Age | Commit message (Collapse) | Author | Files | Lines |
|
ceph::profile::params::manage_repo should default to false when
using external Ceph.
Overcloud Ceph clients use Ceph packages, which may be provided by
the 'ceph' metapackage, but not for all repos, see related bug. So,
this change also includes a list of packages as a workaround as
used in change Ie55d22301dd22102d471e6002dfcaad4bfadd5f6.
Change-Id: I338e51637aa39d3f7bbbad0263740f728d42cb9b
Closes-bug: 1641989
Related-Bug: 1629933
|
|
Instead of relying on an explicit hiera call to get the stack domain
password, this uses the keystone parameter to introduce that value
instead.
Change-Id: I0e5124d57fdc519262fdec2dbeaaac85afaeebdf
|
|
This patch resolves an issue with nova-base.yaml that prevents
it from working with the new heat hiera agent hook (which
uses Json instead of Yaml).
It updates the service so that we only set the upgrade level if it
is not an empty string.
Partial-bug: #1596373
Change-Id: I595f2e16c33a6f935c7ca8935fec445d19c7b8f3
|
|
This patch resolves a few issues I noticed when porting our
Horizon service to support the new heat hiera agent hook (which
uses Json instead of Yaml).
-we only need to set django_debug if the string is non-empty. This
should match previous behavior.
-remove the duplicated NeutronMechanismDrivers setting. This is already
managed in the neutron services and shouldn't be set here.
Change-Id: I473e110bb9b14cb8f57d41c4fc398871548726b0
Partial-bug: #1596373
|
|
|
|
|
|
|
|
|
|
In order to eventually enable fernet tokens for keystone, we need to be
specify the token provider. This change codifies the current default
used by TripleO of uuid tokens and fernet token setup disabled.
Change-Id: I7c03ed7b6495d0b9a57986458d020b3e3bf7224a
Closes-Bug: #1641763
|
|
Adds new puppet and puppet pacemaker specific services for Zaqar.
The Pacemaker templates extend the default Zaqar services and swap in
the Pacemaker specific puppet-tripleo profile instead.
Change-Id: Ia5ca4fe317339dd05b0fa3d5abebca6ca5066bce
Depends-On: Ie215289a7be681a2b1aa5495d3f965c005d62f52
Depends-On: I0b077e85ba5fcd9fdfd33956cf33ce2403fcb088
Implements: blueprint composable-services-within-roles
|
|
|
|
|
|
|
|
This adds the necessary hieradata for enabling TLS in the internal
network for Barbican API.
bp tls-via-certmonger
Depends-On: I1c1d3dab9bba7bec6296a55747e9ade242c47bd9
Change-Id: Ib100faa9dc222f836695a0e8f6e101dc7637d1d6
|
|
|
|
|
|
|
|
|
|
Currently OVS tunnel firewall rules are held within the neutron ovs
agent service heat template. That service is not used with ODL, so
consequently ODL was missing the VXLAN and GRE firewall rules and
traffic would not pass between nodes. This adds the missing rules to
the OpenDaylight OVS service.
Closes-Bug: 1641191
Change-Id: Icfd7db6a3e8fcdd02646fb7e413f40f26b03b994
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
When the civetweb binding IP is version 6 it needs to be enclosed
in brackets or the bind socket parsing fails. The mangling happens
in puppet-tripleo, this change updates the templates to push the
appropriate hiera keys.
Change-Id: Ic7004d768ed5e0f2382ffaa57961ea0ef9162527
Closes-Bug: #1636515
Depends-On: Ib84fa3479c2598bff7e89ad60a1c7d5f2c22c18c
|
|
By default sensu-puppet is overring default list of varibles which should
be redacted. This patch enables to configure redact list and uses default
value given by [1]. This patch also serves as a workaround until [2]
is merged in the module itself (or in case it won't get merged).
[1] https://sensuapp.org/docs/0.24/reference/clients.html
[2] https://github.com/sensu/sensu-puppet/pull/580
Closes-Bug: #1641080
Closes-Bug: rhbz#1392473
Change-Id: I21201f734d2fbf5f571091603126cf11cfdd8c40
|
|
|
|
|
|
Closes-Bug: rhbz#1392428
Closes-Bug: #1640834
Change-Id: I2a1a869493ccb4c8d5b9aea26b8ef947750d2cfe
|
|
Simplify this file by removing the hard-coded resources and instead
generate the resources for each step via a loop.
Change-Id: Id89863b9e75769e1a85ebe8bfa4a554f7b38e357
|
|
This patch resolves a few issues I noticed when porting our
Neutron L3 service to support the new heat hiera agent hook (which
uses Json instead of Yaml).
- If NeutronExternalNetworkBridge is an emptry string '' Json was
dropping the single quotes thus causing the bridge to get set
incorrectly in the config file. To correct this we use a heat
conditional to avoid setting the external bridge (the '' default
is what we want in this case) if the bridge is an empty string.
Change-Id: I5037cbde6b76a37a4c22c4616278420e9d759109
Partial-bug: #1596373
|
|
This patch updates the Yaql expressions that work on role_data
so that they evaluate properly when the get_attr for role_data
is null.
I hit issues using this for the heat undercloud installer and this
seems to resolve them.
Change-Id: I0493d0525cd3ad280339f26ef9d3aa311af9962e
|
|
|
|
Adding these features are typically enabled by default
in any swift cluster.
See upstream sample:
https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample
Change-Id: I29915d1b86da5c47ec34acfb89ab8234e153bf31
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Depends-On: Ie323f68255a73d46e774cbf49d9353c3bf90c35e
|
|
When the manila api service is deployed
on a different role than the controller the
iptables rules on that role fail to ACCEPT
tcp at the manila API ports.
Add tripleo.manila_api.firewall_rules to
the relevant puppet services module.
Change-Id: I1c5459f5ba989657fd99fd72c7ac9f8781cc7206
Closes-Bug: #1640568
|
|
|
|
|
|
To improve security, we should disable the password reveal option in
horizon by default. An end user can override this options via their own
custom hiera if they would ultimately like to have this functionality.
Change-Id: Ie88dac5610840eb4b327252b32dc469099ba5f5f
Depends-On: Iacf899d595a2a3c522df1b96ca527731937ec698
Closes-Bug: 1640492
|
|
|
|
|
|
|
|
Depends-On: Icf45cf2aece398b836c87ddffde5d3056e96dc4d
Change-Id: I3577dc38a0b52092ee5e98a381eb52c3d2768c10
Signed-off-by: Thiago da Silva <thiago@redhat.com>
|
|
|
|
|
|
After deploying a fresh installed Overcloud or updating the stack
the haproxy configuration is updated correctly but no change in the
HA proxy stats happens.
This submission will add the missing resources to run pre and post
puppet tasks.
Closes-bug: 1640175
Change-Id: I2f08704daeee502c618256695a30ce244a1d7ba5
|
|
We do not encode the chars like [] possibly found in the artifacts
URL, so curl tries to glob against IPv6 addresses in brackets. This
change adds --globoff to the curl options so that IPv6 addresses in
brackets are not misinterpreted.
Closes-Bug: 1640148
Change-Id: Ic86ba1e5fb674bc15b4bcc6bd3ea9e943c4fbf8e
|
|
This adds the necessary hieradata for enabling TLS in the internal
network for Cinder API.
bp tls-via-certmonger
Depends-On: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863
Change-Id: I126e890076bc96b1cd166a919eff6aa1bb80510b
|
|
The renaming of the network to conform to correct case parsing was done
and converted OpenDaylightApiNetwork -> OpendaylightApiNetwork. There
was still a reference to the old network name which would result in an
empty value being pass to odl_bind_ip.
Closes-Bug: 1639944
Change-Id: I17fe348c4651420112b9b37711654a454e30b291
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
The commit that this depends on only works if heat is deployed in the
same node as keystone. Once we deploy them in different nodes, keystone
won't be able to retrieve the appropriate hieradata. This fixes that by
setting the appropriate hieradata to be deployed on the keystone service
by the heat profiles.
Change-Id: I1f08db68a14486526879d1a5a1ff78cb17686924
Depends-On: I7d42d04ef0c53dc1e62d684d8edacfed9fd28fbe
|
|
|
|
|
|
|
|
|
|
|
|
|