aboutsummaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2016-08-25Merge "Move resource registry override to enable-tls.yaml"Jenkins3-6/+3
2016-08-25Merge "Fix path to sahara templates"Jenkins1-2/+2
2016-08-25Merge "Updates and fixes to NIC config template routes"Jenkins1-12/+16
2016-08-24Set NeutronL3HA to false when deploying DVRBrent Eagles1-0/+8
This patch sets NeutronL3HA to false when the DVR environment is included on deployment. L3 HA isn't supported with DVR routers and is disabled by defaults in our templates but upgrading users might have it enabled in their existing overclouds. Including the setting here with an appropriate comment gives us some sort of mechanism to convey to the upgrading user what they need to do. This will have no effect on users not using L3 HA or deploying new overclouds. Change-Id: If036ae2b88225f5a7d5f295eb5e6874d2fbb3f72
2016-08-23Move resource registry override to enable-tls.yamlJuan Antonio Osorio Robles3-6/+3
It makes more sense for the enable-tls.yaml file to contain the resource registry override, since it contains parameters that are actually used there. Also, this allows us to reuse the tls-endpoints-public-* files for other methods of enabling TLS (such as with certmonger). Change-Id: I98c63d0007e61968c0490a474eddb42548891fa6
2016-08-22Add deployment of CAs via hieradataJuan Antonio Osorio Robles1-0/+8
This enables us to pass a map of CAs to deploy the CA certificates using puppet and hiera instead of the bash script we were using. It also gives us the feature that we will be able to deploy several CA certificates on the nodes instead of just one as was the case before. Change-Id: I9559487874b80aeb093cc2fa2cfa7c0479d5a8b2 Depends-On: I84273b4cd6576a63fa78dc93ad6b077dd2a780c7
2016-08-22Fix path to sahara templatesSagi Shnaidman1-2/+2
Fix path to sahara templates Change-Id: I7e60ed1800923057efe24badf03d76761da3f498
2016-08-19Merge "Disable Sahara by default"Jenkins1-0/+3
2016-08-19Merge "Remove OS::Tripleo::Services::ManilaShare: from puppet-pacemaker.yaml"Jenkins1-1/+0
2016-08-19Disable Sahara by defaultDan Prince1-0/+3
Users who want Sahara enable now can simply include the environments/services/sahara.yaml Heat environment. Change-Id: I3df96b6e78ba3eddb62e79d854862a7e2d614c51
2016-08-19Disable cinder-backup by defaultGiulio Fidente2-1/+4
The cinder-backup service was not configured in mitaka, so having it disabled by default does not change the existing behavior. Also adds an environment file to enable it in the pacemaker scenario. Change-Id: I9a238e0d4601c9f59aff94fdac837c7d0e90afa0
2016-08-18Merge "Upgrade scripts to migrate aodh alarm data"Jenkins1-0/+10
2016-08-18Remove OS::Tripleo::Services::ManilaShare: from puppet-pacemaker.yamlCarlos Camacho1-1/+0
Already with the same value in overcloud-resource-registry-puppet.yaml Change-Id: Ic274abddef5e229a3517f4f77d8192d6abf81044
2016-08-18Merge "Make sahara run via systemd"Jenkins1-5/+2
2016-08-17Merge "Decouple EndpointMap from SSL certificate params"Jenkins3-52/+113
2016-08-17Make sahara run via systemdMichele Baldessari1-5/+2
Via commit 0327fc2bbb1be9972d99e2e83d54d07410ad01d9 we added sahara as a composable service. Let's make sure sahara-api and sahara-engine run via systemd and not as a pacemaker resource. This is inline with the HA NG spec. Change-Id: I5634ad43771fba798892df6d2297c2634dcb6756
2016-08-17Upgrade scripts to migrate aodh alarm dataPradeep Kilambi1-0/+10
In Newton, Aodh will be using its own mysql DB rather than using ceilometer's mongo instance. This means we need to migrate any existing alarm and alrm history data from ceilometer DB to aodh mysqlDB. Upstream aodh provides us with a aodh-data-migration utility. We need to invoke this during the mitaka->newton upgrade procedure so data is migrated as expected and aodh mysql backend takes over. Closes-bug: #1611794 Change-Id: I17888b57ecf98cd83e92af2f9cdbead066b03aa3
2016-08-17Merge "Update Ironic composable services"Jenkins1-0/+4
2016-08-17Merge "Add cinder-backup service as role"Jenkins4-0/+5
2016-08-15Merge "Convert ServiceNetMap to a nested template"Jenkins1-3/+3
2016-08-12Remove NeutronEnableTunnelling from templatesBob Fournier3-2/+4
As described in https://bugs.launchpad.net/tripleo/+bug/1532830, the OVS agent no longer uses enable_tunneling, which is controlled by NeutronEnableTunnelling, so this change removes NeutronEnableTunnelling from the Heat templates. This change depends on NeutronEnableTunnelling also being removed from python-tripleoclient and puppet-neutron no longer using the enable_tunneling hieradata. Change-Id: I1ff6902ebd15041fc57ffff20a07455f171a004b Closes-Bug: 1532830 Depends-On: I28d33592374f60cb5222a866efaf9d137aca1c5a Depends-On: I73630653330c67444827f32740c44e9d25b5db31
2016-08-12Convert ServiceNetMap to a nested templateSteven Hardy1-3/+3
We introduce a new ServiceNetMap resource which enables some more flexible mappings between the services and their networks. Specifically this patch means: 1. ServiceNetMap no longer has to specify the entire list of all services, operators may if they wish, but a subset is now valid where you want to accept the defaults for some services (the defaults are now accessible via the ServiceNetMapDefaults parameter. 2. We can map some keys which don't fit a pattern that enables conversion from CamelCase to snake_case which is required for compatibility with the service_names in puppet/services* This should be backwards compatible, and in future when we remove internal dependency on the CamelCase names, we could also enable operators to specify e.g heat_api_network in ServiceNetMap which would be more consistent. Change-Id: Ib60198adf76bb69ffbafbfac739e356d153f6194 Partially-Implements: blueprint custom-roles
2016-08-12Decouple EndpointMap from SSL certificate paramsBen Nemec3-52/+113
Having the endpoint map in the same environment as the SSL certificate parameters means that every time a service is added to the overcloud, the user must remember to update their copy of enable-tls.yaml to reflect the new service. To avoid this, let's separate the SSL EndpointMap from the SSL certificates so users can simply pass the shipped list of SSL endpoints and only have to customize the certificate env file. As and added bonus, this means they won't have to put the certificates in enable-tls.yaml specifically. The parameters can be set anywhere, and will be used as long as one of the tls-endpoints envs is also specified. inject-trust-anchor.yaml is not changed, but it could already be used in the same fashion. The root certificate param could be set in any env passed after inject-trust-anchor.yaml, and then inject-trust-anchor.yaml would only be responsible for setting the appropriate resource_registry entry. This way there is no need to customize the in-tree inject-trust-anchor.yaml either. Change-Id: I38eabb903b8382e6577ccc97e21fbb9d09c382b3
2016-08-11Update Ironic composable servicesDmitry Tantsur1-0/+4
* Add service for configuring Nova compute with Ironic * Fix authentication in Ironic APU * Provide a separate environment file for enabling Ironic Change-Id: I211e6d91eacd238b04a1aa37528d5a91523407d9 Partially-Implements: blueprint ironic-integration
2016-08-11Convert EndpointMap to not require per-service VIP parametersSteven Hardy1-1/+0
Currently we have a hard-coded set of per-service parameters, which will cause problems for custom roles and full composability. As a first step towards making this more configurable, remove the hard-coded per-service parameters from overcloud.yaml, and adjust the EndpointMap generation to instead accept two mappings, the ServiceNetMap and a mapping of networks to IPs (effectively this just moves the map lookup inside the endpoint map instead of inside overcloud.yaml) Change-Id: Ib522e89c36eed2115a6586dd5a6770907d9b33db Partially-Implements: blueprint custom-roles
2016-08-10Add cinder-backup service as roleErno Kuvaja4-0/+5
Tempest tests for cinder contain backup tests that fail unless cinder-backup service is started. This patch facilitates the service start upon the overcloud deployment. Original patch converted to composable role. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Depends-On: Ib1dfe52b83ab01819fc669312967950e75d8ddf1 Change-Id: I9ca97b3f1c26aac6d81b3525377e1f5fb962313f
2016-08-10Merge "Retain existing ComputeHostnameFormat when upgrading older envs"Jenkins1-0/+2
2016-08-09Merge "Disable mistral services by default."Jenkins1-0/+4
2016-08-08Merge "Make deployed-server OS::Neutron::Port optional"Jenkins2-0/+5
2016-08-08Updates and fixes to NIC config template routesDan Sneddon1-12/+16
This change adds the ManagementInterfaceDefaultRoute parameter for setting the Management network as the default route in some deployments. Notes were added to indicate that if the Management network is used as the default gateway, then the default route on the control plane should be commented out. The sample network-environment.yaml was modified to include the ManagementInterfaceDefaultRoute, but this is commented out like the rest of the Management network parameters. This change also adds the ControlPlaneDefaultRoute and ExternalInterfaceDefaultRoute to all templates, so that if the networks are customized, the NIC configs can be modified without having to modify the parameters section of the template. The default for the ExternalInterfaceDefaultRoute is '10.0.0.1', and the default for ManagementInterfaceDefaultRoute is set to 'unset'. This change also converts the single-nic-linux-bridge-vlans from DHCP to static IPs on the Control Plane Interface, bringing these templates in line with the rest of the NIC config templates. The parameters needed to be updated in these templates as well. The controller-v6.yaml templates had a default value of "10.0.0.1" for the ExternalInterfaceDefaultRoute. This was confusing, and is now undefined. This change also sets a default gateway on the Control Plane in controller-no-external.yaml templates. Change-Id: I8ea6733fe46902e1baeff4ccfbcd42ecc5a1825f
2016-08-07Make deployed-server OS::Neutron::Port optionalDan Prince2-0/+5
This patch makes it possible to set OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None in your resource_registry and thereby avoid the creation of a neutron port for the deployed server. This is useful if you are bootstrapping things in an environment without Neutron. Also, includes a new deployed-server-noop-ctlplane.yaml environment file. Change-Id: I2990dc816698e0f6e3193a8fc7c9c6767c6e50e5
2016-08-06Add Sahara services to ControllerServices listSteven Hardy1-0/+2
https://review.openstack.org/#/c/318840/ decomposed the Sahara services but they weren't added to the ControllerServices list, thus are now disabled. Since we shipped mitaka with sahara enabled by default, we should probably add them so the behavior is consistent when folks upgrade. This also fixes a couple of issues we missed when landing the initial service templates (partly because CI didn't test them). In order for each service to operate independently when used with Pacemaker, the roles needed to be separated. This commit also does this. Depends-On: Id61eb15b1e2366f5b73c6e7d47941651e40651b1 Change-Id: I0846b328e9d938275e373d58f0b99219b19b326c Closes-Bug: #1592284 Co-Authored-By: Brad P. Crochet <brad@redhat.com>
2016-08-06Disable mistral services by default.Carlos Camacho1-0/+4
Optional services should be disabled by default in the overcloud nodes. This submission makes mistral disabled by default and allows to enable it base on an environment file. Depends-On: I942d419be951651e305d01460f394870c30a9878 Change-Id: I0dd245b75142834f71f3bd591b43c3f69d63217b
2016-08-05Merge "Add environment file to enable DVR"Jenkins1-0/+24
2016-08-05Disable the Mon/OSD/Client resources in puppet-ceph-externalGiulio Fidente1-1/+7
Change-Id: Iaa9dbf3545d5d001ad1d86b33df797880d922878 Closes-Bug: 1610258
2016-08-04Add environment file to enable DVRBrent Eagles1-0/+24
This patch adds support for conditionally enabling DVR by deploying the L3 and metadata agents on the compute node and setting the proper configuration values throughout. Implements: blueprint neutron-dvr-support Change-Id: I24099795e76ecd520c990ba49d3511288dec7a12
2016-08-04Next generation HA architecture workMichele Baldessari1-37/+0
This is the THT part that brings us the next generation architecture as described in the following spec: https://review.openstack.org/#/c/299628/ Blueprint: https://blueprints.launchpad.net/tripleo/+spec/ha-lightweight-architecture So far we tested deployment + tripleo.sh --overcloud-pingtest and failover + tripleo.sh --overcloud-pingtest Note that many of the Pacemaker template files become redundant with this change, but to simplify the process of getting this change landed, those templates will not be removed until a future commit. Depends-On: I5e7585c08675d8a4bd071523b94210d325d79b59 Change-Id: I00bccb2563c006f80baed623b64f1e17af20dd4e Implements: blueprint ha-lightweight-architecture Co-Author: cmsj@tenshu.net
2016-08-02Enable Manila integration - as a composable controller serviceRyan Hefner3-0/+31
Allows the installation and configuration of Manila. Supports the generic driver only. This has a dependency on the puppet-tripleo classes for manila where the puppet specific config now lives. The review at https://review.openstack.org/#/c/315658/ has been merge into this one, as of v68, so manila lands as a composable service. This was brought up on the mailing list at [1] [1] http://lists.openstack.org/pipermail/openstack-dev/2016-May/096126.html Co-Authored-By: Marios Andreou <marios@redhat.com> Implements: blueprint composable-services-within-roles Depends-On: I444916d60a67bf730bf4089323dba1c1429e2e71 Depends-On: I9eda4b3364e5c59342761a1ec71b0eb567c69cf1 Depends-On: I571b65a5402c1028418476a573ebeb9450ed00c9 Change-Id: I7acebac4354fca1f8d7ff6c343c1346bf29b81c6
2016-07-28Merge "Allow to manually disable post-puppet restarts"Jenkins2-0/+4
2016-07-27Create role for the fake openstack-core resourceGiulio Fidente1-0/+1
Change-Id: Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8 Depends-On: I16a786ce167c57848551c7245f4344c382c55b3d
2016-07-21Deploy Horizon with composable apache serviceEmilien Macchi1-0/+1
Deploy Horizon with composable apache service and don't include: ::tripleo::profile::pacemaker::apache Because it's already included in the profiles in puppet-tripleo. Change-Id: I5382d5cc95ba10805019142a9a223dbd4a4b8074 Depends-On: Id28c618133e53e28dfac7e3e9cf9f5f5a6b2421a
2016-07-19Merge "Add MysqlNoBracketsInternal to enable-tls.yaml"Jenkins1-0/+1
2016-07-18Merge "Missing CephClientKey parameter in puppet-ceph-devel and ↵Jenkins2-0/+3
storage-environment"
2016-07-18Add MysqlNoBracketsInternal to enable-tls.yamlJuan Antonio Osorio Robles1-0/+1
Change-Id: Ife466e6a8b8112777d4c0e845e31fa633da5e53d
2016-07-14Move MySQL Galera within composable servicesEmilien Macchi1-0/+1
This patch just moves the Puppet code into puppet-tripleo. A future iteration will be to move parameters within the service template. Closes-Bug: #1601853 Depends-On: I7ddae28a6affd55c5bffc15d72226a18c708850e Change-Id: I51a05dbf53f516b200c146b35529ce563ce9ac7b
2016-07-13Composable Pacemaker serviceEmilien Macchi1-0/+1
Deploy Pacemaker using composable services. Change-Id: I038514812af5a9f30260a81ea3366d46bee4ee4e Depends-On: I46215f82480854b5e04aef1ac1609dd99455181b Closes-Bug: #1601970
2016-07-12Merge "Gnocchi composable roles"Jenkins1-0/+4
2016-07-12Merge "Fix network-isolation.yaml to stop clobbering Management net"Jenkins1-11/+10
2016-07-12Merge "Composable OpenContrail compute plugin"Jenkins1-1/+1
2016-07-12Merge "Composable Plumgrid compute plugin"Jenkins1-1/+1