summaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2017-11-04Merge "mysql: expose IPv6 configuration to mysql puppet modules" into ↵Zuul1-0/+2
stable/pike
2017-10-31Fix standalone ControllerOpenstack varsAlex Schultz1-6/+6
As we've moved to more dynamic generation of variables, the correct variable names are *ControllerOpenstack* not *Controller* for the example standalone environment. Change-Id: Iaa39de9d8794a856e76cc9995d046484632cf604 Closes-Bug: #1721877 (cherry picked from commit 536d1c4af59dc22164666be5cb1826115fdfdeb9)
2017-10-23Disable SwiftDispersion when using dockerMichele Baldessari1-0/+2
We currently have the following in the registry: OS::TripleO::Services::SwiftDispersion: puppet/services/swift-dispersion.yaml Since this service is included by default in the Controller role it will be installed on the host even on a containerized deployment. Let's noop this in docker.yaml until a containerized version of it gets merged. Change-Id: Ic2793d0cfb7b20f4661cb1a45793cae67a4868b4 Closes-Bug: #1723788 (cherry picked from commit 0c8ba9651734a0e6180ca443c87c8c8ca5169d6c)
2017-10-17Remove Heat Cloudwatch API during upgrade and disable by defaultmarios1-0/+2
This adds a heat-api-cloudwatch-disabled.yaml and wires it up in the resource registry. During the Ocata to Pike upgrade this service will thus be stopped and disabled by default. If you wish to keep the Heat Cloudwatch API then you should instead use the provided heat-api-cloudwatch.yaml environment file. Change-Id: I3f90a9799b90ca365f675f593371c1d3701fede6 Related-Bug: 1713531 (cherry picked from commit 4d21451666f2dd7a8935da3a7166a9afc2ccd6bd)
2017-10-16mysql: expose IPv6 configuration to mysql puppet modulesDamien Ciabrini1-0/+2
When deploying on IPv6 networks, set a hiera key that can be consumed by puppet modules to configure MySQL or Galera appropriately. Currently, this is required for configuring SST encryption in Galera when Internal TLS is enabled [1]. [1] I1d6ee8febb596b3ab9dcde3a85a028ee99b2798c Change-Id: Ia857350ac451fc1bda6659d85019962d3a9d5617 Partial-Bug: #1719885 (cherry picked from commit ff0a0dd987f4bcb997b271572ff0c901ed71d99b)
2017-10-09Remove package if service stopped and disabledmarios2-0/+2
Adds a UpgradeRemoveUnusedPackages param to use in the ansible when conditional for the removal Adds package removal to step2 right after a service is stopped and disabled on step2. Package updates happen in step3 so ideally remove before that. The package removal task has ignore_errors true so dependencies or other issue removing packages will not fail the upgrade workflow. Also adds this to the upgrade environment files for visibility and defaulting false Change-Id: Ie4e4a2d41f7752c5a13507a7c15c6f68e203cfca Related-Bug: 1701501 (cherry picked from commit ce0ef2fa207698c1ae61c1620fe3c5e8d1c7bfca)
2017-10-09Containerized Fluentd clientJuan Badia Payno1-0/+2
Change-Id: Ia350e4899aa499cf27efffd9d2243e7e95fa1d65 Depends-On: I60796063fa9ebe0d98030fb982d22dabe2593ea0 Depends-On: I585b6877074353b5de62e5efaabfbe62432c473d (cherry picked from commit f37fe4f903f429b43d22b485c29547f576ec7269)
2017-10-07Merge "Remove extra noop.yaml ports from network-isolation files." into ↵Jenkins2-6/+4
stable/pike
2017-10-07Merge "Support for Ocata-Pike live-migration over ssh" into stable/pikeJenkins6-0/+6
2017-10-07Merge "Update panko port in env ssl yaml files to correct one" into stable/pikeJenkins3-9/+9
2017-10-07Merge "Drop extraconfig for nova-nuage" into stable/pikeJenkins1-2/+1
2017-10-07Remove extra noop.yaml ports from network-isolation files.Dan Sneddon2-6/+4
The environments/network-isolation[-v6].yaml files have an unneeded reference to network/ports/noop.yaml for unused networks. This introduces a regression where environment files that define the networks and ports on a per-role basis can cancel out other environment files. See bug # 1717322. The overcloud-resource-registry.j2.yaml already uses noop.yaml for every network on every role (whether or not the networks are enabled, or whether the particular network is supposed to be on a role. So having noop.yaml specified for every role in network-isolation[-v6].yaml is not needed and can cause issues with upgrades if the environments are not included in a specific order. Change-Id: If06407e5235587af090ede44674bf9c7e08e340e Closes-bug: 1717322 (cherry picked from commit 9b08df3733257ac0fbc150a4071aec051e073ef7)
2017-10-07Support for Ocata-Pike live-migration over sshOliver Walsh6-0/+6
In Ocata all live-migration over ssh is performed on the default ssh port (22). In Pike the containerized live-migration over ssh is on port 2022 as the docker host's sshd is using port 22. To allow live migration during upgrade we need to temporarily pin the Pike computes to port 22 and in the final converge we can switch over to port 2022. This also changes the default port to 2022 for baremetal computes in Pike to enable live-migration between baremetal and containerized computes. Change-Id: Icb9bfdd9a99dc1dce28eb95c50a9a36bffa621b1 Depends-On: I0b80b81711f683be539939e7d084365ff63546d3 Closes-Bug: 1714171 (cherry picked from commit 17fd16b9f266e1aa67bf03ebdf309e89d668ada2)
2017-09-27Merge "Add a lightweight UC template/role data for deployed-servers" into ↵Jenkins1-0/+29
stable/pike
2017-09-25Merge "Fix issue where 2 Redis VIPs are assigned, but only one used." into ↵Jenkins1-3/+0
stable/pike
2017-09-22Fix issue where 2 Redis VIPs are assigned, but only one used.Dan Sneddon1-3/+0
There is an extra RedisVipPort defined in network-isolation.j2.yaml which is unused. This will waste an IP address, and can lead to confusion if there are multiple ports named RedisVipPort. This patch removes the extra (unneeded) instance of the VIP. Change-Id: I222873859af1b4ed1050cfffe55687b2f8d4c528 Closes-bug: 1717017 (cherry picked from commit f543752da6e1df3537ffa68d86806e11ac380375)
2017-09-22Fixed resource registry path in neutron-lbaasv2.yamlAneesh Puttur1-1/+1
Change-Id: Icb58d47a3911e83e2650b2c74b33eae522c84651 Closes-Bug: #1718451 (cherry picked from commit edc02b3352d53bdf460a495f689db55944eab432)
2017-09-21Create network-isolation-no-tunneling.yaml using jinja2Antoni Segura Puimedon2-61/+34
The existing network-isolation-no-tunneling.yaml contains references to missing files. This patch generates the file with jinja to include custom networks and make it work with composable networks. Closes-Bug: #1718797 Change-Id: Ibcab2f6b5ac880a6b3d7dd5126bd24facfa17322 Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com> Co-authored-by: Dan Sneddon <dsneddon@redhat.com> (cherry picked from commit 47185342bdd247a2e2735ef96c777ecec663086d)
2017-09-20Update panko port in env ssl yaml files to correct onePradeep Kilambi3-9/+9
Change-Id: Iafe17a91c4695e442881e6fe813a6499f812f4b4 (cherry picked from commit 96667edee266bf2a64f7c8e2488c0eba105eaa8f)
2017-09-14Make nova patching parameters configurable in NuageLokesh Jain1-0/+2
Nova patching parameters are available in nova.conf but are not configurable from tripleo-heat-templates. Exposing these parameters from Nuage composable services to make them configurable. It enables setting the patching parameters in environment files. This change depends on the addition of nova patching configuration parameters. Change-Id: Iacad25da044f2bac83ee5f577ddcd70650eb61e5 Depends-On: I51ef3e19daff1d98cfe5c2c16475c16e6a3e3e0f (cherry picked from commit f0041153eca8d82bb7f72dc68676cab8448ef037)
2017-09-12Drop extraconfig for nova-nuageVineet Paul1-2/+1
Made the Compute as a composable service with Nuage. Moved all the Nuage specific parameters from extraconfig to be part of this service. Change-Id: Ic83e9c18d09fbba62bb5d8a12e28a23127f4197d (cherry picked from commit 4b1276b8f6fec22ac3764d58c4ef647535c85cb9)
2017-09-11Merge "Add Neutron SR-IOV agent container" into stable/pikeJenkins4-13/+19
2017-09-08Disables QoS with OpenDaylight deploymentsItzik Brown4-1/+5
QoS is not fully supported and fails to load correctly with networking-odl. Therefore disabling it from Neutron extension drivers until we have it fully working. Change-Id: I89aa3628c1400305f9659f5c0c99942a7fa7d19e Closes-Bug: 1708131 (cherry picked from commit cfd0d185a93ac2922e233e268a32c3574bee37bf)
2017-09-07Merge "Add CephExternal role for ceph-ansible" into stable/pikeJenkins2-0/+31
2017-09-07Merge "Support HA for OVN DBs containers using pacemaker bundle" into ↵Jenkins1-0/+28
stable/pike
2017-09-07Add Neutron SR-IOV agent containerBrent Eagles4-13/+19
This patch adds support for running the neutron SR-IOV agent in a container. Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935 Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec Closes-Bug: #1715388 Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9 (cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)
2017-09-07Add CephExternal role for ceph-ansibleGiulio Fidente2-0/+31
Previously it was only possible to configure the overcloud with an external Ceph cluster via puppet-ceph-external. This submission adds a CephExternal implementation which uses ceph-ansible. Change-Id: Id0d375f88e27e91e9d89f25a0cd7388b6e45df8b Depends-On: Ifc57c9cf6ca8017a2abc78d6320c0675ad49ca9f Closes-Bug: #1714271 (cherry picked from commit 01e55c314de74579196518d958bf5be30e390409)
2017-09-07Add support for deploying RGW with ceph-ansibleKeith Schincke1-0/+5
This patch allows usage of ceph-ansible to configure the RGW service in the overcloud. Still uses puppet-keystone to create the necessary user and endpoint in the catalog. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Iafa17bb64c54e40350b2ba7d76dea3d82fcab0e4 (cherry picked from commit 5b3cd1dcacff408bcb482bdea6cded8755a39ebb)
2017-09-07Merge "Containerized mongodb, disable by default, fix upgrade" into stable/pikeJenkins1-1/+0
2017-09-06Add param to configure snat mechanismJanki Chhatbar1-0/+1
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726 Closes-Bug: #1710614 (cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
2017-09-06Containerized mongodb, disable by default, fix upgradeSteve Baker1-1/+0
This change removes the entry to containerise docker by default because it should now be disabled since the change Id2e6550fb7c319fc52469644ea022cf35757e0ce. Removing the entry means the default mapping to mongodb-disabled.yaml takes effect. This change also modifies the upgrade_tasks so that the mongod service is only disabled when the service exists. There appears to be upgrade scenarios which fail because mongodb was never installed in the first place. Change-Id: Ie09ce2a52128eef157e4d768c1c4776fc49f2324 Closes-Bug: #1715031 (cherry picked from commit cb81cbe3b5f3887f5d690c590e52b728f74d43c3)
2017-09-05Add support for Dell EMC Isilon Manila backendrajinir2-0/+18
This change adds support for manila::backend::dellemc_isilon Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd Implements: blueprint dellemc-isilon-manila (cherry picked from commit f6c9906d51fb3268b7a7d61d53181ab5d3c0d2ec)
2017-09-05Add support for Dell EMC VMAX Manila Backendrajinir2-0/+20
This change adds support for manila::backend::dellemc_vmax Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b Implements: blueprint dellemc-vmax-manila (cherry picked from commit 04daabdc8414e4435dc4cd3ccfea9a62b5631261)
2017-09-02Add support for Dell EMC VMAX ISCSI Backendrajinir1-0/+9
This change adds a new define for cinder::backend::dellemc_vmax_iscsi Change-Id: I7c685e0a3186da138964f17b487fb0c3533f58c7 Implements: blueprint dellemc-vmax-isci (cherry picked from commit c77189905525c6fe834e001f2231b9eab788cd01)
2017-09-02Convert enable-internal-tls.yaml to be generatedBen Nemec2-0/+40
All of the other SSL environments were converted, but this one was missed. That's an inconsistent user experience and should be cleaned up. This environment also exposed a bug in the tool where it did not include the parameter_defaults section key if all the parameters were marked static. Change-Id: I19bc422c22b9f60f781e696ce703b026dc317786 Closes-Bug: 1713761 (cherry picked from commit 7c06db3d1c384773c4abccbce450c259f75e5e4a)
2017-09-01Merge "Remove ipv6 specific network templates" into stable/pikeJenkins1-0/+60
2017-09-01Merge "Add storage backends env files for containerized deployment" into ↵Jenkins2-0/+52
stable/pike
2017-09-01Remove ipv6 specific network templatesDan Sneddon1-0/+60
This change renders the IPv6 versions of the isolated networks using j2. To allow for backward compatibility, there will be 2 versions of the network definitions, <network>.yaml and <network>_v6.yaml. If the ip_subnet contains an IPv6 address, or if ipv6: true is set on the network definition in network_data.yaml, then the <network>.yaml version will contain an IPv6 definition, otherwise the <network>.yaml will be IPv4, and the <network>_v6.yaml will be IPv6. In a future follow-up patch, we will probably only create the required versions of the networks, either IPv4, IPv6, not both. The ipv6_subnet, ipv6_allocation_pools, and ipv6_gateway settings in the network_data.yaml definition file are used for the <network>_v6.yaml network definition. Note that these subnet/cidr/gateway definitions only set the defaults, which can be overridden with parameters set in an environment file. Since the parameters for IP and subnet range are the same (e.g. InternalApiNetCidr applies to both IPv4/v6), only one version can be used at a time. If an operator wishes to use dual-stack IPv4/IPv6, then two different networks should be created, and both networks can be applied to a single interface. Note that the workflow for the operator is the same as before this change, but a new example template has been added to environments/network-environment-v6.yaml. Change-Id: I0e674e4b1e43786717ae6416571dde3a0e11a5cc Partially-Implements: blueprint composable-networks Closes-bug: 1714115 (cherry picked from commit dd299f08bd6b1df43760148d83ce9b6e09ba6572)
2017-09-01Add storage backends env files for containerized deploymentVictoria Martinez de la Cruz2-0/+52
A storage backend has to be selected when deploying manila, otherwise the manila-share service will fail to start. For this, we have some environment files specifying the configuration for different storage backends. We need a dockerized version for this environment files. In this patch set we add those environment files. Change-Id: I9886016b02bec26699af1f8165d7b0702dfe8b9b Partial-Bug: #1668922 (cherry picked from commit d7d54594410f60ea6ebf1301048d95f64c66f645)
2017-09-01Update generated ssl environmentsBen Nemec1-1/+0
These were edited manually and the input file was not updated, which is causing problems when trying to generate new/updated envs. Change-Id: Ia2e53e52361e35d94e2dedf9b8885498693bc2e0 Partial-Bug: 1713761 (cherry picked from commit 406b1982ba530abdd6c629780130851e8e335ae8)
2017-08-31Add a lightweight UC template/role data for deployed-serversBogdan Dobrelya1-0/+29
Allows to deploy the minimal UC services capable to install overcloud on pre-provisioned deployed servers. Zaqar is configured to be mongo-less. Follows up the filtered prepare images command changes https://review.openstack.org/#/q/topic:bug/1710992 Related-bug: #1693448 Change-Id: I26cbeb7ce5fd07ffdc2e22da91777316b7de6294 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-08-31Support HA for OVN DBs containers using pacemaker bundleNuman Siddique1-0/+28
ovn-dbs pacemaker bundle resources are created for supporting Master/Slave HA. puppet-tripleo already supports creating ovn-dbs bundle resources. The heat template added in this patch makes use of this. Closes-bug: #1699085 Change-Id: I23c2d312cfb144f9afc14f0982a92670dc29d74c (cherry picked from commit 444a39f5983e71e3222b6b7f8f523fce60aeece7)
2017-08-31Remove hard-coded image referenceJanki Chhatbar1-2/+0
This patch removes hard-coded reference to ODL related images. Logic is implemented in TripleO-common to render images based on the environment file specified. Change-Id: I9a11072f98e1245dc32d27d0b0e9bc6e9e19399f Partial-Bug: #1713685 (cherry picked from commit 21a6b66c8bb5377bc1391e3f582467de7f7b5562)
2017-08-31Merge "Add support for Dell EMC VNX Manila Backend" into stable/pikeJenkins2-0/+19
2017-08-31Merge "Add support for Dell EMC Unity Manila Backend" into stable/pikeJenkins2-0/+18
2017-08-30Add support for Dell EMC VNX Manila Backendrajinir2-0/+19
This change adds support for manila::backend::dellemc_vnx Change-Id: I5fa5c2d6956429d1b9c12a5af6d4a887ed0624d9 Implements: blueprint dellemc-vnx-manila (cherry picked from commit a3debcfa8b2cbb3acaba292e082b0a3b0ee8ef54)
2017-08-30Add support for Dell EMC Unity Manila Backendrajinir2-0/+18
This change adds support for manila::backend::dellemc_unity Change-Id: Idec67d190b12359e8e6f1c157577088fa84ef41d Implements: blueprint dellemc-unity-manila (cherry picked from commit c5ee7b7714c712807f33ca1645186d33103a2264)
2017-08-30container ovs-agent, ensure br-ex existsSteve Baker1-2/+2
Currently the container neutron-ovs-agent is stuck in a restart loop in many environments because the bridge br-ex is missing. This bridge is created by running the puppet class neutron::agents::ml2::ovs but limiting that run to tag neutron::plugins::ovs::bridge. The hiera neutron::agents::ml2::ovs::bridge_mappings should already exists to create the bridge with the required settings. This change should ensure br-ex exists after step 3. Since br-ex is created regardless of the chosen network config, environments/docker-network.yaml is not longer required. It can be deleted once there are no more references to it in CI and documentation. Change-Id: Ie425148b0ad0f38e149c5fa0a97d98ec35d0a5bb Closes-Bug: #1699261 Closes-Bug: #1691403 Closes-Bug: #1689556 (cherry picked from commit 76f130d6e8f7434433b2602af9794f1e9c742e1f)
2017-08-28Support deploying OVN as container servicesNuman Siddique1-0/+27
This patch adds the support to containerize OVN services for the base profile. OVN db servers do not support active-active mode yet. It does support master-slave mode supported through pacemaker, which will be supported in a later patch. Presently the tripleo container framework doesn't allow to start a container in only controller 0 (or bootstrap node). OVN db servers and ovn-northd are started on all the controllers, but only the OVN db servers running in the boot strap controller are configured to listen on the tcp ports 6641 and 6642. OVN neutron mechanism driver and ovn-controller's use the ovn_dbs_vip to connect to the OVN db servers. Haproxy configures all the controllers as back ends, but only OVN db servers running on controller 0 respond since only they are configured properly. The OVN containers running on other controller nodes do not interact any way, but are wasteful resources. This patch also adds the scenario007-multinode-containers CI template. Partial-bug: #1699085 Change-Id: I98b85191cc1fd8c2b166924044d704e79a4c4c8a (cherry picked from commit e7cd03d2f0fcd8e3069246ced94f1a83869b8bea)
2017-08-24Merge "Docker: Enable TLS in the internal network for libvirt"Jenkins1-0/+5