Jenkins [Sat, 19 Aug 2017 05:19:14 +0000 (05:19 +0000)]
Merge "Extend VNC port range"
Jenkins [Sat, 19 Aug 2017 03:14:49 +0000 (03:14 +0000)]
Merge "Prepare reno for TripleO Pike RC1"
Jenkins [Sat, 19 Aug 2017 03:14:19 +0000 (03:14 +0000)]
Merge "Convert scenario001-multinode-containers job to ceph-ansible"
Jenkins [Sat, 19 Aug 2017 03:14:05 +0000 (03:14 +0000)]
Merge "ci: don't deploy swift on basic multinode job"
Jenkins [Sat, 19 Aug 2017 03:13:49 +0000 (03:13 +0000)]
Merge "Enable TLS for nova-metadata"
Jenkins [Sat, 19 Aug 2017 03:13:28 +0000 (03:13 +0000)]
Merge "Add params needed for the ceph-ansible switch to containers playbook"
Jenkins [Sat, 19 Aug 2017 03:07:10 +0000 (03:07 +0000)]
Merge "Tag the ha containers with 'pcmklatest' at deploy time"
Jenkins [Sat, 19 Aug 2017 00:10:52 +0000 (00:10 +0000)]
Merge "Add support for Dell EMC Unity Cinder backend"
Jenkins [Fri, 18 Aug 2017 23:48:48 +0000 (23:48 +0000)]
Merge "scenario002/multinode: do not run containerized Zaqar"
Jenkins [Fri, 18 Aug 2017 23:37:28 +0000 (23:37 +0000)]
Merge "scenario002/container: run Barbican non-containerized"
Jenkins [Fri, 18 Aug 2017 23:14:50 +0000 (23:14 +0000)]
Merge "Workaround for RHEL registration as "localhost""
Emilien Macchi [Fri, 18 Aug 2017 16:49:45 +0000 (09:49 -0700)]
Prepare reno for TripleO Pike RC1
Change-Id: Ied1d57cd187ffe480912a3820587952aa88936c3
Jenkins [Fri, 18 Aug 2017 16:01:03 +0000 (16:01 +0000)]
Merge "Also write an upgrade_tasks_playbook"
Jenkins [Fri, 18 Aug 2017 15:25:44 +0000 (15:25 +0000)]
Merge "Enable listening on TLS for the internal network for horizon"
Emilien Macchi [Fri, 18 Aug 2017 15:11:12 +0000 (08:11 -0700)]
ci: don't deploy swift on basic multinode job
Swift is already deployed on scenario002, and we want to keep
basic multinode as basic as possible with only the minimum so it runs
faster and we can use it for early tests in our CI.
Change-Id: I6d2f434305d7ca0d704a9454b758670c39a0af4a
Jenkins [Fri, 18 Aug 2017 14:23:28 +0000 (14:23 +0000)]
Merge "Restore and split nova metadata docker service out of nova-api."
Jenkins [Fri, 18 Aug 2017 14:21:44 +0000 (14:21 +0000)]
Merge "TLS everywhere/docker: add nova services to environment"
Michele Baldessari [Tue, 8 Aug 2017 07:46:26 +0000 (09:46 +0200)]
Tag the ha containers with 'pcmklatest' at deploy time
We need to tag the HA containers with a special tag so
that the RA definition never changes. We do this step in THT
as opposed to puppet because we need to guarantee
that all images are tagged on all nodes *before* step 2 where the bundle
gets created.
NB: Getting the image name without the tag will require some more
yaql work to get all the cases right. Right now this works only
if we enforce that the image has a ':tag' at the end of the name.
So far this is always the case. If things change we will need to
amend this code.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com>
Change-Id: I362e6cf26fba77d3f949b7d2fc4b35a3eab9087e
Giulio Fidente [Tue, 18 Jul 2017 21:31:18 +0000 (23:31 +0200)]
Convert scenario001-multinode-containers job to ceph-ansible
Updates ci/environments/scenario001-multinode-containers.yaml
to use ceph-ansible instead of puppet-ceph.
Change-Id: Idbd02a3c7404daecdc6e2c45ea6d3478bf70552c
Depends-On: Ifa4937624ed14a3ece48dd92ba4f69b5e4928e77
Jenkins [Fri, 18 Aug 2017 09:17:15 +0000 (09:17 +0000)]
Merge "Refactor setup_docker_host.sh as host_prep_tasks"
Jenkins [Fri, 18 Aug 2017 07:43:47 +0000 (07:43 +0000)]
Merge "Provide sample environment for composable roles"
Jenkins [Fri, 18 Aug 2017 07:39:02 +0000 (07:39 +0000)]
Merge "Containerize Manila Share for HA"
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 13:10:27 +0000 (16:10 +0300)]
Enable listening on TLS for the internal network for horizon
This sets the flag that tells the horizon manifest to use TLS for the
configuration.
bp tls-via-certmonger
Depends-On: I7f2e11eb60c7b075e8a59f28682ecc50eeb95c3e
Change-Id: I13d59e7663538884b34b5a910b741de8721abbb9
Jenkins [Fri, 18 Aug 2017 02:50:50 +0000 (02:50 +0000)]
Merge "Add support for installing Ceph MDS via ceph-ansible"
Jenkins [Fri, 18 Aug 2017 02:23:17 +0000 (02:23 +0000)]
Merge "Make cinder-manage db sync run on only one controller during upgrade"
Jenkins [Fri, 18 Aug 2017 01:28:19 +0000 (01:28 +0000)]
Merge "Remove iscsid from TLS everywhere docker environment"
Oliver Walsh [Thu, 17 Aug 2017 21:47:21 +0000 (22:47 +0100)]
Restore and split nova metadata docker service out of nova-api.
I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7 changed nova api to http from
eventlet, however we need to continue running the eventlet service as
it is required for the nova metadata api.
However this should be tied to the OS::TripleO::Services::NovaMetadata
service, so duplicate the required config in nova-metadata.yaml.
Change-Id: I398575d565d5527bcaa1c8b33b9de2e1e0f2f6fd
Depends-On: Id3407e151566d16c6ae1e1ea8c1b021dac22e727
Closes-bug: #
1711425
Jenkins [Thu, 17 Aug 2017 19:10:04 +0000 (19:10 +0000)]
Merge "Mount NFS volume to docker container."
Jenkins [Thu, 17 Aug 2017 18:46:42 +0000 (18:46 +0000)]
Merge "Enable TLS configuration for containerized RabbitMQ"
James Slagle [Thu, 17 Aug 2017 18:27:30 +0000 (14:27 -0400)]
Workaround for RHEL registration as "localhost"
Workaround systems getting registered as "localhost" during
RHEL registration if they don't have a fqdn set by first
rm'ing the /etc/rhsm/facts directory. When the directory does not
exist, the katello-rshm-consumer which runs when installing
the katello-ca-consumer will not set the hostname.override fact to
"localhost".
Change-Id: Ia29aa9c775f715f9745bb7e1e4022cc395a7d092
Partial-Bug: #
1711435
Juan Antonio Osorio Robles [Thu, 17 Aug 2017 17:30:57 +0000 (17:30 +0000)]
Enable TLS for nova-metadata
This also tells the neutron metadata agent to use TLS for contacting
nova-metadata.
bp tls-via-certmonger
Depends-On: I97ac2da29be468c75713fe2fae7e6d84cae8f67c
Depends-On: I9df395dc699090bd73265d10395e155e9b8adb26
Change-Id: I9a8c54f6e052852b8f9d06a42da87773f4da3a15
Jenkins [Thu, 17 Aug 2017 16:08:31 +0000 (16:08 +0000)]
Merge "Enable TLS for containerized MySQL"
Jenkins [Thu, 17 Aug 2017 16:08:20 +0000 (16:08 +0000)]
Merge "Enable TLS for containerized haproxy"
Jenkins [Thu, 17 Aug 2017 15:51:00 +0000 (15:51 +0000)]
Merge "Render IP map and host maps according to network_data.yaml"
Jenkins [Thu, 17 Aug 2017 15:48:44 +0000 (15:48 +0000)]
Merge "Enable TLS configuration for containerized HAProxy"
Jiri Stransky [Tue, 30 May 2017 15:29:51 +0000 (17:29 +0200)]
Refactor setup_docker_host.sh as host_prep_tasks
Previously what we've been doing with setup_docker_host.sh can now be
achieved with host_prep_tasks, and we can free up the NodeUserData
interface for other use cases.
Closes-Bug: #
1711387
Change-Id: Iaac90efd03e37ceb02c312f9c15c1da7d4982510
Alex Schultz [Tue, 25 Jul 2017 21:38:46 +0000 (15:38 -0600)]
Provide sample environment for composable roles
Creating a sample environment generator configuration to generate basic
environment files for the following architectures:
* Monolithic HA (3 Controller, 3 Compute, 1 Ceph)
* Monolithic Non-HA (1 Controller, 1 Compute, 1 Ceph)
* Standalone (3 Controller, 3 Database, 3 Messaging, 2 Networker,
1 Compute, 1 Ceph)
Change-Id: Id0b967d3b2356f38a51e1028b2dccc122d59888c
Related-Blueprint: example-custom-role-environments
Jenkins [Thu, 17 Aug 2017 13:43:32 +0000 (13:43 +0000)]
Merge "README: Fix CI coverage layout"
rajinir [Wed, 26 Jul 2017 21:38:16 +0000 (16:38 -0500)]
Add support for Dell EMC Unity Cinder backend
This change adds a new define for cinder::backend::dellemc_unity.
Change-Id: I7f9dbb707cf9b5c90ec2f31dcff82cd578805b80
Implements: blueprint dellemc-unity-cinder
Juan Antonio Osorio Robles [Thu, 17 Aug 2017 08:06:32 +0000 (08:06 +0000)]
TLS everywhere/docker: add nova services to environment
Most nova services are working with TLS everywhere, so they can be
added to the environment.
The compute and libvirt services are still pending.
bp tls-via-certmonger-containers
Change-Id: I80745fff5fbd9a6ccd701c1d154b38ad41b0cc3c
Juan Antonio Osorio Robles [Thu, 17 Aug 2017 08:04:10 +0000 (08:04 +0000)]
Remove iscsid from TLS everywhere docker environment
Since nova-compute is not containerized with TLS yet, using containerized
iscsid causes errors when trying to spawn a VM with a volume. Since
the path is different in this case.
I will re-add iscsid to this environment once nova-compute is
containerized with TLS.
bp tls-via-certmonger-containers
Change-Id: Ida87b187e56ae852c5a4ef6f78cc04a0870fe3f4
Jenkins [Thu, 17 Aug 2017 07:21:15 +0000 (07:21 +0000)]
Merge "Remove duplicate Iscsid service in resource registry"
Emilien Macchi [Tue, 15 Aug 2017 19:48:24 +0000 (12:48 -0700)]
scenario002/multinode: do not run containerized Zaqar
It doesn't work yet, see:
https://bugs.launchpad.net/tripleo/+bug/
1710959
Change-Id: I05d5325aa704f8e18737e98d3bd6b4d00fc1dca6
Emilien Macchi [Tue, 15 Aug 2017 03:46:10 +0000 (20:46 -0700)]
scenario002/container: run Barbican non-containerized
... until https://review.openstack.org/#/c/474327 is merged.
In the meantime, let's test the scenario with Barbican like before.
Depends-On: Ib5c99482f62397fc5fb79a9dc537dfb06ee7f4df
Change-Id: Ia96736ad3ddabd33c5ee4518a3f63bafeffcf391
Jenkins [Thu, 17 Aug 2017 04:37:16 +0000 (04:37 +0000)]
Merge "Set default OSD pool size to 1 in scenario 001/004 containers"
Jenkins [Thu, 17 Aug 2017 01:02:22 +0000 (01:02 +0000)]
Merge "Containerize virtlogd"
Jenkins [Thu, 17 Aug 2017 01:00:06 +0000 (01:00 +0000)]
Merge "Delete docker-centos-tripleoupstream.yaml"
Jenkins [Wed, 16 Aug 2017 21:11:48 +0000 (21:11 +0000)]
Merge "Add ServiceData to hidden params"
Jenkins [Wed, 16 Aug 2017 19:46:32 +0000 (19:46 +0000)]
Merge "Add NeutronOverlayIPVersion parameter to neutron-plugins-ml2 service"
Victoria Martinez de la Cruz [Tue, 11 Jul 2017 19:42:15 +0000 (16:42 -0300)]
Containerize Manila Share for HA
This service allows configuring and deploying manila-share
containers in a HA overcloud managed by pacemaker.
The containers are managed and run by pacemaker. Pacemaker runs the
standard Kolla image but overrides the initial command so that
it explicitely calls manila-share. This way, we shield ourselves
from any unexpected future change in Kolla.
This container needs to use the 'docker_config' section to invoke
puppet (as opposed to 'docker_puppet_tasks'), because due to the HA
composability each resource creation needs to happen on the bootstrap
node of that service and 'docker_puppet_tasks' will only run on the
controller/primary role.
Based on work done in
fdb233e64e3d78014dd7e351abfed5aec5035866
Partial-Bug: #
1668922
Change-Id: Ifa94c506db5eb667690a19d594115a93d2a790b2
Depends-On: I797eea2f7788f65411964ccb852b5707e916416f
Emilien Macchi [Wed, 16 Aug 2017 17:28:29 +0000 (10:28 -0700)]
README: Fix CI coverage layout
Change-Id: Ib892f54781e568fb267a34390fec1a7e0323de2c
Giulio Fidente [Wed, 16 Aug 2017 15:38:33 +0000 (17:38 +0200)]
Add params needed for the ceph-ansible switch to containers playbook
Pre existing Ceph clusters are migrated to containers using a
playbook in ceph-ansible which requires setting some 'ireallymeanit'
variable.
1. https://github.com/ceph/ceph-ansible/issues/1758
Change-Id: I5c2f46b91cf032913931275ce62315f293f21c8b
Closes-Bug: #
1711159
Jenkins [Wed, 16 Aug 2017 15:30:29 +0000 (15:30 +0000)]
Merge "Render VIPs dynamically based on network_data.yaml"
John Fulton [Fri, 30 Jun 2017 22:07:46 +0000 (22:07 +0000)]
Add support for installing Ceph MDS via ceph-ansible
Based on puppet/services/ceph-mds.yaml. Nodes in the CephMds role
will already be in the Ansible inventory but this change provides
a way pass their parameters to ceph-ansible.
Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Ia3ef9e9a2b159dacea01e38762145ff2bcc7ba27
Dan Sneddon [Tue, 15 Aug 2017 18:39:53 +0000 (11:39 -0700)]
Render IP map and host maps according to network_data.yaml
This change renders the network IP maps and hostname maps for
all networks defined in network_data.yaml. This should make it
possible to create custom networks that will be rendered for
all applicable roles.
Note that at this time all networks will be rendered whether
they are enabled or not. All networks will be present in all
roles, but ports will be associated with noop.yaml in roles
that do not use the network. This is in accordance with
previous behavior, although we may wish to change this in
the future to limit the size of the role definitions and
reduce the number of placeholder resources in deployments
with many networks.
Note that this patch is a replacement for original patch
https://review.openstack.org/#/c/486280, which I was having
trouble rebasing to current.
Change-Id: I445b008fc1240af57c2b76a5dbb6c751a05b7a2a
Depends-on: I662e8d0b3737c7807d18c8917bfce1e25baa3d8a
Partially-implements: blueprint composable-networks
Giulio Fidente [Wed, 16 Aug 2017 11:41:28 +0000 (13:41 +0200)]
Set default OSD pool size to 1 in scenario 001/004 containers
When the OSD pool size is unset it defaults to 3, while we only
have a single OSD in CI so the pools are created but not writable.
We did set the default pool size to 1 in the non-containerized
scenarios but apparently missed it in the containerized version.
Change-Id: I1ac1fe5c2effd72a2385ab43d27abafba5c45d4d
Closes-Bug: #
1710773
Jenkins [Wed, 16 Aug 2017 06:43:02 +0000 (06:43 +0000)]
Merge "Don't unregister on system/resource delete"
Jenkins [Wed, 16 Aug 2017 01:38:32 +0000 (01:38 +0000)]
Merge "Bind mount tripleo.cnf in transient bootstrap containers"
Jenkins [Wed, 16 Aug 2017 01:38:25 +0000 (01:38 +0000)]
Merge "Convert network templates to be rendered via j2"
Jenkins [Wed, 16 Aug 2017 00:39:01 +0000 (00:39 +0000)]
Merge "Consolidate deployment in major-upgrade-composable-steps"
Jenkins [Tue, 15 Aug 2017 23:53:57 +0000 (23:53 +0000)]
Merge "Do not run clustercheck on the host after O->P upgrade"
Jenkins [Tue, 15 Aug 2017 23:53:29 +0000 (23:53 +0000)]
Merge "Internal TLS support for mongodb container"
Jenkins [Tue, 15 Aug 2017 23:53:22 +0000 (23:53 +0000)]
Merge "Set file mode permission of Ceph keyrings"
Jenkins [Tue, 15 Aug 2017 23:08:42 +0000 (23:08 +0000)]
Merge "Make network-isolation-v6 environment rendered for all roles"
Jenkins [Tue, 15 Aug 2017 16:12:19 +0000 (16:12 +0000)]
Merge "Fix parsing of DockerCephDaemonImage parameter"
Feng Pan [Tue, 16 May 2017 19:22:47 +0000 (15:22 -0400)]
Add NeutronOverlayIPVersion parameter to neutron-plugins-ml2 service
This patch adds NeutronOverlayIPVersion parameter to congfigure
neutron ML2 overlay_ip_version option from T-H-T. puppet-neutron
already has support for configuration of this option, we are just
exposing it from T-H-T. This parameter needs to be set to '6' when
IPv6 vxlan tunnel endpoints are desired.
Closes-Bug: #
1691213
Change-Id: I056afa25f67a3b6857bdfef14e6d582b0a9e5e93
Signed-off-by: Feng Pan <fpan@redhat.com>
Jenkins [Tue, 15 Aug 2017 14:34:38 +0000 (14:34 +0000)]
Merge "Fix Heat condition for RHEL registration yum update"
marios [Fri, 4 Aug 2017 11:55:48 +0000 (14:55 +0300)]
Also write an upgrade_tasks_playbook
To get this to work upgrade_tasks need to be rewritten with 'when'
statements like the update tasks (in parent review from shardy).
So that we don't break the existing upgrades workflow, we add these
as part of the config download see the depends on
Related-Bug:
1708115
Depends-On: Ief593dc758a2ffe33c1cbcbda9289393fcf023e4
Change-Id: Ib01b96a2c26721747d81d98e3d57c4c388663004
Steven Hardy [Wed, 9 Aug 2017 18:17:49 +0000 (19:17 +0100)]
Convert network templates to be rendered via j2
Use the network.network.j2.yaml to render these files, instead
of relying on the hard-coded versions.
Note this doesn't currently consider the _v6 templates as we may want
to deprecate these and instead rely on an ipv6 specific network_data file,
or perhaps make the network/network.network.j2.yaml generic and able to
detect the version from the cidr?
Change-Id: I662e8d0b3737c7807d18c8917bfce1e25baa3d8a
Partially-Implements: blueprint composable-networks
Jenkins [Mon, 14 Aug 2017 23:03:35 +0000 (23:03 +0000)]
Merge "Enable TLS configuration for containerized Galera"
Jenkins [Mon, 14 Aug 2017 23:03:27 +0000 (23:03 +0000)]
Merge "Make HA container bundle work on remote nodes"
Jenkins [Mon, 14 Aug 2017 23:03:17 +0000 (23:03 +0000)]
Merge "Convert cephstorage-role.yaml to role.role.j2.yaml"
Jenkins [Mon, 14 Aug 2017 22:52:21 +0000 (22:52 +0000)]
Merge "Fix metadata_settings in containerized mongodb"
Steve Baker [Wed, 26 Jul 2017 22:23:39 +0000 (10:23 +1200)]
Delete docker-centos-tripleoupstream.yaml
This file is generated and needs to be manually maintained. It
would be better for users who want to deploy latest directly from
docker hub to generate it locally by running:
openstack overcloud container image prepare \
--namespace tripleoupstream \
--tag latest \
--env-file docker-centos-tripleoupstream.yaml
The documentation and CI are being updated to use prepare.
Change-Id: I86503f1076459ae9d84a34e649a6097cba10fa3c
Closes-Bug: #
1696598
Jenkins [Mon, 14 Aug 2017 22:02:25 +0000 (22:02 +0000)]
Merge "Enable TLS for nova api and placement containers"
Jenkins [Mon, 14 Aug 2017 22:01:04 +0000 (22:01 +0000)]
Merge "Make containerized nova-api run with httpd"
John Fulton [Wed, 9 Aug 2017 21:07:40 +0000 (17:07 -0400)]
Set file mode permission of Ceph keyrings
Pass mode parameter to ceph-ansible in place of ACLs parameter
because ACLs are not for same UID in container as container host
and because ACLs are not passed by kolla_config.
Change-Id: I7e3433eab8e2a62963b623531f223d5abd301d16
Closes-Bug: #
1709683
Juan Antonio Osorio Robles [Mon, 14 Aug 2017 14:23:21 +0000 (14:23 +0000)]
Enable TLS for containerized MySQL
Bind mounts and adds the appropriate permissions for the cert and
key that's used for TLS.
bp tls-via-certmonger-containers
Change-Id: I7fae4083604c7dc89ca04141080a228ebfc44ac9
Ben Nemec [Mon, 14 Aug 2017 15:23:38 +0000 (10:23 -0500)]
Extend VNC port range
Per the attached bug, if a large number of instances are colocated
on a single compute node it is possible to exhaust the allowed VNC
ports. This change extends the range to include 1024 ports, which
with the default 16x overcommit ratio in Nova means we could handle
a fully loaded 64 core server. That's _probably_ overkill, but I
think it makes sense to overshoot a bit on this and ensure nobody
runs into weird problems because their VNC ports weren't allowed
through the firewall.
Change-Id: Ia48602e82b8e0fbb585371ea514eea3c2334dab0
Closes-Bug:
1678025
Juan Antonio Osorio Robles [Wed, 2 Aug 2017 07:34:02 +0000 (10:34 +0300)]
Enable TLS for containerized haproxy
This bind mounts the certificates if TLS is enabled in the internal
network. It also disables the CRL usage since we can't restart haproxy
at the rate that the CRL is updated. This will be addressed later and
is a known limitation of using containerized haproxy (there's the same
issue in the HA scenario). To address the different UID that the certs
and keys will have, I added an extra step that changes the ownership
of these files; though this only gets included if TLS in the internal
network is enabled.
bp tls-via-certmonger-containers
Depends-On: I2078da7757ff3af1d05d36315fcebd54bb4ca3ec
Change-Id: Ic6ca88ee7b6b256ae6182e60e07498a8a793d66a
James Slagle [Fri, 11 Aug 2017 12:05:10 +0000 (08:05 -0400)]
Don't unregister on system/resource delete
Don't unregister systems from the portal/satellite
when deleting from Heat. There are several reasons why
it's compelling to fix this behavior. See
https://bugs.launchpad.net/tripleo/+bug/
1710144
for full information. The previous behavior can be triggered
by setting the DeleteOnRHELUnregistration parameter to "true".
Closes-Bug: #
1710144
Change-Id: I909a6f7a049dc23fc27f2231a4893d428f06a1f1
James Slagle [Thu, 10 Aug 2017 17:42:31 +0000 (13:42 -0400)]
Fix Heat condition for RHEL registration yum update
There were 2 problems with this condition making the
rhel-registration.yal template broken:
"conditions" should be "condition"
The condition should refer to just a condition name defined in the
"conditions:" section of the template.
Change-Id: I14d5c72cf86423808e81f1d8406098d5fd635e66
Closes-Bug: #
1709916
Damien Ciabrini [Wed, 9 Aug 2017 07:25:42 +0000 (07:25 +0000)]
Fix metadata_settings in containerized mongodb
The containerized version of the mongodb service omits the
metadata_settings definition [1], which confuses certmonger when
internal TLS is enabled and make the generation of certificates fail.
Use the right setting from the non-containerized profile.
[1] https://review.openstack.org/#/c/461780/
Change-Id: I50a9a3a822ba5ef5d2657a12c359b51b7a3a42f2
Closes-Bug: #
1709553
Damien Ciabrini [Fri, 11 Aug 2017 11:24:12 +0000 (11:24 +0000)]
Bind mount tripleo.cnf in transient bootstrap containers
Various containerized services (e.g. nova, neutron, heat) run initial set up
steps with some ephemeral containers that don't use kolla_start. The
tripleo.cnf file is not copied in /etc/my.cnf.d and this can break some
deployments (e.g. when using internal TLS, service lack SSL settings).
Fix the configuration of transient containers by bind mounting of the
tripleo.cnf file when kolla_start is not used.
Change-Id: I5246f9d52fcf8c8af81de7a0dd8281169c971577
Closes-Bug: #
1710127
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Jiri Stransky [Tue, 30 May 2017 13:49:51 +0000 (15:49 +0200)]
Containerize virtlogd
So far we've been using virtlogd running on the host, we should now be
using virtlogd from a container.
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: I998c69ea1f7480ebb90afb44d6006953a84a1c04
Jose Luis Franco Arza [Mon, 14 Aug 2017 09:49:00 +0000 (11:49 +0200)]
Consolidate deployment in major-upgrade-composable-steps
After 483293 commit is merged, major-upgrade-composable-steps.yaml file
is pointing to the wrong location deployment, which is now under
common/ folder.
Change-Id: Ic6784533d1c21b5b8fcb422bccd820af72e499d9
Jenkins [Sun, 13 Aug 2017 22:26:57 +0000 (22:26 +0000)]
Merge "Pass monitor_address_block to ceph-ansible for mon_host"
Jenkins [Sun, 13 Aug 2017 06:56:00 +0000 (06:56 +0000)]
Merge "Add environment to disable deploy steps"
Jenkins [Sun, 13 Aug 2017 06:51:54 +0000 (06:51 +0000)]
Merge "Add support for update_tasks"
Jenkins [Sun, 13 Aug 2017 06:51:35 +0000 (06:51 +0000)]
Merge "Add RoleConfig output"
Jenkins [Sun, 13 Aug 2017 06:50:34 +0000 (06:50 +0000)]
Merge "Default docker_puppet_debug to false"
Jenkins [Sun, 13 Aug 2017 06:45:37 +0000 (06:45 +0000)]
Merge "Move deploy-steps-playbook to deploy-steps-tasks"
Jenkins [Sat, 12 Aug 2017 13:48:35 +0000 (13:48 +0000)]
Merge "Convert blockstorage-role.yaml to role.role.j2.yaml"
Jenkins [Sat, 12 Aug 2017 13:22:39 +0000 (13:22 +0000)]
Merge "Convert objectstorage-role.yaml to role.role.j2.yaml"
Giulio Fidente [Tue, 8 Aug 2017 11:25:27 +0000 (13:25 +0200)]
Fix parsing of DockerCephDaemonImage parameter
Splitting by colon using native str_split function did not work well
because we needed a right split.
This change replaces the str_split calls with yaql rightSplit().
Change-Id: Iab2f69a5fadc6b02e2eacf3c9d1a9024b0212ac6
Giulio Fidente [Tue, 8 Aug 2017 21:18:23 +0000 (23:18 +0200)]
Pass monitor_address_block to ceph-ansible for mon_host
The ip address which clients and other nodes use to connect to the
monitors is derived from the monitor_interface parameter unless
a monitor_address or monitor_address_block is given (to set mon_host
into ceph.conf); this change adds setting for monitor_address_block to
match the public_network so that clients attempt to connect to the mons
on the appropriate network.
Change-Id: I7187e739e9f777eab724fbc09e8b2c8ddedc552d
Closes-Bug: #
1709485
Steven Hardy [Fri, 21 Jul 2017 16:45:09 +0000 (17:45 +0100)]
Add environment to disable deploy steps
This enables either deploying without configuring any services, or
temporarily disabling the deploy steps such as will be required
for minor updates where we want to re-run the rolling update outside
of heat.
To deploy directly via ansible-playbook you can do e.g:
openstack overcloud config download --config-dir tmpconfig
cd tmpconfig/tripleo-6b02U7-config
ansible-playbook -vvv -b -i /usr/bin/tripleo-ansible-inventory deploy_steps_playbook.yaml
Which will run the same ansible steps as we normally run via heat.
Change-Id: I59947b67523dfcc43d454d4ac7d82b06804cf71d
Steven Hardy [Fri, 21 Jul 2017 10:43:25 +0000 (11:43 +0100)]
Add support for update_tasks
These work the same way as upgrade_tasks *but* they use a step variable
instead of tags, so we can iterate over a count/sequence which isn't
possibly via a wrapper playbook with tags (we may want to align upgrade
tasks with the same approach if this works out well).
Note the tasks can be run via ansible-playbook on the undercloud, like:
openstack overcloud config download --config-dir tmpconfig
cd tmpconfig/tripleo-HCrDA6-config
ansible-playbook -b -i /usr/bin/tripleo-ansible-inventory update_steps_playbook.yaml --limit controller
The above will do a rolling update for the Controller role (note the inconsistent
capitalization, we probably need to fix the group naming in tripleo-ansible-inventory)
because we specify serial: 1 in the playbook.
You can also trigger an update explicitly on one node like this, which is useful for debugging:
ansible-playbook -vvv -b -i /usr/bin/tripleo-ansible-inventory update_steps_playbook.yaml --limit overcloud-controller-0
Change-Id: I20bb3e26ab9d9cadf1a31fd304de8a014a901aa9
Steven Hardy [Thu, 20 Jul 2017 16:11:44 +0000 (17:11 +0100)]
Add RoleConfig output
This exposes the deploy workflow for all roles from deploy-steps
via overcloud.j2.yaml - which means we can write it via the new
openstack overcloud config download command and/or run the workflow
outside of heat via mistral
With https://review.openstack.org/#/c/485732/ applied to
tripleoclient it becomes possible to do:
openstack overcloud config download --config-dir tmpconfig
cd tmpconfig/tripleo-EvEZk0-config
ansible-playbook -b -i /usr/bin/tripleo-ansible-inventory deploy_steps_playbook.yaml
This runs the deploy steps, exactly the same as normally run via heat
via ansible-playbook for all overcloud nodes (--limit can be used to restrict
to specific nodes/roles).
Change-Id: I96ec09bc788836584c4b39dcce5bf9b80e914c71
Steven Hardy [Fri, 21 Jul 2017 10:21:09 +0000 (11:21 +0100)]
Default docker_puppet_debug to false
This isn't set unless the playbook is run via heat, so default it to false
to enable easier use via ansible-playbook combined with tripleo-ansible-inventory
Change-Id: I9705e4533831a019dd0051e5522d4b7958682506
Code Review / apex-tripleo-heat-templates.git / log