Age | Commit message (Collapse) | Author | Files | Lines |
|
It makes more sense for the enable-tls.yaml file to contain the
resource registry override, since it contains parameters that are
actually used there. Also, this allows us to reuse the
tls-endpoints-public-* files for other methods of enabling TLS (such
as with certmonger).
Change-Id: I98c63d0007e61968c0490a474eddb42548891fa6
|
|
This enables us to pass a map of CAs to deploy the CA certificates
using puppet and hiera instead of the bash script we were using. It
also gives us the feature that we will be able to deploy several CA
certificates on the nodes instead of just one as was the case before.
Change-Id: I9559487874b80aeb093cc2fa2cfa7c0479d5a8b2
Depends-On: I84273b4cd6576a63fa78dc93ad6b077dd2a780c7
|
|
Fix path to sahara templates
Change-Id: I7e60ed1800923057efe24badf03d76761da3f498
|
|
|
|
|
|
Users who want Sahara enable now can simply include the
environments/services/sahara.yaml Heat environment.
Change-Id: I3df96b6e78ba3eddb62e79d854862a7e2d614c51
|
|
The cinder-backup service was not configured in mitaka, so
having it disabled by default does not change the existing
behavior.
Also adds an environment file to enable it in the pacemaker
scenario.
Change-Id: I9a238e0d4601c9f59aff94fdac837c7d0e90afa0
|
|
|
|
Already with the same value in overcloud-resource-registry-puppet.yaml
Change-Id: Ic274abddef5e229a3517f4f77d8192d6abf81044
|
|
|
|
|
|
Via commit 0327fc2bbb1be9972d99e2e83d54d07410ad01d9 we added sahara
as a composable service. Let's make sure sahara-api and sahara-engine
run via systemd and not as a pacemaker resource. This is inline with the
HA NG spec.
Change-Id: I5634ad43771fba798892df6d2297c2634dcb6756
|
|
In Newton, Aodh will be using its own mysql DB rather than
using ceilometer's mongo instance. This means we need to
migrate any existing alarm and alrm history data from
ceilometer DB to aodh mysqlDB. Upstream aodh provides us
with a aodh-data-migration utility. We need to invoke this
during the mitaka->newton upgrade procedure so data is
migrated as expected and aodh mysql backend takes over.
Closes-bug: #1611794
Change-Id: I17888b57ecf98cd83e92af2f9cdbead066b03aa3
|
|
|
|
|
|
|
|
As described in https://bugs.launchpad.net/tripleo/+bug/1532830,
the OVS agent no longer uses enable_tunneling, which is controlled by
NeutronEnableTunnelling, so this change removes NeutronEnableTunnelling
from the Heat templates.
This change depends on NeutronEnableTunnelling also being removed
from python-tripleoclient and puppet-neutron no longer using the
enable_tunneling hieradata.
Change-Id: I1ff6902ebd15041fc57ffff20a07455f171a004b
Closes-Bug: 1532830
Depends-On: I28d33592374f60cb5222a866efaf9d137aca1c5a
Depends-On: I73630653330c67444827f32740c44e9d25b5db31
|
|
We introduce a new ServiceNetMap resource which enables some more flexible
mappings between the services and their networks.
Specifically this patch means:
1. ServiceNetMap no longer has to specify the entire list of all services,
operators may if they wish, but a subset is now valid where you want to
accept the defaults for some services (the defaults are now accessible via
the ServiceNetMapDefaults parameter.
2. We can map some keys which don't fit a pattern that enables conversion
from CamelCase to snake_case which is required for compatibility with the
service_names in puppet/services*
This should be backwards compatible, and in future when we remove internal
dependency on the CamelCase names, we could also enable operators to
specify e.g heat_api_network in ServiceNetMap which would be more consistent.
Change-Id: Ib60198adf76bb69ffbafbfac739e356d153f6194
Partially-Implements: blueprint custom-roles
|
|
Having the endpoint map in the same environment as the SSL
certificate parameters means that every time a service is added to
the overcloud, the user must remember to update their copy of
enable-tls.yaml to reflect the new service.
To avoid this, let's separate the SSL EndpointMap from the SSL
certificates so users can simply pass the shipped list of SSL
endpoints and only have to customize the certificate env file. As
and added bonus, this means they won't have to put the certificates
in enable-tls.yaml specifically. The parameters can be set
anywhere, and will be used as long as one of the tls-endpoints
envs is also specified.
inject-trust-anchor.yaml is not changed, but it could already be
used in the same fashion. The root certificate param could be set
in any env passed after inject-trust-anchor.yaml, and then
inject-trust-anchor.yaml would only be responsible for setting the
appropriate resource_registry entry. This way there is no need to
customize the in-tree inject-trust-anchor.yaml either.
Change-Id: I38eabb903b8382e6577ccc97e21fbb9d09c382b3
|
|
* Add service for configuring Nova compute with Ironic
* Fix authentication in Ironic APU
* Provide a separate environment file for enabling Ironic
Change-Id: I211e6d91eacd238b04a1aa37528d5a91523407d9
Partially-Implements: blueprint ironic-integration
|
|
Currently we have a hard-coded set of per-service parameters, which
will cause problems for custom roles and full composability.
As a first step towards making this more configurable, remove the
hard-coded per-service parameters from overcloud.yaml, and adjust
the EndpointMap generation to instead accept two mappings, the
ServiceNetMap and a mapping of networks to IPs (effectively this
just moves the map lookup inside the endpoint map instead of
inside overcloud.yaml)
Change-Id: Ib522e89c36eed2115a6586dd5a6770907d9b33db
Partially-Implements: blueprint custom-roles
|
|
Tempest tests for cinder contain backup tests that fail
unless cinder-backup service is started. This patch facilitates
the service start upon the overcloud deployment.
Original patch converted to composable role.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Depends-On: Ib1dfe52b83ab01819fc669312967950e75d8ddf1
Change-Id: I9ca97b3f1c26aac6d81b3525377e1f5fb962313f
|
|
|
|
|
|
|
|
This change adds the ManagementInterfaceDefaultRoute parameter
for setting the Management network as the default route in some
deployments. Notes were added to indicate that if the Management
network is used as the default gateway, then the default route
on the control plane should be commented out.
The sample network-environment.yaml was modified to include the
ManagementInterfaceDefaultRoute, but this is commented out like
the rest of the Management network parameters.
This change also adds the ControlPlaneDefaultRoute and
ExternalInterfaceDefaultRoute to all templates, so that if the
networks are customized, the NIC configs can be modified without
having to modify the parameters section of the template. The
default for the ExternalInterfaceDefaultRoute is '10.0.0.1', and
the default for ManagementInterfaceDefaultRoute is set to 'unset'.
This change also converts the single-nic-linux-bridge-vlans from
DHCP to static IPs on the Control Plane Interface, bringing these
templates in line with the rest of the NIC config templates. The
parameters needed to be updated in these templates as well.
The controller-v6.yaml templates had a default value of "10.0.0.1"
for the ExternalInterfaceDefaultRoute. This was confusing, and is
now undefined.
This change also sets a default gateway on the Control Plane in
controller-no-external.yaml templates.
Change-Id: I8ea6733fe46902e1baeff4ccfbcd42ecc5a1825f
|
|
This patch makes it possible to set
OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None
in your resource_registry and thereby avoid the creation of
a neutron port for the deployed server. This is useful if
you are bootstrapping things in an environment without
Neutron.
Also, includes a new deployed-server-noop-ctlplane.yaml
environment file.
Change-Id: I2990dc816698e0f6e3193a8fc7c9c6767c6e50e5
|
|
https://review.openstack.org/#/c/318840/ decomposed the Sahara services
but they weren't added to the ControllerServices list, thus are now disabled.
Since we shipped mitaka with sahara enabled by default, we should probably add
them so the behavior is consistent when folks upgrade.
This also fixes a couple of issues we missed when landing the initial service
templates (partly because CI didn't test them).
In order for each service to operate independently when used with Pacemaker,
the roles needed to be separated. This commit also does this.
Depends-On: Id61eb15b1e2366f5b73c6e7d47941651e40651b1
Change-Id: I0846b328e9d938275e373d58f0b99219b19b326c
Closes-Bug: #1592284
Co-Authored-By: Brad P. Crochet <brad@redhat.com>
|
|
Optional services should be disabled by default in the overcloud nodes.
This submission makes mistral disabled by default and allows to enable
it base on an environment file.
Depends-On: I942d419be951651e305d01460f394870c30a9878
Change-Id: I0dd245b75142834f71f3bd591b43c3f69d63217b
|
|
|
|
Change-Id: Iaa9dbf3545d5d001ad1d86b33df797880d922878
Closes-Bug: 1610258
|
|
This patch adds support for conditionally enabling DVR by deploying the
L3 and metadata agents on the compute node and setting the proper
configuration values throughout.
Implements: blueprint neutron-dvr-support
Change-Id: I24099795e76ecd520c990ba49d3511288dec7a12
|
|
This is the THT part that brings us the next generation architecture
as described in the following spec:
https://review.openstack.org/#/c/299628/
Blueprint:
https://blueprints.launchpad.net/tripleo/+spec/ha-lightweight-architecture
So far we tested deployment + tripleo.sh --overcloud-pingtest and
failover + tripleo.sh --overcloud-pingtest
Note that many of the Pacemaker template files become redundant with
this change, but to simplify the process of getting this change landed,
those templates will not be removed until a future commit.
Depends-On: I5e7585c08675d8a4bd071523b94210d325d79b59
Change-Id: I00bccb2563c006f80baed623b64f1e17af20dd4e
Implements: blueprint ha-lightweight-architecture
Co-Author: cmsj@tenshu.net
|
|
Allows the installation and configuration of Manila.
Supports the generic driver only. This has a dependency on the
puppet-tripleo classes for manila where the puppet specific
config now lives.
The review at https://review.openstack.org/#/c/315658/ has been
merge into this one, as of v68, so manila lands as a composable
service. This was brought up on the mailing list at [1]
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-May/096126.html
Co-Authored-By: Marios Andreou <marios@redhat.com>
Implements: blueprint composable-services-within-roles
Depends-On: I444916d60a67bf730bf4089323dba1c1429e2e71
Depends-On: I9eda4b3364e5c59342761a1ec71b0eb567c69cf1
Depends-On: I571b65a5402c1028418476a573ebeb9450ed00c9
Change-Id: I7acebac4354fca1f8d7ff6c343c1346bf29b81c6
|
|
|
|
Change-Id: Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8
Depends-On: I16a786ce167c57848551c7245f4344c382c55b3d
|
|
Deploy Horizon with composable apache service and don't include:
::tripleo::profile::pacemaker::apache
Because it's already included in the profiles in puppet-tripleo.
Change-Id: I5382d5cc95ba10805019142a9a223dbd4a4b8074
Depends-On: Id28c618133e53e28dfac7e3e9cf9f5f5a6b2421a
|
|
|
|
storage-environment"
|
|
Change-Id: Ife466e6a8b8112777d4c0e845e31fa633da5e53d
|
|
This patch just moves the Puppet code into puppet-tripleo.
A future iteration will be to move parameters within the service
template.
Closes-Bug: #1601853
Depends-On: I7ddae28a6affd55c5bffc15d72226a18c708850e
Change-Id: I51a05dbf53f516b200c146b35529ce563ce9ac7b
|
|
Deploy Pacemaker using composable services.
Change-Id: I038514812af5a9f30260a81ea3366d46bee4ee4e
Depends-On: I46215f82480854b5e04aef1ac1609dd99455181b
Closes-Bug: #1601970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|