aboutsummaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2017-04-24Merge pre|post puppet resources into pre|post config.Carlos Camacho2-4/+4
The [Pre|Post]Puppet resources were renamed in https://review.openstack.org/#/c/365763. This was intended for having a pre/post deployment steps using an agnostic name instead of being attached to a technology. The renaming was unintentionally reverted in https://review.openstack.org/#/c/393644/ and https://review.openstack.org/#/c/434451. This submission merge both resources into one, and remove the old pre|post hooks. Closes-bug: #1669756 Change-Id: Ic9d97f172efd2db74255363679b60f1d2dc4e064
2017-04-22Merge "Increase documentation about parameters"Jenkins1-2/+30
2017-04-21Merge "containers: TLS in the internal network for telemetry services"Jenkins1-0/+8
2017-04-21Merge "SSHD Service extensions"Jenkins1-3/+3
2017-04-21Merge "Add environment to preselect only VIP IP addresses"Jenkins4-0/+52
2017-04-21Merge "Add NeutronDnsDomain heat option, undercloud fix"Jenkins1-0/+1
2017-04-19SSHD Service extensionsLuke Hinds1-3/+3
This change implements a MOTD message and provides a hash of sshd config options which are sourced to the puppet-ssh module as a hash. The SSHD puppet service is enabled by default, as it is required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293. Also added the service to the CI roles. Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e Depends-On: I1d09530d69e42c0c36311789166554a889e46556 Closes-Bug: #1668543 Co-Authored-By: Oliver Walsh <owalsh@redhat.com>
2017-04-19containers: TLS in the internal network for telemetry servicesJuan Antonio Osorio Robles1-0/+8
This covers aodh, gnocchi and panko. cp tls-via-certmonger-containers Change-Id: I6dabb0d82755c28b8940c0baab0e23cfcc587c42
2017-04-18Support for external swift proxyLuca Lorenzetto1-0/+12
Users may have an external swift proxy already available (i.e. radosgw from already existing ceph, or hardware appliance implementing swift proxy). With this change user may specify an environment file that registers the specified urls as endpoint for the object-store service. The internal swift proxy is left as unconfigured. Change-Id: I5e6f0a50f26d4296565f0433f720bfb40c5d2109 Depends-On: Ia568c3a5723d8bd8c2c37dbba094fc8a83b9d67e
2017-04-12Merge "Add composable role support for NetApp Cinder back end"Jenkins1-1/+1
2017-04-12Bind mount directories that contain the key/certs for keystoneJuan Antonio Osorio Robles1-0/+28
This is only done when TLS-everywhere is enabled, and depends on those directories being exclusive for services that run over httpd. Which is the commit this is on top of. Also, an environment file was added that's similar to environments/docker.yaml. The difference is that this one will contain the services that can run containerized with TLS-everywhere. This file will be updated as more services get support for this. bp tls-via-certmonger-containers Change-Id: I87bf59f2c33de6cf2d4ce0679a5e0e22bc24bf78
2017-04-11Merge "Replace references to the 192.0.2 network"Jenkins8-10/+13
2017-04-10Merge "Add BGPVPN services to scenario004"Jenkins1-1/+1
2017-04-10Add composable role support for NetApp Cinder back endAlan Bishop1-1/+1
Convert NetApp Cinder back end to support composable roles via new "CinderBackendNetApp" service. Closes-Bug: #1680568 Change-Id: Ia3a78a48c32997c9d3cbe1629c2043cfc5249e1c
2017-04-10Replace references to the 192.0.2 networkGiulio Fidente8-10/+13
Following change I1393d65ffb20b1396ff068def237418958ed3289 the ctlplane network will be 192.168.24 by default and not 192.0.2 anymore. This change removes old references left to 192.0.2 network from the overcloud templates. Change-Id: I1986721d339887741038b6cd050a46171a4d8022
2017-04-07Merge "Add Docker service to all roles"Jenkins1-0/+1
2017-04-07Add environment to preselect only VIP IP addressesDan Sneddon4-2/+54
This change adds two files which demonstrate manipulation of the VIP IP addresses without using an external load balancer. This allows the configuration of DNS, or allows for continuity when replacing an existing environment. The fixed IPs for the virtual IPs are set using the new parameters, and this change also adds a RedisVirtualFixedIPs parameter for setting the Redis VIP. Partial-Bug: https://bugs.launchpad.net/tripleo/+bug/1604946 Change-Id: I4e926f1c6b30d4009d24a307bc21e07e1731b387
2017-04-07Add Docker service to all rolesJiri Stransky1-0/+1
This will add the Docker service to all roles. Note that currently by default the Docker service is mapped to OS::Heat::None by default. It will only be deployed if environments/docker.yaml file is included in the deployment. Change-Id: I9d8348b7b6576b94c872781bc89fecb42075cde0 Related-Bug: #1680395
2017-04-07Add BGPVPN services to scenario004Carlos Camacho1-1/+1
This submission will enable the BGPVPN API on scenario004. This addition to scenario004 does not provide any sanity check for the Neutron API extension. At this stage is meant to install the required packages and prerequisites, configure the extension and having the services started correctly. In the README.rst file, this is displayed as neutron-bgpvpn, so for further integrations should be added as neutron-<extension_name> for an easier reading. Depends-On: I4d0617b0d7801426ea6827e70f5f31f10bbcc038 Depends-On: I2be0fab671ec1a804d029afc6dc27d19a193b064 Change-Id: I6c257417a9231c44e13535bc408d67d2a3cacbf8
2017-04-06Merge "Fixing acronym for BGPVPN composable service"Jenkins1-1/+1
2017-04-06Merge "Add trigger to setup a LDAP backend as keystone domaine"Jenkins1-0/+18
2017-04-06Merge "Adds service for managing securetty"Jenkins2-0/+13
2017-04-06Merge "Disable ceilometer API"Jenkins2-5/+6
2017-04-06Adds service for managing securettylhinds2-0/+13
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7 Partial-Bug: #1665042 Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
2017-04-06Add trigger to setup a LDAP backend as keystone domaineCyril Lopez1-0/+18
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo who will call a define in puppet-keysone ldap_backend.pp. Given the following environment: parameter_defaults: KeystoneLDAPDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. This also enables multi-domain support for horizon. Closes-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643 Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2017-04-05Merge "Add l2gw neutron service plugin support"Jenkins1-0/+20
2017-04-05Merge "Addition of firewall rules for Nuage"Jenkins1-1/+0
2017-04-05Fixing acronym for BGPVPN composable serviceRicardo Noriega1-1/+1
Change-Id: I397a6ad430cef5ddb4eee48347ad4c89144ad01e Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-04-04Increase documentation about parametersJuan Badia Payno1-2/+30
CollectdServer, CollectdServerPort, CollectdSecurityLevel, CollectdUsername, CollectdPassword Change-Id: I43a0aca6f620f2570bdfd88531e70611867337b0
2017-04-03Addition of firewall rules for Nuagelokesh-jain1-1/+0
Added VxLAN and metadata agent firewall rules to neutron-compute-plugin for Nuage. Removed a deprecated parameter 'OSControllerIp' as well. Change-Id: If10c300db48c66b9ebeaf74b5f5fee9132e75366
2017-04-03Remove not-working all-in-one upgrade environmentSteven Hardy1-2/+0
This won't work because we need to change the state of UpgradeLevelNovaCompute and EnableConfigPurge during the upgrade - it should have been removed before release, which was an oversight. Removing this now to avoid further confusion in future. Change-Id: I16853cdec6c8fe6ad54f17ae2ad1e0460f1574ea Closes-Bug: #1679214
2017-04-03Merge "Qpid dispatch router composable role"Jenkins1-0/+2
2017-04-03Disable ceilometer APIPradeep Kilambi2-5/+6
Ceilometer API has been deprecated since Ocata. lets disable it by default and add an env file to enable it if needed. Closes-bug: #1676968 Change-Id: I571f5467466c29271e0235e8fde6bdae07c20daf
2017-04-03Merge "Fixes port binding controller for OpenDaylight"Jenkins1-0/+1
2017-03-31Set auth flag so ceilometer auth is enabledPradeep Kilambi1-0/+3
Ceilometer Auth should be enabled even if ceilometer api is not. Lets decouple these, this flag will be used in puppet-tripleo where ceilometer::keystone::auth class is initialized. Change-Id: Iffebd40752eafb1d30b5962da8b5624fb9df7d48 Closes-bug: #1677354
2017-03-30Merge "Re-Add bigswitch agent support"Jenkins1-1/+12
2017-03-30Add l2gw neutron service plugin supportPeng Liu1-0/+20
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging two or more networks together to make them look at a single broadcast domain. This patch implements the l2gw neutron service plugin support part in t-h-t. Change-Id: I1b52dc2c11a15698e43b6deeac6cadeeba1802d5 Depends-On: I01a8afdc51b2a077be1bbc7855892f68756e1fd3 Partially-Implements: blueprint l2gw-service-integration Signed-off-by: Peng Liu <pliu@redhat.com>
2017-03-30Merge "Do not install openstack-heat-agents"Jenkins1-1/+0
2017-03-30Do not install openstack-heat-agentsSteve Baker1-1/+0
Installing openstack-heat-agents is unnecessary since it has the same effect as installing python-heat-agent-* which happens on the next line. Installing openstack-heat-agents is causing issues when mixing ocata and master repos, since there hasn't been a release on master since ocata was branched. Change-Id: I1a75e16810b6a89cf1dd9ff4f4b3b5dccfc0466e Closes-Bug: #1677278
2017-03-29Add NeutronDnsDomain heat option, undercloud fixDan Prince1-0/+1
We set dns_domain to '' in the undercloud neutron. This patch adds a new heat parameter to control the Neutron DNS setting and sets the undercloud environment default correctly for this setting. Change-Id: I794e7b88108d0d6286e5930bb5236e72ba806c3f
2017-03-29Qpid dispatch router composable roleJohn Eckersberg1-0/+2
Note: since it replaces rabbitmq, in order to aim for the smallest amount of changes the service_name is called 'rabbitmq' so all the other services do not need additional logic to use qdr. Depends-On: Idecbbabdd4f06a37ff0cfb34dc23732b1176a608 Change-Id: I27f01d2570fa32de91ffe1991dc873cdf2293dbc
2017-03-28Allow to configure policy.json for OpenStack projectsEmilien Macchi1-0/+10
For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
2017-03-28Merge "Only set EnableConfigPurge on major upgrades"Jenkins4-0/+4
2017-03-28Merge "MySQL: Use conditional instead of nested stack for TLS-specific bits"Jenkins1-1/+0
2017-03-28Merge "Apache: Use conditional instead of nested stack for TLS-specific bits"Jenkins1-1/+0
2017-03-28Merge "Rabbitmq: Use conditional instead of nested stack for TLS-specific bits"Jenkins1-1/+0
2017-03-28Merge "Nic config mappings for deployed-server"Jenkins2-4/+11
2017-03-27Fixes port binding controller for OpenDaylightTim Rozet1-0/+1
In Ocata and later, the port binding controller for ODL was changed by default to be the pseudo agent controller, which requires a new feature "host config" for OVS. This patch modifies the default to use network-topology, which will work without any new host config features implemented (previous way of port binding). Closes-Bug: 1675211 Depends-On: I5004fdeb238dea81bc4f7e9437843a8a080d5b46 Change-Id: I6a6969d1d6b8d8b8ac31fecd57af85eb653245d2 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-27MySQL: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ib7151d67982957369f7c139a3b01274a1a746c4a
2017-03-27Apache: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ia7ee632383542ac012c20448ff1b4435004e57e3