Age | Commit message (Collapse) | Author | Files | Lines |
|
This adds a parameter for each role, where optional scheduler hints
may be passed to nova. One potential use-case for this is using
the ComputeCapabilities to pin deployment to a specific node (not
just a specific role/profile mapping to a pool of nodes like we
have currently documented in the ahc-match docs).
This could work as follows:
1. Tag a specific node as "node:controller-0" in Ironic:
ironic node-update <id> replace properties/capabilities='node:controller-0,boot_option:local'
2. Create a heat environment file which uses %index%
parameters:
ControllerSchedulerHints:
'capabilities:node': 'controller-%index%'
Change-Id: I79251dde719b4bb5c3b0cce90d0c9d1581ae66f2
|
|
|
|
Exposing 'instance_name_template' to be set via
extra config for nuage-metadata-agent to function
Making nova::api::admin_tenant_name
available on the compute node which is
required by nuage-metadata-agent service
Making KeystonePublicApiVirtualIP available
on the compute node, which is used by the
nuage-metadata-agent to build the auth-url
Change-Id: I9736015e18cebf32b07940bf559063b60085f2fb
|
|
Some Nova hooks might require custom properties/metadata set for the
servers deployed in the overcloud, and this would enable us to inject
such information.
For FreeIPA (IdM) integration, there is effectively a Nova hook that
requires such data.
Currently this inserts metadata for all servers, but a subsequent CR
will introduce per-role metadata. However, that was not added to this
because it will require the usage of map_merge. which will block those
changes to be backported. However, this one is not a problem in that
sense.
Change-Id: I98b15406525eda8dff704360d443590260430ff0
|
|
|
|
|
|
|
|
Introduce configuration of the nodes' domains through a parameter.
Change-Id: Ie012f9f2a402b0333bebecb5b59565c26a654297
|
|
Added ExtraConfig templates and environment files for Nuage specific parameters.
Modified overcloud_compute.pp and overcloud_controller.pp to conditionally
include Nuage plugin and agents.
Change-Id: I95510c753b0a262c73566481f9e94279970f4a4f
|
|
|
|
* Fixed a comment to avoid ambiguity with concepts in Heat
* Removed default values from necessary parameters in the TLS
environment
* Simplified setting of the cert/key into a file.
Change-Id: I351778150a6fbf7affe1a0fddb1abb9869324dfc
|
|
Following parameters will be user configurable:
1. enable_dhcp_agent
2. enable_metadta_agent
3. enable_l3_agent
4. enable_ovs_agent
This change was made as the Nuage plugin does not require these
services to come up as a part of the installation.
Now, a user can explicitly disable these services using a heat
template.
Change-Id: Ic132ecbb2e81a3746f304da1cecdc66d0342db72
|
|
|
|
|
|
|
|
Provides a simple mechanism to verify the correct certificates
landed.
A quick and simple way to verify SSL certificates were generated for
a given key is by comparing the modulus of the two. By outputing
the key modulus and certificate modulus we offer a way to verify
that the right cert and key have been deployed without compromising
any of the secrets.
Change-Id: I882c9840719a09795ba8057a19b0b3985e036c3c
|
|
This commit enables the injection of a trust anchor or root
certificate into every node in the overcloud. This is in case that the
TLS certificates for the controllers are signed with a self-signed CA
or if the deployer would like to inject a relevant root certificate
for other purposes. In this case the other nodes might need to have
the root certificate in their trust chain in order to do proper
validation
Change-Id: Ia45180fe0bb979cf12d19f039dbfd22e26fb4856
|
|
Adds control over the load balancer deployment via template param.
Change-Id: I5625083ff323a87712a5fd3f9a64dd66d2838468
|
|
|
|
This is a first implementation of adding TLS termination to the load
balancer in the controllers. The implementation was made so that the
appropriate certificate/private key in PEM format is copied to the
appropriate controller(s) via a software deployment resource.
And the path is then referenced on the HAProxy configuration, but this
part was left commented out because we need to be able to configure the
keystone endpoints in order for this to work properly.
Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79
|
|
We don't necessarily want the network configuration to be reapplied
with every template update so we add a param to configure on which
action the NetworkDeployment resource should be executed.
Change-Id: I0e86318eb5521e540cc567ce9d77e1060086d48b
Co-Authored-By: Dan Sneddon <dsneddon@redhat.com>
Co-Authored-By: James Slagle <jslagle@redhat.com>
Co-Authored-By: Jiri Stransky <jstransk@redhat.com>
Co-Authored-By: Steven Hardy <shardy@redhat.com>
|
|
Consume puppet-tripleo to create/manage IPtables from Heat templates.
This review put in place the logic to enable and setup firewall rules.
A known set of rules are applied. More to come.
Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22
Co-Authored-By: Yanis Guenane <yguenane@redhat.com>
Depends-On: I144c60db2a568a94dce5b51257f1d10980173325
|
|
|
|
* Add NovaApiVirtualIP string parameter.
* Compute nova_url and nova_admin_auth_url parameters.
* Configure in Hiera neutron::server::notifications::* parameters.
* non-ha: include ::neutron::server::notifications
* ha: include ::neutron::server::notifications and create orchestration
* Set vif_plugging_is_fatal to True so we actually fail if Neutron is not
able to create the VIF during Nova server creation workflow.
Depends-On: I21dc10396e92906eab4651c318aa2ee62a8e03c7
Change-Id: I02e41f87404e0030d488476680af2f6d45af94ff
|
|
* Use the parameter in Puppet configuration (Hiera) to configure neutron
BZ-1273303
Change-Id: Ic5a7a1f13fd2bc800cadc3a78b1daadbc0394787
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
|
|
|
|
This change adds support for enabling/disabling L2 population in
Neutron agents. It currently defaults to false.
Change-Id: I3dd19feb4acb1046bc560b35e5a7a111364ea0d7
|
|
|
|
|
|
|
|
Because many of the service endpoints URLs use the same patterns for
generating the URLs it makes sense to use the same templates to reduce
the copy and paste.
In the process also adds support for explicitly specifying hostnames
for use in the endpoints. Note: DNS must be pre-configured. The
Heat templates do not directly configure DNS.
Change-Id: Ie3270909beca3d63f2d7e4bcb04c559380ddc54d
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
|
|
Currently rabbit username and password are defaulted and attempting
to use anything else would result in a failure during deployment.
Change-Id: I8a2e240a19f915309eee45ea3c3368d131af6c1b
Related: rhbz#1261303
|
|
This reverts commit 86d6c1ddc76bad423194e789ffb5474e4e12960e.
This likely has an impact on upgrades, and since we don't
have an upgrade CI job yet I'm concerned that we may have
just broken ourselves. I would prefer to wait to merge this
until the CI job is in place.
Change-Id: Ib2366cb4b40471a28122f6e9955da9bdb31a53fb
|
|
This is the second change of a servies of two, it creates the
user, user_role, service and endpoint for:
* glance
* nova
* neutron
* cinder
* horizon
* swift
* ceilometer
* heat
Change-Id: I50e792d98a2ba516ff498c58ad402f463c5f7e76
|
|
Currently keystone initialization happens via os-cloud-config [1].
This commit moves some of that directly into the manifests. This is the
first in a series of two changes to migrate it entirely into t-h-t.
This change focus on implementing what keystone.initialize() was doing
on the tripleoclient [2], creates the admin tenant, user and roles.
It also creates the keystone endpoint itself.
1. https://github.com/openstack/os-cloud-config/blob/master/os_cloud_config/keystone.py#L128-L158
2. https://github.com/openstack/python-tripleoclient/blob/master/tripleoclient/v1/overcloud_deploy.py#L462-L527
Change-Id: I98555b707ff9b91c6e218de5dca68106ea05c8ea
Depends-On: Ia4b3244f114dcff746ab89d355ad4933f8fdbddf
|
|
|
|
The password was being passed incorrectly to the mysql address used for
ceilometer.
Change-Id: I36d92e199d6d75b58ef8c1b66a2dfbcb7052f948
|
|
Adds support for NFS backend in Glance by allowing the storage directory
for the 'file' backend to be a mount managed by Pacemaker. Default
behavior is unchanged.
Since the Pacemaker-related parameters are not exposed on top level,
change storage-environment.yaml to use parameter_defaults instead of
parameters.
Depends on a Heat fix for environment file's parameter_defaults to
work well with JSONs and comma delimited lists (see Depends-On).
Change-Id: I6e7e2eaf6919b955650c0b32e1629a4067602c89
Depends-On: I85b13a79dbc97a77e20c0d5df8eaf05b3000815e
|
|
|
|
This commits aims to allow a user to specify several ntp servers and not
just one.
Example:
openstack overcloud deploy --templates --ntp-server
0.centos.pool.org,1.centos.pool.org
Change-Id: I4925ef1cf1e565d789981e609c88a07b6e9b28de
|
|
|
|
|
|
Currently only Glance and Heat have their virtual IP passed to the
contrller directly.
This commit adds the same feature for :
* Ceilometer
* Cinder
* Nova
* Swift
Change-Id: I295d15d7a0aa33175a5530e3b155b0c61983b6ae
|
|
Together with [1] this change permits to parameterize the file
descriptor limit for RabbitMQ for both the Systemd startup script
and the Pacemaker resource agent.
1. https://github.com/puppetlabs/puppetlabs-rabbitmq/commit/20325325b977c508b151ef8036107dcfefdf990b
Closes-Bug: 1474586
Change-Id: I62d31e483641ccb5cf489df81146ecb31d0c423f
|
|
This commit aims to allow a deployer to specify where to send haproxy's
logs. It is backward compatible with what is already in place and send
the logs to the UNIX socket /dev/log
The value specified here will be written in the haproxy.cfg file with
the following behavior
HAProxySyslogAddress: 127.0.0.1 -> log 127.0.0.1 local0
HAProxySyslogAddress: ::1 -> log ::1 local0
HAProxySyslogAddress: /dev/log -> log /dev/log local0 (default)
Change-Id: I46c489a1f424e2219d129f332e64c64019aef850
Depends-On: If7f7c8154e544e5d8a49f79f642e1ad01644a66d
|
|
Change-Id: Ieb27729c6b33ffc849d07200ec0d42508214956e
Closes-Bug: #1399793
|
|
If horizon is running in production (DEBUG is False), it will answer
only to the IPs/hostnames specified in the ALLOWED_HOSTS variable in the
local_settings.py configuration file.
The puppet-horizon module offer the feature to customize that,
tripleo-heat-teamplates was missing the link between the top-level
parameter and the puppet parameter, hence this commit.
More info :
* https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
* https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L14-L24
Change-Id: I5faede8b74a0318e15baa761dc502b95b051ae0d
|
|
|
|
Previously the Registry service was reached using the local IP.
Change-Id: I8f2b7275cd39d8a5358d8ce69f4f7e5bc7758b62
|
|
|