aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-08-08Make HA container bundle work on remote nodesMichele Baldessari1-0/+13
Right now when we deploy an HA bundle on a pacemaker remote node, the deploy will fail due to the fact that the bundle includes tripleo::profile::base::pacemaker which makes a call to hiera('hacluster_pwd') which will fail on pcmk remote nodes. While we could noop the profile on pcmk nodes, it's much simpler to just make sure this hiera key exists on pcmk remote nodes. Also make sure that pacemaker::corosync::manage_fw is set to false on remote nodes, otherwise the mere inclusion of the pacemaker profile will cause iptables-save to run in a container and thus failing. Change-Id: I09b3e54a470cc2d600a701d23463962501c5c9d6
2017-08-08Make cinder-manage db sync run on only one controller during upgradeSofer Athlan-Guyot1-7/+13
We got to ensure that the cinder-manage db sync is run on only one controller. Change-Id: I88a6aa4c49d893b95a26795fbfcf163a780fd0bc Closes-Bug: #1709315
2017-08-07Create parameters for haproxy TLS certs and keysJuan Antonio Osorio Robles2-11/+55
this removes the hardcoded paths for the haproxy certs and keys and will enable re-use. We'll use this in a further commit in the containterized TLS work. Change-Id: I602e5a569e2e7e60835deb80532abcedd7a1f63d
2017-08-07Use number for KeystoneCronTokenFlushMaxDelay instead of stringJuan Antonio Osorio Robles1-2/+2
Using a string results in an erroneous check in puppet-keystone, which sets up a zero where it shouldn't. So we change it to number to avoid that. Note that there will also be a puppet-keystone fix for this. Changing the value here assures that deployers only give valid values to this parameter. Change-Id: I00823e23358df91ce54f421c12636f05d4196e15 Closes-Bug: #1708584
2017-08-05Merge "Start redis service after upgrade"Jenkins1-0/+3
2017-08-04Change the directory for haproxy certs/keys to be service-specificJuan Antonio Osorio Robles2-7/+11
This moves the directories containing the certs/keys for haproxy one step further inside the hierarchy. This way we will be able to bind-mount this certificate into the container without bind-mounting any other certs/keys from other services. bp tls-via-certmonger-containers Depends-On: Iba3adb9464a755e67c6f87d1233b3affa8be565a Change-Id: I73df8d442b361cb5ef4e343b4ea2a198a5b95da9
2017-08-04Merge "Changing the default port-binding configuration"Jenkins2-2/+46
2017-08-03Update EventPipelinePublisher param description to include zaqarPradeep Kilambi1-0/+2
Since we now support zaqar:// publisher, Enhance the description to indicate how to set the zaqar publisher. Change-Id: Ib7eba98d199fade2346620672e33b74686d4685b
2017-08-03Merge "Make UpgradeLevelNovaCompute parameters consistent"Jenkins2-2/+2
2017-08-03Addition of Nuage as mechanism driver for ML2lokesh-jain3-0/+111
Adding composable services for Nuage mechanism driver for ML2. This is separate from Nuage as the core plugin and intentional duplication of Nuage under puppet services. Parameters required for working of Nuage as mechanism driver are also added. Change-Id: I2b564610721152c4f4dab9da79442256ba8d0b33
2017-08-03Merge "Make many networking parameters consistent"Jenkins5-8/+7
2017-08-03Merge "Make RoleParameters and key_name descriptions consistent"Jenkins6-6/+6
2017-08-03Merge "Set redis password hiera value in compute agent"Jenkins1-0/+5
2017-08-02Make UpgradeLevelNovaCompute parameters consistentBen Nemec2-2/+2
There is logic in nova-base.yaml that depends on the default for this parameter being '', and the nova-compute service only needs it set to auto during upgrade. That will be done by [1] anyway, so it doesn't matter what the default is. It's also not clear to me that the nova-compute task is even needed now that we're post-Ocata, but that's not a change I feel comfortable making. 1: https://github.com/openstack/tripleo-heat-templates/blob/master/environments/major-upgrade-composable-steps.yaml Change-Id: Iccfcb5b68e406db1b942375803cfedbb929b4307 Partial-Bug: 1700664
2017-08-02Make many networking parameters consistentBen Nemec5-8/+7
These are mostly the low hanging fruit that only required a few minor changes to fix. There are more that require a lot of changes or might be more controversial that will be done later. Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62 Partial-Bug: 1700664
2017-08-02Make RoleParameters and key_name descriptions consistentBen Nemec6-6/+6
The key_name default is ignored because the parameter is used in some mutually exclusive environments where the default doesn't need to be the same. Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7 Partial-Bug: 1700664
2017-08-02Start redis service after upgradePradeep Kilambi1-0/+3
We install redis if its not already there, but we should also ensure redis service is started in the next step 4. related to issues we're seeing in I284de61bbefac9e9b37390650016643ffe38b5cc Change-Id: Ic01db53ea8669f14e87f6987045b2be5a3480024
2017-08-02Merge "Fix iscsid role data's section"Jenkins1-1/+1
2017-08-01Set redis password hiera value in compute agentPradeep Kilambi1-0/+5
Without this config defaults to undef in containers Change-Id: Id47f365364e7b0d399de92995871b136550cd625
2017-07-31Merge "Add 'ovn-controller' service"Jenkins2-4/+32
2017-07-28Merge "Enable Zaqar API SSL"Jenkins1-1/+3
2017-07-27Changing the default port-binding configurationItzik Brown2-2/+46
networking-odl no longer supports the network-topology port binding controller and instead now relies on a pseudo-agent binding controller. This means that each OVS node must be configured with host configuration in OVSDB about which VIF types, network types, functions, etc that this OVS node supports. The end result is this affects where nova and neutron will schedule instances. Changes Include: - Modifying default port binding controller to use pseudo agent - Adds necessary per role parameters to be able to configure host config on a per role basis to allow for heterogenous compute node configurations. Change-Id: I50458abf6a8a6bf724ad97accb6444d9c497d287 Closes-Bug: 1674995 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-27Add 'ovn-controller' serviceNuman Siddique2-4/+32
Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml) is started only on compute nodes. But for the cases where the controller nodes provide the north/south traffic, we need ovn-controller service runninng in controller nodes as well. This patch - Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more sense and sets the service name as 'ovn-controller'. - Adds the service 'ovn-controller' to Controller and Compute roles. - Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3 Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53 Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5
2017-07-27Fix iscsid role data's sectionDamien Ciabrini1-1/+1
The iscsid service definition has a typo, config_setting should read config_settings Change-Id: I12605dba61fd5f6ce80c3ab78e883ed5ebf3ca62
2017-07-27Enable Zaqar API SSLThomas Herve1-1/+3
This sets the SSL flag in the docker service and expose the parameter in the docker service. Depends-On: I4c68a662c2433398249f770ac50ba0791449fe71 Change-Id: Ic3df2b9ab7432ffbed5434943e04085a781774a0
2017-07-27Merge "Adding Tuned Service"Jenkins1-0/+50
2017-07-26Merge "aodh: add gnocchi_external_project_owner config"Jenkins1-0/+5
2017-07-26Merge "Stop Heat WSGI services on docker upgrade"Jenkins1-1/+1
2017-07-26Merge "Ps Cinder: Added support for password less login"Jenkins1-0/+4
2017-07-26Merge "Add parameters for Veritas HyperScale distributed setup."Jenkins1-2/+38
2017-07-26Merge "Add NodeTLSData to generic role.role.j2.yaml"Jenkins1-2/+29
2017-07-26Merge "Make various password descriptions consistent"Jenkins15-16/+17
2017-07-26Merge "Stop also openstack-swift-object-expirer when upgrading swift services"Jenkins1-0/+1
2017-07-25Add NodeTLSData to generic role.role.j2.yamlSteven Hardy1-2/+29
This is currently included in the controller-role template, so we need to add it to the generic role.role.j2.yaml in order to convert the controller-role template to be rendered via j2 Change-Id: I01bf01c8a31e4cc26f202dd1774845ec33f50bcd Partially-Implements: blueprint composable-networks
2017-07-25Adding Tuned ServiceJoe Talerico1-0/+50
Allow the user to set a specific Tuned profile on a given host. Defaults to throughput-performance Change-Id: I0c66193d2733b7a82ad44b1cd0d2187dd732065a
2017-07-25Contrail network realignement + DPDK enablementMichael Henkel10-107/+213
This patch moves Contrail roles communication from public/external to internal_api network for OpenStack API. It also adds the option to enable dpdk. Monolithic firstboot script is broken down into small pre-network and per-node extraconfig scripts Change-Id: I296a3bf60cef6fa950fd71d6e68effe367d1e66b Closes-Bug: 1698422
2017-07-25Merge "Modifying Cisco templates to support composable roles"Jenkins1-50/+14
2017-07-25Merge "Increase default RabbitMQ/Erlang TCP timeout from 5 to 15 seconds"Jenkins1-1/+1
2017-07-25Merge "Add metadata_settings in Heat APIs"Jenkins3-0/+6
2017-07-24Modifying Cisco templates to support composable rolesSandhya Dasu1-50/+14
Change-Id: I21fee832aeeb9780f818ae869ea8714f28bbe4a0 Closes-bug: #1704853
2017-07-24Merge "Revert "Disable systemd-networkd & systemd-resolved""Jenkins2-8/+0
2017-07-24Merge "Set name property on missing deployments"Jenkins1-0/+1
2017-07-24Add parameters for Veritas HyperScale distributed setup.abhishek.kane1-2/+38
Add more parameters to Veritas Hyperscale's composable service, which will be relevant in distributed setup. Change-Id: Ib1b90edbf17ea7f14bdbed4857241fca86b87a18 Signed-off-by: abhishek.kane <abhishek.kane@veritas.com>
2017-07-24Merge "Add support for nova live/cold-migration with containers"Jenkins3-12/+84
2017-07-24Merge "Remove non-containerized pacemaker resources on upgrade"Jenkins1-18/+1
2017-07-24Add metadata_settings in Heat APIsThomas Herve3-0/+6
We don't expose metadata_settings in Heat services, so SSL shouldn't work. Change-Id: I411085d9b249e54a2462de5efe4abf8f0865c0c2
2017-07-24Merge "Refactor iscsi initiator-name reset into separate service"Jenkins1-0/+41
2017-07-24Merge "Support configurable Zaqar backends"Jenkins1-14/+65
2017-07-24Support configurable Zaqar backendsDan Prince1-14/+65
This patch adds parameters to configure alternative version of the Zaqar messaging and management backends. The intent is to make use of these settings in the containers undercloud to use swift/mysql backends as a default thus avoiding the dependency on MongoDB. Change-Id: Ifd6a561737184c9322192ffc9a412c77d6eac3e9 Depends-On: Ie6a56b9163950cee2c0341afa0c0ddce665f3704 Depends-On: I3598e39c0a3cdf80b96e728d9aa8a7e6505e0690
2017-07-23Add support for nova live/cold-migration with containersOliver Walsh3-12/+84
Updates hieradata for changes in https://review.openstack.org/471950. Creates a new service - NovaMigrationTarget. On baremetal this just configures live/cold-migration. On docker is includes a container running a second sshd services on an alternative port. Configures /var/lib/nova/.ssh/config and mounts in nova-compute and libvirtd containers. Change-Id: Ic4b810ff71085b73ccd08c66a3739f94e6c0c427 Implements: blueprint tripleo-cold-migration Depends-On: I6c04cebd1cf066c79c5b4335011733d32ac208dc Depends-On: I063a84a8e6da64ae3b09125cfa42e48df69adc12