| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
We're not going to want to list every single sample environment in
a single file, so let's also take a directory and just read every
yaml file in it. This commit adds support for that as well as
some initial environments to demonstrate its use.
Change-Id: If2c608f2a61fc5e16784ab594d23f1fa335e1d3c
|
|
HorizonSecureCookies is incompatible with non-ssl deployments, which
is our default deployment method. When SSL is in use, it can be
turned on in the enable-tls.yaml file. This does mean that
existing users won't automatically get this feature turned on as
part of their upgrade because enable-tls.yaml is an environment that
is intended to be copied and edited, but it's simple to add the
parameter to the file for users who want that behavior after they
upgrade to a version where it is available.
Change-Id: If83d3d8709fc4e0c09569e8bf524721d332bf560
Closes-Bug: 1696861
|
|
It makes more sense for the enable-tls.yaml file to contain the
resource registry override, since it contains parameters that are
actually used there. Also, this allows us to reuse the
tls-endpoints-public-* files for other methods of enabling TLS (such
as with certmonger).
Change-Id: I98c63d0007e61968c0490a474eddb42548891fa6
|
|
Having the endpoint map in the same environment as the SSL
certificate parameters means that every time a service is added to
the overcloud, the user must remember to update their copy of
enable-tls.yaml to reflect the new service.
To avoid this, let's separate the SSL EndpointMap from the SSL
certificates so users can simply pass the shipped list of SSL
endpoints and only have to customize the certificate env file. As
and added bonus, this means they won't have to put the certificates
in enable-tls.yaml specifically. The parameters can be set
anywhere, and will be used as long as one of the tls-endpoints
envs is also specified.
inject-trust-anchor.yaml is not changed, but it could already be
used in the same fashion. The root certificate param could be set
in any env passed after inject-trust-anchor.yaml, and then
inject-trust-anchor.yaml would only be responsible for setting the
appropriate resource_registry entry. This way there is no need to
customize the in-tree inject-trust-anchor.yaml either.
Change-Id: I38eabb903b8382e6577ccc97e21fbb9d09c382b3
|
|
Currently we have a hard-coded set of per-service parameters, which
will cause problems for custom roles and full composability.
As a first step towards making this more configurable, remove the
hard-coded per-service parameters from overcloud.yaml, and adjust
the EndpointMap generation to instead accept two mappings, the
ServiceNetMap and a mapping of networks to IPs (effectively this
just moves the map lookup inside the endpoint map instead of
inside overcloud.yaml)
Change-Id: Ib522e89c36eed2115a6586dd5a6770907d9b33db
Partially-Implements: blueprint custom-roles
|
|
Allows the installation and configuration of Manila.
Supports the generic driver only. This has a dependency on the
puppet-tripleo classes for manila where the puppet specific
config now lives.
The review at https://review.openstack.org/#/c/315658/ has been
merge into this one, as of v68, so manila lands as a composable
service. This was brought up on the mailing list at [1]
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-May/096126.html
Co-Authored-By: Marios Andreou <marios@redhat.com>
Implements: blueprint composable-services-within-roles
Depends-On: I444916d60a67bf730bf4089323dba1c1429e2e71
Depends-On: I9eda4b3364e5c59342761a1ec71b0eb567c69cf1
Depends-On: I571b65a5402c1028418476a573ebeb9450ed00c9
Change-Id: I7acebac4354fca1f8d7ff6c343c1346bf29b81c6
|
|
Change-Id: Ife466e6a8b8112777d4c0e845e31fa633da5e53d
|
|
Note that this change is not enough yet to deploy bare metal instances,
it only deploys Ironic services themselves and makes sure they work.
Also it does not support HA for now.
Co-Authored-By: Dmitry Tantsur <dtansur@redhat.com>
Partially-implements: blueprint ironic-integration
Change-Id: I541be905022264e2d4828e7c46338f2e300df540
|
|
By passing the MysqlVirtualIP via the EndpointMap we won't need it
to be provided as a parameter to the services.
This follows what is already happening for the glance registry
service with I9186e56cd4746a60e65dc5ac12e6595ac56505f0.
Change-Id: Iad2ab389bf64d0fc8b06eb0e7d29b5370ff27dff
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
|
|
|
|
Nova EC2 does not exist anymore since Mitaka, parameters are already
deprecated in Mitaka and send warnings to the Puppet catalog.
The service has been replaced by ec2api project, where Puppet OpenStack
team is currently writting a module.
In the meantime we add support in TripleO, this patch removes all
occurences of Nova EC2 configuration, which are useless and send
warnings for nothing.
Change-Id: Ief2d0e5c77b5ac58560606fee930fbd66c40ffc3
|
|
Change-Id: I8f98ce92fc387d2263fda738c1c8a209e3cbbb85
|
|
Change-Id: I0cab3cdb2189dab3844f2eda52b8697d05ad3447
|
|
This patch adds GlanceRegistry to the endpoint map. This
will make accessing Glance registry setings via the endpoint
map possible.
Change-Id: I9186e56cd4746a60e65dc5ac12e6595ac56505f0
|
|
* Deploy Gnocchi API.
* Storage backends: swift, rbd and file.
* Indexer backend default to mysql
* Configure Ceilometer to send metrics datas to Gnocchi
* Pacemaker config
Depends-On: Ic8778a3104e0ed0460423e4bf857682220dc5802
Depends-On: I7d2eb9405e0171fc54fa0b616122f69db5f51ce2
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com>
Change-Id: Ifde17b1ab8fa2b30544633e455e1c7eb475705aa
|
|
The change in ab068a824ed51e78bf111387223e58e885ec5c84 is described as
temporary, so it would be better if it did not affect the EndpointMap
parameter (which is effectively a public interface, since it may be
overridden in an environment file). No configuration should end up with
different ports/protocols/hosts for Keystone v2 and v3, and somebody
customising them should not have to account for them separately. Nor
should things break when the need to distinguish between v2 and v3
endpoints goes away.
This change removes the KeystoneV3* keys from the EndpointMap input and
uses the Keystone* keys instead, so that any change to the internal
organisation becomes transparent to the user.
Change-Id: If4cdd9232f4dbc9f2af651bbdfe68f09dc26ed2e
|
|
|
|
Ceilometer Alarm is deprecated in Liberty by Aodh.
This patch:
* manage Aodh Keystone resources
* deploy Aodh API under WSGI, Notifier, Listener and Evaluator
* manage new parameters to customize Aodh deployment
* uses ceilometer DB for the upgrade path
* pacemaker config
* Add migration logic to remove pcs resources
Depends-On: I5333faa72e52d2aa2a622ac2d4b60825aadc52b5
Depends-On: Ib6c9c4c35da3fb55e0ca8e2d5a58ebaf4204d792
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Change-Id: Ib47a22884afb032ebc1655e1a4a06bfe70249134
|
|
We don't need an endpoint for the glance-registry service, that is
used by glance-api when needed and is not meant to be user-facing.
Change-Id: Ia6c9dd6164d3b91adbc937d70fa74d5fbbfb28a3
|
|
A couple of new endpoints have been added, and if they're not in
the configured value for EndpointMap it will cause problems.
Sahara is not added as ssl-enabled because I don't believe it has
been added to the loadbalancer yet.
Note that there is work underway to CI overcloud SSL, which should
catch problems like this in the future.
Change-Id: Ia8a106fd94da7be8675ea84f5fbb9ac959771d10
|
|
This just a revert to see if reverting this gets back to a normal CI run time.
This reverts commit f72aed85594f223b6f888e6d0af3c880ea581a66.
Change-Id: I04a0893f6cf69f547a4db26261005e580e1fc90b
|
|
Ceilometer Alarm is deprecated in Liberty by Aodh.
This patch:
* manage Aodh Keystone resources
* deploy Aodh API under WSGI, Notifier, Listener and Evaluator
* manage new parameters to customize Aodh deployment
* uses ceilometer DB for the upgrade path
* pacemaker config
Depends-On: I9e34485285829884d9c954b804e3bdd5d6e31635
Depends-On: I891985da9248a88c6ce2df1dd186881f582605ee
Depends-On: Ied8ba5985f43a5c5b3be5b35a091aef6ed86572f
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com>
Change-Id: I58d419173e80d2462accf7324c987c71420fd5f6
|
|
Right now our vncproxy settings are hard-coded to http and the
non-ssl port. This change adds a vncproxy entry to the endpoint
map and uses those values to configure the proxy correctly on
compute nodes. This is sufficient to get it working in my
environment with ssl enabled.
Change-Id: I9d69b088eef4700959b33c7e0eb44932949d7b71
|
|
If there is a value for the certificate path (which should only happen
if the environment for enabling TLS is used) then the loadbalancer will
detect it and configure it's front ends correctly. On the other hand
a proper override for the example environment was given, since this
will be needed because we want to pass the hosts and protocols
correctly so the tripleoclient will catch it and pass it to
os-cloud-config
Change-Id: Ifba51495f0c99398291cfd29d10c04ec33b8fc34
Depends-On: Ie2428093b270ab8bc19fcb2130bb16a41ca0ce09
|
|
This is a first implementation of adding TLS termination to the load
balancer in the controllers. The implementation was made so that the
appropriate certificate/private key in PEM format is copied to the
appropriate controller(s) via a software deployment resource.
And the path is then referenced on the HAProxy configuration, but this
part was left commented out because we need to be able to configure the
keystone endpoints in order for this to work properly.
Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79
|
Jenkins
Ben Nemec
Juan Antonio Osorio Robles
Steven Hardy
Ryan Hefner
Imre Farkas
Giulio Fidente
Emilien Macchi
Dan Prince
Pradeep Kilambi
Zane Bitter
James Slagle