Jenkins [Sat, 12 Aug 2017 03:17:49 +0000 (03:17 +0000)]
Merge "Convert controller-role.yaml to role.role.j2.yaml"
Jenkins [Fri, 11 Aug 2017 21:20:59 +0000 (21:20 +0000)]
Merge "TLS everywhere: Configure CA for mongodb"
Jenkins [Fri, 11 Aug 2017 19:07:26 +0000 (19:07 +0000)]
Merge "Add script to create tripleo-admin on deployed servers"
Jenkins [Fri, 11 Aug 2017 17:55:43 +0000 (17:55 +0000)]
Merge "openstack-heat-templates: fix deprecation path"
Steven Hardy [Tue, 4 Jul 2017 17:20:10 +0000 (18:20 +0100)]
Convert controller-role.yaml to role.role.j2.yaml
Add deprecated role-specific parameters to role definition, in
order to special-case some parameters for backwards compatibility,
such that the Controller role can be rendered via j2 for support
of composable networks.
Co-Authored By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: I5983f03ae1b7f0b6add793914540b8ca405f9b2b
Partially-Implements: blueprint composable-networks
Juan Antonio Osorio Robles [Fri, 11 Aug 2017 13:07:13 +0000 (16:07 +0300)]
TLS everywhere: Configure CA for mongodb
It wasn't being configured, thus making mongodb fail.
Change-Id: If0d7513aacfa74493a9747440fb97f915a77db84
Closes-Bug: #
1710162
Jenkins [Fri, 11 Aug 2017 12:02:30 +0000 (12:02 +0000)]
Merge "Move HAProxy's public TLS logic from controller to service template"
Jenkins [Fri, 11 Aug 2017 11:28:41 +0000 (11:28 +0000)]
Merge "Set virsh secret with an init step when using Ceph"
Jenkins [Fri, 11 Aug 2017 11:26:41 +0000 (11:26 +0000)]
Merge "Keep dynamic network creation backward compatible."
Juan Antonio Osorio Robles [Mon, 7 Aug 2017 11:25:38 +0000 (14:25 +0300)]
Move HAProxy's public TLS logic from controller to service template
This de-couples public TLS from controllers to now run wherever HAProxy
is deployed.
Partially-Implements: blueprint composable-networks
Change-Id: I9e84a25a363899acf103015527787bdd8248949f
Jenkins [Thu, 10 Aug 2017 21:49:55 +0000 (21:49 +0000)]
Merge "Noop controller pre and post config resources."
Jenkins [Thu, 10 Aug 2017 19:41:17 +0000 (19:41 +0000)]
Merge "Fix cidr get_attr in custom networks"
Jenkins [Thu, 10 Aug 2017 19:37:55 +0000 (19:37 +0000)]
Merge "Create parameters for haproxy TLS certs and keys"
Jenkins [Thu, 10 Aug 2017 04:32:32 +0000 (04:32 +0000)]
Merge "Docker/TLS everywhere: Add telemetry and neutron services to environment"
Jenkins [Wed, 9 Aug 2017 15:11:25 +0000 (15:11 +0000)]
Merge "Addition of Nuage as mechanism driver for ML2"
Giulio Fidente [Wed, 9 Aug 2017 10:13:46 +0000 (12:13 +0200)]
Set virsh secret with an init step when using Ceph
Run virsh secret-define and secret-set-value in an init step
instead of relying on the puppet-nova exec.
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: Ic950e290af1c66d34b40791defbdf4f8afaa11da
Closes-Bug: #
1709583
Jenkins [Wed, 9 Aug 2017 07:42:18 +0000 (07:42 +0000)]
Merge "Use number for KeystoneCronTokenFlushMaxDelay instead of string"
Jenkins [Wed, 9 Aug 2017 04:41:12 +0000 (04:41 +0000)]
Merge "Don't curl metadata server in userdata example"
Jenkins [Tue, 8 Aug 2017 21:53:34 +0000 (21:53 +0000)]
Merge "MariaDB: create clustercheck user at container bootstrap"
Giulio Fidente [Tue, 8 Aug 2017 19:00:30 +0000 (21:00 +0200)]
Fix cidr get_attr in custom networks
We were missing the square brackets around the list of arguments
for get_attr when building the networks cidr output.
This passed CI because Heat does not fail validation and Ceph (which
is consuming the cidr output) is tested with a single network (ctlplane)
which does not build the output using the same templates.
Change-Id: I40bba0784a30295cb0d4eda1fbff20ebac85db99
Closes-Bug: #
1709464
Juan Antonio Osorio Robles [Tue, 8 Aug 2017 12:35:05 +0000 (12:35 +0000)]
Docker/TLS everywhere: Add telemetry and neutron services to environment
some resources were missing, so this syncs up what's working right now.
bp tls-via-certmonger-containers
Change-Id: Ic8fe20d0240f1ad8f18218d66634029d522d4d5a
Sofer Athlan-Guyot [Mon, 7 Aug 2017 14:04:08 +0000 (16:04 +0200)]
Keep dynamic network creation backward compatible.
We had an history mapping for InternalApi to InternalNetwork. If we
remove it then heat will want to destroy InternalNetwork and create
InternalApi which cannot work during upgrade.
This adds compat name parameters to network_data.yaml.
Closes-Bug: #
1709105
Change-Id: I8ce6419a5e13a13ee6e991db5ca2196763f52d7a
Jiri Stransky [Thu, 3 Aug 2017 12:23:27 +0000 (14:23 +0200)]
Add script to create tripleo-admin on deployed servers
When using deployed servers, we want to create a standard
tripleo-admin user for Mistral's ssh tasks (e.g. running Ansible on
overcloud). This script wraps the respective Mistral workflow.
Change-Id: I2de698b4aae07f74569243a9e7c1c56eb578e700
Related-Bug: #
1708180
Depends-On: Ibe8e54f7b38d8c6c8d944d2b13f0eed004c34c4c
Juan Antonio Osorio Robles [Mon, 7 Aug 2017 08:01:24 +0000 (11:01 +0300)]
Create parameters for haproxy TLS certs and keys
this removes the hardcoded paths for the haproxy certs and keys and will
enable re-use. We'll use this in a further commit in the containterized
TLS work.
Change-Id: I602e5a569e2e7e60835deb80532abcedd7a1f63d
Juan Antonio Osorio Robles [Fri, 4 Aug 2017 05:36:42 +0000 (08:36 +0300)]
Use number for KeystoneCronTokenFlushMaxDelay instead of string
Using a string results in an erroneous check in puppet-keystone, which
sets up a zero where it shouldn't. So we change it to number to avoid
that. Note that there will also be a puppet-keystone fix for this.
Changing the value here assures that deployers only give valid values to
this parameter.
Change-Id: I00823e23358df91ce54f421c12636f05d4196e15
Closes-Bug: #
1708584
Jenkins [Sat, 5 Aug 2017 16:22:56 +0000 (16:22 +0000)]
Merge "Add Telemetry services to scenario002"
Jenkins [Sat, 5 Aug 2017 15:22:56 +0000 (15:22 +0000)]
Merge "Start redis service after upgrade"
Jenkins [Fri, 4 Aug 2017 20:47:16 +0000 (20:47 +0000)]
Merge "Stop and disable openstack-nova-compute service on compute nodes"
Jenkins [Fri, 4 Aug 2017 20:47:07 +0000 (20:47 +0000)]
Merge "Run gnocchi upgrade with sacks in docker template"
Jenkins [Fri, 4 Aug 2017 14:04:44 +0000 (14:04 +0000)]
Merge "Change the directory for haproxy certs/keys to be service-specific"
Jenkins [Fri, 4 Aug 2017 13:20:11 +0000 (13:20 +0000)]
Merge "Copy scheduler configuration from service/ironic to services-docker/ironic"
Jenkins [Fri, 4 Aug 2017 12:31:57 +0000 (12:31 +0000)]
Merge "Fix up multipath docker indentation"
Juan Antonio Osorio Robles [Wed, 2 Aug 2017 07:27:15 +0000 (10:27 +0300)]
Change the directory for haproxy certs/keys to be service-specific
This moves the directories containing the certs/keys for haproxy one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.
bp tls-via-certmonger-containers
Depends-On: Iba3adb9464a755e67c6f87d1233b3affa8be565a
Change-Id: I73df8d442b361cb5ef4e343b4ea2a198a5b95da9
Jenkins [Fri, 4 Aug 2017 10:16:42 +0000 (10:16 +0000)]
Merge "Adds environment file for ODL + SRIOV"
Jenkins [Fri, 4 Aug 2017 06:33:48 +0000 (06:33 +0000)]
Merge "Changing the default port-binding configuration"
Pradeep Kilambi [Thu, 27 Jul 2017 13:53:59 +0000 (09:53 -0400)]
Update EventPipelinePublisher param description to include zaqar
Since we now support zaqar:// publisher, Enhance the description to indicate
how to set the zaqar publisher.
Change-Id: Ib7eba98d199fade2346620672e33b74686d4685b
Jenkins [Thu, 3 Aug 2017 21:53:09 +0000 (21:53 +0000)]
Merge "Make UpgradeLevelNovaCompute parameters consistent"
Jenkins [Thu, 3 Aug 2017 21:52:28 +0000 (21:52 +0000)]
Merge "Add environment for setting a custom domain name"
lokesh-jain [Thu, 15 Jun 2017 21:19:20 +0000 (17:19 -0400)]
Addition of Nuage as mechanism driver for ML2
Adding composable services for Nuage mechanism driver for ML2. This
is separate from Nuage as the core plugin and intentional duplication
of Nuage under puppet services. Parameters required for working of
Nuage as mechanism driver are also added.
Change-Id: I2b564610721152c4f4dab9da79442256ba8d0b33
Jenkins [Thu, 3 Aug 2017 17:59:45 +0000 (17:59 +0000)]
Merge "Update capabilities map to match latest environments"
Jenkins [Thu, 3 Aug 2017 14:19:44 +0000 (14:19 +0000)]
Merge "Make many networking parameters consistent"
Marius Cornea [Wed, 2 Aug 2017 21:44:17 +0000 (23:44 +0200)]
Stop and disable openstack-nova-compute service on compute nodes
This change stops and disables the openstack-nova-compute service
on the compute nodes during the upgrade to the containers architecture.
Closes-bug:
1708371
Change-Id: I9ca909d4e91d0a0e4de15572f727f959d9185c64
Jenkins [Thu, 3 Aug 2017 06:46:16 +0000 (06:46 +0000)]
Merge "Fix CA file bind mounting in containers"
Jenkins [Thu, 3 Aug 2017 04:30:48 +0000 (04:30 +0000)]
Merge "Render isolated network templates using jinja2"
Jenkins [Thu, 3 Aug 2017 01:40:17 +0000 (01:40 +0000)]
Merge "Make RoleParameters and key_name descriptions consistent"
Jenkins [Thu, 3 Aug 2017 01:02:42 +0000 (01:02 +0000)]
Merge "Set redis password hiera value in compute agent"
Jenkins [Thu, 3 Aug 2017 01:02:35 +0000 (01:02 +0000)]
Merge "Cinder volume/backup containers shouldn't mount two paths at same point"
Jenkins [Thu, 3 Aug 2017 00:45:30 +0000 (00:45 +0000)]
Merge "Update TLS-everywhere docker environment"
Jenkins [Thu, 3 Aug 2017 00:44:41 +0000 (00:44 +0000)]
Merge "Fix keystone, cinder, heat-api cron containers"
Ben Nemec [Fri, 14 Jul 2017 20:36:56 +0000 (15:36 -0500)]
Make UpgradeLevelNovaCompute parameters consistent
There is logic in nova-base.yaml that depends on the default for
this parameter being '', and the nova-compute service only needs it
set to auto during upgrade. That will be done by [1] anyway, so it
doesn't matter what the default is. It's also not clear to me that
the nova-compute task is even needed now that we're post-Ocata, but
that's not a change I feel comfortable making.
1: https://github.com/openstack/tripleo-heat-templates/blob/master/environments/major-upgrade-composable-steps.yaml
Change-Id: Iccfcb5b68e406db1b942375803cfedbb929b4307
Partial-Bug:
1700664
Ben Nemec [Thu, 13 Jul 2017 18:14:51 +0000 (13:14 -0500)]
Make many networking parameters consistent
These are mostly the low hanging fruit that only required a few
minor changes to fix. There are more that require a lot of changes
or might be more controversial that will be done later.
Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62
Partial-Bug:
1700664
Ben Nemec [Tue, 27 Jun 2017 16:07:52 +0000 (11:07 -0500)]
Make RoleParameters and key_name descriptions consistent
The key_name default is ignored because the parameter is used in
some mutually exclusive environments where the default doesn't
need to be the same.
Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7
Partial-Bug:
1700664
Jenkins [Wed, 2 Aug 2017 21:04:45 +0000 (21:04 +0000)]
Merge "Fix ceilometer agent compute service name"
Pradeep Kilambi [Fri, 16 Jun 2017 13:11:43 +0000 (09:11 -0400)]
Add Telemetry services to scenario002
We need to test gnocchi with swift backend. So adding
telemetry to scenario002 job to cover that.
Change-Id: I284de61bbefac9e9b37390650016643ffe38b5cc
Pradeep Kilambi [Wed, 2 Aug 2017 19:52:29 +0000 (15:52 -0400)]
Start redis service after upgrade
We install redis if its not already there, but we should also
ensure redis service is started in the next step 4.
related to issues we're seeing in I284de61bbefac9e9b37390650016643ffe38b5cc
Change-Id: Ic01db53ea8669f14e87f6987045b2be5a3480024
Sébastien Han [Wed, 2 Aug 2017 14:20:18 +0000 (16:20 +0200)]
openstack-heat-templates: fix deprecation path
The right file is external-ceph.yaml, not ceph-external.yaml.
Change-Id: If21a4f183305f82916e1ef2aadb0706e7dab4657
Signed-off-by: Sébastien Han <seb@redhat.com>
Jiri Tomasek [Fri, 14 Jul 2017 09:12:44 +0000 (11:12 +0200)]
Update capabilities map to match latest environments
This change updates capabilities-map.yaml to properly map existing
environments
Closes-Bug:
1708159
Change-Id: I4104b6b59b3e9b19a06cdc233dae4f68fe033580
Michele Baldessari [Wed, 2 Aug 2017 09:55:23 +0000 (11:55 +0200)]
Fix up multipath docker indentation
Deploying a multipathd container gives the following error:
failed: [localhost] (item={'key': u'config_files', 'value': [{u'dest': u'/', u'merge': True, u'source':
u'/var/lib/kolla/config_files/src-iscsid/*', u'preserve_properties': True}]}) =>
{\"checksum\": \"
72ad81489381571c5043b7613f6828b06ae364bd\", \"failed\": true, \"item\":
{\"key\": \"config_files\", \"value\": [{\"dest\": \"/\", \"merge\": true, \"preserve_properties\": true,
\"source\": \"/var/lib/kolla/config_files/src-iscsid/*\"}]}, \"msg\": \"Destination directory does not exist\"}
The reason is the wrong indentation of the config_files key in the
multipath docker service.
Change-Id: I0e1fbb9eb188a903994b9e5da90ab4a6fb81f00a
Closes-Bug: #
1708129
Jenkins [Wed, 2 Aug 2017 05:11:22 +0000 (05:11 +0000)]
Merge "Fix iscsid role data's section"
John Fulton [Wed, 2 Aug 2017 02:54:56 +0000 (02:54 +0000)]
Cinder volume/backup containers shouldn't mount two paths at same point
Docker refuses to start the container because config_files/src-ceph:ro
is mounted at both /etc/ceph and config-data/puppet-generated/ceph.
The mount to /var/lib/config-data/puppet-generated/ceph should have
been removed in commit
ed0b77ff93a1a1e071d32f6a758e04c6d0b041ef.
Change-Id: I411b4764a54fc21e97e4c41a5fef00c7e6e2b64d
Closes-Bug: #
1707956
Jenkins [Wed, 2 Aug 2017 01:35:47 +0000 (01:35 +0000)]
Merge "Fix network-isolation.j2.yaml to ignore VIPs for disabled networks"
Jenkins [Wed, 2 Aug 2017 01:30:11 +0000 (01:30 +0000)]
Merge "Remove empty metadata_settings from iscsid and multipathd templates"
Jenkins [Wed, 2 Aug 2017 01:29:22 +0000 (01:29 +0000)]
Merge "Adds stop and disable for libvirtd on upgrade to containers"
Pradeep Kilambi [Wed, 26 Jul 2017 15:18:40 +0000 (11:18 -0400)]
Set redis password hiera value in compute agent
Without this config defaults to undef in containers
Change-Id: Id47f365364e7b0d399de92995871b136550cd625
Pradeep Kilambi [Mon, 24 Jul 2017 19:26:47 +0000 (15:26 -0400)]
Fix ceilometer agent compute service name
Make sure this matches whats in roles_data.yaml
Change-Id: Id41c457914f557af7c9ec195c4c6f98669523ac1
Jenkins [Tue, 1 Aug 2017 20:00:18 +0000 (20:00 +0000)]
Merge "Generate MySQL client config if service requires database"
Pradeep Kilambi [Fri, 28 Jul 2017 21:03:02 +0000 (17:03 -0400)]
Run gnocchi upgrade with sacks in docker template
Without this gnocchi is not initializing the sacks like puppet does
and gnocchi containers dont respond properly.
Change-Id: I2c53b00793f99420fd12ccc0b5646cf21d528e46
Jenkins [Tue, 1 Aug 2017 17:20:06 +0000 (17:20 +0000)]
Merge "Add missing metadata_settings from docker services"
marios [Tue, 1 Aug 2017 14:24:18 +0000 (17:24 +0300)]
Adds stop and disable for libvirtd on upgrade to containers
Adds this into the tripleo_upgrade_node.sh executed by the
operator for the major upgrade see the bug for more info
Change-Id: Ic54b48b149594e8ea08e95152111bcdaf7b252b7
Closes-Bug:
1707926
Dan Prince [Mon, 31 Jul 2017 21:49:24 +0000 (17:49 -0400)]
Fix keystone, cinder, heat-api cron containers
The cron containers need to run as root in order to create PID files
correctly.
Additionally, the keystone_cron container was misconfigured to
use /usr/bin/cron instead of the correct /usr/bin/crond.
Additionally we have an issue where the Kolla keystone container has
hard coded ARGS for the docker container which causes -DFOREGROUND
(an Apache specific argument) to get appended onto the kolla_start
command thus causing crond to fail to startup correctly. This
works around the issue by overriding the command and calling
kolla_set_configs manually. Once we fix this in Kolla we can
revisit this.
Change-Id: Ib8fb2bef9a3bb89131265051e9ea304525b58374
Related-bug:
1707785
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 07:01:54 +0000 (07:01 +0000)]
Fix CA file bind mounting in containers
The syntax was wrong and wasn't actually bind mounting the CA file.
This fixes it.
Change-Id: Icfa2118ccd2a32fdc3d1af27e3e3ee02bdfbb13b
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 05:54:05 +0000 (08:54 +0300)]
Update TLS-everywhere docker environment
Some resources have changed. So the environment needed syncing
Change-Id: I9aa310ae80edfccd3ed28e67a431aad6e1ed8a7f
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 05:42:33 +0000 (08:42 +0300)]
Remove empty metadata_settings from iscsid and multipathd templates
metadata_settings is meant to have a specific format or be completely
absent. Unfortunately the hook [1] doesn't an empty value for this. So
we remove it as an easy fix before figuring out how to add such a
functionality to the hook.
[1] https://github.com/openstack/tripleo-heat-templates/blob/master/extraconfig/nova_metadata/krb-service-principals.yaml
Co-Authored-By: Thomas Herve <therve@redhat.com>
Change-Id: Ieac62a8076e421b5c4843a3cbe1c8fa9e3825b38
Jenkins [Mon, 31 Jul 2017 19:32:47 +0000 (19:32 +0000)]
Merge "Enable Dpdk after rebooting with Hugepages for OvS2.7"
Damien Ciabrini [Fri, 28 Jul 2017 16:13:53 +0000 (12:13 -0400)]
MariaDB: create clustercheck user at container bootstrap
In HA overclouds, the helper script clustercheck is called by HAProxy to poll
the state of the galera cluster. Make sure that a dedicated clustercheck user
is created at deployment, like it is currently done in Ocata.
The creation of the clustercheck user happens on all controller nodes, right
after the database creation. This way, it does not need to wait for the galera
cluster to be up and running.
Partial-Bug: #
1707683
Change-Id: If8e0b3f9e4f317fde5328e71115aab87a5fa655f
Jenkins [Mon, 31 Jul 2017 15:26:54 +0000 (15:26 +0000)]
Merge "Fix creation of iptables rules for non-HA containerized HAproxy"
Juan Antonio Osorio Robles [Mon, 31 Jul 2017 15:22:44 +0000 (18:22 +0300)]
Add missing metadata_settings from docker services
These are needed for the TLS everywhere bits.
Change-Id: I81fcf453fc1aaa2545e0ed24013f0f13b240a102
Jenkins [Mon, 31 Jul 2017 14:23:06 +0000 (14:23 +0000)]
Merge "Add 'ovn-controller' service"
Dmitry Tantsur [Mon, 31 Jul 2017 13:47:23 +0000 (15:47 +0200)]
Copy scheduler configuration from service/ironic to services-docker/ironic
That was missed back then. Without it bug
1697724 is not fixed for containers.
Change-Id: Ie859f10129cbdeebd9ea4522510768cec99a1df3
Related-Bug: #
1697724
Saravanan KR [Fri, 14 Jul 2017 04:11:28 +0000 (09:41 +0530)]
Enable Dpdk after rebooting with Hugepages for OvS2.7
With OvS2.7, DPDK is initialized immediately after setting
dpdk-init flag. DPDK requires hugepages configuration to be
available on kernel args with a reboot. This patch reboots
the node after applying the kernel args. And once the node
is rebooted, DPDK will be enabled and then the deployment
continues.
Change-Id: Ide442e09c2bea56a38399247de588e63b4272326
Jenkins [Sat, 29 Jul 2017 00:59:17 +0000 (00:59 +0000)]
Merge "add lbaasv2 to NeutronServicePlugins in octavia containers"
Jenkins [Fri, 28 Jul 2017 15:57:33 +0000 (15:57 +0000)]
Merge "Also log docker-puppet.py puppet output to console"
Jenkins [Fri, 28 Jul 2017 15:46:58 +0000 (15:46 +0000)]
Merge "Enable Zaqar API SSL"
Bogdan Dobrelya [Fri, 28 Jul 2017 09:25:42 +0000 (11:25 +0200)]
Also log docker-puppet.py puppet output to console
Running puppet apply with --logdest syslog results in all the output
being redirected to syslog. You get no error messages. In the case where this fails, the subsequent debug task shows nothing useful
as there was no stdout/stderr.
Also pass --logdest console to docker-puppet's puppet apply so that
we get the output for the debug task.
Related-Bug: #
1707030
Change-Id: I67df5eee9916237420ca646a16e188f26c828c0e
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Jenkins [Fri, 28 Jul 2017 02:57:20 +0000 (02:57 +0000)]
Merge "Consistent hostname format env for split-stack"
Itzik Brown [Thu, 20 Jul 2017 11:36:26 +0000 (14:36 +0300)]
Changing the default port-binding configuration
networking-odl no longer supports the network-topology port
binding controller and instead now relies on a pseudo-agent binding
controller. This means that each OVS node must be configured with
host configuration in OVSDB about which VIF types, network types,
functions, etc that this OVS node supports. The end result is this
affects where nova and neutron will schedule instances.
Changes Include:
- Modifying default port binding controller to use pseudo agent
- Adds necessary per role parameters to be able to configure host
config on a per role basis to allow for heterogenous compute node
configurations.
Change-Id: I50458abf6a8a6bf724ad97accb6444d9c497d287
Closes-Bug:
1674995
Signed-off-by: Tim Rozet <trozet@redhat.com>
Numan Siddique [Thu, 13 Jul 2017 11:44:51 +0000 (17:14 +0530)]
Add 'ovn-controller' service
Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml)
is started only on compute nodes. But for the cases where the controller nodes
provide the north/south traffic, we need ovn-controller service runninng in controller
nodes as well.
This patch
- Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more
sense and sets the service name as 'ovn-controller'.
- Adds the service 'ovn-controller' to Controller and Compute roles.
- Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml
Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3
Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53
Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5
James Slagle [Thu, 27 Jul 2017 17:59:04 +0000 (13:59 -0400)]
Also log puppet output to console
Running puppet apply with --logdest syslog results in all the output
being redirected to syslog. You get no error messages. In the case where
this ansible task fails, the subsequent debug task shows nothing useful
as there was no stdout/stderr.
Also pass --logdest console to puppet apply so that we get the output
for the debug task. My local testing showed that when specifying logdest
twice, both values were honored, and the output went to syslog and the
console.
Change-Id: Id5212b3ed27b6299e33e81ecf71ead554f9bdd29
Closes-Bug: #
1707030
Damien Ciabrini [Fri, 7 Jul 2017 14:44:26 +0000 (10:44 -0400)]
Generate MySQL client config if service requires database
Services that access database have to read an extra MySQL configuration file
/etc/my.cnf.d/tripleo.cnf which holds client-only settings, like client bind
address and SSL configuration. The configuration file is thus used by
containerized services, but also by non-containerized services that still
run on the host.
In order to generate that client configuration file appropriately both on the
host and for containers, 1) the MySQLClient service must be included by the
role; 2) every containerized service which uses the database must include the
mysql::client profile in the docker-puppet config generation step.
By including the mysql::client profile in each containerized service, we ensure
that any change in configuration file will be reflected in the service's
/var/lib/config-data/{service}, and that paunch will restart the service's
container automatically.
We now only rely on MySQLClient from puppet/services, to make it possible to
generate /etc/my.cnf.d/tripleo.cnf on the host, and to set the hiera keys that
drive the generation of that config file in containers via docker-puppet.
We include a new YAML validation step to ensure that any service which depends
on MySQL will initialize the mysql::client profile during the docker-puppet
step.
Change-Id: I0dab1dc9caef1e749f1c42cfefeba179caebc8d7
Damien Ciabrini [Thu, 27 Jul 2017 16:44:15 +0000 (12:44 -0400)]
Fix iscsid role data's section
The iscsid service definition has a typo, config_setting should
read config_settings
Change-Id: I12605dba61fd5f6ce80c3ab78e883ed5ebf3ca62
Ben Nemec [Wed, 21 Jun 2017 17:13:18 +0000 (12:13 -0500)]
Add environment for setting a custom domain name
Just setting CloudDomain won't make the domains used consistent.
There are a number of CloudName parameters that must be set as well.
This change adds a sample environment that includes all of those
parameters so it is easy to set everything consistently.
Also fixes the description of CloudNameCtlplane to reflect the
actual use for that parameter.
Change-Id: I56d1c1c5619f83c16c4e8350aa84fccc3d748425
Jenkins [Thu, 27 Jul 2017 14:10:56 +0000 (14:10 +0000)]
Merge "Add PCI to nova compute container for passthrough support"
Jenkins [Thu, 27 Jul 2017 11:36:48 +0000 (11:36 +0000)]
Merge "Enable libvirtd_config puppet tag in nova-libvirtd docker service"
Thomas Herve [Wed, 19 Jul 2017 09:13:19 +0000 (11:13 +0200)]
Enable Zaqar API SSL
This sets the SSL flag in the docker service and expose the parameter in
the docker service.
Depends-On: I4c68a662c2433398249f770ac50ba0791449fe71
Change-Id: Ic3df2b9ab7432ffbed5434943e04085a781774a0
Jenkins [Thu, 27 Jul 2017 06:18:28 +0000 (06:18 +0000)]
Merge "Deploy Ceph in containers using ceph-ansible via external workflow"
Jenkins [Thu, 27 Jul 2017 06:07:25 +0000 (06:07 +0000)]
Merge "Make collectd run as root inside the container"
Jenkins [Thu, 27 Jul 2017 06:06:46 +0000 (06:06 +0000)]
Merge "Adding Tuned Service"
Jenkins [Wed, 26 Jul 2017 22:57:25 +0000 (22:57 +0000)]
Merge "aodh: add gnocchi_external_project_owner config"
Jenkins [Wed, 26 Jul 2017 22:57:18 +0000 (22:57 +0000)]
Merge "Fix enable-ceph sample environment"
Giulio Fidente [Thu, 25 May 2017 23:35:53 +0000 (01:35 +0200)]
Deploy Ceph in containers using ceph-ansible via external workflow
Add docker profiles to deploy Ceph in containers via ceph-ansible. This is
implemented by triggering a Mistral workflow during one of the overcloud
deployment steps, as provided by [1].
Some new service-specific parameters are available to determine the workflow to
execute and the ansible playbook to use. A new `CephAnsibleExtraConfig`
parameter can be used to provide arbitrary config variables consumed by `ceph-ansible`.
The pre-existing template params consumed up until the Pike release to
drive `puppet-ceph` continue to work and are translated, when possible, into
the equivalent `ceph-ansible` variable.
A new environment file is added to enable use of ceph-ansible;
the pre-existing puppet-ceph implementation remains unchanged and usable
for non-containerized deployments.
1. https://review.openstack.org/#/c/463324/
Change-Id: I81d44a1e198c83a4ef8b109b4eb6c611555dcdc5