Age | Commit message (Collapse) | Author | Files | Lines |
|
This adds an environment file that can be used to enable TLS in
the internal endpoints via certmonger if used. This will include
a nested stack that will create the hash that will be used to
create the certmonger certificates.
When setting up a service over apache via puppet, we used to disable
explicitly ssl (which sets modd_ssl-related fields for that vhost).
We now make this depend on the EnableInternalTLS flag. This has only
been done for keystone, but more services will be added as the
puppet code lands
bp tls-via-certmonger
Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039
Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c
|
|
|
|
|
|
|
|
Introduce a new environment template that enables the Debug parameter.
By default the value is set to "true".
Change-Id: Ieac59de42ffef6afa5d8f10ef1925c32c7dc8551
|
|
|
|
Depends-On: I04e28a95e8d69a24cd3df109bf1802bfcbd941db
Change-Id: I4ada033155e5fde0add08ec9aa8f6af7c31d53f3
|
|
|
|
In Newton, ceilometer api is changed to run under apache wsgi
instead of eventlet. This will require upgrades for mitaka
deployments to switch to wsgi.
Closes-Bug: 1631297
Change-Id: If9d6987cd0a8fc5d3f9de518ba422d97d5149732
|
|
This default setting got lots in the composable roles/services patches.
Re-enable the ManageFirewall setting by default per what we did in
git commit 73c76b867ddc8a23a30b9a3cac4031189d4178c6.
We also fix a typo in neutron-api.yaml so that the firewall rules
matches to service_name. (otherwise it won't get loaded).
Also, drops the environments/manage-firewall.yaml which is
no longer needed if we enable firewall management by default.
Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b
Closes-bug: 1629934
|
|
|
|
When deploying manila with cephfs backend,
/etc/manila/manila.conf should define
cephfs_conf_path = /etc/ceph/ceph.conf
in the cephfs native backend since this is
the conventional path that ceph operators expect
and since we document that path upstream.
Change-Id: I4abf5c33b675b1102413a84d64f4ce23b07b4485
Closes-Bug: 1630777
|
|
|
|
This patch modifies the service name to be more appropriately called
"OpenDaylightApi" along side the "OpenDaylightOvs" service used to
configure OpenVSwitch. It also splits out the OVS configuration for
controller nodes into the composable OpenDaylightOvs service.
Related-Bug: #1629408
Change-Id: I15221401acdfb2a9ef81107b54a8005348f8372f
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
|
|
The default path if the operator does nothing is to keep the
sahara services on mitaka to newton upgrades.
If the operator wishes to remove sahara services then they
need to specify the provided major-upgrade-remove-sahara.yaml
environment file in the stack upgrade commands.
The existing migration to ha arch already removes the constraints
and pcs resource for sahara api/engine so we just need to stop
it from starting again if we want to remove it.
This adds a KeepSaharaServiceOnUpgrade parameter to determine if
Sahara is disabled from starting up after the controllers are
upgraded (defaults true).
Finally it is worth noting that we default the sahara services
as 'on' during converge here in the resource_registry of the
converge environment file; any subsequent stack updates where
the deployment contains sahara services will need to
include the -e /environments/services/sahara.yaml environment
file.
Related-Bug: 1630247
Change-Id: I59536cae3260e3df52589289b4f63e9ea0129407
|
|
|
|
|
|
When you tried to use the environemnt/monitoring-environment.yaml
as a part of the deployment on the overcloud you hit the
following error and it stops the deploy of the overcloud.
***
Deploying templates in the directory /home/stack/tripleo-heat-templates
'NoneType' object does not support item assignment
***
Closes-Bug: #1629323
Change-Id: I8cf2e7d8f3a4e79cc71a1566ec17d0a977c38d60
Signed-off-by: Juan Badia Payno <jbadiapa@redhat.com>
|
|
When you tried to use the environemnt/logging-environemnt.yaml
as a part of the deployment on the overcloud you hit the
following error and it stops the deploy of the overcloud.
***
Deploying templates in the directory /home/stack/tripleo-heat-templates
'NoneType' object does not support item assignment
***
Closes-Bug: #1629315
Change-Id: I55e5c7f20ddf30f3e48247b734f6fa47f5de3750
Signed-off-by: Juan Badia Payno <jbadiapa@redhat.com>
|
|
This sets up a flag that tells the profiles to use TLS (this will happen
in the internal network).
bp tls-via-certmonger
Change-Id: If47febb5b38b1c65f60f9de87a34cb31936a7c0d
|
|
This adds some basic pieces to get certmonger to manage the
certificates for HAProxy. The aim is to be flexible enough that we
will be able to manage both public and internal certificates.
This also adds a relevant environment to get the endpoints to have
TLS everywhere.
bp tls-via-certmonger
Depends-On: I89001ae32f46c9682aecc118753ef6cd647baa62
Change-Id: Ife5f8c2f07233295bc15b4c605acf3d9bd62f162
|
|
This patch deprecates netapp_eseries_host_type in favor of netapp_host_type.
Change-Id: I113c770ca2e4dc54526d4262bacae48e223c54f4
Closes-Bug: 1579161
|
|
|
|
|
|
|
|
Depending on the environment, gnocchi workers
uses several controller resources RAM/CPU,
this option makes it configurable.
Also, configured to 1 in environments/low-memory-usage.yaml
which will reduce the service footprint in i.e. CI
Change-Id: Ia008b32151f4d8fec586cf89994ac836751b7cce
Closes-bug: #1626473
|
|
Fixing the path to the resources:
OS::TripleO::Services::OpenDaylight
OS::TripleO::Services::OpenDaylightOvs
Change-Id: Ibdd2149fffe64a17ab25921c3f311a2b4b7242c7
|
|
Enables configuring CephFS Native backend for Manila.
This change is based on the usage of environments like in
review https://review.openstack.org/#/c/354019 for Netapp
driver.
Co-Authored-By: Marios Andreou <marios@redhat.com>
Change-Id: If013d796bcdfe48b2c995bcab462c89c360b7367
Depends-On: I918f6f23ae0bd3542bcfe1bf0c797d4e6aa8f4d9
Depends-On: I2b537f735b8d1be8f39e8c274be3872b193c1014
|
|
Change-Id: If4d3b186d1d943ca6fad46427fb3b35699cdfc90
|
|
Our previous no-ops stopped working because the Puppet run resources
moved under a different entry in resource registry. This is now fixed
to follow the latest way.
Change-Id: Ia5598385ddca185bfbf10e2d3babb53f6f77d1ac
Closes-Bug: #1626452
|
|
We hit problems in environments which don't have a lot of RAM (e.g. dev
envs, could be also CI) that Apache ate too much memory due to
too many worker processes being spawned.
This commit allows customizing the Apache MaxRequestWorkers and
ServerLimit directives via Heat parameters. The default stays 256 as
that's the default in the Puppet module, to be suited for production
environments with powerful machines. Also low-memory-usage.yaml
environment file is added, which can be used to make dev/test/CI
overclouds less memory hungry, where the limits are now set to 32.
Change-Id: Ibcf1d9c3326df8bb5b380066166c4ae3c4bf8d96
Co-Authored-By: Carlos Camacho <ccamacho@redhat.com>
Closes-Bug: #1619205
|
|
|
|
|
|
This implements support for installing fluentd agents as a composable
service on the overcloud.
Depends-On: I2e1abe4d8c8359e56ff626255ee50c9cacca1940
Implements: tripleo-opstools-centralized-logging
Change-Id: I23b0e23881b742158fcfb6b8c145a3211d45086e
|
|
|
|
Enables configuring a NetApp backend for the Manila service
This was created based on the review at
https://review.openstack.org/#/c/188138/
This makes the netapp and generic backends disabled by default
in the services/manila-backend-*.yaml. A backend is then
enabled via backend-specific environment files, which will set
any config parameters and enable that backend.
It is expected that multiple manila backend specific environment
files might be specified simultaneously.
Finally generic and manila config is split into separate
service files rather than using manila-base for all the things.
Co-Authored-By: Ryan Hefner <rhefner@redhat.com>
Co-Authored-By: Ben Swartzlander <ben@swartzlander.org>
Closes-Bug: 1618479
Depends-On: Ic6f8e8d27ca20b9badddea5d16550aa18bff8418
Change-Id: I35fce32d0f6a5cc1c3382c2d0e0d6028928fd943
|
|
This patch add support for deploying Ceph RGW.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: I88c8659a36c2435834e8646c75880b0adc52e964
|
|
|
|
|
|
This will aid us in using FQDNs instead of IPs if DNS is not set. If
the deployer already has DNS set up, they can easily disable this
profile by adding the use-dns-for-vips.yaml environment file.
bp tls-via-certmonger
Change-Id: I8c1b3f253d0149d575171c208f9a1342a7b26450
Depends-On: I1bdb2701dfb3e7ef072e674c9882d3be5af7296c
|
|
|
|
|
|
Update OpenContrail loadbalancer plugin value to match with Newton
changes.
Closes-Bug: #1620657
Change-Id: I48f1884b95e590c0588c52419ec152bd08bc3992
|
|
|
|
|
|
Installs and configures OVN databases and process and also configures
the neutron plugin for OVN.
Implements: blueprint tripleo-ovn
Change-Id: Ic3e415bb0587dd85b71f6c14a96f6b2c86a7b30f
|
|
Change-Id: I9afb1d57d08504346f669239ab3d9cce100c7655
Implements: blueprint tripleo-sriov
Signed-off-by: karthik s <ksundara@redhat.com>
|
|
Neutron DVR requires the OS::TripleO::Compute::Ports::ExternalPort to be
set to a valid port on the external network.
Change-Id: I46b96dba3e264e0e79f7f0cea83b0f66775d6d2a
Closes-Bug: 1618611
|
|
- adds possibility to install sensu-client on all nodes
- each composable service has it's own subscription
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Michele Baldessari <michele@redhat.com>
Implements: blueprint tripleo-opstools-availability-monitoring
Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
|