aboutsummaryrefslogtreecommitdiffstats
path: root/environments
AgeCommit message (Collapse)AuthorFilesLines
2017-01-16Remove Glance Registry serviceEmilien Macchi3-3/+0
Glance registry is not required for the v2 of the API and there are plans to deprecate it in the glance community. Let's remove v1 support since it has been deprecated for a while in Glance. Depends-On: I77db1e1789fba0fb8ac014d6d1f8f5a8ae98ae84 Co-Authored: Flavio Percoco <flaper87@gmail.com> Change-Id: I0cd722e8c5a43fd19336e23a7fada71c257a8e2d
2017-01-16Deployed server bootstrap via HeatJames Slagle2-0/+8
Adds an environment file, template, and script that can be used to do initial bootstrapping of deployed servers during NodeExtraConfig. It is meant to install and configure the initial dependencies needed to apply the rest of the OpenStack configuration via Heat. Enabling yum repos and installing the initial python-heat-agent package would still have to be manual steps when using this environment. But the goal is to keep those manual steps to a minimum and automate as much as possible in deployed-server-bootstrap.sh. Along with setting EnablePackageInstall: True, this could eventually replace bootstrap-overcloud-full.sh from tripleo-ci. Partially-implements: blueprint split-stack-software-configuration Change-Id: I6be94604a46382e6288df1b36b9de8fab58696cc
2017-01-16Fix for AllNodesExtraConfig and fix environment files to create swap ↵Carlos Camacho2-0/+6
files/partitions This submission: - Fix an error in the AllNodesExtraConfig resource. (Can't merge servers multiple times). - Add environment files to deploy swap file/partition without manual edit over the templates. - If a swap partition is mounted without having it available the deployment will fail, the fix checks that if the partition is not created then the deployment continues. - Removing empty extra lines in swap templates. - Adjust description and remove unnecessary comments in swap templates. Closes-Bug: 1652184 Change-Id: I828bbbbd4c178956aac74af49f80fcd4f62fa16b
2017-01-16Merge "Add deployed-server backwards compatible template"Jenkins2-0/+5
2017-01-13Removes deprecated neutron-opendaylight-l3 env fileTim Rozet1-14/+0
Somehow missed deleting this in previous patch. This file should be removed as only neutron-opendaylight.yaml env file should be used. Related-Bug: 1654586 Change-Id: Ibd56b032b86170fed947d8030cb0bd443581ee87 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-01-13HPELeftHandISCSIDriver support for Cinderchinthagovardhan1-0/+13
Cinder configuration with HPELeftHandISCSIDriver for VSA storage Change-Id: Iaefbf38522069f6c636130e357f19a7fb7d54fe4
2017-01-13Merge "Add THT for networking-fujitsu"Jenkins1-0/+21
2017-01-11Merge "Removes deprecated OpenDaylight L2 only deployments"Jenkins1-1/+3
2017-01-11Merge "Add support for the deployment of Ceph MDS"Jenkins1-0/+2
2017-01-10Removes deprecated OpenDaylight L2 only deploymentsTim Rozet1-1/+3
Deploying ODL without L3 DVR is no longer supported. This patch moves the opendaylight-l3 env settings to be the new default for opendaylight env file, while also removing any option to disable L3. Closes-Bug: 1654586 Change-Id: Ia2488cb0b752fb4b33f03caa7a1d2469d20395f0 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-01-10Add deployed-server backwards compatible templateJames Slagle2-0/+5
In Newton, the ctlplane port on deployed-server was called <hostname>-ctlplane-port. When this code was refactored in I29fbc720c3d582cbb94385e65e4b64b101f7eac9, the -port suffix was dropped in favor of <hostname>-<network> convention, and the port resource was created directly in deployed-server.yaml instead of in a nested stack. Both of those changes were backwards incompatible -- making it impossible to upgrade to the new version of deployed-server.yaml without the ctlplane port getting deleted/recreated, which causes a change in IP address. The IP address change causes services to be misconfigured on upgrade attempts. Change-Id: I45991b60a151abf3c5e4d05a3aa7246b2d25ac5a
2017-01-10Merge "Setting networking-odl v2 as a mechanism driver"Jenkins2-3/+3
2017-01-10Add support for the deployment of Ceph MDSGiulio Fidente1-0/+2
This change adds a CephMds service, disabled by default, on the Controller role and an environment file to enable it. Change-Id: If7cb46319038a80ed52f753a623989885e1b7da4 Depends-On: Iaecc3ff7acb851776c5057c42a5a513a70425d2c Partial-Bug: #1644784
2017-01-10Add THT for networking-fujitsuKoki Sanagi1-0/+21
Introduce THT for networking-fujitsu. networking-fujitsu is a neutron ML2 plugin which enables FUJITSU C-Fabric switch in OpenStack environment. This templates deploy overcloud with C-Fabric switch. Change-Id: Iee75a1a30552d8dc9f55f52d10b0dc2b623992ef Implements: blueprint integration-networking-fujitsu Depends-On: I37a502b43eb7d91bfe20625248ed117eae3ca535 Depends-On: I5eb2c2a9c50b5991d62f4b6d74b83351c86b02de
2017-01-10Merge "Make update-from-keystone-admin-internal-api.yaml work on newton+"Jenkins1-28/+1
2017-01-09Correct typo in ManagementAllocationPools in network-environment.yamlKevin Jones1-1/+1
There was a comma after 'end' in ManagementAllocationPools that causes a failure if using this parameter straight without modification. Replaced comma with colon. Closes-Bug: 1655204 Change-Id: Ic25606ea0b6637fcd33f1375f34a6486eda2af85 Signed-off-by: Kevin Jones <kevinjones@redhat.com>
2017-01-09Merge "Configure Kernel Args and Tuned and then reboot for Compute"Jenkins1-0/+16
2017-01-09Merge "Template and role support for the undercloud"Jenkins1-0/+18
2017-01-09Setting networking-odl v2 as a mechanism driverItzik Brown2-3/+3
The current environment files for OpenDaylight use the opendaylight mechanism driver - changing it to opendaylight_v2. Also using the l3_odl_v2 as a service plugin Depends-On: I2a1c5097614e47cc09e43bbc77305a0548d54baa Change-Id: Iba6f52663ce4a5e4c070f58f079465fdd24ecc7c
2017-01-09Make update-from-keystone-admin-internal-api.yaml work on newton+Cyril Lopez1-28/+1
There are change of ServiceNetMapDefaults in service_net_map.j2.yaml but were not reproduce in update-from-keystone-admin-internal-api.yaml environment. Tested in newton. Closes-Bug: #1646862 Change-Id: I307dcaabbc6d583896090bf3f046b442007fbc42 Signed-off-by: Cyril Lopez <cylopez@redhat.com> Co-Authored-By: Gregory Charot <gcharot@redhat.com>
2017-01-06Template and role support for the undercloudDan Prince1-0/+18
Add a new roles data YAML file and environment to help create the undercloud via t-h-t. Partially-implements: blueprint heat-undercloud Change-Id: I36df7fa86c2ff40026d59f02248af529a4a81861
2017-01-06Configure Kernel Args and Tuned and then reboot for ComputeSaravanan KR1-0/+16
* On top of the https://review.openstack.org/#/c/411204 * Added Kernel args and Tune-d configuration * Added provision to provide different kernel args per role (applicable for different types of compute roles only) Implements: blueprint tuned-nfv-dpdk Change-Id: I5c538428c376c9d2ebd1c364f0ee8503fd7d620e
2017-01-03Add missing VIP definitions into -no-tunneling env fileGiulio Fidente2-6/+27
Also removes from network-isolation env file the old RedisVioPort resource. Change-Id: I09ea1fe441a9dbe71a0af36cb123a117f2f0055f
2017-01-03Remove old ControllerConfig override from puppet-pacemaker.yamlGiulio Fidente1-1/+0
Previously we had to override the location of the manifest file pushed on the controller nodes when deploying with Pacemaker, this is not needed anymore with composable roles. Change-Id: I1e010099263a325d06483f498c70582b008c31e2
2017-01-02Merge "Use overcloud-full instead of atomic-image"Jenkins1-3/+0
2016-12-23Merge "Split OVN northd and ml2 plugin"Jenkins1-1/+2
2016-12-23Merge "Modify external loadbalancer environments to use new FixedIPs"Jenkins2-26/+14
2016-12-22Merge "Introduce role-specific NodeUserData, use for docker"Jenkins1-1/+1
2016-12-22Merge "Use ws instead of http for Zaqar websocket endpoints"Jenkins3-9/+9
2016-12-21Merge "Add "deployed server" fake neutron ports"Jenkins2-3/+2
2016-12-20Merge "Use OS::Heat::DeployedServer"Jenkins1-1/+0
2016-12-20Use ws instead of http for Zaqar websocket endpointsDan Prince3-9/+9
This patch updates the endpoint map for Zaqar websockets so that we use ws (or wss for SSL) instead of the http varients. This should help resolve protocol issues when trying to make connections to the websocket API. Change-Id: Iea88d1e30299cb621424740a39d498defa371ca4
2016-12-19Use overcloud-full instead of atomic-imageSteve Baker1-3/+0
This switches to using overcloud-full as the OS image for containerized compute. It includes the following changes: - install docker, until this change lands I1eab2a6de721c8f3c21c7df0019f2d4d1cc3775f - agent image pull has been removed. This avoids a race between docker starting and the current call to pull. This relies on "docker run" to do the initial pull and leaves open the option of some other prefetch mechanism to do the initial pull - rely on unit Conflicts= to ensure heat-docker-agents and os-collect-config do not run at the same time - tweaks to host bind mounts - removal of commands which only apply to atomic Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I2e82634785834a877a4dbdbdcd788a9ac1c14a9d
2016-12-19Introduce role-specific NodeUserData, use for dockerSteve Baker1-1/+1
Currently when the docker environments are invoked, every node has the boot script run which replaces os-collect-config with the heat-agents container. This should only be happening on Compute nodes currently, and each role will be converted to heat-agents one at a time. This change implements a role-specific NodeUserData resource and uses that mechanism to run docker/firstboot/install_docker_agents.yaml only on Compute nodes. Change-Id: Id81811dbcaf0e661c3980aa25f3ca80db5ef0954
2016-12-19Run upgrade steps before post-deploy configSteven Hardy1-0/+8
For some upgrade scenarios, e.g all-in-one deployments, it may be possible to run the upgrade steps, then apply puppet in one stack update, so reverse the order here. For normal deployments the upgrade steps are mapped to OS::Heat::None so this will have no effect. Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I3c78751349a6ac2bc5dff82f67bffe13750ac21c
2016-12-19Split OVN northd and ml2 pluginSteven Hardy1-1/+2
This allows us to take advantage of the composable roles hiera settings to connect the plugin to the northd/ovndb API without needing to hard-code the IP of the node running the service. Change-Id: I2508d48f81c1819ae3521fff271c0bdc50724604 Depends-On: I9af7bd837c340c3df016fc7ad4238b2941ba7a95 Closes-Bug: #1634171
2016-12-17Add "deployed server" fake neutron portsDan Prince2-3/+2
This patch swaps out the noop ctlplane port for a more proper fake neutron port stack. This stack is a swap in for the OS::Neutron::Port heat resource and can be controlled via the DeployedServerPortMap parameter. By relying on <hostname>-<network> naming conventions in the map we can map IPs to specific servers without using the Neutron API. This will allow us to inject IP information into the Heat stack within the new t-h-t undercloud installer which currently does not run a Neutron service. Change-Id: I29fbc720c3d582cbb94385e65e4b64b101f7eac9
2016-12-13Use OS::Heat::DeployedServerJames Slagle1-1/+0
The new DeployedServer resource in Heat will provide a native resource for Server resources that are not orchestrated via Nova. This will allow associating SoftwareDeployment's with servers that have not been launched with Nova with Heat directly. With the new resource, all of the SoftwareConfigTransport methods are available, including POLL_TEMP_URL. This patch also updates the get-occ-config.sh script to configure the requests collector in os-collect-config.conf on the deployed servers. Change-Id: I4b80421088acca709fe3f92741c5c052be483131 Partially-implements: blueprint split-stack-software-configuration Depends-On: I07b9a053ecd3ef4411b602bbc6ef985224834cf8
2016-12-12neutron: don't set external_network_bridge option by defaultIhar Hrachyshka8-40/+0
It's deprecated, to be removed in Ocata, and it's discouraged to set it to anything but the default value ('') that means that routers are not plugged directly into br-ex, but allows l2 agent to do the wiring. There are known issues with setting it to br-ex (like wrong port statuses): If533cf7c4c379be78f5a15073accaff7f65973ab The only caveat to setting it to the default ('') value is that in that case l2 agent should be configured with bridge mapping for physical networks. Since we already configure bridge_mappings for the agent, we should be safe to unset the option. Now that it's the default, there is no reason to override it in example environments. This patch also changes the description for the parameter to make it more clear that users are not expected to set it unless they know what they are doing. Also, moved the parameter into deprecated section to make it even more clear it's not something to touch in new deployments. Change-Id: Iade7fbaf92c8c601227f4456a15ea3f13a907ee2 Related-Bug: #1563070
2016-12-07Enable haproxy internal TLS through enable-internal-tls.yamlJuan Antonio Osorio Robles1-0/+1
For usability and to reduce the number of environments that need to be given when enabling TLS in the internal network, it's convenient to add the enabling of TLS in the internal front-ends for HAProxy, instead of doing that in a separate environment file. bp tls-via-certmonger Change-Id: Icef0c70b4b166ce2108315d5cf0763d4e8585ae1
2016-12-02Merge "Composable Zaqar services"Jenkins4-0/+20
2016-12-01Initial support for composable upgrades with Heat+AnsibleSteven Hardy1-0/+3
This shows how we could wire in the upgrade steps using Ansible as was previously proposed e.g in https://review.openstack.org/#/c/321416/ but it's more closely integrated with the new composable services architecture. It's also very similar to the approach taken by SpinalStack where ansible snippets per-service were combined then run in a series of steps using Ansible tags. This patch just enables upgrade of keystone - we'll add support for other patches in subsequent patches. Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I39f5426cb9da0b40bec4a7a3a4a353f69319bdf9
2016-11-30Merge "Add Neutron network type and VLAN ranges to network-environment.yaml"Jenkins1-0/+5
2016-11-29Merge "Revert "Set NeutronL3HA to false when deploying DVR""Jenkins1-8/+0
2016-11-29Merge "Stop using puppet to configure VIPs in /etc/hosts"Jenkins2-4/+3
2016-11-28Merge "Enable TLS in the internal networkf or Mysql"Jenkins1-0/+1
2016-11-28Revert "Set NeutronL3HA to false when deploying DVR"John Schwarz1-8/+0
DVR+HA routers are officially supported, so this patch can be reverted. This reverts commit ce39dbac56123354576d2c31674e1b18535b0111. Conflicts: environments/neutron-ovs-dvr.yaml Change-Id: Ifeceb0c3ba01e81403903401ebfe69b9e9d7d2f2
2016-11-27Stop using puppet to configure VIPs in /etc/hostsDan Prince2-4/+3
This patch drops use of the vip-hosts.yaml service which can cause issues during deployment because puppet 'hosts' resources overwrite the data in /etc/hosts. The only reason things seem to work at all at the moment is because our hosts element in t-i-e runs on each os-refresh-config iteration and re-adds the dropped hosts entries. To work around the issue we add a conditional which selectively adds the extra hosts entries only if the AddVipsToEtcHosts is set to true. Closes-bug: 1645123 Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
2016-11-25Provide full list of services for Compute role in HCI scenarioGiulio Fidente1-4/+22
Until bug #1635409 is fixed, we can provide the full list of services needed on the Compute role, plus CephOSD, in the hyperconverged-ceph environment file, preserving the user experience. Change-Id: I42409bc098c740759b378969526e13efaf002d3c Related-Bug: #1635409
2016-11-25Enable TLS in the internal networkf or MysqlJuan Antonio Osorio Robles1-0/+1
This adds the necessary hieradata for enabling TLS for MySQL (which happens to run on the internal network). It also adds a template so this can be done via certmonger. As with other services, this will fill the necessary specs for the certificate to be requested in a hash that will be consumed in puppet-tripleo. Note that this only enables that we can now use TLS, however, we still need to configure the services (or limit the users the services use) to only connect via SSL. But that will be done in another patch, as there is some things that need to land before we can do this (changes in puppetlabs-mysql and puppet-openstacklib). Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118 Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4