Age | Commit message (Collapse) | Author | Files | Lines |
|
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.
This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.
Change-Id: Ib415e7290fea27447460baa280291492df197e54
|
|
|
|
|
|
|
|
This enables the deployer to dynamically add nova metadata to the
servers based on the output of service profiles that implement the
metadata_settings key in the role_data output for the profiles.
One can set an implementation via the OS::TripleO::ServerMetadataHook
resource, which currently is set as OS::Heat::None. So, because of
the default implementation, if left untouched it actually does
nothing.
Currently, besides the list, which is metadata_settings, this hook also
takes the name of the node that it's setting the metadata for.
This is useful for nova vendordata plugins that can parse said metadata.
Change-Id: I8a937f711f0b90156fbb6c4632760435ef846474
|
|
ODL username and password are already present in the OpenDaylightApi
service. However, when moving the OpenDaylightApi service to its own
custom role, the Controller/Compute nodes no longer have access to these
hiera values. This patch adds them also to the OpenDaylightOvs service.
Closes-Bug: 1651499
Depends-On: I418643810ee6b8a2c17a4754c83453140ebe39c7
Change-Id: I169fdad4c94bd6dfc1fe7cde3d6b19b36d916af7
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
Since we have aodh enabled for alarms, we should set the
notifier to the default queue alarm.all.
Closes-bug: #1590473
Change-Id: Ibcb5076424ac2ddcd18ff717d82da1aec4c035cb
|
|
|
|
|
|
|
|
It turns out the puppet-mistral change this depends on broke
introspection, so we need to back it out for now.
This reverts commit ed029e5bf279945e82bff8766af4093856a7ac6a.
Change-Id: I828478267935cdc68aa24de8c9dc2d12fcadb631
|
|
|
|
|
|
|
|
The RabbitMQ's puppet manifest configures the node's IP and port through
environment variables. While this would usually be fine, it doesn't
allow us to use TLS-only, since it will always try to start a TCP
listener. So, by setting these values through the config file, when
setting ssl_only for rabbitmq, they will effectively be discarded and
thus allow us to use an SSL listener on the same port.
Change-Id: I33d051a8c740baf69b99517378e1f9b0f3cc1681
|
|
This reads makes Django take the X-Forwarded-Proto header into account
when forming URLs.
Change-Id: Ice64de9a11d7819ae7f380279ff356342d9b6673
Depends-On: Ifed7d4c3409419c01c5b20c707221c1fc76ea09e
|
|
disallow_iframe_embed can be used to prevent Horizon from being
embedded within an iframe. Legacy browsers are still vulnerable
to a Cross-Frame Scripting (XFS) vulnerability, so this option
allows extra security hardening where iframes are not used in
deployment
Change-Id: I2fe6b243250608b340ee555062060dbdad1a49c4
Depends-On: I5c540e552efe738bdec8598f9257fa22ae651a76
Closes-Bug: #1641882
|
|
This patch updates the swift-proxy base profile so that
we now explicitly set the rabbit_port. This allows us
to remove the use of puppet-ceilometer default settings
in the puppet-tripleo modules change ID here:
I8d9f69f5e9160543b372bd9886800f16f625fdc6
It also adds a new boolean parameter that allows the
end user to disable the swift ceilometer pipeline
by setting SwiftCeilometerPipelineEnabled to false.
This two settings allow Swift to once again be installed
on a machine without configuring Ceilometer.
Depends-On: Id1584df5e5bb90f8087ae25eecc4834179b6fc21
Change-Id: Ief5399d7ea4d26e96ce54903a69d660fa4fe3ce9
Related-bug: #1648736
|
|
The upstream puppet module is adding the proper keystone authtoken
middleware support. This change updates THT to use the keystone
authtoken class rather than the deprecated settings. This also allows
for proper keystone v3 integration.
Change-Id: Iaf82716122a25e3e0785de1250d24edaaa5e4d04
Depends-On: I71969ef09018f9daa5f81c4f3bcbdb0b0974446c
|
|
Change-Id: I75815a4bcbf421597abb86226238b74a9afffc0d
Depends-On: Iffb8c2cfed53d8b29e777c35cee44921194239e9
|
|
example for
- NeutronSriovNumVFs
- NeutronPhysicalDevMappings
as given, causes parsing error.
Change-Id: I71fb42f10dac70afa02244cd6629b3439f418d63
Closes-Bug: #1648351
|
|
Change-Id: I299f8f33b0bac40d331084df37f690dc2a279677
|
|
It's no longer available in Neutron (removed in Mitaka). See:
I2a879213c3b095a007a4531f430a33cea9fdf1bd
Change-Id: I044c648eb8c4933667b8ea2c9159a30e5ebb7df3
|
|
|
|
|
|
This seems to have broken the updates job, causing it to fail
with following error:
Can't set long node name!\nPlease check your configuration\n
Related-Bug: 1646873
This reverts commit 3e9fcfd09320ace07bc1bd4cb57feb98cd057332.
Change-Id: I72ba891cd9cd8c4f1bc204144f46aaabbdfd3647
|
|
|
|
|
|
|
|
|
|
'user' is required or puppet-ceph will complain that the Keystone_user
has no title:
Evaluation Error: Missing title. The title expression resulted in undef
at /etc/puppet/modules/ceph/manifests/rgw/keystone/auth.pp
The value is set to Swift, as we use the same credentials as Swift
service.
Closes-Bug: #1642524
Change-Id: Ib4a7c07086b0b3354c8e589612f330ecdffdc637
|
|
This shows how we could wire in the upgrade steps using Ansible
as was previously proposed e.g in https://review.openstack.org/#/c/321416/
but it's more closely integrated with the new composable services
architecture.
It's also very similar to the approach taken by SpinalStack where
ansible snippets per-service were combined then run in a series of
steps using Ansible tags.
This patch just enables upgrade of keystone - we'll add support for
other patches in subsequent patches.
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I39f5426cb9da0b40bec4a7a3a4a353f69319bdf9
|
|
|
|
|
|
Change-Id: Iee1afeced0b210a46b273aafc0d40e99d6ee6d4e
|
|
This changes how we get the network-based FQDNs for the specific
services, from using the custom fact, to the new hiera entries.
Change-Id: Iae668a5d89fb7bee091db4a761aa6c91d369b276
|
|
This patch optimizes how we deploy hiera by using a new
heat hook specifically designed to help compose hiera
within heat templates. As part of this change:
- we update all the 'hiera' software configurations to set the group to hiera
instead of os-apply-config.
- The new format uses JSON instead of YAML. The hook actually writes
out the hiera JSON directly so no conversion takes place. Arrays,
Strings, Booleans all stay in their native formats. As such we can avoid
having to do many of the awkward string and list conversions in t-h-t to
support the previous YAML formatting.
- The new hook prefers JSON over YAML so upgrading users will have the
new files prefered. (we will post a cleanup routine for the old files
soon but this isn't a new behavior, JSON is now simply prefered.)
- A lot of services required edits to account for default settings that
worked in YAML that no longer work correctly in the native JSON
format. In almost all these cases I think the resulting codes looks
cleaner and is more explicit with regards to what is getting
configured in hiera on the actual nodes.
Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b
Closes-bug: #1596373
Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
|
|
Currently we only support one dispatcher at a time. But ceilometer
config supports dispatching data to multiple destinations at the
same time. Update the param to support this.
Change-Id: Ie7d854928513239a5903862623df12af1d02b642
|
|
|
|
The parameter type is invalid making it impossible to enable monitoring-environment.
Change-Id: I835d1e82480edb0b6d082a7496d7ceebb1781728
Closes-Bug: #1641080
Closes-Bug: rhbz#1392473
|
|
|
|
|
|
This patch drops use of the vip-hosts.yaml service which can
cause issues during deployment because puppet 'hosts' resources
overwrite the data in /etc/hosts. The only reason things seem to work
at all at the moment is because our hosts element in t-i-e runs
on each os-refresh-config iteration and re-adds the dropped hosts
entries.
To work around the issue we add a conditional which selectively
adds the extra hosts entries only if the AddVipsToEtcHosts is set
to true.
Closes-bug: 1645123
Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
|
|
We removed Step 6 in Iae33149e4a03cd64c5831e689be8189ad0cf034b
but forgot to update the README. Similarly we made all roles
use the same steps in Ia2ea559e8eeb64763908f75705e3728ee90b5744
so the comment is no longer true.
Change-Id: If5482ebd22a2547ed2165199992840a0dcacb04c
|
|
This adds the necessary hieradata for enabling TLS for MySQL (which
happens to run on the internal network). It also adds a template so
this can be done via certmonger. As with other services, this will
fill the necessary specs for the certificate to be requested in a
hash that will be consumed in puppet-tripleo.
Note that this only enables that we can now use TLS, however, we still
need to configure the services (or limit the users the services use)
to only connect via SSL. But that will be done in another patch, as
there is some things that need to land before we can do this (changes
in puppetlabs-mysql and puppet-openstacklib).
Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118
Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
|
|
|
|
|
|
|
|
|
|
|