Cyril Lopez [Fri, 2 Dec 2016 16:26:52 +0000 (17:26 +0100)]
Make update-from-keystone-admin-internal-api.yaml work on newton+
There are change of ServiceNetMapDefaults in service_net_map.j2.yaml but
were not reproduce in update-from-keystone-admin-internal-api.yaml
environment. Tested in newton.
Closes-Bug: #
1646862
Change-Id: I307dcaabbc6d583896090bf3f046b442007fbc42
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
Co-Authored-By: Gregory Charot <gcharot@redhat.com>
Jenkins [Fri, 2 Dec 2016 14:34:41 +0000 (14:34 +0000)]
Merge "scenario001: deploy Cinder with RBD backend"
Jenkins [Fri, 2 Dec 2016 12:09:12 +0000 (12:09 +0000)]
Merge "Add Zaqar to scenario002"
Jenkins [Fri, 2 Dec 2016 12:08:37 +0000 (12:08 +0000)]
Merge "Composable Zaqar services"
Jenkins [Fri, 2 Dec 2016 09:41:28 +0000 (09:41 +0000)]
Merge "Use FQDN for rabbitmq's nodename env variable"
Jenkins [Fri, 2 Dec 2016 09:40:36 +0000 (09:40 +0000)]
Merge "Use network-based fqdn entry from hiera instead of the custom fact"
Jenkins [Fri, 2 Dec 2016 00:06:06 +0000 (00:06 +0000)]
Merge "scenario001: deploy Ceph"
Jenkins [Fri, 2 Dec 2016 00:05:20 +0000 (00:05 +0000)]
Merge "Implement scenario004 with Ceph Rados Gateway scenario"
Jenkins [Thu, 1 Dec 2016 23:10:07 +0000 (23:10 +0000)]
Merge "scenario003: configure Keystone tokens with Fernet provider"
Emilien Macchi [Thu, 1 Dec 2016 17:37:04 +0000 (12:37 -0500)]
scenario001: deploy Cinder with RBD backend
Improve scenario001 with Cinder + RBD coverage.
Also remove Barbican bits, we don't deploy Barbican in scenario001, but
002.
Change-Id: Ib9cadbefcb3ddcdb4812f47ff5496e74b2bd888d
Jenkins [Thu, 1 Dec 2016 19:59:51 +0000 (19:59 +0000)]
Merge "ceph-rgw: add missing user parameter"
Jenkins [Thu, 1 Dec 2016 19:56:23 +0000 (19:56 +0000)]
Merge "scenario001/pingtest: remove gnocchi_res_alarm"
Emilien Macchi [Thu, 1 Dec 2016 18:35:44 +0000 (13:35 -0500)]
scenario003: configure Keystone tokens with Fernet provider
Improve scenario003 to configure Keystone tokens with Fernet provider.
Scenario001 and scenario002 will still deploy uuid for now.
Change-Id: I8c671d0371b2c3590b58b9623bb0df0b0c625a5b
Emilien Macchi [Tue, 29 Nov 2016 22:47:36 +0000 (17:47 -0500)]
Implement scenario004 with Ceph Rados Gateway scenario
Like Puppet OpenStack CI, implement scenario004 with Ceph RGW scenario,
where Glance uses it as a image storage backend.
Change-Id: If055ca225c456a738c5726ef1e76a4a4f9c566a8
Emilien Macchi [Thu, 1 Dec 2016 15:00:18 +0000 (10:00 -0500)]
ceph-rgw: add missing user parameter
'user' is required or puppet-ceph will complain that the Keystone_user
has no title:
Evaluation Error: Missing title. The title expression resulted in undef
at /etc/puppet/modules/ceph/manifests/rgw/keystone/auth.pp
The value is set to Swift, as we use the same credentials as Swift
service.
Closes-Bug: #
1642524
Change-Id: Ib4a7c07086b0b3354c8e589612f330ecdffdc637
Jenkins [Thu, 1 Dec 2016 16:47:37 +0000 (16:47 +0000)]
Merge "Initial support for composable upgrades with Heat+Ansible"
Jenkins [Thu, 1 Dec 2016 16:47:31 +0000 (16:47 +0000)]
Merge "Introduce network-based FQDNs via hiera"
Jenkins [Thu, 1 Dec 2016 16:46:56 +0000 (16:46 +0000)]
Merge "Make pep8 task run template generation"
Jenkins [Thu, 1 Dec 2016 16:46:17 +0000 (16:46 +0000)]
Merge "Add local template generation tox task"
Emilien Macchi [Tue, 29 Nov 2016 22:56:59 +0000 (17:56 -0500)]
scenario001: deploy Ceph
Add Ceph to scenario001 and use it as a backend for Nova, Glance and
Gnocchi.
Change-Id: I29065d4b2ac39db40984873fda550d7adbe904fe
Emilien Macchi [Thu, 1 Dec 2016 14:49:04 +0000 (09:49 -0500)]
scenario001/pingtest: remove gnocchi_res_alarm
The resource is failing and it prevents us to add more coverage. Until
we figure what's wrong with it, let's disable it.
Change-Id: If89775bf67d686327d0d27222e0c9179be74a668
Jenkins [Thu, 1 Dec 2016 15:59:40 +0000 (15:59 +0000)]
Merge "Make scenario template paths relative"
Jenkins [Thu, 1 Dec 2016 14:43:26 +0000 (14:43 +0000)]
Merge "Configure /etc/hosts via os-collect-config script"
Jenkins [Thu, 1 Dec 2016 14:28:59 +0000 (14:28 +0000)]
Merge "Show team and repo badges on README"
Steven Hardy [Thu, 1 Dec 2016 10:00:57 +0000 (10:00 +0000)]
Initial support for composable upgrades with Heat+Ansible
This shows how we could wire in the upgrade steps using Ansible
as was previously proposed e.g in https://review.openstack.org/#/c/321416/
but it's more closely integrated with the new composable services
architecture.
It's also very similar to the approach taken by SpinalStack where
ansible snippets per-service were combined then run in a series of
steps using Ansible tags.
This patch just enables upgrade of keystone - we'll add support for
other patches in subsequent patches.
Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I39f5426cb9da0b40bec4a7a3a4a353f69319bdf9
Jenkins [Thu, 1 Dec 2016 13:01:14 +0000 (13:01 +0000)]
Merge "Hiera optimization: use a new hiera hook"
Jenkins [Thu, 1 Dec 2016 12:17:02 +0000 (12:17 +0000)]
Merge "Fix puppet/services/README.rst step description"
Juan Antonio Osorio Robles [Mon, 28 Nov 2016 08:15:32 +0000 (10:15 +0200)]
Use FQDN for rabbitmq's nodename env variable
Change-Id: Iee1afeced0b210a46b273aafc0d40e99d6ee6d4e
Juan Antonio Osorio Robles [Mon, 28 Nov 2016 11:07:12 +0000 (13:07 +0200)]
Use network-based fqdn entry from hiera instead of the custom fact
This changes how we get the network-based FQDNs for the specific
services, from using the custom fact, to the new hiera entries.
Change-Id: Iae668a5d89fb7bee091db4a761aa6c91d369b276
Juan Antonio Osorio Robles [Mon, 28 Nov 2016 10:58:25 +0000 (12:58 +0200)]
Introduce network-based FQDNs via hiera
Currently, one can get the network-based FQDNs via a custom puppet
fact. This is currently unreliable, as it's based on the ::hostname
fact which we assume it's set correctly by nova. However, this is not
necessarily the case (for instance, if you use pre-deployed services
such as we do with the multinode-jobs). In these cases, the
::hostname fact will return something other than what we specified in
nova, and effectively breaks the configurations in we relly too much
on the network-based FQDN facts.
By using hiera instead, we avoid this issue as we set those values to
be exactly what we expect (as we set them in the OS::TripleO::Server
resource.
Change-Id: I6ce31237098f57bdc0adfd3c42feef0073c224fb
Dan Prince [Tue, 11 Oct 2016 01:09:01 +0000 (21:09 -0400)]
Hiera optimization: use a new hiera hook
This patch optimizes how we deploy hiera by using a new
heat hook specifically designed to help compose hiera
within heat templates. As part of this change:
- we update all the 'hiera' software configurations to set the group to hiera
instead of os-apply-config.
- The new format uses JSON instead of YAML. The hook actually writes
out the hiera JSON directly so no conversion takes place. Arrays,
Strings, Booleans all stay in their native formats. As such we can avoid
having to do many of the awkward string and list conversions in t-h-t to
support the previous YAML formatting.
- The new hook prefers JSON over YAML so upgrading users will have the
new files prefered. (we will post a cleanup routine for the old files
soon but this isn't a new behavior, JSON is now simply prefered.)
- A lot of services required edits to account for default settings that
worked in YAML that no longer work correctly in the native JSON
format. In almost all these cases I think the resulting codes looks
cleaner and is more explicit with regards to what is getting
configured in hiera on the actual nodes.
Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b
Closes-bug: #
1596373
Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
Dan Prince [Mon, 7 Nov 2016 12:59:03 +0000 (07:59 -0500)]
Make pep8 task run template generation
This patch updates the pep8 task (which is executed in CI) so
that it generates templates locally. This will give us extra
CI coverage to ensure our generated templates produce valid
YAML.
Change-Id: I2287802d44c0ebe404d3fce30f04efcc3c6ab27f
Dan Prince [Mon, 7 Nov 2016 12:45:15 +0000 (07:45 -0500)]
Add local template generation tox task
This patch adds a local version of our template processing
routine so that developers can more quickly view the templates
that are actually getting generated. I've noticed multiple developers
now do a full deployment with 'overcloud deploy' only to download
the swift container with the generated templates. This simple task
avoids that step by allowing developers to generate it locally.
It also aims to preserve the ability to use t-h-t templates directly
with Heat (instead of going through Mistral) should users wish to do that.
The new undercloud heat installer requires the ability to generate
templates without requiring Mistral and Swift to do so.
Ideally the Mistral API workflow would use this same code
so perhaps in the future we might modify that routine to:
-download swift tarball containing the templates
-run this local routine that lives in t-h-t
-re-upload the tarball of templates to the swift container
Change-Id: Ie664c9c5f455b7320a58a26f35bc403355408d9b
Dan Prince [Mon, 21 Nov 2016 13:43:01 +0000 (08:43 -0500)]
Configure /etc/hosts via os-collect-config script
This patch moves the t-i-e element code for hosts configuration
into a t-h-t shell script that gets driven by a os-collect-config
script hook.
This helps accomplish several goals:
- moves us away from t-i-e
- gives us better signal handling in the error case (where the
previous element relied on 99-refresh-completed
- Allows the t-h-t undercloud installer to more easily consume this
since it doesn't rely on the old os-apply-config metadata (which
that installer doesn't support).
Change-Id: I73c3d4818ef531a3559fab272521f44519e2f486
Jenkins [Wed, 30 Nov 2016 19:15:02 +0000 (19:15 +0000)]
Merge "Add Neutron network type and VLAN ranges to network-environment.yaml"
Brad P. Crochet [Wed, 30 Nov 2016 12:06:33 +0000 (07:06 -0500)]
Add Zaqar to scenario002
Install Zaqar into the overcloud and create a queue with
OS::Zaqar::Queue in order to test the Zaqar composable service.
Change-Id: I9027d17fa3d75e6c3e23d6636642abadac8730ac
Depends-On: Ia5ca4fe317339dd05b0fa3d5abebca6ca5066bce
Jenkins [Wed, 30 Nov 2016 16:16:28 +0000 (16:16 +0000)]
Merge "Add Mistral to scenario003"
Jenkins [Wed, 30 Nov 2016 16:11:52 +0000 (16:11 +0000)]
Merge "get-occ-config.sh replace deprecated heat commands"
Jenkins [Wed, 30 Nov 2016 16:00:39 +0000 (16:00 +0000)]
Merge "Test encrypted volumes in scenario002"
Jenkins [Wed, 30 Nov 2016 15:58:54 +0000 (15:58 +0000)]
Merge "Apply os-net-config with a script instead of element"
Brad P. Crochet [Wed, 30 Nov 2016 15:42:51 +0000 (10:42 -0500)]
Make scenario template paths relative
To make local testing of scenario patches easier, this changes the paths
to the templates under test to be relative to the scenarios.
Change-Id: I12a45ee917c214a071f5de1e28f632dbf7d1fe9d
Brad P. Crochet [Wed, 30 Nov 2016 12:24:00 +0000 (07:24 -0500)]
Add Mistral to scenario003
Install Mistral into the test overcloud and create a workflow to
verify the Mistral installation. This does not currently actually
execute the workflow. It merely tests that it can be created.
Change-Id: Ia03a605bcfd92498bf299d3042dca7c9932f5b63
Depends-On: Id5ff9cb498b5a47af38413d211ff0ed6ccd0015b
Jenkins [Wed, 30 Nov 2016 11:26:12 +0000 (11:26 +0000)]
Merge "Disable all repos during rhel registration"
Emilien Macchi [Tue, 29 Nov 2016 22:28:07 +0000 (17:28 -0500)]
Fix grammar
Fix English grammar error I did in a previous commit.
Change-Id: I06209ab782240f05844793e56270135d48792f3d
Jenkins [Tue, 29 Nov 2016 17:22:25 +0000 (17:22 +0000)]
Merge "Revert "Set NeutronL3HA to false when deploying DVR""
Jenkins [Tue, 29 Nov 2016 14:18:11 +0000 (14:18 +0000)]
Merge "Import TripleO CI environments from tripleo-ci"
Juan Antonio Osorio Robles [Tue, 29 Nov 2016 13:49:54 +0000 (15:49 +0200)]
Test encrypted volumes in scenario002
This effectively adds barbican-api to the deployment in scenario002
and uses it to provide encrypted volumes for cinder that a nova
instance boots from in the test.
Change-Id: I132e346755fb49c9563247b4404be06b97f77872
Jenkins [Tue, 29 Nov 2016 01:02:31 +0000 (01:02 +0000)]
Merge "Stop using puppet to configure VIPs in /etc/hosts"
Steve Baker [Sun, 27 Nov 2016 22:17:07 +0000 (22:17 +0000)]
get-occ-config.sh replace deprecated heat commands
The modern openstack equivalent heat commands require no awk and will
be slightly more efficient.
The roles variable is optionally populated by OVERCLOUD_ROLES so that
a subset of roles can be specified.
Change-Id: I6b66cb3bd81825fba726dd45b0db25896908f6dd
Dan Prince [Wed, 23 Nov 2016 15:39:11 +0000 (10:39 -0500)]
Apply os-net-config with a script instead of element
Wire in os-net-config via a normal script heat deployment, which has the
following advantages:
1. Improved error path, currently o-a-c deployments don't report any
errors, thus hang and eventually the deployment times out
2. It's far more hackable from a deployer perspective, e.g it's
much easier to change the os-net-config options or include a
mapping file
3. Reduces our dependencies on o-a-c (it's only os-net-config and hiera
which requires it), although the script does currently still use oac to
get the metadata IP.
4. May enable passing os-net-config yaml via a json parameter in future,
reducing the need for resource_registry mappings (although we'll have to
support that for backwards compatibility)
The script used is based directly on 20-os-net-config (from t-i-e
at
cf94c5e, we can probably improve this now that we have an error path,
but for this initial commit it's a straight copy other than the changes to
replace o-a-c for rendering the json config file.
Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: I0ed08332cfc49a579de2e83960f0d8047690b97a
Martin MĂ¡gr [Mon, 28 Nov 2016 13:19:59 +0000 (14:19 +0100)]
Use correct type for SensuRedactVariables parameter
The parameter type is invalid making it impossible to enable monitoring-environment.
Change-Id: I835d1e82480edb0b6d082a7496d7ceebb1781728
Closes-Bug: #
1641080
Closes-Bug: rhbz#
1392473
Jenkins [Mon, 28 Nov 2016 10:17:03 +0000 (10:17 +0000)]
Merge "Enable TLS in the internal networkf or Mysql"
Jenkins [Mon, 28 Nov 2016 09:48:31 +0000 (09:48 +0000)]
Merge "adding swift middleware that is typically enabled by default"
John Schwarz [Mon, 28 Nov 2016 09:15:01 +0000 (09:15 +0000)]
Revert "Set NeutronL3HA to false when deploying DVR"
DVR+HA routers are officially supported, so this patch can be reverted.
This reverts commit
ce39dbac56123354576d2c31674e1b18535b0111.
Conflicts:
environments/neutron-ovs-dvr.yaml
Change-Id: Ifeceb0c3ba01e81403903401ebfe69b9e9d7d2f2
Jenkins [Sun, 27 Nov 2016 19:31:39 +0000 (19:31 +0000)]
Merge "Cleanup some inline comments in network/config"
Dan Prince [Fri, 25 Nov 2016 16:20:57 +0000 (11:20 -0500)]
Stop using puppet to configure VIPs in /etc/hosts
This patch drops use of the vip-hosts.yaml service which can
cause issues during deployment because puppet 'hosts' resources
overwrite the data in /etc/hosts. The only reason things seem to work
at all at the moment is because our hosts element in t-i-e runs
on each os-refresh-config iteration and re-adds the dropped hosts
entries.
To work around the issue we add a conditional which selectively
adds the extra hosts entries only if the AddVipsToEtcHosts is set
to true.
Closes-bug:
1645123
Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
Steven Hardy [Fri, 25 Nov 2016 16:57:41 +0000 (16:57 +0000)]
Fix puppet/services/README.rst step description
We removed Step 6 in Iae33149e4a03cd64c5831e689be8189ad0cf034b
but forgot to update the README. Similarly we made all roles
use the same steps in Ia2ea559e8eeb64763908f75705e3728ee90b5744
so the comment is no longer true.
Change-Id: If5482ebd22a2547ed2165199992840a0dcacb04c
Flavio Percoco [Thu, 24 Nov 2016 13:02:31 +0000 (14:02 +0100)]
Show team and repo badges on README
This patch adds the team's and repository's badges to the README file.
The motivation behind this is to communicate the project status and
features at first glance.
For more information about this effort, please read this email thread:
http://lists.openstack.org/pipermail/openstack-dev/2016-October/105562.html
To see an example of how this would look like check:
b'https://gist.github.com/
8e6d63aff05dc9e2a946f9012a34b334\n'
Change-Id: I0090c60b91624f6cc446bc020b1445b3919e0d40
Emilien Macchi [Thu, 24 Nov 2016 15:59:58 +0000 (10:59 -0500)]
Import TripleO CI environments from tripleo-ci
Import TripleO CI environments from tripleo-ci into THT for some
reasons:
1) THT is branched while tripleo-ci is not. Having them here would allow
to make scenarios able to evolve over the releases without adding
more scenarios.
2) Help our developers to run TripleO CI scenarios themselves from THT
by exposing the templates here.
The whole discussion is here:
http://lists.openstack.org/pipermail/openstack-dev/2016-November/107816.html
Change-Id: I3527a64c0c8f56ca77115d32849fa23fe710112d
Giulio Fidente [Fri, 25 Nov 2016 10:32:49 +0000 (11:32 +0100)]
Provide full list of services for Compute role in HCI scenario
Until bug #
1635409 is fixed, we can provide the full list of
services needed on the Compute role, plus CephOSD, in the
hyperconverged-ceph environment file, preserving the user
experience.
Change-Id: I42409bc098c740759b378969526e13efaf002d3c
Related-Bug: #
1635409
Juan Antonio Osorio Robles [Wed, 28 Sep 2016 09:51:13 +0000 (09:51 +0000)]
Enable TLS in the internal networkf or Mysql
This adds the necessary hieradata for enabling TLS for MySQL (which
happens to run on the internal network). It also adds a template so
this can be done via certmonger. As with other services, this will
fill the necessary specs for the certificate to be requested in a
hash that will be consumed in puppet-tripleo.
Note that this only enables that we can now use TLS, however, we still
need to configure the services (or limit the users the services use)
to only connect via SSL. But that will be done in another patch, as
there is some things that need to land before we can do this (changes
in puppetlabs-mysql and puppet-openstacklib).
Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118
Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
Jenkins [Thu, 24 Nov 2016 19:25:01 +0000 (19:25 +0000)]
Merge "Increase reserved memory for computes when enabling DVR"
Jenkins [Thu, 24 Nov 2016 19:24:54 +0000 (19:24 +0000)]
Merge "Disable Neutron agents with OVN."
Jenkins [Thu, 24 Nov 2016 19:24:48 +0000 (19:24 +0000)]
Merge "Make Ceilometer notifications non-blocking"
Jenkins [Thu, 24 Nov 2016 17:30:28 +0000 (17:30 +0000)]
Merge "Remove conditional for neutron l3_ha"
Jenkins [Thu, 24 Nov 2016 12:57:23 +0000 (12:57 +0000)]
Merge "Run os-net-config before restarting cluster on update"
Joe Talerico [Tue, 18 Oct 2016 16:01:27 +0000 (12:01 -0400)]
Disable Neutron agents with OVN.
OVN natively implements services that are provided by Neutron agents.
This patch disables the Neutron DHCP agent as well as the OVS agent
for compute nodes.
Closes-bug:
1634580
Change-Id: I70631c2facbbf08257868e26e14af942ad7f2893
Jenkins [Thu, 24 Nov 2016 09:23:59 +0000 (09:23 +0000)]
Merge "Explicitly set rabbit hosts so its not overridden during upgrade"
Jenkins [Thu, 24 Nov 2016 06:45:11 +0000 (06:45 +0000)]
Merge "Add panko api support to service templates"
Jenkins [Wed, 23 Nov 2016 18:50:49 +0000 (18:50 +0000)]
Merge "Add necessary parameters for encrypted volumes support"
Brent Eagles [Tue, 22 Nov 2016 20:48:45 +0000 (17:18 -0330)]
Run os-net-config before restarting cluster on update
Running os-net-config before restarting the cluster prevents changes to
the interface files caused by changes to implementation from bouncing
network interfaces after the cluster has restarted.
Closes-Bug: #
1644138
Change-Id: I65fb104465ff3d37ddc791634302994334136014
Jenkins [Wed, 23 Nov 2016 17:05:45 +0000 (17:05 +0000)]
Merge "Make the CloudDomain defaults match the doc strings"
Jenkins [Wed, 23 Nov 2016 15:57:20 +0000 (15:57 +0000)]
Merge "Remove Combination alarms support"
Pradeep Kilambi [Wed, 23 Nov 2016 15:39:08 +0000 (10:39 -0500)]
Explicitly set rabbit hosts so its not overridden during upgrade
During ceilometer pre upgrade, rabbit host config gets overridden in
ceilometer conf as its setting to defaults. This explicitly sets the
host info in standalone manifest.
Closes-Bug: #
1644278
Change-Id: I862ea7165c5d42ba1f9a19111a8be8934c0ef883
Dan Prince [Wed, 23 Nov 2016 15:19:40 +0000 (10:19 -0500)]
Cleanup some inline comments in network/config
This patch cleans up some inline comments that are a bit
non-standardly formatted so that we can more easily parse
these templates in an automated fashion.
Change-Id: Ibf91f3478fd894f9323d8805729ece9c5fab256f
Jenkins [Wed, 23 Nov 2016 15:27:38 +0000 (15:27 +0000)]
Merge "Configure Keystone Fernet Keys"
Jenkins [Wed, 23 Nov 2016 15:27:08 +0000 (15:27 +0000)]
Merge "Fix resource_registry path in enable-internal-tls"
Jenkins [Wed, 23 Nov 2016 10:35:25 +0000 (10:35 +0000)]
Merge "Fix ovs 2.4 to 2.5 upgrade - minor update non controllers"
Jenkins [Wed, 23 Nov 2016 10:09:21 +0000 (10:09 +0000)]
Merge "Containerized Services for Composable Roles"
Jenkins [Wed, 23 Nov 2016 01:29:08 +0000 (01:29 +0000)]
Merge "Enables auto-detection for VIP interfaces"
Julie Pichon [Tue, 22 Nov 2016 20:39:33 +0000 (20:39 +0000)]
Make the CloudDomain defaults match the doc strings
Not having the default easily accessible is causing issues for the UI,
as it cannot guess at it and can accidentally overwrite the value with
an empty string (the expected default when unset). The default is
already helpfully spelled out in the doc string for each file, this
updates the parameter to match it.
Change-Id: Ic284f9904e8f1d01cc717d59a0759f679d94106d
Closes-Bug: #
1643670
marios [Tue, 22 Nov 2016 18:19:26 +0000 (20:19 +0200)]
Fix ovs 2.4 to 2.5 upgrade - minor update non controllers
In I9b1f0eaa0d36a28e20b507bec6a4e9b3af1781ae and
I11fcf688982ceda5eef7afc8904afae44300c2d9 we landed a workaround
for the openvswitch 2.4 to 2.5 upgrade discussed in the bug below.
Unfortunately testing has revealed a problem with the minor update
case specifically for non controllers. It seems we would exit
before the ovs workaround has had a chance to execute. This moves
the block up a few lines to avoid this condition. As with the
other two reviews noted here, this will need to go into newton
and then mitaka too.
Change-Id: If905de82d96302334ebe02de9c43f00faed9b72b
Related-Bug:
1635205
Juan Antonio Osorio Robles [Tue, 22 Nov 2016 12:32:07 +0000 (14:32 +0200)]
Fix resource_registry path in enable-internal-tls
It had a wrong path and thus crashed when one tried to use it.
Change-Id: Ida4f899c76cce6e819d7e0effaf038f699763bee
Closes-Bug: #
1643863
Ian Main [Wed, 15 Jun 2016 06:46:44 +0000 (06:46 +0000)]
Containerized Services for Composable Roles
This change modifies the template interface to support containers and
converts the compute services to composable roles.
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Steve Baker <sbaker@redhat.com>
Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b
Jenkins [Tue, 22 Nov 2016 04:15:23 +0000 (04:15 +0000)]
Merge "Disable Options Indexes in horizon"
Jenkins [Mon, 21 Nov 2016 16:33:14 +0000 (16:33 +0000)]
Merge "Enable enforce_password_check"
Juan Antonio Osorio Robles [Wed, 16 Nov 2016 08:20:46 +0000 (10:20 +0200)]
Add necessary parameters for encrypted volumes support
If barbican is set, it will configure cinder and nova-compute with
the necessary parameters to enable encrypted volumes to be created if
requested.
Change-Id: Id13811cf8e090706c590ffff46c237ff8131efd9
Christian Schwede [Mon, 31 Oct 2016 22:03:11 +0000 (23:03 +0100)]
Make Ceilometer notifications non-blocking
Ceilometer notifications can be sent in a background thread, unblocking
the Swift proxy in case the RabbitMQ is not processing notifications
quick enough or even unavailable.
There is a default queue size of 1000 notifications. If more messages
are added to the queue these will be discarded, and a warning log entry
will be emitted.
Change-Id: I98022dcbf661a5bb7425f49ba8525225d61212dc
Steven Hardy [Fri, 18 Nov 2016 11:45:57 +0000 (11:45 +0000)]
Disable keepalived for HA deployments via t-h-t
Currently this is disabled via a conditional in the keepalived
profile in puppet-tripleo, but this will be incompatible with
the planned composable upgrades implementation. Instead we should
disable the service template by mapping to OS::Heat::None, and
ensure the haproxy manifest uses the t-h-t generated hiera value
keepalived_enabled instead of hard-coding a hiera override in the
haproxy template.
Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef
Partial-Bug: #
1642936
Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
Jenkins [Fri, 18 Nov 2016 11:08:16 +0000 (11:08 +0000)]
Merge "Use j2 loops in post.j2.yaml"
Jenkins [Fri, 18 Nov 2016 08:31:55 +0000 (08:31 +0000)]
Merge "Correct AllNodesDeploySteps depends_on"
Andreas Karis [Fri, 18 Nov 2016 00:30:11 +0000 (19:30 -0500)]
Disable Options Indexes in horizon
Security scanners complain that directory listings are enabled in horizon.
Change-Id: I1d7cfcb3521e8235a99bc452f1b7b92c20ce72ac
Closes-Bug: #
1637576
Pradeep Kilambi [Thu, 10 Nov 2016 23:34:40 +0000 (18:34 -0500)]
Add panko api support to service templates
This integrates panko service api into tripleo heat templates.
By default, we will disable this service, an environment service
file is included to enable if needed.
Depends-On: I35f283bdf8dd0ed979c65633724f0464695130a4
Change-Id: I07da3030c6dc69cce7327b54091da15a0c58798e
Steven Hardy [Thu, 17 Nov 2016 11:10:56 +0000 (11:10 +0000)]
Remove conditional for neutron l3_ha
This is handled in puppet-tripleo instead so we can remove the
hard-coded reference to ControllerCount and instead use the
hiera neutron_api_node_names to derive the number of neutron API
nodes regardless of roles.
Note that the NeutronL3HA parameter is maintained despite being
marked deprecated because we need to backport this bugfix so we
can't just remove it. I'm not sure if we want to consider removing
the deprecation as leaving the override parameter in place seems
fairly low overhead.
Closes-Bug: #
1629187
Change-Id: I7a77836dcaf809cc7959fca7691a4cd7d4af5d6a
Depends-On: I01c50973eec8138ec61304f2982d5026142f267c
Adam Young [Mon, 14 Nov 2016 19:54:25 +0000 (14:54 -0500)]
Configure Keystone Fernet Keys
Provision the Keystone Fernet Token provider
by installing 2 keys with dynamic content
generated by python-tripleoclient.
Note that this only sets up the necessary keys to use fernet as a token
provider, however, this does not intend to set it up as the default
provider; This will be discussed and will come as part of another
commit.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: Ic070d160b519b8637997dbde165dbf15275e0dfe
Change-Id: Iaa5499614417000c1b9ba42a776a50cb22c1bb30
Luke Hinds [Tue, 15 Nov 2016 13:51:36 +0000 (13:51 +0000)]
Enable enforce_password_check
By setting ENFORCE_PASSWORD_CHECK to `True`, it displays an 'Admin
Password' field on the Change Password form to verify that it is indeed
the admin logged-in who wants to change the password.
Change-Id: Ib11bef93b6b0c74063052875fa361290bf1e92fd
Depends-On: If7af97df7a011569a7e14fbab4f880688d7b82c3
Closes-Bug: #
1640806
Pradeep Kilambi [Wed, 16 Nov 2016 21:09:48 +0000 (16:09 -0500)]
Remove Combination alarms support
combination alarms are completely removed in Ocata.
Remove this from tripleo.
Change-Id: Iec2e26ebdaa108ddbb2cf45fc4b6c68023fb6ce0
Jenkins [Wed, 16 Nov 2016 16:23:14 +0000 (16:23 +0000)]
Merge "Do not manage overcloud repositories when using external Ceph"
Jenkins [Wed, 16 Nov 2016 16:22:49 +0000 (16:22 +0000)]
Merge "Use keystone profile parameter to pass heat password"
Jenkins [Wed, 16 Nov 2016 12:49:21 +0000 (12:49 +0000)]
Merge "Fix up Newton->Ocata rabbitmq ha policy"
Code Review / apex-tripleo-heat-templates.git / log