aboutsummaryrefslogtreecommitdiffstats
path: root/overcloud-resource-registry-puppet.j2.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-04-25Merge "SSHD Service extensions" into stable/ocataJenkins1-1/+1
2017-04-25Merge "SSH known_hosts config" into stable/ocataJenkins1-0/+2
2017-04-21SSHD Service extensionsLuke Hinds1-1/+1
This change implements a MOTD message and provides a hash of sshd config options which are sourced to the puppet-ssh module as a hash. The SSHD puppet service is enabled by default, as it is required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293. Also added the service to the CI roles. Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e Depends-On: I1d09530d69e42c0c36311789166554a889e46556 Closes-Bug: #1668543 Co-Authored-By: Oliver Walsh <owalsh@redhat.com> (cherry picked from commit 5e14f95a4a46fcf88293f1b0fa93327566614d43)
2017-04-21Merge "Update Dell EMC Cinder back end services" into stable/ocataJenkins1-0/+3
2017-04-21Merge "Add composable role support for NetApp Cinder back end" into stable/ocataJenkins1-0/+1
2017-04-20SSH known_hosts configOliver Walsh1-0/+2
Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c (cherry picked from commit 7d3552a105ad5aa62cad0998c11df5ec6bd06ed6)
2017-04-12Update Dell EMC Cinder back end servicesAlan Bishop1-0/+3
Add services for Dell EMC Cinder back ends to the resource registry and to the Controller role (defaulting to OS::Heat::None). Closes-Bug: #1681497 Change-Id: I694fd7738abd3601851bdcd38e3633607ce6152c (cherry picked from commit 5fb637c611c3c8c4daf8e8d2f06d5579b9ef34fd)
2017-04-12Add composable role support for NetApp Cinder back endAlan Bishop1-0/+1
Convert NetApp Cinder back end to support composable roles via new "CinderBackendNetApp" service. Closes-Bug: #1680568 Change-Id: Ia3a78a48c32997c9d3cbe1629c2043cfc5249e1c (cherry picked from commit c533a3219e47c5a6155e85e089b9f8acdb4a3dd6)
2017-04-11Decouple Swift ringbuilding logicChristian Schwede1-3/+0
This reverts commit b323f8a16035549d84cdec4718380bde3d23d6c3 and uses the new logic in puppet-tripleo, basically doing the same. Closes-Bug: 1665641 Depends-On: Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b Change-Id: Ib5cb0578be2993af0a0b8675005d838640bdb139 (cherry picked from commit 76c1c0cbba38b2f25290f5ad80e38ddd97ae834b)
2017-04-05Generate Pre/Post Puppet Tasks for all rolesJames Slagle1-2/+4
We need to generate the Pre and Post Puppet Tasks for all roles, not just the Controller role. Otherwise, you have to have a role specifically named Controller that is running your pacemaker services, or pacemaker won't be properly handled on stack-updates. When using deployed-server's it's actually not possible to have a role called Controller, since we need to use all custom roles so that we can set disable_contraints on each role. Further, it is not possible to redefine the Controller role since puppet/controller-role.yaml is listed in the excludes file. Change-Id: I737b24db90932e292b50b122640f66385f2d1c23 Partial-Bug: #1665060 (cherry picked from commit 529768ae84f7713f2ae9447ff35ee2d63b4bdcd7)
2017-02-22Merge "Make the DB URIs host-independent for all services" into stable/ocataJenkins1-0/+1
2017-02-21Enable panko service by default on overcloudPradeep Kilambi1-1/+1
There are other applications still relying on panko and not enabling by default is causing integration concerns. Closes-bug: #1666619 Change-Id: I615694ca5f5a04fef4b0098c8083fb43432bb81f (cherry picked from commit 161cd3cbe3b7b01bfa31dbca1a2f60284155cef7)
2017-02-20Make the DB URIs host-independent for all servicesMichele Baldessari1-0/+1
When fixing LP#1643487 we added ?bind_address to all DB URIs. Since this clashes with Cellsv2 due to the URIs becoming host dependent, we need a new approach to pass bind_address to pymysql that leaves the DB URIs host-independent. In change Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18 we first create a /etc/my.cnf.d/tripleo.cnf file with a [tripleo] section with the correct bind-address option. In this change we make sure that the DB URIs will point to the added file and to the specific section containing the necessary bind-address option. We do introduce a new MySQLClient profile which will hold all this more client-specific configuration so that this change can fit better in the composable roles work. Also, in the future it might contain the necessary configuration for SSL for example. Note that in case the /etc/my.cnf.d/tripleo.cnf file does not exist (because it is created via the mysqlclient profile), things keep on working as usual and the bind-address option simply won't be set, which has no impact on hosts where there are no VIPs. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: Ieac33efe38f32e949fd89545eb1cd8e0fe114a12 Related-Bug: #1643487 Closes-Bug: #1663181 Closes-Bug: #1664524 Depends-On: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18 (cherry picked from commit 90431683b5927abb066d7964d513828b5488001c)
2017-02-18Merge "Apply post-upgrade step to not run puppet in post upgrade" into ↵Jenkins1-1/+1
stable/ocata
2017-02-17Automatically backup and restore Swift rings from the undercloudChristian Schwede1-0/+3
Swift rings created or updated on the overcloud nodes will now be stored on the undercloud at the end of the deployment. An additional consistency check is executed before storing them, ensuring all rings within the cluster are identical. These rings will be retrieved (before Puppet runs) by every node when an UPDATE is executed, and by doing this will be in a consistent state across the cluster. This makes it possible to add, remove or replace nodes in an existing cluster without manual operator interaction. Closes-Bug: 1609421 Depends-On: Ic3da38cffdd993c768bdb137c17d625dff1aa372 Change-Id: I758179182265da5160c06bb95f4c6258dc0edcd6 (cherry picked from commit b323f8a16035549d84cdec4718380bde3d23d6c3)
2017-02-17Apply post-upgrade step to not run puppet in post upgradeMathieu Bultel1-1/+1
In the environment file: environments/major-upgrade-composable-steps.yaml we don't want to run puppet in certains roles in post upgrade because we need to make some extra tasks on this nodes and run puppet on converge step Change-Id: I38fc5772cdb4a7df7979beb2e7475c70f34076a7 (cherry picked from commit b3b04eb0d22d776902462811d54bcd270e0fab73)
2017-02-10adding Congress SupportDan Radez1-0/+1
Depends-On: Ic74ccd5fa7b3b04ca810416e5160463252f17474 Implements: blueprint congress-service-integration Change-Id: Ie60540c340c0eb71ff376aba65507a8bb3e909b6 Signed-off-by: Dan Radez <dradez@redhat.com>
2017-02-09Adding Tacker SupportDan Radez1-0/+1
Depends-On: Ide0e60f3b7a3733788af4337c1c39b4a956c876f Depends-On: I3d6bbc05644e840395f87333ec80e3b844f69903 Depends-On: Idf6abcb7fe766546cb362ad4afe54f4bccd9c994 Implements: blueprint tacker-service-integration Change-Id: Ibddc81561f6e6ba671bd01a9251c57d3ad67ba8c Signed-off-by: Dan Radez <dradez@redhat.com>
2017-02-09Merge "Re-organizes Contrail services to the correct roles"Jenkins1-6/+0
2017-02-08Re-organizes Contrail services to the correct rolesMichael Henkel1-6/+0
In current setup some Contrail services belong to the wrong roles. The Contrail control plane can be impacted if the Analytics database has problems. Change-Id: I0d57a2324c38b5b20cc687c6217a7a364941f7e6 Depends-On: Id0dd35b95c5fe9d0fcc1e16c4b7d6cc601f10818 Closes-Bug: #1659560
2017-02-08Merge "implement a collectd composable service"Jenkins1-0/+1
2017-02-07Merge "Add registry and role service list entries for Octavia"Jenkins1-0/+4
2017-02-07implement a collectd composable serviceLars Kellogg-Stedman1-0/+1
The collectd composable service permits an operator to configure collectd metrics collection as part of the overcloud install. Depends-on: I03cfbd96778a76125d18e2ca2f48d96e292608de Change-Id: I143565329f5128f15cc39c9b62a6b242666383ab
2017-02-03Add registry and role service list entries for OctaviaBrent Eagles1-0/+4
This patch adds the Octavia services to the registry and controller role (disabled by default). Also included is an example environment file for enabling the services and required configuration. The API service profile is also amended configure the load balancer service provider in neutron to point to the octavia load balancer driver. Change-Id: I7f3bba950f5b1574ba842a39e93a8ac2b1ccf7bb Partially-implements: blueprint octavia-service-integration
2017-02-03Disable puppet on upgrade for roles not upgradingSteven Hardy1-1/+1
Where the role has disabled upgrades, we need to skip both the ansible and puppet steps. To do this we refactor the post.j2.yaml so that it can be included in the upgrade template with an adjusted list of roles. Note this requires https://review.openstack.org/#/c/425220/ - this change will be required for local testing of this patch (run mistral-db-mange populate after updating tripleo-common and restart the mistral services, or update your repos and re-run openstack undercloud install). Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: Ie7d0fa6fef3528bd93e6cde076b964ea8de3185a
2017-01-27Add AuditD composable serviceSteven Hardy1-0/+1
This patch allows the management of the AuditD service and its associated files (such as `audit.rules`) This is achieved by means of the `puppet-auditd` puppet module. Also places ssh banner capabilities map on top of patch Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
2017-01-27Merge "Adds SSH Banner text into sshd_config"Jenkins1-0/+1
2017-01-26Add Ceph RBD mirror Pacemaker profileGiulio Fidente1-0/+1
This change adds a profile to deploy the Ceph RBD mirroring daemon as a Pacemaker resource. Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948 Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789 Closes-Bug: #1652177
2017-01-26Adds SSH Banner text into sshd_configLuke Hinds1-0/+1
Allow use of ooo template to populate banner text into /etc/issue Change-Id: If5b2da9415f10652a0a64503b2da4b63d1018640 Depends-On: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e Closes-Bug: #1640306
2017-01-25Merge "Add ec2-api service"Jenkins1-0/+1
2017-01-25Merge "Add glance registry service to disable on upgrade"Jenkins1-0/+1
2017-01-25Merge "pacemaker remote profile support"Jenkins1-0/+1
2017-01-24Add glance registry service to disable on upgradeSteven Hardy1-0/+1
We've broken the upgrade job because anyone upgrading with the glance registry deployed (and defined in their *Services parameters) will try to deploy with the old glance-registry.yaml defined in heat. Instead we define a template which stops and disables the service on upgrade. Closes-Bug: #1659079 Change-Id: I03561954d794afae2be06811375d16611fa45973
2017-01-24Pass parameters for TLS proxy in front of Glance-APIJuan Antonio Osorio Robles1-0/+1
If TLS in the internal network is enabled, we run glance-api beind a TLS proxy (which is actually httpd's mod_proxy). This passes the necessary hieradata. bp tls-via-certmonger Change-Id: I693213a1f35021b540202240e512d121cc1cd0eb Depends-On: Id35a846d43ecae8903a0d58306d9803d5ea00bee
2017-01-24Add ec2-api serviceSven Anderson1-0/+1
This change adds the ec2api service using the tripleo::profile::base::nova::ec2api profile. The deprecated nova-cert service is not supported, and therefore the RegisterImage action is not supported either. Change-Id: I2510fd4ed935d8423216fff9ce3adf2d69c9c804 Depends-On: If4b091e1ca02f43aa9c65392baf8ceea007b7cfb
2017-01-24pacemaker remote profile supportMichele Baldessari1-0/+1
This adds a pacemaker_remote puppet service so that an operator can automatically deploy pacemaker-remote on nodes of his choice. Change-Id: I9678606b3de9b9f4c03014b33c1dd27fcba67513 Depends-On: I581552dfa64160e2f82f6a9b8f2ae521c3d6da8d Depends-On: I92953afcc7d536d387381f08164cae8b52f41605
2017-01-23Merge "Add THT for fossw ML2 plugin in networking-fujitsu"Jenkins1-0/+1
2017-01-19Add THT for fossw ML2 plugin in networking-fujitsuKoki Sanagi1-0/+1
Introduce THT for fossw ML2 plugin in networking-fujitsu. networking-fujitsu is a neutron ML2 plugin which enables several FUJITSU switch products in OpenStack environment. This templates deploy overcloud with FOS switch. Change-Id: I977dbecbf9f6f9725f7fb5ca4745b537a73975ff Implements: blueprint integration-fossw-networking-fujitsu Depends-On: I044c5812bbc5cd3de4bc33556cffbe5bad8e64cf Depends-On: I79df6b6a27d95f0c0e2c87207ab80235a4efccfc
2017-01-19Adds etcd composable serviceFeng Pan1-0/+1
etcd is used by networking-vpp ML2 driver as the messaging mechanism. This patch adds etcd service which can be used by other services. Implements: blueprint fdio-integration-tripleo Depends-on: Idaa3e3deddf9be3d278e90b569466c2717e2d517 Change-Id: I8ae1e2c9b0c3d6f448e1da712100938d011289f5 Signed-off-by: Feng Pan <fpan@redhat.com>
2017-01-18Merge "Remove Glance Registry service"Jenkins1-1/+0
2017-01-17Merge "Nova Placement API composable service"Jenkins1-0/+1
2017-01-17Nova Placement API composable serviceEmilien Macchi1-0/+1
Add support to deploy Nova Placement API service in TripleO. Change-Id: Ie41ebc362a0695c8f55419e231100c63007405ed
2017-01-16Remove Glance Registry serviceEmilien Macchi1-1/+0
Glance registry is not required for the v2 of the API and there are plans to deprecate it in the glance community. Let's remove v1 support since it has been deprecated for a while in Glance. Depends-On: I77db1e1789fba0fb8ac014d6d1f8f5a8ae98ae84 Co-Authored: Flavio Percoco <flaper87@gmail.com> Change-Id: I0cd722e8c5a43fd19336e23a7fada71c257a8e2d
2017-01-13HPELeftHandISCSIDriver support for Cinderchinthagovardhan1-0/+1
Cinder configuration with HPELeftHandISCSIDriver for VSA storage Change-Id: Iaefbf38522069f6c636130e357f19a7fb7d54fe4
2017-01-13Merge "Add THT for networking-fujitsu"Jenkins1-0/+1
2017-01-11Merge "Remove unused pacemaker profiles"Jenkins1-1/+0
2017-01-10Add support for the deployment of Ceph MDSGiulio Fidente1-0/+1
This change adds a CephMds service, disabled by default, on the Controller role and an environment file to enable it. Change-Id: If7cb46319038a80ed52f753a623989885e1b7da4 Depends-On: Iaecc3ff7acb851776c5057c42a5a513a70425d2c Partial-Bug: #1644784
2017-01-10Add THT for networking-fujitsuKoki Sanagi1-0/+1
Introduce THT for networking-fujitsu. networking-fujitsu is a neutron ML2 plugin which enables FUJITSU C-Fabric switch in OpenStack environment. This templates deploy overcloud with C-Fabric switch. Change-Id: Iee75a1a30552d8dc9f55f52d10b0dc2b623992ef Implements: blueprint integration-networking-fujitsu Depends-On: I37a502b43eb7d91bfe20625248ed117eae3ca535 Depends-On: I5eb2c2a9c50b5991d62f4b6d74b83351c86b02de
2017-01-06Remove unused pacemaker profilesMichele Baldessari1-1/+0
With change I80c8559bb2d915385bcc20ae71fe144ddd6591c1 we removed all the unused puppet-tripleo pacemaker profiles. With this change we remove the corresponding puppet profiles from tripleo-heat-templates. We can also remove any trace of the fake ::Core service as it was introduced via Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8 for the fake openstack-core pacemaker resource during the Mitaka cycle and became unused in Newton. Change-Id: I48cd2b6a4593d673d5883b45feae088392e7e713
2017-01-04Merge "Add pre-network hook and example showing config-then-reboot"Jenkins1-0/+1