summaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2017-03-28Allow to configure policy.json for OpenStack projectsEmilien Macchi1-0/+10
For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
2017-03-28Merge "Only set EnableConfigPurge on major upgrades"Jenkins4-0/+4
2017-03-28Merge "MySQL: Use conditional instead of nested stack for TLS-specific bits"Jenkins1-1/+0
2017-03-28Merge "Apache: Use conditional instead of nested stack for TLS-specific bits"Jenkins1-1/+0
2017-03-28Merge "Rabbitmq: Use conditional instead of nested stack for TLS-specific bits"Jenkins1-1/+0
2017-03-28Merge "Nic config mappings for deployed-server"Jenkins2-4/+11
2017-03-27MySQL: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ib7151d67982957369f7c139a3b01274a1a746c4a
2017-03-27Apache: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ia7ee632383542ac012c20448ff1b4435004e57e3
2017-03-27Rabbitmq: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ic25f84a81aefef91b3ab8db2bc864853ee82c8aa
2017-03-26Merge "Remove unnecesary code to enable panko-api"Jenkins1-2/+0
2017-03-22Nic config mappings for deployed-serverJames Slagle2-4/+11
Adds default nic config mappings when using the deployed-server custom roles data at deployed-server/deployed-server-roles-data.yaml. Previously there were no default mappings as the hardcoded mapping for the Controller role from overcloud-resource-registry-puppet.j2.yaml would not be used since there is no Controller role when using deployed-server. The default mapping is net-config-static.yaml instead of net-config-noop.yaml, since there is no requirement of a L2 domain for dhcp between undercloud and overcloud nodes when using deployed-server. The convenience mapping of ControllerDeployedServer to net-config-static-bridge.yaml is also added so that out of the box the roles with controller services will get the right bridge created. The mappings can always be overridden in later environment files if needed. Change-Id: I581fec99b459a12512686e47b10b962756652eb3 Closes-Bug: #1670493 Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab
2017-03-22Only set EnableConfigPurge on major upgradesSteven Hardy4-0/+4
Bug #1611800 fixed an upgrade issue by enabling purging configs for some services, but this causes issues such as longer updates and restarting services in the minor update case, so only do this for major upgrades, and default to false. Related-Bug: #1611800 Closes-Bug: #1674858 Change-Id: Iff7d715f6730c5633f1146008504b4309ef3133d
2017-03-20Merge "Containerize panko api service"Jenkins1-1/+1
2017-03-18Merge "Add certmonger-user profile"Jenkins3-0/+12
2017-03-17Containerize panko api serviceFlavio Percoco1-1/+1
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Closes-bug: #1668918 Change-Id: Ie1ebd25965bd2dbad2a22161da0022bad0b9e554
2017-03-13Containerize gnocchi servicesPradeep Kilambi1-0/+3
Closes-bug: #1668928 Change-Id: I291df31be97c3d55cddb3924482aa5976a79c2b1
2017-03-13Merge "Containerize Aodh alarm services"Jenkins1-0/+5
2017-03-13Add certmonger-user profileJuan Antonio Osorio Robles3-0/+12
This profile will request the certificates for the services on the node. So with this, we will remove the requesting of these certs on the services' profiles themselves. The reasoning for this is that for a containerized environment, the containers won't have credentials to the CA while the baremetal node does. So, with this, we will have this profile that still gets executed in the baremetal nodes, and we can subsequently pass the requested certificates by bind-mounting them on the containers. On the other hand, this approach still works well for the TLS-everywhere case when the services are running on baremetal. Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6 Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
2017-03-13Remove unnecesary code to enable panko-apiCarlos Camacho1-2/+0
We are already enabling panko-api by default `https://github.com/openstack/tripleo-heat-templates/blob/34c46241cda3be567017943560d218ced3bbdc03/overcloud-resource-registry-puppet.j2.yaml#L226` so there is no need to have the environment file or the resource in the ci environment template. Change-Id: I6af6e2196a77320c8d3b5914d161a795b007151a
2017-03-13Merge "Move zaqar into services-docker"Jenkins2-2/+2
2017-03-11Merge "Add BGPVPN composable service"Jenkins1-0/+16
2017-03-10Merge "Move mistral into services-docker"Jenkins2-3/+4
2017-03-10Merge "Move ironic into services-docker"Jenkins2-4/+5
2017-03-10Containerize Aodh alarm servicesPradeep Kilambi1-0/+5
Closes-bug: #1668930 Change-Id: If5dff4388b255373083e164a74aaacd529a94111
2017-03-10Add BGPVPN composable serviceRicardo Noriega1-0/+16
This project aims at supporting inter-connection between L3VPNs and Neutron resources, i.e. Networks, Routers and Ports. Partially-Implements: blueprint bgpvpn-service-integration Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876 Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442 Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-03-09Merge "Pass hieradata for internal TLS for RabbitMQ"Jenkins1-0/+3
2017-03-09Pass hieradata for internal TLS for RabbitMQJuan Antonio Osorio Robles1-0/+3
As with other services, this passes the necessary hieradata to enable TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo) that there will only be TLS connections, as the ssl_only option is being used. bp tls-via-certmonger Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5 Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
2017-03-08Move zaqar into services-dockerDan Prince2-2/+2
This patch moves enabling Zaqar docker services into a separate environment in the environments/services-docker directory. Change-Id: I6755eb7ae2abb2b9c8b213ff6fd21b0392353ef5
2017-03-08Move mistral into services-dockerDan Prince2-3/+4
This patch moves enabling Mistral docker services into a separate environment in the environments/services-docker directory. Change-Id: I8b484532de5f5d61fc0240defbc5fc27789a1279
2017-03-08Move ironic into services-dockerDan Prince2-4/+5
This patch moves enabling Ironic docker services into a separate environment in the environments/services-docker directory. Change-Id: I236de47d422b3563a0192359f2327610fc1714ca
2017-03-08Enable Docker service for Compute roleMartin André1-0/+3
A recent commit [1] change how docker is installed and configured on the overcloud nodes, from a cloud-init script to a proper puppet profile in puppet-tripleo but forgot to enable the docker service on the compute nodes. [1] Ia50169819cb959025866348b11337728f8ed5c9e Change-Id: I202723d0e48f110e5b0dbfe3dcf6646da9f37948
2017-03-07Merge "Enable keystone cadf notifications"Jenkins1-0/+2
2017-03-06Enable keystone cadf notificationsYolanda Robla1-0/+2
It will allow to configure keystone event notifications using CADF, as documented on: https://docs.openstack.org/developer/keystone/event_notifications.html CADF events provide auditing capabilities for compliance with security. Change-Id: Id16b264c295b9e3adbf960366ff8328ba8dcd485
2017-03-06Enable composable upgrades for docker service templatesSteven Hardy3-1/+23
This aligns the docker based services with the new composable upgrades architecture we landed for ocata, and does a first-pass adding upgrade_tasks for the services (these may change, atm we only disable the service on the host). To run the upgrade workflow you basically do two steps: openstack overcloud deploy --templates \ -e environments/major-upgrade-composable-steps-docker.yaml This will run the ansible upgrade steps we define via upgrade_tasks then run the normal docker PostDeploySteps to bring up the containers. For the puppet workflow there's then an operator driven step where compute nodes (and potentially storage nodes) are upgrades in batches and finally you do: openstack overcloud deploy --templates \ -e environments/major-upgrade-converge-docker.yaml In the puppet case this re-applies puppet to unpin the nova RPC API so I guess it'll restart the nova containers this affects but otherwise will be a no-op (we also disable the ansible steps at this point. Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1 Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
2017-03-01Containerize neutron-l3 agentJohn Trowbridge1-0/+1
This allows to run a containerized neutron on the overcloud. Co-Authored-By: Martin André <m.andre@redhat.com> Depends-On: Iaf6536b1c4d0b2b118af92295136378cdfeee9d1 Change-Id: I86a12248d4f28f4dbe7708be928bcd8a45968d01
2017-02-28Align hyperconverged-ceph.yaml environment and adds some validationGiulio Fidente1-0/+2
Until bug #1635409 is fixed we'll have to keep the default list of services deployed by hyperconverged-ceph.yaml in sync with the ServicesDefault list provided in roles_data.yaml This change adds some logic in the templates validation script to ensure that is preserved with future updates. Change-Id: Ib767f9a24c3541b16f96bd6b6455cf797113fbd8
2017-02-27Merge "Add VPP composable service"Jenkins1-0/+9
2017-02-27Merge "Make heat max_json_body_size configurable"Jenkins1-0/+1
2017-02-27Merge "Enable docker for all roles"Jenkins1-1/+1
2017-02-26Add VPP composable serviceFeng Pan1-0/+9
Vector Packet Processing (VPP) is a high performance packet processing stack that runs in user space in Linux. VPP is used as an alternative to kernel networking stack for accelerated network data path. This patch adds VPP as a composable service. Note that NIC binding related configs for VPP are handled in os-net-config. Depends-on: I70a68a204a8b9d533fc2fa4fc33c39c3b1c366bf Change-Id: I5e4b1903dc87cb16259eeb05db585678acadbc6b Implements: blueprint fdio-integration-tripleo
2017-02-25Install openstack-heat-agents on upgradeMarius Cornea1-1/+1
This package wasn't installed in the Newton image and we need to install it during upgrade to be able to skip preupgrade validations. Change-Id: If6ee7a3801756ac445ae35534803eab175ad8e40 Closes-Bug: 1667967
2017-02-24Enable docker for all rolesMartin André1-1/+1
A recent patch enabled a few containerized services on the Controller node. We need to enable docker for all the roles. Change-Id: I99fc0c2d29db3514a439b717d14367ad2252e450
2017-02-24Merge "Align HCI environment file with list of services from roles_data"Jenkins1-0/+3
2017-02-24Make heat max_json_body_size configurableDan Prince1-0/+1
We need to bump this a bit for the overcloud containers jobs. This patch makes it configurable and increases the size for the undercloud. Related-bug: #1667697 Change-Id: I79319f051747b381f5fa36f8a7fc7f31020bc245
2017-02-23Merge "neutron: don't set external_network_bridge option by default"Jenkins8-40/+0
2017-02-22Merge "Enable docker services in the registry"Jenkins1-0/+30
2017-02-22Merge "Increase apache ServerLimit and workers to 100"Jenkins1-2/+2
2017-02-22Increase apache ServerLimit and workers to 100Sagi Shnaidman1-2/+2
Increase apache serverlimit and maxrequestworkers to 100 in low-memory-usage template. We have been reaching the limit with all the OpenStack services that we run in WSGI. Increasing the number will help us to promote packages in TripleO CI. Change-Id: I3f71f279a8dfaee9db5f5d1091ad079d9170de1f
2017-02-17Add environment for deployed-server with pacemakerJames Slagle1-0/+4
A new environment file to be used when using the deployed-server roles data at deployed-server/deployed-server-roles-data.yaml. This ensures the Pre and Post Puppet Tasks for the ControllerDeployedServer role are mapped to the stacks that handle maintenance mode and resource restarts for pacemaker on stack-update. Change-Id: I1ca52dfb3a3b669e128ebb0a28d9e36a1807faad Closes-Bug: #1665060
2017-02-17Merge "docker: new hybrid deployment architecture and configuration"Jenkins1-14/+5