| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Currently there's some hard-coded references to roles here, rendering
from the roles_data.yaml is a step towards making the use of isolated
networks for custom roles easier.
Partial-Bug: #1633090
Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab
Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db
|
|
This configures iscsid so that it runs as a container on
relevant roles (undercloud, controller, compute, and volume).
When the iscsid docker service is provision it will also run
an ansible snippet that disables the iscsid.socket on the host
OS thus disabling the hosts systemd from auto-starting iscsid
as it normally does.
Co-Authored-By: Jon Bernard <jobernar@redhat.com>
Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
|
|
As we create new standard roles, we should include them from a single
location for ease of use and to reduce the duplication of the role
definitions elsewhere. This change adds a roles folder to the THT that
can be used with the new roles commands in python-tripleoclient by the
end user to generate a roles_data.yaml from a standard set of roles.
Depends-On: I326bae5bdee088e03aa89128d253612ef89e5c0c
Change-Id: Iad3e9b215c6f21ba761c8360bb7ed531e34520e6
Related-Blueprint: example-custom-role-environments
|
|
Currently TripleO does not support LinuxBridge driver, setting
NeutronMechanismDrivers to linuxbridge will not force ml2 plugin
to use linuxbridge.
This commit adds new environment file which replaces default ovs
agent with linuxbridge on Compute and Controller nodes.
Change-Id: I433b60a551c1eeb9d956df4d0ffb6eeffe980071
Closes-Bug: #1652211
Depends-On: Iae87dc7811bc28fe86db0c422c363eaed5e5285b
Depends-On: Ie3ac03052f341c26735b423701e1decf7233d935
|
|
Even though this service was disabled by default in Pike[1], we still
want the entry in roles_data since it will actually disable the service
on upgrade.
A comment was added so we remember to remove it in Queens.
[1] Icffb7d1bb2cf7bd61026be7d2dcfbd70cd3bcbda
Change-Id: I2012d7494207bf3239f589bf80b8048abf72428f
|
|
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging
two or more networks together to make them look at a single broadcast
domain. This patch implements the l2gw agent which is one of the backend
of the l2 gateway service plugin.
Change-Id: I1ae8132ceff9410be7bd82caddf0d14251e720bf
Depends-On: If1501c153b1b170b9550cb7e5a23be463fba1fe9
Partially-Implements: blueprint l2gw-service-integration
Signed-off-by: Peng Liu <pliu@redhat.com>
|
|
We dont need expirer unless we have collector and standard
storage enabled. Lets turn it off by default and make it
an optional service. In upgrade scenario, we will kill the
process and stop the expirer, unless explicitly enabled.
Change-Id: Icffb7d1bb2cf7bd61026be7d2dcfbd70cd3bcbda
|
|
|
|
Ceilometer collector is deprecated in Pike release.
Do not deploy by default. Instead use the pipeline
yaml to configure the publisher directly.
Closes-bug: #1676961
Change-Id: Ic71360c6307086d5393cd37d38ab921de186a2e0
|
|
Users may have an external swift proxy already available (i.e. radosgw
from already existing ceph, or hardware appliance implementing swift
proxy). With this change user may specify an environment file that
registers the specified urls as endpoint for the object-store service.
The internal swift proxy is left as unconfigured.
Change-Id: I5e6f0a50f26d4296565f0433f720bfb40c5d2109
Depends-On: Ia568c3a5723d8bd8c2c37dbba094fc8a83b9d67e
|
|
|
|
Prior to Ocata, the Controller role was hardcoded for various lookups.
When we switched to having the primary role name being dynamically
pulled from the roles_data.yaml using the first role as the primary
role as part of I36df7fa86c2ff40026d59f02248af529a4a81861, it
introduced a regression for folks who had previously been using
a custom roles file without the Controller being listed first.
Instead of relying on the position of the role in the roles data, this
change adds the concepts of tags to the role data that can be used when
looking for specific functionality within the deployment process. If
no roles are specified with this the tags indicating a 'primary'
'controller', it will fall back to using the first role listed in the
roles data as the primary role.
Change-Id: Id3377e7d7dcc88ba9a61ca9ef1fb669949714f65
Closes-Bug: #1677374
|
|
Add services for Dell EMC Cinder back ends to the resource registry
and to the Controller role (defaulting to OS::Heat::None).
Closes-Bug: #1681497
Change-Id: I694fd7738abd3601851bdcd38e3633607ce6152c
|
|
Implements: blueprint fdio-integration-tripleo
Change-Id: I412f7a887ca4b95bcf1314e8c54cb1e7d03b1e41
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
Convert NetApp Cinder back end to support composable roles via new
"CinderBackendNetApp" service.
Closes-Bug: #1680568
Change-Id: Ia3a78a48c32997c9d3cbe1629c2043cfc5249e1c
|
|
|
|
This will add the Docker service to all roles. Note that currently by
default the Docker service is mapped to OS::Heat::None by default. It
will only be deployed if environments/docker.yaml file is included in
the deployment.
Change-Id: I9d8348b7b6576b94c872781bc89fecb42075cde0
Related-Bug: #1680395
|
|
|
|
|
|
|
|
This adds the ability to manage the securetty file.
By allowing management of securetty, operators can limit root
console access and improve security through hardening.
Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7
Partial-Bug: #1665042
Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1c
|
|
Change-Id: I397a6ad430cef5ddb4eee48347ad4c89144ad01e
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|
|
Ceilometer API has been deprecated since Ocata. lets disable
it by default and add an env file to enable it if needed.
Closes-bug: #1676968
Change-Id: I571f5467466c29271e0235e8fde6bdae07c20daf
|
|
L2 Gateway (L2GW) is an API framework for OpenStack that offers bridging
two or more networks together to make them look at a single broadcast
domain. This patch implements the l2gw neutron service plugin support part
in t-h-t.
Change-Id: I1b52dc2c11a15698e43b6deeac6cadeeba1802d5
Depends-On: I01a8afdc51b2a077be1bbc7855892f68756e1fd3
Partially-Implements: blueprint l2gw-service-integration
Signed-off-by: Peng Liu <pliu@redhat.com>
|
|
This profile will request the certificates for the services on the node.
So with this, we will remove the requesting of these certs on the
services' profiles themselves.
The reasoning for this is that for a containerized environment, the
containers won't have credentials to the CA while the baremetal node
does. So, with this, we will have this profile that still gets executed
in the baremetal nodes, and we can subsequently pass the requested
certificates by bind-mounting them on the containers. On the other hand,
this approach still works well for the TLS-everywhere case when the
services are running on baremetal.
Change-Id: Ibf58dfd7d783090e927de6629e487f968f7e05b6
Depends-On: I4d2e62b5c1b893551f9478cf5f69173c334ac81f
|
|
This project aims at supporting inter-connection between L3VPNs
and Neutron resources, i.e. Networks, Routers and Ports.
Partially-Implements: blueprint bgpvpn-service-integration
Depends-On:I7c1686693a29cc1985f009bd7a3c268c0e211876
Change-Id: I576c9ac2b443dbb6886824b3da457dcc4f87b442
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|
|
This aligns the docker based services with the new composable upgrades
architecture we landed for ocata, and does a first-pass adding upgrade_tasks
for the services (these may change, atm we only disable the service on
the host).
To run the upgrade workflow you basically do two steps:
openstack overcloud deploy --templates \
-e environments/major-upgrade-composable-steps-docker.yaml
This will run the ansible upgrade steps we define via upgrade_tasks
then run the normal docker PostDeploySteps to bring up the containers.
For the puppet workflow there's then an operator driven step where
compute nodes (and potentially storage nodes) are upgrades in batches
and finally you do:
openstack overcloud deploy --templates \
-e environments/major-upgrade-converge-docker.yaml
In the puppet case this re-applies puppet to unpin the nova RPC API
so I guess it'll restart the nova containers this affects but otherwise
will be a no-op (we also disable the ansible steps at this point.
Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1
Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
|
|
This uses the mysql client configuration file to configure if SSL should
be used for the connection if SSL in the internal network is enabled.
Change-Id: Ifd1a06e0749a05a65f6314255843f572d2209067
|
|
Vector Packet Processing (VPP) is a high performance packet processing
stack that runs in user space in Linux. VPP is used as an alternative to
kernel networking stack for accelerated network data path. This patch
adds VPP as a composable service. Note that NIC binding related configs
for VPP are handled in os-net-config.
Depends-on: I70a68a204a8b9d533fc2fa4fc33c39c3b1c366bf
Change-Id: I5e4b1903dc87cb16259eeb05db585678acadbc6b
Implements: blueprint fdio-integration-tripleo
|
|
This was accidentally removed in
If581f301a5493ef33ac1386bdc22f9fca4f2544e looks like
Change-Id: I0e2c4fe664daca5c50921673db067701195c501f
|
|
When fixing LP#1643487 we added ?bind_address to all DB URIs.
Since this clashes with Cellsv2 due to the URIs becoming host
dependent, we need a new approach to pass bind_address to pymysql
that leaves the DB URIs host-independent.
In change Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18 we first create a
/etc/my.cnf.d/tripleo.cnf file with a [tripleo] section with the correct
bind-address option.
In this change we make sure that the DB URIs will point to the added
file and to the specific section containing the necessary bind-address
option. We do introduce a new MySQLClient profile which will hold all
this more client-specific configuration so that this change can fit
better in the composable roles work. Also, in the future it might
contain the necessary configuration for SSL for example.
Note that in case the /etc/my.cnf.d/tripleo.cnf file does not exist
(because it is created via the mysqlclient profile), things keep on
working as usual and the bind-address option simply won't be set, which
has no impact on hosts where there are no VIPs.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Change-Id: Ieac33efe38f32e949fd89545eb1cd8e0fe114a12
Related-Bug: #1643487
Closes-Bug: #1663181
Closes-Bug: #1664524
Depends-On: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
|
|
|
|
Depends-On: Ic74ccd5fa7b3b04ca810416e5160463252f17474
Implements: blueprint congress-service-integration
Change-Id: Ie60540c340c0eb71ff376aba65507a8bb3e909b6
Signed-off-by: Dan Radez <dradez@redhat.com>
|
|
This delivers a /root/tripleo_upgrade_node.sh to those nodes
that have the disable_upgrade_deployment flag set to true.
They will later be upgraded manually by the operator who will
invoke the script delivered here using upgrade-non-controller.sh
We can also deliver any service specific upgrade configuration,
such as configuring nova-compute to use the placement API as this
is required in order for placement to be configured and installed
during the subsequent upgrade steps for controller services.
This removes the compute and swift specific upgrade scripts as
they are now merged into the common
tripleo_upgrade_node.sh - removing any hard coded
reference to a particular role name (compute/objectstorage) and
only relying on the disable_upgrade_deployment is roles_data.yaml
Change-Id: I4531a4038b78087ef4a1a62c35f1328822427817
Co-Authored-By: Mathieu Bultel <mbultel@redhat.com>
|
|
Depends-On: Ide0e60f3b7a3733788af4337c1c39b4a956c876f
Depends-On: I3d6bbc05644e840395f87333ec80e3b844f69903
Depends-On: Idf6abcb7fe766546cb362ad4afe54f4bccd9c994
Implements: blueprint tacker-service-integration
Change-Id: Ibddc81561f6e6ba671bd01a9251c57d3ad67ba8c
Signed-off-by: Dan Radez <dradez@redhat.com>
|
|
|
|
The collectd composable service permits an operator to configure
collectd metrics collection as part of the overcloud install.
Depends-on: I03cfbd96778a76125d18e2ca2f48d96e292608de
Change-Id: I143565329f5128f15cc39c9b62a6b242666383ab
|
|
This patch adds the Octavia services to the registry and controller role
(disabled by default). Also included is an example environment file for
enabling the services and required configuration. The API service
profile is also amended configure the load balancer service provider in
neutron to point to the octavia load balancer driver.
Change-Id: I7f3bba950f5b1574ba842a39e93a8ac2b1ccf7bb
Partially-implements: blueprint octavia-service-integration
|
|
This patch allows the management of the AuditD service and its associated
files (such as `audit.rules`)
This is achieved by means of the `puppet-auditd` puppet module.
Also places ssh banner capabilities map on top of patch
Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d
Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
|
|
|
|
|
|
This change adds a profile to deploy the Ceph RBD mirroring daemon
as a Pacemaker resource.
Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948
Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789
Closes-Bug: #1652177
|
|
Allow use of ooo template to populate banner text into /etc/issue
Change-Id: If5b2da9415f10652a0a64503b2da4b63d1018640
Depends-On: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e
Closes-Bug: #1640306
|
|
Some services (e.g ceph mon) require upgrading in batches (the old
upgrade architecture did the ceph mon upgrade one controller at a
time). This interface enables doing the same, and over time we
can probably move more services into this interface (e.g when
services support rolling upgrades) to reduce downtime.
Change-Id: If581f301a5493ef33ac1386bdc22f9fca4f2544e
Partially-Implements: blueprint overcloud-upgrades-per-service
|
|
|
|
|
|
This change adds the ec2api service using the
tripleo::profile::base::nova::ec2api profile.
The deprecated nova-cert service is not supported, and therefore the
RegisterImage action is not supported either.
Change-Id: I2510fd4ed935d8423216fff9ce3adf2d69c9c804
Depends-On: If4b091e1ca02f43aa9c65392baf8ceea007b7cfb
|
|
|
|
As part of the composable upgrades current plan is to disable
the composable upgrades steps running on a particular role
(e.g. all compute nodes) in favor of a later operator driven
upgrades process as has previously been the case
This adds the disable_upgrade_deployment flag to roles_data as
a first step. Thanks to shardy for his help with this.
Change-Id: Ice845742a043b34917e61f662885786c73e955fd
|
Jenkins
Steven Hardy
Dan Prince
Alex Schultz
Bartosz Stopa
Juan Antonio Osorio Robles
Peng Liu
Pradeep Kilambi
Luca Lorenzetto
Alan Bishop
Feng Pan
Jiri Stransky
lhinds
Ricardo Noriega
marios
Michele Baldessari
Dan Radez
Lars Kellogg-Stedman
Brent Eagles
Giulio Fidente
Luke Hinds
Sven Anderson