aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-09-07Use DeployedSSLCertificatePath for public TLS via certmongerJuan Antonio Osorio Robles1-10/+7
As described in the bug report, DeployedSSLCertificatePath is used by the TLS injection script (if you decide to use that). There is an alternative, which is to use FreeIPA to provide the certificate for public TLS (powered by certmonger); however, it doesn't use the same path as what folks expected. This reuses the DeployedSSLCertificatePath parameter and uses that as a path for the resulting PEM file, so its easier to debug. Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d Closes-Bug: #1714932 (cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)
2017-09-06Merge "Add param to configure snat mechanism" into stable/pikeJenkins1-0/+9
2017-09-06Merge "TLS proxy for redis" into stable/pikeJenkins3-2/+70
2017-09-06Add param to configure snat mechanismJanki Chhatbar1-0/+9
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726 Closes-Bug: #1710614 (cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
2017-09-06Merge "Rabbitmq: Enable Erlang distribution TLS" into stable/pikeJenkins1-0/+1
2017-09-06Merge "Add support for Dell EMC Isilon Manila backend" into stable/pikeJenkins1-0/+72
2017-09-06TLS proxy for redisMartin André3-2/+70
Redis does not have TLS out of the box. Let's use a proxy container for TLS termination. bp tls-via-certmonger Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9 Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147 (cherry picked from commit c2a93cf4c5d9d6b5ee0536380751a7a9540927cc)
2017-09-06Merge "Add support for Dell EMC VMAX Manila Backend" into stable/pikeJenkins1-0/+74
2017-09-06Merge "manila: set "neutron_admin_auth_url" correctly" into stable/pikeJenkins1-1/+1
2017-09-06Allow upgrade tasks to run when looping through stepsMarius Cornea1-2/+2
Currently for non controller upgrades we're looping through the upgrade steps and run the upgrade tasks based on when conditionals including the step number and the existing upgrade task condition. Some of tasks fail because the variables used in when conditionals are not available through all steps. This change adds default values to these vars where possible or creates them for all steps to avoid failures. Related-Bug: 1708115 Change-Id: I5c731043cec8e31fc82ca98972a301baa7294c4f (cherry picked from commit e2f00ef1dc98140087c81e202a520f549f9a0970)
2017-09-05Add support for Dell EMC Isilon Manila backendrajinir1-0/+72
This change adds support for manila::backend::dellemc_isilon Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd Implements: blueprint dellemc-isilon-manila (cherry picked from commit f6c9906d51fb3268b7a7d61d53181ab5d3c0d2ec)
2017-09-05Add support for Dell EMC VMAX Manila Backendrajinir1-0/+74
This change adds support for manila::backend::dellemc_vmax Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b Implements: blueprint dellemc-vmax-manila (cherry picked from commit 04daabdc8414e4435dc4cd3ccfea9a62b5631261)
2017-09-05Rabbitmq: Enable Erlang distribution TLSJuan Antonio Osorio Robles1-0/+1
This will be used for the replication traffic as specified in the dependent commit. bp tls-via-certmonger Change-Id: Ia53b9edaa6c6cdd48bcdde64969ae6c16f57ae41 Depends-On: I265c89cb8898a6da78a606664a22c50f5e57a847 (cherry picked from commit 1b4df60ac780a8388f5421c3c1634d172886595f)
2017-09-05manila: set "neutron_admin_auth_url" correctlyTom Barron1-1/+1
It was being set using NeutronAdmin endpoint but it is an authorization url. Set it using KeystoneInternal endpoint. Change-Id: I23f4a895628ac909a1fe1f93cecefa84f25858b1 Closes-Bug: #1712908 (cherry picked from commit 7380183cf590b74f5ad84bb40a8afa08979c235b)
2017-09-04Merge "Configure Zaqar trust notifier" into stable/pikeJenkins1-0/+3
2017-09-04Merge "Use list_concat in place of yaql" into stable/pikeJenkins11-264/+231
2017-09-02Merge "Add support for Dell EMC VMAX ISCSI Backend" into stable/pikeJenkins1-0/+65
2017-09-02Add support for Dell EMC VMAX ISCSI Backendrajinir1-0/+65
This change adds a new define for cinder::backend::dellemc_vmax_iscsi Change-Id: I7c685e0a3186da138964f17b487fb0c3533f58c7 Implements: blueprint dellemc-vmax-isci (cherry picked from commit c77189905525c6fe834e001f2231b9eab788cd01)
2017-09-02Configure Zaqar trust notifierThomas Herve1-0/+3
Change-Id: Id7d5967370a5d3fa0183359349f502f32a0109da (cherry picked from commit e1b1b5654d70c4a38be340070648d0fb7932bcc8)
2017-09-02Use list_concat in place of yaqlThomas Herve11-264/+231
Where applicable, use list_concat instead of yaql to build new lists: it should be more resilient to errors, easier to debug, and less expensive. Change-Id: I6d3dbc7ee8eac50f46023a35af4ec7f2d378fd87 Related-Bug: #1714005 (cherry picked from commit 8008089de24437757d3ba10299bb1041b4aa627a)
2017-09-02NetworkDeploymentActions shall be made role specificKarthik S1-1/+14
In case of an OSP upgrade, some of the roles may require the reconfiguration of network via os-net-config, especially with roles having DPDK nics. In order to facilitate this configuration per role, the THT parameter 'NetworkDeploymentActions' is made role specific. Change-Id: I17a1812cf9e1c60fb893bf36dc99ab3ec5fc7250 (cherry picked from commit 88711c3b800257f6b333157eb3dfc8f4e7003a46)
2017-08-31Move deprecated SchedulerHints logic to overcloud.j2.yamlSteven Hardy1-13/+2
The changes in puppet/role.role.j2.yaml should have been made to overcloud.j2.yaml, because we don't want the hard-coded reference to the deprecated name in the parent template. Note we need to pass this value from the parent template so the %index% substitution works, which is required for predictable placement via *SchedulerHints Partial-Bug: #1711656 Change-Id: Ided1802daac48d737f53caa7093df814ba101dd0 (cherry picked from commit c6207379db07544240b699ba000537b58d9fb68f)
2017-08-31Merge "Add support for Dell EMC VNX Manila Backend" into stable/pikeJenkins1-0/+75
2017-08-31Merge "Add support for Dell EMC Unity Manila Backend" into stable/pikeJenkins1-0/+74
2017-08-31Merge "Change ManageEventPipeline to true" into stable/pikeJenkins1-1/+1
2017-08-30Add support for Dell EMC VNX Manila Backendrajinir1-0/+75
This change adds support for manila::backend::dellemc_vnx Change-Id: I5fa5c2d6956429d1b9c12a5af6d4a887ed0624d9 Implements: blueprint dellemc-vnx-manila (cherry picked from commit a3debcfa8b2cbb3acaba292e082b0a3b0ee8ef54)
2017-08-30Add support for Dell EMC Unity Manila Backendrajinir1-0/+74
This change adds support for manila::backend::dellemc_unity Change-Id: Idec67d190b12359e8e6f1c157577088fa84ef41d Implements: blueprint dellemc-unity-manila (cherry picked from commit c5ee7b7714c712807f33ca1645186d33103a2264)
2017-08-30Change ManageEventPipeline to truePradeep Kilambi1-1/+1
Since the event pipeline publisher defaults in the heat templates are different from what puppet sets. We need to have the Manage to true so override takes effect. Without this we keep defaulting back to puppet defaults. We can flip this back to false once panko:// is droppped as a supported option from the pipeline. Change-Id: I2248c165783dddfb4cb7cf5644884dd8f6e6ed63 (cherry picked from commit 941b5d6797ea54afbc7b822ee045ce1186627e7c)
2017-08-30Use integers for rabbitmq portsJuan Antonio Osorio Robles1-2/+2
They should be integers as specified in the parameter definition of the class. Else it'll fail. Change-Id: I06b6e46c0722516e28e8bff4d481fb4b7a08bd61 Closes-Bug: #1713659 (cherry picked from commit 4bea8cf918463c43c7d5f4e46984ab54271ea3e5)
2017-08-30Merge "Make archive policy configurable" into stable/pikeJenkins1-1/+5
2017-08-29manila: set "host" to "hostgroup"Tom Barron1-0/+3
when running manila-share under control of pacemaker, as is done for cinder-volume service in the same circumstance. Change-Id: Ic97f01913bae2a388c962a38fa175eb1d763cdcb Depends-On: Ie31f2d5ccf458f5fcfe8bec5f2c37f45070cfde2 Closes-Bug: #1712842 (cherry picked from commit 8fa6c6e58c7ac0d32bf2f0dfb586683cf006e3bf)
2017-08-28Make archive policy configurablePradeep Kilambi1-1/+5
Change-Id: I603ce6922130fe32aa1a154df8146ee582bf1a45 (cherry picked from commit b1d7887ce710a98f061100e2878a54c06a5d09e2)
2017-08-25Add panko publisher in the event pipelinePradeep Kilambi1-1/+1
Even though panko is deprecated, we still enable it by default. So lets keep it in pipeline as well until its fully dead. Change-Id: Idac89820a66c59b921551857cccae6dbc38241c3 (cherry picked from commit 3dbd5bfe86c2d6864c5678774fc7f910ab846300)
2017-08-23Configure listen_address for libvirtd when TLS is enabledJuan Antonio Osorio Robles1-0/+2
It wasn't being configured, and the default is to listen on all interfaces. This fixes that. Change-Id: I00da25474fb1544eabdedaf126e67d5a6617f02f Closes-Bug: #1712475
2017-08-23Merge "Accept multiple registries in DockerInsecureRegistryAddress"Jenkins1-5/+5
2017-08-22Merge "Zaqar: Match service name with service-net-map"Jenkins1-2/+2
2017-08-22Zaqar: Match service name with service-net-mapJuan Antonio Osorio Robles1-2/+2
This is required for t-h-t to generate the appropriate hieradata. Change-Id: I9b451eac4427a52ad8eec62ff89acc6c6d3ab799 Closes-Bug: #1712328
2017-08-21Merge "TLS everywhere/haproxy: Remove empty postsave command"Jenkins2-2/+0
2017-08-21Merge "Let mds create manila key and fs"Jenkins6-13/+48
2017-08-19Merge "Extend VNC port range"Jenkins1-1/+1
2017-08-19Merge "Enable TLS for nova-metadata"Jenkins2-1/+52
2017-08-19Merge "Add support for Dell EMC Unity Cinder backend"Jenkins1-0/+85
2017-08-18Let mds create manila key and fsJan Provaznik6-13/+48
ceph-ansible will take care of setting up client keys both in ceph and on client side. It will also create filesystem for manila. To assure that manila manifest can work in future both with puppet and with ceph-ansible, creation of filesystem is moved to ceph-mds manifest and creation of manila key on ceph side is moved to ceph-base (so manila key is always created), manila key is added to ceph-external for external ceph deployments. Key creation is removed from manila.pp in patch I2b5567a39ac8737e80758b705818cc1807dc8bf1 Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68 Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27 Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
2017-08-18TLS everywhere/haproxy: Remove empty postsave commandJuan Antonio Osorio Robles2-2/+0
This is addressed by the patch this depends on. bp tls-via-certmonger Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813 Change-Id: Ibecc461b0c9af02500f590a1f7469d7e4ff20d95
2017-08-18Enable listening on TLS for the internal network for horizonJuan Antonio Osorio Robles1-0/+16
This sets the flag that tells the horizon manifest to use TLS for the configuration. bp tls-via-certmonger Depends-On: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e Change-Id: I13d59e7663538884b34b5a910b741de8721abbb9
2017-08-18Merge "Make cinder-manage db sync run on only one controller during upgrade"Jenkins1-7/+13
2017-08-17Enable TLS for nova-metadataJuan Antonio Osorio Robles2-1/+52
This also tells the neutron metadata agent to use TLS for contacting nova-metadata. bp tls-via-certmonger Depends-On: I97ac2da29be468c75713fe2fae7e6d84cae8f67c Depends-On: I9df395dc699090bd73265d10395e155e9b8adb26 Change-Id: I9a8c54f6e052852b8f9d06a42da87773f4da3a15
2017-08-17Add support for Dell EMC Unity Cinder backendrajinir1-0/+85
This change adds a new define for cinder::backend::dellemc_unity. Change-Id: I7f9dbb707cf9b5c90ec2f31dcff82cd578805b80 Implements: blueprint dellemc-unity-cinder
2017-08-16Merge "Add NeutronOverlayIPVersion parameter to neutron-plugins-ml2 service"Jenkins1-0/+7
2017-08-15Add NeutronOverlayIPVersion parameter to neutron-plugins-ml2 serviceFeng Pan1-0/+7
This patch adds NeutronOverlayIPVersion parameter to congfigure neutron ML2 overlay_ip_version option from T-H-T. puppet-neutron already has support for configuration of this option, we are just exposing it from T-H-T. This parameter needs to be set to '6' when IPv6 vxlan tunnel endpoints are desired. Closes-Bug: #1691213 Change-Id: I056afa25f67a3b6857bdfef14e6d582b0a9e5e93 Signed-off-by: Feng Pan <fpan@redhat.com>