aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-06-14Merge "Enable heat/puppet to manage the fernet keys and make it configurable"Jenkins1-1/+9
2017-06-14Merge "Use KeystoneFernetKeys instead of individual parameters"Jenkins1-7/+19
2017-06-14Update Panko api portPradeep Kilambi1-2/+2
The current port conflicts with trove. This is updated in puppet module. See related change: https://review.openstack.org/#/c/471551/ Change-Id: Iefacb98320eef0bca782055e3da5d243993828d7
2017-06-14Merge "Dell SC: Add exclude_domain_ip option"Jenkins1-0/+4
2017-06-14Merge "Add fqdn_external"Jenkins6-0/+6
2017-06-14Enable heat/puppet to manage the fernet keys and make it configurableJuan Antonio Osorio Robles1-1/+9
With the addition of the KeystoneFernetKeys parameter, it's now possible to do fernet key rotations using mistral, by modifying the KeystoneFernetKeys variable in mistral; subsequently a rotation could happen when doing a stack update. So this re-enables the managing of the key files by puppet. However, this is left configurable, as folks might want to manage those files out-of-band. bp keystone-fernet-rotation Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
2017-06-14Use KeystoneFernetKeys instead of individual parametersJuan Antonio Osorio Robles1-7/+19
This uses the newly introduced dict with the keys and paths instead of the individual keys. Having the advantage that rotation will be possible on stack update, as we no longer have a limit on how many keys we can pass (as we did with the individual parameters). bp keystone-fernet-rotation Change-Id: I7d224595b731d9f3390fce5a9d002282b2b4b8f2 Depends-On: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
2017-06-14Merge "Add support for Cinder "NAS secure" driver params"Jenkins2-0/+24
2017-06-13Merge "Change HorizonSecureCookies default to False"Jenkins1-1/+1
2017-06-13Merge "Add support to configure Num of Storage sacks"Jenkins1-1/+9
2017-06-13Merge "Configure credentials for ironic to access cinder"Jenkins1-0/+6
2017-06-13Add fqdn_externalAlex Schultz6-0/+6
In newton, we used to construct the fqdn_$NETWORK in puppet-tripleo for external, internal_api, storage, storage_mgmt, tenant, management, and ctrlplane. When this was moved into THT, we accidently dropped external which leads to deployment failures if a service is moved to the external network and the configuration consumes the fqdn_external hiera key. Specifically this is reproduced if the MysqlNetwork is switch to to exernal, then the deployment fails because the bind address which is set to use fqdn_external is blank. Change-Id: I01ad0c14cb3dc38aad7528345c928b86628433c1 Closes-Bug: #1697722
2017-06-13Modify PreNetworkConfig config inline with role-specific parametersSaravanan KR6-0/+30
Existing host_config_and_reboot.role.j2.yaml is done in ocata to configure kernel args. This can be enhanced with use of role-specific parameters, which is done in the current patch. The earlier method is deprecated and will be removed in Q releae. Implements: blueprint ovs-2-6-dpdk Change-Id: Ib864f065527167a49a0f60812d7ad4ad12c836d1
2017-06-12Add support to configure Num of Storage sacksPradeep Kilambi1-1/+9
Gnocchi 4 supports storage sacks during upgrade. lets make this configurable if we want to use more metricd workers. Change-Id: Ibb2ee885e59d43c1ae20887ec1026786d58c6b9e
2017-06-12Merge "Moving *postconfig where it was *postpuppet"Jenkins1-11/+16
2017-06-12Moving *postconfig where it was *postpuppetCarlos Camacho1-11/+16
We need to ensure that the pacemaker cluster restarts in the end of the deployment. Due to the resources renaming we added the postconfig resource not in the end of the deployment as it was *postpuppet. Closes-bug: 1695904 Change-Id: Ic6978fcff591635223b354831cd6cbe0802316cf
2017-06-12Add support for Cinder "NAS secure" driver paramsAlan Bishop2-0/+24
Add new parameters that control the NAS security settings in Cinder's NFS and NetApp back end drivers. The settings are disabled by default. Partial-Bug: #1688332 Depends-On: I76e2ce10acf7b671be6a2785829ebb3012b79308 Change-Id: I306a8378dc1685132f7ea3ed91d345eaae70046f
2017-06-12Pacemaker HA suport for OVN DB serversNuman Siddique2-0/+62
This patch adds the templates required to enable the OVN DB servers to be started in master/slave mode in the pacemaker cluster. For the OVN DBs base profile, ::tripleo::haproxy expects the parameter 'ovn_dbs_manage_lb' set to true in order for it to configure OVN DBs for load balancing (please see this commit [1]). So this patch sets 'ovn_dbs_manage_lb' to true. [1] - I9dc366002ef5919339961e5deebbf8aa815c73db Co-authored-by: Babu Shanmugam (babu.shanmugam@gmail.com) Depends-on: I94d3960e6c5406e3af309cc8c787ac0a6c9b1756 Change-Id: I60c55abfc523973aa926d8a12ec77f198d885916 Closes-bug: #1670564
2017-06-12Add support for autofencing to Pacemaker Remote.Chris Jones1-0/+38
We now pass configuration for autofencing to Pacemaker Remote nodes. Change-Id: Ibb9c65a83cc909528024c538cf3bcc96390c555e Depends-On: I87c60bd56feac6dedc00a3c458b805aa9b71d9ce Closes-Bug: #1686115
2017-06-09Fix rpms being installed via DeployArtifactURLsAlex Schultz1-2/+6
The deploy-artifacts.sh script is supposed to support installing rpms when provided by DeployArtifactUrls. The problem is that it uses yum to install which does not actually work unless the filename ends with .rpm. This change updates the script to rename the downloaded file to end with .rpm if it is an rpm so that it is properly installed. Change-Id: I048d2b4474f9efe424e98e3868f325704e9c352f Closes-Bug: #1697102
2017-06-09Merge "Revert "Add support to configure Num of Storage sacks""Jenkins1-9/+1
2017-06-09Remove duplicate docker/puppet services.yamlSteven Hardy1-129/+0
Move to one common services.yaml not only reduces the duplication, but it should improve performance for the docker/services.yaml case, because we were creating two ResourceChains with $many services which we know can be really slow (especially since we seem to be missing concurrent: true on one) Change-Id: I76f188438bfc6449b152c2861d99738e6eb3c61b
2017-06-09Configure credentials for ironic to access cinderDmitry Tantsur1-0/+6
Change-Id: Id896e01e24ecc2bfd7a983a3ff9756fefe4a4525 Depends-On: I097c494d3953b7d26d94aecc546ddef5225d1125
2017-06-09Add templates to configure Ironic inspectorDan Prince1-0/+151
Implements: blueprint ironic-inspector-composable-service Co-Authored-By: Dmitry Tantsur <dtantsur@redhat.com> Change-Id: I825516f9f5c2b0c03a3f497d6954022714aab988
2017-06-09Revert "Add support to configure Num of Storage sacks"Pradeep Kilambi1-9/+1
This reverts commit a915b150018bf306a5942782bf93c5faadcd7cde. The argument is renamed and causing promotions to fail. Change-Id: I7e1674cff75b606c20956edddf70eee2990fca78
2017-06-09Merge "Configure crl file for HAProxy"Jenkins1-0/+6
2017-06-09Merge "Configure CRL URI if TLS in the internal network is enabled"Jenkins1-0/+17
2017-06-09Merge "Role Specific parameter for nova-compute service"Jenkins1-3/+23
2017-06-08Change HorizonSecureCookies default to FalseBen Nemec1-1/+1
HorizonSecureCookies is incompatible with non-ssl deployments, which is our default deployment method. When SSL is in use, it can be turned on in the enable-tls.yaml file. This does mean that existing users won't automatically get this feature turned on as part of their upgrade because enable-tls.yaml is an environment that is intended to be copied and edited, but it's simple to add the parameter to the file for users who want that behavior after they upgrade to a version where it is available. Change-Id: If83d3d8709fc4e0c09569e8bf524721d332bf560 Closes-Bug: 1696861
2017-06-08Merge "Use Deployment actions for blacklist"Jenkins6-29/+121
2017-06-08Merge "Add support to configure Num of Storage sacks"Jenkins1-1/+9
2017-06-08Role Specific parameter for nova-compute serviceSaravanan KR1-3/+23
The parameters NovaVcpuPinSet, NovaReservedHostMemory and NovaPCIPassthrough are modified to support role-specific parameter inputs. Change-Id: I7c11e8fc2c933f424318e457cb1e96acb8df2ec7
2017-06-08Configure crl file for HAProxyJuan Antonio Osorio Robles1-0/+6
This will enable HAProxy to use CRLs for the nodes it's proxying. bp tls-via-certmonger Depends-On: I4f1edc551488aa5bf6033442c4fa1fb0d3f735cd Change-Id: I2558113bf83674ce22d99364b63c0c5be446bf77
2017-06-08Configure CRL URI if TLS in the internal network is enabledJuan Antonio Osorio Robles1-0/+17
This uses by default the URL for the CRL provided by FreeIPA (the default CA in TripleO). bp tls-via-certmonger Depends-On: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04 Change-Id: I87001388f300f3decb3b74bc037fff9d3b3ccdc2
2017-06-08Role Specific parameters for neutron-sriov-agent serviceSanjay Upadhyay1-3/+19
Merge the role specific parmaeter with the default parameter with the higher precendece given to role specific parameters. Use the merged settings for the hiera config settings. Change-Id: I7d12ea7a26ba5c22d7961c59fb63663fc2a6b4cd Signed-off-by: Sanjay Upadhyay <supadhya@redhat.com>
2017-06-07Dell SC: Add exclude_domain_ip optionrajinir1-0/+4
This option allows users to exclude some fault domains. Otherwise all domains are returned. Change-Id: Iefd1a44c8fe217aee5845bba35def571317bb123 Closes-Bug: #1681490 Depends-On: I6eb2bcc7db003a5eebd3924e3e4eb44e35f60483
2017-06-07Fix the disable expirer to remove crontabPradeep Kilambi1-16/+4
Instead of doing this via puppet which has the consequence of including the step_config and getting included on the host manifest. Lets disable via ansible upgrade task instead. Change-Id: I5f1a4019dd635dea67db4313bd06a228ae7bacd4
2017-06-07Add support to configure Num of Storage sacksPradeep Kilambi1-1/+9
Gnocchi 4 supports storage sacks during upgrade. lets make this configurable if we want to use more metricd workers. Change-Id: I27390b8babf8c4ef35f4c9b8a2e5be69fb9a54ee
2017-06-07Use Deployment actions for blacklistJames Slagle6-29/+121
Instead of using the Heat condition directly on the Deployment resources, use it to set the action list to an empty list when the server is blacklisted. This has a couple advantages over the previous approach in that the actual resources are not deleted and recreated when servers are added and removed from the blacklist. Recreating the resources can be problematic, as it would then force the Deployments to re-run when a server is removed from the blacklist. That is likely not always desirable, especially in the case of NetworkDeloyment. Additionally, you will still see the resources for a blacklisted server in the stack, just with an empty set of actions. This has the benefit of preserving the history of the previous time the Deployment was triggered. implements blueprint disable-deployments Change-Id: I3d0263a6319ae4871b1ae11383ae838bd2540d36
2017-06-07Merge "Ability to enable/disable debug mode per OpenStack service"Jenkins20-27/+226
2017-06-07Ability to enable/disable debug mode per OpenStack serviceEmilien Macchi20-27/+226
Add ServiceDebug parameters for each services that will allow operators to enable/disable Debug for specific services. We keep the Debug parameters for backward compatibility. Operators want to enable Debug everywhere: Debug: true Operators want to disable Debug everywhere: Debug: false Operators want to disable Debug everywhere except Glance: GlanceDebug: true Operators want to enable Debug everywhere except Glance: Debug: true GlanceDebug: false New parameters: AodhDebug, BarbicanDebug, CeilometerDebug, CinderDebug, CongressDebug, GlanceDebug, GnocchiDebug, HeatDebug, HorizonDebug, IronicDebug, KeystoneDebug, ManilaDebug, MistralDebug, NeutronDebug, NovaDebug, OctaviaDebug, PankoDebug, SaharaDebug, TackerDebug, ZaqarDebug. Note: for backward compatibility in Horizon, HorizonDebug is set to false, so we maintain previous behavior. Change-Id: Icbf4a38afcdbd8471d1afc11743df9705451db52 Implement-blueprint: composable-debug Closes-Bug: #1634567
2017-06-06Convert puppet and docker steps to ansibleSteven Hardy6-0/+6
Replace the multiple SoftwareDeployment resources with a common playbook that runs on all roles, consuming the configuration data written via the HostPrepAnsible tasks. This hopefully simplifies things, and will enable re-running the deploy steps for minor updates (we'll need some way to detect a container should be replaced, but that will be done via a follow-up patch). Change-Id: I674a4d9d2c77d1f6fbdb0996f6c9321848e32662
2017-06-06Merge "Update metric processing delay default"Jenkins1-1/+1
2017-06-05Merge "Fix the constraints for THT params NeutronDpdkCoreList and HostCpusList"Jenkins1-4/+4
2017-06-05Merge "Remove nova placement config for compute service node on upgrade"Jenkins1-18/+0
2017-06-04Update metric processing delay defaultPradeep Kilambi1-1/+1
This helps with processing the backlog, so lets update the default out of the box. Change-Id: I06d4ca95f4a1da2864f4845ef3e7a74a1bce9e41
2017-06-03Merge "Add support for linuxbridge agent"Jenkins1-0/+83
2017-06-02Merge "Server blacklist support"Jenkins6-1/+116
2017-06-02Merge "Upgrade gnocchi without skip-storage"Jenkins1-1/+1
2017-06-02Merge "Handle upgrading cinder-volume under pacemaker"Jenkins1-0/+15