aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-03-09Merge "Pass hieradata for internal TLS for RabbitMQ"Jenkins3-46/+119
2017-03-09Merge "Keystone token flush cron job should log to a file"Jenkins1-1/+1
2017-03-09Pass hieradata relevant for httpd in the Heat APIsJuan Antonio Osorio Robles3-18/+104
The patch this depends on passes through the classes some parameters that are meant to be passed via t-h-t. This patch addresses these and other things required for deploying these services over httpd: * Set the number of workers taking care not to set this value to 0. * Add the apache base hieradata to the service profiles. * Set the servernames and other httpd-specific values. bp tls-via-certmonger Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6 Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
2017-03-09Improve SSL support for SensuMartin Mágr1-1/+14
This patch allows operator to create SSL certificates for SSL auth to RabbitMQ. Change-Id: I250aedcfdbe3b7a7e8c611c0e6122cf8fe0edda4
2017-03-09Merge "Add validation for VPP upgrade tasks"Jenkins1-1/+11
2017-03-09Merge "Set number of Swift proxy server workers to auto"Jenkins1-2/+2
2017-03-09Pass hieradata for internal TLS for RabbitMQJuan Antonio Osorio Robles3-46/+119
As with other services, this passes the necessary hieradata to enable TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo) that there will only be TLS connections, as the ssl_only option is being used. bp tls-via-certmonger Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5 Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
2017-03-09Merge "sahara: configure keystone_authtoken parameters"Jenkins1-3/+5
2017-03-08Enables increasing mariadb open files for noha deploymentsTim Rozet1-0/+6
There is currently an issue where the max open files limit is hit with MariaDB in noha deployments, because it is defaulted to 1024 by system limits. In HA deployments the limit is bumped to 16384. This patch introduces a flag to be able to increase the limit to 16384 for noHA deployments. In the future we should change this to be an integer, and let the operator decide the setting. Since this setting is set in a different path for HA, we would need to implement a change that allows setting both (ha and nonha) via the same integer param. Depends-On: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6 Closes-Bug: #1648181 Related-Bug: #1524809 Change-Id: I95393fc798b833a8575afbff03ef74a839565c5e Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-08sahara: configure keystone_authtoken parametersEmilien Macchi1-3/+5
Configure keystone_authtoken for Sahara service. Change-Id: I045b7d1d52851ab0d532a8524fcea95705e3db78 Partial-implement: blueprint keystone-v3
2017-03-08barbican: Use versionless keystone endpointsJuan Antonio Osorio Robles1-3/+3
This also moves the explicit usages of the Keystone V3 endpoint fromt he EndpointMap, as using the uri_no_suffix defeats that usage. Change-Id: I5f07a0cee07fa28b88c419e25e014094004b1bce Partial-Implement: blueprint keystone-v3
2017-03-07Remove glance-base serviceEmilien Macchi2-136/+95
glance-base is not useful anymore since we only run Glance API service and there is no plan yet to add new services for Glance. Let's cleanup this useless service and consolidate glance-api service. Change-Id: I73cd0def2ae73e0bd52104c6710998df4a0d2e58
2017-03-07sshd template, rename hiera keySteven Hardy1-1/+1
This means we can remove the special BannerText hiera reference in the puppet-tripleo profile Change-Id: Id4c8b853fa0e9bcdffe2cf7cd1554a9be7451b25
2017-03-07Merge "Add docker composable service template"Jenkins1-0/+43
2017-03-07Merge "Adds upgrade tasks for OpenDaylight services"Jenkins2-0/+37
2017-03-06Merge "Cinder-api upgrade: use httpd instead of apachectl"Jenkins1-1/+1
2017-03-06Fix bogus parameters in get_paramBogdan Dobrelya2-2/+2
Change-Id: I1b5658efaaa26c473ceef184a962ec320f267ffe Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-03-06Add docker composable service templateSteven Hardy1-0/+43
This uses a puppet-tripleo profile to configure and start docker in step1 of the deployment, which is before we attempt to deploy any containers (see docker/services/README.rst#docker-steps) This enables existing environments on upgrade to configure things correctly, without using the docker/firstboot/setup_docker_host.sh - the firstboot approach may still be needed for atomic, but for environments where we can run puppet on the host this integrates more cleanly with our existing architecture I think. Depends-On: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea Change-Id: If4ffe21579bcb2770f4e5a96be7960b52927a27b
2017-03-06Merge "Make neutron dhcp agents per network conditional"Jenkins1-16/+23
2017-03-06Merge "Use the new hiera hook in all remaining templates"Jenkins7-160/+153
2017-03-06Add validation for VPP upgrade tasksFeng Pan1-1/+11
Change-Id: I54a3cac11ae63c553f831a3f8eeca2cbe4cc88d3 Signed-off-by: Feng Pan <fpan@redhat.com>
2017-03-06Cinder-api upgrade: use httpd instead of apachectlJuan Antonio Osorio Robles1-1/+1
It doesn't work downstream, so the httpd command was recommended. Change-Id: I4807333b80dad10f16e5deb56cbfdda656cd1e50
2017-03-06Merge "ec2-api: Get FQDN from hiera instead of puppet fact"Jenkins1-2/+2
2017-03-06Use the new hiera hook in all remaining templatesmarios7-160/+153
The new hiera hook in I21639f6aadabf9e49f40d1bb0b1d0edcfc4dbc5e was added to most of the tripleo-heat-templates in Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1 The new hook is installed by default if you use tripleo-common Ia1864933235152b7e899c4442534879f8e22240d and will be installed as part of the Newton to Ocata upgrades workflow in I0c7a32194c0069b63a501a913c17907b47c9cc16 In order to use the new hiera data as part of the upgrade we need to remove the old hieradata which will break anyone still defining and using it. This change updates the remaining vendor plugin manifests to use the new hiera hook. The pre-requisite is that the new hook is installed on their overcloud (as above it comes if you follow the N..O upgrade) Change-Id: Ic95154734cb21e6b941c7f1569295b413963831d
2017-03-04Update properties being set for octavia rabbit propertiesBrent Eagles1-3/+3
A change to puppet-tripleo (Iea5607dbb3ee6b1dd50acc1395de52dc920aa915) altered altered which hieradata was consumed for octavia. This updates the heat templates to sync with that change. Change-Id: I572dd4c25f25ab2ea8b10cabfa4773fae2a2bc91 Closes-Bug: #1670058
2017-03-04Merge "etcd: Get FQDN from hiera instead of puppet fact"Jenkins1-1/+1
2017-03-03etcd: Get FQDN from hiera instead of puppet factJuan Antonio Osorio Robles1-1/+1
The puppet facts will be removed soon and using the hiera value is adviced instead. Change-Id: I318f81abaac997370e950780993dc95cae088327
2017-03-03ec2-api: Get FQDN from hiera instead of puppet factJuan Antonio Osorio Robles1-2/+2
The puppet facts will be removed soon and using the hiera value is adviced instead. Change-Id: I3ba89dd9bd471c5723325efc9041ca6da937ccc5
2017-03-02Fix Panko API upgrade processEmilien Macchi1-1/+5
Upgrade process wasn't consistent and correct. Change-Id: Id1f810d33c2909957be9a2c96d18c96dee939953
2017-03-02Merge "Make UpdateDeployment depend on NetworkDeployment"Jenkins6-0/+6
2017-03-02Merge "Add upgrade task for panko api"Jenkins1-5/+14
2017-03-02Merge "Upgrades: fix up the rabbitmq HA mode like in new ocata deployments"Jenkins1-0/+29
2017-03-02Add upgrade task for panko apiPradeep Kilambi1-5/+14
Change-Id: Icc5fbf99301ae47344e1582767e1e7a4687f491b
2017-03-02Upgrades: fix up the rabbitmq HA mode like in new ocata deploymentsMichele Baldessari1-0/+29
In ocata we changed the rabbitmq ha policy to "ha-exactly" via the following changes: - tht: Iace6daf27a76cb8ef1050ada0de7ff1f530916c6 - puppet-tripleo: Ib62001c03e1e08f58cf0c6e0ba07a8879a584084 We took care of the upgrade path via I3a97505d2ae1ae27f3080ffe74c33fdabffd2420 With the move to the ansible-based composable upgrades we left this change out. And now an upgraded environment has the following policy: - Upgraded environment Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}" - New environment Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}" We need to add this pcs resource change to the our upgrade scripts. Change-Id: I3c4113c207e9d0c45be43df7c2379ac26cb60692 Closes-Bug: #1668600
2017-03-01Adds upgrade tasks for OpenDaylight servicesTim Rozet2-0/+37
Change-Id: I740b20b12acb3740886409bff86c4989f0a066f4 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-03-01Add mistral service support for composable upgradesSteven Hardy3-0/+57
Change-Id: I189edaf69c0e97a3399e6af939595f98322d7c03 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-03-01upgrades/validation: only run validation when services existEmilien Macchi36-5/+270
During upgrades, validation test if a service is running before the upgrade process starts. In some cases, servies doesn't exist yet so we don't want to run the validation. This patch makes sure we check if the service is actually present on the system before validating it's running correctly. Also it makes sure that services are enabled before trying to stop them. It allows use-cases where we want to add new services during an upgrade. Also install new packages of services added in Ocata, so we can validate upgrades on scenarios jobs. Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
2017-03-01Merge "Adding keystone parameters for Tacker"Jenkins1-3/+11
2017-03-01Merge "Add etcd composable upgrade steps"Jenkins1-0/+15
2017-03-01Merge "Put service stop at step1 and quiesce at step2."Jenkins49-55/+68
2017-03-01Make UpdateDeployment depend on NetworkDeploymentSteven Hardy6-0/+6
Prior to https://review.openstack.org/#/c/271450/ os-net-config was applied via os-refresh-config directly, which meant that even though UpdateDeployment and NetworkDeployment can be created concurrently, we'd always do the os-net-config step first. However now that we apply both steps via scripts (which are both handled via the same heat-config hook) we should add an explicit dependency to ensure the network is always fully configured before attempting to run any update. This should avoid the risk of e.g running an update on initial deployment before the network connectivity to access yum repos is in place. Change-Id: Idff7a95afe7b49b6384b1d0c78e76522fb1f8eb7 Related-Bug: #1666227
2017-03-01Merge "upgrades: fix ec2api conditional"Jenkins1-2/+2
2017-03-01Merge "mysqlclient: Use actual parameter in puppet to set bind-address"Jenkins1-1/+1
2017-03-01Merge "Adding keystone parameters for Congress"Jenkins1-3/+11
2017-02-28Put service stop at step1 and quiesce at step2.Sofer Athlan-Guyot49-55/+68
In the previous release[1], the services were stopped before the pacemaker services, so that they get a chance to send last message to the database/rabbitmq queue: Let's do the upgrade in the same order. [1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71 Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218
2017-02-28upgrades: fix ec2api conditionalEmilien Macchi1-2/+2
Rename ec2-api_enabled to ec2_api_enabled so we avoid this error: The conditional check 'ec2-api_enabled.rc == 0' failed. The error was: error while evaluating conditional (ec2-api_enabled.rc == 0): 'api_enabled' is undefined"} Change-Id: Id325fd7eba397155eac7fb6c7410f88486173ba1
2017-02-28Merge "Switch central and compute templates to use polling agent"Jenkins2-2/+4
2017-02-28Adding keystone parameters for TackerDan Radez1-3/+11
Change-Id: I256d2fcb6353d029750113c1fec59a89c82583ca
2017-02-28Make neutron dhcp agents per network conditionalBrent Eagles1-16/+23
While the heat templates specify a default value of 3, it rarely seems to have an effect as the tripleoclient is setting this according to the controller scale. This was fine before composable roles, but it is now invalid. While the client needs to be modified to no longer set this according to controller scale, the template should default to a sentinel value that will allow the puppet code to determine the proper value by the number of hosts that have the neutron dhcp agent deployed on them. Depends-On: I5533e42c5ba9f72cc70d80489a07e30ee2341198 Partial-bug: #1632721 Change-Id: I06628764c4769d91bbc42efe1c722702d6574d02
2017-02-28Merge "Add auditd upgrate steps"Jenkins1-0/+15