aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2017-06-22Merge "Revert "Blacklist support for ExtraConfig""Jenkins6-96/+0
2017-06-22Merge "Specify file url when deploy-artifacts fails"Jenkins1-1/+1
2017-06-22Merge "Remove add_listen: false from Horizon hieradata"Jenkins1-1/+0
2017-06-22Merge "Deploy ironic-api with WSGI"Jenkins1-2/+29
2017-06-22Revert "Blacklist support for ExtraConfig"Alex Schultz6-96/+0
This reverts commit d6c0979eb3de79b8c3a79ea5798498f0241eb32d. This seems to be causing issues in Heat in upgrades. Change-Id: I379fb2133358ba9c3c989c98a2dd399ad064f706 Related-Bug: #1699463
2017-06-21Merge "Add node's FQDN to mysql certificate request and CA file"Jenkins2-0/+20
2017-06-21Deploy ironic-api with WSGIDmitry Tantsur1-2/+29
Change-Id: Ifa985f29fbd589f58cb2fc75b5f442f7651fb2bf Depends-On: I952c86db88dcd611722a3feaea88f618eee17620
2017-06-21Specify file url when deploy-artifacts failsArie Bregman1-1/+1
Change-Id: Iccd31c798b91c494b20489d52e289d9a250b929c
2017-06-20Add an upgrade task for redis servicePradeep Kilambi1-0/+20
Change-Id: Id7188ee8a4b05f0aa3c76c4da581e8c4f1b85d86
2017-06-20Remove add_listen: false from Horizon hieradataBen Nemec1-1/+0
I'm not sure why this was here, but without a Listen directive in Apache's ports.conf Horizon is inaccessible. Removing this allows Horizon to work again. Change-Id: Ic221e15f188cf50b485e995035cb96f5d5960a72 Closes-Bug: 1696439
2017-06-19Merge "Blacklist support for ExtraConfig"Jenkins6-0/+96
2017-06-19Merge "Update CloudDomain description"Jenkins6-12/+12
2017-06-19Add node's FQDN to mysql certificate request and CA fileJuan Antonio Osorio Robles2-0/+20
This will add the node's FQDN to the mysql certificate request besides the VIP's FQDN which we already use. This is needed for adding TLS to the replication traffic. The CA file was also added as hieradata, since the path will be needed for the TLS configuration. bp tls-via-certmonger Change-Id: I9252303b92a2805ba83f86a85770db2551a014d3
2017-06-17Merge "Remove duplicate docker/puppet services.yaml"Jenkins1-129/+0
2017-06-16Merge "Make fernet max active keys configurable"Jenkins1-0/+5
2017-06-16Merge "Add templates to configure Ironic inspector"Jenkins1-0/+151
2017-06-16Blacklist support for ExtraConfigJames Slagle6-0/+96
Commit I46941e54a476c7cc8645cd1aff391c9c6c5434de added support for blacklisting servers from triggered Heat deployments. This commit adds that functionality to the remaining Deployments in tripleo-heat-templates for the ExtraConfig interfaces. Since we can not (should not) change the interface to ExtraConfig, Heat conditions are used on the actual <role>ExtraConfigPre and NodeExtraConfig resources instead of using the actions approach on Deployments. Change-Id: I38fdb50d1d966a6c3651980c52298317fa3bece4
2017-06-16Merge "Only pass distinct services to enabled_services list"Jenkins1-1/+4
2017-06-16Merge "Pacemaker HA suport for OVN DB servers"Jenkins2-0/+62
2017-06-16Merge "Ignore case for bootstrap node checks"Jenkins1-1/+1
2017-06-16Make fernet max active keys configurableJuan Antonio Osorio Robles1-0/+5
This will set the max_active_keys setting in keystone.conf, and furtherly we'll read this value from tripleo-common to do purging of keys if necessary. bp keystone-fernet-rotation Change-Id: I9c6b0708c2c03ad9918222599f8b6aad397d8089
2017-06-16Only pass distinct services to enabled_services listJuan Antonio Osorio Robles1-1/+4
The list that was passed contained repeated services, which was problematic if we wanted to use this list in puppet. So instead we pass a list with the unique names. Change-Id: Ib5eb0c5b59a9a50344d22c258ca461e8f1e52c86
2017-06-16Merge "Input enabled_services in all-nodes-config as comma_delimited_list"Jenkins1-9/+4
2017-06-15Ignore case for bootstrap node checksAlex Schultz1-1/+1
The bootstrap_nodeid can have capital letters while the hostname may not. In puppet we use downcase for this comparison, so let's follow a similar pattern for scripts from THT. Change-Id: I8a0bec4a6f3ed0b4f2289cbe7023344fb284edf7 Closes-Bug: #16998201
2017-06-15Update CloudDomain descriptionBen Nemec6-12/+12
First, this parameter must match what is configured on the undercloud, so strengthen that language. There is also now an undercloud.conf parameter that can be used to set the requisite options on the undercloud services, so just point users at that rather than trying to explain how to configure the services manually (which is error-prone and doesn't survive undercloud updates). Change-Id: I002cce176e3430473a29e79efde3464bddb24cc7
2017-06-15Merge "Modify PreNetworkConfig config inline with role-specific parameters"Jenkins6-0/+30
2017-06-15Input enabled_services in all-nodes-config as comma_delimited_listJuan Antonio Osorio Robles1-9/+4
The bug that prevented it from being a comma delimited list was fixed. Change-Id: Ia5296140763849bdeac481c812f70a42d907c214
2017-06-14Merge "Update Panko api port"Jenkins1-2/+2
2017-06-14Merge "Role Specific parameters for neutron-sriov-agent service"Jenkins1-3/+19
2017-06-14Merge "Enable heat/puppet to manage the fernet keys and make it configurable"Jenkins1-1/+9
2017-06-14Merge "Use KeystoneFernetKeys instead of individual parameters"Jenkins1-7/+19
2017-06-14Update Panko api portPradeep Kilambi1-2/+2
The current port conflicts with trove. This is updated in puppet module. See related change: https://review.openstack.org/#/c/471551/ Change-Id: Iefacb98320eef0bca782055e3da5d243993828d7
2017-06-14Merge "Dell SC: Add exclude_domain_ip option"Jenkins1-0/+4
2017-06-14Merge "Add fqdn_external"Jenkins6-0/+6
2017-06-14Enable heat/puppet to manage the fernet keys and make it configurableJuan Antonio Osorio Robles1-1/+9
With the addition of the KeystoneFernetKeys parameter, it's now possible to do fernet key rotations using mistral, by modifying the KeystoneFernetKeys variable in mistral; subsequently a rotation could happen when doing a stack update. So this re-enables the managing of the key files by puppet. However, this is left configurable, as folks might want to manage those files out-of-band. bp keystone-fernet-rotation Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
2017-06-14Use KeystoneFernetKeys instead of individual parametersJuan Antonio Osorio Robles1-7/+19
This uses the newly introduced dict with the keys and paths instead of the individual keys. Having the advantage that rotation will be possible on stack update, as we no longer have a limit on how many keys we can pass (as we did with the individual parameters). bp keystone-fernet-rotation Change-Id: I7d224595b731d9f3390fce5a9d002282b2b4b8f2 Depends-On: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
2017-06-14Merge "Add support for Cinder "NAS secure" driver params"Jenkins2-0/+24
2017-06-13Merge "Change HorizonSecureCookies default to False"Jenkins1-1/+1
2017-06-13Merge "Add support to configure Num of Storage sacks"Jenkins1-1/+9
2017-06-13Merge "Configure credentials for ironic to access cinder"Jenkins1-0/+6
2017-06-13Add fqdn_externalAlex Schultz6-0/+6
In newton, we used to construct the fqdn_$NETWORK in puppet-tripleo for external, internal_api, storage, storage_mgmt, tenant, management, and ctrlplane. When this was moved into THT, we accidently dropped external which leads to deployment failures if a service is moved to the external network and the configuration consumes the fqdn_external hiera key. Specifically this is reproduced if the MysqlNetwork is switch to to exernal, then the deployment fails because the bind address which is set to use fqdn_external is blank. Change-Id: I01ad0c14cb3dc38aad7528345c928b86628433c1 Closes-Bug: #1697722
2017-06-13Modify PreNetworkConfig config inline with role-specific parametersSaravanan KR6-0/+30
Existing host_config_and_reboot.role.j2.yaml is done in ocata to configure kernel args. This can be enhanced with use of role-specific parameters, which is done in the current patch. The earlier method is deprecated and will be removed in Q releae. Implements: blueprint ovs-2-6-dpdk Change-Id: Ib864f065527167a49a0f60812d7ad4ad12c836d1
2017-06-12Add support to configure Num of Storage sacksPradeep Kilambi1-1/+9
Gnocchi 4 supports storage sacks during upgrade. lets make this configurable if we want to use more metricd workers. Change-Id: Ibb2ee885e59d43c1ae20887ec1026786d58c6b9e
2017-06-12Merge "Moving *postconfig where it was *postpuppet"Jenkins1-11/+16
2017-06-12Moving *postconfig where it was *postpuppetCarlos Camacho1-11/+16
We need to ensure that the pacemaker cluster restarts in the end of the deployment. Due to the resources renaming we added the postconfig resource not in the end of the deployment as it was *postpuppet. Closes-bug: 1695904 Change-Id: Ic6978fcff591635223b354831cd6cbe0802316cf
2017-06-12Add support for Cinder "NAS secure" driver paramsAlan Bishop2-0/+24
Add new parameters that control the NAS security settings in Cinder's NFS and NetApp back end drivers. The settings are disabled by default. Partial-Bug: #1688332 Depends-On: I76e2ce10acf7b671be6a2785829ebb3012b79308 Change-Id: I306a8378dc1685132f7ea3ed91d345eaae70046f
2017-06-12Pacemaker HA suport for OVN DB serversNuman Siddique2-0/+62
This patch adds the templates required to enable the OVN DB servers to be started in master/slave mode in the pacemaker cluster. For the OVN DBs base profile, ::tripleo::haproxy expects the parameter 'ovn_dbs_manage_lb' set to true in order for it to configure OVN DBs for load balancing (please see this commit [1]). So this patch sets 'ovn_dbs_manage_lb' to true. [1] - I9dc366002ef5919339961e5deebbf8aa815c73db Co-authored-by: Babu Shanmugam (babu.shanmugam@gmail.com) Depends-on: I94d3960e6c5406e3af309cc8c787ac0a6c9b1756 Change-Id: I60c55abfc523973aa926d8a12ec77f198d885916 Closes-bug: #1670564
2017-06-12Add support for autofencing to Pacemaker Remote.Chris Jones1-0/+38
We now pass configuration for autofencing to Pacemaker Remote nodes. Change-Id: Ibb9c65a83cc909528024c538cf3bcc96390c555e Depends-On: I87c60bd56feac6dedc00a3c458b805aa9b71d9ce Closes-Bug: #1686115
2017-06-09Merge "Revert "Add support to configure Num of Storage sacks""Jenkins1-9/+1
2017-06-09Remove duplicate docker/puppet services.yamlSteven Hardy1-129/+0
Move to one common services.yaml not only reduces the duplication, but it should improve performance for the docker/services.yaml case, because we were creating two ResourceChains with $many services which we know can be really slow (especially since we seem to be missing concurrent: true on one) Change-Id: I76f188438bfc6449b152c2861d99738e6eb3c61b