path: root/environments/hyperconverged-ceph.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-09-07Add Neutron SR-IOV agent containerBrent Eagles1-0/+1
This patch adds support for running the neutron SR-IOV agent in a container. Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935 Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec Closes-Bug: #1715388 Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9 (cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)
2017-08-21Add logrotate with crond serviceBogdan Dobrelya1-0/+1
Add a docker service template to provide containerized services logs rotation with a crond job. Add OS::TripleO::Services::LogrotateCrond to CI multinode-containers and to all environments among with generic services like Ntp or Kernel. Set it to OS::Heat::None for non containerized environments and only enable it to the environments/docker.yaml. Closes-bug: #1700912 Change-Id: Ic94373f0a0758e9959e1f896481780674437147d Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-07-27Add 'ovn-controller' serviceNuman Siddique1-0/+1
Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml) is started only on compute nodes. But for the cases where the controller nodes provide the north/south traffic, we need ovn-controller service runninng in controller nodes as well. This patch - Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more sense and sets the service name as 'ovn-controller'. - Adds the service 'ovn-controller' to Controller and Compute roles. - Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3 Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53 Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5
2017-07-25Adding Tuned ServiceJoe Talerico1-0/+1
Allow the user to set a specific Tuned profile on a given host. Defaults to throughput-performance Change-Id: I0c66193d2733b7a82ad44b1cd0d2187dd732065a
2017-07-23Add support for nova live/cold-migration with containersOliver Walsh1-0/+1
Updates hieradata for changes in https://review.openstack.org/471950. Creates a new service - NovaMigrationTarget. On baremetal this just configures live/cold-migration. On docker is includes a container running a second sshd services on an alternative port. Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd containers. Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427 Implements: blueprint tripleo-cold-migration Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12
2017-06-12Move iscsid to a containerDan Prince1-0/+1
This configures iscsid so that it runs as a container on relevant roles (undercloud, controller, compute, and volume). When the iscsid docker service is provision it will also run an ansible snippet that disables the iscsid.socket on the host OS thus disabling the hosts systemd from auto-starting iscsid as it normally does. Co-Authored-By: Jon Bernard <jobernar@redhat.com> Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
2017-05-25Add support for linuxbridge agentBartosz Stopa1-0/+1
Currently TripleO does not support LinuxBridge driver, setting NeutronMechanismDrivers to linuxbridge will not force ml2 plugin to use linuxbridge. This commit adds new environment file which replaces default ovs agent with linuxbridge on Compute and Controller nodes. Change-Id: I433b60a551c1eeb9d956df4d0ffb6eeffe980071 Closes-Bug: #1652211 Depends-On: Iae87dc7811bc28fe86db0c422c363eaed5e5285b Depends-On: Ie3ac03052f341c26735b423701e1decf7233d935
2017-04-10Add networking-vpp ML2 mechanism driver supportFeng Pan1-0/+1
Implements: blueprint fdio-integration-tripleo Change-Id: I412f7a887ca4b95bcf1314e8c54cb1e7d03b1e41 Signed-off-by: Feng Pan <fpan@redhat.com>
2017-04-07Merge "Add Docker service to all roles"Jenkins1-0/+1
2017-04-07Add Docker service to all rolesJiri Stransky1-0/+1
This will add the Docker service to all roles. Note that currently by default the Docker service is mapped to OS::Heat::None by default. It will only be deployed if environments/docker.yaml file is included in the deployment. Change-Id: I9d8348b7b6576b94c872781bc89fecb42075cde0 Related-Bug: #1680395
2017-04-06Adds service for managing securettylhinds1-0/+1
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7 Partial-Bug: #1665042 Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
2017-03-13Add certmonger-user profileJuan Antonio Osorio Robles1-0/+1
This profile will request the certificates for the services on the node. So with this, we will remove the requesting of these certs on the services' profiles themselves. The reasoning for this is that for a containerized environment, the containers won't have credentials to the CA while the baremetal node does. So, with this, we will have this profile that still gets executed in the baremetal nodes, and we can subsequently pass the requested certificates by bind-mounting them on the containers. On the other hand, this approach still works well for the TLS-everywhere case when the services are running on baremetal. Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6 Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
2017-02-28Align hyperconverged-ceph.yaml environment and adds some validationGiulio Fidente1-0/+2
Until bug #1635409 is fixed we'll have to keep the default list of services deployed by hyperconverged-ceph.yaml in sync with the ServicesDefault list provided in roles_data.yaml This change adds some logic in the templates validation script to ensure that is preserved with future updates. Change-Id: Ib767f9a24c3541b16f96bd6b6455cf797113fbd8
2017-02-16Align HCI environment file with list of services from roles_dataGiulio Fidente1-0/+3
Until we get bug #1635409 fixed we'll have to keep the two lists in sync. Change-Id: Ifd996bd4c95f901f242696b37e179073be6334d0 Related-Bug: #1635409
2016-11-27Stop using puppet to configure VIPs in /etc/hostsDan Prince1-2/+1
This patch drops use of the vip-hosts.yaml service which can cause issues during deployment because puppet 'hosts' resources overwrite the data in /etc/hosts. The only reason things seem to work at all at the moment is because our hosts element in t-i-e runs on each os-refresh-config iteration and re-adds the dropped hosts entries. To work around the issue we add a conditional which selectively adds the extra hosts entries only if the AddVipsToEtcHosts is set to true. Closes-bug: 1645123 Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
2016-11-25Provide full list of services for Compute role in HCI scenarioGiulio Fidente1-4/+22
Until bug #1635409 is fixed, we can provide the full list of services needed on the Compute role, plus CephOSD, in the hyperconverged-ceph environment file, preserving the user experience. Change-Id: I42409bc098c740759b378969526e13efaf002d3c Related-Bug: #1635409
2016-09-23Activate StorageMgmtPort on computes in HCI environmentGiulio Fidente1-5/+4
Change-Id: If4d3b186d1d943ca6fad46427fb3b35699cdfc90
2016-08-29Add hyperconverged-ceph environment to include CephOSD on computesGiulio Fidente1-0/+12
This would be useful to test Ceph in CI without a dedicated OSD node. Change-Id: Ie534d327a9418b6119f5811ee62d448795879fb0