aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services
AgeCommit message (Collapse)AuthorFilesLines
2017-04-19Merge "Modify pci_passthrough hiera value as string" into stable/ocataJenkins1-2/+6
2017-04-17Merge "Add params to tweak memory limit on mongodb" into stable/ocataJenkins1-0/+5
2017-04-17Add params to tweak memory limit on mongodbPradeep Kilambi1-0/+5
The puppet-tripleo change was added in Ie9391aa39532507c5de8dd668a70d5b66e17c891. Closes-bug: #1656558 Change-Id: Ibe2e4be5b5dc953d8d4b14f680a460409db95585 (cherry picked from commit 75d48838020ad9ff2bbd739212599ec8eb932649)
2017-04-11Update ceph-rgw acccepted roles to fix OSP upgradeKeith Schincke1-1/+1
This patch updates ceph::keystone::auth::roles to remove "member" and add "Member". The previous entry breaks OSP N to O upgrades when ceph-rgw is enabled. This patch fixes: https://bugs.launchpad.net/tripleo/+bug/1678126 Closes-bug: 1678126 (cherry picked from commit 4656323fc30e67f43d3dbd1ada42b608aa6f79e7) Change-Id: I70e70f96c4aba2c89a9f81973f732d4348b91515
2017-04-08Merge "Add missing ec2api::api::keystone_ec2_tokens_url config" into ↵Jenkins1-0/+5
stable/ocata
2017-04-07Add trigger to setup a LDAP backend as keystone domaineCyril Lopez1-0/+27
It is using a trigger tripleo::profile::base::keystone::ldap_backend_enable in puppet-tripleo who will call a define in puppet-keysone ldap_backend.pp. Given the following environment: parameter_defaults: KeystoneLDAPDomainEnable: true KeystoneLDAPBackendConfigs: tripleoldap: url: ldap://192.0.2.250 user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com password: Secrete suffix: dc=redhat,dc=example,dc=com user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)" user_objectclass: person user_id_attribute: cn user_allow_create: false user_allow_update: false user_allow_delete: false ControllerExtraConfig: nova::keystone::authtoken::auth_version: v3 cinder::keystone::authtoken::auth_version: v3 It would then create a domain called tripleoldap with an LDAP configuration as defined by the hash. The parameters from the hash are defined by the keystone::ldap_backend resource in puppet-keystone. More backends can be added as more entries to that hash. This also enables multi-domain support for horizon. Conflicts: puppet/services/keystone.yaml Closes-Bug: 1677603 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db Change-Id: I6c815e4596d595bfa2a018127beaf21249a10643 Signed-off-by: Cyril Lopez <cylopez@redhat.com> (cherry picked from commit 347f5434b3e3793b9fdf2a94f49ab7734c5d923b)
2017-04-06Add manual ovs upgrade script for workaround ovs upgrade issueMathieu Bultel4-26/+100
When we upgrade OVS from 2.5 to 2.6, the postrun package update restart the services and drop the connectivity We need to push this manual upgrade script and executed to the nodes for newton to ocata The special case is needed for 2.5.0-14 specifically see related bug for more info (or, older where the postun tries restart). See related review at [1] for the minor update/manual upgrade. Related-Bug: 1669714 Depends-On: I3227189691df85f265cf84bd4115d8d4c9f979f3 Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com> [1] https://review.openstack.org/#/c/450607/ Change-Id: If998704b3c4199bbae8a1d068c31a71763f5c8a2 (cherry picked from commit d2d319ec0ead06b860f8464b001048fb4f723788)
2017-04-06Merge "Make neutron dhcp agents per network conditional" into stable/ocataJenkins1-16/+23
2017-04-06Merge "Fixes port binding controller for OpenDaylight" into stable/ocataJenkins1-0/+45
2017-04-05Merge "Add OpenDaylightConnectionProtocol parameter to opendaylight-api ↵Jenkins1-0/+5
service" into stable/ocata
2017-04-04Set auth flag so ceilometer auth is enabledPradeep Kilambi1-0/+7
Ceilometer Auth should be enabled even if ceilometer api is not. Lets decouple these, this flag will be used in puppet-tripleo where ceilometer::keystone::auth class is initialized. Change-Id: Iffebd40752eafb1d30b5962da8b5624fb9df7d48 Closes-bug: #1677354 (cherry picked from commit 0d04302abd19f98df3cd700f9cc4ec47273e5dac)
2017-04-04Merge "Setting keystone region for tacker" into stable/ocataJenkins1-0/+1
2017-04-03Merge "Setting keystone region for congress" into stable/ocataJenkins1-0/+1
2017-04-03Merge "Re-Add bigswitch agent support" into stable/ocataJenkins1-0/+31
2017-04-03Fixes port binding controller for OpenDaylightTim Rozet1-0/+45
In Ocata and later, the port binding controller for ODL was changed by default to be the pseudo agent controller, which requires a new feature "host config" for OVS. This patch modifies the default to use network-topology, which will work without any new host config features implemented (previous way of port binding). Closes-Bug: 1675211 Depends-On: I5004fdeb238dea81bc4f7e9437843a8a080d5b46 Change-Id: I6a6969d1d6b8d8b8ac31fecd57af85eb653245d2 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 502b3459d9c2b32beba31b37814d7625cd007775)
2017-04-03Merge "Don't check haproxy if external load-balancer is used." into stable/ocataJenkins1-1/+13
2017-04-03Add missing ec2api::api::keystone_ec2_tokens_url configSven Anderson1-0/+5
Change-Id: I9a19aff24dede2bea3bf2959afa7adde00817ee0 Related-Bug: #1676491 (cherry picked from commit 10cb0cfdef9b3a4719f89bcc2cdf1dae4a14dcca)
2017-04-03Setting keystone region for tackerDan Radez1-0/+1
Change-Id: I170b7e4cff66f0a4b1b6d5735f93c9f0295a5ac5 (cherry picked from commit eb426db63c8cc48990a832f8e1b972feb93e7e92)
2017-04-02Include panko in the default dispatcherPradeep Kilambi1-1/+1
panko is enabled by default, we might as well make it the default dispatcher along with gnocchi. Closes-bug: #1676900 Change-Id: Icb6c98ed0810724e4445d78f3d34d8b71db826ae (cherry picked from commit 568573b9b054c3804d9d1be2ce6ec2668ca2dbfb)
2017-04-02Merge "[N->O] Fix wrong database connection for cell0 during upgrade." into ↵Jenkins2-1/+11
stable/ocata
2017-04-01Don't check haproxy if external load-balancer is used.Sofer Athlan-Guyot1-1/+13
Change-Id: Ia65796b04be9f7cadc57af30ef66788dd8cb7de8 Closes-Bug: 1677539 (cherry picked from commit 56535c89ad6a5db718dc0fb89c19dda9fba251ca)
2017-03-31Merge "Stop openstack-nova-compute during nova-ironic upgrade" into stable/ocataJenkins1-0/+4
2017-03-31Re-Add bigswitch agent supportAlex Schultz1-0/+31
The agent configuration was lost in newton during the puppet-tripleo and THT role conversion. This change adds support for including the bigswitch agent service for composable roles. Change-Id: I46896389e48cdbe2864bf5b609a786f1c84ef908 Closes-Bug: #1673126 (cherry picked from commit 8eaa5f8e10a801be8fc45eeaaa479e7774d97997)
2017-03-31[N->O] Fix wrong database connection for cell0 during upgrade.Sofer Athlan-Guyot2-1/+11
During upgrade the cell0 database has the connection pointing to mysql+pymysql://nova:c2cdagE8PyAbnpers3AD88Hge@10.0.0.19/nova_cell0?bind_address=10.0.0.20 where 10.0.0.20 was the ip of the bootstrap node. This makes the nova-api fails on 2/3 node at the end of the major-upgrade-composable-steps.yaml step. We do have the right value in the hiera database so make sure we use it for cell0 creation and not the nova.conf file which hasn't been updated yet. Change-Id: I09775206cb8fc5e15934f7e4475506a7fe17271e Closes-Bug: #1675359 (cherry picked from commit c9c3813b6a0811a262068d0aab28d0bd535be3e1)
2017-03-31Merge "[N->O] is creating 2 default cell_v2 cells" into stable/ocataJenkins1-4/+4
2017-03-30Stop openstack-nova-compute during nova-ironic upgradeMarius Cornea1-0/+4
This change ensures that that openstack-nova-compute is stopped and disabled during the upgrade process. Closes-Bug: 1675814 Change-Id: Ifd2557b11e4317f1e76e459e8de4162116578eff (cherry picked from commit 276aca7a8145570301e566a8fb3253f57601d171)
2017-03-30Merge "N->O upgrade, blanks ipv6 rules before activating it." into stable/ocataJenkins1-0/+6
2017-03-29Merge "Enables increasing mariadb open files for noha deployments" into ↵Jenkins1-0/+6
stable/ocata
2017-03-29Modify pci_passthrough hiera value as stringSaravanan KR1-2/+6
Hiera value of nova::compute::pci_passthrough should be a string. It has been modified to JSON with the heira hook changes. Modifying it again back to string. Closes-Bug: #1675036 Change-Id: I441907ff313ecc5b7b4da562c6be195687fc6c76 (cherry picked from commit 57c06ddefd4d7ff87de02dab9d1c5e92eb8e6eef)
2017-03-29Merge "Only set EnableConfigPurge on major upgrades" into stable/ocataJenkins3-9/+9
2017-03-28Merge "Fixes missing firewall rules for neutron_ovs_dpdk_agent service" into ↵Jenkins1-1/+4
stable/ocata
2017-03-28Only set EnableConfigPurge on major upgradesSteven Hardy3-9/+9
Bug #1611800 fixed an upgrade issue by enabling purging configs for some services, but this causes issues such as longer updates and restarting services in the minor update case, so only do this for major upgrades, and default to false. Conflicts: (don't exist on this branch) environments/major-upgrade-composable-steps-docker.yaml environments/major-upgrade-converge-docker.yaml Related-Bug: #1611800 Closes-Bug: #1674858 Change-Id: Iff7d715f6730c5633f1146008504b4309ef3133d (cherry picked from commit 947a7148e807e74daf9e30e4e8c891d5bdacc69f)
2017-03-28[N->O] is creating 2 default cell_v2 cellsOliver Walsh1-4/+4
A side-effect of running map_cell_and_hosts is that a default cell is created (unless host mappings already exists). As we are explicitly creating the default cell we need to run discover_hosts to create the host mappings. Change-Id: I1a28e9b85a7c43561700faf692248c5fc06b8ad8 Closes-Bug: #1675418 (cherry picked from commit ab4adb9fb1b1ba003a8045ce4c3879f88ea243b3)
2017-03-27Setting keystone region for congressDan Radez1-0/+1
Change-Id: I4958b886cbd6c2b34da0c265e8774105474ace13 (cherry picked from commit 32be46f508423c822208e3c9f3afb32902f1c1ae)
2017-03-27N->O upgrade, blanks ipv6 rules before activating it.Sofer Athlan-Guyot1-0/+6
When the firewall is enabled with ipv6, the default rules set is taken as not ipv6 firewall was present for Newton. This make communication impossible until puppet is run again. This ensures that no rules are loaded when the firewall is enabled. This mimic this patch[1] [1] https://github.com/openstack/tripleo-heat-templates/commit/ae8aac36143d5dadb08af0d275f513678909dcc7 Change-Id: Id878b5caae666a799c89c8466ce46b9ecb86d9f7 Closes-Bug: #1675782 (cherry picked from commit 670399a2caeecd9259bea454e9518ab6c92cff49)
2017-03-27Fix usage of CinderNfsServersChristian Schwede1-5/+1
This feature stopped working somewhere along the lines. In the past it was working with parameter_defaults like this: CinderNfsServers: '10.0.0.254:/srv/nfs/cinder' or CinderNfsServers: "[fd00:fd00:fd00:3000::1]:/srv/nfs/cinder" The problem was that the templating escaped these strings, and puppet-tripleo didn't receive a proper array, but a string. This patch fixes this. It accepts strings as above as well as comma-delimited lists of Nfs Servers. Closes-Bug: 1671153 Change-Id: I89439c1d969e92cb8e0503de561e22409deafdfc (cherry picked from commit 9445b0e0972696e7de1c0a702f456571d12fa964)
2017-03-27Merge "etcd: secure EtcdInitialClusterToken parameter" into stable/ocataJenkins1-1/+1
2017-03-26Merge "Deploy versionless keystone endpoints (for keystone only)" into ↵Jenkins1-0/+1
stable/ocata
2017-03-26Fixes missing firewall rules for neutron_ovs_dpdk_agent serviceTim Rozet1-1/+4
Firewall config was being inherited by the dpdk service, however since the firewall service name was the parent (neutron_ovs_agent) and technically that service was not enabled - the rules were never applied. This modifies the service name as it is inherited using map_replace. Closes-Bug: 1674689 Change-Id: I6676205b8fc1fd578cb2435ad97fe577a9e81d95 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 48a38a19347a18d4d35fb22de82136359aae5cb7)
2017-03-26Enables increasing mariadb open files for noha deploymentsTim Rozet1-0/+6
There is currently an issue where the max open files limit is hit with MariaDB in noha deployments, because it is defaulted to 1024 by system limits. In HA deployments the limit is bumped to 16384. This patch introduces a flag to be able to increase the limit to 16384 for noHA deployments. In the future we should change this to be an integer, and let the operator decide the setting. Since this setting is set in a different path for HA, we would need to implement a change that allows setting both (ha and nonha) via the same integer param. Depends-On: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6 Closes-Bug: #1648181 Related-Bug: #1524809 Change-Id: I95393fc798b833a8575afbff03ef74a839565c5e Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 900ddfb27f0dd2afd8345d89a78b624f647b255d)
2017-03-25Merge "Explicitly configure credentials used by ironic to access other ↵Jenkins1-4/+39
services" into stable/ocata
2017-03-25Fixes OpenDaylightProviderMappings hiera parsingTim Rozet1-5/+1
The str_replace conversion used previously is no longer needed and breaks the hieradata value. Closes-Bug: 1675426 Change-Id: I7a052d1757efe36daf6ed47e55598ca3c2ee9055 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit ae10ae4a5a21bb58c183aa50f237ffa2d6f14280)
2017-03-22etcd: secure EtcdInitialClusterToken parameterEmilien Macchi1-1/+1
Secure EtcdInitialClusterToken parameter by: * removing the default value. * make it hidden. Change-Id: I938af697f9faaadb9c9aeb950e9410db24b1b961 Depends-On: I6e30cce469736e84a3c483fafa29d542b8347ba9 Closes-Bug: #1673266 (cherry picked from commit 55d17ca118d27f16b57424774265f5b3db7b7b52)
2017-03-22Deploy versionless keystone endpoints (for keystone only)Juan Antonio Osorio Robles1-0/+1
The default is to deploy v2.0 endpoints, but this is not the recommended approach. we should instead be using versionless endpoints Change-Id: Icbfae1c2ff2b7312646fd8e817dd8209220a0d96 Related-Bug: #1667679 (cherry picked from commit 40a50031f37df0f0cde53e3f3c15ffe407fbdcbd)
2017-03-21Explicitly configure credentials used by ironic to access other servicesDmitry Tantsur1-4/+39
Using keystone_authtoken credentials for this purpose is deprecated, and also prevents ironic-conductor from being used as a separate role. Also remove neutron_url, it can be fetched from the catalog instead. Change-Id: I12822568cb4db31808aec5fd407d71fe4b7b09e0 Depends-On: I21180678bec911f1be36e3b174bae81af042938c Partial-Bug: #1661250 (cherry picked from commit 91d7d8c46858d42e6cf2354a3be6af6c5bb9c02e)
2017-03-16Upgrades: wait for galera to be settledMichele Baldessari1-2/+4
We also need to wait for the galera resource to settle down before we proceed starting up with the other services. Note that before merging this, we need to land the following change in ansible-pacemaker: https://review.gerrithub.io/#/c/351387/ D-O is needed for upgrades to work against stable/* branches. Depends-On: I712abe71f97c22ee3d55d9db2f641096f8a7350c Change-Id: Id71c9cb41cfd4c17685c922db2683e28ab7588fd Closes-Bug: #1668372 (cherry picked from commit 841d30549bd27a8b5669955196e14085025dafad)
2017-03-08Adds upgrade tasks for OpenDaylight servicesTim Rozet2-0/+37
Change-Id: I740b20b12acb3740886409bff86c4989f0a066f4 Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 20d7901ab24e93e0224cc1c8b0cde3eb80122818)
2017-03-06Make neutron dhcp agents per network conditionalBrent Eagles1-16/+23
While the heat templates specify a default value of 3, it rarely seems to have an effect as the tripleoclient is setting this according to the controller scale. This was fine before composable roles, but it is now invalid. While the client needs to be modified to no longer set this according to controller scale, the template should default to a sentinel value that will allow the puppet code to determine the proper value by the number of hosts that have the neutron dhcp agent deployed on them. Depends-On: I5533e42c5ba9f72cc70d80489a07e30ee2341198 Partial-bug: #1632721 Change-Id: I06628764c4769d91bbc42efe1c722702d6574d02 (cherry picked from commit 3c5345fc75da1e289929ef5caf08a0f75f904bb4)
2017-03-04Merge "Adding keystone parameters for Congress" into stable/ocataJenkins1-3/+11
2017-03-03Merge "Fix Panko API upgrade process" into stable/ocataJenkins1-1/+5