summaryrefslogtreecommitdiffstats
path: root/roles_data.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-04-06Merge "Fixing acronym for BGPVPN composable service"Jenkins1-1/+1
2017-04-06Merge "Adds service for managing securetty"Jenkins1-0/+5
2017-04-06Merge "Disable ceilometer API"Jenkins1-1/+0
2017-04-06Adds service for managing securettylhinds1-0/+5
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7 Partial-Bug: #1665042 Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
2017-04-05Fixing acronym for BGPVPN composable serviceRicardo Noriega1-1/+1
Change-Id: I397a6ad430cef5ddb4eee48347ad4c89144ad01e Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-04-03Disable ceilometer APIPradeep Kilambi1-1/+0
Ceilometer API has been deprecated since Ocata. lets disable it by default and add an env file to enable it if needed. Closes-bug: #1676968 Change-Id: I571f5467466c29271e0235e8fde6bdae07c20daf
2017-03-30Add l2gw neutron service plugin supportPeng Liu1-0/+1
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging two or more networks together to make them look at a single broadcast domain. This patch implements the l2gw neutron service plugin support part in t-h-t. Change-Id: I1b52dc2c11a15698e43b6deeac6cadeeba1802d5 Depends-On: I01a8afdc51b2a077be1bbc7855892f68756e1fd3 Partially-Implements: blueprint l2gw-service-integration Signed-off-by: Peng Liu <pliu@redhat.com>
2017-03-13Add certmonger-user profileJuan Antonio Osorio Robles1-0/+5
This profile will request the certificates for the services on the node. So with this, we will remove the requesting of these certs on the services' profiles themselves. The reasoning for this is that for a containerized environment, the containers won't have credentials to the CA while the baremetal node does. So, with this, we will have this profile that still gets executed in the baremetal nodes, and we can subsequently pass the requested certificates by bind-mounting them on the containers. On the other hand, this approach still works well for the TLS-everywhere case when the services are running on baremetal. Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6 Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
2017-03-10Add BGPVPN composable serviceRicardo Noriega1-0/+1
This project aims at supporting inter-connection between L3VPNs and Neutron resources, i.e. Networks, Routers and Ports. Partially-Implements: blueprint bgpvpn-service-integration Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876 Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442 Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-03-06Enable composable upgrades for docker service templatesSteven Hardy1-0/+1
This aligns the docker based services with the new composable upgrades architecture we landed for ocata, and does a first-pass adding upgrade_tasks for the services (these may change, atm we only disable the service on the host). To run the upgrade workflow you basically do two steps: openstack overcloud deploy --templates \ -e environments/major-upgrade-composable-steps-docker.yaml This will run the ansible upgrade steps we define via upgrade_tasks then run the normal docker PostDeploySteps to bring up the containers. For the puppet workflow there's then an operator driven step where compute nodes (and potentially storage nodes) are upgrades in batches and finally you do: openstack overcloud deploy --templates \ -e environments/major-upgrade-converge-docker.yaml In the puppet case this re-applies puppet to unpin the nova RPC API so I guess it'll restart the nova containers this affects but otherwise will be a no-op (we also disable the ansible steps at this point. Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1 Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
2017-02-28Configure SSL connection for MySQL client via client config fileJuan Antonio Osorio Robles1-1/+4
This uses the mysql client configuration file to configure if SSL should be used for the connection if SSL in the internal network is enabled. Change-Id: Ifd1a06e0749a05a65f6314255843f572d2209067
2017-02-26Add VPP composable serviceFeng Pan1-0/+3
Vector Packet Processing (VPP) is a high performance packet processing stack that runs in user space in Linux. VPP is used as an alternative to kernel networking stack for accelerated network data path. This patch adds VPP as a composable service. Note that NIC binding related configs for VPP are handled in os-net-config. Depends-on: I70a68a204a8b9d533fc2fa4fc33c39c3b1c366bf Change-Id: I5e4b1903dc87cb16259eeb05db585678acadbc6b Implements: blueprint fdio-integration-tripleo
2017-02-22Re-add the disable_upgrade_deployment note in roles_data.yamlmarios1-0/+4
This was accidentally removed in If581f301a5493ef33ac1386bdc22f9fca4f2544e looks like Change-Id: I0e2c4fe664daca5c50921673db067701195c501f
2017-02-17Make the DB URIs host-independent for all servicesMichele Baldessari1-0/+1
When fixing LP#1643487 we added ?bind_address to all DB URIs. Since this clashes with Cellsv2 due to the URIs becoming host dependent, we need a new approach to pass bind_address to pymysql that leaves the DB URIs host-independent. In change Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18 we first create a /etc/my.cnf.d/tripleo.cnf file with a [tripleo] section with the correct bind-address option. In this change we make sure that the DB URIs will point to the added file and to the specific section containing the necessary bind-address option. We do introduce a new MySQLClient profile which will hold all this more client-specific configuration so that this change can fit better in the composable roles work. Also, in the future it might contain the necessary configuration for SSL for example. Note that in case the /etc/my.cnf.d/tripleo.cnf file does not exist (because it is created via the mysqlclient profile), things keep on working as usual and the bind-address option simply won't be set, which has no impact on hosts where there are no VIPs. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: Ieac33efe38f32e949fd89545eb1cd8e0fe114a12 Related-Bug: #1643487 Closes-Bug: #1663181 Closes-Bug: #1664524 Depends-On: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
2017-02-12Merge "adding Congress Support"Jenkins1-0/+1
2017-02-10adding Congress SupportDan Radez1-0/+1
Depends-On: Ic74ccd5fa7b3b04ca810416e5160463252f17474 Implements: blueprint congress-service-integration Change-Id: Ie60540c340c0eb71ff376aba65507a8bb3e909b6 Signed-off-by: Dan Radez <dradez@redhat.com>
2017-02-10Delivers upgrade scripts where upgrade steps are disabledmarios1-1/+0
This delivers a /root/tripleo_upgrade_node.sh to those nodes that have the disable_upgrade_deployment flag set to true. They will later be upgraded manually by the operator who will invoke the script delivered here using upgrade-non-controller.sh We can also deliver any service specific upgrade configuration, such as configuring nova-compute to use the placement API as this is required in order for placement to be configured and installed during the subsequent upgrade steps for controller services. This removes the compute and swift specific upgrade scripts as they are now merged into the common tripleo_upgrade_node.sh - removing any hard coded reference to a particular role name (compute/objectstorage) and only relying on the disable_upgrade_deployment is roles_data.yaml Change-Id: I4531a4038b78087ef4a1a62c35f1328822427817 Co-Authored-By: Mathieu Bultel <mbultel@redhat.com>
2017-02-09Adding Tacker SupportDan Radez1-0/+1
Depends-On: Ide0e60f3b7a3733788af4337c1c39b4a956c876f Depends-On: I3d6bbc05644e840395f87333ec80e3b844f69903 Depends-On: Idf6abcb7fe766546cb362ad4afe54f4bccd9c994 Implements: blueprint tacker-service-integration Change-Id: Ibddc81561f6e6ba671bd01a9251c57d3ad67ba8c Signed-off-by: Dan Radez <dradez@redhat.com>
2017-02-08Merge "implement a collectd composable service"Jenkins1-0/+5
2017-02-07implement a collectd composable serviceLars Kellogg-Stedman1-0/+5
The collectd composable service permits an operator to configure collectd metrics collection as part of the overcloud install. Depends-on: I03cfbd96778a76125d18e2ca2f48d96e292608de Change-Id: I143565329f5128f15cc39c9b62a6b242666383ab
2017-02-03Add registry and role service list entries for OctaviaBrent Eagles1-0/+4
This patch adds the Octavia services to the registry and controller role (disabled by default). Also included is an example environment file for enabling the services and required configuration. The API service profile is also amended configure the load balancer service provider in neutron to point to the octavia load balancer driver. Change-Id: I7f3bba950f5b1574ba842a39e93a8ac2b1ccf7bb Partially-implements: blueprint octavia-service-integration
2017-01-27Add AuditD composable serviceSteven Hardy1-0/+5
This patch allows the management of the AuditD service and its associated files (such as `audit.rules`) This is achieved by means of the `puppet-auditd` puppet module. Also places ssh banner capabilities map on top of patch Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
2017-01-27Merge "Adds SSH Banner text into sshd_config"Jenkins1-0/+5
2017-01-26Merge "Add Ceph RBD mirror Pacemaker profile"Jenkins1-0/+1
2017-01-26Add Ceph RBD mirror Pacemaker profileGiulio Fidente1-0/+1
This change adds a profile to deploy the Ceph RBD mirroring daemon as a Pacemaker resource. Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948 Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789 Closes-Bug: #1652177
2017-01-26Adds SSH Banner text into sshd_configLuke Hinds1-0/+5
Allow use of ooo template to populate banner text into /etc/issue Change-Id: If5b2da9415f10652a0a64503b2da4b63d1018640 Depends-On: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e Closes-Bug: #1640306
2017-01-25Add support for batched upgrades to composable upgradesSteven Hardy1-2/+3
Some services (e.g ceph mon) require upgrading in batches (the old upgrade architecture did the ceph mon upgrade one controller at a time). This interface enables doing the same, and over time we can probably move more services into this interface (e.g when services support rolling upgrades) to reduce downtime. Change-Id: If581f301a5493ef33ac1386bdc22f9fca4f2544e Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-25Merge "Add ec2-api service"Jenkins1-0/+1
2017-01-24Merge "Add disable_upgrade_deployment flag to roles_data.yaml"Jenkins1-0/+6
2017-01-24Add ec2-api serviceSven Anderson1-0/+1
This change adds the ec2api service using the tripleo::profile::base::nova::ec2api profile. The deprecated nova-cert service is not supported, and therefore the RegisterImage action is not supported either. Change-Id: I2510fd4ed935d8423216fff9ce3adf2d69c9c804 Depends-On: If4b091e1ca02f43aa9c65392baf8ceea007b7cfb
2017-01-23Merge "Add THT for fossw ML2 plugin in networking-fujitsu"Jenkins1-0/+1
2017-01-20Add disable_upgrade_deployment flag to roles_data.yamlmarios1-0/+6
As part of the composable upgrades current plan is to disable the composable upgrades steps running on a particular role (e.g. all compute nodes) in favor of a later operator driven upgrades process as has previously been the case This adds the disable_upgrade_deployment flag to roles_data as a first step. Thanks to shardy for his help with this. Change-Id: Ice845742a043b34917e61f662885786c73e955fd
2017-01-19Add THT for fossw ML2 plugin in networking-fujitsuKoki Sanagi1-0/+1
Introduce THT for fossw ML2 plugin in networking-fujitsu. networking-fujitsu is a neutron ML2 plugin which enables several FUJITSU switch products in OpenStack environment. This templates deploy overcloud with FOS switch. Change-Id: I977dbecbf9f6f9725f7fb5ca4745b537a73975ff Implements: blueprint integration-fossw-networking-fujitsu Depends-On: I044c5812bbc5cd3de4bc33556cffbe5bad8e64cf Depends-On: I79df6b6a27d95f0c0e2c87207ab80235a4efccfc
2017-01-19Adds etcd composable serviceFeng Pan1-0/+1
etcd is used by networking-vpp ML2 driver as the messaging mechanism. This patch adds etcd service which can be used by other services. Implements: blueprint fdio-integration-tripleo Depends-on: Idaa3e3deddf9be3d278e90b569466c2717e2d517 Change-Id: I8ae1e2c9b0c3d6f448e1da712100938d011289f5 Signed-off-by: Feng Pan <fpan@redhat.com>
2017-01-18Merge "Remove Glance Registry service"Jenkins1-1/+0
2017-01-17Merge "Nova Placement API composable service"Jenkins1-0/+1
2017-01-17Nova Placement API composable serviceEmilien Macchi1-0/+1
Add support to deploy Nova Placement API service in TripleO. Change-Id: Ie41ebc362a0695c8f55419e231100c63007405ed
2017-01-16Remove Glance Registry serviceEmilien Macchi1-1/+0
Glance registry is not required for the v2 of the API and there are plans to deprecate it in the glance community. Let's remove v1 support since it has been deprecated for a while in Glance. Depends-On: I77db1e1789fba0fb8ac014d6d1f8f5a8ae98ae84 Co-Authored: Flavio Percoco <flaper87@gmail.com> Change-Id: I0cd722e8c5a43fd19336e23a7fada71c257a8e2d
2017-01-13HPELeftHandISCSIDriver support for Cinderchinthagovardhan1-0/+1
Cinder configuration with HPELeftHandISCSIDriver for VSA storage Change-Id: Iaefbf38522069f6c636130e357f19a7fb7d54fe4
2017-01-13Merge "Add THT for networking-fujitsu"Jenkins1-0/+1
2017-01-11Merge "Remove unused pacemaker profiles"Jenkins1-1/+0
2017-01-10Add support for the deployment of Ceph MDSGiulio Fidente1-0/+1
This change adds a CephMds service, disabled by default, on the Controller role and an environment file to enable it. Change-Id: If7cb46319038a80ed52f753a623989885e1b7da4 Depends-On: Iaecc3ff7acb851776c5057c42a5a513a70425d2c Partial-Bug: #1644784
2017-01-10Add THT for networking-fujitsuKoki Sanagi1-0/+1
Introduce THT for networking-fujitsu. networking-fujitsu is a neutron ML2 plugin which enables FUJITSU C-Fabric switch in OpenStack environment. This templates deploy overcloud with C-Fabric switch. Change-Id: Iee75a1a30552d8dc9f55f52d10b0dc2b623992ef Implements: blueprint integration-networking-fujitsu Depends-On: I37a502b43eb7d91bfe20625248ed117eae3ca535 Depends-On: I5eb2c2a9c50b5991d62f4b6d74b83351c86b02de
2017-01-06Template and role support for the undercloudDan Prince1-1/+1
Add a new roles data YAML file and environment to help create the undercloud via t-h-t. Partially-implements: blueprint heat-undercloud Change-Id: I36df7fa86c2ff40026d59f02248af529a4a81861
2017-01-06Remove unused pacemaker profilesMichele Baldessari1-1/+0
With change I80c8559bb2d915385bcc20ae71fe144ddd6591c1 we removed all the unused puppet-tripleo pacemaker profiles. With this change we remove the corresponding puppet profiles from tripleo-heat-templates. We can also remove any trace of the fake ::Core service as it was introduced via Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8 for the fake openstack-core pacemaker resource during the Mitaka cycle and became unused in Newton. Change-Id: I48cd2b6a4593d673d5883b45feae088392e7e713
2017-01-04Add custom roles data for deployed-serverJames Slagle1-0/+3
Adds a custom roles data file for use when using the deployed-server templates. The file takes care of setting disable_constraints: True, so that deployers don't have to do things like create fake images in glance. Also adds a comment to roles_data.yaml documenting disable_constraints. Partially-implements: blueprint split-stack-software-configuration Change-Id: I7c26c0c2851e0d6bcea42d7af7f4295a1944ec9f
2016-12-19Split OVN northd and ml2 pluginSteven Hardy1-0/+1
This allows us to take advantage of the composable roles hiera settings to connect the plugin to the northd/ovndb API without needing to hard-code the IP of the node running the service. Change-Id: I2508d48f81c1819ae3521fff271c0bdc50724604 Depends-On: I9af7bd837c340c3df016fc7ad4238b2941ba7a95 Closes-Bug: #1634171
2016-12-02Add zaqar to the controller's list of services in roles_data.yamlJuan Antonio Osorio Robles1-0/+1
Change-Id: Iecafa7878fec20c707e94bdaca55f1489f3e338a
2016-11-27Stop using puppet to configure VIPs in /etc/hostsDan Prince1-5/+0
This patch drops use of the vip-hosts.yaml service which can cause issues during deployment because puppet 'hosts' resources overwrite the data in /etc/hosts. The only reason things seem to work at all at the moment is because our hosts element in t-i-e runs on each os-refresh-config iteration and re-adds the dropped hosts entries. To work around the issue we add a conditional which selectively adds the extra hosts entries only if the AddVipsToEtcHosts is set to true. Closes-bug: 1645123 Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
2016-11-24Merge "Add panko api support to service templates"Jenkins1-0/+1