Age | Commit message (Collapse) | Author | Files | Lines |
|
As described in the bug report, DeployedSSLCertificatePath is used by
the TLS injection script (if you decide to use that).
There is an alternative, which is to use FreeIPA to provide the
certificate for public TLS (powered by certmonger); however, it doesn't
use the same path as what folks expected. This reuses the
DeployedSSLCertificatePath parameter and uses that as a path for the
resulting PEM file, so its easier to debug.
Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d
Closes-Bug: #1714932
(cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)
|
|
|
|
|
|
Add a parameter to configure SNAT mechanism in OpenDayLight defaulting
to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK
Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726
Closes-Bug: #1710614
(cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)
|
|
|
|
|
|
Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.
bp tls-via-certmonger
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9
Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b
Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit c2a93cf4c5d9d6b5ee0536380751a7a9540927cc)
|
|
|
|
|
|
Currently for non controller upgrades we're looping through the
upgrade steps and run the upgrade tasks based on when conditionals
including the step number and the existing upgrade task condition.
Some of tasks fail because the variables used in when conditionals
are not available through all steps. This change adds default values
to these vars where possible or creates them for all steps to avoid
failures.
Related-Bug: 1708115
Change-Id: I5c731043cec8e31fc82ca98972a301baa7294c4f
(cherry picked from commit e2f00ef1dc98140087c81e202a520f549f9a0970)
|
|
This change adds support for manila::backend::dellemc_isilon
Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd
Implements: blueprint dellemc-isilon-manila
(cherry picked from commit f6c9906d51fb3268b7a7d61d53181ab5d3c0d2ec)
|
|
This change adds support for manila::backend::dellemc_vmax
Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b
Implements: blueprint dellemc-vmax-manila
(cherry picked from commit 04daabdc8414e4435dc4cd3ccfea9a62b5631261)
|
|
This will be used for the replication traffic as specified in the
dependent commit.
bp tls-via-certmonger
Change-Id: Ia53b9edaa6c6cdd48bcdde64969ae6c16f57ae41
Depends-On: I265c89cb8898a6da78a606664a22c50f5e57a847
(cherry picked from commit 1b4df60ac780a8388f5421c3c1634d172886595f)
|
|
It was being set using NeutronAdmin endpoint but it is an
authorization url. Set it using KeystoneInternal endpoint.
Change-Id: I23f4a895628ac909a1fe1f93cecefa84f25858b1
Closes-Bug: #1712908
(cherry picked from commit 7380183cf590b74f5ad84bb40a8afa08979c235b)
|
|
|
|
|
|
|
|
This change adds a new define for cinder::backend::dellemc_vmax_iscsi
Change-Id: I7c685e0a3186da138964f17b487fb0c3533f58c7
Implements: blueprint dellemc-vmax-isci
(cherry picked from commit c77189905525c6fe834e001f2231b9eab788cd01)
|
|
Change-Id: Id7d5967370a5d3fa0183359349f502f32a0109da
(cherry picked from commit e1b1b5654d70c4a38be340070648d0fb7932bcc8)
|
|
Where applicable, use list_concat instead of yaql to build new lists: it
should be more resilient to errors, easier to debug, and less expensive.
Change-Id: I6d3dbc7ee8eac50f46023a35af4ec7f2d378fd87
Related-Bug: #1714005
(cherry picked from commit 8008089de24437757d3ba10299bb1041b4aa627a)
|
|
In case of an OSP upgrade, some of the roles may require
the reconfiguration of network via os-net-config, especially
with roles having DPDK nics. In order to facilitate this
configuration per role, the THT parameter
'NetworkDeploymentActions' is made role specific.
Change-Id: I17a1812cf9e1c60fb893bf36dc99ab3ec5fc7250
(cherry picked from commit 88711c3b800257f6b333157eb3dfc8f4e7003a46)
|
|
The changes in puppet/role.role.j2.yaml should have been made
to overcloud.j2.yaml, because we don't want the hard-coded reference
to the deprecated name in the parent template. Note we need to
pass this value from the parent template so the %index% substitution
works, which is required for predictable placement via *SchedulerHints
Partial-Bug: #1711656
Change-Id: Ided1802daac48d737f53caa7093df814ba101dd0
(cherry picked from commit c6207379db07544240b699ba000537b58d9fb68f)
|
|
|
|
|
|
|
|
This change adds support for manila::backend::dellemc_vnx
Change-Id: I5fa5c2d6956429d1b9c12a5af6d4a887ed0624d9
Implements: blueprint dellemc-vnx-manila
(cherry picked from commit a3debcfa8b2cbb3acaba292e082b0a3b0ee8ef54)
|
|
This change adds support for manila::backend::dellemc_unity
Change-Id: Idec67d190b12359e8e6f1c157577088fa84ef41d
Implements: blueprint dellemc-unity-manila
(cherry picked from commit c5ee7b7714c712807f33ca1645186d33103a2264)
|
|
Since the event pipeline publisher defaults in the heat templates are
different from what puppet sets. We need to have the Manage to true so
override takes effect. Without this we keep defaulting back to puppet
defaults. We can flip this back to false once panko:// is droppped as
a supported option from the pipeline.
Change-Id: I2248c165783dddfb4cb7cf5644884dd8f6e6ed63
(cherry picked from commit 941b5d6797ea54afbc7b822ee045ce1186627e7c)
|
|
They should be integers as specified in the parameter definition
of the class. Else it'll fail.
Change-Id: I06b6e46c0722516e28e8bff4d481fb4b7a08bd61
Closes-Bug: #1713659
(cherry picked from commit 4bea8cf918463c43c7d5f4e46984ab54271ea3e5)
|
|
|
|
when running manila-share under control of pacemaker, as
is done for cinder-volume service in the same circumstance.
Change-Id: Ic97f01913bae2a388c962a38fa175eb1d763cdcb
Depends-On: Ie31f2d5ccf458f5fcfe8bec5f2c37f45070cfde2
Closes-Bug: #1712842
(cherry picked from commit 8fa6c6e58c7ac0d32bf2f0dfb586683cf006e3bf)
|
|
Change-Id: I603ce6922130fe32aa1a154df8146ee582bf1a45
(cherry picked from commit b1d7887ce710a98f061100e2878a54c06a5d09e2)
|
|
Even though panko is deprecated, we still enable it by default.
So lets keep it in pipeline as well until its fully dead.
Change-Id: Idac89820a66c59b921551857cccae6dbc38241c3
(cherry picked from commit 3dbd5bfe86c2d6864c5678774fc7f910ab846300)
|
|
It wasn't being configured, and the default is to listen on all
interfaces. This fixes that.
Change-Id: I00da25474fb1544eabdedaf126e67d5a6617f02f
Closes-Bug: #1712475
|
|
|
|
|
|
This is required for t-h-t to generate the appropriate hieradata.
Change-Id: I9b451eac4427a52ad8eec62ff89acc6c6d3ab799
Closes-Bug: #1712328
|
|
|
|
|
|
|
|
|
|
|
|
ceph-ansible will take care of setting up client keys both
in ceph and on client side. It will also create filesystem
for manila. To assure that manila manifest can work in future
both with puppet and with ceph-ansible, creation of filesystem
is moved to ceph-mds manifest and creation of manila key on ceph
side is moved to ceph-base (so manila key is always created),
manila key is added to ceph-external for external ceph deployments.
Key creation is removed from manila.pp in patch
I2b5567a39ac8737e80758b705818cc1807dc8bf1
Change-Id: I6308a317ffe0af244396aba5197c85e273e69f68
Related-To: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
Depends-On: I3f18bbe476c4f43fa4e162cc66c5df443122cd0c
|
|
This is addressed by the patch this depends on.
bp tls-via-certmonger
Depends-On: I62ff89362cfcc80e6e62fad09110918c36802813
Change-Id: Ibecc461b0c9af02500f590a1f7469d7e4ff20d95
|
|
This sets the flag that tells the horizon manifest to use TLS for the
configuration.
bp tls-via-certmonger
Depends-On: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e
Change-Id: I13d59e7663538884b34b5a910b741de8721abbb9
|
|
|
|
This also tells the neutron metadata agent to use TLS for contacting
nova-metadata.
bp tls-via-certmonger
Depends-On: I97ac2da29be468c75713fe2fae7e6d84cae8f67c
Depends-On: I9df395dc699090bd73265d10395e155e9b8adb26
Change-Id: I9a8c54f6e052852b8f9d06a42da87773f4da3a15
|
|
This change adds a new define for cinder::backend::dellemc_unity.
Change-Id: I7f9dbb707cf9b5c90ec2f31dcff82cd578805b80
Implements: blueprint dellemc-unity-cinder
|
|
|
|
This patch adds NeutronOverlayIPVersion parameter to congfigure
neutron ML2 overlay_ip_version option from T-H-T. puppet-neutron
already has support for configuration of this option, we are just
exposing it from T-H-T. This parameter needs to be set to '6' when
IPv6 vxlan tunnel endpoints are desired.
Closes-Bug: #1691213
Change-Id: I056afa25f67a3b6857bdfef14e6d582b0a9e5e93
Signed-off-by: Feng Pan <fpan@redhat.com>
|