aboutsummaryrefslogtreecommitdiffstats
path: root/environments/hyperconverged-ceph.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-04-06Adds service for managing securettylhinds1-0/+1
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7 Partial-Bug: #1665042 Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
2017-03-13Add certmonger-user profileJuan Antonio Osorio Robles1-0/+1
This profile will request the certificates for the services on the node. So with this, we will remove the requesting of these certs on the services' profiles themselves. The reasoning for this is that for a containerized environment, the containers won't have credentials to the CA while the baremetal node does. So, with this, we will have this profile that still gets executed in the baremetal nodes, and we can subsequently pass the requested certificates by bind-mounting them on the containers. On the other hand, this approach still works well for the TLS-everywhere case when the services are running on baremetal. Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6 Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
2017-02-28Align hyperconverged-ceph.yaml environment and adds some validationGiulio Fidente1-0/+2
Until bug #1635409 is fixed we'll have to keep the default list of services deployed by hyperconverged-ceph.yaml in sync with the ServicesDefault list provided in roles_data.yaml This change adds some logic in the templates validation script to ensure that is preserved with future updates. Change-Id: Ib767f9a24c3541b16f96bd6b6455cf797113fbd8
2017-02-16Align HCI environment file with list of services from roles_dataGiulio Fidente1-0/+3
Until we get bug #1635409 fixed we'll have to keep the two lists in sync. Change-Id: Ifd996bd4c95f901f242696b37e179073be6334d0 Related-Bug: #1635409
2016-11-27Stop using puppet to configure VIPs in /etc/hostsDan Prince1-2/+1
This patch drops use of the vip-hosts.yaml service which can cause issues during deployment because puppet 'hosts' resources overwrite the data in /etc/hosts. The only reason things seem to work at all at the moment is because our hosts element in t-i-e runs on each os-refresh-config iteration and re-adds the dropped hosts entries. To work around the issue we add a conditional which selectively adds the extra hosts entries only if the AddVipsToEtcHosts is set to true. Closes-bug: 1645123 Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
2016-11-25Provide full list of services for Compute role in HCI scenarioGiulio Fidente1-4/+22
Until bug #1635409 is fixed, we can provide the full list of services needed on the Compute role, plus CephOSD, in the hyperconverged-ceph environment file, preserving the user experience. Change-Id: I42409bc098c740759b378969526e13efaf002d3c Related-Bug: #1635409
2016-09-23Activate StorageMgmtPort on computes in HCI environmentGiulio Fidente1-5/+4
Change-Id: If4d3b186d1d943ca6fad46427fb3b35699cdfc90
2016-08-29Add hyperconverged-ceph environment to include CephOSD on computesGiulio Fidente1-0/+12
This would be useful to test Ceph in CI without a dedicated OSD node. Change-Id: Ie534d327a9418b6119f5811ee62d448795879fb0