Age | Commit message (Collapse) | Author | Files | Lines |
|
This adds the necessary parameter for swift proxy to be terminiated
internally by a TLS proxy.
bp tls-via-certmonger
Change-Id: I3cb9d53d75f982068f1025729c1793efaee87380
Depends-On: I6e7193cc5b4bb7e56cc89e0a293c91b0d391c68e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ceilometer Auth should be enabled even if ceilometer api
is not. Lets decouple these, this flag will be used in
puppet-tripleo where ceilometer::keystone::auth class
is initialized.
Change-Id: Iffebd40752eafb1d30b5962da8b5624fb9df7d48
Closes-bug: #1677354
|
|
|
|
Change-Id: I170b7e4cff66f0a4b1b6d5735f93c9f0295a5ac5
|
|
They were using v2.0 and we're getting rid of v2.0/ec2tokens in the
EndpointMap.
Change-Id: Ib9fbbdb0144bb4e250c561613bba6219506ff30f
|
|
|
|
|
|
|
|
Change-Id: Ia65796b04be9f7cadc57af30ef66788dd8cb7de8
Closes-Bug: 1677539
|
|
|
|
|
|
Note: since it replaces rabbitmq, in order to aim for the smallest
amount of changes the service_name is called 'rabbitmq' so all the
other services do not need additional logic to use qdr.
Depends-On: Idecbbabdd4f06a37ff0cfb34dc23732b1176a608
Change-Id: I27f01d2570fa32de91ffe1991dc873cdf2293dbc
|
|
|
|
For both containers and classic deployments, allow to configure
policy.json for all OpenStack APIs with new parameters (hash,
empty by default).
Example of new parameter: NovaApiPolicies.
See environments/nova-api-policy.yaml for how the feature can be used.
Note: use it with extreme caution.
Partial-implement: blueprint modify-policy-json
Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
|
|
panko is enabled by default, we might as well make it
the default dispatcher along with gnocchi.
Closes-bug: #1676900
Change-Id: Icb6c98ed0810724e4445d78f3d34d8b71db826ae
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Hiera value of nova::compute::pci_passthrough should be a string.
It has been modified to JSON with the heira hook changes. Modifying
it again back to string.
Closes-Bug: #1675036
Change-Id: I441907ff313ecc5b7b4da562c6be195687fc6c76
|
|
|
|
Change-Id: I9a19aff24dede2bea3bf2959afa7adde00817ee0
Related-Bug: #1676491
|
|
In Ocata and later, the port binding controller for ODL was changed by
default to be the pseudo agent controller, which requires a new feature
"host config" for OVS. This patch modifies the default to use
network-topology, which will work without any new host config features
implemented (previous way of port binding).
Closes-Bug: 1675211
Depends-On: I5004fdeb238dea81bc4f7e9437843a8a080d5b46
Change-Id: I6a6969d1d6b8d8b8ac31fecd57af85eb653245d2
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
gnocchi metricd and statsd are broken due to recent change
to support keystone v3. see I2feed8b1219069128faa1a1e8dcd2ddfbae7e40a
We need swift auth url to have suffix so it knows what endpoint
to use.
Change-Id: I753f37e121b95813e345f200ad3f3e75ec4bd7e1
|
|
Usually a nested stack is used that contains the TLS-everywhere bits
(config_settings and metadata_settings). Nested stacks are very
resource intensive. So, instead of doing using nested stacks, this patch
changes that to use a conditional, and output the necessary
config_settings and metadata_settings this way in an attempt to save
resources.
Change-Id: Ib7151d67982957369f7c139a3b01274a1a746c4a
|
|
Usually a nested stack is used that contains the TLS-everywhere bits
(config_settings and metadata_settings). Nested stacks are very
resource intensive. So, instead of doing using nested stacks, this patch
changes that to use a conditional, and output the necessary
config_settings and metadata_settings this way in an attempt to save
resources.
Change-Id: Ia7ee632383542ac012c20448ff1b4435004e57e3
|
|
Usually a nested stack is used that contains the TLS-everywhere bits
(config_settings and metadata_settings). Nested stacks are very
resource intensive. So, instead of doing using nested stacks, this patch
changes that to use a conditional, and output the necessary
config_settings and metadata_settings this way in an attempt to save
resources.
Change-Id: Ic25f84a81aefef91b3ab8db2bc864853ee82c8aa
|
|
When the firewall is enabled with ipv6, the default rules set is
taken as not ipv6 firewall was present for Newton. This make
communication impossible until puppet is run again.
This ensures that no rules are loaded when the firewall is enabled.
This mimic this patch[1]
[1] https://github.com/openstack/tripleo-heat-templates/commit/ae8aac36143d5dadb08af0d275f513678909dcc7
Change-Id: Id878b5caae666a799c89c8466ce46b9ecb86d9f7
Closes-Bug: #1675782
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This change ensures that that openstack-nova-compute is
stopped and disabled during the upgrade process.
Closes-Bug: 1675814
Change-Id: Ifd2557b11e4317f1e76e459e8de4162116578eff
|
|
During upgrade the cell0 database has the connection pointing to
mysql+pymysql://nova:c2cdagE8PyAbnpers3AD88Hge@10.0.0.19/nova_cell0?bind_address=10.0.0.20
where 10.0.0.20 was the ip of the bootstrap node. This makes the
nova-api fails on 2/3 node at the end of the
major-upgrade-composable-steps.yaml step.
We do have the right value in the hiera database so make sure we use
it for cell0 creation and not the nova.conf file which hasn't been
updated yet.
Change-Id: I09775206cb8fc5e15934f7e4475506a7fe17271e
Closes-Bug: #1675359
|
|
The str_replace conversion used previously is no longer needed and
breaks the hieradata value.
Closes-Bug: 1675426
Change-Id: I7a052d1757efe36daf6ed47e55598ca3c2ee9055
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
A side-effect of running map_cell_and_hosts is that a default cell is created
(unless host mappings already exists).
As we are explicitly creating the default cell we need to run discover_hosts
to create the host mappings.
Change-Id: I1a28e9b85a7c43561700faf692248c5fc06b8ad8
Closes-Bug: #1675418
|
|
This is needed for the TLS everywhere work. This will break on
TLS-everywhere setups where neutron would be deployed in its own role.
So we need to add the metadata_settings.
bp tls-via-certmonger
Change-Id: I7934a258e032d8eaa6f07c0e48b3fbdb1f8c6a06
|
|
This feature stopped working somewhere along the lines. In the past it
was working with parameter_defaults like this:
CinderNfsServers: '10.0.0.254:/srv/nfs/cinder'
or
CinderNfsServers: "[fd00:fd00:fd00:3000::1]:/srv/nfs/cinder"
The problem was that the templating escaped these strings, and
puppet-tripleo didn't receive a proper array, but a string.
This patch fixes this. It accepts strings as above as well as
comma-delimited lists of Nfs Servers.
Closes-Bug: 1671153
Change-Id: I89439c1d969e92cb8e0503de561e22409deafdfc
|
|
Firewall config was being inherited by the dpdk service, however
since the firewall service name was the parent (neutron_ovs_agent)
and technically that service was not enabled - the rules were never
applied. This modifies the service name as it is inherited using
map_replace.
Closes-Bug: 1674689
Change-Id: I6676205b8fc1fd578cb2435ad97fe577a9e81d95
Signed-off-by: Tim Rozet <trozet@redhat.com>
|