summaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2017-08-28Support deploying OVN as container servicesNuman Siddique1-0/+27
This patch adds the support to containerize OVN services for the base profile. OVN db servers do not support active-active mode yet. It does support master-slave mode supported through pacemaker, which will be supported in a later patch. Presently the tripleo container framework doesn't allow to start a container in only controller 0 (or bootstrap node). OVN db servers and ovn-northd are started on all the controllers, but only the OVN db servers running in the boot strap controller are configured to listen on the tcp ports 6641 and 6642. OVN neutron mechanism driver and ovn-controller's use the ovn_dbs_vip to connect to the OVN db servers. Haproxy configures all the controllers as back ends, but only OVN db servers running on controller 0 respond since only they are configured properly. The OVN containers running on other controller nodes do not interact any way, but are wasteful resources. This patch also adds the scenario007-multinode-containers CI template. Partial-bug: #1699085 Change-Id: I98b85191cc1fd8c2b166924044d704e79a4c4c8a (cherry picked from commit e7cd03d2f0fcd8e3069246ced94f1a83869b8bea)
2017-08-24Merge "Docker: Enable TLS in the internal network for libvirt"Jenkins1-0/+5
2017-08-23Docker: Enable TLS in the internal network for libvirtJuan Antonio Osorio Robles1-0/+5
Bind mounts the necessary certs and keys to enable live migrations using TLS. bp tls-via-certmonger-containers Depends-On: I26a7748b37059ea37f460d8c70ef684cc41b16d3 Change-Id: I81efa85d916823f740bf320c88a248403743a45b
2017-08-22Merge "Zaqar: Match service name with service-net-map"Jenkins1-1/+1
2017-08-22Zaqar: Match service name with service-net-mapJuan Antonio Osorio Robles1-1/+1
This is required for t-h-t to generate the appropriate hieradata. Change-Id: I9b451eac4427a52ad8eec62ff89acc6c6d3ab799 Closes-Bug: #1712328
2017-08-22Merge "Add nova metadata to TLS everywhere/docker services list"Jenkins1-3/+4
2017-08-22Merge "change sriovnicswitch to be first with openvswitch"Jenkins1-1/+1
2017-08-21Merge "Add logrotate with crond service"Jenkins3-0/+12
2017-08-21Merge "Let mds create manila key and fs"Jenkins1-1/+1
2017-08-21Add nova metadata to TLS everywhere/docker services listJuan Antonio Osorio Robles1-3/+4
This is working, so we add it to the list. bp tls-via-certmonger-containers Change-Id: Ib545d4e6c130b73b4921eb9b6325d2e8d6ff1e2c
2017-08-21TLS for containerized horizonJuan Antonio Osorio Robles1-0/+1
bind mount the certificates needed for TLS. bp tls-via-certmonger-containers Change-Id: Ib9b533249be37665b77396a76133cc42fd15ee2b
2017-08-21Merge "Enable TLS for containerized RabbitMQ"Jenkins1-0/+1
2017-08-21Add logrotate with crond serviceBogdan Dobrelya3-0/+12
Add a docker service template to provide containerized services logs rotation with a crond job. Add OS::TripleO::Services::LogrotateCrond to CI multinode-containers and to all environments among with generic services like Ntp or Kernel. Set it to OS::Heat::None for non containerized environments and only enable it to the environments/docker.yaml. Closes-bug: #1700912 Change-Id: Ic94373f0a0758e9959e1f896481780674437147d Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-08-19Merge "Add support for Dell EMC Unity Cinder backend"Jenkins1-0/+14
2017-08-18Merge "Restore and split nova metadata docker service out of nova-api."Jenkins1-0/+1
2017-08-18Let mds create manila key and fsJan Provaznik1-1/+1
ceph-ansible will take care of setting up client keys both in ceph and on client side. It will also create filesystem for manila. To assure that manila manifest can work in future both with puppet and with ceph-ansible, creation of filesystem is moved to ceph-mds manifest and creation of manila key on ceph side is moved to ceph-base (so manila key is always created), manila key is added to ceph-external for external ceph deployments. Key creation is removed from manila.pp in patch I2b5567a39ac8737e80758b705818cc1807dc8bf1 Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68 Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27 Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
2017-08-18Merge "TLS everywhere/docker: add nova services to environment"Jenkins1-0/+7
2017-08-18Enable TLS for containerized RabbitMQJuan Antonio Osorio Robles1-0/+1
Bind mounts and adds the appropriate permissions for the cert and key that's used for TLS. bp tls-via-certmonger-containers Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813 Change-Id: I48325893a00690e2f5d6f1d685f903234545d5b8
2017-08-18Merge "Refactor setup_docker_host.sh as host_prep_tasks"Jenkins2-11/+0
2017-08-18Merge "Provide sample environment for composable roles"Jenkins3-0/+202
2017-08-18Merge "Add support for installing Ceph MDS via ceph-ansible"Jenkins1-0/+2
2017-08-18Merge "Remove iscsid from TLS everywhere docker environment"Jenkins1-1/+0
2017-08-18Restore and split nova metadata docker service out of nova-api.Oliver Walsh1-0/+1
I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7 changed nova api to http from eventlet, however we need to continue running the eventlet service as it is required for the nova metadata api. However this should be tied to the OS::TripleO::Services::NovaMetadata service, so duplicate the required config in nova-metadata.yaml. Change-Id: I398575d565d5527bcaa1c8b33b9de2e1e0f2f6fd Depends-On: Id3407e151566d16c6ae1e1ea8c1b021dac22e727 Closes-bug: #1711425
2017-08-17Merge "Enable TLS for containerized MySQL"Jenkins1-0/+1
2017-08-17Merge "Enable TLS for containerized haproxy"Jenkins1-0/+1
2017-08-17Refactor setup_docker_host.sh as host_prep_tasksJiri Stransky2-11/+0
Previously what we've been doing with setup_docker_host.sh can now be achieved with host_prep_tasks, and we can free up the NodeUserData interface for other use cases. Closes-Bug: #1711387 Change-Id: Iaac90efd03e37ceb02c312f9c15c1da7d4982510
2017-08-17Provide sample environment for composable rolesAlex Schultz3-0/+202
Creating a sample environment generator configuration to generate basic environment files for the following architectures: * Monolithic HA (3 Controller, 3 Compute, 1 Ceph) * Monolithic Non-HA (1 Controller, 1 Compute, 1 Ceph) * Standalone (3 Controller, 3 Database, 3 Messaging, 2 Networker, 1 Compute, 1 Ceph) Change-Id: Id0b967d3b2356f38a51e1028b2dccc122d59888c Related-Blueprint: example-custom-role-environments
2017-08-17Add support for Dell EMC Unity Cinder backendrajinir1-0/+14
This change adds a new define for cinder::backend::dellemc_unity. Change-Id: I7f9dbb707cf9b5c90ec2f31dcff82cd578805b80 Implements: blueprint dellemc-unity-cinder
2017-08-17TLS everywhere/docker: add nova services to environmentJuan Antonio Osorio Robles1-0/+7
Most nova services are working with TLS everywhere, so they can be added to the environment. The compute and libvirt services are still pending. bp tls-via-certmonger-containers Change-Id: I80745fff5fbd9a6ccd701c1d154b38ad41b0cc3c
2017-08-17Remove iscsid from TLS everywhere docker environmentJuan Antonio Osorio Robles1-1/+0
Since nova-compute is not containerized with TLS yet, using containerized iscsid causes errors when trying to spawn a VM with a volume. Since the path is different in this case. I will re-add iscsid to this environment once nova-compute is containerized with TLS. bp tls-via-certmonger-containers Change-Id: Ida87b187e56ae852c5a4ef6f78cc04a0870fe3f4
2017-08-17Merge "Delete docker-centos-tripleoupstream.yaml"Jenkins1-124/+0
2017-08-16Add support for installing Ceph MDS via ceph-ansibleJohn Fulton1-0/+2
Based on puppet/services/ceph-mds.yaml. Nodes in the CephMds role will already be in the Ansible inventory but this change provides a way pass their parameters to ceph-ansible. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
2017-08-16Merge "Consolidate deployment in major-upgrade-composable-steps"Jenkins1-1/+1
2017-08-15Merge "Make network-isolation-v6 environment rendered for all roles"Jenkins4-57/+66
2017-08-15Delete docker-centos-tripleoupstream.yamlSteve Baker1-124/+0
This file is generated and needs to be manually maintained. It would be better for users who want to deploy latest directly from docker hub to generate it locally by running: openstack overcloud container image prepare \ --namespace tripleoupstream \ --tag latest \ --env-file docker-centos-tripleoupstream.yaml The documentation and CI are being updated to use prepare. Change-Id: I86503f1076459ae9d84a34e649a6097cba10fa3c Closes-Bug: #1696598
2017-08-14Merge "Make containerized nova-api run with httpd"Jenkins1-6/+5
2017-08-14Enable TLS for containerized MySQLJuan Antonio Osorio Robles1-0/+1
Bind mounts and adds the appropriate permissions for the cert and key that's used for TLS. bp tls-via-certmonger-containers Change-Id: I7fae4083604c7dc89ca04141080a228ebfc44ac9
2017-08-14Enable TLS for containerized haproxyJuan Antonio Osorio Robles1-0/+1
This bind mounts the certificates if TLS is enabled in the internal network. It also disables the CRL usage since we can't restart haproxy at the rate that the CRL is updated. This will be addressed later and is a known limitation of using containerized haproxy (there's the same issue in the HA scenario). To address the different UID that the certs and keys will have, I added an extra step that changes the ownership of these files; though this only gets included if TLS in the internal network is enabled. bp tls-via-certmonger-containers Depends-On: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec Change-Id: Ic6ca88ee7b6b256ae6182e60e07498a8a793d66a
2017-08-14Consolidate deployment in major-upgrade-composable-stepsJose Luis Franco Arza1-1/+1
After 483293 commit is merged, major-upgrade-composable-steps.yaml file is pointing to the wrong location deployment, which is now under common/ folder. Change-Id: Ic6784533d1c21b5b8fcb422bccd820af72e499d9
2017-08-13change sriovnicswitch to be first with openvswitchMoshe Levi1-1/+1
In commit I77650be5f04775a72e2bdf694f93988825a84b72 neutron ovs mechanism driver can bind direct port with ovs SR-IOV hardware offload feature. currently both feature can't co-exist together. To allow ovs and sriovnicswitch to still work together, sriovnicswitch should be before openvswitch. Change-Id: Id19d65715d40d64f041bfe219afff98876fd7766
2017-08-12Merge "Consolidate puppet/docker deployments with one deploy steps workflow"Jenkins5-12/+3
2017-08-12Merge "Convert compute-role.yaml to role.role.j2.yaml"Jenkins1-1/+1
2017-08-11Merge "openstack-heat-templates: fix deprecation path"Jenkins1-1/+1
2017-08-11Consolidate puppet/docker deployments with one deploy steps workflowSteven Hardy5-12/+3
If we consolidate these we can focus on one implementation (the new ansible based one used for docker-steps) Change-Id: Iec0ad2278d62040bf03613fc9556b199c6a80546 Depends-On: Ifa2afa915e0fee368fb2506c02de75bf5efe82d5
2017-08-11Convert compute-role.yaml to role.role.j2.yamlSteven Hardy1-1/+1
Add some special-casing for backwards compatibility, such that the Compute role can be rendered via j2 for support of composable networks. Change-Id: Ieee446583f77bb9423609d444c576788cf930121 Partially-Implements: blueprint composable-networks
2017-08-11Make containerized nova-api run with httpdJuan Antonio Osorio Robles1-6/+5
The non-containerized version will run over httpd [1], and for the containerized TLS work, it is needed in the container version as well. [1] Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3 bp tls-via-certmonger-containers Depends-On: I1c5f13039414f17312f91a5e0fd02019aa08e00e Change-Id: I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7
2017-08-10Merge "Noop controller pre and post config resources."Jenkins1-0/+2
2017-08-10Merge "Docker/TLS everywhere: Add telemetry and neutron services to environment"Jenkins1-4/+9
2017-08-09Merge "Addition of Nuage as mechanism driver for ML2"Jenkins2-7/+22
2017-08-09Make network-isolation-v6 environment rendered for all rolesMichele Baldessari4-57/+66
In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2 templating to render the networks. This change aims at doing so for the IPv6 network isolation environment. Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21