summaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2015-12-08Enable TLS in loadbalancer if cert path is detectedJuan Antonio Osorio Robles1-0/+32
If there is a value for the certificate path (which should only happen if the environment for enabling TLS is used) then the loadbalancer will detect it and configure it's front ends correctly. On the other hand a proper override for the example environment was given, since this will be needed because we want to pass the hosts and protocols correctly so the tripleoclient will catch it and pass it to os-cloud-config Change-Id: Ifba51495f0c99398291cfd29d10c04ec33b8fc34 Depends-On: Ie2428093b270ab8bc19fcb2130bb16a41ca0ce09
2015-11-30Changes for configuring NuageLokesh Jain2-0/+22
Added ExtraConfig templates and environment files for Nuage specific parameters. Modified overcloud_compute.pp and overcloud_controller.pp to conditionally include Nuage plugin and agents. Change-Id: I95510c753b0a262c73566481f9e94279970f4a4f
2015-11-26Merge "Make load balancer deployment optional via template param"Jenkins1-0/+1
2015-11-26Merge "Add net_vip_map_external to be used for an external balancer"Jenkins1-0/+13
2015-11-25Merge "Enable trust anchor injection"Jenkins1-0/+6
2015-11-25Merge "Inject TLS certificate and keys for the Overcloud"Jenkins1-0/+9
2015-11-25Enable trust anchor injectionJuan Antonio Osorio Robles1-0/+6
This commit enables the injection of a trust anchor or root certificate into every node in the overcloud. This is in case that the TLS certificates for the controllers are signed with a self-signed CA or if the deployer would like to inject a relevant root certificate for other purposes. In this case the other nodes might need to have the root certificate in their trust chain in order to do proper validation Change-Id: Ia45180fe0bb979cf12d19f039dbfd22e26fb4856
2015-11-24Merge "Point registry at tripleoupstream"Jenkins1-10/+9
2015-11-24Make load balancer deployment optional via template paramGiulio Fidente1-0/+1
Adds control over the load balancer deployment via template param. Change-Id: I5625083ff323a87712a5fd3f9a64dd66d2838468
2015-11-24Add net_vip_map_external to be used for an external balancerDan Prince1-0/+13
Changes VipMap into a new NetVipMap resource which defaults to being the same as the 'old' VipMap. An environment file can be used to map NetVipMap instead to the net_vip_map_external.yaml which allows for passing in explicit Virtual IP addresses. It also ensures that references to the Virtual IPs are gathered from the VipMap resource and allows for an empty ControlPlaneIP parameter in the neutron port templates where it can be. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Ifad32e18f12b9997e3f89e4afe3ebc4c30e14a86
2015-11-23Merge "Sample environment with old ServiceNetMap value"Jenkins2-0/+42
2015-11-23Merge "Implement Advanced Firewalling support"Jenkins1-0/+2
2015-11-23Sample environment with old ServiceNetMap valueJames Slagle2-0/+42
The original value for the ServiceNetMap parameter had the Keystone Admin API service on the Internal API network. Later, it was moved to the ctlplane network by default. Users updating from clouds already deployed may not want to have the service moved, and we've occassionly seen it cause issues with services not getting restarted properly. This sample environment file documents the old value so that users can just optionally include it via -e to keep the services the same as they were when they originally deployed. Change-Id: I0b68542337a2f40e26df15fe7ac2da5aafe651d5
2015-11-23Inject TLS certificate and keys for the OvercloudJuan Antonio Osorio Robles1-0/+9
This is a first implementation of adding TLS termination to the load balancer in the controllers. The implementation was made so that the appropriate certificate/private key in PEM format is copied to the appropriate controller(s) via a software deployment resource. And the path is then referenced on the HAProxy configuration, but this part was left commented out because we need to be able to configure the keystone endpoints in order for this to work properly. Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79
2015-11-20Point registry at tripleoupstreamRyan Hallisey1-10/+9
The tripleoupstream registry contains images that are built every time there is a change in delorean. The gate also needs this. Change-Id: If460853284588f637de820afa54069f773f2e6f7
2015-11-20Merge "Add local docker registry support"Jenkins1-7/+13
2015-11-20Merge "Update docker compute environment to use json config"Jenkins1-6/+7
2015-11-19Implement Advanced Firewalling supportEmilien Macchi1-0/+2
Consume puppet-tripleo to create/manage IPtables from Heat templates. This review put in place the logic to enable and setup firewall rules. A known set of rules are applied. More to come. Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22 Co-Authored-By: Yanis Guenane <yguenane@redhat.com> Depends-On: I144c60db2a568a94dce5b51257f1d10980173325
2015-11-16Merge "Add environment for isolated networks without tunneling VLAN"Jenkins1-0/+37
2015-11-16Merge "Support network isolation without external nets"Jenkins2-0/+51
2015-11-11Merge "Allow customization of Ceph client user"Jenkins1-1/+3
2015-11-10Merge "Allow customization of the Ceph pool names"Jenkins1-1/+6
2015-11-10Change the Atomic image name so it's less specificRyan Hallisey1-1/+1
The atomic image name in glance was being set to 'fedora-atomic'. The glance image can be any form of atomic distro so we shouldn't name this specifically 'fedora-atomic', but instead 'atomic-image'. Change-Id: Ic539b82b92e3fdd834750e591d8622b7dc85fc6d
2015-11-05Allow customization of Ceph client userGiulio Fidente1-1/+3
Previously we enforced the Ceph user used by the OpenStack clients to be named 'openstack', this change allows for customization of such a name. Change-Id: Idef3e1ed4e8e21b645081869b8d6fad2329bdc60
2015-11-05Allow customization of the Ceph pool namesGiulio Fidente1-1/+6
This is useful in those scenarios were we want to use an external Ceph deployment with multiple overclouds. Change-Id: I1749d2a6547f6ce25843709e46a1447e8d42cfff
2015-11-05Merge "Add network templates for multiple NIC configuration"Jenkins1-0/+13
2015-11-05Add network templates for multiple NIC configurationDan Sneddon1-0/+13
This change adds a set of network interface configurations for use with network isolation. The multiple-nics templates includes one separate NIC per network, and assumes that nic1 is used for the provisioning network (ctlplane). Also included is an environment file for including the multiple-nics configuration in a deployment. This revision changes the ordering of the NICs. By doing that, it is possible to wire up only a subset of the NICs for the storage nodes, and it is possilbe to leave the External NIC only configured on the controllers. rdo: Updated this commit for static control plane configuration Co-Authored-By: Rhys Oxenham <roxenham@redhat.com> Change-Id: Ic878d1ed1a85b5705295d087a743570ca8213504
2015-11-02Add local docker registry supportRyan Hallisey1-7/+13
Create a set of environment variables that allows us to configure a docker registry for deployment. This patch assumes there is a local docker registry already setup with the images loaded in place. Change-Id: Iaafaf23eb3fa8b24bcd8f73bb38c552bea629607 Signed-off-by: Ian Main <imain@redhat.com> Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
2015-11-02Update docker compute environment to use json configRyan Hallisey1-6/+7
In liberty, Kolla copies around files and runs the service given a specified command, by reading a json file. This will update the existing work to follow that template by creating a json file for each of the services and pushing it into the containers. Change-Id: I5085d1896ea965fd8854765b055068a5ad30bcfd Co-Authored-By: Jeff Peeler <jpeeler@redhat.com>
2015-10-19Support NFS backend for Glance (via Pacemaker)Jiri Stransky1-1/+1
Adds support for NFS backend in Glance by allowing the storage directory for the 'file' backend to be a mount managed by Pacemaker. Default behavior is unchanged. Since the Pacemaker-related parameters are not exposed on top level, change storage-environment.yaml to use parameter_defaults instead of parameters. Depends on a Heat fix for environment file's parameter_defaults to work well with JSONs and comma delimited lists (see Depends-On). Change-Id: I6e7e2eaf6919b955650c0b32e1629a4067602c89 Depends-On: I85b13a79dbc97a77e20c0d5df8eaf05b3000815e
2015-10-12Merge "Allow enabling debug mode for config management (Puppet)"Jenkins1-0/+5
2015-10-08Docker compute role configured via PuppetDan Prince1-0/+17
This change adds a containerized version of the overcloud compute node for TripleO. Configuration files are generated via OpenStack Puppet modules which are then used to externally configure kolla containers for each OpenStack service. See the README-containers.md file for more information on how to set this up. This uses AtomicOS as a base operating system and requires that we bootstrap the image with a container which contains the required os-collect-config agent hooks to support running puppet, shell scripts, and docker compose. Change-Id: Ic8331f52b20a041803a9d74cdf0eb81266d4e03c Co-Authored-By: Ian Main <imain@redhat.com> Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
2015-09-30Allow enabling debug mode for config management (Puppet)Jiri Stransky1-0/+5
Also adds an environment file which can be passed to heat stack-create to enable debugging. Change-Id: I9758e2ca3de6a0bed6d20c37ea19e48f47220721 Depends-On: Ie92d1714a8d7e59d347474039be999bd3a2b542f
2015-09-30Enable Cisco N1KV driverShiva Prasad Rao1-0/+11
This enables support for the Cisco N1kv driver for the ML2 plugin. It also configures the Nexus 1000v switch. Co-Authored-By: Steven Hillman <sthillma@cisco.com> Depends-On: I02dda0685c7df9013693db5eeacb2f47745d05b5 Depends-On: I3f14cdce9b9bf278aa9b107b2d313e1e82a20709 Change-Id: Idf23ed11a53509c00aa5fea4c87a515f42ad744f
2015-09-22Rename -puppet.yaml templates.Dan Prince1-1/+1
Updates the /puppet directory templates so that we drop the '-puppet' from the filenames. This is redundant because we already have puppet in the directory name and fixes inconsistencies where we aren't using -puppet in all the files within the puppet directory. Depends-On: I71cb07b2f5305aaf9c43ab175cca976e844b8175 Change-Id: I70d6e048a566666f5d6e5c2407f8a6b4fd9f6f87
2015-09-17Port Cisco Nexus/UCSM ExtraConfig to AllNodesSteven Hardy1-3/+2
Switch the implemention from a pre_deploy ExtraConfig to an AllNodesExtraConfig, so we can collect the mac->hostname mapping for all nodes, then calculate a NexusConfig based on that and a provided mapping of switch ports to mac address. The same conversion is also done to the NetworkUCSMHostList: The port mappings are provided via parameter_defaults like: parameter_defaults: NetworkNexusConfig: { "bxb-tor-1": { "username": "admin", "ssh_port": 22, "password": "lab", "ip_address": "10.86.7.204", "nve_src_intf": 0, "physnet": "datacentre", "servers": { "fa:16:3e:fa:be:ef": "1/11", "fa:16:3e:fa:5e:cf": "1/23", "fa:16:3e:fa:12:34": "2/34" } } } NetworkUCSMHostList: 'fa:16:3e:fa:be:ef:profile1' This results in an entry like this appended to /etc/puppet/hieradata/neutron_cisco_data.yaml: neutron::plugins::ml2::cisco::nexus::nexus_config:\ {"bxb-tor-1": {"username": "admin", "nve_src_intf": 0, "ssh_port": 22, "servers": {"overcloud-compute02": "2/34", "overcloud-compute01": "1/23", "overcloud-control01": "1/11"}, "password": "lab", "ip_address": "10.86.7.204", "physnet": "datacentre"}} neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: overcloud-control01:profile1 Co-Authored-By: Rob Pothier <rpothier@cisco.com> Co-Authored-By: Tim Swanson <tiswanso@cisco.com> Change-Id: I372c3ffb6bd85b7239fcb9f3fc4fa51cd4a39332
2015-09-16Big Switch Neutron ML2 plugin integrationJiri Stransky1-0/+17
Add support for Big Switch Neutron ML2 plugin. Makes sure that the package is present and sets up the [restproxy] section in ml2_conf.ini. This also adds support for setting the ovs_use_veth option in l3_agent.ini. There is no support for this in puppet-neutron l3 class and it probably doesn't make sense adding it there, because this setting isn't relevant for all l3 agent drivers, it's specific to OVSInterfaceDriver. The ovs_use_veth option is also added to dhcp_agent.ini. Change-Id: I99635e25b2099dacce68154fe14693d6f06ac19f
2015-09-16Merge "Enable Cisco Nexus and UCSM plugins"Jenkins1-0/+26
2015-09-15Enable Cisco Nexus and UCSM pluginsRobert Pothier1-0/+26
This enables support for the Cisco UCS Manager and Cisco Nexus plugins Change-Id: I1bc28a4768d5d6857a0504ca1f77dd71259570b8
2015-08-28Add environment for isolated networks without tunneling VLANDan Sneddon1-0/+37
This change introduces an environment file that includes isolated networks but does not include a Tenant tunneling network. This is for deployments where the tenant networking will be provided by tenant VLANs, or provider networks, or another non-tunneling method. Change-Id: I8a05e341de80c2add418f22fa7f6f06349d378d6
2015-08-13Support for using external Ceph clustersDan Prince1-0/+18
This patch adds support for using an externally managed Ceph cluster with the TripleO Heat templates. For an externally managed Ceph cluster we initially only deploy the Ceph client tools, install the 'openstack' user keyring, and generate the ceph.conf. This matches what we do for managed Ceph installations and is a good first start. No other Ceph related services are installed or managed. To enable use of a Ceph external cluster simply add the custom Heat environment file environments/puppet-ceph-external.yaml to your heat stack create/update command and make sure to set the required CephClientKey, CephExternalMonHost, and CephClusterFSID variables. Change-Id: I0a8b213ce9dfa2fc4e62ae1e7631466e5179fc2b
2015-08-06Support network isolation without external netsDan Prince2-0/+51
This patch adds extra heat environments that can be used to enable network isolation without using the external network. Instead of a separate external network the ctlplane will be used for all of the external/public traffic. Change-Id: Ia542cee02121771d7d57ac701b62d7608e8d1855
2015-07-30Provide a sample storage environment fileJiri Stransky1-0/+57
Meant to help users configure their storage parameters by copying this file out, amending it and passing it to `heat stack-create` or `openstack overcloud deploy`. Defaults to using Ceph as a backend for Cinder, Glance and also Nova ephemeral storage. Change-Id: Ia8f5ef175439394aacdea98cfd66416bcb9bfe3a
2015-07-21Merge "Fix Puppet Configuring NetApp Cinder Backend"Jenkins1-1/+1
2015-07-20Fix Puppet Configuring NetApp Cinder BackendRyan Hefner1-1/+1
It was incorrectly assumed that Puppet variables assigned to a defined class (as seen in cinder-netapp.yaml) would be applied to any resources created with that type. This is not how Puppet works. The full range of configuration parameters to cinder::backend::netapp have been added back in. They are still pulling from Hiera like they were intended before, but it needs to be a little more explicit for Puppet to be happy. Change-Id: I2e00eae829713b2dbb1e4a5f296b6d08d0c21100
2015-07-19Merge "Use parameter_defaults in env files"Jenkins2-2/+10
2015-07-13Allow a user to disable MongoDB journalingYanis Guenane1-0/+5
By default MongoDB enables a journaling system that prevents loss of data in case of an unexpected shut-down. When journaling is enabled, MongoDB will create the journal files before actually starting the daemon[1]. The journaling feature is useful in production environment, but not really on a CI-like system, where we only want to make sure MongoDB is setup correctly and running, hence here we allow a user to enable/disable MongoDB journaling. [1] http://docs.mongodb.org/manual/core/journaling/ Change-Id: I0e4e65af9f650c10fdf5155ff709b4eb984cf4e1 Closes-bug: #1468246
2015-07-09Use parameter_defaults in env filesJames Slagle2-2/+10
Switch to using parameter_defaults in environment files instead of a parameters section. Using a parameters section to set top level parameters breaks Tuskar based deployments because Tuskar prefixes the name of the top level parameters with a role name and version, thus changing the name of the parameter. When the environment file is then used to set a top level parameter, Heat fails with an error during template validation: ERROR: The Parameter (NeutronExternalNetworkBridge) was not defined in template Change-Id: I605651a8ebdbd0b2baf7bcea198c2988efb55f31
2015-07-08Merge "Add NeutronExternalNetworkBridge parameter"Jenkins2-0/+12
2015-07-06Add NeutronExternalNetworkBridge parameterDan Prince2-0/+12
This patch adds a new parameter to configure the neutron external network bridge. This setting applies to the bridge used in the Neutron l3_agent.ini file and can by useful if you wish to set external_network_bridge = '' in that file. As part of this fix we also update the environment file for network isolation so that we automatically set the new NeutronExternalNetworkBridge to an empty string. This fixes an issue where overcloud floating IPs did not work correctly when using the external network interface for floating IP traffic. Change-Id: I3bfcda8746780ea0851d88ed6db8557e261cef0d