| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
In previous releases, when not using network isolation, we used to create
two different VIPs for the ControlVirtualIP and the PublicVirtualIP both on
the ctlplane network. Later we moved into a configuration with a single
VIP instead so we need a compatibility yaml for those updating from old
versions which preserves both the IPs; one of the two is deleted
otherwise.
Also updates README.md with a short description of the use case.
Change-Id: Iae08b938a255bf563d3df2fdc0748944a9868f8e
|
|
This change adds a sample environment file which documents how to
assign to controllers a predictable IP on each network.
Change-Id: I5be21428c66c82488af8e0240c1614ac3b9b55f0
|
|
This change adds a new *_from_pool.yaml meant to return an IP from
a list instead of allocating a Neutron port, useful to pick an IP
from a pre-defined list and making it possible to configure, for
example an external balancer in advance (or dns), with the future
IPs of the controller nodes.
The list of IPs is provided via parameter_defaults (in the
ControllerIPs struct) using ControllerIPs param.
Also some additional VipPort types are created for the *VirtualIP
resources. The VIPs were previously created using the same port
resource used by the nodes, but when deploying with an external
balancer we want the VIP resource to be nooped instead.
Change-Id: Id3d4f12235501ae77200430a2dc022f378dce336
|
|
This enables pacemaker maintenantce mode when running Puppet on stack
update. Puppet can try to restart some overcloud services, which
pacemaker tries to prevent, and this can result in a failed Puppet run.
At the end of the puppet run, certain pacemaker resources are restarted
in an additional SoftwareDeployment to make sure that any config changes
have been fully applied. This is only done on stack updates (when
UpdateIdentifier is set to something), because the assumption is that on
stack create services already come up with the correct config.
(Change I9556085424fa3008d7f596578b58e7c33a336f75 has been squashed into
this one.)
Change-Id: I4d40358c511fc1f95b78a859e943082aaea17899
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Co-Authored-By: James Slagle <jslagle@redhat.com>
|
|
If there is a value for the certificate path (which should only happen
if the environment for enabling TLS is used) then the loadbalancer will
detect it and configure it's front ends correctly. On the other hand
a proper override for the example environment was given, since this
will be needed because we want to pass the hosts and protocols
correctly so the tripleoclient will catch it and pass it to
os-cloud-config
Change-Id: Ifba51495f0c99398291cfd29d10c04ec33b8fc34
Depends-On: Ie2428093b270ab8bc19fcb2130bb16a41ca0ce09
|
|
Added a parameter to Nuage ExtraConfig template for setting
use_forwarded_for value required by Nuage metadata agent
Change-Id: I02c15311272126c5e530f118fbfb4a8f6e11a620
|
|
Added ExtraConfig templates and environment files for Nuage specific parameters.
Modified overcloud_compute.pp and overcloud_controller.pp to conditionally
include Nuage plugin and agents.
Change-Id: I95510c753b0a262c73566481f9e94279970f4a4f
|
|
|
|
|
|
|
|
|
|
This commit enables the injection of a trust anchor or root
certificate into every node in the overcloud. This is in case that the
TLS certificates for the controllers are signed with a self-signed CA
or if the deployer would like to inject a relevant root certificate
for other purposes. In this case the other nodes might need to have
the root certificate in their trust chain in order to do proper
validation
Change-Id: Ia45180fe0bb979cf12d19f039dbfd22e26fb4856
|
|
|
|
Adds control over the load balancer deployment via template param.
Change-Id: I5625083ff323a87712a5fd3f9a64dd66d2838468
|
|
Changes VipMap into a new NetVipMap resource which defaults to
being the same as the 'old' VipMap. An environment file can be
used to map NetVipMap instead to the net_vip_map_external.yaml
which allows for passing in explicit Virtual IP addresses.
It also ensures that references to the Virtual IPs are gathered
from the VipMap resource and allows for an empty ControlPlaneIP
parameter in the neutron port templates where it can be.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Ifad32e18f12b9997e3f89e4afe3ebc4c30e14a86
|
|
|
|
|
|
The original value for the ServiceNetMap parameter had the Keystone
Admin API service on the Internal API network. Later, it was moved to
the ctlplane network by default.
Users updating from clouds already deployed may not want to have the
service moved, and we've occassionly seen it cause issues with services
not getting restarted properly.
This sample environment file documents the old value so that users can
just optionally include it via -e to keep the services the same as they
were when they originally deployed.
Change-Id: I0b68542337a2f40e26df15fe7ac2da5aafe651d5
|
|
This is a first implementation of adding TLS termination to the load
balancer in the controllers. The implementation was made so that the
appropriate certificate/private key in PEM format is copied to the
appropriate controller(s) via a software deployment resource.
And the path is then referenced on the HAProxy configuration, but this
part was left commented out because we need to be able to configure the
keystone endpoints in order for this to work properly.
Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79
|
|
The tripleoupstream registry contains images that are built
every time there is a change in delorean.
The gate also needs this.
Change-Id: If460853284588f637de820afa54069f773f2e6f7
|
|
|
|
|
|
Consume puppet-tripleo to create/manage IPtables from Heat templates.
This review put in place the logic to enable and setup firewall rules.
A known set of rules are applied. More to come.
Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22
Co-Authored-By: Yanis Guenane <yguenane@redhat.com>
Depends-On: I144c60db2a568a94dce5b51257f1d10980173325
|
|
|
|
|
|
Enables support for configuring Cinder with a Dell
Equallogic storage backend.
This change adds all relevant parameters for:
- Equallogic PS-Series (iSCSI)
Change-Id: Ia0f71863cfb12f2cdda43dcf707a9a7145963001
|
|
|
|
|
|
The atomic image name in glance was being set to 'fedora-atomic'.
The glance image can be any form of atomic distro so we shouldn't
name this specifically 'fedora-atomic', but instead 'atomic-image'.
Change-Id: Ic539b82b92e3fdd834750e591d8622b7dc85fc6d
|
|
Previously we enforced the Ceph user used by the OpenStack clients
to be named 'openstack', this change allows for customization
of such a name.
Change-Id: Idef3e1ed4e8e21b645081869b8d6fad2329bdc60
|
|
This is useful in those scenarios were we want to use an external
Ceph deployment with multiple overclouds.
Change-Id: I1749d2a6547f6ce25843709e46a1447e8d42cfff
|
|
|
|
This change adds a set of network interface configurations for use
with network isolation. The multiple-nics templates includes one
separate NIC per network, and assumes that nic1 is used for the
provisioning network (ctlplane). Also included is an environment
file for including the multiple-nics configuration in a deployment.
This revision changes the ordering of the NICs. By doing that, it
is possible to wire up only a subset of the NICs for the storage
nodes, and it is possilbe to leave the External NIC only configured
on the controllers.
rdo: Updated this commit for static control plane configuration
Co-Authored-By: Rhys Oxenham <roxenham@redhat.com>
Change-Id: Ic878d1ed1a85b5705295d087a743570ca8213504
|
|
Create a set of environment variables that allows us to configure
a docker registry for deployment. This patch assumes there is a
local docker registry already setup with the images loaded in place.
Change-Id: Iaafaf23eb3fa8b24bcd8f73bb38c552bea629607
Signed-off-by: Ian Main <imain@redhat.com>
Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
|
|
In liberty, Kolla copies around files and runs the service given
a specified command, by reading a json file.
This will update the existing work to follow that template by
creating a json file for each of the services and pushing it
into the containers.
Change-Id: I5085d1896ea965fd8854765b055068a5ad30bcfd
Co-Authored-By: Jeff Peeler <jpeeler@redhat.com>
|
|
Adds support for NFS backend in Glance by allowing the storage directory
for the 'file' backend to be a mount managed by Pacemaker. Default
behavior is unchanged.
Since the Pacemaker-related parameters are not exposed on top level,
change storage-environment.yaml to use parameter_defaults instead of
parameters.
Depends on a Heat fix for environment file's parameter_defaults to
work well with JSONs and comma delimited lists (see Depends-On).
Change-Id: I6e7e2eaf6919b955650c0b32e1629a4067602c89
Depends-On: I85b13a79dbc97a77e20c0d5df8eaf05b3000815e
|
|
|
|
This change adds a containerized version of the overcloud compute node for
TripleO. Configuration files are generated via OpenStack Puppet modules
which are then used to externally configure kolla containers for
each OpenStack service.
See the README-containers.md file for more information on how to set this up.
This uses AtomicOS as a base operating system and requires that we bootstrap
the image with a container which contains the required os-collect-config agent
hooks to support running puppet, shell scripts, and docker compose.
Change-Id: Ic8331f52b20a041803a9d74cdf0eb81266d4e03c
Co-Authored-By: Ian Main <imain@redhat.com>
Co-Authored-By: Ryan Hallisey <rhallise@redhat.com>
|
|
Also adds an environment file which can be passed to heat stack-create
to enable debugging.
Change-Id: I9758e2ca3de6a0bed6d20c37ea19e48f47220721
Depends-On: Ie92d1714a8d7e59d347474039be999bd3a2b542f
|
|
This enables support for the Cisco N1kv driver for the ML2 plugin.
It also configures the Nexus 1000v switch.
Co-Authored-By: Steven Hillman <sthillma@cisco.com>
Depends-On: I02dda0685c7df9013693db5eeacb2f47745d05b5
Depends-On: I3f14cdce9b9bf278aa9b107b2d313e1e82a20709
Change-Id: Idf23ed11a53509c00aa5fea4c87a515f42ad744f
|
|
Updates the /puppet directory templates so that we drop the
'-puppet' from the filenames. This is redundant because
we already have puppet in the directory name and fixes
inconsistencies where we aren't using -puppet in
all the files within the puppet directory.
Depends-On: I71cb07b2f5305aaf9c43ab175cca976e844b8175
Change-Id: I70d6e048a566666f5d6e5c2407f8a6b4fd9f6f87
|
|
Switch the implemention from a pre_deploy ExtraConfig to an
AllNodesExtraConfig, so we can collect the mac->hostname mapping
for all nodes, then calculate a NexusConfig based on that and
a provided mapping of switch ports to mac address.
The same conversion is also done to the NetworkUCSMHostList:
The port mappings are provided via parameter_defaults like:
parameter_defaults:
NetworkNexusConfig: {
"bxb-tor-1": {
"username": "admin",
"ssh_port": 22,
"password": "lab",
"ip_address": "10.86.7.204",
"nve_src_intf": 0,
"physnet": "datacentre",
"servers": {
"fa:16:3e:fa:be:ef": "1/11",
"fa:16:3e:fa:5e:cf": "1/23",
"fa:16:3e:fa:12:34": "2/34"
}
}
}
NetworkUCSMHostList: 'fa:16:3e:fa:be:ef:profile1'
This results in an entry like this appended to
/etc/puppet/hieradata/neutron_cisco_data.yaml:
neutron::plugins::ml2::cisco::nexus::nexus_config:\
{"bxb-tor-1": {"username": "admin", "nve_src_intf": 0, "ssh_port": 22,
"servers": {"overcloud-compute02": "2/34", "overcloud-compute01": "1/23",
"overcloud-control01": "1/11"}, "password": "lab", "ip_address": "10.86.7.204",
"physnet": "datacentre"}}
neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: overcloud-control01:profile1
Co-Authored-By: Rob Pothier <rpothier@cisco.com>
Co-Authored-By: Tim Swanson <tiswanso@cisco.com>
Change-Id: I372c3ffb6bd85b7239fcb9f3fc4fa51cd4a39332
|
|
Add support for Big Switch Neutron ML2 plugin. Makes sure that the
package is present and sets up the [restproxy] section in ml2_conf.ini.
This also adds support for setting the ovs_use_veth option in
l3_agent.ini. There is no support for this in puppet-neutron l3 class
and it probably doesn't make sense adding it there, because this setting
isn't relevant for all l3 agent drivers, it's specific to
OVSInterfaceDriver. The ovs_use_veth option is also added to
dhcp_agent.ini.
Change-Id: I99635e25b2099dacce68154fe14693d6f06ac19f
|
|
|
|
This enables support for the Cisco UCS Manager and Cisco
Nexus plugins
Change-Id: I1bc28a4768d5d6857a0504ca1f77dd71259570b8
|
|
This change introduces an environment file that includes isolated
networks but does not include a Tenant tunneling network. This is
for deployments where the tenant networking will be provided by
tenant VLANs, or provider networks, or another non-tunneling method.
Change-Id: I8a05e341de80c2add418f22fa7f6f06349d378d6
|
|
This patch adds support for using an externally managed Ceph
cluster with the TripleO Heat templates.
For an externally managed Ceph cluster we initially
only deploy the Ceph client tools, install the 'openstack' user
keyring, and generate the ceph.conf. This matches what we do
for managed Ceph installations and is a good first start.
No other Ceph related services are installed or managed.
To enable use of a Ceph external cluster simply add
the custom Heat environment file environments/puppet-ceph-external.yaml
to your heat stack create/update command and make sure to
set the required CephClientKey, CephExternalMonHost, and CephClusterFSID
variables.
Change-Id: I0a8b213ce9dfa2fc4e62ae1e7631466e5179fc2b
|
|
This patch adds extra heat environments that can be used
to enable network isolation without using the external
network. Instead of a separate external network the ctlplane
will be used for all of the external/public traffic.
Change-Id: Ia542cee02121771d7d57ac701b62d7608e8d1855
|
Jenkins
Giulio Fidente
Steven Hardy
Juan Antonio Osorio Robles
Lokesh Jain
Dan Prince
James Slagle
Ryan Hallisey
Emilien Macchi
rajinir
Dan Sneddon
Jiri Stransky
Shiva Prasad Rao
Robert Pothier