aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-02-06Remove precheck on services which run on httpd for upgradeMathieu Bultel2-6/+0
Those services is not handle with systemctl Change-Id: Ia57dffd42a11070696fda14f1e91de2993e63479
2017-02-06Remove openstack-ceilometer-api pre upgrade checkMarius Cornea1-3/+0
This change removes the pre upgrade check for a running openstack-ceilometer-api service as this service doesn't exists in Newton. Ceilometer API runs under httpd: [root@overcloud-controller-0 ~]# httpd -t -D DUMP_VHOSTS | grep ceilo 10.0.0.23:8777 overcloud-controller-0.internalapi.localdomain (/etc/httpd/conf.d/10-ceilometer_wsgi.conf:6) Change-Id: I5cbf8ccf72f9071e328f52d373cf9e8edf5793f4 Closes-Bug: 1661251
2017-02-06Automatically backup and restore Swift rings from the undercloudChristian Schwede1-0/+18
Swift rings created or updated on the overcloud nodes will now be stored on the undercloud at the end of the deployment. An additional consistency check is executed before storing them, ensuring all rings within the cluster are identical. These rings will be retrieved (before Puppet runs) by every node when an UPDATE is executed, and by doing this will be in a consistent state across the cluster. This makes it possible to add, remove or replace nodes in an existing cluster without manual operator interaction. Closes-Bug: 1609421 Depends-On: Ic3da38cffdd993c768bdb137c17d625dff1aa372 Change-Id: I758179182265da5160c06bb95f4c6258dc0edcd6
2017-02-06Merge "Provide a default value for Ironic cleaning_network configuration"Jenkins1-0/+9
2017-02-04Adds default Keystone region to regionOneRamon Acedo1-0/+5
Closes-Bug: #1661839 Change-Id: I9498be04749dc866d0423e75e57d4c07eaf3e904
2017-02-03Merge "Disable batch upgrade deployments for disabled roles"Jenkins1-43/+44
2017-02-03Merge "Reduce number of steps for upgrades"Jenkins3-14/+16
2017-02-03Merge "Simplify/fix config enabled conditions for upgrades"Jenkins1-12/+6
2017-02-03Merge "Configure VNC Server listen address through t-h-t"Jenkins1-0/+1
2017-02-03Composable service support for Cinder Dell EMC Storage Centerrajinir3-88/+85
Updated the heat templates for Cinder Dell EMC Storage Center Backend to use composable services Closes-Bug: #1661314 Change-Id: I454549c45da7388f0e42975c9f4637dde9ec51e3
2017-02-03Add registry and role service list entries for OctaviaBrent Eagles1-1/+3
This patch adds the Octavia services to the registry and controller role (disabled by default). Also included is an example environment file for enabling the services and required configuration. The API service profile is also amended configure the load balancer service provider in neutron to point to the octavia load balancer driver. Change-Id: I7f3bba950f5b1574ba842a39e93a8ac2b1ccf7bb Partially-implements: blueprint octavia-service-integration
2017-02-03Provide a default value for Ironic cleaning_network configurationDmitry Tantsur1-0/+9
Ironic will soon refuse to start when at least some value is not provided. Unfortunately, we do not create any overcloud[*] networks during deployment. Fortunately, Ironic does not validate this value until actual cleaning. So, this change sets it to "provisioning", which is what people often use. An update will follow to the documentation to recommend this name: http://tripleo.org/advanced_deployment/baremetal_overcloud.html#configuring-cleaning A new parameter is created for this value, with a reminded to change it to an actual UUID later on. While a pre-defined name will work in a simplest case, in a real multi-tenant deployment a network name conflict is possible. Using a UUID is safer in this regard. [*] networks created in overcloud neutron Change-Id: I1b7dc2ff70d3b76f19a183a60e88cf72f6d2a318 Closes-Bug: #1661082
2017-02-03Remove openstack-ceilometer-expirer checkCarlos Camacho1-4/+0
This wont work as openstack-ceilometer-expirer cant be listed from systemctl. Also we are not runing any upgrade task. i.e.: [root@overcloud-controller-0 ceilometer]# systemctl list-units | grep ceilometer openstack-ceilometer-api.service loaded active running OpenStack ceilometer API service openstack-ceilometer-central.service loaded active running OpenStack ceilometer central agent openstack-ceilometer-collector.service loaded active running OpenStack ceilometer collection service openstack-ceilometer-notification.service loaded active running OpenStack ceilometer notification agent Change-Id: Ia9f7d3744264af1a37c06b9c8878cd95bed4e1c5
2017-02-03Disable batch upgrade deployments for disabled rolesSteven Hardy1-43/+44
Currently we don't correctly disable the batch_upgrade_tasks, so rework the loops to ensure we only create the batch deployments for roles which enabled upgrades. Note this modifies some loop whitespace too which cleans up the rendered output and makes it a bit more readable/compact. Change-Id: I1c257dcc351e99efa54f9cae4b3009287908756e Partially-Renders: blueprint overcloud-upgrades-per-service
2017-02-03Reduce number of steps for upgradesSteven Hardy3-14/+16
We don't need all the steps currently enabled for either batched or concurrent updates, so decrease them. In future we can perhaps introspect the task tags during plan creation and set these dynamically. Change-Id: I0358886a332dfbecd03bc4a67086b08d25756c22 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-02-03Simplify/fix config enabled conditions for upgradesSteven Hardy1-12/+6
We should enable each kind of upgrade per role, not per step so rework the conditions, and also only apply it to the deployment (to save the round-trip to the nodes applying an empty config) but don't disable the *Config resources as the overhead of these is small, and we reference the Step1 config in the outputs, even if it's empty. Change-Id: Iee2f1fb5b1d8b0b6001c6ab0f2a4ef2858cef281 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-02-03Disable puppet on upgrade for roles not upgradingSteven Hardy4-89/+130
Where the role has disabled upgrades, we need to skip both the ansible and puppet steps. To do this we refactor the post.j2.yaml so that it can be included in the upgrade template with an adjusted list of roles. Note this requires https://review.openstack.org/#/c/425220/ - this change will be required for local testing of this patch (run mistral-db-mange populate after updating tripleo-common and restart the mistral services, or update your repos and re-run openstack undercloud install). Partially-Implements: blueprint overcloud-upgrades-per-service Change-Id: Ie7d0fa6fef3528bd93e6cde076b964ea8de3185a
2017-02-02Remove old host paramPradeep Kilambi1-6/+0
Change-Id: Ib9e1a4ccdf447455a330687184eae471b9f3f4d4 Depends-On: I2b48d23006e38f56f04456b4556374bf0fcdb14a
2017-02-02Switch item notation to jinja formatMarius Cornea1-2/+2
This change fixes the item variable notation in puppet/services/ceph-osd.yaml. Change-Id: I4d105619e4ac913b4a711bf91fea5f6e3c9b4caa Closes-Bug: 1661339
2017-02-02OVN plugin configuration fixesBabu Shanmugam2-10/+23
This patch renames certain ovn plugin and controller configuration parameters as well as adds some additional ml2 configuration parameters. It also disables the need for the neutron metadata agent. Co-authored-by: Numan Siddique <nusiddiq@redhat.com> Change-Id: Idc9e7ef4a1b88013bca3eac3c136e4710e38a5c0
2017-02-02Merge "Allow the override of pacemaker::corosync::settle_tries"Jenkins1-0/+7
2017-02-02Add pacemaker composable upgrade stepsMathieu Bultel1-0/+15
This review adds the pacemaker ansible upgrade steps into the pacemaker service manifest. It makes use of the ansible-pacemaker module which for now is at https://github.com/redhat-openstack/ansible-pacemaker Change-Id: I33c798a198046d5f66e6b20f86080a8187dc208b
2017-02-02Merge "Temporary UCSM mapping files should be opened with write mode"Jenkins1-2/+6
2017-02-02Merge "Don't run ceilometer-upgrade via upgrade_tasks"Jenkins1-3/+0
2017-02-02Remove unused SR-IOV parameter NeutronSupportedPCIVendorDevsSaravanan KR1-7/+0
This parameter has been removed in neutron from the sriov conf file, in Ocata. Removing the parameter from tripleo. Closes-Bug: #1660929 Change-Id: Icd8a1f6c9049434fd86ceeb24881e1ed49f2bb17
2017-02-01Configure VNC Server listen address through t-h-tJuan Antonio Osorio Robles1-0/+1
This adds an entry for libvirt (which is used by the VNC server) on which we can tell it via t-h-t on which IP address to listen on. Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b Related-Bug: #1660099
2017-02-01Don't run ceilometer-upgrade via upgrade_tasksSteven Hardy1-3/+0
This needs to be run by puppet or ansible runs it as root and the later run by puppet fails due to permissions on the logfile. Probably we need to remove the *sync calls for most services to avoid similar issues, now that we're running puppet as part of the pre-converge upgrade process but that will be done in another patch. Change-Id: I808db2c175325a25058226842684558ea06fb5c5 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-31Add ability to toggle swift's ceilometer transport_url SSLJuan Antonio Osorio Robles1-0/+7
So, if RabbitClientUseSSL is set, this will enable TLS for the swift's ceilometer message broker connection. Change-Id: Ide70a509aefc9e7eb9d7cc5b3a60520fa42b4010 Depends-On: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
2017-01-31Merge "Configure DPDK options to isolate PMD cores and ovs process cores"Jenkins1-1/+7
2017-01-30Merge "Add upgrade support for CephRGW service"Jenkins1-0/+11
2017-01-30Introduce Octavia implementation servicesBrent Eagles3-0/+233
Initial service definition files for Octavia backend services. Change-Id: I1ae2bc0387dff5218f731f1860277dc1ad2b9528 Partially-implements: blueprint octavia-service-integration Depends-On: Ic6f945cdf36744382a4a63fcc374d5562964ca68 Depends-On: I1dd1873b646e8569ed0a85c5ee7eb3bec3a8b1fa
2017-01-27Merge "Add AuditD composable service"Jenkins1-0/+34
2017-01-27Merge "Pass parameters for TLS proxy in front of neutron server"Jenkins1-1/+32
2017-01-27Merge "Remove create-legacy-resource-types opts"Jenkins1-1/+1
2017-01-27Pass parameters for TLS proxy in front of neutron serverJuan Antonio Osorio Robles1-1/+32
If TLS in the internal network is enabled, we run neutron-server behind a TLS proxy (which is actually httpd's mod_proxy). This passes the necessary hieradata. bp tls-via-certmonger Depends-On: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e Change-Id: I9252512dbf9cf2e3eec50c41bf10629d36070bbd
2017-01-27Add AuditD composable serviceSteven Hardy1-0/+34
This patch allows the management of the AuditD service and its associated files (such as `audit.rules`) This is achieved by means of the `puppet-auditd` puppet module. Also places ssh banner capabilities map on top of patch Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
2017-01-27Merge "Adds a pre-upgrade check that service is running (step0)"Jenkins30-1/+92
2017-01-27Merge "Adds SSH Banner text into sshd_config"Jenkins1-0/+34
2017-01-27Adds a pre-upgrade check that service is running (step0)marios30-1/+92
Adds a step0 for most services to check that the state is running before continuing with any of the other upgrades steps (these are tagged step0). You can skip this service check by overriding the SkipUpgradeConfigTags parameter as follows: parameter_defaults: SkipUpgradeConfigTags: validation Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
2017-01-27Allow the override of pacemaker::corosync::settle_triesMichele Baldessari1-0/+7
When replacing a controller node, Exec['wait-for-settle'] needs to timeout, which means that the command pcs cluster auth will be executed 360 times with 10 seconds in between. So that means waiting for an hour for no reason. Let's allow to override the settle_tries counter so an operator can shorten it accordingly. Tested this by setting CorosyncSettleTries to 100 and I correctly get proper hiera settings: $ hiera pacemaker::corosync::settle_tries 100 And effectively we try a number of 100 times as opposed to the 360 default: /Stage[main]/Pacemaker::Corosync/Exec[reauthenticate-across-all-nodes]/returns (debug): Exec try 1/100 Change-Id: I5e21b4215cb0b8686d2059b3d71e2444a96719dc Closes-Bug: #1659741
2017-01-26Allow to separate Horizon from NeutronEmilien Macchi1-0/+3
Allow to deploy 2 different nodes with Neutron and another with Horizon. Horizon will get the right hieradata to collect the mechanism driver and configure the dashboard correctly. Change-Id: I24621f6a7d053cff487984bab0d10a4a97204675 Closes-Bug: 1659662
2017-01-26Merge "Add telemetry service support for composable upgrades"Jenkins13-0/+64
2017-01-26Merge "Do not try to update the 'ceph' metapackage from CephMon role"Jenkins2-1/+7
2017-01-26Remove create-legacy-resource-types optsPradeep Kilambi1-1/+1
This flag is quite old and doesnt work as expected anymore. Let ceilometer upgrade create these reource types instead. Change-Id: I71ea6e2fd9418095de658d709c14bb3006ca2753
2017-01-26Merge "Conform CephExternal template to the new hiera hook"Jenkins1-17/+17
2017-01-26Merge "Add Ceph RBD mirror Pacemaker profile"Jenkins1-0/+47
2017-01-26Merge "Allow dnsmasq_dns_servers to be configured for DHCP Agent"Jenkins1-0/+5
2017-01-26Merge "Use versionless keystone endpoint for barbican-related configurations"Jenkins1-2/+2
2017-01-26Add upgrade support for CephRGW serviceGiulio Fidente1-0/+11
Implements minor upgrade of the ceph-radosgw service. Change-Id: I4c064bf996ec6bb7eba41ab6384bd953a8ec920f Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-26Merge "Set the correct default for gnocchi workers"Jenkins1-1/+1