Age | Commit message (Collapse) | Author | Files | Lines |
|
Enables configuring a NetApp backend for the Manila service
This was created based on the review at
https://review.openstack.org/#/c/188138/
This makes the netapp and generic backends disabled by default
in the services/manila-backend-*.yaml. A backend is then
enabled via backend-specific environment files, which will set
any config parameters and enable that backend.
It is expected that multiple manila backend specific environment
files might be specified simultaneously.
Finally generic and manila config is split into separate
service files rather than using manila-base for all the things.
Co-Authored-By: Ryan Hefner <rhefner@redhat.com>
Co-Authored-By: Ben Swartzlander <ben@swartzlander.org>
Closes-Bug: 1618479
Depends-On: Ic6f8e8d27ca20b9badddea5d16550aa18bff8418
Change-Id: I35fce32d0f6a5cc1c3382c2d0e0d6028928fd943
|
|
|
|
|
|
|
|
This is done in the vncproxy profile, but for some reason is not in
the compute one. It causes hiera to explode when the brackets are
left, so we need to do the bracket stripping here too.
Also switches both places to just use the host_nobrackets version
of the endpoint instead of stripping them with str_replace.
Change-Id: I7ccd84b575fd652f6412fdb1869c31c79a7bf53b
Closes-Bug: 1618623
|
|
Configure Keystone credentials by installing 2 keys with dynamic content
generated by python-tripleoclient.
Note: this is a first iteration of managing Keystone credentials. It has
a few limitations:
- keys are not exported to external storage.
- keys are not rotated automatically.
Change-Id: I45cf8821eadf528dfcdc8d74e6e0484597b0d2c0
|
|
There was currently no way of getting it and we can't asure that the
primary IP will use it. So it's explicitly needed there.
Change-Id: Idb3ca22ac136691b0bff6f94524d133a4fa10617
|
|
|
|
|
|
|
|
If these names don't match then we cannot set the service's nodes,
VIP and network.
Change-Id: I8f1c0eaf62eee2704a5f2556a553032106db606b
Closes-Bug: #1621368
|
|
|
|
|
|
Some network configurations uncovered what appears to be an issue where
a spurious 802.1q header is injected into tunnelled traffic. Adjusting
the default value to accomodate the extra overhead should avoid this
problem.
Partial-Bug: #1621533
Change-Id: I9ebad2d6ad34d90fcb998497873059995cdef276
|
|
|
|
|
|
|
|
To enable steps to be aligned between roles, we need to define
dependencies between the steps, which is only possible if we
move the steps out of distinct nested stacks so we can use
depends_on to serialized the steps for all roles.
Note that we may be able to further refactor later to remove the
per-role -config.yaml nested stacks as well.
Change-Id: Ia2ea559e8eeb64763908f75705e3728ee90b5744
Partially-Implements: blueprint custom-roles
|
|
|
|
|
|
The management network does not have a VIP, so it's been wrong to
generate a cloud name and hieradata for this. Instead, the network
that actually needs a name and a hosts entry is the ctlplane network,
which actually has a VIP and there are services that use it.
bp tls-via-certmonger
Closes-Bug: #1621742
Change-Id: I163b2c7b5684da6dc290636f54eefe3f2b0c3e3f
|
|
Make use of the new composable per-service node_ips lists by
adding a ServiceNetMap entry for SwiftStorage, then
pass the data to construct the raw device list into puppet-tripleo
instead of mangling it in t-h-t inside the role templates.
This will allow running swift storage services on nodes other than
the Controller and ObjectStorage roles, and is required to enable
custom roles.
Depends-On: I11deed1df712ecccf85d36a75b3bd2e9d226af36
Change-Id: I1bf5f8a9d34b1a5d64ab8656b386226b54ec1a27
Partially-Implements: blueprint custom-roles
|
|
|
|
This patch introduces a parameter to allow customizing the Neutron
OpenvSwitch agent's firewall driver configuration.
Closes-Bug: 1618507
Change-Id: I595c392f7a1afe2164bf562224d9eda9b3dfa982
|
|
|
|
Keystone doesn't provide different flags to indicate that both of its
endpoints are enabled. So currently we have to manually add its
network to all-nodes-config.
bp tls-via-certmogner
Change-Id: Ibecd78706e84853107f698ba411a0c05e6f5be52
|
|
|
|
map_merge in heat templates should start with hypen for
each map group, few templates are missing the hypen for the
second map group, which is added in this patch
Closes-Bug: #1621008
Change-Id: I307fdd7afc374cce46d6e378594f1b688b9fd4f6
|
|
Include the neutron-base service definition to align pull in common
configurations. This might not be *absolutely* necessary as any required
common configuration would likely already be added by and OVS agent
service, etc. but it's better to be safe than sorry and it does keep
things consistent across the Neutron services.
Implements: blueprint tripleo-sriov
Change-Id: I10a9d9b29760475e6cd75e4057051c75a52ffbb7
|
|
This will aid us in using FQDNs instead of IPs if DNS is not set. If
the deployer already has DNS set up, they can easily disable this
profile by adding the use-dns-for-vips.yaml environment file.
bp tls-via-certmonger
Change-Id: I8c1b3f253d0149d575171c208f9a1342a7b26450
Depends-On: I1bdb2701dfb3e7ef072e674c9882d3be5af7296c
|
|
The nodes need to be aware of the fqdn's for the specific endpoints
in the cloud. This could be either to set the entries in /etc/hosts
or to select an appropriate hostname for a certificate to be
generated.
bp tls-via-certmonger
Change-Id: I9b4645b937a344f46ec18a9a68c5afa2bc5206d0
|
|
We recently made changes that add data to allNodesConfig, but
we didn't wire the files into the hierarchy on all roles.
Change-Id: I8e838b02bd982e600af54b14350106322244890a
Closes-Bug: #1620485
|
|
|
|
|
|
|
|
|
|
|
|
puppet aodh auth type defaults to password type and v2
auth_url doesnt work with domain. This fixes the url to
not include suffix.
Change-Id: I46d53e748d8932ed1183bedbdeb5eefcde679f9e
|
|
Previously we weren't creating Redis VIP in keepalived, causing Redis to
be unusable in non-HA deployments. This is now fixed.
Depends-On: I0bb37f6fb3eed022288b2dcfc7a88e8ff88a7ace
Change-Id: I0ecfda1e6ad5567f6f58d60bf418bc91761833ab
Closes-Bug: #1618510
|
|
Move Redis VIP from controller-only to all nodes so that we don't assume
where Redis is deployed.
Change-Id: I55f8d48e3e077951fbcc88158dd6f21a2fe5f457
Related-Bug: #1618510
Partially-Implements: blueprint custom-roles
|
|
This adds a mapping of which service is on which network. This
information can be used to fetch a certificate depending on the
network (since they use different hostnames).
Change-Id: I176245da591bea28aeabf3d2b552f24456c98c43
|
|
|
|
- Config
- Control
- Analytics
- Database
- Webui
For puppet modules see https://review.openstack.org/#/c/348905
Implements: blueprint contrail-services
Depends-On: I8de63b6e21f8fdf3c2fd13bf5475cce4a85311d6
Change-Id: I7325b4268c4bec5eb7b777ea2a0639d7a8553e93
|
|
|
|
|
|
|
|
|
|
This makes it easier to access the VIP data for other node types and
de-ties this from the controller role.
Change-Id: I71125576ec93889fed134b92fb59f7e7dc9920c4
|
|
The goal is to have only production drivers available out of box.
Remove agent_ipmitool as it required additional configuration of
swift temporary URLs. Add pxe_ilo and pxe_drac as they work out of box.
This brings the default enabled drivers list closer to one of undercloud.
Note that pxe_ssh is not enabled as it's not a production driver.
Change-Id: Ic7d2190e2d39a795b024c2999e22ee47b3045cf1
Partially-Implements: blueprint ironic-integration
|
|
Moved this list manipulation to puppet-tripleo where it can easily
reference the memcached_node_ips array instead of hard-coded output
from the Controller.
Depends-On: Ic8872e5e51732874ca5b93bff5efd3e7ed75bc31
Change-Id: I523a802c8d22be7602728ebe8966d9e2ee109cde
Partially-Implements: blueprint custom-roles
|