apex-tripleo-heat-templates.git
8 years agoMerge "Pass -q option to yum"
Jenkins [Wed, 10 Feb 2016 22:49:02 +0000 (22:49 +0000)]
Merge "Pass -q option to yum"

8 years agoMerge "Set 'host' globally in Cinder instead of per-backend basis"
Jenkins [Wed, 10 Feb 2016 22:48:48 +0000 (22:48 +0000)]
Merge "Set 'host' globally in Cinder instead of per-backend basis"

8 years agoMerge "Remove not needed completion-signal"
Jenkins [Wed, 10 Feb 2016 22:39:20 +0000 (22:39 +0000)]
Merge "Remove not needed completion-signal"

8 years agoMerge "Fix endpoint names"
Jenkins [Wed, 10 Feb 2016 21:42:07 +0000 (21:42 +0000)]
Merge "Fix endpoint names"

8 years agoNova now requires an api database to be created
David Moreau Simard [Fri, 5 Feb 2016 15:34:57 +0000 (10:34 -0500)]
Nova now requires an api database to be created

This enables the creation of the nova_api database that is now
mandatory since https://review.openstack.org/#/c/245828/

Change-Id: Ia8242f23864ebb14ccf858a77ba754059e9c2d4a
Related-Bug: #1539793

8 years agoMerge "Makes the iSCSI initiator name unique for compute nodes"
Jenkins [Wed, 10 Feb 2016 12:39:36 +0000 (12:39 +0000)]
Merge "Makes the iSCSI initiator name unique for compute nodes"

8 years agopuppet: run keystone in wsgi
Emilien Macchi [Fri, 14 Aug 2015 14:32:15 +0000 (10:32 -0400)]
puppet: run keystone in wsgi

For both HA & non-HA scenarios, switch puppet-keystone configuration to
be run in a WSGI process instead of eventlet.
WSGI is the way to go for scaling Keystone, moreover, eventlet won't be
support in next OpenStack releases.

Co-Authored-By: Dan Prince <dprince@redhat.com>
Depends-On: I22a348c298ff44f616b2e898f4872eddea040239

Change-Id: I862b4a68f43347564ec3c0ddc4ec9e1d1c755cf2
Signed-off-by: Jason Guiditta <jguiditt@redhat.com>
8 years agoIncrease size of connection tracking table
James Slagle [Wed, 3 Feb 2016 15:33:16 +0000 (16:33 +0100)]
Increase size of connection tracking table

During high load, the default limit of the kernel connection tracking
table (65536) is often too low, resuling in error messages such as:

kernel: nf_conntrack: table full, dropping packet

This patch increases the limit to 500,000.

Since the nf_conntrack kernel module is not always loaded by default, it also
adds a mechanism to load kernel modules via hieradata using the kmod puppet
module. In order to express the needed dependency in puppet that kernel modules
are loaded before sysctl settings are applied, the Exec resources tagged with
'kmod::load' are specified in a resource collector to express that that Exec
resources with the tag should run before Sysctl resources.

Depends-On: I59cc2280ebae315af38fb5008e6ee0073195ae51
Change-Id: Iffa0a77852729786b69945c1e72bc90ad57ce3bb

8 years agoUpdate Dell Storage Center api port setting
rajinir [Tue, 9 Feb 2016 15:27:40 +0000 (09:27 -0600)]
Update Dell Storage Center api port setting

Updated the setting for the dell storage center
api port to the right variable name ::dell_sc_api_port

Change-Id: I67a7533469947355629b6cb54b79759e21e0ec55

8 years agoMerge "Fix MidoNet errors"
Jenkins [Tue, 9 Feb 2016 08:52:30 +0000 (08:52 +0000)]
Merge "Fix MidoNet errors"

8 years agoMerge "Create linux bridge vlans environments"
Jenkins [Tue, 9 Feb 2016 08:50:00 +0000 (08:50 +0000)]
Merge "Create linux bridge vlans environments"

8 years agoSet 'host' globally in Cinder instead of per-backend basis
Giulio Fidente [Mon, 8 Feb 2016 18:02:18 +0000 (19:02 +0100)]
Set 'host' globally in Cinder instead of per-backend basis

This change will set a common value for 'host' across all
controllers. We missed to do so for the NFS backend previously.

It will still be possible to set a different per-backend 'host'
value by providing it via ExtraData.

Change-Id: I00fd05660a15be3611e1a394650be6ab713670f9

8 years agoFixed typo in Dell Equallogic Cinder settings
rajinir [Mon, 8 Feb 2016 16:03:41 +0000 (10:03 -0600)]
Fixed typo in Dell Equallogic Cinder settings

The name of the variable ::eqlx_pool had a typo. Fixed it

Change-Id: I83a94d4bccf9c9a60c7b37473ae8a64ac050671c

8 years agoPass -q option to yum
Zane Bitter [Sat, 6 Feb 2016 17:13:09 +0000 (12:13 -0500)]
Pass -q option to yum

The maximum payload size of the return signal from a Heat software
deployment is 1MB, and the output of yum starts breaking this limit at
~1000 packages to update - which is not an atypical number. To prevent
this, pass the -q (quiet) option to reduce the amount of output to a
manageable level.

Change-Id: I517271e8465885421a78b73c5af756816c37a977
Resolves-rhbz: #1304878
Closes-Bug: #1543034

8 years agoMerge "Allow the deployer to pick a predefined IP for VIPs"
Jenkins [Thu, 4 Feb 2016 14:24:24 +0000 (14:24 +0000)]
Merge "Allow the deployer to pick a predefined IP for VIPs"

8 years agoMerge "neutron: delete by default router/dhcp namespaces"
Jenkins [Thu, 4 Feb 2016 09:42:57 +0000 (09:42 +0000)]
Merge "neutron: delete by default router/dhcp namespaces"

8 years agoMakes the iSCSI initiator name unique for compute nodes
Rhys Oxenham [Wed, 3 Feb 2016 18:57:33 +0000 (18:57 +0000)]
Makes the iSCSI initiator name unique for compute nodes

When we utilise images for deployment, the iSCSI initiator name
is not unique, leading to problems with live migration. This
patch simply updates the iSCSI initiator name to a unique ID
randomly generated by iscsi-iname.

https://bugzilla.redhat.com/show_bug.cgi?id=1244328

Change-Id: I170e7f45f67fa8ce70436f24807d1ed7808f2c32

8 years agoIncrease default Cinder LVM backing file to 10G
Giulio Fidente [Thu, 28 Jan 2016 14:24:52 +0000 (15:24 +0100)]
Increase default Cinder LVM backing file to 10G

We get false negatives from Tempest when the Cinder LVM backing
file runs out space. This change increases its default size to 10G,
matching devstack [1]

1. https://github.com/openstack-dev/devstack/blob/master/stackrc#L649

Change-Id: Ia334ea481e17c1d35aa67c33729cac6570f48199

8 years agoAdd HostnameMap to allow granular control of hostnames
Steven Hardy [Wed, 3 Feb 2016 10:12:20 +0000 (10:12 +0000)]
Add HostnameMap to allow granular control of hostnames

Some operators desire more granular control of hostnames than is
currently possible via the *HostnameFormat parameters, in particular
mapping nodes to explicit IDs (such as inventory references) is not
easily possible.

So, add a HostnameMap parameter, which is optional and allows
explicit overriding of the default hostnames.

E.g pass an environment like this:

parameter_defaults:
  HostnameMap:
    overcloud-controller-0: overcloud-controller-prod-123-0
    overcloud-controller-1: overcloud-controller-prod-456-0
    overcloud-controller-2: overcloud-controller-prod-789-0

Note this is mapping is global (for all roles), because we
expect the keys to be unique given that they include the
role name and index by default.

Note that this depends on a fix for heat bug #1539737

Change-Id: Ib4d3d40e9523903ebccc06c3e14b2d71d924afa3
Depends-On: Ib934f443a8b8e4f75335a9d8b992e7f86791aa45

8 years agoFix endpoint names
Zane Bitter [Tue, 2 Feb 2016 22:46:46 +0000 (17:46 -0500)]
Fix endpoint names

The commit daad3d4224f12d2c23c41a70cdf522e7c55536ba added a bunch of new
endpoints, but failed to use the new input data in calculating the
outputs: the GlanceRegistry ones use the Glance endpoints and the
Horizon one the Heat endpoint. This would cause anything querying these
endpoints from the endpoints map to get the wrong ports.

Change-Id: I8e1780b26e285187142be41b4f3aae3efe7eaaee

8 years agoUpdate yaml-validate.py to accept files or directories
Steven Hardy [Tue, 12 Jan 2016 18:46:04 +0000 (18:46 +0000)]
Update yaml-validate.py to accept files or directories

For developer usage it's helpful to have the choice to provide either
an individual files, list of files, or some mix of files and directories
as you don't necessarily want to walk everything all the time.

Change-Id: I050de123bba51402a0dbb42d71e97fd27d7ce4bc

8 years agoAllow the deployer to pick a predefined IP for VIPs
Giulio Fidente [Wed, 9 Dec 2015 11:03:01 +0000 (12:03 +0100)]
Allow the deployer to pick a predefined IP for VIPs

Adds three top-level params to allow the deployer pick a predefined IP
for the InternalApi, Storage and StorageMgmt VIPs. We had this already
for the External network (PublicVirtualFixedIPs) and the ctlplane
network (ControlFixedIPs).

Change-Id: I1509e1888774ffa72445ed681dd8107eec703d64

8 years agoMerge "Remove empty value for wsrep_notify_cmd"
Jenkins [Wed, 27 Jan 2016 12:00:47 +0000 (12:00 +0000)]
Merge "Remove empty value for wsrep_notify_cmd"

8 years agoMerge "Removing Sahara password default"
Jenkins [Tue, 26 Jan 2016 15:45:54 +0000 (15:45 +0000)]
Merge "Removing Sahara password default"

8 years agoSplit pacemaker common check_service function out of _restart.sh
Giulio Fidente [Tue, 22 Dec 2015 11:06:55 +0000 (12:06 +0100)]
Split pacemaker common check_service function out of _restart.sh

Also split out echo_error function to DRY the error output code and
allow changing the way we report errors in a single place.

Change-Id: I448bf0eb49390f03155335736bb4ab4e979db128
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
8 years agoUse timeout to check for services status
Giulio Fidente [Fri, 18 Dec 2015 18:02:19 +0000 (19:02 +0100)]
Use timeout to check for services status

Replaces the bash loop with the timeout command in the piloted
cluster restart to minimize downtime.

Change-Id: I9067eed9626ae5aff833d7a9a9ad1e1a6c026327
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
8 years agoMerge "Allow container template to recognize an update"
Jenkins [Mon, 25 Jan 2016 18:07:25 +0000 (18:07 +0000)]
Merge "Allow container template to recognize an update"

8 years agoRemove empty value for wsrep_notify_cmd
John Trowbridge [Mon, 25 Jan 2016 15:59:49 +0000 (10:59 -0500)]
Remove empty value for wsrep_notify_cmd

This was being silently ignored by the mysql puppet module
prior to this commit.[1] However, now that empty values are
allowed, the overcloud deploy fails because the option
--wsrep_notify_cmd requires an argument.

This is not currently failing on master because we are
pinned to an old puppet-mysql. We will need to remove that
pin in order to get on a newer delorean repo though. Also,
this is breaking stable/liberty HA job because we use the
packaged OPM there.

[1] https://github.com/puppetlabs/puppetlabs-mysql/commit/e30e0bc958761890ea4f06cdd3f1fc7242a00fe2

Change-Id: I9e07efe1650831e81e9a783428554578874aa765
Closes-Bug: 1537720

8 years agoEnable SSL middleware for cinder
Juan Antonio Osorio Robles [Sat, 16 Jan 2016 11:38:00 +0000 (13:38 +0200)]
Enable SSL middleware for cinder

Change-Id: Ifd750e634812dae2b7945cbe2f35f98d8a82695e
Depends-On: If88dcdf9f4905e2a792b2fdc656eab51c85f637e

8 years agoMerge "puppet: allow config of ad-hoc Neutron settings"
Jenkins [Sat, 23 Jan 2016 17:32:37 +0000 (17:32 +0000)]
Merge "puppet: allow config of ad-hoc Neutron settings"

8 years agoMerge "puppet: allow config of ad-hoc Cinder settings"
Jenkins [Sat, 23 Jan 2016 17:31:43 +0000 (17:31 +0000)]
Merge "puppet: allow config of ad-hoc Cinder settings"

8 years agoneutron: delete by default router/dhcp namespaces
Emilien Macchi [Fri, 22 Jan 2016 23:39:58 +0000 (18:39 -0500)]
neutron: delete by default router/dhcp namespaces

The 'router_delete_namespaces' (L3 agent) and 'dhcp_delete_namespaces'
(DHCP agent) configuration settings default to false OpenStack Neutron
resulting in network namespaces not being deleted when
no longer needed. Disabling automatic namespace cleanup was appropriate
for older Linux distributions but is no longer required.
TripleO should set the values to true.

Change-Id: I39e1a347d24ecc99b6f878807c47103c4b3f85e1

8 years agoMerge "puppet: allow config of ad-hoc Heat settings"
Jenkins [Fri, 22 Jan 2016 21:56:10 +0000 (21:56 +0000)]
Merge "puppet: allow config of ad-hoc Heat settings"

8 years agoMerge "puppet: allow config of ad-hoc Glance settings"
Jenkins [Fri, 22 Jan 2016 21:56:00 +0000 (21:56 +0000)]
Merge "puppet: allow config of ad-hoc Glance settings"

8 years agoMerge "puppet: allow config of ad-hoc Ceph settings"
Jenkins [Fri, 22 Jan 2016 21:54:53 +0000 (21:54 +0000)]
Merge "puppet: allow config of ad-hoc Ceph settings"

8 years agopuppet: allow config of ad-hoc Neutron settings
Dan Prince [Mon, 18 Jan 2016 14:10:30 +0000 (09:10 -0500)]
puppet: allow config of ad-hoc Neutron settings

Including ::neutron::config on the controller and compute roles
will allow ad-hoc (non-puppet managed) settings to be made in all
the various neutron config files using Hiera.

Change-Id: Ifadc77cdcb60b7075d091d778cb92b0dd75bd949

8 years agopuppet: allow config of ad-hoc Cinder settings
Dan Prince [Mon, 18 Jan 2016 13:48:04 +0000 (08:48 -0500)]
puppet: allow config of ad-hoc Cinder settings

Including ::cinder::config on controller, and volume roles
will allow ad-hoc (non-puppet managed) settings to be
made in the cinder.conf using Hiera.

Change-Id: I519aff02e3cfb7fbf57e89c7a139564df42f8967

8 years agopuppet: allow config of ad-hoc Heat settings
Dan Prince [Mon, 18 Jan 2016 14:01:14 +0000 (09:01 -0500)]
puppet: allow config of ad-hoc Heat settings

Including ::heat::config on the controller roles will allow
ad-hoc (non-puppet managed) settings to be made in the
heat config file using Hiera.

Change-Id: I80a39b798869ac330ea8a4d01699f5db47c93d47

8 years agopuppet: allow config of ad-hoc Glance settings
Dan Prince [Mon, 18 Jan 2016 13:59:01 +0000 (08:59 -0500)]
puppet: allow config of ad-hoc Glance settings

Including ::glance::config on glance roles will allow ad-hoc
(non-puppet managed) settings to be made in the
glance config files using Hiera.

Change-Id: I7c86ae0e8f1a0a2b46d526598964454cb80319a6

8 years agopuppet: allow config of ad-hoc Ceph settings
Dan Prince [Mon, 18 Jan 2016 13:55:39 +0000 (08:55 -0500)]
puppet: allow config of ad-hoc Ceph settings

Including ::ceph::conf on ceph roles will allow ad-hoc
(non-puppet managed) settings to be made in the
ceph.conf using Hiera.

Change-Id: I656a0ecde465023d7afad9371aa3c5c270078a67

8 years agoMerge "Update VNI and TunnelID ranges."
Jenkins [Fri, 22 Jan 2016 14:08:24 +0000 (14:08 +0000)]
Merge "Update VNI and TunnelID ranges."

8 years agoRemoving Sahara password default
Ethan Gafford [Thu, 21 Jan 2016 21:19:18 +0000 (16:19 -0500)]
Removing Sahara password default

In prior commit, added default for Sahara password in order to
avoid circular dependency. Removing this default now in order
to force password per other service definitions.

Change-Id: I91f98039e520804b25aaededefa25e80992ba6b5
Partially-implements: bp sahara-integration

8 years agoMerge "Add update yaml backward compatibe with PublicVirtualIP on ctlplane"
Jenkins [Thu, 21 Jan 2016 19:41:04 +0000 (19:41 +0000)]
Merge "Add update yaml backward compatibe with PublicVirtualIP on ctlplane"

8 years agoOpenContrail heat templates
Nicolas Hicher [Thu, 21 Jan 2016 15:21:23 +0000 (16:21 +0100)]
OpenContrail heat templates

Deploy a TripleO overcloud with OpenContrail Vrouter plugin configured
to interact with an existing OpenContrail Server Manager.

OpenContrail is an Apache 2.0-licensed project that is built using
standards-based protocols and provides all the necessary components for
network virtualization–SDN controller, virtual router, analytics engine,
and published northbound APIs. It has an extensive REST API to configure
and gather operational and analytics data from the system.

Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: I699a7c4ea09d024fe4d70c6a507c524f0a7aafd5

8 years agoMerge "Don't write CLOUDNAME to the hosts file."
Jenkins [Thu, 21 Jan 2016 15:44:08 +0000 (15:44 +0000)]
Merge "Don't write CLOUDNAME to the hosts file."

8 years agoMerge "Rename validate tox env to linters"
Jenkins [Thu, 21 Jan 2016 11:06:59 +0000 (11:06 +0000)]
Merge "Rename validate tox env to linters"

8 years agoMerge "Let Puppet update all packages on non-controllers"
Jenkins [Thu, 21 Jan 2016 10:02:53 +0000 (10:02 +0000)]
Merge "Let Puppet update all packages on non-controllers"

8 years agoRename validate tox env to linters
Ben Nemec [Tue, 15 Dec 2015 22:35:53 +0000 (16:35 -0600)]
Rename validate tox env to linters

This is the new blessed naming scheme for lint-type jobs such as
pep8 or the yaml validation job we have in this project.  Doing
this rename will allow us to use standard infra job templates
to run validation on proposed changes.

Change-Id: I0a4c4372429a08e0babb4d323f2b027f1d95f3d7

8 years agoDon't write CLOUDNAME to the hosts file.
Ben Nemec [Fri, 15 Jan 2016 03:24:18 +0000 (21:24 -0600)]
Don't write CLOUDNAME to the hosts file.

Currently the value of the CloudName param gets written into the
/etc/hosts file on each controller, but it turns out this is an
invalid configuration.  CloudName is supposed to be the DNS name
of the overcloud, and the IP being written is (at least in my case)
the internal API VIP.  This breaks in cases such as SSL because
the services are not listening on an SSL port on the internal API
network, so if a service tries to talk to another service using a
CloudName-defined public endpoint it ends up pointed at a
non-existent internal address:port.

Since by definition CloudName is supposed to be resolvable by the
configured DNS server, we should not need an explicit hosts entry
as well.  Thus, this patch removes that from the file.

Change-Id: I919b42a219d95296f46852dd3266a54d968cf66b

8 years agoFix MidoNet errors
Jaume Devesa [Fri, 15 Jan 2016 17:30:36 +0000 (17:30 +0000)]
Fix MidoNet errors

Some assignments must be fixed in order to make run midonet with HA
pacemaker properly and when the network isolation is enabled.

Change-Id: I69fb3a1911cfe3baea3349da8f3e185dddf60a95

8 years agoCreate linux bridge vlans environments
Jaume Devesa [Wed, 20 Jan 2016 14:07:28 +0000 (14:07 +0000)]
Create linux bridge vlans environments

Define environments to create VLANs attached to a single physical nic as
'single-nic-vlans' does, but using linux_bridge instead of ovs_bridge

Change-Id: I8c6fe9ec7028178f783e7d9c0a1cc67a1517eb3d

8 years agoAllow container template to recognize an update
Ryan Hallisey [Fri, 8 Jan 2016 17:25:58 +0000 (12:25 -0500)]
Allow container template to recognize an update

The deployment resource looks for a change in name when
running an update.  If there is no change in containers,
docker will recognize that and the deployment will return.
If there is a new available container, docker will swap out
the old running container for a new one.

Change-Id: I60d45b5ef45714e6e0140dfc80c14d6a12701f32

8 years agoAdds v6 capability to the deploy validation test (pings)
marios [Fri, 15 Jan 2016 12:00:33 +0000 (14:00 +0200)]
Adds v6 capability to the deploy validation test (pings)

This changes the ping_controller_ips function in the all-nodes.sh
bash validation script which is run during deployment to check
network connectivity (to fail early).

The main differences are using the v6 routes when it is a v6 address
and using python -c to check if the v6 address is in the network and
(thanks emachi!) using ping6 instead of ping.

Closes-Bug: 1534578
Change-Id: Id41950f767e11884b4123fcb0bd2339636fdda68

8 years agoMerge "Fix tunnel_types hieradata on compute nodes"
Jenkins [Tue, 19 Jan 2016 17:08:59 +0000 (17:08 +0000)]
Merge "Fix tunnel_types hieradata on compute nodes"

8 years agoMerge "Fix neutron-nova notifications"
Jenkins [Tue, 19 Jan 2016 17:06:34 +0000 (17:06 +0000)]
Merge "Fix neutron-nova notifications"

8 years agoFix tunnel_types hieradata on compute nodes
Ben Nemec [Mon, 18 Jan 2016 23:39:38 +0000 (17:39 -0600)]
Fix tunnel_types hieradata on compute nodes

There was a missing : in the hieradata for the compute nodes that
caused tunnel_types to not be configured.  This also made it
impossible to boot instances on tunneled networks because the port
binding always failed.

Change-Id: Icc2a45aa9514ce62497f91e6abe9261d1c1374ed
Partial-Bug: 1534349

8 years agoFix neutron-nova notifications
Ben Nemec [Mon, 18 Jan 2016 23:48:52 +0000 (17:48 -0600)]
Fix neutron-nova notifications

In our neutron.conf we configure both keystone v2 and v3 options,
which confuses the keystoneclient code responsible for deciding
which to use.  For whatever reason, having it talk to the
unversioned keystone endpoint and letting the client decide which
version that way makes it happy.  Except that we write a wrong
value for project_name, which makes it unhappy again.

This change fixes both of those issues, which allows notifications
to work again.

Change-Id: Ic3a329354d0ed071363183b5e06c0a42d2dd84ad
Closes-Bug: 1519525

8 years agoMerge "Set the name property for all deployment resources"
Jenkins [Mon, 18 Jan 2016 23:16:15 +0000 (23:16 +0000)]
Merge "Set the name property for all deployment resources"

8 years agoLet Puppet update all packages on non-controllers
James Slagle [Fri, 15 Jan 2016 18:52:03 +0000 (13:52 -0500)]
Let Puppet update all packages on non-controllers

With I02f7cf07792765359f19fdf357024d9e48690e42[1] in puppet-tripleo,
puppet is capable of updating all packages itself on non controller
nodes now.

This is a safer mechanism than using the exclude logic in yum_update.sh
since that can cause depdency problems across sub packages.

[1] https://review.openstack.org/#/c/261041/
Closes-Bug: 1534785

Change-Id: I9075a1bb85baa65a9d0afc5d0fd31a1f99a98819

8 years agoAllow vncproxy to work with ssl enabled
Ben Nemec [Fri, 15 Jan 2016 22:31:36 +0000 (16:31 -0600)]
Allow vncproxy to work with ssl enabled

Right now our vncproxy settings are hard-coded to http and the
non-ssl port.  This change adds a vncproxy entry to the endpoint
map and uses those values to configure the proxy correctly on
compute nodes.  This is sufficient to get it working in my
environment with ssl enabled.

Change-Id: I9d69b088eef4700959b33c7e0eb44932949d7b71

8 years agoBind Galera on a hostname for compat with IPv6 addresses
Giulio Fidente [Fri, 15 Jan 2016 18:08:17 +0000 (19:08 +0100)]
Bind Galera on a hostname for compat with IPv6 addresses

Due to a bug [1] in Galera we can't pass an IPv6 as bind-address,
we pass an hostname instead.

1. https://bugzilla.redhat.com/show_bug.cgi?id=1298671

Change-Id: Ia5a5b66dd3e94d3dfb6588550fcfe34382897c27

8 years agoEnable keystone handling of X-Forwarded-Proto header
Juan Antonio Osorio Robles [Thu, 14 Jan 2016 15:17:27 +0000 (17:17 +0200)]
Enable keystone handling of X-Forwarded-Proto header

If the X-Forwarded-Proto header is received by keystone, this option
will make the service properly handle it. This is useful, for instance,
if TLS is enabled for the admin endpoint.

Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468

8 years agoMerge "Use pymysql database driver for OpenStack DBs"
Jenkins [Wed, 13 Jan 2016 20:53:03 +0000 (20:53 +0000)]
Merge "Use pymysql database driver for OpenStack DBs"

8 years agoConfigure keystone public_endpoint
Ben Nemec [Thu, 7 Jan 2016 21:00:35 +0000 (15:00 -0600)]
Configure keystone public_endpoint

We need this set for SSL or keystone returns a non-https address.
It shouldn't hurt anything to set this in the non-SSL case since
the value will still be correct and the behavior will be the same
as if it were unset.

Change-Id: Iea3ea1d25dfc462fa844d3c12e6070f2c9b42036

8 years agoMerge "Sahara Integration"
Jenkins [Tue, 12 Jan 2016 17:31:04 +0000 (17:31 +0000)]
Merge "Sahara Integration"

8 years agoConvert port cidr splitting to str_split
Steven Hardy [Tue, 12 Jan 2016 08:56:21 +0000 (08:56 +0000)]
Convert port cidr splitting to str_split

Previously we used an interim workaround which required a 2 digit subnet
but now heat (as of liberty) has str_split, which was implemented for this
purpose.

Change-Id: I29bb5f407b717e26a09c8c661954ee07fff72d71

8 years agoUse pymysql database driver for OpenStack DBs
Emilien Macchi [Fri, 8 Jan 2016 16:09:09 +0000 (11:09 -0500)]
Use pymysql database driver for OpenStack DBs

PyMySQL is a new driver introduced in Liberty.
This patch change the MySQL url to use mysql+pymysql like recommanded.

Change-Id: I28e14acacba865241a0cc388a879a003181a85f3
Depends-On: I7604cca9e2d7bf0b93c820adec5f937f72b64fa8
Closes-Bug: #1499298

8 years agoUse service tenant for ceilometer
James Slagle [Tue, 6 Oct 2015 12:56:13 +0000 (08:56 -0400)]
Use service tenant for ceilometer

Configure ceilometer to use the service tenant instead of the admin
tenant.  Using the admin tenant is not required and a security risk.

This brings the ceilometer configuration in line with the
recommendations from the official installation guide:
http://docs.openstack.org/kilo/install-guide/install/yum/content/ceilometer-controller-install.html

Change-Id: Ia14695eb23a1ff551fd27f74b4cb864e80b100e3
Partial-Bug: #1358237

8 years agoSahara Integration
Ethan Gafford [Wed, 26 Aug 2015 21:43:52 +0000 (17:43 -0400)]
Sahara Integration

Integration of OpenStack data processing service (sahara) with
TripleO.

- Deploys sahara in distributed mode (separate api and engine
  processes on each controller node)
- Load balancing w/haproxy
- RabbitMQ/MySQL supported per current TripleO standard
- Minimal configurability at this time

Change-Id: I77a6a69ed5691e3b1ba34e9ebb4d88c80019642c
Partially-implements: blueprint sahara-integration
Depends-On: I0f0a1dc2eaa57d8226bad8cfb250110296ab9614
Depends-On: Ib84cc59667616ec94e7edce2715cbd7dd944f4ae
Depends-On: I9fe321fd4284f7bfd55bd2e69dcfe623ed6f8a2a

8 years agoRemove not needed completion-signal
Steven Hardy [Thu, 10 Dec 2015 15:08:05 +0000 (15:08 +0000)]
Remove not needed completion-signal

The completion-signal input is no longer needed, because for some
time 99-refresh-completed has supported using per-deployment
signal URLs instead provided the config group is set correctly
to os-apply-config.

Change-Id: I76cb5331917ff54e978bd22b9dea0c1a2c65a928

8 years agoSwitch for Keystone DB cron job
Martin Mágr [Wed, 5 Aug 2015 14:28:04 +0000 (16:28 +0200)]
Switch for Keystone DB cron job

- Adds parameter to enable switching off token flush cron job.
- Sets destination for deleted rows to /dev/null

Change-Id: I9e8aed969e81595d8a1d0a5300da17da6ba15c03
Partial-bug: rhbz#1249106
Depends-On: I5e51562338f68b4ba1b2e942907e6f6a0ab7a61e

8 years agoMerge "Add ExtraConfig to cinder storage role"
Jenkins [Fri, 8 Jan 2016 11:25:59 +0000 (11:25 +0000)]
Merge "Add ExtraConfig to cinder storage role"

8 years agoMerge "Fix yaml validation errors in multiple-nics templates"
Jenkins [Fri, 8 Jan 2016 09:06:56 +0000 (09:06 +0000)]
Merge "Fix yaml validation errors in multiple-nics templates"

8 years agoMerge "updating enable_ceph conditions for controller"
Jenkins [Thu, 7 Jan 2016 23:59:30 +0000 (23:59 +0000)]
Merge "updating enable_ceph conditions for controller"

8 years agoMerge "Adding ManagementIpSubnet to linux bridge net conf"
Jenkins [Thu, 7 Jan 2016 23:58:46 +0000 (23:58 +0000)]
Merge "Adding ManagementIpSubnet to linux bridge net conf"

8 years agoEnable the ML2 port security extension driver by default
Brent Eagles [Thu, 7 Jan 2016 19:35:58 +0000 (16:05 -0330)]
Enable the ML2 port security extension driver by default

This patch enables the port security ML2 extension driver by default. It
should have no impact on users that do not explicitly modify the port
security property on a port.

Change-Id: I1413428a1c0329acf0276bf6032684e5e7f8e177
Closes-Bug: #1531970

8 years agoMerge "Use new heat-docker-agents images"
Jenkins [Thu, 7 Jan 2016 17:30:24 +0000 (17:30 +0000)]
Merge "Use new heat-docker-agents images"

8 years agoMerge "Remove deleted Cinder rows"
Jenkins [Thu, 7 Jan 2016 17:23:10 +0000 (17:23 +0000)]
Merge "Remove deleted Cinder rows"

8 years agoMerge "Add TimeZone parameter for all node types"
Jenkins [Thu, 7 Jan 2016 11:56:58 +0000 (11:56 +0000)]
Merge "Add TimeZone parameter for all node types"

8 years agoMerge "Enable configuration of Neutron QoS"
Jenkins [Thu, 7 Jan 2016 11:40:01 +0000 (11:40 +0000)]
Merge "Enable configuration of Neutron QoS"

8 years agoEnable configuration of Neutron QoS
Brent Eagles [Wed, 18 Nov 2015 17:25:26 +0000 (13:55 -0330)]
Enable configuration of Neutron QoS

This change adds support for setting the configuration options required
to enable the quality of service feature in Neutron. The default values
will enable the feature.

Closes-Bug: #1524052

Depends-On: Iefc289a6eee13b9c66f8131c258af982f232df4b

Change-Id: I1abf7d37d39e6927e482b56de4ee3d3d7c313a1c

8 years agoEnable Dell Storage Center iscsi Backends in Cinder
rajinir [Thu, 12 Nov 2015 22:50:39 +0000 (16:50 -0600)]
Enable Dell Storage Center iscsi Backends in Cinder

Enables support for configuring Cinder with a Dell
Storage Center iscsi storage backend.
This change adds all relevant parameters for:
 - Dell Storage Center SC Series (iSCSI)

Change-Id: I3b1a4346f494139ab123c7dc1a62f81d03c9e728

8 years agoMerge "Enable Equallogic Backends in Cinder"
Jenkins [Wed, 6 Jan 2016 16:40:40 +0000 (16:40 +0000)]
Merge "Enable Equallogic Backends in Cinder"

8 years agoMerge "Ensure cluster remains stable during services restarts"
Jenkins [Wed, 6 Jan 2016 12:55:46 +0000 (12:55 +0000)]
Merge "Ensure cluster remains stable during services restarts"

8 years agoMerge "Bump the pacemaker service op_params to 200s for start and stop"
Jenkins [Wed, 6 Jan 2016 12:18:31 +0000 (12:18 +0000)]
Merge "Bump the pacemaker service op_params to 200s for start and stop"

8 years agoRemove deleted Cinder rows
Martin Mágr [Tue, 4 Aug 2015 12:00:11 +0000 (14:00 +0200)]
Remove deleted Cinder rows

Creates cron job running every 24 hours
for "cinder-manage db purge"

Partial-bug: rhbz#1249106
Change-Id: I9156e0bf1401eda49a7c9a2921dc3a8723af026d
Depends-On: I677f2ef3d9ca81fff0f672c8e34b6e4278674a96

8 years agoMerge "Align template defaults with the client"
Jenkins [Wed, 6 Jan 2016 09:04:18 +0000 (09:04 +0000)]
Merge "Align template defaults with the client"

8 years agoupdating enable_ceph conditions for controller
Dan Radez [Mon, 4 Jan 2016 18:59:46 +0000 (13:59 -0500)]
updating enable_ceph conditions for controller

- keeping enabled based on ceph node count being greater than 0
- adding enabled if ControllerEnableCephStorage is true

Intention here is to be able to run ceph without having dedicated
nodes for. Enabling Ceph alternativly from the ControllerEnableCeph
parameter allows ceph to be colocated on the controllers without
having to run any dedicated ceph nodes.

Change-Id: I71062d37226c679156380c0f4e194b51cb586bcf
Signed-off-by: Dan Radez <dradez@redhat.com>
8 years agoAdd ExtraConfig to cinder storage role
James Slagle [Fri, 4 Dec 2015 21:36:11 +0000 (16:36 -0500)]
Add ExtraConfig to cinder storage role

The ExtraConfig resource was missing from the cinder
storage role. Adding it for consistency.

Change-Id: I05ad33c113af6f67ded7699976103508c47a3f1a

8 years agoBump the pacemaker service op_params to 200s for start and stop
marios [Tue, 5 Jan 2016 13:35:31 +0000 (15:35 +0200)]
Bump the pacemaker service op_params to 200s for start and stop

Based on observed timeouts during updates bump the stop and start
timeouts for pacemaker service resources (via op_params) to 200.
This is based on the reasoning that the full timeout may be as
long as two elapsed timeout intervals. After an initial timeout,
the sigterm that follows is then allowed another
DefaultTimeoutStopSec seconds. The 200s is produced by allowing
this 2xDefaultTimeoutStopSec (@90s for systemd) and some
scheduling delta. Many thanks to Michele Baldessari.

Closes-Bug: 1531204
Change-Id: If6b43982c958f63bc78ad997400bf1279c23df7e

8 years agoMerge "Remove deleted Nova rows"
Jenkins [Tue, 5 Jan 2016 15:21:01 +0000 (15:21 +0000)]
Merge "Remove deleted Nova rows"

8 years agoEnsure cluster remains stable during services restarts
Giulio Fidente [Fri, 18 Dec 2015 16:36:25 +0000 (17:36 +0100)]
Ensure cluster remains stable during services restarts

Using crm_resource --wait we wait for the cluster to get into
a stable state before moving into the next step of the piloted
restart procedure.

Change-Id: I80199653024383fd07900dad0b8d23fb8afade26
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
8 years agoUse new heat-docker-agents images
Ryan Hallisey [Fri, 4 Dec 2015 14:14:50 +0000 (14:14 +0000)]
Use new heat-docker-agents images

Hosted at tripleoupstream/heat-docker-agents.

Change-Id: I2133a7cb789a34c60b87339d816d29d353cb015f

8 years agoMerge "Network Isolation support for containerized compute"
Jenkins [Tue, 5 Jan 2016 13:10:26 +0000 (13:10 +0000)]
Merge "Network Isolation support for containerized compute"

8 years agoAdd TimeZone parameter for all node types
Nico Auv [Wed, 25 Nov 2015 15:34:48 +0000 (16:34 +0100)]
Add TimeZone parameter for all node types

Adds a TimeZone parameter for node types and the top level
stack. Defaults to UTC.

Change-Id: I98123d894ce429c34744233fe3e631cbdd7c12b5
Depends-On: Icf7c681f359e3e48b653ea4648db6a73b532d45e

8 years agoAdding ManagementIpSubnet to linux bridge net conf
Jaume Devesa [Tue, 5 Jan 2016 10:38:15 +0000 (10:38 +0000)]
Adding ManagementIpSubnet to linux bridge net conf

Because of the new ManagementIpSubnet parameter (introduced by the
15bb6726 commit), the net-config-linux-bridge network configuration file
must be updated.

Change-Id: I020692eedd9a96e28d0b871e2c27b4f0ee87e3fa

8 years agoMerge "Wait for cluster to settle in yum_update.sh"
Jenkins [Tue, 5 Jan 2016 10:19:15 +0000 (10:19 +0000)]
Merge "Wait for cluster to settle in yum_update.sh"

8 years agoNetwork Isolation support for containerized compute
Ryan Hallisey [Mon, 7 Dec 2015 16:57:21 +0000 (11:57 -0500)]
Network Isolation support for containerized compute

The template will all neutron-agents to be configured so that it can
run the network isolation templates on the containerized compute node.

Co-Authored-By: Dan Prince <dpince@redhat.com>
Change-Id: I7837ed7ed3e807ec5c1276904893695918bef293

8 years agoMerge "Convert JSON generations from bash to python"
Jenkins [Mon, 4 Jan 2016 19:04:12 +0000 (19:04 +0000)]
Merge "Convert JSON generations from bash to python"

8 years agoWait for cluster to settle in yum_update.sh
Jiri Stransky [Thu, 17 Dec 2015 13:40:15 +0000 (14:40 +0100)]
Wait for cluster to settle in yum_update.sh

Occasionally we hit "Error: unable to push cib" during update. This is
probably due to the fact that when we try to replace cib in
yum_update.sh, services on the previous updated controller are still
coming up and changing cib, and racing/conflicting with the cib push
from yum_update.sh.

This commit adds waiting for the cluster to settle before exiting from
yum_update.sh, to avoid this kind of conflict.

Also a check for cib-push success is added, to make the update fail
properly instead of hanging indefinitely as we've observed with this
issue.

Change-Id: I953087e0e565474ac553fd57bea2459d2e3a6081
Closes-Bug: #1527644