aboutsummaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2016-11-25Enable TLS in the internal networkf or MysqlJuan Antonio Osorio Robles1-0/+1
This adds the necessary hieradata for enabling TLS for MySQL (which happens to run on the internal network). It also adds a template so this can be done via certmonger. As with other services, this will fill the necessary specs for the certificate to be requested in a hash that will be consumed in puppet-tripleo. Note that this only enables that we can now use TLS, however, we still need to configure the services (or limit the users the services use) to only connect via SSL. But that will be done in another patch, as there is some things that need to land before we can do this (changes in puppetlabs-mysql and puppet-openstacklib). Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118 Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
2016-11-24Merge "Increase reserved memory for computes when enabling DVR"Jenkins1-0/+13
2016-11-24Disable Neutron agents with OVN.Joe Talerico1-0/+3
OVN natively implements services that are provided by Neutron agents. This patch disables the Neutron DHCP agent as well as the OVS agent for compute nodes. Closes-bug: 1634580 Change-Id: I70631c2facbbf08257868e26e14af942ad7f2893
2016-11-24Merge "Add panko api support to service templates"Jenkins4-0/+11
2016-11-23Merge "Fix resource_registry path in enable-internal-tls"Jenkins1-1/+1
2016-11-22Fix resource_registry path in enable-internal-tlsJuan Antonio Osorio Robles1-1/+1
It had a wrong path and thus crashed when one tried to use it. Change-Id: Ida4f899c76cce6e819d7e0effaf038f699763bee Closes-Bug: #1643863
2016-11-22Containerized Services for Composable RolesIan Main1-9/+22
This change modifies the template interface to support containers and converts the compute services to composable roles. Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Flavio Percoco <flavio@redhat.com> Co-Authored-By: Martin André <m.andre@redhat.com> Co-Authored-By: Steve Baker <sbaker@redhat.com> Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b
2016-11-18Disable keepalived for HA deployments via t-h-tSteven Hardy1-0/+3
Currently this is disabled via a conditional in the keepalived profile in puppet-tripleo, but this will be incompatible with the planned composable upgrades implementation. Instead we should disable the service template by mapping to OS::Heat::None, and ensure the haproxy manifest uses the t-h-t generated hiera value keepalived_enabled instead of hard-coding a hiera override in the haproxy template. Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef Partial-Bug: #1642936 Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
2016-11-17Add panko api support to service templatesPradeep Kilambi4-0/+11
This integrates panko service api into tripleo heat templates. By default, we will disable this service, an environment service file is included to enable if needed. Depends-On: I35f283bdf8dd0ed979c65633724f0464695130a4 Change-Id: I07da3030c6dc69cce7327b54091da15a0c58798e
2016-11-11Merge "Increasing neutron timeout for low memory usage"Jenkins1-0/+3
2016-11-11Merge "Fix inconsistent Manila service naming"Jenkins3-12/+12
2016-11-11Increasing neutron timeout for low memory usageArx Cruz1-0/+3
We are noticing several tests failing in our low memory environment because of timeout in neutron requests. As an example the test tempest.api.compute.servers.test_server_actions.ServerActionsTestJSON fails because it requests to plug a vif, and send request to neutron, which responds in more than neutron_url_timeout, and since the option vif_plugging_is_fatal is set to True as default, the test fails. Shortly thereafter, checking in neutron log you can see the request, returning with the proper status, after more than neutron_url_timeout, however, it's already too late once nova already marked the instance with error status, and so the test fails. Closes-Bug: #1641135 Change-Id: If0991c114f199490ac0deb71eb569a42d4711359
2016-11-11Increase reserved memory for computes when enabling DVRBrent Eagles1-0/+13
This patch adds an example increased value for NovaReservedHostMemory and some documentation around tuning this value when DVR is enabled. Closes-Bug: #1630583 Change-Id: I2718d72d307a1c90061606e5f36c96f964cd2fb5
2016-11-10Fix inconsistent Manila service namingSteven Hardy3-12/+12
The capitalization of OS::Tripleo is wrong compared to all other services so correct this for avoidance of confusion when folks write custom roles_data files or pass custom service lists via *Services parameters. Change-Id: Ib73c80871b45586edb5774e90280ff89fc0d9895 Closes-Bug: 1640871
2016-11-07Add missing Barbican endpoint from tls-everywhere environmentJuan Antonio Osorio Robles1-0/+3
Change-Id: Ibabf09a8b6f35c9b086efeffcf7db89ab8d6b63b
2016-11-04Merge "Updated Nuage neutron plugin name"Jenkins1-1/+1
2016-11-01Merge "Add Barbican to the overcloud"Jenkins3-0/+10
2016-11-01Merge "Re-add NFS backend for Glance"Jenkins1-11/+11
2016-10-31Updated Nuage neutron plugin namelokesh-jain1-1/+1
Updated plugin name for configuring Nuage. Nuage plugin name changed after Liberty release and needs to be updated at all instances. Updated neutron-nuage-config.yaml file to reflect the change. Change-Id: I7cce9a07b909ab59bf249439eec0833afce5cca6 Closes-Bug: #1635033
2016-10-21Merge "Composable Mistral services"Jenkins3-0/+9
2016-10-21Merge "Prefill Sensu client custom config"Jenkins1-25/+11
2016-10-21Merge "Add missing Ceph endpoints from tls-everywhere environment"Jenkins1-0/+3
2016-10-21Re-add NFS backend for GlanceJiri Stransky1-11/+11
We lost ability to store Glance images in NFS mounts as we moved to NG HA architecture. This patch re-adds that ability, but the parameter interface changes because the semantics change as well. (Pacemaker allowed for different mounts than just NFS so the parameters were more generic, although we only ever tested and documented NFS usage.) Change-Id: Ic5197e09846bbf75d780dcc74da1717dcf8301d0 Related-Bug: #1635606
2016-10-21Merge "Removes EnableODL heat parameter and fixes missing local_ip param"Jenkins2-2/+0
2016-10-21Composable Mistral servicesBrad P. Crochet3-0/+9
Adds new puppet specific services for Mistral API and Mistral Engine. This submission enables the mistral service by default in the overcloud, a following submission will disable it and make it optional by enabling it on demand based in an environment file. Depends-On: Iae42ffa37c4c9b1e070b7c3753e04c45bb97703f Depends-On: I942d419be951651e305d01460f394870c30a9878 Depends-On: I6cb2cbf4a2abf494668d24b8c36b0d525643f0af Implements: blueprint composable-services-within-roles Co-Authored-By: Carlos Camacho <ccamacho@redhat.com> Change-Id: Id5ff9cb498b5a47af38413d211ff0ed6ccd0015b
2016-10-21Merge "Generate internal TLS hieradata for apache services"Jenkins1-0/+4
2016-10-21Add missing Ceph endpoints from tls-everywhere environmentJuan Antonio Osorio Robles1-0/+3
Change-Id: Ib945e570556e8e10e5bb07faa57270958c9eda99
2016-10-20Generate internal TLS hieradata for apache servicesJuan Antonio Osorio Robles1-0/+4
This adds an environment file that can be used to enable TLS in the internal endpoints via certmonger if used. This will include a nested stack that will create the hash that will be used to create the certmonger certificates. When setting up a service over apache via puppet, we used to disable explicitly ssl (which sets modd_ssl-related fields for that vhost). We now make this depend on the EnableInternalTLS flag. This has only been done for keystone, but more services will be added as the puppet code lands bp tls-via-certmonger Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039 Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c
2016-10-19Add Barbican to the overcloudAde Lee3-0/+10
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: If2804b469eb3ee08f3f194c7dd3290d23a245a7a Depends-On: I091ecfbcb2e38fe77203244ac7a597aedcb558fb Change-Id: Iacc504fc4fa2d06893917024ce2340d3fb80b626
2016-10-17Removes EnableODL heat parameter and fixes missing local_ip paramTim Rozet2-2/+0
EnableOpenDaylightOnController was not very composable. Removing this parameter to make the service truly composable. Also fixes missing local_ip setting for OVS, required for VXLAN or GRE tenant networks. Closes-Bug: 1633625 Depends-On: Ia55c05e12d5d434111a13e1ed795da530e3ff4a5 Change-Id: I0e07e1631793311334d1436ee8fdf9af2802ba70 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-15Disables Neutron ML2 config on Compute for OpenDaylightTim Rozet2-0/+2
This is not needed with ODL and actually triggers deployments to fail due to missing ODL username/password info on compute nodes. Depends-On: Ifd906db4e6062ac271c2147fe1149b1009d06ae2 Closes-Bug: 1633630 Change-Id: Ib88e8ef91c393d30c44b86a932103f5a294bc547 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-13Merge "Add flag for internal TLS"Jenkins1-0/+2
2016-10-13Merge "Add HAProxy TLS handled by certmonger as composable service"Jenkins3-0/+60
2016-10-13Prefill Sensu client custom configMartin Mágr1-25/+11
- Custom config has to contain OpenStack auth information, so it has to be generated for user during deployment. This patch maintains the ability to provide a custom configuration for the Sensu client. Change-Id: If449642c4bbad683421e1f461b8721e655db0c45
2016-10-10Merge "Remove unneeded *_enable_backend hiera from Manila backends"Jenkins3-3/+0
2016-10-07Add new environment for debugWes Hayutin1-0/+5
Introduce a new environment template that enables the Debug parameter. By default the value is set to "true". Change-Id: Ieac59de42ffef6afa5d8f10ef1925c32c7dc8551
2016-10-07Merge "Renames OpenDaylight to OpenDaylightApi and splits out OVS configuration"Jenkins2-2/+2
2016-10-07Remove unneeded *_enable_backend hiera from Manila backendsGiulio Fidente3-3/+0
Depends-On: I04e28a95e8d69a24cd3df109bf1802bfcbd941db Change-Id: I4ada033155e5fde0add08ec9aa8f6af7c31d53f3
2016-10-07Merge "Ceilometer Wsgi Mitaka->Newton upgrades"Jenkins1-0/+7
2016-10-07Ceilometer Wsgi Mitaka->Newton upgradesPradeep Kilambi1-0/+7
In Newton, ceilometer api is changed to run under apache wsgi instead of eventlet. This will require upgrades for mitaka deployments to switch to wsgi. Closes-Bug: 1631297 Change-Id: If9d6987cd0a8fc5d3f9de518ba422d97d5149732
2016-10-06Re-enable ManageFirewall by default.Dan Prince1-2/+0
This default setting got lots in the composable roles/services patches. Re-enable the ManageFirewall setting by default per what we did in git commit 73c76b867ddc8a23a30b9a3cac4031189d4178c6. We also fix a typo in neutron-api.yaml so that the firewall rules matches to service_name. (otherwise it won't get loaded). Also, drops the environments/manage-firewall.yaml which is no longer needed if we enable firewall management by default. Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b Closes-bug: 1629934
2016-10-06Merge "Set proper ceph config path for manila"Jenkins1-1/+1
2016-10-05Set proper ceph config path for manilaTom Barron1-1/+1
When deploying manila with cephfs backend, /etc/manila/manila.conf should define cephfs_conf_path = /etc/ceph/ceph.conf in the cephfs native backend since this is the conventional path that ceph operators expect and since we document that path upstream. Change-Id: I4abf5c33b675b1102413a84d64f4ce23b07b4485 Closes-Bug: 1630777
2016-10-05Merge "Adds Environment File for Removing Sahara during M/N upgrade"Jenkins2-0/+10
2016-10-05Renames OpenDaylight to OpenDaylightApi and splits out OVS configurationTim Rozet2-2/+2
This patch modifies the service name to be more appropriately called "OpenDaylightApi" along side the "OpenDaylightOvs" service used to configure OpenVSwitch. It also splits out the OVS configuration for controller nodes into the composable OpenDaylightOvs service. Related-Bug: #1629408 Change-Id: I15221401acdfb2a9ef81107b54a8005348f8372f Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-05Merge "Fixing resources path in OpenDaylight"Jenkins2-4/+4
2016-10-05Adds Environment File for Removing Sahara during M/N upgrademarios2-0/+10
The default path if the operator does nothing is to keep the sahara services on mitaka to newton upgrades. If the operator wishes to remove sahara services then they need to specify the provided major-upgrade-remove-sahara.yaml environment file in the stack upgrade commands. The existing migration to ha arch already removes the constraints and pcs resource for sahara api/engine so we just need to stop it from starting again if we want to remove it. This adds a KeepSaharaServiceOnUpgrade parameter to determine if Sahara is disabled from starting up after the controllers are upgraded (defaults true). Finally it is worth noting that we default the sahara services as 'on' during converge here in the resource_registry of the converge environment file; any subsequent stack updates where the deployment contains sahara services will need to include the -e /environments/services/sahara.yaml environment file. Related-Bug: 1630247 Change-Id: I59536cae3260e3df52589289b4f63e9ea0129407
2016-10-04Merge "Use netapp_host_type instead of netapp_eseries_host_type"Jenkins1-1/+1
2016-10-03Merge "Fixed NoneType issue when monitoring-environment.yaml"Jenkins1-1/+1
2016-09-30Fixed NoneType issue when monitoring-environment.yamlJuan Badia Payno1-1/+1
When you tried to use the environemnt/monitoring-environment.yaml as a part of the deployment on the overcloud you hit the following error and it stops the deploy of the overcloud. *** Deploying templates in the directory /home/stack/tripleo-heat-templates 'NoneType' object does not support item assignment *** Closes-Bug: #1629323 Change-Id: I8cf2e7d8f3a4e79cc71a1566ec17d0a977c38d60 Signed-off-by: Juan Badia Payno <jbadiapa@redhat.com>