Koki Sanagi [Wed, 21 Dec 2016 20:13:56 +0000 (15:13 -0500)]
Add fossw of networking-fujitsu support to puppet-tripleo
Enable ml2.pp to call networking-fujitsu manifest in puppet-neutron
for fossw ML2 plugin setting.
Change-Id: I044c5812bbc5cd3de4bc33556cffbe5bad8e64cf
Implements: blueprint integration-fossw-networking-fujitsu
Depends-On: I79df6b6a27d95f0c0e2c87207ab80235a4efccfc
Jenkins [Thu, 22 Dec 2016 14:09:32 +0000 (14:09 +0000)]
Merge "Decouple swift-proxy from ceilometer packages"
Jenkins [Thu, 22 Dec 2016 14:05:24 +0000 (14:05 +0000)]
Merge "Add networking-fujitsu support to puppet-tripleo"
Jenkins [Thu, 22 Dec 2016 07:58:15 +0000 (07:58 +0000)]
Merge "Do not use hardcoded controller_node_names when setting up the cluster"
Tim Rozet [Tue, 20 Dec 2016 18:40:57 +0000 (13:40 -0500)]
Decouples neutron services from OpenDaylight API service
Removes including Neutron services in the OpenDaylight API service.
This was breaking custom roles when splitting up OpenDaylight and Neutron
into different roles. Also, references to "controller" are removed
because with custom roles OpenDaylight could be isolated to any role
type. The 'bootstrap_nodeid' still works with any role, and only
resolves to the first node in the series of nodes for that role type.
Partial-Bug:
1651499
Change-Id: I418643810ee6b8a2c17a4754c83453140ebe39c7
Signed-off-by: Tim Rozet <trozet@redhat.com>
Jenkins [Mon, 19 Dec 2016 22:39:40 +0000 (22:39 +0000)]
Merge "Disable legacy ceilometer api by default"
Jenkins [Mon, 19 Dec 2016 17:58:05 +0000 (17:58 +0000)]
Merge "Drop vip_hosts"
Jenkins [Mon, 19 Dec 2016 10:49:12 +0000 (10:49 +0000)]
Merge "Fix a typo in haproxy.pp"
Jenkins [Sat, 17 Dec 2016 01:34:07 +0000 (01:34 +0000)]
Merge "Add tripleo::ui rspec tests"
Koki Sanagi [Wed, 30 Nov 2016 17:58:19 +0000 (12:58 -0500)]
Add networking-fujitsu support to puppet-tripleo
Enable ml2.pp to call networking-fujitsu manifest in puppet-neutron.
The implementation in puppet-neutron is in progress separately.
Change-Id: I5eb2c2a9c50b5991d62f4b6d74b83351c86b02de
Implements: blueprint integration-networking-fujitsu
Depends-On: I37a502b43eb7d91bfe20625248ed117eae3ca535
Dan Prince [Fri, 9 Dec 2016 08:37:41 +0000 (09:37 +0100)]
Decouple swift-proxy from ceilometer packages
This patch updates the swift proxy so that it only depends
on ceilometer if the ceilometer_api_enabled all-nodes-data hiera
setting has been set.
Also removes a parameter dependency where the
tripleo::profile::base::swift::proxy class was referencing
a puppet-ceilometer value from hiera (which can
also cause ceilometer dependencies).
Depends-On: Ief5399d7ea4d26e96ce54903a69d660fa4fe3ce9
Change-Id: I8d9f69f5e9160543b372bd9886800f16f625fdc6
Closes-bug: #
1648736
Jenkins [Sun, 11 Dec 2016 00:19:33 +0000 (00:19 +0000)]
Merge "Changes default MidoNet API port on HAProxy"
Pradeep Kilambi [Fri, 9 Dec 2016 16:31:11 +0000 (11:31 -0500)]
Disable legacy ceilometer api by default
Ceilometer api is deprectaed in Ocata. Lets disable by default.
This can still be enabled by setting enable_legacy_ceilometer_api
param.
Change-Id: Iffb8c2cfed53d8b29e777c35cee44921194239e9
Emilien Macchi [Fri, 9 Dec 2016 11:15:55 +0000 (12:15 +0100)]
Release ocata-2
6.1.0 will be ocata-2.
Change-Id: Ic5c4e00135a1e876e755e6ada94abb42dd29f46a
Jenkins [Fri, 9 Dec 2016 09:51:04 +0000 (09:51 +0000)]
Merge "Add cinder profile spec tests"
Jenkins [Fri, 9 Dec 2016 08:38:42 +0000 (08:38 +0000)]
Merge "Delete MidoNet deprecated classes and their tests"
Michele Baldessari [Wed, 7 Dec 2016 16:59:03 +0000 (17:59 +0100)]
Do not use hardcoded controller_node_names when setting up the cluster
Currently we chose the pacemaker cluster node by simply taking
hiera('controller_node_names'). We should instead use the
pacemaker_short_node_names array which is built dynamically
from all the nodes that include the pacemaker service.
Change-Id: I0a3e4acaab11e078da5eeb2ef2adde5387785927
Flavio Percoco [Wed, 7 Dec 2016 14:16:41 +0000 (15:16 +0100)]
Create Glance's database if glance-api is enabled
Instead of checking for glance_registry_enabled, we should be checking
for glance_api_enabled. The glance-api v1 depends on the registry, which
means the database will be created but glance-api v2 doesn't which means
that not deploying the registry would result in the glance database not
being created. On the other hand, glance-registry is never deployed
without glance-api
Change-Id: Ief25dafb65f7a043fbb3d16f1d7ef834c9947a93
Alejandro Andreu [Mon, 21 Nov 2016 15:11:49 +0000 (16:11 +0100)]
Delete MidoNet deprecated classes and their tests
MidoNet no longer uses the API component. It has been renamed/refactored
to "cluster" as it can be seen on the docs at
https://blog.midonet.org/introducing-midonet-cluster-services/
Also there is no need to have a Cassandra and Zookeeper dedicated
classes, as we leverage this through the use of the midonet_openstack
puppet module.
Change-Id: I2f17aeeac2d1b121be0d445ff555320d5af5d270
Partial-Bug: #
1647302
Alex Schultz [Tue, 6 Dec 2016 23:52:02 +0000 (16:52 -0700)]
Add tripleo::ui rspec tests
Change-Id: I2eb5b84dbeedde58153bceb707fd15cce8f03d5e
Alex Schultz [Fri, 7 Oct 2016 21:43:37 +0000 (15:43 -0600)]
Add cinder profile spec tests
This change adds rspec testing for the cinder profiles with in
puppet-tripleo. Additionally while testing, it was found that the
backends may incorrectly have an extra , included in the settings
for cinder volume when running puppet 3. This change includes a fix
the cinder volume backends to make sure we are not improperly
configuring it with a trailing comma.
Change-Id: Ibdfee330413b6f9aecdf42a5508c21126fc05973
Jenkins [Sun, 4 Dec 2016 01:49:09 +0000 (01:49 +0000)]
Merge "Remove unused pacemaker profiles"
Jenkins [Sun, 4 Dec 2016 01:48:53 +0000 (01:48 +0000)]
Merge "Add verify required and CA bundle to haproxy"
Luke Hinds [Fri, 2 Dec 2016 10:39:11 +0000 (10:39 +0000)]
Fixes typo in sriov_numvfs releasenotes
Change-Id: I729702a5326d74ad35485fa7276af45e2223ec5f
Jenkins [Thu, 1 Dec 2016 14:30:04 +0000 (14:30 +0000)]
Merge "Update ceilometer collector ipv6 handling"
Jenkins [Thu, 1 Dec 2016 14:29:07 +0000 (14:29 +0000)]
Merge "Show team and repo badges on README"
Jenkins [Wed, 30 Nov 2016 17:06:10 +0000 (17:06 +0000)]
Merge "Use FQDNs for RabbitMQ's cluster configuration"
Jenkins [Wed, 30 Nov 2016 17:05:51 +0000 (17:05 +0000)]
Merge "Use FQDNs for the services' RabbitMQ configuration"
Juan Antonio Osorio Robles [Fri, 18 Nov 2016 13:39:07 +0000 (15:39 +0200)]
Add verify required and CA bundle to haproxy
This only takes effect is internal-tls is used, and forces haproxy to
do proper verifications of the SSL certificates provided by the
servers.
bp tls-via-certmonger
Change-Id: Ibd98ec46dd6570887db29f55fe183deb1c9dc642
Emilien Macchi [Tue, 29 Nov 2016 21:57:20 +0000 (16:57 -0500)]
pacemaker: create Mysql_user once Galera is ready (puppet4)
Puppet 4 ordering make things more strict in catalog, which is good.
Resources have to be orchestrated or Puppet will take them in the order
they are found in catalog.
This patch makes sure we create MySQL users only when Galera is actually
ready.
Closes-Bug: #
1645787
Change-Id: I536a1a128c3a7eca49bcc4f34a1307bcd60b029e
Jenkins [Tue, 29 Nov 2016 14:51:10 +0000 (14:51 +0000)]
Merge "Include local CA in haproxy PEM"
Jenkins [Mon, 28 Nov 2016 18:13:31 +0000 (18:13 +0000)]
Merge "Enable TLS in the internal network for Panko API"
Juan Antonio Osorio Robles [Mon, 28 Nov 2016 07:46:39 +0000 (09:46 +0200)]
Use FQDNs for RabbitMQ's cluster configuration
This sets the cluster_nodes configuration in RabbitMQ to use FQDNs
instead of IP addresses. Note that in HA, RabbitMQ is already
configured using FQDNs.
Change-Id: I2b1cec25ff25f4afd72a28246c2cda9c58d7b61e
Juan Antonio Osorio Robles [Mon, 28 Nov 2016 06:34:20 +0000 (08:34 +0200)]
Use FQDNs for the services' RabbitMQ configuration
This replaces the services' IP-based RabbitMQ configuration and uses
FQDNs instead.
Change-Id: I2be81aecacf50839a029533247981f5edf59cb7f
Jenkins [Mon, 28 Nov 2016 09:45:47 +0000 (09:45 +0000)]
Merge "adding new swift middleware that is typically enabled by default"
Dan Prince [Sun, 27 Nov 2016 18:34:32 +0000 (13:34 -0500)]
Drop vip_hosts
This should no longer be used based on problems discovered in
https://bugs.launchpad.net/tripleo/+bug/
1645123
Change-Id: I53b13d514a15226dacbeda1c7b2ede09e7f8807e
Depends-On: Ic6aaeb249a127df83894f32a704219683a6382b2
Jenkins [Fri, 25 Nov 2016 16:27:51 +0000 (16:27 +0000)]
Merge "Enable internal TLS for MySQL"
Flavio Percoco [Fri, 25 Nov 2016 15:18:44 +0000 (16:18 +0100)]
Show team and repo badges on README
This patch adds the team's and repository's badges to the README file.
The motivation behind this is to communicate the project status and
features at first glance.
For more information about this effort, please read this email thread:
http://lists.openstack.org/pipermail/openstack-dev/2016-October/105562.html
To see an example of how this would look like check:
https://gist.github.com/
5f53b5b51c414919aa857d0472158564
Change-Id: I89860cb042cd1c23cc5278a8f963f3d62e9492aa
Jenkins [Fri, 25 Nov 2016 14:45:13 +0000 (14:45 +0000)]
Merge "Do not configure state matching when using GRE"
Juan Antonio Osorio Robles [Fri, 25 Nov 2016 06:51:22 +0000 (08:51 +0200)]
Enable TLS in the internal network for Panko API
This optionally enables TLS for Panko API in the internal network.
If internal TLS is enabled, each node that is serving the Panko API
service will use certmonger to request its certificate.
bp tls-via-certmonger
Change-Id: Ie9be7ce19601435b1b83b4ba58d9c7e8d53f23ba
Juan Antonio Osorio Robles [Wed, 28 Sep 2016 09:32:35 +0000 (09:32 +0000)]
Enable internal TLS for MySQL
this adds the necessary code in the manfiest to configure TLS
if internal TLS is enabled. this also adds the capability of
auto-generating the certificate via certmonger.
bp tls-via-certmonger
Change-Id: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
Brent Eagles [Wed, 23 Nov 2016 22:29:58 +0000 (18:59 -0330)]
Do not configure state matching when using GRE
The firewall rule quite reasonably sets up a default state matching rule
but this is invalid for GRE. This patch conditionally adds the state
matching if the protocol is not GRE.
Closes-Bug: #
1644360
Change-Id: Ie4ca41d0f36e79ba6822c358e21b827105736dd7
Jenkins [Wed, 23 Nov 2016 15:51:51 +0000 (15:51 +0000)]
Merge "Remove Combination alarms support"
Jenkins [Wed, 23 Nov 2016 14:56:33 +0000 (14:56 +0000)]
Merge "Proxy manila in http mode"
Jenkins [Wed, 23 Nov 2016 13:54:33 +0000 (13:54 +0000)]
Merge "Move calculation of neutron l3_ha into puppet profile"
Alex Schultz [Tue, 22 Nov 2016 17:50:29 +0000 (10:50 -0700)]
Update ceilometer collector ipv6 handling
The normalize_ip_for_uri handles ipv6 bracketing correctly. Rather
than continue to do it manually, this change updates the ceilometer
collector profile to leverage the normalize_ip_for_uri function to
properly escape ipv6 addresses.
Change-Id: Ifaf6568785235db55f8dc593d83e534216413d31
Closes-Bug: #
1629380
Jenkins [Tue, 22 Nov 2016 11:13:41 +0000 (11:13 +0000)]
Merge "Use mode 'http' in haproxy for ceilometer, neutron, aodh and gnocchi"
Juan Antonio Osorio Robles [Tue, 22 Nov 2016 09:49:13 +0000 (11:49 +0200)]
Proxy manila in http mode
It needs it so HAProxy will be able to set the X-Forwarded-Proto header.
Related-Bug: #
1640126
Change-Id: I1726fa1742bc70518338b80fc6d27567bb020e7c
Juan Antonio Osorio Robles [Tue, 22 Nov 2016 08:31:02 +0000 (10:31 +0200)]
Use mode 'http' in haproxy for ceilometer, neutron, aodh and gnocchi
HAProxy won't pass X-Forwarded-Proto to these services in mode tcp, so we need
to switch it to http in order for it to work and for the services to properly
set the protocol in the links they serve.
Change-Id: Ib10282159fb9269eebe81af23171ec9fb1297cd0
Closes-Bug: #
1640126
Jenkins [Tue, 22 Nov 2016 00:59:08 +0000 (00:59 +0000)]
Merge "firewall: stop using stdlib stages"
Jenkins [Mon, 21 Nov 2016 23:58:42 +0000 (23:58 +0000)]
Merge "Adds auto-detection for VIP interfaces"
Jenkins [Mon, 21 Nov 2016 21:19:37 +0000 (21:19 +0000)]
Merge "Add panko service support"
Emilien Macchi [Mon, 21 Nov 2016 14:57:09 +0000 (09:57 -0500)]
firewall: stop using stdlib stages
Using Puppet stdlib in TripleO is risky because it exposes deployments
to dependency cycles in the catalog.
We should rather use native functions to make orchestrations, like
ordering and dependencies management.
This patch:
- removes usage of stages from stdlib
- use ordering to make sure we run pre rules before post
- use ordering to make sure we start all Services in catalog before post
rules. It ensure that we don't drop all traffic before starting the
services, which could lead to services errors (e.g. trying to reach database
or amqp)
Change-Id: Iec4705d6b785a40ccf6f43809b94b726ccd47fef
Closes-Bug: #
1643575
Steven Hardy [Thu, 17 Nov 2016 11:02:57 +0000 (11:02 +0000)]
Move calculation of neutron l3_ha into puppet profile
This is currently calculated in t-h-t but has a hard-coded reference
to the ControllerCount which is incompatible with custom-roles.
So instead calculate the setting based on the number of neutron API
services running (on any role, not just Controller), combined with
whether DVR is enabled (equivalent to current t-h-t logic).
To avoid breaking the NeutronL3HA parameter in t-h-t we maintain an
optional parameter to override the calculated value.
Change-Id: I01c50973eec8138ec61304f2982d5026142f267c
Partial-Bug: #
1629187
Tim Rozet [Mon, 24 Oct 2016 20:30:22 +0000 (16:30 -0400)]
Adds auto-detection for VIP interfaces
Previously the ctrl plane VIP would default to 'br-ex' which in non-vlan
deployments ends up being the wrong interface. The public VIP interface
was also defaulted to 'br-ex' which would be incorrect for vlan based
deployments. Since a user has already given the nic template (and in
most cases the subnet that corresponds to the nic) the installer should
be able to figure out which interface the public/control vip should be
on.
These changes enable that type of auto-detection, unless a user
explicitly overrides the heat parameters for ControlVirtualInterface and
PublicVirtualInterface. Also removes calling keepalived from haproxy
now that the services are composed separately on the Controller role.
Partial-Bug:
1606632
Change-Id: I05105fce85be8ace986db351cdca2916f405ed04
Signed-off-by: Tim Rozet <trozet@redhat.com>
Alejandro Andreu [Thu, 17 Nov 2016 16:22:44 +0000 (17:22 +0100)]
Changes default MidoNet API port on HAProxy
The default port of the MidoNet Cluster (formerly known as MidoNet API)
is now 8181 instead of 8081.
Since this parameter is configurable through the settings, the default
value for the port has been added to the $service_ports array.
Change-Id: I2785d3109993bca0bd68077ff55cfeafbf594e19
Steven Hardy [Thu, 17 Nov 2016 17:37:45 +0000 (17:37 +0000)]
Replace hard-coded haproxy/keepalived coupling
We have a variable in hiera which tells us if the keepalived
service is enabled, so use it here. Without this any deployment
disabling OS::TripleO::Services::Keepalived will fail.
Change-Id: I90faf51881bd05920067c1e1d82baf5d7586af23
Closes-Bug: #
1642677
Pradeep Kilambi [Wed, 16 Nov 2016 21:10:57 +0000 (16:10 -0500)]
Remove Combination alarms support
combination alarms are completely removed in Ocata.
Remove this from tripleo.
Change-Id: Icdf81d2f489db33533a1a0979cba3b5a652535d5
Jenkins [Thu, 17 Nov 2016 08:07:53 +0000 (08:07 +0000)]
Merge "Sort parameters in keystone profile alphabetically"
Jenkins [Wed, 16 Nov 2016 18:33:58 +0000 (18:33 +0000)]
Merge "Prepare 6.0.0 (ocata-1)"
Juan Antonio Osorio Robles [Wed, 16 Nov 2016 12:21:04 +0000 (14:21 +0200)]
Sort parameters in keystone profile alphabetically
Change-Id: I035c26e0f50e4b3fc0f6085fa5a4bf524e4852b7
Juan Antonio Osorio Robles [Wed, 16 Nov 2016 06:34:08 +0000 (08:34 +0200)]
Remove explicit hiera calls for heat in keystone profile
These are now passed via the heat profiles in t-h-t (via
heat-base.yaml and heat-engine.yaml) and use the actual names of
keystone parameters instead.
Change-Id: Id0f5dd03b6757df989339c93b58a5b7eac3402a2
Depends-On: I0e5124d57fdc519262fdec2dbeaaac85afaeebdf
Emilien Macchi [Wed, 16 Nov 2016 02:38:14 +0000 (21:38 -0500)]
Prepare 6.0.0 (ocata-1)
Prepare the first release of Ocata.
Change-Id: Ib8173d1ce26752216aeaab835f483503cf82b217
Jenkins [Tue, 15 Nov 2016 18:21:14 +0000 (18:21 +0000)]
Merge " Enable TLS in the internal network for Barbican API"
Pradeep Kilambi [Thu, 10 Nov 2016 21:41:32 +0000 (16:41 -0500)]
Add panko service support
Change-Id: I35f283bdf8dd0ed979c65633724f0464695130a4
Jenkins [Mon, 14 Nov 2016 09:36:37 +0000 (09:36 +0000)]
Merge "Fix barbican server name to not use aodh hiera"
Juan Antonio Osorio Robles [Mon, 14 Nov 2016 07:04:46 +0000 (09:04 +0200)]
Enable TLS in the internal network for Barbican API
This optionally enables TLS for Barbican API in the internal network.
If internal TLS is enabled, each node that is serving the Barbican API
service will use certmonger to request its certificate.
bp tls-via-certmonger
Change-Id: I1c1d3dab9bba7bec6296a55747e9ade242c47bd9
Jenkins [Fri, 11 Nov 2016 19:23:10 +0000 (19:23 +0000)]
Merge "Normalize civetweb binding address if IPv6"
Jenkins [Fri, 11 Nov 2016 19:19:40 +0000 (19:19 +0000)]
Merge "Enable TLS in the internal network for Cinder API"
Jenkins [Fri, 11 Nov 2016 15:43:03 +0000 (15:43 +0000)]
Merge "Ensure keepalived is restarted when necessary."
Giulio Fidente [Wed, 9 Nov 2016 20:01:51 +0000 (21:01 +0100)]
Normalize civetweb binding address if IPv6
The civetweb binding format is IP:PORT; this change ensures the IP
is enclosed in brackets if IPv6.
To do so we add the bind_ip and bind_port parameters to the
rgw service class.
Change-Id: Ib84fa3479c2598bff7e89ad60a1c7d5f2c22c18c
Co-Authored-By: Lukas Bezdicka <social@v3.sk>
Related-Bug: #
1636515
Pradeep Kilambi [Thu, 10 Nov 2016 23:19:27 +0000 (18:19 -0500)]
Fix barbican server name to not use aodh hiera
this looks like a copy/paste error. Let barbican use its own
hiera data.
Change-Id: I84118c1a561c3db2f18504b55c5a8c4f042e7e3b
Ben Nemec [Thu, 10 Nov 2016 23:03:58 +0000 (23:03 +0000)]
Fix puppet lint failure
I'm not sure how this merged, but it's causing failures in other
patches to puppet-tripleo.
Change-Id: Ib20d349fa9abd6347739190bb29a02b6e3eb839d
Thiago da Silva [Wed, 9 Nov 2016 22:47:45 +0000 (17:47 -0500)]
adding new swift middleware that is typically enabled by default
These are features that are typically enabled by default
in any swift cluster.
Change-Id: Ie323f68255a73d46e774cbf49d9353c3bf90c35e
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Jenkins [Wed, 9 Nov 2016 13:27:01 +0000 (13:27 +0000)]
Merge "Enable TLS in the internal network for Nova API"
Jenkins [Wed, 9 Nov 2016 13:26:32 +0000 (13:26 +0000)]
Merge "Better way to ensure keepalived before haproxy."
Jenkins [Wed, 9 Nov 2016 13:22:42 +0000 (13:22 +0000)]
Merge "Wrong default in docstring"
Jenkins [Wed, 9 Nov 2016 10:48:44 +0000 (10:48 +0000)]
Merge "Pass X-Forwarded-Proto for missing services"
Sofer Athlan-Guyot [Tue, 8 Nov 2016 15:44:26 +0000 (16:44 +0100)]
Ensure keepalived is restarted when necessary.
If os-collect-config/config.json is updated before an upgrade/update,
then the os-net-config run will automatically erase the keepalived
managed ips.
This is a hackish way to ensure that keepalived is restarted during the
next phase in order to have the ip recreated.
It basically adds a comment line to the keepalived.conf file (making it
different than the puppet one) if it's there. This will force a puppet
restart of the keepalive service puting the ips back on the undercloud.
Change-Id: I56b706ff44ba31aa87a63f870940831ce02a6e77
Closes-Bug: #
1640213
Related-Bug: #
1638029
Jenkins [Tue, 8 Nov 2016 18:00:24 +0000 (18:00 +0000)]
Merge "Add proper handling of IPv6 addresses for rabbit host/port handling"
Sofer Athlan-Guyot [Tue, 8 Nov 2016 09:16:53 +0000 (10:16 +0100)]
Better way to ensure keepalived before haproxy.
The lastest patchset of https://review.openstack.org/393361 was actually
not working.
The `if defined` idiom depends on *evaluation* order.
At the time it's red in the haproxy.pp class, the line that loads the
class 'haproxy' has still not yet been reached and thus the `defined`
result is false. The constraint is not added.
For this reason, the use of `defined` in module is not advised by
puppetlabs[1].
[1] https://docs.puppet.com/puppet/latest/reference/function.html#defined
Change-Id: Ibd352cb313f8863d62db8987419378bed5b87256
Relates-To: #
1638029
Jenkins [Tue, 8 Nov 2016 16:19:48 +0000 (16:19 +0000)]
Merge "Enable TLS in the internal network for gnocchi"
Jenkins [Tue, 8 Nov 2016 16:12:46 +0000 (16:12 +0000)]
Merge "Improve failed mysql node removal time in HA deploys."
MikeG451 [Tue, 8 Nov 2016 15:30:50 +0000 (15:30 +0000)]
Wrong default in docstring
Update default doc default for bind_host to match previous change
http://review.openstack.org/386817/
Change-Id: Iff048ba7152c1b7e945f284311215c8f872c1409
Closes-bug: #
1640104
Juan Antonio Osorio Robles [Tue, 8 Nov 2016 11:22:13 +0000 (13:22 +0200)]
Pass X-Forwarded-Proto for missing services
aodh, ceilometer, gnocchi and neutron need the X-Forwarded-Proto in
order to return links with the correct protocol when SSL is enabled.
This enables it in HAProxy
Change-Id: Icceab92f86b1cc40d42195fa4ba0c75f302795b8
Closes-Bug: #
1640126
Chris Jones [Fri, 4 Nov 2016 10:01:24 +0000 (10:01 +0000)]
Improve failed mysql node removal time in HA deploys.
In HA deployments, we now check mysql nodes every 1s and removed them
immediately if they are failed. Previously we would check every 2s and
allow them to fail 5 checks before being removed, producing errors from
other OpenStack services for 10s, which causes confusion and delay for
operators.
Additionally, these check options are now also a class parameter so can
be overridden by operators.
Closes-Bug: #
1639189
Change-Id: I0b915f790ae5a4b018a212d3aa83cca507be05e9
Juan Antonio Osorio Robles [Tue, 8 Nov 2016 07:05:12 +0000 (09:05 +0200)]
Include local CA in haproxy PEM
In order for the browser to trust the certificate served by HAProxy
we need to include the CA cert in the PEM file that the endpoints
serve.
Change-Id: Ibce76c1aa04bd3cb09a804c6e9789c55d8f2b417
Closes-Bug: #
1639807
Brent Eagles [Tue, 8 Nov 2016 04:32:29 +0000 (01:02 -0330)]
Add proper handling of IPv6 addresses for rabbit host/port handling
This patch changes the rabbit_hosts config generation to work properly
with IPv6 addresses.
Closes-Bug: #
1639881
Change-Id: I07cd983880a4a75a051e081dcb96134cb5c6f5e8
Steven Hardy [Mon, 7 Nov 2016 11:35:05 +0000 (11:35 +0000)]
Increase haproxy timeouts
It's been proposed this may help with the
('Connection aborted.', BadStatusLine("''",)) errors.
This patch increase queue, server and client timeouts to 2m (default is 1m)
Related-Bug: #
1638908
Change-Id: Ie4f059f3fad2271bb472697e85ede296eee91f5d
Emilien Macchi [Mon, 31 Oct 2016 14:39:43 +0000 (10:39 -0400)]
swift/proxy: configure rabbitmq properly
Use rabbitmq_node_ips to find out where rabbitmq nodes are, and have
correct ipv6 syntax if required.
Closes-Bug:
1637443
Change-Id: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d
Jenkins [Thu, 3 Nov 2016 10:07:47 +0000 (10:07 +0000)]
Merge "Fix default for barbican documentation"
Jenkins [Thu, 3 Nov 2016 08:47:05 +0000 (08:47 +0000)]
Merge "Make sure keepalived is restarted before haproxy."
Alex Schultz [Tue, 1 Nov 2016 19:43:17 +0000 (13:43 -0600)]
Create heat user in keystone profile
Rather than use the heat::keystone::domain class which also includes the
configuration options, we should just create the user for heat in
keystone independently of the configuration.
Change-Id: I7d42d04ef0c53dc1e62d684d8edacfed9fd28fbe
Related-Bug: #
1638350
Closes-Bug: #
1638626
Juan Antonio Osorio Robles [Tue, 1 Nov 2016 10:06:49 +0000 (12:06 +0200)]
Enable TLS in the internal network for Cinder API
This optionally enables TLS for Cinder API in the internal network.
If internal TLS is enabled, each node that is serving the Cinder API
service will use certmonger to request its certificate.
bp tls-via-certmonger
Change-Id: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863
Juan Antonio Osorio Robles [Tue, 1 Nov 2016 12:09:33 +0000 (14:09 +0200)]
Fix default for barbican documentation
Change-Id: Id4dc2379b0c423012a0b3aaf49d1e1a7d633a03b
Jenkins [Tue, 1 Nov 2016 12:59:19 +0000 (12:59 +0000)]
Merge "Add barbican profile rspec testing"
Jenkins [Tue, 1 Nov 2016 12:58:55 +0000 (12:58 +0000)]
Merge "Add barbican profile"
Jenkins [Tue, 1 Nov 2016 12:12:57 +0000 (12:12 +0000)]
Merge "Fixes transparent binding to OpenDaylight in HA Proxy"
Jenkins [Tue, 1 Nov 2016 11:23:19 +0000 (11:23 +0000)]
Merge "NFS mounting for Glance file backend"
Juan Antonio Osorio Robles [Wed, 19 Oct 2016 07:30:18 +0000 (10:30 +0300)]
Enable TLS in the internal network for Nova API
This optionally enables TLS for Nova API in the internal network.
If internal TLS is enabled, each node that is serving the Nova API
service will use certmonger to request its certificate.
Note that this doesn't enable internal TLS for the nova metadata
service since it doesn't run over httpd. This will be handled in
a later commit.
bp tls-via-certmonger
Change-Id: I88380a1ed8fd597a1a80488cbc6ce357f133bd70
Code Review / apex-puppet-tripleo.git / log