Age | Commit message (Collapse) | Author | Files | Lines |
|
This is arguably more important than passwords as it allow rooting
keystone :).
Change-Id: I12d8ae0f096480112a82d7598eedae64a6fbd861
|
|
Nova defaults to trying to allocate floating ips from a neutron
network called 'nova' but we called our external one ext-net (which
various Neutron documentation uses), so we need to override it or the
nova floating-ips extension isn't usable [without explicitly setting a
pool in the API calls].
Partial-Bug: #1239450
Change-Id: I1ef78642bdc1f19d25422961350e4f02a8f6c16f
|
|
I'm having a minor OCD moment.
Change-Id: I49cdf078d24a38dcdb1f2801764dbcbd6dd10ccf
|
|
The intent here is that the undercloud default route will be discard,
but the router kept for access to the metadata service, and this
specified route will be used for all other traffic.
Change-Id: Idf3f8252c4d4be30839d9d08ad7d4ce49538f04e
|
|
In the CD overcloud we need to use a VLAN for public traffic.
Change-Id: I8d674e1ae58063d9be338023819f174d1bc028e4
|
|
This is already supported by the ovs agent, but we didn't need it for
the emulated overclouds. Now we're working on bare metal, it's needed
for some deployments.
Change-Id: Ibb41c40d371e4c153a84fd09c370b158add75b81
|
|
Not all machines use eth0 :).
Change-Id: I2d0cfd8df46e7eda1b7db2ea5c8e84d3e970c862
|
|
Change-Id: I3a84cf52cc46f0c338319a046d77edb2a9b29c45
|
|
Without this we need horrible hacks to detect whether the cloud is
ready to use.
Change-Id: Ic5c5fd16c6c283d3d339e1f1238d3349d0b93f7c
|
|
This prevents secret values being returned for stack-show.
Change-Id: I82eff26fda31511b66c6371f6ded2a5fb559f3fb
Fixes-Bug: #1226730
|
|
Some references to first_private_address were missed and some of the
Fn::Select calls were only half-completed.
Change-Id: I92a4e5e67784e5d64ec6e44ddcac55762cde81eb
|
|
The OpenStack native OS::Nova::Server gives us the full list of
networks rather than AWS::EC2::Instance's contrived view of 'private'
and 'public'. We know we want ctlplane, and use Fn::Select to choose
that network directly. The outer Fn::Select is meant to choose the
first network every time, which may not always be correct, but is at
this point.
Change-Id: Iae54ab8d9ac8d84f4f6e2f86ac1b66aacb687473
|
|
Update the PrivateIp attribute to first_private_address as a result of
the change to the OS::Nova::Server type.
Change-Id: Id90f8c7c4e0217e1f94d3e5134744a810390e7b7
|
|
So that it can be a snowflake! (unique).
Change-Id: Ic823620ace7df5636cd9ff16dcd7476654692e6c
|
|
No longer needed, less globals == win.
Change-Id: I2872e5a8775a09b2e857ef082f3b86109785a126
|
|
Another service converted to match the keystone model of unique
accounts per service.
Change-Id: I62fce289a7032138be3aca8c74df499c2b1fde28
|
|
The in-instance scripts are about to require this.
Change-Id: I0260da5502639acc60b2791e9f957952f7ab5956
|
|
The instance config is about to require this.
Change-Id: Ia778a7f5926b54758e73a4ee0940ef42fe5be6a9
|
|
Change-Id: I4745627508e8b6b687fc17527cdd3c41d09b0d80
|
|
The in-instance scripts are being fixed to not confuse the admin
password with the neutron service password.
Change-Id: I341574bb838a9563120791b9ac014d75274a96aa
|
|
We use the admin password in in-instance scripts that configure e.g.
nagios from the cloud metadata, but production clouds will all have
unique passwords - it has to be a parameter.
Change-Id: I1f6c697ce27580fd669c7623e7fcea4c96ec62d0
|
|
Because unique is good for auth secrets.
Change-Id: Iaadc102d11d68d7fc059e62bd992de7ee6f2c818
|
|
The file was using the old 0.0.0.0 method from heat-localip, but it was
missed when converting the other templates to a split Metadata approach
to enable a machine to know its own IP.
Change-Id: I0b117de12416a52950b1c7079f659df8649d67f9
|
|
Previously we could not feed the IP of an instance into its own
Metadata because of circular dependency problems. 0.0.0.0 was used
with the heat-localip element to work around this problem. This
caused problems though, as heat-localip would edit the source local
heat metadata, which would make cfn-hup and/or os-collect-config think
that the Metadata had changed, causing it to restart everything every
time we query the Metadata, which was about every five minutes.
Now we can just query this inert LaunchConfiguration resource to get
its' Metadata once it is ready. This resource will only change when
legitimate things are changed in the stack, and so we won't restart
everything every five minutes anymore. Note that when the native Heat
DSL lands, the OS::Heat::SoftwareConfig resource is meant for exactly
this purpose.
After this is merged we no longer need the heat-localip element.
Fixes bug #1202322
Change-Id: Id06323ba43203570eeebfa5b3d03fa56c16c0c10
|
|
Os-collect-config is meant to replace cfn-hup from heat-cfntools. It
allows pulling from multiple metadata sources and runs continuously.
Fixes bug #1211289
Change-Id: Ia4e9127fb79048bd1022b32a37272f8463a774ae
|
|
In nova-compute-instance.yaml, we need to use resource names that are
unique within the entire set of resources that may be merged or
included. However, we need the instance resource name to _match_ the
one in overcloud-source.yaml so that its own access policies can
function.
Without this change we will not have unique users and Metadata access
keys/policies for compute and controller.
Change-Id: Iebde7e6adede4984f4f693cf2d57b6fadb8be558
|
|
Also change default to '' as null is not technically allowed as a
string default in cloudformation (Heat accidentally allows this).
Os-apply-config, via pystache, will still treat this as false for
the purposes of checking if it is set or not.
Change-Id: Ia02dbcf619bdc92647f1d21157fa4a8e3f749de3
|
|
The overcloud control plane needs to bring up an ovs bridge for the
ovs plugin hot-plugging and floating ip logic to work. The previous
in-instance script didn't migrate IP address and route information. We
can do that by using the core ovs script we wrote for baremetal setups
- triggered by setting the physical interface parameter.
Change-Id: I6d6b09140ee751371607c0963dc76cc5b95f7674
|
|
This is supplied to neutron etc via API calls - having it in Heat
leads to having redundancy, confusion and tricky scripts. Incubator
now has scripts to configure this and instances won't consult these
keys.
Change-Id: Ia45d9bf5bb326ec88f9f4a48c5520570cf5b6d72
|
|
These values were missed in the initial overcloud-source.yaml.
nova.metadata-proxy is required to allow vms to communicate with the
EC2-style metadata service.
quantum.ovs.fixed_range constraints DHCP allocation for the undercloud,
but in the overcloud we do not want this constraint because the individual
subnets we define will do that. quantum.ovs.ovs_range configures the
range of ips that can be assigned to the tenant subnets.
Change-Id: If7191fa8baf1209ae33b9e8200f52ea0ade97810
|
|
Previously these would have to be set for overcloud at runtime, but we
have good sane defaults now, and for nova-compute-instance we are able
to feed them in using the appropriate references with Fn::GetAtt.
Change-Id: Idfff2885bf2afa58b2dec84f06639198e411eae2
|
|
Change-Id: Ie9d45ea5e26e38e8782e7a3d0a626e36090f5388
|