Age | Commit message (Collapse) | Author | Files | Lines |
|
This adds an environment file that can be used to enable TLS in
the internal endpoints via certmonger if used. This will include
a nested stack that will create the hash that will be used to
create the certmonger certificates.
When setting up a service over apache via puppet, we used to disable
explicitly ssl (which sets modd_ssl-related fields for that vhost).
We now make this depend on the EnableInternalTLS flag. This has only
been done for keystone, but more services will be added as the
puppet code lands
bp tls-via-certmonger
Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039
Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c
|
|
Change-Id: I3c5c7753237ebaf16fb40806df0d195cb2b9aaa0
|
|
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: If2804b469eb3ee08f3f194c7dd3290d23a245a7a
Depends-On: I091ecfbcb2e38fe77203244ac7a597aedcb558fb
Change-Id: Iacc504fc4fa2d06893917024ce2340d3fb80b626
|
|
|
|
|
|
|
|
|
|
This adds the necessary hieradata to run cinder over httpd instead
of eventlet.
Change-Id: Ic1967a6f4f60a273965811516f33121115d518b4
|
|
There is a missing repositiry for LBaaS in api_extensions_path in neutron-opencontrail.
This patch is working in my lab : tripleo liberty and opencontrail 3.0.2
Closes-Bug: #1634120
Change-Id: Ie06612faf226d0e5e75f3f8a9b560118cba5ff4c
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
|
|
Without this httpd fails to start on deployments where the
worker count isn't explicitly overridden via a parameter.
Change-Id: Ie7b31bc6e022a0166af126c866994bdd019718df
Closes-Bug: #1634213
|
|
EnableOpenDaylightOnController was not very composable. Removing this
parameter to make the service truly composable. Also fixes missing
local_ip setting for OVS, required for VXLAN or GRE tenant networks.
Closes-Bug: 1633625
Depends-On: Ia55c05e12d5d434111a13e1ed795da530e3ff4a5
Change-Id: I0e07e1631793311334d1436ee8fdf9af2802ba70
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
with the move to use httpd instead of eventlet, We now add this
parameter in t-h-t to be able to clean it up from the puppet-tripleo
manifest.
Change-Id: Ic229182cc5c887b57f6182c3db1bac8bed330f7c
Depends-On: I4603b81d30a704b07eef461b3cdbfe164614b04f
|
|
http_proxy_to_wsgi middleware was recently added to Neutron [1] and
in order to take it into use, we need to enable it via hiera.
[1] Ice9ee8f4e04050271d59858f92034c230325718b
Depends-On: I99bc9486fdd85857ce73c413e17400320bd6ec5b
Related-Bug: #1590608
Change-Id: I10c065e726f2708e09acfc04dac3cae34a534d23
|
|
glance_multiple_locations does not needed when the
NovaEnableRbdBackend=false, but it is neede when both the
image and the instance storage is rbd and
the show_image_direct_url is enabled.
The condition introduced in Ia7e0558e4f318640981abb44d188e3479b5eae69
Change-Id: Ia8a8cd9aeda69e9a7db6f95dcf418f56e29cae00
Closes-Bug: 1632285
|
|
|
|
|
|
|
|
|
|
When deploying, heat-api-cfn is assigned to RegionOne. This leads to a
bad user experience when logging into horizon, because if RegionOne is
selected by default, the users finds all menus empty (no computing, or
anything else).
Thanks to trown for finding out the issue.
Closes-Bug: 1633524
Change-Id: Ic108280f6b0875ffec10be6f696669962fb82e6b
|
|
Provider mappings were not parameterized, and this is traditionally
required for VLAN provider networks. In ODL Boron with new netvirt,
this value is required to be set in order to use external networks.
Closes-Bug: #1627898
Change-Id: I8001a4077fc7c4af458033043ea438c32c9772b0
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
This is needed to create the user/domain/project in the
keystone profile on whatever role is running the keystone service.
Change-Id: I115ead005974080e0a35e3675d9b37828c8934b1
Closes-Bug: #1631130
Depends-On: Ib088a572b384b479f51d56555734d78ab840a1f3
|
|
DPDK core list has to be give a string. For multiple cores, it
be given as "'1,2'". But the constraint does not allow ' (single
quote) to be set in the string. Modifying the constraint pattern.
Closes-Bug: #1633433
Change-Id: Ide2194d9ef5c10e276fa1a634919dfb286e483d6
|
|
|
|
|
|
Currently Glance v2 doesn't allow to specify custom locations for
images by default, it returns 403. To enable this, the
'show_multiple_locations' param must be set to True.
Also see similar change introduced in devstack [1].
1. Id0f1c398b8b48f2ffc2488b29bc7cbd279069337
Change-Id: Ia7e0558e4f318640981abb44d188e3479b5eae69
Closes-Bug: 1632285
|
|
|
|
|
|
|
|
|
|
|
|
The trunk plugin required for trunk port support in neutron was added to
the incorrect plugin list.
Change-Id: I8d424d6a6045e07d9fbab1a864470ceefdb1ad8e
Closes-Bug: #1633079
|
|
|
|
- Custom config has to contain OpenStack auth information,
so it has to be generated for user during deployment.
This patch maintains the ability to provide a custom
configuration for the Sensu client.
Change-Id: If449642c4bbad683421e1f461b8721e655db0c45
|
|
http_proxy_to_wsgi middleware was recently added to Ceilometer [1] and
in order to take it into use, we need to enable it via hiera.
[1] I24f16dda49bd9e7930ca9f0d32bf0793463aff03
Depends-On: I1812a27202ba3714b354aeb27611d38def87a7fc
Related-Bug: #1590608
Change-Id: If8de25afa13de6797895f36c98ffdde8cf3e8656
|
|
|
|
http_proxy_to_wsgi middleware was recently added to Aodh [1] and
in order to take it into use, we need to enable it via hiera.
[1] If2ada8a94c8e1ceacd4509605b4cd766a78f71d5
Depends-On: I0981e152700ed4511b797011ebe18e857c1fed71
Related-Bug: #1590608
Change-Id: Ie9605ae1e5437f488802b03ca23a325866f0ceb5
|
|
http_proxy_to_wsgi middleware was recently added to Gnocchi [1] and
in order to take it into use, we need to enable it via hiera.
[1] Ic5526cf37e70335fa2cc70946a271253f227f129
Related-Bug: #1590608
Change-Id: I145dcfa3455ca1541cbf6b5fc4b601f0813619c0
|
|
|
|
The current kernel sysctl settings modify the
net.ipv6.conf.default.accept_ra and net.ipv6.conf.default.autoconf
to both be '0'. However, this is overridden by the settings in
net.ipv6.conf.all, so no matter what setting is in the ifcfg file
for the IPv6 interface, autoconfiguration and accept_ra will be
enabled. This causes a security vulnerability where rogue RAs
could be used to intercept traffic from the controllers.
This change sets both default and all settings to '0' for IPv6
accept_ra and autoconf.
Closes-Bug: 1632830
Change-Id: I95b86c5c6feed30dfa5103ffbddb9e85ac567bbb
|
|
|
|
This patch updates the t-h-t templates for
nova services so that we only set the value of workers in
the non-default case. TripleO has always defaulted the
workers count to 0 and there was recently a regression in
nova where they treat the default of 0 as invalid (a bug
that may get fixed in nova but we don't want to wait on it)
This patch avoids the issue by allowing the default value
to be unset if the TripleO default of 0 is configured.
Change-Id: I175977b88129d87caeb32332d47eb14816a6d5d4
Closes-bug: #1631133
|
|
These keys are already specified in nova-metadata.yaml
where they get set correctly per the network management
local IP (based on 'service_name' list).
Depends-On: I94f985e719a3bf7408655fbbb5ab1aeaf15e994e
Change-Id: I5d57561b732783118efd2a637aa137f5f7bcddbc
Partial-bug: #1631133
|
|
|
|
The glance-api and glance-registry services are currently coupled
in that some of the hiera settings in the API are required for
the registry to run correctly (the backend settings).
This patch moves some of the common settings into glance-base and
then updates the glance-api and glance-registry services to
supply that service.
Change-Id: Ie3d7e24c7fd475e3f6ad542c1654eb7dbd9d9b35
Closes-bug: #1628582
|
|
|
|
Tempest expects object versioning to be enabled by default in Swift;
if not it has to be disabled explicitly in the Tempest config.
This is a commonly used middleware, therefore it should be enabled
in the overcloud proxy nodes as well.
Closes-Bug: 1632215
Depends-On: I07a206473ff7939749e3eba1dfe3ea8c4526eb5c
Change-Id: I4eae08ff3f9a3a2f829c3497c1c2aaee8e7f8554
|
|
|
|
Looks like swift::ringbuilder::part_power is not used at all; actually
the partition power on the overcloud is 18, which is the default in
puppet-swift if nothing else is defined.
Closes-Bug: 1631926
Depends-On: I78049105adf52226d47cc6764b1ba6c2c06e91e5
Change-Id: I65335c8d31ed1130e71f1e193eb519b9f7f2438e
|
|
Need to set the right default notification driver for glance so
telemetry receives them accordingly. Without this tempest tests
fail.
Closes-bug: #1631939
Change-Id: I1cee5467d077eea6142076925646f7d0cdae96c7
|
|
|