aboutsummaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2017-08-14Merge "Make containerized nova-api run with httpd"Jenkins1-6/+5
2017-08-14Enable TLS for containerized MySQLJuan Antonio Osorio Robles1-0/+1
Bind mounts and adds the appropriate permissions for the cert and key that's used for TLS. bp tls-via-certmonger-containers Change-Id: I7fae4083604c7dc89ca04141080a228ebfc44ac9
2017-08-14Enable TLS for containerized haproxyJuan Antonio Osorio Robles1-0/+1
This bind mounts the certificates if TLS is enabled in the internal network. It also disables the CRL usage since we can't restart haproxy at the rate that the CRL is updated. This will be addressed later and is a known limitation of using containerized haproxy (there's the same issue in the HA scenario). To address the different UID that the certs and keys will have, I added an extra step that changes the ownership of these files; though this only gets included if TLS in the internal network is enabled. bp tls-via-certmonger-containers Depends-On: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec Change-Id: Ic6ca88ee7b6b256ae6182e60e07498a8a793d66a
2017-08-14Consolidate deployment in major-upgrade-composable-stepsJose Luis Franco Arza1-1/+1
After 483293 commit is merged, major-upgrade-composable-steps.yaml file is pointing to the wrong location deployment, which is now under common/ folder. Change-Id: Ic6784533d1c21b5b8fcb422bccd820af72e499d9
2017-08-13change sriovnicswitch to be first with openvswitchMoshe Levi1-1/+1
In commit I77650be5f04775a72e2bdf694f93988825a84b72 neutron ovs mechanism driver can bind direct port with ovs SR-IOV hardware offload feature. currently both feature can't co-exist together. To allow ovs and sriovnicswitch to still work together, sriovnicswitch should be before openvswitch. Change-Id: Id19d65715d40d64f041bfe219afff98876fd7766
2017-08-12Merge "Consolidate puppet/docker deployments with one deploy steps workflow"Jenkins5-12/+3
2017-08-12Merge "Convert compute-role.yaml to role.role.j2.yaml"Jenkins1-1/+1
2017-08-11Merge "openstack-heat-templates: fix deprecation path"Jenkins1-1/+1
2017-08-11Consolidate puppet/docker deployments with one deploy steps workflowSteven Hardy5-12/+3
If we consolidate these we can focus on one implementation (the new ansible based one used for docker-steps) Change-Id: Iec0ad2278d62040bf03613fc9556b199c6a80546 Depends-On: Ifa2afa915e0fee368fb2506c02de75bf5efe82d5
2017-08-11Convert compute-role.yaml to role.role.j2.yamlSteven Hardy1-1/+1
Add some special-casing for backwards compatibility, such that the Compute role can be rendered via j2 for support of composable networks. Change-Id: Ieee446583f77bb9423609d444c576788cf930121 Partially-Implements: blueprint composable-networks
2017-08-11Make containerized nova-api run with httpdJuan Antonio Osorio Robles1-6/+5
The non-containerized version will run over httpd [1], and for the containerized TLS work, it is needed in the container version as well. [1] Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3 bp tls-via-certmonger-containers Depends-On: I1c5f13039414f17312f91a5e0fd02019aa08e00e Change-Id: I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7
2017-08-10Merge "Noop controller pre and post config resources."Jenkins1-0/+2
2017-08-10Merge "Docker/TLS everywhere: Add telemetry and neutron services to environment"Jenkins1-4/+9
2017-08-09Merge "Addition of Nuage as mechanism driver for ML2"Jenkins2-7/+22
2017-08-09Make network-isolation-v6 environment rendered for all rolesMichele Baldessari4-57/+66
In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2 templating to render the networks. This change aims at doing so for the IPv6 network isolation environment. Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21
2017-08-08Docker/TLS everywhere: Add telemetry and neutron services to environmentJuan Antonio Osorio Robles1-4/+9
some resources were missing, so this syncs up what's working right now. bp tls-via-certmonger-containers Change-Id: Ic8fe20d0240f1ad8f18218d66634029d522d4d5a
2017-08-04Merge "Copy scheduler configuration from service/ironic to ↵Jenkins1-0/+2
services-docker/ironic"
2017-08-04Merge "Adds environment file for ODL + SRIOV"Jenkins1-0/+28
2017-08-03Merge "Add environment for setting a custom domain name"Jenkins1-0/+35
2017-08-03Addition of Nuage as mechanism driver for ML2lokesh-jain2-7/+22
Adding composable services for Nuage mechanism driver for ML2. This is separate from Nuage as the core plugin and intentional duplication of Nuage under puppet services. Parameters required for working of Nuage as mechanism driver are also added. Change-Id: I2b564610721152c4f4dab9da79442256ba8d0b33
2017-08-03Merge "Update TLS-everywhere docker environment"Jenkins1-2/+5
2017-08-02Merge "Fix ceilometer agent compute service name"Jenkins1-1/+1
2017-08-02openstack-heat-templates: fix deprecation pathSébastien Han1-1/+1
The right file is external-ceph.yaml, not ceph-external.yaml. Change-Id: If21a4f183305f82916e1ef2aadb0706e7dab4657 Signed-off-by: Sébastien Han <seb@redhat.com>
2017-08-02Merge "Fix network-isolation.j2.yaml to ignore VIPs for disabled networks"Jenkins1-1/+1
2017-08-01Fix ceilometer agent compute service namePradeep Kilambi1-1/+1
Make sure this matches whats in roles_data.yaml Change-Id: Id41c457914f557af7c9ec195c4c6f98669523ac1
2017-08-01Merge "Generate MySQL client config if service requires database"Jenkins1-1/+0
2017-08-01Update TLS-everywhere docker environmentJuan Antonio Osorio Robles1-2/+5
Some resources have changed. So the environment needed syncing Change-Id: I9aa310ae80edfccd3ed28e67a431aad6e1ed8a7f
2017-07-31Merge "Fix creation of iptables rules for non-HA containerized HAproxy"Jenkins1-0/+1
2017-07-31Merge "Add 'ovn-controller' service"Jenkins3-9/+12
2017-07-31Copy scheduler configuration from service/ironic to services-docker/ironicDmitry Tantsur1-0/+2
That was missed back then. Without it bug 1697724 is not fixed for containers. Change-Id: Ie859f10129cbdeebd9ea4522510768cec99a1df3 Related-Bug: #1697724
2017-07-29Merge "add lbaasv2 to NeutronServicePlugins in octavia containers"Jenkins1-0/+5
2017-07-28Merge "Consistent hostname format env for split-stack"Jenkins3-15/+5
2017-07-27Add 'ovn-controller' serviceNuman Siddique3-9/+12
Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml) is started only on compute nodes. But for the cases where the controller nodes provide the north/south traffic, we need ovn-controller service runninng in controller nodes as well. This patch - Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more sense and sets the service name as 'ovn-controller'. - Adds the service 'ovn-controller' to Controller and Compute roles. - Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3 Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53 Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5
2017-07-27Generate MySQL client config if service requires databaseDamien Ciabrini1-1/+0
Services that access database have to read an extra MySQL configuration file /etc/my.cnf.d/tripleo.cnf which holds client-only settings, like client bind address and SSL configuration. The configuration file is thus used by containerized services, but also by non-containerized services that still run on the host. In order to generate that client configuration file appropriately both on the host and for containers, 1) the MySQLClient service must be included by the role; 2) every containerized service which uses the database must include the mysql::client profile in the docker-puppet config generation step. By including the mysql::client profile in each containerized service, we ensure that any change in configuration file will be reflected in the service's /var/lib/config-data/{service}, and that paunch will restart the service's container automatically. We now only rely on MySQLClient from puppet/services, to make it possible to generate /etc/my.cnf.d/tripleo.cnf on the host, and to set the hiera keys that drive the generation of that config file in containers via docker-puppet. We include a new YAML validation step to ensure that any service which depends on MySQL will initialize the mysql::client profile during the docker-puppet step. Change-Id: I0dab1dc9caef1e749f1c42cfefeba179caebc8d7
2017-07-27Add environment for setting a custom domain nameBen Nemec1-0/+35
Just setting CloudDomain won't make the domains used consistent. There are a number of CloudName parameters that must be set as well. This change adds a sample environment that includes all of those parameters so it is easy to set everything consistently. Also fixes the description of CloudNameCtlplane to reflect the actual use for that parameter. Change-Id: I56d1c1c5619f83c16c4e8350aa84fccc3d748425
2017-07-27Merge "Deploy Ceph in containers using ceph-ansible via external workflow"Jenkins1-0/+12
2017-07-27Merge "Adding Tuned Service"Jenkins1-0/+1
2017-07-26Merge "Fix enable-ceph sample environment"Jenkins2-0/+8
2017-07-26Deploy Ceph in containers using ceph-ansible via external workflowGiulio Fidente1-0/+12
Add docker profiles to deploy Ceph in containers via ceph-ansible. This is implemented by triggering a Mistral workflow during one of the overcloud deployment steps, as provided by [1]. Some new service-specific parameters are available to determine the workflow to execute and the ansible playbook to use. A new `CephAnsibleExtraConfig` parameter can be used to provide arbitrary config variables consumed by `ceph-ansible`. The pre-existing template params consumed up until the Pike release to drive `puppet-ceph` continue to work and are translated, when possible, into the equivalent `ceph-ansible` variable. A new environment file is added to enable use of ceph-ansible; the pre-existing puppet-ceph implementation remains unchanged and usable for non-containerized deployments. 1. https://review.openstack.org/#/c/463324/ Change-Id: I81d44a1e198c83a4ef8b109b4eb6c611555dcdc5
2017-07-26Adds environment file for ODL + SRIOVTim Rozet1-0/+28
Using the separate neutron-opendaylight and SRIOV env files do not work because sriov includes using OVS agent (which ODL does not want or need) and the default ODL env file has no Compute ML2 because it is not needed. Thus a new environment file is needed for deploying these 2 features in combination. Closes-Bug: 1696667 Change-Id: I6f7a9368aa521de928c269619278c30acda03799 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-26Merge "Ps Cinder: Added support for password less login"Jenkins1-0/+1
2017-07-26Fix enable-ceph sample environmentBen Nemec2-0/+8
The necessary resource registry entries were missing from this env and the old environment was not deprecated. Change-Id: I6a9b148514fc5da1f96b9fd7fe09f564c2f82419
2017-07-26Merge "Add parameters for Veritas HyperScale distributed setup."Jenkins1-0/+7
2017-07-26Noop controller pre and post config resources.Marius Cornea1-0/+2
This change sets the ControllerPreConfig and ControllerPostConfig resources to OS::Heat::None in order to avoid setting the cluster to maintenance mode while upgrading to the docker architecture. Closes-Bug: 1706594 Change-Id: Ibd69670d1617b73a8621b8fd4243041891a96747
2017-07-26Fix creation of iptables rules for non-HA containerized HAproxyDamien Ciabrini1-0/+1
The introduction of I90253412a5e2cd8e56e74cce3548064c06d022b1 broke the HAproxy service due to some HAproxy-specific iptables rules being executed during the puppet config step. Ensure that no iptables call is performed during the generation of configuration files. Move those calls to step 1, as implemented in the pacemaker-based HAproxy service (Ib5a083ba3299a82645f1a0f9da0d482c6b89ee23). Depends-On: I2d6274d061039a9793ad162ed8e750bd87bf71e9 Closes-Bug: #1697921 Change-Id: Ica3a432ff4a9e7a46df22cddba9ad96e1390b665
2017-07-25Adding Tuned ServiceJoe Talerico1-0/+1
Allow the user to set a specific Tuned profile on a given host. Defaults to throughput-performance Change-Id: I0c66193d2733b7a82ad44b1cd0d2187dd732065a
2017-07-25Contrail network realignement + DPDK enablementMichael Henkel11-381/+88
This patch moves Contrail roles communication from public/external to internal_api network for OpenStack API. It also adds the option to enable dpdk. Monolithic firstboot script is broken down into small pre-network and per-node extraconfig scripts Change-Id: I296a3bf60cef6fa950fd71d6e68effe367d1e66b Closes-Bug: 1698422
2017-07-25Merge "Fall back to non-containerized cinder-backup and cinder-volume for HA"Jenkins1-2/+3
2017-07-25add lbaasv2 to NeutronServicePlugins in octavia containersOr Idgar1-0/+5
without lbaasv2 neutron will not be able to load the plugin and communicate with octavia. Change-Id: If44b93703d3c408ae075d73ed695c3edc58fba18
2017-07-24Consistent hostname format env for split-stackJames Slagle3-15/+5
Adds a new environment split-stack-consistent-hostname-format.j2.yaml for use with split-stack that will set the {{role.name}}HostnameFormat parameters based on the actual roles in use. It's possible to generate these parameters and values as long as the roles files is the same between the 2 stacks, which will be documented in I9997bd685f8f79537dfc377f9f1eb0c7446c3289. Removes the hardcoded paramters from the other 2 split-stack environments. Change-Id: I93bc7c1a24a9cb2f9930372970c67c0eadb14add