Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I6a53a56c534f24cb514d8aeb8cec3d7865b93448
|
|
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: Id2df144b678769def204961236624091d4e5c457
|
|
|
|
|
|
|
|
The stat resources weren't executed in step2, and Ansible failed on
them being undefined.
Change-Id: I93621dd80d97be597eff6b8913ae9d7b2810f837
Closes-Bug: #1701221
|
|
Lets just run the ceilometer upgrade once in central agent container
Change-Id: If5e5ca6122f8583c6221bc6b343e483e41f04d29
Closes-bug: #1700056
|
|
This is needed for TLS everywhere.
Change-Id: Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3
Depends-On: I426bfdb9e6c852eb32d10a12e521bb8b47701c41
|
|
Swift object replication relies on the rsync server, which is run by
xinetd. This patch adds the missing container and configuration. Note
that xinetd needs bind to a privileged port (873) and has to be started
as root therefore.
Change-Id: I7655c9dd116c0130035d8a2fae81148171ae6448
|
|
This commit consistently defines a heat template parameter in the form
of DockerXXXConfigImage where XXX represents the name of the
config_volume that is used by docker-puppet.
The goal is to mitigate hard to debug errors where the templates would
set different defaults for the image docker-puppet.py uses to run, for
the same config_volume name.
This fixes a couple of inconsistencies on the way.
Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b
Closes-Bug: #1699791
|
|
|
|
|
|
Depends-On: I270f3f6879737fc29370165e4a8fa8c9c19fffb3
Depends-On: I3a169e3321a26ee373ab873426a2d58acbcfe1bd
Closes-Bug: #1668932
Co-Authored-By: Or Idgar <oidgar@redhat.com>
Co-Authored-By: Brent Eagles <beagles@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I211707072bb0e4ac4aa48e9bbaccb7530f3de0ca
|
|
|
|
Change-Id: Idbbff1047fbc3f664e44131770ba2849ea9d51bc
Closes-Bug: #1700082
|
|
|
|
|
|
- sets collectd service in container to log to file
consistently with other docker services.
- corrects configuration mounts
Depends-On: I50289ad6657852d37abbf12938128ff9ab9e3bac
Change-Id: Ibf9efbe249d67d0fa1e50fbd7dd9902a64d5a273
|
|
Change-Id: Ifa985f29fbd589f58cb2fc75b5f442f7651fb2bf
Depends-On: I952c86db88dcd611722a3feaea88f618eee17620
|
|
This patch sets sensu-client service in container to log to file
consistently with other docker services.
Change-Id: Ic8929326cd73c4bc4515b592fed4826b9c1d516a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Depends-On: I5dc10ef5cccf6d378c20c68fc4a32d2d3c38233f
Change-Id: Ib96040c2e27ad76b1fa6ecb9468bb9d97b3c4518
|
|
|
|
Use common volumes, and use the host log dir in DB sync container.
Co-Authored-By: Jiri Stransky <jistr@jistr.com>
Change-Id: I52602eb4ffd8834c36eec66ef845e5563f72f786
|
|
|
|
|
|
|
|
|
|
|
|
In many occasions we had log directory initialization containers
without `detach: false`, which didn't guarantee that they'll finish
before the container depending on them will start using the log
directory.
This is now fixed by moving the initialization container one global
step earlier, so that we can keep the concurrency when creating the
log dirs. (Using `detach: false` makes paunch handle just one
container at a time, and as such it can have negative performance
impact.)
For services which have their container(s) starting in step_1,
initialization cannot be moved to an earlier step, so the solution
here was to just add `detach: false`.
As a minor related change, cinder DB sync container now mounts the log
directory from host to put cinder-manage.log into the expected
location.
Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Depends-On: I3e865f2e9b6935eb3dfa4b4579c803f0127848ae
Change-Id: I09327a63d238a130b6ac0f2361f80e2b244b4b52
|
|
This service generates the /etc/my.cnf.d/tripleo.cnf file which is
being used to configured MySQL clients (e.g. client bind address,
client SSL configuration...)
We generate the config file in this service and let containerized MySQL clients
mount /var/lib/config-data/mysql_client/etc/my.cnf.d/tripleo.cnf it in their
own container. This way, when this MySQLClient service is updated, the other
containers will automatically pick the updated configuration at next restart.
Partial-Bug: #1692317
Change-Id: Idc56d27fb9645ad3b07df8ef08b7e2ce29e6d499
|
|
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481
Change-Id: Ifd138ea553a45a637a1a9fe3d0e946f8be51e119
|
|
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481
Change-Id: I808a5513decab1bd2cce949d05fd1acb17612a42
|
|
This will allow the services running in the containers to trust the CA.
bp tls-via-certmonger-containers
Change-Id: Ib7eb682da64473a651b34243c92ab76009964aba
|
|
Set up the LVM storage only if we're using iSCSI backend.
Change-Id: I62e8f9cc38b201aebd1799e05ffc1398d13a9aa0
|
|
|