summaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2015-12-15Allow for usage of pre-allocated IPs for the controller nodesGiulio Fidente1-0/+19
This change adds a new *_from_pool.yaml meant to return an IP from a list instead of allocating a Neutron port, useful to pick an IP from a pre-defined list and making it possible to configure, for example an external balancer in advance (or dns), with the future IPs of the controller nodes. The list of IPs is provided via parameter_defaults (in the ControllerIPs struct) using ControllerIPs param. Also some additional VipPort types are created for the *VirtualIP resources. The VIPs were previously created using the same port resource used by the nodes, but when deploying with an external balancer we want the VIP resource to be nooped instead. Change-Id: Id3d4f12235501ae77200430a2dc022f378dce336
2015-12-15Merge "Set swift replicas = min(device_count, replicas)"Jenkins1-1/+1
2015-12-14Merge "Fix wrong keypair parameter description"Jenkins5-5/+5
2015-12-14Merge "Add output for host entries"Jenkins1-0/+6
2015-12-14Set swift replicas = min(device_count, replicas)Dan Prince1-1/+1
Per Swift upstream commit: 7035639dfd239b52d4ed46aae50f78d16ec8cbfe Swift's ringbuilder now validates that the number of devices is greater than or equal to the replicas. Change-Id: I56eaa9ddda138e87f7615d3bde797b568fa5e302 Related-bug: #1525356
2015-12-14Merge "Enable per-role SchedulerHints"Jenkins5-3/+25
2015-12-10Fix wrong keypair parameter descriptionSteven Hardy5-5/+5
The parameters have nothing to do with EC2 keypairs, they are used to specify Nova SSH key pairs. Change-Id: Ia8d37cb5c443812d02133747cb54fcaf0110d091
2015-12-08Merge "Remove Ceilometer Alarm from the overcloud"Jenkins2-64/+0
2015-12-08Merge "Change for configuring use_forwarded_for value for Nuage"Jenkins1-0/+7
2015-12-08Enable per-role SchedulerHintsSteven Hardy5-3/+25
This adds a parameter for each role, where optional scheduler hints may be passed to nova. One potential use-case for this is using the ComputeCapabilities to pin deployment to a specific node (not just a specific role/profile mapping to a pool of nodes like we have currently documented in the ahc-match docs). This could work as follows: 1. Tag a specific node as "node:controller-0" in Ironic: ironic node-update <id> replace properties/capabilities='node:controller-0,boot_option:local' 2. Create a heat environment file which uses %index% parameters: ControllerSchedulerHints: 'capabilities:node': 'controller-%index%' Change-Id: I79251dde719b4bb5c3b0cce90d0c9d1581ae66f2
2015-12-07Merge "Making nova parameters configurable for nuage-metadata-agent"Jenkins4-1/+9
2015-12-07Merge "Add option to add metadata for the overcloud nodes"Jenkins5-0/+35
2015-12-07Change for configuring use_forwarded_for value for NuageLokesh Jain1-0/+7
Added a parameter to Nuage ExtraConfig template for setting use_forwarded_for value required by Nuage metadata agent Change-Id: I02c15311272126c5e530f118fbfb4a8f6e11a620
2015-12-07Remove Ceilometer Alarm from the overcloudJohn Trowbridge2-64/+0
The Ceilometer alarm service is no longer available in Mitaka. It is replaced by Aodh. Aodh support is added in a follow-up to this patch. Partial-Bug: 1521922 Change-Id: I5babaab7029eaaccf3cc6f194b6c062fd62372cf Backport: none
2015-12-07Merge "Fix the wrong selinux context when glance uses nfs backend"Jenkins1-1/+2
2015-12-04Making nova parameters configurable for nuage-metadata-agentRohit Pagedar4-1/+9
Exposing 'instance_name_template' to be set via extra config for nuage-metadata-agent to function Making nova::api::admin_tenant_name available on the compute node which is required by nuage-metadata-agent service Making KeystonePublicApiVirtualIP available on the compute node, which is used by the nuage-metadata-agent to build the auth-url Change-Id: I9736015e18cebf32b07940bf559063b60085f2fb
2015-12-04Add output for host entriesJuan Antonio Osorio Robles1-0/+6
For testing purposes it is useful to have an easy way to get the given IPs for the nodes; since currently one would have to ssh to one of the ndoes and actually fetch the entries from there. This will facilitate testing when the keystone endpoints have been changed for hostnames, as done in this CR: https://review.openstack.org/#/c/238887 Change-Id: I9b9362192d7e97690ba23d02e74389225913adb9
2015-12-04Add option to add metadata for the overcloud nodesJuan Antonio Osorio Robles5-0/+35
Some Nova hooks might require custom properties/metadata set for the servers deployed in the overcloud, and this would enable us to inject such information. For FreeIPA (IdM) integration, there is effectively a Nova hook that requires such data. Currently this inserts metadata for all servers, but a subsequent CR will introduce per-role metadata. However, that was not added to this because it will require the usage of map_merge. which will block those changes to be backported. However, this one is not a problem in that sense. Change-Id: I98b15406525eda8dff704360d443590260430ff0
2015-12-03Merge "Minor fixes to TLS related resources"Jenkins3-6/+4
2015-12-03Merge "Introduce domain configuration through parameter"Jenkins5-5/+44
2015-12-02Merge "Added libvirt_vif_driver, ovs_bridge and security_group_api parameters"Jenkins1-0/+18
2015-12-02Merge "Make enabling of controller services configurable."Jenkins2-127/+179
2015-12-02Introduce domain configuration through parameterJuan Antonio Osorio Robles5-5/+44
Introduce configuration of the nodes' domains through a parameter. Change-Id: Ie012f9f2a402b0333bebecb5b59565c26a654297
2015-11-30Changes for configuring NuageRohit Pagedar2-0/+57
Added ExtraConfig templates and environment files for Nuage Networks specific parameters. Modified overcloud_compute.pp to conditionally include nuage-metadata-agent. Change-Id: I28106d8e26ad4d0158fe5e3a13f2f7b21e5c0b28
2015-11-30Changes for configuring NuageLokesh Jain6-61/+204
Added ExtraConfig templates and environment files for Nuage specific parameters. Modified overcloud_compute.pp and overcloud_controller.pp to conditionally include Nuage plugin and agents. Change-Id: I95510c753b0a262c73566481f9e94279970f4a4f
2015-11-26Merge "Make load balancer deployment optional via template param"Jenkins3-144/+162
2015-11-26Minor fixes to TLS related resourcesJuan Antonio Osorio Robles3-6/+4
* Fixed a comment to avoid ambiguity with concepts in Heat * Removed default values from necessary parameters in the TLS environment * Simplified setting of the cert/key into a file. Change-Id: I351778150a6fbf7affe1a0fddb1abb9869324dfc
2015-11-25Make enabling of controller services configurable.vinayrao1232-127/+179
Following parameters will be user configurable: 1. enable_dhcp_agent 2. enable_metadta_agent 3. enable_l3_agent 4. enable_ovs_agent This change was made as the Nuage plugin does not require these services to come up as a part of the installation. Now, a user can explicitly disable these services using a heat template. Change-Id: Ic132ecbb2e81a3746f304da1cecdc66d0342db72
2015-11-25Merge "Output the SSL Certificate and Key modulus"Jenkins3-0/+26
2015-11-25Merge "Enable trust anchor injection"Jenkins7-6/+129
2015-11-25Merge "Inject TLS certificate and keys for the Overcloud"Jenkins3-14/+127
2015-11-25Output the SSL Certificate and Key modulusMark Chappell3-0/+26
Provides a simple mechanism to verify the correct certificates landed. A quick and simple way to verify SSL certificates were generated for a given key is by comparing the modulus of the two. By outputing the key modulus and certificate modulus we offer a way to verify that the right cert and key have been deployed without compromising any of the secrets. Change-Id: I882c9840719a09795ba8057a19b0b3985e036c3c
2015-11-25Enable trust anchor injectionJuan Antonio Osorio Robles7-6/+129
This commit enables the injection of a trust anchor or root certificate into every node in the overcloud. This is in case that the TLS certificates for the controllers are signed with a self-signed CA or if the deployer would like to inject a relevant root certificate for other purposes. In this case the other nodes might need to have the root certificate in their trust chain in order to do proper validation Change-Id: Ia45180fe0bb979cf12d19f039dbfd22e26fb4856
2015-11-24Make load balancer deployment optional via template paramGiulio Fidente3-144/+162
Adds control over the load balancer deployment via template param. Change-Id: I5625083ff323a87712a5fd3f9a64dd66d2838468
2015-11-23Merge "Implement Advanced Firewalling support"Jenkins8-0/+125
2015-11-23Inject TLS certificate and keys for the OvercloudJuan Antonio Osorio Robles3-14/+127
This is a first implementation of adding TLS termination to the load balancer in the controllers. The implementation was made so that the appropriate certificate/private key in PEM format is copied to the appropriate controller(s) via a software deployment resource. And the path is then referenced on the HAProxy configuration, but this part was left commented out because we need to be able to configure the keystone endpoints in order for this to work properly. Change-Id: I0ba8e38d75a0c628d8132a66dc25a30fc5183c79
2015-11-23Merge "Allows for customization of NetworkDeployment actions"Jenkins5-2/+30
2015-11-20Merge "Change default host reserved memory to 2048MB from 512MB"Jenkins1-0/+6
2015-11-20Allows for customization of NetworkDeployment actionsGiulio Fidente5-2/+30
We don't necessarily want the network configuration to be reapplied with every template update so we add a param to configure on which action the NetworkDeployment resource should be executed. Change-Id: I0e86318eb5521e540cc567ce9d77e1060086d48b Co-Authored-By: Dan Sneddon <dsneddon@redhat.com> Co-Authored-By: James Slagle <jslagle@redhat.com> Co-Authored-By: Jiri Stransky <jstransk@redhat.com> Co-Authored-By: Steven Hardy <shardy@redhat.com>
2015-11-19Change default host reserved memory to 2048MB from 512MBJoe Talerico1-0/+6
Results from pmap of idle nova-compute: https://gist.github.com/jtaleric/addd9079d6cdf4f7cf42 Results from free -m and cat /proc/meminfo: https://gist.github.com/jtaleric/410130f09c2aad2dc7e9 bug: https://bugzilla.redhat.com/show_bug.cgi?id=1282644 Change-Id: I9b3ceecabfdae0a516cfc72886fde7b26cc68f82
2015-11-19Implement Advanced Firewalling supportEmilien Macchi8-0/+125
Consume puppet-tripleo to create/manage IPtables from Heat templates. This review put in place the logic to enable and setup firewall rules. A known set of rules are applied. More to come. Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22 Co-Authored-By: Yanis Guenane <yguenane@redhat.com> Depends-On: I144c60db2a568a94dce5b51257f1d10980173325
2015-11-18Merge "Implement Neutron enable_isolated_metadata parameters"Jenkins1-0/+6
2015-11-17Merge "neutron: enable nova-event-callback by default"Jenkins4-2/+12
2015-11-17Merge "Pass ceph::pool arguments when calling class"Jenkins3-10/+6
2015-11-17Added libvirt_vif_driver, ovs_bridge and security_group_api parametersLokesh Jain1-0/+18
Made libvirt_vif_driver, ovs_bridge and security_group_api parameters in nova as configurable parameters through heat templates Change-Id: I3f355c31a64912baa1a159d59f0fa9089f77b8f4
2015-11-17neutron: enable nova-event-callback by defaultEmilien Macchi4-2/+12
* Add NovaApiVirtualIP string parameter. * Compute nova_url and nova_admin_auth_url parameters. * Configure in Hiera neutron::server::notifications::* parameters. * non-ha: include ::neutron::server::notifications * ha: include ::neutron::server::notifications and create orchestration * Set vif_plugging_is_fatal to True so we actually fail if Neutron is not able to create the VIF during Nova server creation workflow. Depends-On: I21dc10396e92906eab4651c318aa2ee62a8e03c7 Change-Id: I02e41f87404e0030d488476680af2f6d45af94ff
2015-11-17Implement Neutron enable_isolated_metadata parametersCyril Lopez1-0/+6
* Use the parameter in Puppet configuration (Hiera) to configure neutron BZ-1273303 Change-Id: Ic5a7a1f13fd2bc800cadc3a78b1daadbc0394787 Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2015-11-17Merge "Add support for enabling L2 population in Neutron"Jenkins2-0/+14
2015-11-16Add support for enabling L2 population in NeutronBrent Eagles2-0/+14
This change adds support for enabling/disabling L2 population in Neutron agents. It currently defaults to false. Change-Id: I3dd19feb4acb1046bc560b35e5a7a111364ea0d7
2015-11-16Merge "Bump further the stop/start timeout for pcmk/systemd services"Jenkins1-8/+8