Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com>
Closes-bug: #1668918
Change-Id: Ie1ebd25965bd2dbad2a22161da0022bad0b9e554
|
|
Closes-bug: #1668928
Change-Id: I291df31be97c3d55cddb3924482aa5976a79c2b1
|
|
|
|
This profile will request the certificates for the services on the node.
So with this, we will remove the requesting of these certs on the
services' profiles themselves.
The reasoning for this is that for a containerized environment, the
containers won't have credentials to the CA while the baremetal node
does. So, with this, we will have this profile that still gets executed
in the baremetal nodes, and we can subsequently pass the requested
certificates by bind-mounting them on the containers. On the other hand,
this approach still works well for the TLS-everywhere case when the
services are running on baremetal.
Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
|
|
We are already enabling panko-api by default
`https://github.com/openstack/tripleo-heat-templates/blob/34c46241cda3be567017943560d218ced3bbdc03/overcloud-resource-registry-puppet.j2.yaml#L226`
so there is no need to have the environment file
or the resource in the ci environment template.
Change-Id: I6af6e2196a77320c8d3b5914d161a795b007151a
|
|
|
|
|
|
|
|
|
|
Closes-bug: #1668930
Change-Id: If5dff4388b255373083e164a74aaacd529a94111
|
|
This project aims at supporting inter-connection between L3VPNs
and Neutron resources, i.e. Networks, Routers and Ports.
Partially-Implements: blueprint bgpvpn-service-integration
Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876
Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|
|
|
|
As with other services, this passes the necessary hieradata to enable
TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo)
that there will only be TLS connections, as the ssl_only option is being
used.
bp tls-via-certmonger
Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5
Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
|
|
This patch moves enabling Zaqar docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I6755eb7ae2abb2b9c8b213ff6fd21b0392353ef5
|
|
This patch moves enabling Mistral docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I8b484532de5f5d61fc0240defbc5fc27789a1279
|
|
This patch moves enabling Ironic docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I236de47d422b3563a0192359f2327610fc1714ca
|
|
A recent commit [1] change how docker is installed and configured on
the overcloud nodes, from a cloud-init script to a proper puppet
profile in puppet-tripleo but forgot to enable the docker service on
the compute nodes.
[1] Ia50169819cb959025866348b11337728f8ed5c9e
Change-Id: I202723d0e48f110e5b0dbfe3dcf6646da9f37948
|
|
|
|
It will allow to configure keystone event notifications
using CADF, as documented on:
https://docs.openstack.org/developer/keystone/event_notifications.html
CADF events provide auditing capabilities for compliance with
security.
Change-Id: Id16b264c295b9e3adbf960366ff8328ba8dcd485
|
|
This aligns the docker based services with the new composable upgrades
architecture we landed for ocata, and does a first-pass adding upgrade_tasks
for the services (these may change, atm we only disable the service on
the host).
To run the upgrade workflow you basically do two steps:
openstack overcloud deploy --templates \
-e environments/major-upgrade-composable-steps-docker.yaml
This will run the ansible upgrade steps we define via upgrade_tasks
then run the normal docker PostDeploySteps to bring up the containers.
For the puppet workflow there's then an operator driven step where
compute nodes (and potentially storage nodes) are upgrades in batches
and finally you do:
openstack overcloud deploy --templates \
-e environments/major-upgrade-converge-docker.yaml
In the puppet case this re-applies puppet to unpin the nova RPC API
so I guess it'll restart the nova containers this affects but otherwise
will be a no-op (we also disable the ansible steps at this point.
Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1
Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
|
|
This allows to run a containerized neutron on the overcloud.
Co-Authored-By: Martin André <m.andre@redhat.com>
Depends-On: Iaf6536b1c4d0b2b118af92295136378cdfeee9d1
Change-Id: I86a12248d4f28f4dbe7708be928bcd8a45968d01
|
|
Until bug #1635409 is fixed we'll have to keep the default list
of services deployed by hyperconverged-ceph.yaml in sync with the
ServicesDefault list provided in roles_data.yaml
This change adds some logic in the templates validation script to
ensure that is preserved with future updates.
Change-Id: Ib767f9a24c3541b16f96bd6b6455cf797113fbd8
|
|
|
|
|
|
|
|
Vector Packet Processing (VPP) is a high performance packet processing
stack that runs in user space in Linux. VPP is used as an alternative to
kernel networking stack for accelerated network data path. This patch
adds VPP as a composable service. Note that NIC binding related configs
for VPP are handled in os-net-config.
Depends-on: I70a68a204a8b9d533fc2fa4fc33c39c3b1c366bf
Change-Id: I5e4b1903dc87cb16259eeb05db585678acadbc6b
Implements: blueprint fdio-integration-tripleo
|
|
This package wasn't installed in the Newton image and we need to
install it during upgrade to be able to skip preupgrade validations.
Change-Id: If6ee7a3801756ac445ae35534803eab175ad8e40
Closes-Bug: 1667967
|
|
A recent patch enabled a few containerized services on the Controller
node. We need to enable docker for all the roles.
Change-Id: I99fc0c2d29db3514a439b717d14367ad2252e450
|
|
|
|
We need to bump this a bit for the overcloud containers
jobs. This patch makes it configurable and increases the
size for the undercloud.
Related-bug: #1667697
Change-Id: I79319f051747b381f5fa36f8a7fc7f31020bc245
|
|
|
|
|
|
|
|
Increase apache serverlimit and maxrequestworkers to 100
in low-memory-usage template.
We have been reaching the limit with all the OpenStack services that we run in WSGI.
Increasing the number will help us to promote packages in TripleO CI.
Change-Id: I3f71f279a8dfaee9db5f5d1091ad079d9170de1f
|
|
A new environment file to be used when using the deployed-server roles
data at deployed-server/deployed-server-roles-data.yaml. This ensures
the Pre and Post Puppet Tasks for the ControllerDeployedServer role are
mapped to the stacks that handle maintenance mode and resource restarts
for pacemaker on stack-update.
Change-Id: I1ca52dfb3a3b669e128ebb0a28d9e36a1807faad
Closes-Bug: #1665060
|
|
|
|
|
|
|
|
Until we get bug #1635409 fixed we'll have to keep the two lists
in sync.
Change-Id: Ifd996bd4c95f901f242696b37e179073be6334d0
Related-Bug: #1635409
|
|
This adds the UpgradeInitCommonCommand for newton..ocata common
UpgradeInit commands. This comes before the ansible upgrade steps
so we need to do things like remove the old newton hieradata and
install the ansible-pacemaker module and ansible heat-agent plugin
This defaults to '' and is set in the major-upgrade-composable-steps
and unset in the major-upgrade-converge environment files.
Change-Id: I0c7a32194c0069b63a501a913c17907b47c9cc16
|
|
|
|
This patch avoids conflicts when cherry picking
docker services in our ad-hoc docker services
patch series and enables them all at once.
Change-Id: Ia4f7c8071d8b4f3c9a7d73173e9120eb1e79ce53
|
|
|
|
This is a generic replacement for the previous pacemaker named
file that is designed to work with the new composable-steps upgrade.
Change-Id: If5016b910931364a621b280465420d0bf2617895
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
This patch implements a new docker deployment architecture that
should us to install docker services in a stepwise manner alongside
of baremetal puppet services. This works by using Yaql to select
docker specific services (docker/services/*.yaml) vs the puppet
specific ones and then applying the selected Json to relevant Heat
software deployments for docker and baremetal puppet in a stepwise
fashion.
Additionally the new architecture
leverages new composable services interfaces from Newton to
allow configuration of per-service container configuration
sets (directories that are bind mounted into kolla containers) by
using the Kolla containers themselves. It does this by spinning up
a throw away "configuration only" version of the container being
configured itself, then running the puppet apply in that container and
copying the generated config files into /var/lib/config-data. This
avoids having to install all of the OpenStack dependency packages
in the heat-agent-container itself (our previous approach) and should
allow us to configure a much wider variety of container config files
that would otherwise be impossible with the previous shared approach.
The new approach (combined) should allow us to configure containers in
both the undercloud and overcloud and incrementally add CI coverage to
services as we containerize them.
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Ian Main <imain@redhat.com>
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Change-Id: Ibcff99f03e6751fbf3197adefd5d344178b71fc2
|
|
|
|
Co-Authored-By: Mathieu Bultel <mbultel@redhat.com>
Co-Authored-By: Oliver Walsh <owalsh@redhat.com>
Change-Id: Iafad800a6819d7e75fdaab60d328999d3d3c037f
Partially-Implements: blueprint overcloud-upgrades-per-service
Related-Bug: #1662344
|