+1
The DeployedServerPortMap parameter actually joins the hostname and network name with a dash, not an underscore. This commit just fixes the template description for documentation purproses. Change-Id: Iea874e090bc615fd56b07e327465d093bcb0df9c
2017-01-16Deployed server bootstrap via HeatJames Slagle3-0/+43
Adds an environment file, template, and script that can be used to do initial bootstrapping of deployed servers during NodeExtraConfig. It is meant to install and configure the initial dependencies needed to apply the rest of the OpenStack configuration via Heat. Enabling yum repos and installing the initial python-heat-agent package would still have to be manual steps when using this environment. But the goal is to keep those manual steps to a minimum and automate as much as possible in deployed-server-bootstrap.sh. Along with setting EnablePackageInstall: True, this could eventually replace bootstrap-overcloud-full.sh from tripleo-ci. Partially-implements: blueprint split-stack-software-configuration Change-Id: I6be94604a46382e6288df1b36b9de8fab58696cc
2017-01-16Use custom role names in deployed-server rolesJames Slagle1-6/+5
Custom role names need to be used in the deployed server role files, otherwise the new customized roles are not generated by jinja since the default roles are excluded from templating in j2_excludes.yaml. This patch also removes the OS::TripleO::Services::Core service that was recently removed from the default Controller role as well in I48cd2b6a4593d673d5883b45feae088392e7e713 Partially-implements: blueprint split-stack-software-configuration Change-Id: I60cb60382d472cd093f07e134245f666029f3b16
2017-01-10Add deployed-server backwards compatible templateJames Slagle2-2/+30
In Newton, the ctlplane port on deployed-server was called <hostname>-ctlplane-port. When this code was refactored in I29fbc720c3d582cbb94385e65e4b64b101f7eac9, the -port suffix was dropped in favor of <hostname>-<network> convention, and the port resource was created directly in deployed-server.yaml instead of in a nested stack. Both of those changes were backwards incompatible -- making it impossible to upgrade to the new version of deployed-server.yaml without the ctlplane port getting deleted/recreated, which causes a change in IP address. The IP address change causes services to be misconfigured on upgrade attempts. Change-Id: I45991b60a151abf3c5e4d05a3aa7246b2d25ac5a
2017-01-08Continue checking for request url if initially nullJames Slagle1-1/+8
When using get-occ-config.sh during overcloud upgrades, the script could potentially be started before the stack has been upgraded. In that scenario, the script will return null for the request metadata url for the deployed-server resource since the stack has not yet been updated and it's still using the previous Heat signaling. This patch updates the script to just continue checking the resource metadata if the request url is null. Eventually, once the resource has been updated, the script will continue and properly populate the os-collect-config configuration. Change-Id: I9db54d8ad278715f42b768edf8f0fd21998b2098
2017-01-08Add UpgradeInitCommand to deployed-serverJames Slagle1-0/+26
The commands specified by UpgradeInitCommand need to be run before InstanceIdDeployment in deployed-server.yaml, otherwise the upgrades hang with the resource in progress. This is because the new python-heat-agent-apply-config has not yet been installed on the deployed server. Adding the UpgradeInitCommand (and corresponding SoftwareConfig/SoftwareDeployment to apply it) will cause the new repos and python-heat-agent-* rpm's to be installed before InstanceIdDeployment. An open question is whether or not Heat should even be triggering the InstanceIdDepoyment to IN_PROGRESS on upgrade when only the group is changing from os-apply-config to apply-config. If that turns out to be a Heat bug, then this patch wouldn't be necessary. Change-Id: I9d87f995744415b110a7d0bca8d2309d7167148c
2017-01-05Fix a typo in deployed-server/README.rstCao Xuan Hoang1-1/+1
Removed redundant 'the' Change-Id: I4cfeb93738979e95ff00ee6760689be3410b373d
2017-01-04Add custom roles data for deployed-serverJames Slagle1-0/+173
Adds a custom roles data file for use when using the deployed-server templates. The file takes care of setting disable_constraints: True, so that deployers don't have to do things like create fake images in glance. Also adds a comment to roles_data.yaml documenting disable_constraints. Partially-implements: blueprint split-stack-software-configuration Change-Id: I7c26c0c2851e0d6bcea42d7af7f4295a1944ec9f
2016-12-23Bump template version for all templates to "ocata"Steven Hardy2-2/+2
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-21Merge "Add "deployed server" fake neutron ports"Jenkins3-26/+76
2016-12-20Merge "Use OS::Heat::DeployedServer"Jenkins3-41/+10
2016-12-17Merge "Use hostname -s instead of hostnamectl --transient"Jenkins1-1/+1
2016-12-17Add "deployed server" fake neutron portsDan Prince3-26/+76
This patch swaps out the noop ctlplane port for a more proper fake neutron port stack. This stack is a swap in for the OS::Neutron::Port heat resource and can be controlled via the DeployedServerPortMap parameter. By relying on <hostname>-<network> naming conventions in the map we can map IPs to specific servers without using the Neutron API. This will allow us to inject IP information into the Heat stack within the new t-h-t undercloud installer which currently does not run a Neutron service. Change-Id: I29fbc720c3d582cbb94385e65e4b64b101f7eac9
2016-12-15Merge "Deployed server: switch to apply-config hook"Jenkins1-1/+1
2016-12-14Use hostname -s instead of hostnamectl --transientDan Prince1-1/+1
This patch updates the deployed-server interface to use a simple hostname -s. The previous hostnamectl --transient can pick up extra domain name configuration in some cases that can cause very odd hostname generation if used with the tripleo-heat-template host file generation. This would actually break the new undercloud t-h-t installer in that some of the /etc/hosts entries would be invalid (no IP address) due to substring replacements failing in a variety of odd hostname situations. Simplifying the hostname of deployed servers to just the short version seems the most sensable way to avoid all this. Change-Id: Ia7e636d021f948ea5234475cef02f666d8ce6999
2016-12-13Use OS::Heat::DeployedServerJames Slagle3-41/+10
The new DeployedServer resource in Heat will provide a native resource for Server resources that are not orchestrated via Nova. This will allow associating SoftwareDeployment's with servers that have not been launched with Nova with Heat directly. With the new resource, all of the SoftwareConfigTransport methods are available, including POLL_TEMP_URL. This patch also updates the get-occ-config.sh script to configure the requests collector in os-collect-config.conf on the deployed servers. Change-Id: I4b80421088acca709fe3f92741c5c052be483131 Partially-implements: blueprint split-stack-software-configuration Depends-On: I07b9a053ecd3ef4411b602bbc6ef985224834cf8
2016-12-08Merge "Make get-occ-config.sh support custom roles"Jenkins2-12/+25
2016-12-01Make get-occ-config.sh support custom rolesJames Slagle2-12/+25
Updates the get-occ-config.sh script used with the deployed-server environment to support custom roles. Any custom role name, and a corresponding set of hosts (ip addresses or hostnames) can now be passed to the script and it will query for the proper nested stack uuid's and configure os-collect-config appropriately on the respective nodes. Change-Id: I8fc39e6d18cd70ff881e2a284234b26261018d67
2016-12-01Use transient hostname for deployed serversSteve Baker1-17/+2
The name output returned by this template is expected to be the short name rather than a FQDN. Generally 'hostnamectl --static' returns a FQDN and --transient will be the short name. This change switches to using --transient and also simplifies the script by dropping the unused outputs. Change-Id: I19eaf9f66668f7e68765bad4018c0c60314f3f8f
2016-11-30Deployed server: switch to apply-config hookDan Prince1-1/+1
This patch switches the deployed-server.yaml template to use apply-config instead of os-apply-config. The 'apply-config' hook is now installed via a package (no longer requires elements for installation) and supports more signalling options. This is required to support the undercloud installer which doesn't work with os-collect-config heat metadata. Change-Id: I7963fe4f38e8f04c9871fe651d39efec1aa17c41
2016-11-28get-occ-config.sh replace deprecated heat commandsSteve Baker1-10/+10
The modern openstack equivalent heat commands require no awk and will be slightly more efficient. The roles variable is optionally populated by OVERCLOUD_ROLES so that a subset of roles can be specified. Change-Id: I6b66cb3bd81825fba726dd45b0db25896908f6dd
2016-08-07Make deployed-server OS::Neutron::Port optionalDan Prince2-10/+26
This patch makes it possible to set OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None in your resource_registry and thereby avoid the creation of a neutron port for the deployed server. This is useful if you are bootstrapping things in an environment without Neutron. Also, includes a new deployed-server-noop-ctlplane.yaml environment file. Change-Id: I2990dc816698e0f6e3193a8fc7c9c6767c6e50e5
2016-07-26Force a tty for sudo in get-occ-config.shJames Slagle1-1/+1
This script will sometimes fail with "you must have a tty to run sudo" depending on how it was executed. Add -tt to the $SSH_OPTIONS to always force a tty. Change-Id: Ic1144b9ba90d4af35db826a78e637da965569841 Closes-Bug: #1606544
2016-07-11Use already Deployed/Installed serversJames Slagle4-0/+386
This patch provides a set of templates that enables tripleo-heat-templates to be used with a set of already deployed, installed, and running servers. In this method, Nova and Ironic are not used to deploy any servers. This approach is attractive for POC deployments where dedicated provisioning networks are not available, or other server install methods are dictated for various reasons. There are also assumptions that currently have to be made about the software installed on the already deployed servers. Effectively, they must match the standard TripleO overcloud-full image. Co-Authored-By: Steve Hardy <shardy@redhat.com> Change-Id: I4ab1531f69c73457653f1cca3fe30cc32a04c129