summaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2017-03-27Apache: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ia7ee632383542ac012c20448ff1b4435004e57e3
2017-03-27Rabbitmq: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ic25f84a81aefef91b3ab8db2bc864853ee82c8aa
2017-03-26Merge "Remove unnecesary code to enable panko-api"Jenkins1-2/+0
2017-03-20Merge "Containerize panko api service"Jenkins1-1/+1
2017-03-18Merge "Add certmonger-user profile"Jenkins3-0/+12
2017-03-17Containerize panko api serviceFlavio Percoco1-1/+1
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Closes-bug: #1668918 Change-Id: Ie1ebd25965bd2dbad2a22161da0022bad0b9e554
2017-03-13Containerize gnocchi servicesPradeep Kilambi1-0/+3
Closes-bug: #1668928 Change-Id: I291df31be97c3d55cddb3924482aa5976a79c2b1
2017-03-13Merge "Containerize Aodh alarm services"Jenkins1-0/+5
2017-03-13Add certmonger-user profileJuan Antonio Osorio Robles3-0/+12
This profile will request the certificates for the services on the node. So with this, we will remove the requesting of these certs on the services' profiles themselves. The reasoning for this is that for a containerized environment, the containers won't have credentials to the CA while the baremetal node does. So, with this, we will have this profile that still gets executed in the baremetal nodes, and we can subsequently pass the requested certificates by bind-mounting them on the containers. On the other hand, this approach still works well for the TLS-everywhere case when the services are running on baremetal. Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6 Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
2017-03-13Remove unnecesary code to enable panko-apiCarlos Camacho1-2/+0
We are already enabling panko-api by default `https://github.com/openstack/tripleo-heat-templates/blob/34c46241cda3be567017943560d218ced3bbdc03/overcloud-resource-registry-puppet.j2.yaml#L226` so there is no need to have the environment file or the resource in the ci environment template. Change-Id: I6af6e2196a77320c8d3b5914d161a795b007151a
2017-03-13Merge "Move zaqar into services-docker"Jenkins2-2/+2
2017-03-11Merge "Add BGPVPN composable service"Jenkins1-0/+16
2017-03-10Merge "Move mistral into services-docker"Jenkins2-3/+4
2017-03-10Merge "Move ironic into services-docker"Jenkins2-4/+5
2017-03-10Containerize Aodh alarm servicesPradeep Kilambi1-0/+5
Closes-bug: #1668930 Change-Id: If5dff4388b255373083e164a74aaacd529a94111
2017-03-10Add BGPVPN composable serviceRicardo Noriega1-0/+16
This project aims at supporting inter-connection between L3VPNs and Neutron resources, i.e. Networks, Routers and Ports. Partially-Implements: blueprint bgpvpn-service-integration Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876 Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442 Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-03-09Merge "Pass hieradata for internal TLS for RabbitMQ"Jenkins1-0/+3
2017-03-09Pass hieradata for internal TLS for RabbitMQJuan Antonio Osorio Robles1-0/+3
As with other services, this passes the necessary hieradata to enable TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo) that there will only be TLS connections, as the ssl_only option is being used. bp tls-via-certmonger Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5 Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
2017-03-08Move zaqar into services-dockerDan Prince2-2/+2
This patch moves enabling Zaqar docker services into a separate environment in the environments/services-docker directory. Change-Id: I6755eb7ae2abb2b9c8b213ff6fd21b0392353ef5
2017-03-08Move mistral into services-dockerDan Prince2-3/+4
This patch moves enabling Mistral docker services into a separate environment in the environments/services-docker directory. Change-Id: I8b484532de5f5d61fc0240defbc5fc27789a1279
2017-03-08Move ironic into services-dockerDan Prince2-4/+5
This patch moves enabling Ironic docker services into a separate environment in the environments/services-docker directory. Change-Id: I236de47d422b3563a0192359f2327610fc1714ca
2017-03-08Enable Docker service for Compute roleMartin André1-0/+3
A recent commit [1] change how docker is installed and configured on the overcloud nodes, from a cloud-init script to a proper puppet profile in puppet-tripleo but forgot to enable the docker service on the compute nodes. [1] Ia50169819cb959025866348b11337728f8ed5c9e Change-Id: I202723d0e48f110e5b0dbfe3dcf6646da9f37948
2017-03-07Merge "Enable keystone cadf notifications"Jenkins1-0/+2
2017-03-06Enable keystone cadf notificationsYolanda Robla1-0/+2
It will allow to configure keystone event notifications using CADF, as documented on: https://docs.openstack.org/developer/keystone/event_notifications.html CADF events provide auditing capabilities for compliance with security. Change-Id: Id16b264c295b9e3adbf960366ff8328ba8dcd485
2017-03-06Enable composable upgrades for docker service templatesSteven Hardy3-1/+23
This aligns the docker based services with the new composable upgrades architecture we landed for ocata, and does a first-pass adding upgrade_tasks for the services (these may change, atm we only disable the service on the host). To run the upgrade workflow you basically do two steps: openstack overcloud deploy --templates \ -e environments/major-upgrade-composable-steps-docker.yaml This will run the ansible upgrade steps we define via upgrade_tasks then run the normal docker PostDeploySteps to bring up the containers. For the puppet workflow there's then an operator driven step where compute nodes (and potentially storage nodes) are upgrades in batches and finally you do: openstack overcloud deploy --templates \ -e environments/major-upgrade-converge-docker.yaml In the puppet case this re-applies puppet to unpin the nova RPC API so I guess it'll restart the nova containers this affects but otherwise will be a no-op (we also disable the ansible steps at this point. Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1 Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
2017-03-01Containerize neutron-l3 agentJohn Trowbridge1-0/+1
This allows to run a containerized neutron on the overcloud. Co-Authored-By: Martin André <m.andre@redhat.com> Depends-On: Iaf6536b1c4d0b2b118af92295136378cdfeee9d1 Change-Id: I86a12248d4f28f4dbe7708be928bcd8a45968d01
2017-02-28Align hyperconverged-ceph.yaml environment and adds some validationGiulio Fidente1-0/+2
Until bug #1635409 is fixed we'll have to keep the default list of services deployed by hyperconverged-ceph.yaml in sync with the ServicesDefault list provided in roles_data.yaml This change adds some logic in the templates validation script to ensure that is preserved with future updates. Change-Id: Ib767f9a24c3541b16f96bd6b6455cf797113fbd8
2017-02-27Merge "Add VPP composable service"Jenkins1-0/+9
2017-02-27Merge "Make heat max_json_body_size configurable"Jenkins1-0/+1
2017-02-27Merge "Enable docker for all roles"Jenkins1-1/+1
2017-02-26Add VPP composable serviceFeng Pan1-0/+9
Vector Packet Processing (VPP) is a high performance packet processing stack that runs in user space in Linux. VPP is used as an alternative to kernel networking stack for accelerated network data path. This patch adds VPP as a composable service. Note that NIC binding related configs for VPP are handled in os-net-config. Depends-on: I70a68a204a8b9d533fc2fa4fc33c39c3b1c366bf Change-Id: I5e4b1903dc87cb16259eeb05db585678acadbc6b Implements: blueprint fdio-integration-tripleo
2017-02-25Install openstack-heat-agents on upgradeMarius Cornea1-1/+1
This package wasn't installed in the Newton image and we need to install it during upgrade to be able to skip preupgrade validations. Change-Id: If6ee7a3801756ac445ae35534803eab175ad8e40 Closes-Bug: 1667967
2017-02-24Enable docker for all rolesMartin André1-1/+1
A recent patch enabled a few containerized services on the Controller node. We need to enable docker for all the roles. Change-Id: I99fc0c2d29db3514a439b717d14367ad2252e450
2017-02-24Merge "Align HCI environment file with list of services from roles_data"Jenkins1-0/+3
2017-02-24Make heat max_json_body_size configurableDan Prince1-0/+1
We need to bump this a bit for the overcloud containers jobs. This patch makes it configurable and increases the size for the undercloud. Related-bug: #1667697 Change-Id: I79319f051747b381f5fa36f8a7fc7f31020bc245
2017-02-23Merge "neutron: don't set external_network_bridge option by default"Jenkins8-40/+0
2017-02-22Merge "Enable docker services in the registry"Jenkins1-0/+30
2017-02-22Merge "Increase apache ServerLimit and workers to 100"Jenkins1-2/+2
2017-02-22Increase apache ServerLimit and workers to 100Sagi Shnaidman1-2/+2
Increase apache serverlimit and maxrequestworkers to 100 in low-memory-usage template. We have been reaching the limit with all the OpenStack services that we run in WSGI. Increasing the number will help us to promote packages in TripleO CI. Change-Id: I3f71f279a8dfaee9db5f5d1091ad079d9170de1f
2017-02-17Add environment for deployed-server with pacemakerJames Slagle1-0/+4
A new environment file to be used when using the deployed-server roles data at deployed-server/deployed-server-roles-data.yaml. This ensures the Pre and Post Puppet Tasks for the ControllerDeployedServer role are mapped to the stacks that handle maintenance mode and resource restarts for pacemaker on stack-update. Change-Id: I1ca52dfb3a3b669e128ebb0a28d9e36a1807faad Closes-Bug: #1665060
2017-02-17Merge "docker: new hybrid deployment architecture and configuration"Jenkins1-14/+5
2017-02-17Merge "Add Newton to Ocata UpgradeInitCommonCommand"Jenkins2-0/+12
2017-02-17Merge "Adds 'trunk' to ODL env service plugins"Jenkins1-1/+1
2017-02-16Align HCI environment file with list of services from roles_dataGiulio Fidente1-0/+3
Until we get bug #1635409 fixed we'll have to keep the two lists in sync. Change-Id: Ifd996bd4c95f901f242696b37e179073be6334d0 Related-Bug: #1635409
2017-02-16Add Newton to Ocata UpgradeInitCommonCommandmarios2-0/+12
This adds the UpgradeInitCommonCommand for newton..ocata common UpgradeInit commands. This comes before the ansible upgrade steps so we need to do things like remove the old newton hieradata and install the ansible-pacemaker module and ansible heat-agent plugin This defaults to '' and is set in the major-upgrade-composable-steps and unset in the major-upgrade-converge environment files. Change-Id: I0c7a32194c0069b63a501a913c17907b47c9cc16
2017-02-16Merge "Add major-upgrade-converge environment."Jenkins1-0/+6
2017-02-15Enable docker services in the registryDan Prince1-0/+30
This patch avoids conflicts when cherry picking docker services in our ad-hoc docker services patch series and enables them all at once. Change-Id: Ia4f7c8071d8b4f3c9a7d73173e9120eb1e79ce53
2017-02-15Merge "Add nova service support for composable upgrades"Jenkins1-0/+2
2017-02-15Add major-upgrade-converge environment.Steven Hardy1-0/+6
This is a generic replacement for the previous pacemaker named file that is designed to work with the new composable-steps upgrade. Change-Id: If5016b910931364a621b280465420d0bf2617895 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-02-15docker: new hybrid deployment architecture and configurationDan Prince1-14/+5
This patch implements a new docker deployment architecture that should us to install docker services in a stepwise manner alongside of baremetal puppet services. This works by using Yaql to select docker specific services (docker/services/*.yaml) vs the puppet specific ones and then applying the selected Json to relevant Heat software deployments for docker and baremetal puppet in a stepwise fashion. Additionally the new architecture leverages new composable services interfaces from Newton to allow configuration of per-service container configuration sets (directories that are bind mounted into kolla containers) by using the Kolla containers themselves. It does this by spinning up a throw away "configuration only" version of the container being configured itself, then running the puppet apply in that container and copying the generated config files into /var/lib/config-data. This avoids having to install all of the OpenStack dependency packages in the heat-agent-container itself (our previous approach) and should allow us to configure a much wider variety of container config files that would otherwise be impossible with the previous shared approach. The new approach (combined) should allow us to configure containers in both the undercloud and overcloud and incrementally add CI coverage to services as we containerize them. Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Change-Id: Ibcff99f03e6751fbf3197adefd5d344178b71fc2