apex-tripleo-heat-templates.git
7 years agoStop setting bind_address on nova db uri.
Oliver Walsh [Tue, 7 Feb 2017 10:18:36 +0000 (10:18 +0000)]
Stop setting bind_address on nova db uri.

This reverts the changes in https://review.openstack.org/414629 for nova as
they are incompatible with cell_v2.

This is a temporary fix for HA while a long-term solution is developed.

Change-Id: I79d30a2d76a354999152c0c997ea77f104c51027
Related-bug: #1643487
Closes-bug: #1662344

7 years agoMerge "Remove openstack-ceilometer-api pre upgrade check"
Jenkins [Mon, 6 Feb 2017 22:49:45 +0000 (22:49 +0000)]
Merge "Remove openstack-ceilometer-api pre upgrade check"

7 years agoMerge "Remove precheck on services which run on httpd for upgrade"
Jenkins [Mon, 6 Feb 2017 22:01:43 +0000 (22:01 +0000)]
Merge "Remove precheck on services which run on httpd for upgrade"

7 years agoMerge "Remove old host param"
Jenkins [Mon, 6 Feb 2017 16:17:01 +0000 (16:17 +0000)]
Merge "Remove old host param"

7 years agoRemove precheck on services which run on httpd for upgrade
Mathieu Bultel [Mon, 6 Feb 2017 15:39:54 +0000 (16:39 +0100)]
Remove precheck on services which run on httpd for upgrade

Those services is not handle with systemctl

Change-Id: Ia57dffd42a11070696fda14f1e91de2993e63479

7 years agoRemove openstack-ceilometer-api pre upgrade check
Marius Cornea [Mon, 6 Feb 2017 15:26:56 +0000 (16:26 +0100)]
Remove openstack-ceilometer-api pre upgrade check

This change removes the pre upgrade check for a running
openstack-ceilometer-api service as this service doesn't exists in
Newton. Ceilometer API runs under httpd:
[root@overcloud-controller-0 ~]# httpd -t -D DUMP_VHOSTS | grep ceilo
10.0.0.23:8777         overcloud-controller-0.internalapi.localdomain
(/etc/httpd/conf.d/10-ceilometer_wsgi.conf:6)

Change-Id: I5cbf8ccf72f9071e328f52d373cf9e8edf5793f4
Closes-Bug: 1661251

7 years agoMerge "Provide a default value for Ironic cleaning_network configuration"
Jenkins [Mon, 6 Feb 2017 14:16:51 +0000 (14:16 +0000)]
Merge "Provide a default value for Ironic cleaning_network configuration"

7 years agoMerge "Disable batch upgrade deployments for disabled roles"
Jenkins [Fri, 3 Feb 2017 21:42:40 +0000 (21:42 +0000)]
Merge "Disable batch upgrade deployments for disabled roles"

7 years agoMerge "Reduce number of steps for upgrades"
Jenkins [Fri, 3 Feb 2017 21:42:33 +0000 (21:42 +0000)]
Merge "Reduce number of steps for upgrades"

7 years agoMerge "Simplify/fix config enabled conditions for upgrades"
Jenkins [Fri, 3 Feb 2017 21:41:31 +0000 (21:41 +0000)]
Merge "Simplify/fix config enabled conditions for upgrades"

7 years agoMerge "Configure VNC Server listen address through t-h-t"
Jenkins [Fri, 3 Feb 2017 21:40:04 +0000 (21:40 +0000)]
Merge "Configure VNC Server listen address through t-h-t"

7 years agoMerge "net-config-multinode: make controlplane int idempotent"
Jenkins [Fri, 3 Feb 2017 18:33:46 +0000 (18:33 +0000)]
Merge "net-config-multinode: make controlplane int idempotent"

7 years agonet-config-multinode: make controlplane int idempotent
Emilien Macchi [Fri, 3 Feb 2017 14:17:59 +0000 (09:17 -0500)]
net-config-multinode: make controlplane int idempotent

When doing a stack-update, it will try to create the control plane
interface again.
Add this conditional so the interface is not created if already exist.

Note: this code has been taken from tripleo-ci and is consistent with
how multinode jobs are currently tested.

Co-Authored-By: James Slagle <jslagle@redhat.com>
Co-Authored-By: Steven Hardy <shardy@redhat.com>
Co-Authored-By: Mathieu Bultel <mbultel@redhat.com>
Change-Id: I773fdf5359cead6961b595e3c8192b02406452b7
Related-Bug: #1661412

7 years agoProvide a default value for Ironic cleaning_network configuration
Dmitry Tantsur [Thu, 2 Feb 2017 09:38:46 +0000 (10:38 +0100)]
Provide a default value for Ironic cleaning_network configuration

Ironic will soon refuse to start when at least some value is not provided.
Unfortunately, we do not create any overcloud[*] networks during deployment.
Fortunately, Ironic does not validate this value until actual cleaning. So,
this change sets it to "provisioning", which is what people often use.

An update will follow to the documentation to recommend this name:
http://tripleo.org/advanced_deployment/baremetal_overcloud.html#configuring-cleaning

A new parameter is created for this value, with a reminded to change it to
an actual UUID later on. While a pre-defined name will work in a simplest case,
in a real multi-tenant deployment a network name conflict is possible.
Using a UUID is safer in this regard.

[*] networks created in overcloud neutron

Change-Id: I1b7dc2ff70d3b76f19a183a60e88cf72f6d2a318
Closes-Bug: #1661082

7 years agoDisable batch upgrade deployments for disabled roles
Steven Hardy [Thu, 2 Feb 2017 18:29:52 +0000 (18:29 +0000)]
Disable batch upgrade deployments for disabled roles

Currently we don't correctly disable the batch_upgrade_tasks, so
rework the loops to ensure we only create the batch deployments
for roles which enabled upgrades.

Note this modifies some loop whitespace too which cleans up the
rendered output and makes it a bit more readable/compact.

Change-Id: I1c257dcc351e99efa54f9cae4b3009287908756e
Partially-Renders: blueprint overcloud-upgrades-per-service

7 years agoReduce number of steps for upgrades
Steven Hardy [Mon, 30 Jan 2017 10:20:32 +0000 (10:20 +0000)]
Reduce number of steps for upgrades

We don't need all the steps currently enabled for either batched
or concurrent updates, so decrease them.  In future we can perhaps
introspect the task tags during plan creation and set these
dynamically.

Change-Id: I0358886a332dfbecd03bc4a67086b08d25756c22
Partially-Implements: blueprint overcloud-upgrades-per-service

7 years agoSimplify/fix config enabled conditions for upgrades
Steven Hardy [Mon, 30 Jan 2017 10:17:53 +0000 (10:17 +0000)]
Simplify/fix config enabled conditions for upgrades

We should enable each kind of upgrade per role, not per step
so rework the conditions, and also only apply it to the deployment
(to save the round-trip to the nodes applying an empty config)
but don't disable the *Config resources as the overhead of these
is small, and we reference the Step1 config in the outputs, even
if it's empty.

Change-Id: Iee2f1fb5b1d8b0b6001c6ab0f2a4ef2858cef281
Partially-Implements: blueprint overcloud-upgrades-per-service

7 years agoDisable puppet on upgrade for roles not upgrading
Steven Hardy [Thu, 2 Feb 2017 12:03:03 +0000 (12:03 +0000)]
Disable puppet on upgrade for roles not upgrading

Where the role has disabled upgrades, we need to skip both the ansible and
puppet steps.  To do this we refactor the post.j2.yaml so that it can be
included in the upgrade template with an adjusted list of roles.

Note this requires https://review.openstack.org/#/c/425220/ - this
change will be required for local testing of this patch
(run mistral-db-mange populate after updating tripleo-common
and restart the mistral services, or update your repos and re-run
openstack undercloud install).

Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: Ie7d0fa6fef3528bd93e6cde076b964ea8de3185a

7 years agoMerge "Moving the validation for using the template alias version for all templates"
Jenkins [Fri, 3 Feb 2017 09:20:41 +0000 (09:20 +0000)]
Merge "Moving the validation for using the template alias version for all templates"

7 years agoMerge "Switch item notation to jinja format"
Jenkins [Fri, 3 Feb 2017 00:38:48 +0000 (00:38 +0000)]
Merge "Switch item notation to jinja format"

7 years agoCI: enable debug on multinode and upgrade job
Emilien Macchi [Thu, 2 Feb 2017 21:10:15 +0000 (16:10 -0500)]
CI: enable debug on multinode and upgrade job

We're running TripleO CI jobs outside TripleO projects (nova, gnocchi,
etc), folks need more debug to be helpful.

Change-Id: I512ad89d9ac82ae62f9cbe7d0029fb1ac7445cc9

7 years agoRemove old host param
Pradeep Kilambi [Thu, 2 Feb 2017 20:53:29 +0000 (15:53 -0500)]
Remove old host param

Change-Id: Ib9e1a4ccdf447455a330687184eae471b9f3f4d4
Depends-On: I2b48d23006e38f56f04456b4556374bf0fcdb14a

7 years agoSwitch item notation to jinja format
Marius Cornea [Thu, 2 Feb 2017 17:46:48 +0000 (18:46 +0100)]
Switch item notation to jinja format

This change fixes the item variable notation in
puppet/services/ceph-osd.yaml.

Change-Id: I4d105619e4ac913b4a711bf91fea5f6e3c9b4caa
Closes-Bug: 1661339

7 years agoMerge "Allow the override of pacemaker::corosync::settle_tries"
Jenkins [Thu, 2 Feb 2017 15:16:16 +0000 (15:16 +0000)]
Merge "Allow the override of pacemaker::corosync::settle_tries"

7 years agoMerge "Don't run yum_update.sh inside docker"
Jenkins [Thu, 2 Feb 2017 13:36:32 +0000 (13:36 +0000)]
Merge "Don't run yum_update.sh inside docker"

7 years agoMerge "Temporary UCSM mapping files should be opened with write mode"
Jenkins [Thu, 2 Feb 2017 13:32:49 +0000 (13:32 +0000)]
Merge "Temporary UCSM mapping files should be opened with write mode"

7 years agoMerge "Use common directory in CI scenario for net-config"
Jenkins [Thu, 2 Feb 2017 13:31:41 +0000 (13:31 +0000)]
Merge "Use common directory in CI scenario for net-config"

7 years agoMerge "Don't run ceilometer-upgrade via upgrade_tasks"
Jenkins [Thu, 2 Feb 2017 10:34:11 +0000 (10:34 +0000)]
Merge "Don't run ceilometer-upgrade via upgrade_tasks"

7 years agoMoving the validation for using the template alias version for all templates
Carlos Camacho [Thu, 2 Feb 2017 09:46:55 +0000 (10:46 +0100)]
Moving the validation for using the template alias version for all templates

Currently we are applying this validation for the services templates, this
submission moves it to run with all templates.

Also fixed those templates not using the alias name.

Change-Id: I3a2c0ce6adcc8061fdc51f73fdc6b9748c0fead9

7 years agoMerge "Add more explicit messagae to build_endpoint_map's check option"
Jenkins [Wed, 1 Feb 2017 23:35:02 +0000 (23:35 +0000)]
Merge "Add more explicit messagae to build_endpoint_map's check option"

7 years agoMerge "Add deployed server bootstrap for RHEL"
Jenkins [Wed, 1 Feb 2017 23:26:52 +0000 (23:26 +0000)]
Merge "Add deployed server bootstrap for RHEL"

7 years agoMerge "Validate that endpoint_map.yaml is up to date in the gate"
Jenkins [Wed, 1 Feb 2017 23:24:25 +0000 (23:24 +0000)]
Merge "Validate that endpoint_map.yaml is up to date in the gate"

7 years agoMerge "Add ability to toggle swift's ceilometer transport_url SSL"
Jenkins [Wed, 1 Feb 2017 22:04:54 +0000 (22:04 +0000)]
Merge "Add ability to toggle swift's ceilometer transport_url SSL"

7 years agoAdd more explicit messagae to build_endpoint_map's check option
Juan Antonio Osorio Robles [Wed, 1 Feb 2017 21:09:03 +0000 (23:09 +0200)]
Add more explicit messagae to build_endpoint_map's check option

This will hopefully help developers know what to do if their patch fails
this verification.

Change-Id: I01fe9ca30295c6264affdbdb773b039a744289ea

7 years agoValidate that endpoint_map.yaml is up to date in the gate
Zane Bitter [Wed, 1 Feb 2017 21:05:03 +0000 (16:05 -0500)]
Validate that endpoint_map.yaml is up to date in the gate

Change-Id: I72aa48c72c825151739cb478c58e9a6c841c9130

7 years agoConfigure VNC Server listen address through t-h-t
Juan Antonio Osorio Robles [Wed, 1 Feb 2017 20:35:42 +0000 (22:35 +0200)]
Configure VNC Server listen address through t-h-t

This adds an entry for libvirt (which is used by the VNC server) on
which we can tell it via t-h-t on which IP address to listen on.

Change-Id: Ie377c09734e9f6170daa519aed69c53fc67c366b
Related-Bug: #1660099

7 years agoDon't run ceilometer-upgrade via upgrade_tasks
Steven Hardy [Wed, 1 Feb 2017 19:00:38 +0000 (19:00 +0000)]
Don't run ceilometer-upgrade via upgrade_tasks

This needs to be run by puppet or ansible runs it as root and the
later run by puppet fails due to permissions on the logfile.

Probably we need to remove the *sync calls for most services to
avoid similar issues, now that we're running puppet as part of the
pre-converge upgrade process but that will be done in another patch.

Change-Id: I808db2c175325a25058226842684558ea06fb5c5
Partially-Implements: blueprint overcloud-upgrades-per-service

7 years agoRemove Gemfile and Rakefile
Emilien Macchi [Wed, 1 Feb 2017 17:21:11 +0000 (12:21 -0500)]
Remove Gemfile and Rakefile

We are not running syntax and lint jobs in THT for master & newton,
let's remove useless files.

Change-Id: Ia572a0eb8872ab199bc68a51750dfc17ca5ee034

7 years agoDisable the deprecation warnings as errors for puppet-syntax
Emilien Macchi [Wed, 1 Feb 2017 13:57:58 +0000 (08:57 -0500)]
Disable the deprecation warnings as errors for puppet-syntax

Recently puppet4 started deprecating ruby 2.0 with the following
commit: https://github.com/puppetlabs/puppet/commit/e9eda7ed56fddcf185fc155d7e0ae054ea327504

One way to work-around this (in the absence of a more recent ruby
version) is to not treat this deprecation warnings as fatal when
doing the puppet syntax check

Change-Id: Id49c5068ab4609e3da0417af4714e8cb8485f3d1
Closes-Bug: #1660943

7 years agoAdd ability to toggle swift's ceilometer transport_url SSL
Juan Antonio Osorio Robles [Mon, 30 Jan 2017 18:48:27 +0000 (20:48 +0200)]
Add ability to toggle swift's ceilometer transport_url SSL

So, if RabbitClientUseSSL is set, this will enable TLS for the
swift's ceilometer message broker connection.

Change-Id: Ide70a509aefc9e7eb9d7cc5b3a60520fa42b4010
Depends-On: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61

7 years agoMerge "Configure DPDK options to isolate PMD cores and ovs process cores"
Jenkins [Tue, 31 Jan 2017 12:51:19 +0000 (12:51 +0000)]
Merge "Configure DPDK options to isolate PMD cores and ovs process cores"

7 years agoMerge "docker: eliminate copy-json.py in favor of json-file"
Jenkins [Tue, 31 Jan 2017 10:15:48 +0000 (10:15 +0000)]
Merge "docker: eliminate copy-json.py in favor of json-file"

7 years agoMerge "Removes deprecated neutron-opendaylight-l3 env file"
Jenkins [Tue, 31 Jan 2017 09:48:48 +0000 (09:48 +0000)]
Merge "Removes deprecated neutron-opendaylight-l3 env file"

7 years agoUse common directory in CI scenario for net-config
Mathieu Bultel [Tue, 31 Jan 2017 08:09:14 +0000 (09:09 +0100)]
Use common directory in CI scenario for net-config

The multinode_major_upgrade scenario is using an external
directory for net-config.
Moving this to the internal directory in tht common/

Change-Id: I41692d2ddb9fbd2002fd7910933ab4edff74f33e

7 years agoMerge "Add upgrade support for CephRGW service"
Jenkins [Mon, 30 Jan 2017 21:07:38 +0000 (21:07 +0000)]
Merge "Add upgrade support for CephRGW service"

7 years agoMerge "multinode/upgrade: set heat::rpc_response_timeout to 600"
Jenkins [Mon, 30 Jan 2017 15:56:17 +0000 (15:56 +0000)]
Merge "multinode/upgrade: set heat::rpc_response_timeout to 600"

7 years agodocker: eliminate copy-json.py in favor of json-file
Dan Prince [Wed, 4 Jan 2017 02:57:14 +0000 (21:57 -0500)]
docker: eliminate copy-json.py in favor of json-file

This patch rewires how we configure the Kolla external config files
via Heat templates and uses a more simple json-file heat hook to
directly write out Kolla config files to disk.

By using a heat hook instead of a shell script we can avoid
Json conversion issues.  Additionally, This generic json file hook will
be useful for other ad-hoc Json file configuration within the TripleO
docker architecture.

Co-Authored-By: Martin André <m.andre@redhat.com>
Change-Id: I8c72a4a9a7022f722bfe1cef3e18517605720cce
Depends-On: I2b372ac2e291339e436202c9fe58a681ed6a743f
Depends-On: Id3f779b11e23fd3122ef29b7ccbae116667d4520

7 years agoMerge "Add AuditD composable service"
Jenkins [Fri, 27 Jan 2017 22:04:18 +0000 (22:04 +0000)]
Merge "Add AuditD composable service"

7 years agoMerge "Pass parameters for TLS proxy in front of neutron server"
Jenkins [Fri, 27 Jan 2017 19:22:15 +0000 (19:22 +0000)]
Merge "Pass parameters for TLS proxy in front of neutron server"

7 years agomultinode/upgrade: set heat::rpc_response_timeout to 600
Emilien Macchi [Fri, 27 Jan 2017 19:14:53 +0000 (14:14 -0500)]
multinode/upgrade: set heat::rpc_response_timeout to 600

Continue the work done on https://review.openstack.org/#/c/423302/

Change-Id: I931534e0ec33e131809186f74068eb479d38a0f9

7 years agoMerge "Remove create-legacy-resource-types opts"
Jenkins [Fri, 27 Jan 2017 18:58:36 +0000 (18:58 +0000)]
Merge "Remove create-legacy-resource-types opts"

7 years agoMerge "Use os-net-config in multinode jobs"
Jenkins [Fri, 27 Jan 2017 17:52:29 +0000 (17:52 +0000)]
Merge "Use os-net-config in multinode jobs"

7 years agoPass parameters for TLS proxy in front of neutron server
Juan Antonio Osorio Robles [Wed, 25 Jan 2017 17:42:33 +0000 (19:42 +0200)]
Pass parameters for TLS proxy in front of neutron server

If TLS in the internal network is enabled, we run neutron-server
behind a TLS proxy (which is actually httpd's mod_proxy). This passes
the necessary hieradata.

bp tls-via-certmonger
Depends-On: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e

Change-Id: I9252512dbf9cf2e3eec50c41bf10629d36070bbd

7 years agoUse os-net-config in multinode jobs
Emilien Macchi [Wed, 25 Jan 2017 15:35:20 +0000 (10:35 -0500)]
Use os-net-config in multinode jobs

Full credits to James Slagle, author of this code in TripleO CI:
https://review.openstack.org/#/c/409346

This patch adds a new template for configuring networking on the
Overcloud nodes using os-net-config in multinode jobs. Previously we
were not using os-net-config at all.

Also updates the multinode.yaml environment to use this network config
template.

The IP of each subnode is used when the vxlan tunnels are configured in
OVS, given that, each node needs its own unique network configuration.
To accomodate that, the templates makes use of the network_config_hook
function to influence run-os-net-config.sh

This patch is just the first step to totally switching to os-net-config
in multinode jobs. The devstack-gate code is still in use to bootstrap
the initial networking on the undercloud and subnodes. That will be
switched over in subsequent patches.

Change-Id: I6efa71eb23109d0b3b480061135c572ab89f5981
Co-Authorized-By: James Slagle <jslagle@redhat.com>
Implements: blueprint multinode-ci-os-net-config

7 years agoAdd support for Jinja2 includes
Oliver Walsh [Thu, 26 Jan 2017 11:21:41 +0000 (11:21 +0000)]
Add support for Jinja2 includes

This replicates the behavior of the custom Jinja2 loader from tripleo-common to
allow template validation on the local filesystem using tox.

Change-Id: I27683ab31187c6334dc5b4b5363a3347874b9a90
Partially-Implements: blueprint overcloud-upgrades-per-service
Depends-On: Idc5c3f49c7a2fc7f3622c76da001992cc657384e

7 years agoAdd AuditD composable service
Steven Hardy [Wed, 18 Jan 2017 12:25:56 +0000 (12:25 +0000)]
Add AuditD composable service

This patch allows the management of the AuditD service and its associated
files (such as `audit.rules`)

This is achieved by means of the `puppet-auditd` puppet module.

Also places ssh banner capabilities map on top of patch

Change-Id: Ib8bb52dde88304cb58b051bced9779c97a314d0d
Depends-On: Ie31c063b674075e35e1bfa28d1fc07f3f897407b

7 years agoMerge "Adds a pre-upgrade check that service is running (step0)"
Jenkins [Fri, 27 Jan 2017 12:58:03 +0000 (12:58 +0000)]
Merge "Adds a pre-upgrade check that service is running (step0)"

7 years agoMerge "Adds SSH Banner text into sshd_config"
Jenkins [Fri, 27 Jan 2017 12:29:12 +0000 (12:29 +0000)]
Merge "Adds SSH Banner text into sshd_config"

7 years agoAdds a pre-upgrade check that service is running (step0)
marios [Fri, 23 Dec 2016 14:07:44 +0000 (16:07 +0200)]
Adds a pre-upgrade check that service is running (step0)

Adds a step0 for most services to check that the state is running
before continuing with any of the other upgrades steps (these are
tagged step0).

You can skip this service check by overriding the
SkipUpgradeConfigTags parameter as follows:

parameter_defaults:
  SkipUpgradeConfigTags: validation

Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909

7 years agoAllow the override of pacemaker::corosync::settle_tries
Michele Baldessari [Fri, 27 Jan 2017 07:10:39 +0000 (08:10 +0100)]
Allow the override of pacemaker::corosync::settle_tries

When replacing a controller node, Exec['wait-for-settle'] needs to
timeout, which means that the command pcs cluster auth will be executed
360 times with 10 seconds in between. So that means waiting for an hour
for no reason. Let's allow to override the settle_tries counter so
an operator can shorten it accordingly.

Tested this by setting CorosyncSettleTries to 100 and I correctly get
proper hiera settings:
$ hiera pacemaker::corosync::settle_tries
100

And effectively we try a number of 100 times as opposed to the 360
default:
/Stage[main]/Pacemaker::Corosync/Exec[reauthenticate-across-all-nodes]/returns
(debug): Exec try 1/100

Change-Id: I5e21b4215cb0b8686d2059b3d71e2444a96719dc
Closes-Bug: #1659741

7 years agoMerge "Allow to separate Horizon from Neutron"
Jenkins [Fri, 27 Jan 2017 04:50:01 +0000 (04:50 +0000)]
Merge "Allow to separate Horizon from Neutron"

7 years agoMerge "Add a release note for using deployed-servers (aka split-stack)"
Jenkins [Fri, 27 Jan 2017 01:07:31 +0000 (01:07 +0000)]
Merge "Add a release note for using deployed-servers (aka split-stack)"

7 years agoMerge "Add release note for composable upgrades"
Jenkins [Fri, 27 Jan 2017 01:07:24 +0000 (01:07 +0000)]
Merge "Add release note for composable upgrades"

7 years agoMerge "Add novajoin entries to the TLS-everywhere environment file"
Jenkins [Thu, 26 Jan 2017 22:27:14 +0000 (22:27 +0000)]
Merge "Add novajoin entries to the TLS-everywhere environment file"

7 years agoAllow to separate Horizon from Neutron
Emilien Macchi [Thu, 26 Jan 2017 21:50:08 +0000 (16:50 -0500)]
Allow to separate Horizon from Neutron

Allow to deploy 2 different nodes with Neutron and another with Horizon.
Horizon will get the right hieradata to collect the mechanism driver and
configure the dashboard correctly.

Change-Id: I24621f6a7d053cff487984bab0d10a4a97204675
Closes-Bug: 1659662

7 years agoMerge "Add telemetry service support for composable upgrades"
Jenkins [Thu, 26 Jan 2017 20:06:58 +0000 (20:06 +0000)]
Merge "Add telemetry service support for composable upgrades"

7 years agoAdd deployed server bootstrap for RHEL
James Slagle [Thu, 26 Jan 2017 20:06:46 +0000 (15:06 -0500)]
Add deployed server bootstrap for RHEL

This is similar to the bootstrap for CentOS, except we don't set SELinux
to permissive on RHEL.

Change-Id: I52b8fa017ee2821d2fa91e5ec806a55fcb92566d
Partially-implements: blueprint split-stack-software-configuration

7 years agoMerge "Do not try to update the 'ceph' metapackage from CephMon role"
Jenkins [Thu, 26 Jan 2017 20:05:23 +0000 (20:05 +0000)]
Merge "Do not try to update the 'ceph' metapackage from CephMon role"

7 years agoRemove create-legacy-resource-types opts
Pradeep Kilambi [Mon, 23 Jan 2017 15:04:25 +0000 (10:04 -0500)]
Remove create-legacy-resource-types opts

This flag is quite old and doesnt work as expected anymore.
Let ceilometer upgrade create these reource types instead.

Change-Id: I71ea6e2fd9418095de658d709c14bb3006ca2753

7 years agoMerge "Conform CephExternal template to the new hiera hook"
Jenkins [Thu, 26 Jan 2017 18:39:13 +0000 (18:39 +0000)]
Merge "Conform CephExternal template to the new hiera hook"

7 years agoMerge "Add Ceph RBD mirror Pacemaker profile"
Jenkins [Thu, 26 Jan 2017 18:37:56 +0000 (18:37 +0000)]
Merge "Add Ceph RBD mirror Pacemaker profile"

7 years agoMerge "ci: import multinode_major_upgrade.yaml from tripleo-ci"
Jenkins [Thu, 26 Jan 2017 17:23:31 +0000 (17:23 +0000)]
Merge "ci: import multinode_major_upgrade.yaml from tripleo-ci"

7 years agoMerge "Allow dnsmasq_dns_servers to be configured for DHCP Agent"
Jenkins [Thu, 26 Jan 2017 17:19:02 +0000 (17:19 +0000)]
Merge "Allow dnsmasq_dns_servers to be configured for DHCP Agent"

7 years agoMerge "Use versionless keystone endpoint for barbican-related configurations"
Jenkins [Thu, 26 Jan 2017 16:55:07 +0000 (16:55 +0000)]
Merge "Use versionless keystone endpoint for barbican-related configurations"

7 years agoAdd upgrade support for CephRGW service
Giulio Fidente [Fri, 20 Jan 2017 16:32:17 +0000 (17:32 +0100)]
Add upgrade support for CephRGW service

Implements minor upgrade of the ceph-radosgw service.

Change-Id: I4c064bf996ec6bb7eba41ab6384bd953a8ec920f
Partially-Implements: blueprint overcloud-upgrades-per-service

7 years agoAdd release note for composable upgrades
Steven Hardy [Thu, 26 Jan 2017 13:28:15 +0000 (13:28 +0000)]
Add release note for composable upgrades

Adds an initial release note for composable upgrades - I had to be
vague in the upgrades section as we're still working out some details
of the final upgrade workflow for all roles.

Change-Id: Iac0af86f3b56a07070a9d24b1255953f5fd07b34

7 years agoMerge "Set the correct default for gnocchi workers"
Jenkins [Thu, 26 Jan 2017 14:09:28 +0000 (14:09 +0000)]
Merge "Set the correct default for gnocchi workers"

7 years agoDo not try to update the 'ceph' metapackage from CephMon role
Giulio Fidente [Thu, 26 Jan 2017 12:31:38 +0000 (13:31 +0100)]
Do not try to update the 'ceph' metapackage from CephMon role

The 'ceph' metapackage is only provided by some repos so we should
not explicitly pull it.

Also adds a validation step to the CephMon and CephOSD roles to
stop upgrade if the Ceph cluster is in error state.

Change-Id: I5aa275677ada47a352a327b9be21927b852d16f3

7 years agoMerge "Add ironic service support for composable upgrades"
Jenkins [Thu, 26 Jan 2017 13:33:26 +0000 (13:33 +0000)]
Merge "Add ironic service support for composable upgrades"

7 years agoMerge "Skip upgrade steps where no tasks are defined"
Jenkins [Thu, 26 Jan 2017 13:33:16 +0000 (13:33 +0000)]
Merge "Skip upgrade steps where no tasks are defined"

7 years agoMerge "Add upgrade support for ceph OSD service"
Jenkins [Thu, 26 Jan 2017 13:33:09 +0000 (13:33 +0000)]
Merge "Add upgrade support for ceph OSD service"

7 years agoMerge "Add upgrade support for ceph-mon service"
Jenkins [Thu, 26 Jan 2017 13:33:02 +0000 (13:33 +0000)]
Merge "Add upgrade support for ceph-mon service"

7 years agoci: import multinode_major_upgrade.yaml from tripleo-ci
Emilien Macchi [Thu, 26 Jan 2017 13:30:10 +0000 (08:30 -0500)]
ci: import multinode_major_upgrade.yaml from tripleo-ci

So we can version it between releases like we do with scenarios.

Change-Id: I3e3aa5d4fa7e03d1f4483bf42fcff17386b58709

7 years agoMerge "Add support for batched upgrades to composable upgrades"
Jenkins [Thu, 26 Jan 2017 13:02:11 +0000 (13:02 +0000)]
Merge "Add support for batched upgrades to composable upgrades"

7 years agoAdd Ceph RBD mirror Pacemaker profile
Giulio Fidente [Mon, 5 Dec 2016 15:44:23 +0000 (16:44 +0100)]
Add Ceph RBD mirror Pacemaker profile

This change adds a profile to deploy the Ceph RBD mirroring daemon
as a Pacemaker resource.

Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948
Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789
Closes-Bug: #1652177

7 years agoMerge "Add snmp service support for composable upgrades"
Jenkins [Thu, 26 Jan 2017 11:39:53 +0000 (11:39 +0000)]
Merge "Add snmp service support for composable upgrades"

7 years agoAdds SSH Banner text into sshd_config
Luke Hinds [Thu, 8 Dec 2016 13:12:53 +0000 (13:12 +0000)]
Adds SSH Banner text into sshd_config

Allow use of ooo template to populate banner text into /etc/issue

Change-Id: If5b2da9415f10652a0a64503b2da4b63d1018640
Depends-On: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e
Closes-Bug: #1640306

7 years agoAdd SkipUpgradeConfigTags for upgrade config
Steven Hardy [Mon, 23 Jan 2017 11:46:58 +0000 (11:46 +0000)]
Add SkipUpgradeConfigTags for upgrade config

It may be that we want ways to selectively disable certain tasks,
such as pre-flight validations that might fail when restarting an
upgrade from a failed state.  This shows a way we might do that.

Depends-On: I18214f80be9f3ad6c2d385fc00f3b786d3e7dda3
Change-Id: Ibffaaf1de0baf47a0450daa5b7cbb57d38746556

7 years agoMerge "Add release notes for Ocata 6.0.0"
Jenkins [Thu, 26 Jan 2017 01:07:26 +0000 (01:07 +0000)]
Merge "Add release notes for Ocata 6.0.0"

7 years agoMerge "Manage password_validator regex"
Jenkins [Wed, 25 Jan 2017 23:50:48 +0000 (23:50 +0000)]
Merge "Manage password_validator regex"

7 years agoMerge "Auto-set SwiftMountCheck and SwiftUseLocalDir settings"
Jenkins [Wed, 25 Jan 2017 21:10:01 +0000 (21:10 +0000)]
Merge "Auto-set SwiftMountCheck and SwiftUseLocalDir settings"

7 years agoAdd telemetry service support for composable upgrades
Steven Hardy [Thu, 1 Dec 2016 10:06:34 +0000 (10:06 +0000)]
Add telemetry service support for composable upgrades

Change-Id: I62735676b45a881a7dac24171b26d88d6eb60d4a
Partially-Implements: blueprint overcloud-upgrades-per-service

7 years agoAdd ironic service support for composable upgrades
Steven Hardy [Thu, 1 Dec 2016 10:06:11 +0000 (10:06 +0000)]
Add ironic service support for composable upgrades

Change-Id: Ie1fe7db081d69db4b99869057352367e8e01760c
Partially-Implements: blueprint overcloud-upgrades-per-service

7 years agoSkip upgrade steps where no tasks are defined
Steven Hardy [Fri, 20 Jan 2017 16:51:36 +0000 (16:51 +0000)]
Skip upgrade steps where no tasks are defined

Use heat conditions to skip resources (conditionally create them)
when there are no tasks to deploy.

This requires the heat fix Iefae1fcea720bee4ed69ad1a5fe403d52d54433c

Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I2f43fb922d122ffade20e35738f0ba3bb56a4492

7 years agoAdd upgrade support for ceph OSD service
Steven Hardy [Fri, 20 Jan 2017 15:34:27 +0000 (15:34 +0000)]
Add upgrade support for ceph OSD service

This takes a subset of the logic from major_upgrade_ceph_storage.sh
and ports it into ansible tasks, which will be applied in a rolling
upgrade after the mon services are upgraded (in the step0 batch).

Change-Id: I6e87969add301e78bb665d7748e5f0df8eeae819
Partially-Implements: blueprint overcloud-upgrades-per-service

7 years agoAdd upgrade support for ceph-mon service
Steven Hardy [Fri, 20 Jan 2017 10:24:26 +0000 (10:24 +0000)]
Add upgrade support for ceph-mon service

Initial support for a rolling upgrade of ceph-mon services which
happens before the OpenStack services are upgraded.

Change-Id: Ifaebbe2ae884bd899cdc6f1c288274e5838792a6
Partially-Implements: blueprint overcloud-upgrades-per-service

7 years agoAdd support for batched upgrades to composable upgrades
Steven Hardy [Fri, 20 Jan 2017 10:45:19 +0000 (10:45 +0000)]
Add support for batched upgrades to composable upgrades

Some services (e.g ceph mon) require upgrading in batches (the old
upgrade architecture did the ceph mon upgrade one controller at a
time).  This interface enables doing the same, and over time we
can probably move more services into this interface (e.g when
services support rolling upgrades) to reduce downtime.

Change-Id: If581f301a5493ef33ac1386bdc22f9fca4f2544e
Partially-Implements: blueprint overcloud-upgrades-per-service

7 years agoUse versionless keystone endpoint for barbican-related configurations
Juan Antonio Osorio Robles [Wed, 7 Dec 2016 07:15:47 +0000 (09:15 +0200)]
Use versionless keystone endpoint for barbican-related configurations

castellan (the key manager interface used by nova and cinder) is no
longer tied to keystone v3 [1]. So now it's possible to use versionless
endpoints for keystone.

[1] I124c0ea2d9403d6b530b33f18896c4e7bf4eabb5

Change-Id: Id5d893a6a41077ab76ca59295593a27be5c3004c

7 years agoSet the correct default for gnocchi workers
Pradeep Kilambi [Wed, 25 Jan 2017 18:55:57 +0000 (13:55 -0500)]
Set the correct default for gnocchi workers

The current default is empty which overrides the puppet-gnocchi
os_workers calculated value. Instead default to the os_workers.

Change-Id: I9bf9a107c03172500f7c8c5e4353c20305c8e6b5

7 years agoAdd novajoin entries to the TLS-everywhere environment file
Juan Antonio Osorio Robles [Tue, 17 Jan 2017 23:02:35 +0000 (01:02 +0200)]
Add novajoin entries to the TLS-everywhere environment file

These metadata settings (the hardcoded metadata and the hook override)
are used by the novajoin service when it's deployed in the undercloud,
and will tell it to enroll the overcloud nodes and the services that are
specified by the metadata hook.

bp novajoin
bp tls-via-certmonger

Change-Id: Ia4645cc356688b7bcf82ed7765c0b74d53d64ed1