apex-tripleo-heat-templates.git
7 years agoOne time delete pacemaker resources during upgrade to containers
Marius Cornea [Thu, 7 Sep 2017 13:38:54 +0000 (15:38 +0200)]
One time delete pacemaker resources during upgrade to containers

This change allows running the major upgrade composable docker
steps multiple times by not trying to delete the pacemaker resources
if they're not reported as started or in master state.

Closes-bug: 1716031
Depends-On: I8da03f5c4a6d442617b81be5793a9724cc8842bf
Change-Id: Ifcf9de8c82550a90a9fb118052d43fdbcdc6ca7e
(cherry picked from commit 64d7be1e3d4552e06cbc53f788572e530cc5c3bb)

7 years agoRetry if the pacemaker_resource commands failed
Mathieu Bultel [Mon, 28 Aug 2017 15:24:47 +0000 (17:24 +0200)]
Retry if the pacemaker_resource commands failed

Add a retry when the pacemaker_resource command
wasn't apply correctly, more info here:
https://bugzilla.redhat.com/show_bug.cgi?id=1482116

This is the same approach puppet-pacemaker uses
and provides eventual consistency when multiple
nodes change the cluster CIB concurrently.

This change depends-on :
https://review.gerrithub.io/375982

The return code is not available in the current
ansible-pacemaker package.

Change-Id: I8da03f5c4a6d442617b81be5793a9724cc8842bf
(cherry picked from commit e92430d8d03fc2ce2d0ce192b96209f2c5c04169)

7 years agoMerge "Enable redis TLS proxy in HA deployments" into stable/pike
Jenkins [Wed, 13 Sep 2017 22:34:26 +0000 (22:34 +0000)]
Merge "Enable redis TLS proxy in HA deployments" into stable/pike

7 years agoMerge "Add CephConfigOverrides to allow arbitrary configs in ceph.conf" into stable...
Jenkins [Wed, 13 Sep 2017 21:26:58 +0000 (21:26 +0000)]
Merge "Add CephConfigOverrides to allow arbitrary configs in ceph.conf" into stable/pike

7 years agoMerge "Add RoleConfig output to major_upgrade_steps.j2.yaml" into stable/pike
Jenkins [Wed, 13 Sep 2017 17:46:35 +0000 (17:46 +0000)]
Merge "Add RoleConfig output to major_upgrade_steps.j2.yaml" into stable/pike

7 years agoMerge "Enable selinux in containers" into stable/pike
Jenkins [Wed, 13 Sep 2017 04:57:05 +0000 (04:57 +0000)]
Merge "Enable selinux in containers" into stable/pike

7 years agoMerge "Add verbose output to containerized cell_v2 host discovery" into stable/pike
Jenkins [Wed, 13 Sep 2017 04:55:53 +0000 (04:55 +0000)]
Merge "Add verbose output to containerized cell_v2 host discovery" into stable/pike

7 years agoAdd RoleConfig output to major_upgrade_steps.j2.yaml
Steven Hardy [Mon, 11 Sep 2017 13:39:06 +0000 (14:39 +0100)]
Add RoleConfig output to major_upgrade_steps.j2.yaml

I96ec09bc788836584c4b39dcce5bf9b80e914c71 added this output to the
deploy-steps.j2, but missed adding this to the major upgrade template
which means the overcloud RoleConfig output is broken after the upgrade
(until the converge update switches back to the deploy-steps.j2 derived
template)

Closes-Bug: #1716404
Change-Id: I331fa18b456ca2d6c124316d513374e3fe5a5007
(cherry picked from commit 27018b4182d77abf612697cfe54a4fc3ceeb6be5)

7 years agoAdd CephConfigOverrides to allow arbitrary configs in ceph.conf
Giulio Fidente [Wed, 6 Sep 2017 07:39:12 +0000 (09:39 +0200)]
Add CephConfigOverrides to allow arbitrary configs in ceph.conf

We need to reuse the ceph_conf_overrides structure provided by
ceph-ansible for both user provided configs and TripleO managed
configs. This change merges the special user facing parameter
with the TripleO generated configs.

Also adds osd_scenario and osd_objectstore params for compatibility
with newer ceph-ansible versions.

Change-Id: I29c689c6c689590da5b6a3f581fdbec98a52e207
Closes-Bug: #1715321
(cherry picked from commit 32bc2abf14af4ca1449e18b848e2be3cff013987)

7 years agoMerge "Add panko config to ceilometer notification agent container" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:22:36 +0000 (04:22 +0000)]
Merge "Add panko config to ceilometer notification agent container" into stable/pike

7 years agoMerge "Fixes OpenDaylight updating port status" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:22:29 +0000 (04:22 +0000)]
Merge "Fixes OpenDaylight updating port status" into stable/pike

7 years agoMerge "Add a docker pull retry to docker-puppet.py" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:22:22 +0000 (04:22 +0000)]
Merge "Add a docker pull retry to docker-puppet.py" into stable/pike

7 years agoMerge "Add DhcpAgentNotification param to neutron base" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:21:38 +0000 (04:21 +0000)]
Merge "Add DhcpAgentNotification param to neutron base" into stable/pike

7 years agoMerge "Persist containerized services httpd logs" into stable/pike
Jenkins [Tue, 12 Sep 2017 04:20:52 +0000 (04:20 +0000)]
Merge "Persist containerized services httpd logs" into stable/pike

7 years agoEnable selinux in containers
Oliver Walsh [Tue, 5 Sep 2017 18:19:17 +0000 (19:19 +0100)]
Enable selinux in containers

We cannot use the --selinux-enabled docker daemon option on CentOS/RHEL 7.3.
It will fail if security_inode_copy_up is not found in the kernel symbols:
https://github.com/projectatomic/docker/blob/docker-1.12.6/daemon/daemon_unix.go#L661
NB this has been reduced to a warning upstream:
https://github.com/moby/moby/commit/885b29df096db1d6746ece4b3a298a1ffe85716d

Instead this just bind mounts /sys/fs/selinux in containers-common.yaml.

Everything appears to work at initial glance. Pingtest succeeds, and
live-migration between baremetal and containerized computes works.

Change-Id: I018221bf7ae9ab9ece193b55f1ce31eb1591046c
Closes-bug: #1715171
(cherry picked from commit 520f889a31f1ea6ee2bad86d1dbb3c0435604d10)

7 years agoAdd verbose output to containerized cell_v2 host discovery
Oliver Walsh [Fri, 25 Aug 2017 15:11:24 +0000 (16:11 +0100)]
Add verbose output to containerized cell_v2 host discovery

Required to debug issues.

Change-Id: I4d86c8d9ecc353a916475977eb6f2d842c812556
(cherry picked from commit dc64a1108e7bc23f92d77e75001fb42549731e3b)

7 years agoAdd panko config to ceilometer notification agent container
Pradeep Kilambi [Wed, 6 Sep 2017 13:03:37 +0000 (09:03 -0400)]
Add panko config to ceilometer notification agent container

Without this, ceilometer notification agent cant find panko
and skips posting events to it.

Change-Id: Ibfeef5c557d1ceb11a999aa947597014ca94ec34
(cherry picked from commit 5437086ee744469b9daf8cd9edd600f7aa98dde6)

7 years agoEnable redis TLS proxy in HA deployments
Martin André [Mon, 28 Aug 2017 14:50:28 +0000 (16:50 +0200)]
Enable redis TLS proxy in HA deployments

Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.

This commit enables redis TLS proxy for the HA deployment.

bp tls-via-certmonger

Change-Id: I45e539872a03878337def33c681c4577c1a5629e
(cherry picked from commit c6d8df01d7aa8b44af9ac152b3bb08f07e2e02b7)

7 years agoMerge "Add defaults for ceilometer-agent-compute upgrade tasks" into stable/pike
Jenkins [Mon, 11 Sep 2017 17:49:26 +0000 (17:49 +0000)]
Merge "Add defaults for ceilometer-agent-compute upgrade tasks" into stable/pike

7 years agoMerge "Enable Ceilometer agent logging for containers" into stable/pike
Jenkins [Mon, 11 Sep 2017 17:47:47 +0000 (17:47 +0000)]
Merge "Enable Ceilometer agent logging for containers" into stable/pike

7 years agoAdd DhcpAgentNotification param to neutron base
Tong Liu [Wed, 30 Aug 2017 17:53:33 +0000 (17:53 +0000)]
Add DhcpAgentNotification param to neutron base

Add DhcpAgentNotification param in neutron base yaml file to allow
user to toggle dhcp_agent_notification for neutron.

Change-Id: I31715f58e885ac0c1cd9d813f79df9906b780d99
Closes-Bug: #1713193
(cherry picked from commit 5ea728cba456f3833a626f86043f17427bca5d4f)

7 years agoMerge "Add Neutron SR-IOV agent container" into stable/pike
Jenkins [Mon, 11 Sep 2017 15:57:52 +0000 (15:57 +0000)]
Merge "Add Neutron SR-IOV agent container" into stable/pike

7 years agoMerge "Disables QoS with OpenDaylight deployments" into stable/pike
Jenkins [Mon, 11 Sep 2017 15:40:15 +0000 (15:40 +0000)]
Merge "Disables QoS with OpenDaylight deployments" into stable/pike

7 years agoPersist containerized services httpd logs
Bogdan Dobrelya [Wed, 2 Aug 2017 09:44:18 +0000 (11:44 +0200)]
Persist containerized services httpd logs

Store the httpd logs under dedicated /var/log/containers/httpd/
paths.
Additionally, add release notes describing upgrade impact
for containerized services logs.

Closes-bug: #1700045

Change-Id: I8120c56f2315700862bd0f708b8baa8910275b09
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit 287e84585ca9170570ce8d06eebd7f9a3ec3345c)

7 years agoAdd a docker pull retry to docker-puppet.py
Dan Prince [Thu, 7 Sep 2017 20:48:28 +0000 (16:48 -0400)]
Add a docker pull retry to docker-puppet.py

Co-Authored-By: Ian Main <imain@redhat.com>
Change-Id: Iad6d38690340f4a064a4527c58ed439d91fa5188
Closes-bug: #1715136
(cherry picked from commit d3b3361a76c2e8b188fa8e586d9fb7f3c60bb66f)

7 years agoEnable Ceilometer agent logging for containers
Pradeep Kilambi [Wed, 6 Sep 2017 16:14:12 +0000 (12:14 -0400)]
Enable Ceilometer agent logging for containers

Change-Id: Ibeb28d7c497b02253d00a74257989cefba2b0cc4
(cherry picked from commit fc44ee6ff3553754c618349df3be7544b17e9c5f)

7 years agoAdd defaults for ceilometer-agent-compute upgrade tasks
Marius Cornea [Thu, 7 Sep 2017 08:56:29 +0000 (10:56 +0200)]
Add defaults for ceilometer-agent-compute upgrade tasks

This change allows the upgrade non controller script, which loops
throug all steps, to complete by adding default values to be
evaluated in the steps where the vars are not registered.

Closes-Bug: 1715574

Change-Id: Ic056fc556240d1acc9f28a75f63c7628cc64da03
(cherry picked from commit d109c1d7a7d2f6302c39369de8a601bc0b2f6704)

7 years agoMerge "Mount vhost_sockets directory for vhost-user socket creation" into stable...
Jenkins [Mon, 11 Sep 2017 11:50:15 +0000 (11:50 +0000)]
Merge "Mount vhost_sockets directory for vhost-user socket creation" into stable/pike

7 years agoMove the clustercheck service to the DB role
Michele Baldessari [Fri, 8 Sep 2017 10:31:18 +0000 (12:31 +0200)]
Move the clustercheck service to the DB role

The clustercheck service is currently in the ControllerOpenstack role
which represents a controller without the DB. Since the clustercheck
service/container always talks to the SQL server via a localhost
connection it *has* to run on the very same node that hosts the DB.

In a containerized deployment this error shows up with db syncs simply
hanging because haproxy will stop serving port 3306 because the
clustercheck service on port 9200 cannot talk to mysql locally.

Errors like this will be logged when trying to connect to the DB VIP:
mysql -u heat -h 172.17.1.13 -p3UazsaeTC64V9UvEcJ3GZ9rbd
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

Fix this by making sure that the clustercheck service runs on
the DB role.

Change-Id: Iec4c9678d8b8d44e002c1e53110dedc0674359fb
Closes-Bug: #1715847
(cherry picked from commit 1760079dfe5905f2e696b9fc5c729cffa44554ae)

7 years agoDisables QoS with OpenDaylight deployments
Itzik Brown [Wed, 9 Aug 2017 08:00:35 +0000 (11:00 +0300)]
Disables QoS with OpenDaylight deployments

QoS is not fully supported and fails to load correctly with
networking-odl.  Therefore disabling it from Neutron extension drivers
until we have it fully working.

Change-Id: I89aa3628c1400305f9659f5c0c99942a7fa7d19e
Closes-Bug: 1708131
(cherry picked from commit cfd0d185a93ac2922e233e268a32c3574bee37bf)

7 years agoFixes OpenDaylight updating port status
Tim Rozet [Wed, 6 Sep 2017 20:30:42 +0000 (16:30 -0400)]
Fixes OpenDaylight updating port status

ODL now uses a websocket port to update the port status to Neutron.
This port (8185) was blocked so port updates were never received in
Neutron and instances would not come up properly.  This patch opens the
port for ODL deployments.

Closes-Bug: 1715484

Change-Id: Ic59b224c67c02b56b0273700e8e2aa85ae6f8c88
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit e2558c4a665345e67fcc784c21188bdf06ff1126)

7 years agoMount vhost_sockets directory for vhost-user socket creation
Saravanan KR [Wed, 30 Aug 2017 09:14:53 +0000 (14:44 +0530)]
Mount vhost_sockets directory for vhost-user socket creation

For DPDK, vhost-user sockets are created on the host at
/var/lib/vhost_sockets directory, which will be used by
libvirt and openvswitch. This directory has the necessary
permissions and SELinux policies. Mount this folder for
libvirt container.

Change-Id: Id8be208d1b05886ac45dfdcf48fe766ee5724d1c
Partial-Bug: #1712732
(cherry picked from commit 3ea04744c22ae4cd2e1f2b77fc7d5ade012899e0)

7 years agoMerge "Maintain ceph-osd package only on nodes hosting CephOSD service" into stable...
Jenkins [Fri, 8 Sep 2017 06:22:09 +0000 (06:22 +0000)]
Merge "Maintain ceph-osd package only on nodes hosting CephOSD service" into stable/pike

7 years agoMerge "Add tags in upgrade_tasks for mongodb services." into stable/pike
Jenkins [Thu, 7 Sep 2017 19:31:40 +0000 (19:31 +0000)]
Merge "Add tags in upgrade_tasks for mongodb services." into stable/pike

7 years agoMerge "Add CephExternal role for ceph-ansible" into stable/pike
Jenkins [Thu, 7 Sep 2017 19:31:32 +0000 (19:31 +0000)]
Merge "Add CephExternal role for ceph-ansible" into stable/pike

7 years agoMerge "Support HA for OVN DBs containers using pacemaker bundle" into stable/pike
Jenkins [Thu, 7 Sep 2017 18:32:04 +0000 (18:32 +0000)]
Merge "Support HA for OVN DBs containers using pacemaker bundle" into stable/pike

7 years agoMerge "Use containerized mongodb in scenario002-multinode-containers" into stable...
Jenkins [Thu, 7 Sep 2017 17:32:34 +0000 (17:32 +0000)]
Merge "Use containerized mongodb in scenario002-multinode-containers" into stable/pike

7 years agoMerge "fluentd: log configuration was not generated correctly" into stable/pike
Jenkins [Thu, 7 Sep 2017 16:39:47 +0000 (16:39 +0000)]
Merge "fluentd: log configuration was not generated correctly" into stable/pike

7 years agoMerge "Add support for deploying RGW with ceph-ansible" into stable/pike
Jenkins [Thu, 7 Sep 2017 13:14:02 +0000 (13:14 +0000)]
Merge "Add support for deploying RGW with ceph-ansible" into stable/pike

7 years agoAdd tags in upgrade_tasks for mongodb services.
Jose Luis Franco Arza [Wed, 6 Sep 2017 09:50:00 +0000 (11:50 +0200)]
Add tags in upgrade_tasks for mongodb services.

Patch Ie09ce2a52128eef157e4d768c1c4776fc49f2324 added a new
set of upgrade tasks which were missing the 'tags' keyword.

Closes-Bug: 1715631
Change-Id: Ib1c1aadfbf58c9bccc18667934c8b3c5f38fafa4
(cherry picked from commit 7897d38274cb6435289bc4f4928f96b111e5b4f4)

7 years agoAdd Neutron SR-IOV agent container
Brent Eagles [Tue, 30 May 2017 11:52:55 +0000 (09:22 -0230)]
Add Neutron SR-IOV agent container

This patch adds support for running the neutron SR-IOV agent in a
container.

Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f
Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec

Closes-Bug: #1715388

Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9
(cherry picked from commit 94c9c2f954e85de0ab895926a969587b90bc4191)

7 years agoAdd CephExternal role for ceph-ansible
Giulio Fidente [Thu, 31 Aug 2017 14:42:16 +0000 (16:42 +0200)]
Add CephExternal role for ceph-ansible

Previously it was only possible to configure the overcloud with
an external Ceph cluster via puppet-ceph-external.

This submission adds a CephExternal implementation which uses
ceph-ansible.

Change-Id: Id0d375f88e27e91e9d89f25a0cd7388b6e45df8b
Depends-On: Ifc57c9cf6ca8017a2abc78d6320c0675ad49ca9f
Closes-Bug: #1714271
(cherry picked from commit 01e55c314de74579196518d958bf5be30e390409)

7 years agoMerge "Use DeployedSSLCertificatePath for public TLS via certmonger" into stable...
Jenkins [Thu, 7 Sep 2017 11:32:18 +0000 (11:32 +0000)]
Merge "Use DeployedSSLCertificatePath for public TLS via certmonger" into stable/pike

7 years agoAdd support for deploying RGW with ceph-ansible
Keith Schincke [Thu, 6 Jul 2017 02:16:26 +0000 (22:16 -0400)]
Add support for deploying RGW with ceph-ansible

This patch allows usage of ceph-ansible to configure the RGW service
in the overcloud. Still uses puppet-keystone to create the necessary
user and endpoint in the catalog.

Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Iafa17bb64c54e40350b2ba7d76dea3d82fcab0e4
(cherry picked from commit 5b3cd1dcacff408bcb482bdea6cded8755a39ebb)

7 years agoMerge "Containerized mongodb, disable by default, fix upgrade" into stable/pike
Jenkins [Thu, 7 Sep 2017 05:34:35 +0000 (05:34 +0000)]
Merge "Containerized mongodb, disable by default, fix upgrade" into stable/pike

7 years agoMerge "Change all references of nsx_v3 to nsx." into stable/pike
Jenkins [Thu, 7 Sep 2017 05:34:28 +0000 (05:34 +0000)]
Merge "Change all references of nsx_v3 to nsx." into stable/pike

7 years agoUse DeployedSSLCertificatePath for public TLS via certmonger
Juan Antonio Osorio Robles [Mon, 4 Sep 2017 11:04:28 +0000 (14:04 +0300)]
Use DeployedSSLCertificatePath for public TLS via certmonger

As described in the bug report, DeployedSSLCertificatePath is used by
the TLS injection script (if you decide to use that).

There is an alternative, which is to use FreeIPA to provide the
certificate for public TLS (powered by certmonger); however, it doesn't
use the same path as what folks expected. This reuses the
DeployedSSLCertificatePath parameter and uses that as a path for the
resulting PEM file, so its easier to debug.

Change-Id: If73c9599d8b94d2f02b8e4c48f4a235e0fea764d
Closes-Bug: #1714932
(cherry picked from commit f395d9eab2277061e926f7956bb3a56b0c7b1131)

7 years agoMaintain ceph-osd package only on nodes hosting CephOSD service
Alan Bishop [Wed, 30 Aug 2017 13:26:16 +0000 (09:26 -0400)]
Maintain ceph-osd package only on nodes hosting CephOSD service

The ceph-osd package is only required on nodes hosting the CephOSD
service, but the package's presence on other nodes may interfere with
software updates. That's because some distros distribute Ceph software
in different channels, and not all nodes have access to the ceph-osd
channel.

There are two parts to the fix, and the first is an enhancement to the
yum update process. The process detects when the ceph-osd package is not
required, and removes the package from the node.

The second part takes ceph-osd out of the default list of packages
needed by puppet-ceph. The ceph-osd package is listed only on the nodes
hosting the CephOSD service.

Closes-Bug: #1713292
Change-Id: I7a581518ed25cf5f264abfaabfcf2041363a065b
(cherry picked from commit 5a89ea21f2add98119a10464b020a98999d31c41)

7 years agofluentd: log configuration was not generated correctly
Lars Kellogg-Stedman [Sat, 26 Aug 2017 04:36:44 +0000 (21:36 -0700)]
fluentd: log configuration was not generated correctly

fluentd hiera elements were being set in all_nodes.json, but then were
overwritten by values in <role>.json (e.g., controller.json). This
commit removes the values from all-nodes.json and ensures that they
are set correctly in <role>.json.

Closes-Bug: #1713240
Change-Id: I2b4c74c2a807f8e2fed57112f06b3791701bbe95
(cherry picked from commit d9db0c5f4f0fb07832e54b1c7fd7f5c8bfd4134e)

7 years agoUse containerized mongodb in scenario002-multinode-containers
Martin André [Wed, 6 Sep 2017 13:08:05 +0000 (15:08 +0200)]
Use containerized mongodb in scenario002-multinode-containers

The containerized mongodb service was removed from the default service
list from 'environments/docker.yaml' in
Ie09ce2a52128eef157e4d768c1c4776fc49f2324. This commit re-enable the
containerized mongodb in scenario002-multinode-containers.

Change-Id: I57958c94022ccac3ec2ebf7c9438b9e47cbad337
Closes-Bug: #1715391
(cherry picked from commit 13d2bdf41ca3b726acff0b94dae6d394dab4af23)

7 years agoMerge "Add param to configure snat mechanism" into stable/pike
Jenkins [Wed, 6 Sep 2017 20:49:24 +0000 (20:49 +0000)]
Merge "Add param to configure snat mechanism" into stable/pike

7 years agoMerge "Mount folders and log file" into stable/pike
Jenkins [Wed, 6 Sep 2017 18:06:50 +0000 (18:06 +0000)]
Merge "Mount folders and log file" into stable/pike

7 years agoMerge "Mount public certificate in haproxy init container" into stable/pike
Jenkins [Wed, 6 Sep 2017 17:48:09 +0000 (17:48 +0000)]
Merge "Mount public certificate in haproxy init container" into stable/pike

7 years agoMerge "Unset default value for the DockerCephDaemonImage" into stable/pike
Jenkins [Wed, 6 Sep 2017 15:39:50 +0000 (15:39 +0000)]
Merge "Unset default value for the DockerCephDaemonImage" into stable/pike

7 years agoMerge "TLS proxy for redis" into stable/pike
Jenkins [Wed, 6 Sep 2017 15:03:28 +0000 (15:03 +0000)]
Merge "TLS proxy for redis" into stable/pike

7 years agoChange all references of nsx_v3 to nsx.
Jay Jahns [Sat, 26 Aug 2017 03:36:36 +0000 (20:36 -0700)]
Change all references of nsx_v3 to nsx.

Change-Id: I31c49926b0ba93f79db3d778c574bd9a480e70cd
Closes-Bug: #1713193
Depends-On: Id73f675844b0df2eafa45507d1c28f16cd0b15b2

7 years agoAdd param to configure snat mechanism
Janki Chhatbar [Tue, 15 Aug 2017 12:46:17 +0000 (18:16 +0530)]
Add param to configure snat mechanism

Add a parameter to configure SNAT mechanism in OpenDayLight defaulting
to conntrack for OVS and defaulting to controller mechanism for OVS-DPDK

Change-Id: I48c6f07de55cb2574cc3a7e9653b812f875df726
Closes-Bug: #1710614
(cherry picked from commit 9a450a8e505b5d7ccef7e5e7675573da2a4cd42c)

7 years agoMount public certificate in haproxy init container
Juan Antonio Osorio Robles [Tue, 5 Sep 2017 11:12:58 +0000 (14:12 +0300)]
Mount public certificate in haproxy init container

It's being mounted on the actual haproxy container, but not the init
one.

Change-Id: I66b69e0bb3642dbfeec767ef5216d515786b5b19
Closes-Bug: #1715132
(cherry picked from commit 03622e89ac3037b4d69d913586823e689b210688)

7 years agoMount folders and log file
Janki Chhatbar [Fri, 1 Sep 2017 15:02:42 +0000 (20:32 +0530)]
Mount folders and log file

journal and snapshots folders hold data needed for update. This
patch mounts these folders and adds ODL log file in
/var/log/containers/opendaylight

Change-Id: I65c6183c2867b2ced6e6ef25896d80154857b7dc
Closes:Bug: #1714231
(cherry picked from commit 81dd0808d2a180d108f1159bc67f345fe6bf27d4)

7 years agoMerge "Rabbitmq: Enable Erlang distribution TLS" into stable/pike
Jenkins [Wed, 6 Sep 2017 09:17:01 +0000 (09:17 +0000)]
Merge "Rabbitmq: Enable Erlang distribution TLS" into stable/pike

7 years agoMerge "Set mode for ansible written files" into stable/pike
Jenkins [Wed, 6 Sep 2017 08:59:38 +0000 (08:59 +0000)]
Merge "Set mode for ansible written files" into stable/pike

7 years agoMerge "Escape ceph capabilities for manila client" into stable/pike
Jenkins [Wed, 6 Sep 2017 08:59:22 +0000 (08:59 +0000)]
Merge "Escape ceph capabilities for manila client" into stable/pike

7 years agoMerge "Add support for Dell EMC Isilon Manila backend" into stable/pike
Jenkins [Wed, 6 Sep 2017 06:53:55 +0000 (06:53 +0000)]
Merge "Add support for Dell EMC Isilon Manila  backend" into stable/pike

7 years agoUnset default value for the DockerCephDaemonImage
Giulio Fidente [Thu, 31 Aug 2017 11:02:14 +0000 (13:02 +0200)]
Unset default value for the DockerCephDaemonImage

We do not want a default value for the container image name parameters
and expect deployers to set this value instead.

Change-Id: I9377b7c3564360353aa6da2d2457b2cfacd4e9d6
Closes-Bug: #1714221
(cherry picked from commit fcc3259891ee67956d63c37217acdb999bc4bb65)

7 years agoTLS proxy for redis
Martin André [Wed, 23 Aug 2017 06:53:12 +0000 (08:53 +0200)]
TLS proxy for redis

Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.

bp tls-via-certmonger

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9
Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b
Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit c2a93cf4c5d9d6b5ee0536380751a7a9540927cc)

7 years agoContainerized mongodb, disable by default, fix upgrade
Steve Baker [Mon, 4 Sep 2017 23:23:22 +0000 (11:23 +1200)]
Containerized mongodb, disable by default, fix upgrade

This change removes the entry to containerise docker by default
because it should now be disabled since the change
Id2e6550fb7c319fc52469644ea022cf35757e0ce.

Removing the entry means the default mapping to mongodb-disabled.yaml
takes effect.

This change also modifies the upgrade_tasks so that the mongod service
is only disabled when the service exists. There appears to be upgrade
scenarios which fail because mongodb was never installed in the first
place.

Change-Id: Ie09ce2a52128eef157e4d768c1c4776fc49f2324
Closes-Bug: #1715031
(cherry picked from commit cb81cbe3b5f3887f5d690c590e52b728f74d43c3)

7 years agoMerge "Add support for Dell EMC VMAX Manila Backend" into stable/pike
Jenkins [Wed, 6 Sep 2017 06:34:44 +0000 (06:34 +0000)]
Merge "Add support for Dell EMC VMAX Manila Backend" into stable/pike

7 years agoMerge "manila: set "neutron_admin_auth_url" correctly" into stable/pike
Jenkins [Wed, 6 Sep 2017 06:34:36 +0000 (06:34 +0000)]
Merge "manila: set "neutron_admin_auth_url" correctly" into stable/pike

7 years agoEscape ceph capabilities for manila client
Jan Provaznik [Thu, 31 Aug 2017 12:28:28 +0000 (14:28 +0200)]
Escape ceph capabilities for manila client

Capabilities were not properly escaped and ignored by ceph.

Change-Id: I099c3d9bad95ec69ac85fe406e3e1d4685ede439
Closes: #1713928

7 years agoAllow upgrade tasks to run when looping through steps
Marius Cornea [Thu, 31 Aug 2017 08:32:30 +0000 (10:32 +0200)]
Allow upgrade tasks to run when looping through steps

Currently for non controller upgrades we're looping through the
upgrade steps and run the upgrade tasks based on when conditionals
including the step number and the existing upgrade task condition.
Some of tasks fail because the variables used in when conditionals
are not available through all steps. This change adds default values
to these vars where possible or creates them for all steps to avoid
failures.

Related-Bug: 1708115
Change-Id: I5c731043cec8e31fc82ca98972a301baa7294c4f
(cherry picked from commit e2f00ef1dc98140087c81e202a520f549f9a0970)

7 years agoAdd support for Dell EMC Isilon Manila backend
rajinir [Sat, 29 Jul 2017 00:48:36 +0000 (19:48 -0500)]
Add support for Dell EMC Isilon Manila  backend

This change adds support for manila::backend::dellemc_isilon

Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd
Implements: blueprint dellemc-isilon-manila
(cherry picked from commit f6c9906d51fb3268b7a7d61d53181ab5d3c0d2ec)

7 years agoAdd support for Dell EMC VMAX Manila Backend
rajinir [Fri, 4 Aug 2017 20:56:53 +0000 (15:56 -0500)]
Add support for Dell EMC VMAX Manila Backend

This change adds support for manila::backend::dellemc_vmax

Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b
Implements: blueprint dellemc-vmax-manila
(cherry picked from commit 04daabdc8414e4435dc4cd3ccfea9a62b5631261)

7 years agoSet mode for ansible written files
Steven Hardy [Mon, 4 Sep 2017 12:53:04 +0000 (13:53 +0100)]
Set mode for ansible written files

Use a more restrictive mode for these files, as some may contain sensitive data
which shouldn't be world readable

Closes-Bug: #1714986
Change-Id: Ib1e79b1d4e25d6e329938402b1ca776bdab81bdd
(cherry picked from commit 94c7752cfae64d96124a32bc36ccd6ec7b4df4a7)

7 years agoRabbitmq: Enable Erlang distribution TLS
Juan Antonio Osorio Robles [Mon, 28 Aug 2017 06:17:46 +0000 (09:17 +0300)]
Rabbitmq: Enable Erlang distribution TLS

This will be used for the replication traffic as specified in the
dependent commit.

bp tls-via-certmonger
Change-Id: Ia53b9edaa6c6cdd48bcdde64969ae6c16f57ae41
Depends-On: I265c89cb8898a6da78a606664a22c50f5e57a847
(cherry picked from commit 1b4df60ac780a8388f5421c3c1634d172886595f)

7 years agoMerge "Remove bgp-vpn from scenario004-multinode-containers" into stable/pike
Jenkins [Tue, 5 Sep 2017 09:10:42 +0000 (09:10 +0000)]
Merge "Remove bgp-vpn from scenario004-multinode-containers" into stable/pike

7 years agomanila: set "neutron_admin_auth_url" correctly
Tom Barron [Thu, 24 Aug 2017 19:55:41 +0000 (15:55 -0400)]
manila: set "neutron_admin_auth_url" correctly

It was being set using NeutronAdmin endpoint but it is an
authorization url.  Set it using KeystoneInternal endpoint.

Change-Id: I23f4a895628ac909a1fe1f93cecefa84f25858b1
Closes-Bug: #1712908
(cherry picked from commit 7380183cf590b74f5ad84bb40a8afa08979c235b)

7 years agoRemove bgp-vpn from scenario004-multinode-containers
Emilien Macchi [Wed, 30 Aug 2017 21:17:39 +0000 (14:17 -0700)]
Remove bgp-vpn from scenario004-multinode-containers

See full context on https://bugs.launchpad.net/bugs/1713612
but this service isn't containerized yet, so the plan is:

- in Pike, we'll run scenario004 (baremetal) and test bgp-vpn and l2gw
- in Queens, we'll run scenario004 (baremetal at the beginning) but
  scenario004-container will be the default and we'll re-add the 2
  services when containerized.

Change-Id: I04c2a9fb63420b7d8d3616a8ef7a50d2aadc6165
(cherry picked from commit fde4ff2c64f374e109dbb7da87cc7d72da5e0ef5)

7 years agoSwitch manila-share to pacemaker version in scenario004/containers
Giulio Fidente [Fri, 1 Sep 2017 10:42:40 +0000 (12:42 +0200)]
Switch manila-share to pacemaker version in scenario004/containers

Change-Id: Iefc0d04b19953ece60cf5c886258ed794e5c795d
Depends-On: Iba97c0a6a4b4b0529c6434d58275a3d362b74947
Related-Bug: #1712070
(cherry picked from commit 02cd34d148d6abf11cc64852f7931cbd4bccf767)

7 years agoAdd clustercheck to service list for scenarios
Jiri Stransky [Mon, 28 Aug 2017 14:05:26 +0000 (16:05 +0200)]
Add clustercheck to service list for scenarios

This service is necessary when we containerized TripleO with
Pacemaker.

The service is added also to non-containerized scenario lists, because
the aim is to get rid of the -containers.yaml variants eventually.
This shouldn't affect any jobs that don't include docker-ha.yaml. The
resource registry entry is mapped to OS::Heat::None by default, and
docker-ha.yaml maps it to actual containerized clustercheck.

Change-Id: I342e29de52cb6ce069a05a2dbfb0501a2da200e6
Partial-Bug: #1712070
(cherry picked from commit 5b805cb37eec3097552314c6ce43c02c2a604d81)

7 years agoMerge "Stop hardcoding host's config volume path" into stable/pike
Jenkins [Mon, 4 Sep 2017 20:59:11 +0000 (20:59 +0000)]
Merge "Stop hardcoding host's config volume path" into stable/pike

7 years agoMerge "Manually set healthchecks for _cron services" into stable/pike
Jenkins [Mon, 4 Sep 2017 20:58:59 +0000 (20:58 +0000)]
Merge "Manually set healthchecks for _cron services" into stable/pike

7 years agoMerge "Configure Zaqar trust notifier" into stable/pike
Jenkins [Mon, 4 Sep 2017 20:15:07 +0000 (20:15 +0000)]
Merge "Configure Zaqar trust notifier" into stable/pike

7 years agoMerge "Fix containerized zaqar-api db_sync" into stable/pike
Jenkins [Mon, 4 Sep 2017 20:15:00 +0000 (20:15 +0000)]
Merge "Fix containerized zaqar-api db_sync" into stable/pike

7 years agoMerge "Use list_concat in place of yaql" into stable/pike
Jenkins [Mon, 4 Sep 2017 20:14:53 +0000 (20:14 +0000)]
Merge "Use list_concat in place of yaql" into stable/pike

7 years agoMerge "Updated from global requirements" into stable/pike
Jenkins [Mon, 4 Sep 2017 20:03:27 +0000 (20:03 +0000)]
Merge "Updated from global requirements" into stable/pike

7 years agoMerge "Separate config_volume for ringbuilder" into stable/pike
Jenkins [Mon, 4 Sep 2017 20:03:13 +0000 (20:03 +0000)]
Merge "Separate config_volume for ringbuilder" into stable/pike

7 years agoMerge "Remove tacker from containers scenario001" into stable/pike
Jenkins [Mon, 4 Sep 2017 19:48:49 +0000 (19:48 +0000)]
Merge "Remove tacker from containers scenario001" into stable/pike

7 years agoStop hardcoding host's config volume path
Martin André [Wed, 16 Aug 2017 10:41:41 +0000 (12:41 +0200)]
Stop hardcoding host's config volume path

Get the path from the CONFIG_VOLUME_PREFIX environment variable.

This is useful for debugging and generate configuration files to
a different directory.

Change-Id: Ib85e3898804312ebb6677a5fa189fbfc357ce27c
(cherry picked from commit 0c62b6cd8d696befb1c0c31bb6e206199ce1edac)

7 years agoFix containerized zaqar-api db_sync
Bogdan Dobrelya [Thu, 31 Aug 2017 13:42:32 +0000 (15:42 +0200)]
Fix containerized zaqar-api db_sync

Correct the zaqar service name to match the bootstrap host id name

Closes-bug: #1714253

Change-Id: Iced8f3a7e64d9023bd46a50629a56e087d1f6f24
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit d782f687cb7794e0491c0d0f6dc3d9b28196dc96)

7 years agoMerge "Add support for Dell EMC VMAX ISCSI Backend" into stable/pike
Jenkins [Sat, 2 Sep 2017 23:20:57 +0000 (23:20 +0000)]
Merge "Add support for Dell EMC VMAX ISCSI Backend" into stable/pike

7 years agoAdd support for Dell EMC VMAX ISCSI Backend
rajinir [Mon, 31 Jul 2017 20:49:17 +0000 (15:49 -0500)]
Add support for Dell EMC VMAX ISCSI Backend

This change adds a new define for cinder::backend::dellemc_vmax_iscsi

Change-Id: I7c685e0a3186da138964f17b487fb0c3533f58c7
Implements: blueprint dellemc-vmax-isci
(cherry picked from commit c77189905525c6fe834e001f2231b9eab788cd01)

7 years agoSeparate config_volume for ringbuilder
James Slagle [Tue, 15 Aug 2017 19:59:08 +0000 (15:59 -0400)]
Separate config_volume for ringbuilder

Use a separate config_volume for swift_ringbuilder puppet_config tasks.
This is necessary so that the swift_ringbuilder and swift-storage
services don't both rsync files to the same bind mounted directory.

The rsync command from docker-puppet.py uses --delete-after, so when
they both use the same config_volume, they can end up deleting the files
generated by the other (depending on the order of execution).

Even though a separate config_volume is used, the rings must still end up
in /etc/swift for the swift services containers.  An additional
container init task is used to copy the ring files into
/var/lib/config-data/puppet-generated/swift/etc/swift so that they will
be present when the actual swift services containers are started.

Change-Id: I05821e76191f64212704ca8e3b7428cda6b3a4b7
Closes-Bug: #1710952
(cherry picked from commit cba00abb7517efa6a8d9b8fb954563204323ffed)

7 years agoConfigure Zaqar trust notifier
Thomas Herve [Wed, 19 Jul 2017 09:34:32 +0000 (11:34 +0200)]
Configure Zaqar trust notifier

Change-Id: Id7d5967370a5d3fa0183359349f502f32a0109da
(cherry picked from commit e1b1b5654d70c4a38be340070648d0fb7932bcc8)

7 years agoManually set healthchecks for _cron services
Dan Prince [Sat, 26 Aug 2017 02:27:24 +0000 (22:27 -0400)]
Manually set healthchecks for _cron services

The docker _cron services show up as (unhealthy) due to
them sharing the containers for the OpenStack services.
As such we need to manually override the health checks
for these services. By setting them to /bin/true
the services should show up has healthy.

Change-Id: I46e12bcec226fbe2768c7fe8f0e7719df46401a9
Closes-bug: #1713183
(cherry picked from commit d1aaf0aadf487ccfcdecb47f3cfbf6087401242b)

7 years agoUse list_concat in place of yaql
Thomas Herve [Wed, 30 Aug 2017 13:43:16 +0000 (15:43 +0200)]
Use list_concat in place of yaql

Where applicable, use list_concat instead of yaql to build new lists: it
should be more resilient to errors, easier to debug, and less expensive.

Change-Id: I6d3dbc7ee8eac50f46023a35af4ec7f2d378fd87
Related-Bug: #1714005
(cherry picked from commit 8008089de24437757d3ba10299bb1041b4aa627a)

7 years agoNetworkDeploymentActions shall be made role specific
Karthik S [Thu, 17 Aug 2017 12:14:21 +0000 (08:14 -0400)]
NetworkDeploymentActions shall be made role specific

In case of an OSP upgrade, some of the roles may require
the reconfiguration of network via os-net-config, especially
with roles having DPDK nics. In order to facilitate this
configuration per role, the THT parameter
'NetworkDeploymentActions' is made role specific.

Change-Id: I17a1812cf9e1c60fb893bf36dc99ab3ec5fc7250
(cherry picked from commit 88711c3b800257f6b333157eb3dfc8f4e7003a46)

7 years agoMerge "Convert enable-internal-tls.yaml to be generated" into stable/pike
Jenkins [Sat, 2 Sep 2017 08:53:30 +0000 (08:53 +0000)]
Merge "Convert enable-internal-tls.yaml to be generated" into stable/pike

7 years agoConvert enable-internal-tls.yaml to be generated
Ben Nemec [Fri, 11 Aug 2017 21:31:01 +0000 (16:31 -0500)]
Convert enable-internal-tls.yaml to be generated

All of the other SSL environments were converted, but this one was
missed.  That's an inconsistent user experience and should be
cleaned up.

This environment also exposed a bug in the tool where it did not
include the parameter_defaults section key if all the parameters
were marked static.

Change-Id: I19bc422c22b9f60f781e696ce703b026dc317786
Closes-Bug: 1713761
(cherry picked from commit 7c06db3d1c384773c4abccbce450c259f75e5e4a)

7 years agoFix hardcoded references to deprecated *ExtraConfig parameters
Steven Hardy [Wed, 23 Aug 2017 10:23:10 +0000 (11:23 +0100)]
Fix hardcoded references to deprecated *ExtraConfig parameters

These were missed in the previous refactor in role.role.j2.yaml,
we shouldn't reference these via hard-coded values or they become
mandatory in the roles_data.yaml

Change-Id: I014e7d6679c5733b17243d647eaad228c276585a
Closes-Bug: #1711656
(cherry picked from commit 4a4f6783081d9c5b74cda5149bef7655102fcfd8)

7 years agoMerge "Remove ipv6 specific network templates" into stable/pike
Jenkins [Fri, 1 Sep 2017 23:56:00 +0000 (23:56 +0000)]
Merge "Remove ipv6 specific network templates" into stable/pike