summaryrefslogtreecommitdiffstats
path: root/overcloud-resource-registry-puppet.j2.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-06-17Merge "Remove duplicate docker/puppet services.yaml"Jenkins1-1/+1
2017-06-16Merge "Add templates to configure Ironic inspector"Jenkins1-0/+1
2017-06-15Merge "Containerize Ceilometer Agent Ipmi"Jenkins1-0/+1
2017-06-13Containerize Ceilometer Agent IpmiPradeep Kilambi1-0/+1
Depends-On: I3e865f2e9b6935eb3dfa4b4579c803f0127848ae Change-Id: I09327a63d238a130b6ac0f2361f80e2b244b4b52
2017-06-12Move iscsid to a containerDan Prince1-0/+1
This configures iscsid so that it runs as a container on relevant roles (undercloud, controller, compute, and volume). When the iscsid docker service is provision it will also run an ansible snippet that disables the iscsid.socket on the host OS thus disabling the hosts systemd from auto-starting iscsid as it normally does. Co-Authored-By: Jon Bernard <jobernar@redhat.com> Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
2017-06-09Remove duplicate docker/puppet services.yamlSteven Hardy1-1/+1
Move to one common services.yaml not only reduces the duplication, but it should improve performance for the docker/services.yaml case, because we were creating two ResourceChains with $many services which we know can be really slow (especially since we seem to be missing concurrent: true on one) Change-Id: I76f188438bfc6449b152c2861d99738e6eb3c61b
2017-06-09Add templates to configure Ironic inspectorDan Prince1-0/+1
Implements: blueprint ironic-inspector-composable-service Co-Authored-By: Dmitry Tantsur <dtantsur@redhat.com> Change-Id: I825516f9f5c2b0c03a3f497d6954022714aab988
2017-05-25Add support for linuxbridge agentBartosz Stopa1-0/+1
Currently TripleO does not support LinuxBridge driver, setting NeutronMechanismDrivers to linuxbridge will not force ml2 plugin to use linuxbridge. This commit adds new environment file which replaces default ovs agent with linuxbridge on Compute and Controller nodes. Change-Id: I433b60a551c1eeb9d956df4d0ffb6eeffe980071 Closes-Bug: #1652211 Depends-On: Iae87dc7811bc28fe86db0c422c363eaed5e5285b Depends-On: Ie3ac03052f341c26735b423701e1decf7233d935
2017-05-23Merge "Disable mongodb by default"Jenkins1-1/+1
2017-05-22Disable mongodb by defaultJuan Antonio Osorio Robles1-1/+1
It's not used by any service that we enable by default. So instead, I added it to the environment that enables the services that use it. Change-Id: Id2e6550fb7c319fc52469644ea022cf35757e0ce
2017-05-22Use disabled suffix for disabled service namesJuan Antonio Osorio Robles1-3/+3
This changes both the service names and the file names for disabled services, adding the 'disabled' suffix to them. This comes with the reasoning that, if a service requires a disabled service, and checks for the name in the "service_names" hiera entry, it will appear as if the service was enabled, when it's actually not. So changing the name and using this convention prevents that issue. Change-Id: I308d6680a4d9b526f22ba0d7d20e5db638aadb9a
2017-05-18Add l2gw neutron agent supportPeng Liu1-0/+1
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging two or more networks together to make them look at a single broadcast domain. This patch implements the l2gw agent which is one of the backend of the l2 gateway service plugin. Change-Id: I1ae8132ceff9410be7bd82caddf0d14251e720bf Depends-On: If1501c153b1b170b9550cb7e5a23be463fba1fe9 Partially-Implements: blueprint l2gw-service-integration Signed-off-by: Peng Liu <pliu@redhat.com>
2017-05-16Containerize Ceilometer AgentsPradeep Kilambi1-0/+4
Depends-on: I30ba93f76171e5993b5f0e1d7f1f5533acb25740 Closes-bug: #1668925 Change-Id: I3cb61d2d8765f9c2601bb00c4bfa24162883b96a
2017-05-11Deprecate Ceilometer ExpirerPradeep Kilambi1-1/+1
We dont need expirer unless we have collector and standard storage enabled. Lets turn it off by default and make it an optional service. In upgrade scenario, we will kill the process and stop the expirer, unless explicitly enabled. Change-Id: Icffb7d1bb2cf7bd61026be7d2dcfbd70cd3bcbda
2017-05-10Merge "Add networking-vpp ML2 mechanism driver support"Jenkins1-0/+1
2017-05-04Merge "Disable Telemetry services on undercloud containers"Jenkins1-0/+8
2017-05-01Disable Telemetry services on undercloud containersPradeep Kilambi1-0/+8
We dont deploy telemetry by default on undercloud anymore. Lets disable by default and provide an env file to enable on demand. Change-Id: I03807b3b75bb038c2d2bb342f3327e6eca2f3976
2017-04-25Deprecate ceilometer collectorPradeep Kilambi1-1/+1
Ceilometer collector is deprecated in Pike release. Do not deploy by default. Instead use the pipeline yaml to configure the publisher directly. Closes-bug: #1676961 Change-Id: Ic71360c6307086d5393cd37d38ab921de186a2e0
2017-04-25Merge "Add initial support for NSX plugin"Jenkins1-0/+1
2017-04-24Merge pre|post puppet resources into pre|post config.Carlos Camacho1-5/+0
The [Pre|Post]Puppet resources were renamed in https://review.openstack.org/#/c/365763. This was intended for having a pre/post deployment steps using an agnostic name instead of being attached to a technology. The renaming was unintentionally reverted in https://review.openstack.org/#/c/393644/ and https://review.openstack.org/#/c/434451. This submission merge both resources into one, and remove the old pre|post hooks. Closes-bug: #1669756 Change-Id: Ic9d97f172efd2db74255363679b60f1d2dc4e064
2017-04-21Merge "SSHD Service extensions"Jenkins1-1/+1
2017-04-21Merge "Add network_data.yaml to encapsulate list of networks for j2"Jenkins1-25/+16
2017-04-20Merge "Pluggable server type per Role"Jenkins1-0/+3
2017-04-19SSHD Service extensionsLuke Hinds1-1/+1
This change implements a MOTD message and provides a hash of sshd config options which are sourced to the puppet-ssh module as a hash. The SSHD puppet service is enabled by default, as it is required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293. Also added the service to the CI roles. Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e Depends-On: I1d09530d69e42c0c36311789166554a889e46556 Closes-Bug: #1668543 Co-Authored-By: Oliver Walsh <owalsh@redhat.com>
2017-04-18Merge "SSH known_hosts config"Jenkins1-0/+2
2017-04-18Support for external swift proxyLuca Lorenzetto1-0/+1
Users may have an external swift proxy already available (i.e. radosgw from already existing ceph, or hardware appliance implementing swift proxy). With this change user may specify an environment file that registers the specified urls as endpoint for the object-store service. The internal swift proxy is left as unconfigured. Change-Id: I5e6f0a50f26d4296565f0433f720bfb40c5d2109 Depends-On: Ia568c3a5723d8bd8c2c37dbba094fc8a83b9d67e
2017-04-13SSH known_hosts configOliver Walsh1-0/+2
Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
2017-04-13Pluggable server type per RoleJames Slagle1-0/+3
The server resource type, OS::TripleO::Server can now be mapped per role instead of globally. This allows users to mix baremetal (OS::Nova::Server) and deployed-server (OS::Heat::DeployedServer) server resources in the same deployment. blueprint pluggable-server-type-per-role Change-Id: Ib9e9abe2ba5103db221f0b485c46704b1e260dbf
2017-04-12Merge "Update Dell EMC Cinder back end services"Jenkins1-0/+3
2017-04-12Merge "Add composable role support for NetApp Cinder back end"Jenkins1-0/+1
2017-04-10Update Dell EMC Cinder back end servicesAlan Bishop1-0/+3
Add services for Dell EMC Cinder back ends to the resource registry and to the Controller role (defaulting to OS::Heat::None). Closes-Bug: #1681497 Change-Id: I694fd7738abd3601851bdcd38e3633607ce6152c
2017-04-10Add networking-vpp ML2 mechanism driver supportFeng Pan1-0/+1
Implements: blueprint fdio-integration-tripleo Change-Id: I412f7a887ca4b95bcf1314e8c54cb1e7d03b1e41 Signed-off-by: Feng Pan <fpan@redhat.com>
2017-04-10Add composable role support for NetApp Cinder back endAlan Bishop1-0/+1
Convert NetApp Cinder back end to support composable roles via new "CinderBackendNetApp" service. Closes-Bug: #1680568 Change-Id: Ia3a78a48c32997c9d3cbe1629c2043cfc5249e1c
2017-04-10Decouple Swift ringbuilding logicChristian Schwede1-3/+0
This reverts commit b323f8a16035549d84cdec4718380bde3d23d6c3 and uses the new logic in puppet-tripleo (see Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b ), basically doing the same. Closes-Bug: 1665641 Change-Id: Ib5cb0578be2993af0a0b8675005d838640bdb139
2017-04-06Merge "Fixing acronym for BGPVPN composable service"Jenkins1-1/+1
2017-04-06Adds service for managing securettylhinds1-0/+1
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7 Partial-Bug: #1665042 Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
2017-04-06Add initial support for NSX pluginGary Kotton1-0/+1
Add the support for the VMware NSX plugin Co-Authored-By: Tong Liu <tongl@vmware.com> Change-Id: I3567cbb4ed8d6e5b2a3ea6b8cff6c7b8ed13b692
2017-04-05Merge "Add l2gw neutron service plugin support"Jenkins1-0/+1
2017-04-05Fixing acronym for BGPVPN composable serviceRicardo Noriega1-1/+1
Change-Id: I397a6ad430cef5ddb4eee48347ad4c89144ad01e Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-04-04Merge "Add ceilometer ipmi agent"Jenkins1-0/+1
2017-03-30Add l2gw neutron service plugin supportPeng Liu1-0/+1
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging two or more networks together to make them look at a single broadcast domain. This patch implements the l2gw neutron service plugin support part in t-h-t. Change-Id: I1b52dc2c11a15698e43b6deeac6cadeeba1802d5 Depends-On: I01a8afdc51b2a077be1bbc7855892f68756e1fd3 Partially-Implements: blueprint l2gw-service-integration Signed-off-by: Peng Liu <pliu@redhat.com>
2017-03-29Add ceilometer ipmi agentPradeep Kilambi1-0/+1
Closes-Bug: #1662679 Change-Id: I3446d59b89d43859caedd2be4583099374944379
2017-03-29Qpid dispatch router composable roleJohn Eckersberg1-0/+1
Note: since it replaces rabbitmq, in order to aim for the smallest amount of changes the service_name is called 'rabbitmq' so all the other services do not need additional logic to use qdr. Depends-On: Idecbbabdd4f06a37ff0cfb34dc23732b1176a608 Change-Id: I27f01d2570fa32de91ffe1991dc873cdf2293dbc
2017-03-27MySQL: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ib7151d67982957369f7c139a3b01274a1a746c4a
2017-03-27Apache: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ia7ee632383542ac012c20448ff1b4435004e57e3
2017-03-27Rabbitmq: Use conditional instead of nested stack for TLS-specific bitsJuan Antonio Osorio Robles1-1/+0
Usually a nested stack is used that contains the TLS-everywhere bits (config_settings and metadata_settings). Nested stacks are very resource intensive. So, instead of doing using nested stacks, this patch changes that to use a conditional, and output the necessary config_settings and metadata_settings this way in an attempt to save resources. Change-Id: Ic25f84a81aefef91b3ab8db2bc864853ee82c8aa
2017-03-13Add certmonger-user profileJuan Antonio Osorio Robles1-0/+1
This profile will request the certificates for the services on the node. So with this, we will remove the requesting of these certs on the services' profiles themselves. The reasoning for this is that for a containerized environment, the containers won't have credentials to the CA while the baremetal node does. So, with this, we will have this profile that still gets executed in the baremetal nodes, and we can subsequently pass the requested certificates by bind-mounting them on the containers. On the other hand, this approach still works well for the TLS-everywhere case when the services are running on baremetal. Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6 Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
2017-03-10Add BGPVPN composable serviceRicardo Noriega1-0/+1
This project aims at supporting inter-connection between L3VPNs and Neutron resources, i.e. Networks, Routers and Ports. Partially-Implements: blueprint bgpvpn-service-integration Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876 Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442 Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-03-09Pass hieradata for internal TLS for RabbitMQJuan Antonio Osorio Robles1-0/+1
As with other services, this passes the necessary hieradata to enable TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo) that there will only be TLS connections, as the ssl_only option is being used. bp tls-via-certmonger Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5 Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
2017-03-06Enable composable upgrades for docker service templatesSteven Hardy1-0/+1
This aligns the docker based services with the new composable upgrades architecture we landed for ocata, and does a first-pass adding upgrade_tasks for the services (these may change, atm we only disable the service on the host). To run the upgrade workflow you basically do two steps: openstack overcloud deploy --templates \ -e environments/major-upgrade-composable-steps-docker.yaml This will run the ansible upgrade steps we define via upgrade_tasks then run the normal docker PostDeploySteps to bring up the containers. For the puppet workflow there's then an operator driven step where compute nodes (and potentially storage nodes) are upgrades in batches and finally you do: openstack overcloud deploy --templates \ -e environments/major-upgrade-converge-docker.yaml In the puppet case this re-applies puppet to unpin the nova RPC API so I guess it'll restart the nova containers this affects but otherwise will be a no-op (we also disable the ansible steps at this point. Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1 Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e