aboutsummaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2016-12-19Run upgrade steps before post-deploy configSteven Hardy1-0/+8
For some upgrade scenarios, e.g all-in-one deployments, it may be possible to run the upgrade steps, then apply puppet in one stack update, so reverse the order here. For normal deployments the upgrade steps are mapped to OS::Heat::None so this will have no effect. Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I3c78751349a6ac2bc5dff82f67bffe13750ac21c
2016-12-19Split OVN northd and ml2 pluginSteven Hardy1-1/+2
This allows us to take advantage of the composable roles hiera settings to connect the plugin to the northd/ovndb API without needing to hard-code the IP of the node running the service. Change-Id: I2508d48f81c1819ae3521fff271c0bdc50724604 Depends-On: I9af7bd837c340c3df016fc7ad4238b2941ba7a95 Closes-Bug: #1634171
2016-12-17Add "deployed server" fake neutron portsDan Prince2-3/+2
This patch swaps out the noop ctlplane port for a more proper fake neutron port stack. This stack is a swap in for the OS::Neutron::Port heat resource and can be controlled via the DeployedServerPortMap parameter. By relying on <hostname>-<network> naming conventions in the map we can map IPs to specific servers without using the Neutron API. This will allow us to inject IP information into the Heat stack within the new t-h-t undercloud installer which currently does not run a Neutron service. Change-Id: I29fbc720c3d582cbb94385e65e4b64b101f7eac9
2016-12-13Use OS::Heat::DeployedServerJames Slagle1-1/+0
The new DeployedServer resource in Heat will provide a native resource for Server resources that are not orchestrated via Nova. This will allow associating SoftwareDeployment's with servers that have not been launched with Nova with Heat directly. With the new resource, all of the SoftwareConfigTransport methods are available, including POLL_TEMP_URL. This patch also updates the get-occ-config.sh script to configure the requests collector in os-collect-config.conf on the deployed servers. Change-Id: I4b80421088acca709fe3f92741c5c052be483131 Partially-implements: blueprint split-stack-software-configuration Depends-On: I07b9a053ecd3ef4411b602bbc6ef985224834cf8
2016-12-12neutron: don't set external_network_bridge option by defaultIhar Hrachyshka8-40/+0
It's deprecated, to be removed in Ocata, and it's discouraged to set it to anything but the default value ('') that means that routers are not plugged directly into br-ex, but allows l2 agent to do the wiring. There are known issues with setting it to br-ex (like wrong port statuses): If533cf7c4c379be78f5a15073accaff7f65973ab The only caveat to setting it to the default ('') value is that in that case l2 agent should be configured with bridge mapping for physical networks. Since we already configure bridge_mappings for the agent, we should be safe to unset the option. Now that it's the default, there is no reason to override it in example environments. This patch also changes the description for the parameter to make it more clear that users are not expected to set it unless they know what they are doing. Also, moved the parameter into deprecated section to make it even more clear it's not something to touch in new deployments. Change-Id: Iade7fbaf92c8c601227f4456a15ea3f13a907ee2 Related-Bug: #1563070
2016-12-07Enable haproxy internal TLS through enable-internal-tls.yamlJuan Antonio Osorio Robles1-0/+1
For usability and to reduce the number of environments that need to be given when enabling TLS in the internal network, it's convenient to add the enabling of TLS in the internal front-ends for HAProxy, instead of doing that in a separate environment file. bp tls-via-certmonger Change-Id: Icef0c70b4b166ce2108315d5cf0763d4e8585ae1
2016-12-02Merge "Composable Zaqar services"Jenkins4-0/+20
2016-12-01Initial support for composable upgrades with Heat+AnsibleSteven Hardy1-0/+3
This shows how we could wire in the upgrade steps using Ansible as was previously proposed e.g in https://review.openstack.org/#/c/321416/ but it's more closely integrated with the new composable services architecture. It's also very similar to the approach taken by SpinalStack where ansible snippets per-service were combined then run in a series of steps using Ansible tags. This patch just enables upgrade of keystone - we'll add support for other patches in subsequent patches. Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I39f5426cb9da0b40bec4a7a3a4a353f69319bdf9
2016-11-30Merge "Add Neutron network type and VLAN ranges to network-environment.yaml"Jenkins1-0/+5
2016-11-29Merge "Revert "Set NeutronL3HA to false when deploying DVR""Jenkins1-8/+0
2016-11-29Merge "Stop using puppet to configure VIPs in /etc/hosts"Jenkins2-4/+3
2016-11-28Merge "Enable TLS in the internal networkf or Mysql"Jenkins1-0/+1
2016-11-28Revert "Set NeutronL3HA to false when deploying DVR"John Schwarz1-8/+0
DVR+HA routers are officially supported, so this patch can be reverted. This reverts commit ce39dbac56123354576d2c31674e1b18535b0111. Conflicts: environments/neutron-ovs-dvr.yaml Change-Id: Ifeceb0c3ba01e81403903401ebfe69b9e9d7d2f2
2016-11-27Stop using puppet to configure VIPs in /etc/hostsDan Prince2-4/+3
This patch drops use of the vip-hosts.yaml service which can cause issues during deployment because puppet 'hosts' resources overwrite the data in /etc/hosts. The only reason things seem to work at all at the moment is because our hosts element in t-i-e runs on each os-refresh-config iteration and re-adds the dropped hosts entries. To work around the issue we add a conditional which selectively adds the extra hosts entries only if the AddVipsToEtcHosts is set to true. Closes-bug: 1645123 Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
2016-11-25Provide full list of services for Compute role in HCI scenarioGiulio Fidente1-4/+22
Until bug #1635409 is fixed, we can provide the full list of services needed on the Compute role, plus CephOSD, in the hyperconverged-ceph environment file, preserving the user experience. Change-Id: I42409bc098c740759b378969526e13efaf002d3c Related-Bug: #1635409
2016-11-25Enable TLS in the internal networkf or MysqlJuan Antonio Osorio Robles1-0/+1
This adds the necessary hieradata for enabling TLS for MySQL (which happens to run on the internal network). It also adds a template so this can be done via certmonger. As with other services, this will fill the necessary specs for the certificate to be requested in a hash that will be consumed in puppet-tripleo. Note that this only enables that we can now use TLS, however, we still need to configure the services (or limit the users the services use) to only connect via SSL. But that will be done in another patch, as there is some things that need to land before we can do this (changes in puppetlabs-mysql and puppet-openstacklib). Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118 Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
2016-11-24Merge "Increase reserved memory for computes when enabling DVR"Jenkins1-0/+13
2016-11-24Disable Neutron agents with OVN.Joe Talerico1-0/+3
OVN natively implements services that are provided by Neutron agents. This patch disables the Neutron DHCP agent as well as the OVS agent for compute nodes. Closes-bug: 1634580 Change-Id: I70631c2facbbf08257868e26e14af942ad7f2893
2016-11-24Merge "Add panko api support to service templates"Jenkins4-0/+11
2016-11-23Merge "Fix resource_registry path in enable-internal-tls"Jenkins1-1/+1
2016-11-22Fix resource_registry path in enable-internal-tlsJuan Antonio Osorio Robles1-1/+1
It had a wrong path and thus crashed when one tried to use it. Change-Id: Ida4f899c76cce6e819d7e0effaf038f699763bee Closes-Bug: #1643863
2016-11-22Containerized Services for Composable RolesIan Main1-9/+22
This change modifies the template interface to support containers and converts the compute services to composable roles. Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Steve Baker <sbaker@redhat.com> Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b
2016-11-21Modify external loadbalancer environments to use new FixedIPsDan Sneddon2-26/+14
This change modifes the environment files external_loadbalancer_vip.yaml and external_loadbalancer_vip_v6.yaml to take advantage of the new mechanism for setting FixedIPs for each VIP. The previous mechanism was used to set the VIP addresses directly, but each VIP now contains a FixedIPs parameter which sets the IP for the VIP when it is created. The advantage of the new mechanism is that we no longer have to set each VIP to noop.yaml in the resource registry, since vip.yaml can now handle both automatic and fixed IP selection. Change-Id: I6e66ea6041fe7357c01b8f79f04e2533579206dc
2016-11-18Disable keepalived for HA deployments via t-h-tSteven Hardy1-0/+3
Currently this is disabled via a conditional in the keepalived profile in puppet-tripleo, but this will be incompatible with the planned composable upgrades implementation. Instead we should disable the service template by mapping to OS::Heat::None, and ensure the haproxy manifest uses the t-h-t generated hiera value keepalived_enabled instead of hard-coding a hiera override in the haproxy template. Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef Partial-Bug: #1642936 Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
2016-11-17Add panko api support to service templatesPradeep Kilambi4-0/+11
This integrates panko service api into tripleo heat templates. By default, we will disable this service, an environment service file is included to enable if needed. Depends-On: I35f283bdf8dd0ed979c65633724f0464695130a4 Change-Id: I07da3030c6dc69cce7327b54091da15a0c58798e
2016-11-14Composable Zaqar servicesBrad P. Crochet4-0/+20
Adds new puppet and puppet pacemaker specific services for Zaqar. The Pacemaker templates extend the default Zaqar services and swap in the Pacemaker specific puppet-tripleo profile instead. Change-Id: Ia5ca4fe317339dd05b0fa3d5abebca6ca5066bce Depends-On: Ie215289a7be681a2b1aa5495d3f965c005d62f52 Depends-On: I0b077e85ba5fcd9fdfd33956cf33ce2403fcb088 Implements: blueprint composable-services-within-roles
2016-11-11Merge "Increasing neutron timeout for low memory usage"Jenkins1-0/+3
2016-11-11Merge "Fix inconsistent Manila service naming"Jenkins3-12/+12
2016-11-11Increasing neutron timeout for low memory usageArx Cruz1-0/+3
We are noticing several tests failing in our low memory environment because of timeout in neutron requests. As an example the test tempest.api.compute.servers.test_server_actions.ServerActionsTestJSON fails because it requests to plug a vif, and send request to neutron, which responds in more than neutron_url_timeout, and since the option vif_plugging_is_fatal is set to True as default, the test fails. Shortly thereafter, checking in neutron log you can see the request, returning with the proper status, after more than neutron_url_timeout, however, it's already too late once nova already marked the instance with error status, and so the test fails. Closes-Bug: #1641135 Change-Id: If0991c114f199490ac0deb71eb569a42d4711359
2016-11-11Increase reserved memory for computes when enabling DVRBrent Eagles1-0/+13
This patch adds an example increased value for NovaReservedHostMemory and some documentation around tuning this value when DVR is enabled. Closes-Bug: #1630583 Change-Id: I2718d72d307a1c90061606e5f36c96f964cd2fb5
2016-11-10Fix inconsistent Manila service namingSteven Hardy3-12/+12
The capitalization of OS::Tripleo is wrong compared to all other services so correct this for avoidance of confusion when folks write custom roles_data files or pass custom service lists via *Services parameters. Change-Id: Ib73c80871b45586edb5774e90280ff89fc0d9895 Closes-Bug: 1640871
2016-11-07Add missing Barbican endpoint from tls-everywhere environmentJuan Antonio Osorio Robles1-0/+3
Change-Id: Ibabf09a8b6f35c9b086efeffcf7db89ab8d6b63b
2016-11-04Merge "Updated Nuage neutron plugin name"Jenkins1-1/+1
2016-11-01Add Neutron network type and VLAN ranges to network-environment.yamlDan Sneddon1-0/+5
The command-line options for Neutron network settings have been deprecated in favor of setting parameter defaults in environment files. This update includes the most common settings which were previously set using CLI options in the sample network-environment.yaml. This should also make it possible to deploy in virtual environments without editing any files, since the network-environment.yaml will include sane defaults. Change-Id: Ieae59dfec287b9e5424a2e560de9f7b1bd598536
2016-11-01Merge "Add Barbican to the overcloud"Jenkins3-0/+10
2016-11-01Merge "Re-add NFS backend for Glance"Jenkins1-11/+11
2016-10-31Updated Nuage neutron plugin namelokesh-jain1-1/+1
Updated plugin name for configuring Nuage. Nuage plugin name changed after Liberty release and needs to be updated at all instances. Updated neutron-nuage-config.yaml file to reflect the change. Change-Id: I7cce9a07b909ab59bf249439eec0833afce5cca6 Closes-Bug: #1635033
2016-10-21Merge "Composable Mistral services"Jenkins3-0/+9
2016-10-21Merge "Prefill Sensu client custom config"Jenkins1-25/+11
2016-10-21Merge "Add missing Ceph endpoints from tls-everywhere environment"Jenkins1-0/+3
2016-10-21Re-add NFS backend for GlanceJiri Stransky1-11/+11
We lost ability to store Glance images in NFS mounts as we moved to NG HA architecture. This patch re-adds that ability, but the parameter interface changes because the semantics change as well. (Pacemaker allowed for different mounts than just NFS so the parameters were more generic, although we only ever tested and documented NFS usage.) Change-Id: Ic5197e09846bbf75d780dcc74da1717dcf8301d0 Related-Bug: #1635606
2016-10-21Merge "Removes EnableODL heat parameter and fixes missing local_ip param"Jenkins2-2/+0
2016-10-21Composable Mistral servicesBrad P. Crochet3-0/+9
Adds new puppet specific services for Mistral API and Mistral Engine. This submission enables the mistral service by default in the overcloud, a following submission will disable it and make it optional by enabling it on demand based in an environment file. Depends-On: Iae42ffa37c4c9b1e070b7c3753e04c45bb97703f Depends-On: I942d419be951651e305d01460f394870c30a9878 Depends-On: I6cb2cbf4a2abf494668d24b8c36b0d525643f0af Implements: blueprint composable-services-within-roles Co-Authored-By: Carlos Camacho <ccamacho@redhat.com> Change-Id: Id5ff9cb498b5a47af38413d211ff0ed6ccd0015b
2016-10-21Merge "Generate internal TLS hieradata for apache services"Jenkins1-0/+4
2016-10-21Add missing Ceph endpoints from tls-everywhere environmentJuan Antonio Osorio Robles1-0/+3
Change-Id: Ib945e570556e8e10e5bb07faa57270958c9eda99
2016-10-20Generate internal TLS hieradata for apache servicesJuan Antonio Osorio Robles1-0/+4
This adds an environment file that can be used to enable TLS in the internal endpoints via certmonger if used. This will include a nested stack that will create the hash that will be used to create the certmonger certificates. When setting up a service over apache via puppet, we used to disable explicitly ssl (which sets modd_ssl-related fields for that vhost). We now make this depend on the EnableInternalTLS flag. This has only been done for keystone, but more services will be added as the puppet code lands bp tls-via-certmonger Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039 Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c
2016-10-19Add Barbican to the overcloudAde Lee3-0/+10
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: If2804b469eb3ee08f3f194c7dd3290d23a245a7a Depends-On: I091ecfbcb2e38fe77203244ac7a597aedcb558fb Change-Id: Iacc504fc4fa2d06893917024ce2340d3fb80b626
2016-10-17Removes EnableODL heat parameter and fixes missing local_ip paramTim Rozet2-2/+0
EnableOpenDaylightOnController was not very composable. Removing this parameter to make the service truly composable. Also fixes missing local_ip setting for OVS, required for VXLAN or GRE tenant networks. Closes-Bug: 1633625 Depends-On: Ia55c05e12d5d434111a13e1ed795da530e3ff4a5 Change-Id: I0e07e1631793311334d1436ee8fdf9af2802ba70 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-15Disables Neutron ML2 config on Compute for OpenDaylightTim Rozet2-0/+2
This is not needed with ODL and actually triggers deployments to fail due to missing ODL username/password info on compute nodes. Depends-On: Ifd906db4e6062ac271c2147fe1149b1009d06ae2 Closes-Bug: 1633630 Change-Id: Ib88e8ef91c393d30c44b86a932103f5a294bc547 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-13Merge "Add flag for internal TLS"Jenkins1-0/+2