apex-tripleo-heat-templates.git
7 years agoMerge "Convert controller-role.yaml to role.role.j2.yaml"
Jenkins [Sat, 12 Aug 2017 03:17:49 +0000 (03:17 +0000)]
Merge "Convert controller-role.yaml to role.role.j2.yaml"

7 years agoMerge "TLS everywhere: Configure CA for mongodb"
Jenkins [Fri, 11 Aug 2017 21:20:59 +0000 (21:20 +0000)]
Merge "TLS everywhere: Configure CA for mongodb"

7 years agoMerge "Add script to create tripleo-admin on deployed servers"
Jenkins [Fri, 11 Aug 2017 19:07:26 +0000 (19:07 +0000)]
Merge "Add script to create tripleo-admin on deployed servers"

7 years agoMerge "openstack-heat-templates: fix deprecation path"
Jenkins [Fri, 11 Aug 2017 17:55:43 +0000 (17:55 +0000)]
Merge "openstack-heat-templates: fix deprecation path"

7 years agoConvert controller-role.yaml to role.role.j2.yaml
Steven Hardy [Tue, 4 Jul 2017 17:20:10 +0000 (18:20 +0100)]
Convert controller-role.yaml to role.role.j2.yaml

Add deprecated role-specific parameters to role definition, in
order to special-case some parameters for backwards compatibility,
such that the Controller role can be rendered via j2 for support
of composable networks.

Co-Authored By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: I5983f03ae1b7f0b6add793914540b8ca405f9b2b
Partially-Implements: blueprint composable-networks

7 years agoTLS everywhere: Configure CA for mongodb
Juan Antonio Osorio Robles [Fri, 11 Aug 2017 13:07:13 +0000 (16:07 +0300)]
TLS everywhere: Configure CA for mongodb

It wasn't being configured, thus making mongodb fail.

Change-Id: If0d7513aacfa74493a9747440fb97f915a77db84
Closes-Bug: #1710162

7 years agoMerge "Move HAProxy's public TLS logic from controller to service template"
Jenkins [Fri, 11 Aug 2017 12:02:30 +0000 (12:02 +0000)]
Merge "Move HAProxy's public TLS logic from controller to service template"

7 years agoMerge "Set virsh secret with an init step when using Ceph"
Jenkins [Fri, 11 Aug 2017 11:28:41 +0000 (11:28 +0000)]
Merge "Set virsh secret with an init step when using Ceph"

7 years agoMerge "Keep dynamic network creation backward compatible."
Jenkins [Fri, 11 Aug 2017 11:26:41 +0000 (11:26 +0000)]
Merge "Keep dynamic network creation backward compatible."

7 years agoMove HAProxy's public TLS logic from controller to service template
Juan Antonio Osorio Robles [Mon, 7 Aug 2017 11:25:38 +0000 (14:25 +0300)]
Move HAProxy's public TLS logic from controller to service template

This de-couples public TLS from controllers to now run wherever HAProxy
is deployed.

Partially-Implements: blueprint composable-networks
Change-Id: I9e84a25a363899acf103015527787bdd8248949f

7 years agoMerge "Noop controller pre and post config resources."
Jenkins [Thu, 10 Aug 2017 21:49:55 +0000 (21:49 +0000)]
Merge "Noop controller pre and post config resources."

7 years agoMerge "Fix cidr get_attr in custom networks"
Jenkins [Thu, 10 Aug 2017 19:41:17 +0000 (19:41 +0000)]
Merge "Fix cidr get_attr in custom networks"

7 years agoMerge "Create parameters for haproxy TLS certs and keys"
Jenkins [Thu, 10 Aug 2017 19:37:55 +0000 (19:37 +0000)]
Merge "Create parameters for haproxy TLS certs and keys"

7 years agoMerge "Docker/TLS everywhere: Add telemetry and neutron services to environment"
Jenkins [Thu, 10 Aug 2017 04:32:32 +0000 (04:32 +0000)]
Merge "Docker/TLS everywhere: Add telemetry and neutron services to environment"

7 years agoMerge "Addition of Nuage as mechanism driver for ML2"
Jenkins [Wed, 9 Aug 2017 15:11:25 +0000 (15:11 +0000)]
Merge "Addition of Nuage as mechanism driver for ML2"

7 years agoSet virsh secret with an init step when using Ceph
Giulio Fidente [Wed, 9 Aug 2017 10:13:46 +0000 (12:13 +0200)]
Set virsh secret with an init step when using Ceph

Run virsh secret-define and secret-set-value in an init step
instead of relying on the puppet-nova exec.

Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: Ic950e290af1c66d34b40791defbdf4f8afaa11da
Closes-Bug: #1709583

7 years agoMerge "Use number for KeystoneCronTokenFlushMaxDelay instead of string"
Jenkins [Wed, 9 Aug 2017 07:42:18 +0000 (07:42 +0000)]
Merge "Use number for KeystoneCronTokenFlushMaxDelay instead of string"

7 years agoMerge "Don't curl metadata server in userdata example"
Jenkins [Wed, 9 Aug 2017 04:41:12 +0000 (04:41 +0000)]
Merge "Don't curl metadata server in userdata example"

7 years agoMerge "MariaDB: create clustercheck user at container bootstrap"
Jenkins [Tue, 8 Aug 2017 21:53:34 +0000 (21:53 +0000)]
Merge "MariaDB: create clustercheck user at container bootstrap"

7 years agoFix cidr get_attr in custom networks
Giulio Fidente [Tue, 8 Aug 2017 19:00:30 +0000 (21:00 +0200)]
Fix cidr get_attr in custom networks

We were missing the square brackets around the list of arguments
for get_attr when building the networks cidr output.

This passed CI because Heat does not fail validation and Ceph (which
is consuming the cidr output) is tested with a single network (ctlplane)
which does not build the output using the same templates.

Change-Id: I40bba0784a30295cb0d4eda1fbff20ebac85db99
Closes-Bug: #1709464

7 years agoDocker/TLS everywhere: Add telemetry and neutron services to environment
Juan Antonio Osorio Robles [Tue, 8 Aug 2017 12:35:05 +0000 (12:35 +0000)]
Docker/TLS everywhere: Add telemetry and neutron services to environment

some resources were missing, so this syncs up what's working right now.

bp tls-via-certmonger-containers

Change-Id: Ic8fe20d0240f1ad8f18218d66634029d522d4d5a

7 years agoKeep dynamic network creation backward compatible.
Sofer Athlan-Guyot [Mon, 7 Aug 2017 14:04:08 +0000 (16:04 +0200)]
Keep dynamic network creation backward compatible.

We had an history mapping for InternalApi to InternalNetwork.  If we
remove it then heat will want to destroy InternalNetwork and create
InternalApi which cannot work during upgrade.

This adds compat name parameters to network_data.yaml.

Closes-Bug: #1709105

Change-Id: I8ce6419a5e13a13ee6e991db5ca2196763f52d7a

7 years agoAdd script to create tripleo-admin on deployed servers
Jiri Stransky [Thu, 3 Aug 2017 12:23:27 +0000 (14:23 +0200)]
Add script to create tripleo-admin on deployed servers

When using deployed servers, we want to create a standard
tripleo-admin user for Mistral's ssh tasks (e.g. running Ansible on
overcloud). This script wraps the respective Mistral workflow.

Change-Id: I2de698b4aae07f74569243a9e7c1c56eb578e700
Related-Bug: #1708180
Depends-On: Ibe8e54f7b38d8c6c8d944d2b13f0eed004c34c4c

7 years agoCreate parameters for haproxy TLS certs and keys
Juan Antonio Osorio Robles [Mon, 7 Aug 2017 08:01:24 +0000 (11:01 +0300)]
Create parameters for haproxy TLS certs and keys

this removes the hardcoded paths for the haproxy certs and keys and will
enable re-use. We'll use this in a further commit in the containterized
TLS work.

Change-Id: I602e5a569e2e7e60835deb80532abcedd7a1f63d

7 years agoUse number for KeystoneCronTokenFlushMaxDelay instead of string
Juan Antonio Osorio Robles [Fri, 4 Aug 2017 05:36:42 +0000 (08:36 +0300)]
Use number for KeystoneCronTokenFlushMaxDelay instead of string

Using a string results in an erroneous check in puppet-keystone, which
sets up a zero where it shouldn't. So we change it to number to avoid
that. Note that there will also be a puppet-keystone fix for this.
Changing the value here assures that deployers only give valid values to
this parameter.

Change-Id: I00823e23358df91ce54f421c12636f05d4196e15
Closes-Bug: #1708584

7 years agoMerge "Add Telemetry services to scenario002"
Jenkins [Sat, 5 Aug 2017 16:22:56 +0000 (16:22 +0000)]
Merge "Add Telemetry services to scenario002"

7 years agoMerge "Start redis service after upgrade"
Jenkins [Sat, 5 Aug 2017 15:22:56 +0000 (15:22 +0000)]
Merge "Start redis service after upgrade"

7 years agoMerge "Stop and disable openstack-nova-compute service on compute nodes"
Jenkins [Fri, 4 Aug 2017 20:47:16 +0000 (20:47 +0000)]
Merge "Stop and disable openstack-nova-compute service on compute nodes"

7 years agoMerge "Run gnocchi upgrade with sacks in docker template"
Jenkins [Fri, 4 Aug 2017 20:47:07 +0000 (20:47 +0000)]
Merge "Run gnocchi upgrade with sacks in docker template"

7 years agoMerge "Change the directory for haproxy certs/keys to be service-specific"
Jenkins [Fri, 4 Aug 2017 14:04:44 +0000 (14:04 +0000)]
Merge "Change the directory for haproxy certs/keys to be service-specific"

7 years agoMerge "Copy scheduler configuration from service/ironic to services-docker/ironic"
Jenkins [Fri, 4 Aug 2017 13:20:11 +0000 (13:20 +0000)]
Merge "Copy scheduler configuration from service/ironic to services-docker/ironic"

7 years agoMerge "Fix up multipath docker indentation"
Jenkins [Fri, 4 Aug 2017 12:31:57 +0000 (12:31 +0000)]
Merge "Fix up multipath docker indentation"

7 years agoChange the directory for haproxy certs/keys to be service-specific
Juan Antonio Osorio Robles [Wed, 2 Aug 2017 07:27:15 +0000 (10:27 +0300)]
Change the directory for haproxy certs/keys to be service-specific

This moves the directories containing the certs/keys for haproxy one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.

bp tls-via-certmonger-containers

Depends-On: Iba3adb9464a755e67c6f87d1233b3affa8be565a
Change-Id: I73df8d442b361cb5ef4e343b4ea2a198a5b95da9

7 years agoMerge "Adds environment file for ODL + SRIOV"
Jenkins [Fri, 4 Aug 2017 10:16:42 +0000 (10:16 +0000)]
Merge "Adds environment file for ODL + SRIOV"

7 years agoMerge "Changing the default port-binding configuration"
Jenkins [Fri, 4 Aug 2017 06:33:48 +0000 (06:33 +0000)]
Merge "Changing the default port-binding configuration"

7 years agoUpdate EventPipelinePublisher param description to include zaqar
Pradeep Kilambi [Thu, 27 Jul 2017 13:53:59 +0000 (09:53 -0400)]
Update EventPipelinePublisher param description to include zaqar

Since we now support zaqar:// publisher, Enhance the description to indicate
how to set the zaqar publisher.

Change-Id: Ib7eba98d199fade2346620672e33b74686d4685b

7 years agoMerge "Make UpgradeLevelNovaCompute parameters consistent"
Jenkins [Thu, 3 Aug 2017 21:53:09 +0000 (21:53 +0000)]
Merge "Make UpgradeLevelNovaCompute parameters consistent"

7 years agoMerge "Add environment for setting a custom domain name"
Jenkins [Thu, 3 Aug 2017 21:52:28 +0000 (21:52 +0000)]
Merge "Add environment for setting a custom domain name"

7 years agoAddition of Nuage as mechanism driver for ML2
lokesh-jain [Thu, 15 Jun 2017 21:19:20 +0000 (17:19 -0400)]
Addition of Nuage as mechanism driver for ML2

Adding composable services for Nuage mechanism driver for ML2. This
is separate from Nuage as the core plugin and intentional duplication
of Nuage under puppet services. Parameters required for working of
Nuage as mechanism driver are also added.

Change-Id: I2b564610721152c4f4dab9da79442256ba8d0b33

7 years agoMerge "Update capabilities map to match latest environments"
Jenkins [Thu, 3 Aug 2017 17:59:45 +0000 (17:59 +0000)]
Merge "Update capabilities map to match latest environments"

7 years agoMerge "Make many networking parameters consistent"
Jenkins [Thu, 3 Aug 2017 14:19:44 +0000 (14:19 +0000)]
Merge "Make many networking parameters consistent"

7 years agoStop and disable openstack-nova-compute service on compute nodes
Marius Cornea [Wed, 2 Aug 2017 21:44:17 +0000 (23:44 +0200)]
Stop and disable openstack-nova-compute service on compute nodes

This change stops and disables the openstack-nova-compute service
on the compute nodes during the upgrade to the containers architecture.

Closes-bug: 1708371

Change-Id: I9ca909d4e91d0a0e4de15572f727f959d9185c64

7 years agoMerge "Fix CA file bind mounting in containers"
Jenkins [Thu, 3 Aug 2017 06:46:16 +0000 (06:46 +0000)]
Merge "Fix CA file bind mounting in containers"

7 years agoMerge "Render isolated network templates using jinja2"
Jenkins [Thu, 3 Aug 2017 04:30:48 +0000 (04:30 +0000)]
Merge "Render isolated network templates using jinja2"

7 years agoMerge "Make RoleParameters and key_name descriptions consistent"
Jenkins [Thu, 3 Aug 2017 01:40:17 +0000 (01:40 +0000)]
Merge "Make RoleParameters and key_name descriptions consistent"

7 years agoMerge "Set redis password hiera value in compute agent"
Jenkins [Thu, 3 Aug 2017 01:02:42 +0000 (01:02 +0000)]
Merge "Set redis password hiera value in compute agent"

7 years agoMerge "Cinder volume/backup containers shouldn't mount two paths at same point"
Jenkins [Thu, 3 Aug 2017 01:02:35 +0000 (01:02 +0000)]
Merge "Cinder volume/backup containers shouldn't mount two paths at same point"

7 years agoMerge "Update TLS-everywhere docker environment"
Jenkins [Thu, 3 Aug 2017 00:45:30 +0000 (00:45 +0000)]
Merge "Update TLS-everywhere docker environment"

7 years agoMerge "Fix keystone, cinder, heat-api cron containers"
Jenkins [Thu, 3 Aug 2017 00:44:41 +0000 (00:44 +0000)]
Merge "Fix keystone, cinder, heat-api cron containers"

7 years agoMake UpgradeLevelNovaCompute parameters consistent
Ben Nemec [Fri, 14 Jul 2017 20:36:56 +0000 (15:36 -0500)]
Make UpgradeLevelNovaCompute parameters consistent

There is logic in nova-base.yaml that depends on the default for
this parameter being '', and the nova-compute service only needs it
set to auto during upgrade.  That will be done by [1] anyway, so it
doesn't matter what the default is.  It's also not clear to me that
the nova-compute task is even needed now that we're post-Ocata, but
that's not a change I feel comfortable making.

1: https://github.com/openstack/tripleo-heat-templates/blob/master/environments/major-upgrade-composable-steps.yaml

Change-Id: Iccfcb5b68e406db1b942375803cfedbb929b4307
Partial-Bug: 1700664

7 years agoMake many networking parameters consistent
Ben Nemec [Thu, 13 Jul 2017 18:14:51 +0000 (13:14 -0500)]
Make many networking parameters consistent

These are mostly the low hanging fruit that only required a few
minor changes to fix.  There are more that require a lot of changes
or might be more controversial that will be done later.

Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62
Partial-Bug: 1700664

7 years agoMake RoleParameters and key_name descriptions consistent
Ben Nemec [Tue, 27 Jun 2017 16:07:52 +0000 (11:07 -0500)]
Make RoleParameters and key_name descriptions consistent

The key_name default is ignored because the parameter is used in
some mutually exclusive environments where the default doesn't
need to be the same.

Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7
Partial-Bug: 1700664

7 years agoMerge "Fix ceilometer agent compute service name"
Jenkins [Wed, 2 Aug 2017 21:04:45 +0000 (21:04 +0000)]
Merge "Fix ceilometer agent compute service name"

7 years agoAdd Telemetry services to scenario002
Pradeep Kilambi [Fri, 16 Jun 2017 13:11:43 +0000 (09:11 -0400)]
Add Telemetry services to scenario002

We need to test gnocchi with swift backend. So adding
telemetry to scenario002 job to cover that.

Change-Id: I284de61bbefac9e9b37390650016643ffe38b5cc

7 years agoStart redis service after upgrade
Pradeep Kilambi [Wed, 2 Aug 2017 19:52:29 +0000 (15:52 -0400)]
Start redis service after upgrade

We install redis if its not already there, but we should also
ensure redis service is started in the next step 4.

related to issues we're seeing in I284de61bbefac9e9b37390650016643ffe38b5cc

Change-Id: Ic01db53ea8669f14e87f6987045b2be5a3480024

7 years agoopenstack-heat-templates: fix deprecation path
Sébastien Han [Wed, 2 Aug 2017 14:20:18 +0000 (16:20 +0200)]
openstack-heat-templates: fix deprecation path

The right file is external-ceph.yaml, not ceph-external.yaml.

Change-Id: If21a4f183305f82916e1ef2aadb0706e7dab4657
Signed-off-by: Sébastien Han <seb@redhat.com>
7 years agoUpdate capabilities map to match latest environments
Jiri Tomasek [Fri, 14 Jul 2017 09:12:44 +0000 (11:12 +0200)]
Update capabilities map to match latest environments

This change updates capabilities-map.yaml to properly map existing
environments

Closes-Bug: 1708159
Change-Id: I4104b6b59b3e9b19a06cdc233dae4f68fe033580

7 years agoFix up multipath docker indentation
Michele Baldessari [Wed, 2 Aug 2017 09:55:23 +0000 (11:55 +0200)]
Fix up multipath docker indentation

Deploying a multipathd container gives the following error:
failed: [localhost] (item={'key': u'config_files', 'value': [{u'dest': u'/', u'merge': True, u'source':
u'/var/lib/kolla/config_files/src-iscsid/*', u'preserve_properties': True}]}) =>
{\"checksum\": \"72ad81489381571c5043b7613f6828b06ae364bd\", \"failed\": true, \"item\":
{\"key\": \"config_files\", \"value\": [{\"dest\": \"/\", \"merge\": true, \"preserve_properties\": true,
\"source\": \"/var/lib/kolla/config_files/src-iscsid/*\"}]}, \"msg\": \"Destination directory does not exist\"}

The reason is the wrong indentation of the config_files key in the
multipath docker service.

Change-Id: I0e1fbb9eb188a903994b9e5da90ab4a6fb81f00a
Closes-Bug: #1708129

7 years agoMerge "Fix iscsid role data's section"
Jenkins [Wed, 2 Aug 2017 05:11:22 +0000 (05:11 +0000)]
Merge "Fix iscsid role data's section"

7 years agoCinder volume/backup containers shouldn't mount two paths at same point
John Fulton [Wed, 2 Aug 2017 02:54:56 +0000 (02:54 +0000)]
Cinder volume/backup containers shouldn't mount two paths at same point

Docker refuses to start the container because config_files/src-ceph:ro
is mounted at both /etc/ceph and config-data/puppet-generated/ceph.
The mount to /var/lib/config-data/puppet-generated/ceph should have
been removed in commit ed0b77ff93a1a1e071d32f6a758e04c6d0b041ef.

Change-Id: I411b4764a54fc21e97e4c41a5fef00c7e6e2b64d
Closes-Bug: #1707956

7 years agoMerge "Fix network-isolation.j2.yaml to ignore VIPs for disabled networks"
Jenkins [Wed, 2 Aug 2017 01:35:47 +0000 (01:35 +0000)]
Merge "Fix network-isolation.j2.yaml to ignore VIPs for disabled networks"

7 years agoMerge "Remove empty metadata_settings from iscsid and multipathd templates"
Jenkins [Wed, 2 Aug 2017 01:30:11 +0000 (01:30 +0000)]
Merge "Remove empty metadata_settings from iscsid and multipathd templates"

7 years agoMerge "Adds stop and disable for libvirtd on upgrade to containers"
Jenkins [Wed, 2 Aug 2017 01:29:22 +0000 (01:29 +0000)]
Merge "Adds stop and disable for libvirtd on upgrade to containers"

7 years agoSet redis password hiera value in compute agent
Pradeep Kilambi [Wed, 26 Jul 2017 15:18:40 +0000 (11:18 -0400)]
Set redis password hiera value in compute agent

Without this config defaults to undef in containers

Change-Id: Id47f365364e7b0d399de92995871b136550cd625

7 years agoFix ceilometer agent compute service name
Pradeep Kilambi [Mon, 24 Jul 2017 19:26:47 +0000 (15:26 -0400)]
Fix ceilometer agent compute service name

Make sure this matches whats in roles_data.yaml

Change-Id: Id41c457914f557af7c9ec195c4c6f98669523ac1

7 years agoMerge "Generate MySQL client config if service requires database"
Jenkins [Tue, 1 Aug 2017 20:00:18 +0000 (20:00 +0000)]
Merge "Generate MySQL client config if service requires database"

7 years agoRun gnocchi upgrade with sacks in docker template
Pradeep Kilambi [Fri, 28 Jul 2017 21:03:02 +0000 (17:03 -0400)]
Run gnocchi upgrade with sacks in docker template

Without this gnocchi is not initializing the sacks like puppet does
and gnocchi containers dont respond properly.

Change-Id: I2c53b00793f99420fd12ccc0b5646cf21d528e46

7 years agoMerge "Add missing metadata_settings from docker services"
Jenkins [Tue, 1 Aug 2017 17:20:06 +0000 (17:20 +0000)]
Merge "Add missing metadata_settings from docker services"

7 years agoAdds stop and disable for libvirtd on upgrade to containers
marios [Tue, 1 Aug 2017 14:24:18 +0000 (17:24 +0300)]
Adds stop and disable for libvirtd on upgrade to containers

Adds this into the tripleo_upgrade_node.sh executed by the
operator for the major upgrade see the bug for more info

Change-Id: Ic54b48b149594e8ea08e95152111bcdaf7b252b7
Closes-Bug: 1707926

7 years agoFix keystone, cinder, heat-api cron containers
Dan Prince [Mon, 31 Jul 2017 21:49:24 +0000 (17:49 -0400)]
Fix keystone, cinder, heat-api cron containers

The cron containers need to run as root in order to create PID files
correctly.

Additionally, the keystone_cron container was misconfigured to
use /usr/bin/cron instead of the correct /usr/bin/crond.

Additionally we have an issue where the Kolla keystone container has
hard coded ARGS for the docker container which causes -DFOREGROUND
(an Apache specific argument) to get appended onto the kolla_start
command thus causing crond to fail to startup correctly. This
works around the issue by overriding the command and calling
kolla_set_configs manually. Once we fix this in Kolla we can
revisit this.

Change-Id: Ib8fb2bef9a3bb89131265051e9ea304525b58374
Related-bug: 1707785

7 years agoFix CA file bind mounting in containers
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 07:01:54 +0000 (07:01 +0000)]
Fix CA file bind mounting in containers

The syntax was wrong and wasn't actually bind mounting the CA file.
This fixes it.

Change-Id: Icfa2118ccd2a32fdc3d1af27e3e3ee02bdfbb13b

7 years agoUpdate TLS-everywhere docker environment
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 05:54:05 +0000 (08:54 +0300)]
Update TLS-everywhere docker environment

Some resources have changed. So the environment needed syncing

Change-Id: I9aa310ae80edfccd3ed28e67a431aad6e1ed8a7f

7 years agoRemove empty metadata_settings from iscsid and multipathd templates
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 05:42:33 +0000 (08:42 +0300)]
Remove empty metadata_settings from iscsid and multipathd templates

metadata_settings is meant to have a specific format or be completely
absent. Unfortunately the hook [1] doesn't an empty value for this. So
we remove it as an easy fix before figuring out how to add such a
functionality to the hook.

[1] https://github.com/openstack/tripleo-heat-templates/blob/master/extraconfig/nova_metadata/krb-service-principals.yaml

Co-Authored-By: Thomas Herve <therve@redhat.com>
Change-Id: Ieac62a8076e421b5c4843a3cbe1c8fa9e3825b38

7 years agoMerge "Enable Dpdk after rebooting with Hugepages for OvS2.7"
Jenkins [Mon, 31 Jul 2017 19:32:47 +0000 (19:32 +0000)]
Merge "Enable Dpdk after rebooting with Hugepages for OvS2.7"

7 years agoMariaDB: create clustercheck user at container bootstrap
Damien Ciabrini [Fri, 28 Jul 2017 16:13:53 +0000 (12:13 -0400)]
MariaDB: create clustercheck user at container bootstrap

In HA overclouds, the helper script clustercheck is called by HAProxy to poll
the state of the galera cluster. Make sure that a dedicated clustercheck user
is created at deployment, like it is currently done in Ocata.

The creation of the clustercheck user happens on all controller nodes, right
after the database creation. This way, it does not need to wait for the galera
cluster to be up and running.

Partial-Bug: #1707683
Change-Id: If8e0b3f9e4f317fde5328e71115aab87a5fa655f

7 years agoMerge "Fix creation of iptables rules for non-HA containerized HAproxy"
Jenkins [Mon, 31 Jul 2017 15:26:54 +0000 (15:26 +0000)]
Merge "Fix creation of iptables rules for non-HA containerized HAproxy"

7 years agoAdd missing metadata_settings from docker services
Juan Antonio Osorio Robles [Mon, 31 Jul 2017 15:22:44 +0000 (18:22 +0300)]
Add missing metadata_settings from docker services

These are needed for the TLS everywhere bits.

Change-Id: I81fcf453fc1aaa2545e0ed24013f0f13b240a102

7 years agoMerge "Add 'ovn-controller' service"
Jenkins [Mon, 31 Jul 2017 14:23:06 +0000 (14:23 +0000)]
Merge "Add 'ovn-controller' service"

7 years agoCopy scheduler configuration from service/ironic to services-docker/ironic
Dmitry Tantsur [Mon, 31 Jul 2017 13:47:23 +0000 (15:47 +0200)]
Copy scheduler configuration from service/ironic to services-docker/ironic

That was missed back then. Without it bug 1697724 is not fixed for containers.

Change-Id: Ie859f10129cbdeebd9ea4522510768cec99a1df3
Related-Bug: #1697724

7 years agoEnable Dpdk after rebooting with Hugepages for OvS2.7
Saravanan KR [Fri, 14 Jul 2017 04:11:28 +0000 (09:41 +0530)]
Enable Dpdk after rebooting with Hugepages for OvS2.7

With OvS2.7, DPDK is initialized immediately after setting
dpdk-init flag. DPDK requires hugepages configuration to be
available on kernel args with a reboot. This patch reboots
the node after applying the kernel args. And once the node
is rebooted, DPDK will be enabled and then the deployment
continues.

Change-Id: Ide442e09c2bea56a38399247de588e63b4272326

7 years agoMerge "add lbaasv2 to NeutronServicePlugins in octavia containers"
Jenkins [Sat, 29 Jul 2017 00:59:17 +0000 (00:59 +0000)]
Merge "add lbaasv2 to NeutronServicePlugins in octavia containers"

7 years agoMerge "Also log docker-puppet.py puppet output to console"
Jenkins [Fri, 28 Jul 2017 15:57:33 +0000 (15:57 +0000)]
Merge "Also log docker-puppet.py puppet output to console"

7 years agoMerge "Enable Zaqar API SSL"
Jenkins [Fri, 28 Jul 2017 15:46:58 +0000 (15:46 +0000)]
Merge "Enable Zaqar API SSL"

7 years agoAlso log docker-puppet.py puppet output to console
Bogdan Dobrelya [Fri, 28 Jul 2017 09:25:42 +0000 (11:25 +0200)]
Also log docker-puppet.py puppet output to console

Running puppet apply with --logdest syslog results in all the output
being redirected to syslog. You get no error messages. In the case where this fails, the subsequent debug task shows nothing useful
as there was no stdout/stderr.

Also pass --logdest console to docker-puppet's puppet apply so that
we get the output for the debug task.

Related-Bug: #1707030

Change-Id: I67df5eee9916237420ca646a16e188f26c828c0e
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
7 years agoMerge "Consistent hostname format env for split-stack"
Jenkins [Fri, 28 Jul 2017 02:57:20 +0000 (02:57 +0000)]
Merge "Consistent hostname format env for split-stack"

7 years agoChanging the default port-binding configuration
Itzik Brown [Thu, 20 Jul 2017 11:36:26 +0000 (14:36 +0300)]
Changing the default port-binding configuration

networking-odl no longer supports the network-topology port
binding controller and instead now relies on a pseudo-agent binding
controller.  This means that each OVS node must be configured with
host configuration in OVSDB about which VIF types, network types,
functions, etc that this OVS node supports.  The end result is this
affects where nova and neutron will schedule instances.

Changes Include:
 - Modifying default port binding controller to use pseudo agent
 - Adds necessary per role parameters to be able to configure host
   config on a per role basis to allow for heterogenous compute node
   configurations.

Change-Id: I50458abf6a8a6bf724ad97accb6444d9c497d287
Closes-Bug: 1674995
Signed-off-by: Tim Rozet <trozet@redhat.com>
7 years agoAdd 'ovn-controller' service
Numan Siddique [Thu, 13 Jul 2017 11:44:51 +0000 (17:14 +0530)]
Add 'ovn-controller' service

Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml)
is started only on compute nodes. But for the cases where the controller nodes
provide the north/south traffic, we need ovn-controller service runninng in controller
nodes as well.

This patch
 - Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more
   sense and sets the service name as 'ovn-controller'.
 - Adds the service 'ovn-controller' to Controller and Compute roles.
 - Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml

Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3
Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53
Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5

7 years agoAlso log puppet output to console
James Slagle [Thu, 27 Jul 2017 17:59:04 +0000 (13:59 -0400)]
Also log puppet output to console

Running puppet apply with --logdest syslog results in all the output
being redirected to syslog. You get no error messages. In the case where
this ansible task fails, the subsequent debug task shows nothing useful
as there was no stdout/stderr.

Also pass --logdest console to puppet apply so that we get the output
for the debug task. My local testing showed that when specifying logdest
twice, both values were honored, and the output went to syslog and the
console.

Change-Id: Id5212b3ed27b6299e33e81ecf71ead554f9bdd29
Closes-Bug: #1707030

7 years agoGenerate MySQL client config if service requires database
Damien Ciabrini [Fri, 7 Jul 2017 14:44:26 +0000 (10:44 -0400)]
Generate MySQL client config if service requires database

Services that access database have to read an extra MySQL configuration file
/etc/my.cnf.d/tripleo.cnf which holds client-only settings, like client bind
address and SSL configuration. The configuration file is thus used by
containerized services, but also by non-containerized services that still
run on the host.

In order to generate that client configuration file appropriately both on the
host and for containers, 1) the MySQLClient service must be included by the
role; 2) every containerized service which uses the database must include the
mysql::client profile in the docker-puppet config generation step.

By including the mysql::client profile in each containerized service, we ensure
that any change in configuration file will be reflected in the service's
/var/lib/config-data/{service}, and that paunch will restart the service's
container automatically.

We now only rely on MySQLClient from puppet/services, to make it possible to
generate /etc/my.cnf.d/tripleo.cnf on the host, and to set the hiera keys that
drive the generation of that config file in containers via docker-puppet.

We include a new YAML validation step to ensure that any service which depends
on MySQL will initialize the mysql::client profile during the docker-puppet
step.

Change-Id: I0dab1dc9caef1e749f1c42cfefeba179caebc8d7

7 years agoFix iscsid role data's section
Damien Ciabrini [Thu, 27 Jul 2017 16:44:15 +0000 (12:44 -0400)]
Fix iscsid role data's section

The iscsid service definition has a typo, config_setting should
read config_settings

Change-Id: I12605dba61fd5f6ce80c3ab78e883ed5ebf3ca62

7 years agoAdd environment for setting a custom domain name
Ben Nemec [Wed, 21 Jun 2017 17:13:18 +0000 (12:13 -0500)]
Add environment for setting a custom domain name

Just setting CloudDomain won't make the domains used consistent.
There are a number of CloudName parameters that must be set as well.
This change adds a sample environment that includes all of those
parameters so it is easy to set everything consistently.

Also fixes the description of CloudNameCtlplane to reflect the
actual use for that parameter.

Change-Id: I56d1c1c5619f83c16c4e8350aa84fccc3d748425

7 years agoMerge "Add PCI to nova compute container for passthrough support"
Jenkins [Thu, 27 Jul 2017 14:10:56 +0000 (14:10 +0000)]
Merge "Add PCI to nova compute container for passthrough support"

7 years agoMerge "Enable libvirtd_config puppet tag in nova-libvirtd docker service"
Jenkins [Thu, 27 Jul 2017 11:36:48 +0000 (11:36 +0000)]
Merge "Enable libvirtd_config puppet tag in nova-libvirtd docker service"

7 years agoEnable Zaqar API SSL
Thomas Herve [Wed, 19 Jul 2017 09:13:19 +0000 (11:13 +0200)]
Enable Zaqar API SSL

This sets the SSL flag in the docker service and expose the parameter in
the docker service.

Depends-On: I4c68a662c2433398249f770ac50ba0791449fe71
Change-Id: Ic3df2b9ab7432ffbed5434943e04085a781774a0

7 years agoMerge "Deploy Ceph in containers using ceph-ansible via external workflow"
Jenkins [Thu, 27 Jul 2017 06:18:28 +0000 (06:18 +0000)]
Merge "Deploy Ceph in containers using ceph-ansible via external workflow"

7 years agoMerge "Make collectd run as root inside the container"
Jenkins [Thu, 27 Jul 2017 06:07:25 +0000 (06:07 +0000)]
Merge "Make collectd run as root inside the container"

7 years agoMerge "Adding Tuned Service"
Jenkins [Thu, 27 Jul 2017 06:06:46 +0000 (06:06 +0000)]
Merge "Adding Tuned Service"

7 years agoMerge "aodh: add gnocchi_external_project_owner config"
Jenkins [Wed, 26 Jul 2017 22:57:25 +0000 (22:57 +0000)]
Merge "aodh: add gnocchi_external_project_owner config"

7 years agoMerge "Fix enable-ceph sample environment"
Jenkins [Wed, 26 Jul 2017 22:57:18 +0000 (22:57 +0000)]
Merge "Fix enable-ceph sample environment"

7 years agoDeploy Ceph in containers using ceph-ansible via external workflow
Giulio Fidente [Thu, 25 May 2017 23:35:53 +0000 (01:35 +0200)]
Deploy Ceph in containers using ceph-ansible via external workflow

Add docker profiles to deploy Ceph in containers via ceph-ansible. This is
implemented by triggering a Mistral workflow during one of the overcloud
deployment steps, as provided by [1].

Some new service-specific parameters are available to determine the workflow to
execute and the ansible playbook to use. A new `CephAnsibleExtraConfig`
parameter can be used to provide arbitrary config variables consumed by `ceph-ansible`.

The pre-existing template params consumed up until the Pike release to
drive `puppet-ceph` continue to work and are translated, when possible, into
the equivalent `ceph-ansible` variable.

A new environment file is added to enable use of ceph-ansible;
the pre-existing puppet-ceph implementation remains unchanged and usable
for non-containerized deployments.

1. https://review.openstack.org/#/c/463324/

Change-Id: I81d44a1e198c83a4ef8b109b4eb6c611555dcdc5