summaryrefslogtreecommitdiffstats
path: root/overcloud-resource-registry-puppet.j2.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-02-17Merge "Apply post-upgrade step to not run puppet in post upgrade"Jenkins1-1/+1
2017-02-17Merge "Automatically backup and restore Swift rings from the undercloud"Jenkins1-0/+3
2017-02-16Apply post-upgrade step to not run puppet in post upgradeMathieu Bultel1-1/+1
In the environment file: environments/major-upgrade-composable-steps.yaml we don't want to run puppet in certains roles in post upgrade because we need to make some extra tasks on this nodes and run puppet on converge step Change-Id: I38fc5772cdb4a7df7979beb2e7475c70f34076a7
2017-02-10adding Congress SupportDan Radez1-0/+1
Depends-On: Ic74ccd5fa7b3b04ca810416e5160463252f17474 Implements: blueprint congress-service-integration Change-Id: Ie60540c340c0eb71ff376aba65507a8bb3e909b6 Signed-off-by: Dan Radez <dradez@redhat.com>
2017-02-09Adding Tacker SupportDan Radez1-0/+1
Depends-On: Ide0e60f3b7a3733788af4337c1c39b4a956c876f Depends-On: I3d6bbc05644e840395f87333ec80e3b844f69903 Depends-On: Idf6abcb7fe766546cb362ad4afe54f4bccd9c994 Implements: blueprint tacker-service-integration Change-Id: Ibddc81561f6e6ba671bd01a9251c57d3ad67ba8c Signed-off-by: Dan Radez <dradez@redhat.com>
2017-02-09Merge "Re-organizes Contrail services to the correct roles"Jenkins1-6/+0
2017-02-08Re-organizes Contrail services to the correct rolesMichael Henkel1-6/+0
In current setup some Contrail services belong to the wrong roles. The Contrail control plane can be impacted if the Analytics database has problems. Change-Id: I0d57a2324c38b5b20cc687c6217a7a364941f7e6 Depends-On: Id0dd35b95c5fe9d0fcc1e16c4b7d6cc601f10818 Closes-Bug: #1659560
2017-02-08Merge "implement a collectd composable service"Jenkins1-0/+1
2017-02-07Merge "Add registry and role service list entries for Octavia"Jenkins1-0/+4
2017-02-07implement a collectd composable serviceLars Kellogg-Stedman1-0/+1
The collectd composable service permits an operator to configure collectd metrics collection as part of the overcloud install. Depends-on: I03cfbd96778a76125d18e2ca2f48d96e292608de Change-Id: I143565329f5128f15cc39c9b62a6b242666383ab
2017-02-06Automatically backup and restore Swift rings from the undercloudChristian Schwede1-0/+3
Swift rings created or updated on the overcloud nodes will now be stored on the undercloud at the end of the deployment. An additional consistency check is executed before storing them, ensuring all rings within the cluster are identical. These rings will be retrieved (before Puppet runs) by every node when an UPDATE is executed, and by doing this will be in a consistent state across the cluster. This makes it possible to add, remove or replace nodes in an existing cluster without manual operator interaction. Closes-Bug: 1609421 Depends-On: Ic3da38cffdd993c768bdb137c17d625dff1aa372 Change-Id: I758179182265da5160c06bb95f4c6258dc0edcd6
2017-02-03Add registry and role service list entries for OctaviaBrent Eagles1-0/+4
This patch adds the Octavia services to the registry and controller role (disabled by default). Also included is an example environment file for enabling the services and required configuration. The API service profile is also amended configure the load balancer service provider in neutron to point to the octavia load balancer driver. Change-Id: I7f3bba950f5b1574ba842a39e93a8ac2b1ccf7bb Partially-implements: blueprint octavia-service-integration
2017-02-03Disable puppet on upgrade for roles not upgradingSteven Hardy1-1/+1
Where the role has disabled upgrades, we need to skip both the ansible and puppet steps. To do this we refactor the post.j2.yaml so that it can be included in the upgrade template with an adjusted list of roles. Note this requires https://review.openstack.org/#/c/425220/ - this change will be required for local testing of this patch (run mistral-db-mange populate after updating tripleo-common and restart the mistral services, or update your repos and re-run openstack undercloud install). Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: Ie7d0fa6fef3528bd93e6cde076b964ea8de3185a
2017-01-27Add AuditD composable serviceSteven Hardy1-0/+1
This patch allows the management of the AuditD service and its associated files (such as `audit.rules`) This is achieved by means of the `puppet-auditd` puppet module. Also places ssh banner capabilities map on top of patch Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
2017-01-27Merge "Adds SSH Banner text into sshd_config"Jenkins1-0/+1
2017-01-26Add Ceph RBD mirror Pacemaker profileGiulio Fidente1-0/+1
This change adds a profile to deploy the Ceph RBD mirroring daemon as a Pacemaker resource. Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948 Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789 Closes-Bug: #1652177
2017-01-26Adds SSH Banner text into sshd_configLuke Hinds1-0/+1
Allow use of ooo template to populate banner text into /etc/issue Change-Id: If5b2da9415f10652a0a64503b2da4b63d1018640 Depends-On: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e Closes-Bug: #1640306
2017-01-25Merge "Add ec2-api service"Jenkins1-0/+1
2017-01-25Merge "Add glance registry service to disable on upgrade"Jenkins1-0/+1
2017-01-25Merge "pacemaker remote profile support"Jenkins1-0/+1
2017-01-24Add glance registry service to disable on upgradeSteven Hardy1-0/+1
We've broken the upgrade job because anyone upgrading with the glance registry deployed (and defined in their *Services parameters) will try to deploy with the old glance-registry.yaml defined in heat. Instead we define a template which stops and disables the service on upgrade. Closes-Bug: #1659079 Change-Id: I03561954d794afae2be06811375d16611fa45973
2017-01-24Pass parameters for TLS proxy in front of Glance-APIJuan Antonio Osorio Robles1-0/+1
If TLS in the internal network is enabled, we run glance-api beind a TLS proxy (which is actually httpd's mod_proxy). This passes the necessary hieradata. bp tls-via-certmonger Change-Id: I693213a1f35021b540202240e512d121cc1cd0eb Depends-On: Id35a846d43ecae8903a0d58306d9803d5ea00bee
2017-01-24Add ec2-api serviceSven Anderson1-0/+1
This change adds the ec2api service using the tripleo::profile::base::nova::ec2api profile. The deprecated nova-cert service is not supported, and therefore the RegisterImage action is not supported either. Change-Id: I2510fd4ed935d8423216fff9ce3adf2d69c9c804 Depends-On: If4b091e1ca02f43aa9c65392baf8ceea007b7cfb
2017-01-24pacemaker remote profile supportMichele Baldessari1-0/+1
This adds a pacemaker_remote puppet service so that an operator can automatically deploy pacemaker-remote on nodes of his choice. Change-Id: I9678606b3de9b9f4c03014b33c1dd27fcba67513 Depends-On: I581552dfa64160e2f82f6a9b8f2ae521c3d6da8d Depends-On: I92953afcc7d536d387381f08164cae8b52f41605
2017-01-23Merge "Add THT for fossw ML2 plugin in networking-fujitsu"Jenkins1-0/+1
2017-01-19Add THT for fossw ML2 plugin in networking-fujitsuKoki Sanagi1-0/+1
Introduce THT for fossw ML2 plugin in networking-fujitsu. networking-fujitsu is a neutron ML2 plugin which enables several FUJITSU switch products in OpenStack environment. This templates deploy overcloud with FOS switch. Change-Id: I977dbecbf9f6f9725f7fb5ca4745b537a73975ff Implements: blueprint integration-fossw-networking-fujitsu Depends-On: I044c5812bbc5cd3de4bc33556cffbe5bad8e64cf Depends-On: I79df6b6a27d95f0c0e2c87207ab80235a4efccfc
2017-01-19Adds etcd composable serviceFeng Pan1-0/+1
etcd is used by networking-vpp ML2 driver as the messaging mechanism. This patch adds etcd service which can be used by other services. Implements: blueprint fdio-integration-tripleo Depends-on: Idaa3e3deddf9be3d278e90b569466c2717e2d517 Change-Id: I8ae1e2c9b0c3d6f448e1da712100938d011289f5 Signed-off-by: Feng Pan <fpan@redhat.com>
2017-01-18Merge "Remove Glance Registry service"Jenkins1-1/+0
2017-01-17Merge "Nova Placement API composable service"Jenkins1-0/+1
2017-01-17Nova Placement API composable serviceEmilien Macchi1-0/+1
Add support to deploy Nova Placement API service in TripleO. Change-Id: Ie41ebc362a0695c8f55419e231100c63007405ed
2017-01-16Remove Glance Registry serviceEmilien Macchi1-1/+0
Glance registry is not required for the v2 of the API and there are plans to deprecate it in the glance community. Let's remove v1 support since it has been deprecated for a while in Glance. Depends-On: I77db1e1789fba0fb8ac014d6d1f8f5a8ae98ae84 Co-Authored: Flavio Percoco <flaper87@gmail.com> Change-Id: I0cd722e8c5a43fd19336e23a7fada71c257a8e2d
2017-01-13HPELeftHandISCSIDriver support for Cinderchinthagovardhan1-0/+1
Cinder configuration with HPELeftHandISCSIDriver for VSA storage Change-Id: Iaefbf38522069f6c636130e357f19a7fb7d54fe4
2017-01-13Merge "Add THT for networking-fujitsu"Jenkins1-0/+1
2017-01-11Merge "Remove unused pacemaker profiles"Jenkins1-1/+0
2017-01-10Add support for the deployment of Ceph MDSGiulio Fidente1-0/+1
This change adds a CephMds service, disabled by default, on the Controller role and an environment file to enable it. Change-Id: If7cb46319038a80ed52f753a623989885e1b7da4 Depends-On: Iaecc3ff7acb851776c5057c42a5a513a70425d2c Partial-Bug: #1644784
2017-01-10Add THT for networking-fujitsuKoki Sanagi1-0/+1
Introduce THT for networking-fujitsu. networking-fujitsu is a neutron ML2 plugin which enables FUJITSU C-Fabric switch in OpenStack environment. This templates deploy overcloud with C-Fabric switch. Change-Id: Iee75a1a30552d8dc9f55f52d10b0dc2b623992ef Implements: blueprint integration-networking-fujitsu Depends-On: I37a502b43eb7d91bfe20625248ed117eae3ca535 Depends-On: I5eb2c2a9c50b5991d62f4b6d74b83351c86b02de
2017-01-06Remove unused pacemaker profilesMichele Baldessari1-1/+0
With change I80c8559bb2d915385bcc20ae71fe144ddd6591c1 we removed all the unused puppet-tripleo pacemaker profiles. With this change we remove the corresponding puppet profiles from tripleo-heat-templates. We can also remove any trace of the fake ::Core service as it was introduced via Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8 for the fake openstack-core pacemaker resource during the Mitaka cycle and became unused in Newton. Change-Id: I48cd2b6a4593d673d5883b45feae088392e7e713
2017-01-04Merge "Add pre-network hook and example showing config-then-reboot"Jenkins1-0/+1
2016-12-23Merge "Split OVN northd and ml2 plugin"Jenkins1-0/+2
2016-12-22Merge "Introduce role-specific NodeUserData, use for docker"Jenkins1-0/+4
2016-12-22Add hook to generate metadata from service profilesJuan Antonio Osorio Robles1-0/+2
This enables the deployer to dynamically add nova metadata to the servers based on the output of service profiles that implement the metadata_settings key in the role_data output for the profiles. One can set an implementation via the OS::TripleO::ServerMetadataHook resource, which currently is set as OS::Heat::None. So, because of the default implementation, if left untouched it actually does nothing. Currently, besides the list, which is metadata_settings, this hook also takes the name of the node that it's setting the metadata for. This is useful for nova vendordata plugins that can parse said metadata. Change-Id: I8a937f711f0b90156fbb6c4632760435ef846474
2016-12-19Introduce role-specific NodeUserData, use for dockerSteve Baker1-0/+4
Currently when the docker environments are invoked, every node has the boot script run which replaces os-collect-config with the heat-agents container. This should only be happening on Compute nodes currently, and each role will be converted to heat-agents one at a time. This change implements a role-specific NodeUserData resource and uses that mechanism to run docker/firstboot/install_docker_agents.yaml only on Compute nodes. Change-Id: Id81811dbcaf0e661c3980aa25f3ca80db5ef0954
2016-12-19Split OVN northd and ml2 pluginSteven Hardy1-0/+2
This allows us to take advantage of the composable roles hiera settings to connect the plugin to the northd/ovndb API without needing to hard-code the IP of the node running the service. Change-Id: I2508d48f81c1819ae3521fff271c0bdc50724604 Depends-On: I9af7bd837c340c3df016fc7ad4238b2941ba7a95 Closes-Bug: #1634171
2016-12-15Add pre-network hook and example showing config-then-rebootSteven Hardy1-0/+1
There are some requirements for early configuration that involves e.g setting kernel parameters then rebooting. Currently this can be done via cloud-init, e.g firstboot templates, but there's been discussion around enabling a SoftwareDeployment approach instead. The main advantage of doing it this way is there's an error path if something goes wrong with the config (except triggering the reboot as we have to use NO_SIGNAL for that). Change-Id: Ia54ee654f755631b8062eb5c209a60c6f9161500
2016-12-11Add a type for the ControlVirtualIP resourceDan Prince1-0/+1
This patch adds a new type called: OS::TripleO::Network::Ports::ControlPlaneVipPort This defaults to a normal OS::Neutron::Port object but can be mocked out for some implementations like when installing the undercloud where neutron doesn't exist. Change-Id: Iebf2428432a98a9d789b206ce973599adbc0af8f
2016-12-02Merge "Composable Zaqar services"Jenkins1-0/+1
2016-12-01Initial support for composable upgrades with Heat+AnsibleSteven Hardy1-0/+4
This shows how we could wire in the upgrade steps using Ansible as was previously proposed e.g in https://review.openstack.org/#/c/321416/ but it's more closely integrated with the new composable services architecture. It's also very similar to the approach taken by SpinalStack where ansible snippets per-service were combined then run in a series of steps using Ansible tags. This patch just enables upgrade of keystone - we'll add support for other patches in subsequent patches. Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: I39f5426cb9da0b40bec4a7a3a4a353f69319bdf9
2016-11-29Merge "Stop using puppet to configure VIPs in /etc/hosts"Jenkins1-1/+0
2016-11-27Stop using puppet to configure VIPs in /etc/hostsDan Prince1-1/+0
This patch drops use of the vip-hosts.yaml service which can cause issues during deployment because puppet 'hosts' resources overwrite the data in /etc/hosts. The only reason things seem to work at all at the moment is because our hosts element in t-i-e runs on each os-refresh-config iteration and re-adds the dropped hosts entries. To work around the issue we add a conditional which selectively adds the extra hosts entries only if the AddVipsToEtcHosts is set to true. Closes-bug: 1645123 Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
2016-11-25Enable TLS in the internal networkf or MysqlJuan Antonio Osorio Robles1-0/+1
This adds the necessary hieradata for enabling TLS for MySQL (which happens to run on the internal network). It also adds a template so this can be done via certmonger. As with other services, this will fill the necessary specs for the certificate to be requested in a hash that will be consumed in puppet-tripleo. Note that this only enables that we can now use TLS, however, we still need to configure the services (or limit the users the services use) to only connect via SSL. But that will be done in another patch, as there is some things that need to land before we can do this (changes in puppetlabs-mysql and puppet-openstacklib). Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118 Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4