Jenkins [Fri, 21 Apr 2017 12:55:50 +0000 (12:55 +0000)]
Merge "Add ML2 configuration for Bagpipe BGPVPN extension"
Jenkins [Fri, 21 Apr 2017 05:00:27 +0000 (05:00 +0000)]
Merge "Refactor SSHD config to allow both SSHD options and banner/motd to be set"
Jenkins [Fri, 21 Apr 2017 00:06:41 +0000 (00:06 +0000)]
Merge "Update UI language list"
Jenkins [Thu, 20 Apr 2017 09:26:53 +0000 (09:26 +0000)]
Merge "Haproxy: When using TLS everywhere, use verifyhost for the balancermembers"
Oliver Walsh [Tue, 18 Apr 2017 11:51:36 +0000 (12:51 +0100)]
Refactor SSHD config to allow both SSHD options and banner/motd to be set
In https://review.openstack.org/#/c/444622/7 the sshd_options and banner/motd
are mutually exclusive. This patch, and the next patchset of that review,
resolves the conflict.
Related-Bug:
1668543
Change-Id: I1d09530d69e42c0c36311789166554a889e46556
Dan Prince [Wed, 19 Apr 2017 21:55:54 +0000 (16:55 -0500)]
Ensure /etc/docker/daemon.json
A recent Centos docker packaging change removed the default
/etc/docker/daemon.json file. As such we need to create an empty
json file if none exists before running Augeas to configure
the settings.
Change-Id: Ibfe04b468639002f55da7bb65d2606f730c700b7
Closes-bug: #
1684297
Jenkins [Wed, 19 Apr 2017 10:45:55 +0000 (10:45 +0000)]
Merge "Ensure we configure ssl.conf"
Jenkins [Wed, 19 Apr 2017 03:11:07 +0000 (03:11 +0000)]
Merge "Create bigswitch agent profile"
Jenkins [Tue, 18 Apr 2017 19:14:35 +0000 (19:14 +0000)]
Merge "Added release note for "Support for external swift proxy""
Lukas Bezdicka [Thu, 13 Apr 2017 17:21:45 +0000 (19:21 +0200)]
Ensure we configure ssl.conf
Every time we call apache module regardless of using SSL we have to
configure mod_ssl from puppet-apache or we'll hit issue during package
update. File /etc/httpd/conf.d/ssl.conf from mod_ssl package contains
Listen 443 while apache::mod::ssl just configures SSL bits but does not
add Listen. If the apache::mod::ssl is not included the ssl.conf file is
removed and recreated during mod_ssl package update. This causes
conflict on port 443.
Change-Id: Ic5a0719f67d3795a9edca25284d1cf6f088073e8
Related-Bug:
1682448
Resolves: rhbz#
1441977
Luca Lorenzetto [Tue, 18 Apr 2017 12:03:54 +0000 (14:03 +0200)]
Added release note for "Support for external swift proxy"
Change-Id: I7feac65bf814099ab591b473be962e64dec85cbd
Juan Antonio Osorio Robles [Tue, 18 Apr 2017 11:49:09 +0000 (14:49 +0300)]
Haproxy: When using TLS everywhere, use verifyhost for the balancermembers
This checks that the subjectAltName in the backend server's certificate
matches the server's name that was intended to be used.
Change-Id: If1c61e1becf9cc84c9b18835aef1eaaa8c0d4341
Jenkins [Tue, 18 Apr 2017 10:59:03 +0000 (10:59 +0000)]
Merge "Allow setting of keepalived router ID"
Jenkins [Tue, 18 Apr 2017 06:58:02 +0000 (06:58 +0000)]
Merge "HAproxy/heat_api: increase timeout to 10m"
Emilien Macchi [Mon, 17 Apr 2017 15:30:23 +0000 (11:30 -0400)]
HAproxy/heat_api: increase timeout to 10m
Default timeout is 2min but it doesn't reflect the rpc_response_timeout
value that we set in THT and instack-undercloud, which is 600 (10 min).
In some cases (in low-memory environments), Heat needs more than 2
minutes to reply to the client, when deploying the overcloud.
It makes sense to increase the timeout to the value of rpc_timeout to
give a chance to Heat to reply to the client, otherwise HAproxy will
kill the connection and send 504 to the client.
Depends-On: I9669d40d86d762101734704fcef153e360767690
Change-Id: I32c71fe7930c8798d306046d6933e4b20c22740c
Related-Bug:
1666072
Jenkins [Mon, 17 Apr 2017 18:06:40 +0000 (18:06 +0000)]
Merge "Support for external swift proxy"
Jenkins [Sat, 15 Apr 2017 02:57:28 +0000 (02:57 +0000)]
Merge "Move ceilometer wsgi to step 3"
Jenkins [Sat, 15 Apr 2017 02:54:56 +0000 (02:54 +0000)]
Merge "Move gnocchi wsgi configuration to step 3"
Jenkins [Fri, 14 Apr 2017 23:59:15 +0000 (23:59 +0000)]
Merge "Dell SC: Add exclude_domain_ip option"
Luca Lorenzetto [Fri, 14 Apr 2017 08:45:57 +0000 (10:45 +0200)]
Support for external swift proxy
Users may have an external swift proxy already available (i.e. radosgw
from already existing ceph, or hardware appliance implementing swift
proxy). With this change user may specify an environment file that
registers the specified urls as endpoint for the object-store service.
The internal swift proxy is left as unconfigured.
Change-Id: Ia568c3a5723d8bd8c2c37dbba094fc8a83b9d67e
Jenkins [Thu, 13 Apr 2017 22:15:15 +0000 (22:15 +0000)]
Merge "Make install of kolla optional on the undercloud"
Jenkins [Thu, 13 Apr 2017 15:20:28 +0000 (15:20 +0000)]
Merge "etcd: Make HAProxy terminate TLS connections"
Thomas Herve [Wed, 12 Apr 2017 16:02:46 +0000 (18:02 +0200)]
Allow setting of keepalived router ID
By default the undercloud and the overcloud share virtual_router_id
definition, leading to errors like "ip address associated with VRID not
present in received packet". This allows setting the range for the IDs.
Change-Id: I0c822777824b469b0f8ef0f31b3708fe47d5b2d7
rajinir [Mon, 10 Apr 2017 16:41:29 +0000 (11:41 -0500)]
Dell SC: Add exclude_domain_ip option
This option allows users to exclude some fault domains.
Otherwise all domains are returned.
Change-Id: I6eb2bcc7db003a5eebd3924e3e4eb44e35f60483
Depends-On: I8ac91e6720e52da9cf7480f80bcfb456bf0c2433
Martin André [Wed, 12 Apr 2017 16:06:15 +0000 (18:06 +0200)]
Make install of kolla optional on the undercloud
This defaults to 'True' to keep backward compatibility and can be
disabled by setting 'enable_container_images_built' to false in
undercloud.conf.
Depends-On: Ia3379cf66b1d6b180def69c2a5b22b2602baacef
Change-Id: I33e7e9a6a3865fed38f7ed6490455457da67782b
Alex Schultz [Wed, 12 Apr 2017 16:34:07 +0000 (10:34 -0600)]
Move gnocchi wsgi configuration to step 3
We configure apache in step3 so we need to configure the gnocchi api in
step 3 as well to prevent unnecessary service restarts during updates.
Change-Id: I30010c9cf0b0c23fde5d00b67472979d519a15be
Related-Bug: #
1664418
Alex Schultz [Wed, 12 Apr 2017 16:03:22 +0000 (10:03 -0600)]
Move ceilometer wsgi to step 3
Apache is configured in step 3 so if we configure ceilometer in step 4,
the configuration is removed on updates. We need to configure it in step
3 with the other apache services to ensure we don't have issues on
updates.
Change-Id: Icc9d03cd8904c93cb6e17f662f141c6e4c0bf423
Related-Bug: #
1664418
Jenkins [Wed, 12 Apr 2017 15:58:21 +0000 (15:58 +0000)]
Merge "Stop SSHD profile clobbering SSH client config"
Ricardo Noriega [Wed, 12 Apr 2017 10:26:19 +0000 (12:26 +0200)]
Add ML2 configuration for Bagpipe BGPVPN extension
Change-Id: I9e1a56782e258fb6982b70d9a07f35808f2b2de5
Depends-On: Ic975ec1d6b2bf6e6bd28b47ba9dd2a3ae629d149
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
Jenkins [Wed, 12 Apr 2017 10:14:09 +0000 (10:14 +0000)]
Merge "Ensure directory exists for certificates for httpd"
Oliver Walsh [Tue, 11 Apr 2017 20:42:44 +0000 (21:42 +0100)]
Stop SSHD profile clobbering SSH client config
Including the ::ssh manifest will manage both client and server config.
Managing the client config was not intended and will clobber the OS
default config with the puppet ssh moduled defaults.
Follow up for https://review.openstack.org/443113 where I found the issue after
the changes merged.
Change-Id: I6329f5ebbe8fc3950449e325e56293872d11e1b5
Related-Bug:
1668543
Juan Antonio Osorio Robles [Fri, 24 Mar 2017 09:31:12 +0000 (11:31 +0200)]
Ensure directory exists for certificates for httpd
We used to rely on a standard directory for the certificates and keys
that are requested by certmonger. However, given the approach we plan to
take for containers that's described in the blueprint, we need to use
service-specific directories for the certs/keys, since we plan to
bind-mount these into the containers, and we don't want to bind mount
any keys/certs from other services.
Thus, we start by creating this directories if they don't exist in the
filesystem and adding the proper selinux labels.
bp tls-via-certmonger-containers
Change-Id: I0b71902358b754fa8bd7fdbb213479503c87aa46
Julie Pichon [Tue, 11 Apr 2017 10:41:49 +0000 (11:41 +0100)]
Update UI language list
Change-Id: I848b3cc747f1be06aeda57ba15d4ec557c23ad46
Depends-On: Idf3d82058d87d9c8a3b6d8973d5166043dad2252
Jenkins [Tue, 11 Apr 2017 06:10:03 +0000 (06:10 +0000)]
Merge "Add registry_mirror to base::docker profile"
Jenkins [Tue, 11 Apr 2017 02:25:15 +0000 (02:25 +0000)]
Merge "Use docker profile in docker_registry"
Juan Antonio Osorio Robles [Mon, 10 Apr 2017 13:09:51 +0000 (16:09 +0300)]
etcd: Make HAProxy terminate TLS connections
When TLS is enabled for the internal network, HAProxy needs to handle
etcd's TLS termination. Else it will use plain text.
bp secure-etcd
Change-Id: I20651240edcff0953741d4e8e01fa9a7ab185863
Jenkins [Mon, 10 Apr 2017 13:45:40 +0000 (13:45 +0000)]
Merge "Move etcd to step 2"
Dan Prince [Fri, 7 Apr 2017 20:21:39 +0000 (16:21 -0400)]
Add registry_mirror to base::docker profile
This patch adds a new registry_mirror option to help
configure /etc/docker/daemon.json so that we can make use
of HTTP docker mirrors within upstream TripleO CI (infra).
Change-Id: I4b966e9b9b174ca5a6f57974185e0149ea12f232
Dan Prince [Fri, 7 Apr 2017 20:07:12 +0000 (16:07 -0400)]
Use docker profile in docker_registry
The docker_registry profile has resources to configure
the docker service and package. These conflict with the
entries in the tripleo::profile::base::docker class which
exists specifically to manage these resources (and has
unit tests).
This patch removes the duplicate resources and updates
the docker_registry profile to simply include the
base docker profile instead.
This instack-undercloud change below needs to land first.
Depends-On: I6154f4c7435b02b92f6f64687e9ee89d6b86186a
Change-Id: I75c740e7efc6662861c28caeb7fa965ba55438cb
Jenkins [Fri, 7 Apr 2017 18:45:48 +0000 (18:45 +0000)]
Merge "Adding listen_options for Contrail Webui https in haproxy"
Jenkins [Fri, 7 Apr 2017 18:45:43 +0000 (18:45 +0000)]
Merge "TLS-everywhere: Add resources for libvirt's cert for live migration"
Jenkins [Fri, 7 Apr 2017 18:45:18 +0000 (18:45 +0000)]
Merge "Stop including ironic::drivers::ssh in the ironic-conductor profile"
Jenkins [Fri, 7 Apr 2017 18:05:40 +0000 (18:05 +0000)]
Merge "Enable creation of keystone domain when ldap backends are created"
Jenkins [Fri, 7 Apr 2017 17:43:57 +0000 (17:43 +0000)]
Merge "syntax error extra comma in rabbitmq.pp"
Jenkins [Fri, 7 Apr 2017 17:32:58 +0000 (17:32 +0000)]
Merge "Add networking-vpp ML2 mechanism driver support"
Jenkins [Fri, 7 Apr 2017 14:44:50 +0000 (14:44 +0000)]
Merge "Add missing octavia auth include to keystone manifest"
Jenkins [Fri, 7 Apr 2017 13:50:18 +0000 (13:50 +0000)]
Merge "Make galera-ready exec refreshonly"
Jon Schlueter [Fri, 7 Apr 2017 11:29:09 +0000 (07:29 -0400)]
syntax error extra comma in rabbitmq.pp
bundle rake syntax
Could not parse for environment *root*: Syntax error at ')'; expected '}'
Change-Id: Idfb254df068b3d7342a6ea3c71dabd1316a61bdf
Dmitry Tantsur [Tue, 4 Apr 2017 09:26:13 +0000 (11:26 +0200)]
Stop including ironic::drivers::ssh in the ironic-conductor profile
The SSH drivers are deprecated, pxe_ipmitool + virtualbmc should be used instead.
This is a follow-up to blueprint switch-to-virtualbmc.
Change-Id: I4fd567dffa3992042eebcf495334b8130e1bdc9f
Juan Antonio Osorio Robles [Tue, 28 Mar 2017 11:17:21 +0000 (14:17 +0300)]
TLS-everywhere: Add resources for libvirt's cert for live migration
This merely requests the certificates that will be used for libvirt's
live migration if TLS-everywhere is enabled.
bp tls-via-certmonger
Change-Id: If18206d89460f6660a81aabc4ff8b97f1f99bba7
Jenkins [Fri, 7 Apr 2017 07:50:17 +0000 (07:50 +0000)]
Merge "Don't try and create the my.cnf.d dir everytime"
Juan Antonio Osorio Robles [Fri, 7 Apr 2017 07:09:11 +0000 (10:09 +0300)]
Enable creation of keystone domain when ldap backends are created
This sets the flag create_domain_entry for the ldap_backend resource,
which will create the domain for the ldap backend (this was previously
not the case since only the configuration was created). Furtherly, this
flag will also refresh the keystone server, so the changes come into
effect.
Note that this is only done in step 3, so the domains are created there
and the refresh happens in that step. Also, this is only done for the
bootstrap node, since when the other nodes start, they will already have
the domains available in the keystone database and there won't be a need
to restart.
Related-Bug: #
1677603
Depends-On: Ib6c633b6a975e4b760c10a2aef3c252885b05e28
Change-Id: Id879cf5c5ae39d37bf58b73c78733001d2b03d9c
Jenkins [Fri, 7 Apr 2017 07:04:52 +0000 (07:04 +0000)]
Merge "Composable services support for Cinder Pure Storage FlashArray"
Jenkins [Fri, 7 Apr 2017 05:14:51 +0000 (05:14 +0000)]
Merge "Adjust UI manifest (language list)"
Jenkins [Fri, 7 Apr 2017 02:49:31 +0000 (02:49 +0000)]
Merge "Migrate Swift ring handling from tripleo-heat-templates to puppet-tripleo"
Jenkins [Fri, 7 Apr 2017 02:39:21 +0000 (02:39 +0000)]
Merge "Adding OVNDBs vip to keepalive"
Jenkins [Fri, 7 Apr 2017 00:43:41 +0000 (00:43 +0000)]
Merge "Make the cluster-check property configurable"
Jenkins [Fri, 7 Apr 2017 00:43:34 +0000 (00:43 +0000)]
Merge "Add httpchk for http services"
Jenkins [Thu, 6 Apr 2017 23:18:29 +0000 (23:18 +0000)]
Merge "Include ironic::drivers::interfaces in the ironic-conductor profile"
Jenkins [Thu, 6 Apr 2017 23:16:39 +0000 (23:16 +0000)]
Merge "Adding support for Bagpipe Agent as BGPVPN driver"
Jenkins [Thu, 6 Apr 2017 22:30:06 +0000 (22:30 +0000)]
Merge "Add a trigger to call ldap_backend define"
Alex Schultz [Thu, 6 Apr 2017 20:12:01 +0000 (14:12 -0600)]
Make galera-ready exec refreshonly
Previously we were always run the galera-ready exec every step. This
change switches it to be refreshonly so we only wait when the service is
setup or restarted.
Change-Id: I5ff9d49c2590751913b96777bcd72c8a15627a01
Closes-Bug: #
1680586
Brent Eagles [Tue, 4 Apr 2017 07:26:20 +0000 (04:56 -0230)]
Add missing octavia auth include to keystone manifest
This patch adds the appropriate include to make sure that appropriate
keystone user, services, etc. are created when octavia is selected.
Closes-bug: #
1680588
Change-Id: I0b6d657a0300538292223923d8808c23f936c193
Alex Schultz [Thu, 6 Apr 2017 19:03:59 +0000 (13:03 -0600)]
Don't try and create the my.cnf.d dir everytime
The creation of /etc/my.cnf.d is not idempotent and is run anytime the
mysql client profile is included. This change adds an unless parameter
to ensure it is only run if not used.
Change-Id: I4a30eaccf72f5687dc22ba93c19136e55d36dcab
Closes-Bug: #
1680570
Julie Pichon [Thu, 6 Apr 2017 10:19:52 +0000 (11:19 +0100)]
Adjust UI manifest (language list)
tripleo-ui is removing en-GB from the locale list, adjust the manifest
to reflect this change.
Change-Id: If3f6603d703a1af07a7eaab56e47e8b0b90947af
Related-Bug: #
1680397
Jenkins [Thu, 6 Apr 2017 02:10:26 +0000 (02:10 +0000)]
Merge "Clean up TLS-related bits from swift-proxy"
Jenkins [Thu, 6 Apr 2017 00:20:19 +0000 (00:20 +0000)]
Merge "Fix missing groups for fluentd user"
Jenkins [Wed, 5 Apr 2017 19:53:07 +0000 (19:53 +0000)]
Merge "Add TLS in the internal network for Swift Proxy"
Jenkins [Wed, 5 Apr 2017 17:21:14 +0000 (17:21 +0000)]
Merge "Introduce profile to configure l2 gateway Neutron agent."
Cyril Lopez [Thu, 30 Mar 2017 13:54:32 +0000 (15:54 +0200)]
Add a trigger to call ldap_backend define
Ldap_backend is a define so we need a resource to talk it. If
ldap_backend_enable set by tripleo-heat-templates, we call the
ldap_backend as a resource.
Given an environment such as the following:
parameter_defaults:
KeystoneLdapDomainEnable: true
KeystoneLDAPBackendConfigs:
tripleoldap:
url: ldap://192.0.2.250
user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com
password: Secrete
suffix: dc=redhat,dc=example,dc=com
user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com
user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)"
user_objectclass: person
user_id_attribute: cn
user_allow_create: false
user_allow_update: false
user_allow_delete: false
ControllerExtraConfig:
nova::keystone::authtoken::auth_version: v3
cinder::keystone::authtoken::auth_version: v3
It would then create a domain called tripleoldap with an LDAP
configuration as defined by the hash. The parameters from the
hash are defined by the keystone::ldap_backend resource in
puppet-keystone.
More backends can be added as more entries to that hash.
Partial-Bug:
1677603
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Authored-By: Guillaume Coré <gucore@redhat.com>
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
Change-Id: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db
Christian Schwede [Fri, 17 Feb 2017 16:31:52 +0000 (16:31 +0000)]
Migrate Swift ring handling from tripleo-heat-templates to puppet-tripleo
This allows decoupling the Swift ringbuilding logic from the Controller
and ObjectStorage roles. A follow up patch will modify
tripleo-heat-templates and use this modified class.
Actually this downloads the Swift rings even if ring building is
disabled or if there is no need to rebalance. This is required, because
operators can disable ring building, but use the same mechanism to
distribute pre-built rings to the nodes.
If ring building is disabled, these won't be uploaded at the end back to
the undercloud.
Related-Bug:
1665641
Change-Id: Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b
Jenkins [Wed, 5 Apr 2017 13:47:50 +0000 (13:47 +0000)]
Merge "Certmonger/rabbitmq: Remove parameter doc for unexisting parameter"
Ricardo Noriega [Wed, 5 Apr 2017 11:36:50 +0000 (13:36 +0200)]
Adding support for Bagpipe Agent as BGPVPN driver
Partially-Implements: blueprint bgpvpn-service-integration
Change-Id: I54ef40f9d958e87d187a6d124995aa6951c0651a
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
Jenkins [Wed, 5 Apr 2017 07:41:56 +0000 (07:41 +0000)]
Merge "SSHD Service extensions"
Michele Baldessari [Tue, 4 Apr 2017 16:15:06 +0000 (18:15 +0200)]
Make the cluster-check property configurable
This change will make the global cluster-check property configurable
and will pick a lower default (60s) in case a pacemaker remote node
is deployed.
The cluster-recheck-interval is set to default to 15minutes by
pacemaker. This value is too high when a pacemaker remote service
is deployed. With this default value a reboot of a pacemaker remote
node will be reported as offline by pacemaker for up to 15minutes.
With this change we do the following:
1) Do nothing in case pacemaker remote is not deployed
2) When pacemaker remote is deployed and the operator has not
specified otherwise, we set the recheck interval to 60s.
3) When the operator specifies the recheck interval we set that.
Change-Id: I900952b33317b7998a1f26a65f4d70c1726df19c
Closes-Bug: #
1679753
Juan Antonio Osorio Robles [Wed, 5 Apr 2017 06:12:37 +0000 (09:12 +0300)]
Certmonger/rabbitmq: Remove parameter doc for unexisting parameter
This parameter was used at some point in the implementation but ended up
not being needed in favor of getting this information from the puppet
manifest. So it's removed as the parameter doesn't actually exist.
Change-Id: I09f4091ee7a2221b26249959ea2927090d36ba0f
Feng Pan [Tue, 7 Mar 2017 14:43:14 +0000 (09:43 -0500)]
Move etcd to step 2
Etcd should be configured and started in step 2 with other core
services when required.
Change-Id: If95a74d211a194f2bfbe9653a6e19e05b095a210
Signed-off-by: Feng Pan <fpan@redhat.com>
Jenkins [Tue, 4 Apr 2017 23:29:06 +0000 (23:29 +0000)]
Merge "Configure migration SSH tunnel"
Jenkins [Tue, 4 Apr 2017 22:09:54 +0000 (22:09 +0000)]
Merge "Refactor enabled languages from an array to a hash"
Jenkins [Tue, 4 Apr 2017 22:02:55 +0000 (22:02 +0000)]
Merge "Use correct manage_firewall hieradata"
Jenkins [Tue, 4 Apr 2017 21:50:00 +0000 (21:50 +0000)]
Merge "Fixes missing neutron base in sriov"
Jenkins [Tue, 4 Apr 2017 19:02:23 +0000 (19:02 +0000)]
Merge "Remove cluster_enabled setting for etcd"
Alex Schultz [Tue, 28 Feb 2017 16:46:47 +0000 (16:46 +0000)]
Add httpchk for http services
The httpchk health check option should help reduce the situtations
where haproxy thinks the service is up but the service is only
listening and not actively serving http requests.
Change-Id: I13cc5dcf2eea53731e756d078586ab9a97340912
Closes-Bug: #
1629052
lhinds [Wed, 8 Mar 2017 12:32:57 +0000 (12:32 +0000)]
SSHD Service extensions
This change adds an `include` statement to bring in the extra
functionality available from the existing puppet-ssh module in
already available in RDO.
By using puppet-ssh it provides a framework to allow the passing in of
server options using just hiera values under ssh::server_options.
For example, sshd_config banner can now be passed a server option, as
well as all the new parameters outlined in the launchpad issue that
the patch references for Closing. For this reason, the former augeas
setting for `Banner /etc/issue` is now managed by the main puppet-ssh
module instead.
The change also allows population of MOTD text to `/etc/motd` as
well as `issue.net`.
$bannertext is refactored in accordance with patch [1]
[1] https://review.openstack.org/#/c/442406/
Change-Id: Id329538fb7b623526f1d91d8a513cf3440c86a7c
Closes-Bug:
1668543
Juan Antonio Osorio Robles [Tue, 4 Apr 2017 07:10:49 +0000 (10:10 +0300)]
Clean up TLS-related bits from swift-proxy
bp tls-via-certmonger
Change-Id: I8a66d3a067f934ea30b668308237cbca1d58fbb8
Depends-On: I3cb9d53d75f982068f1025729c1793efaee87380
Juan Antonio Osorio Robles [Tue, 4 Apr 2017 06:54:21 +0000 (09:54 +0300)]
Add TLS in the internal network for Swift Proxy
This adds the necessary bits for a TLS Proxy to be placed in front of
swift proxy when TLS-everywhere is enabled.
This will be furtherly cleaned up once the t-h-t bits are added.
bp tls-via-certmonger
Change-Id: I6e7193cc5b4bb7e56cc89e0a293c91b0d391c68e
Jenkins [Mon, 3 Apr 2017 23:23:54 +0000 (23:23 +0000)]
Merge "Deploy WSGI apps at the same step (3)"
Jenkins [Mon, 3 Apr 2017 22:25:10 +0000 (22:25 +0000)]
Merge "Add tunnel timeout for ui proxy container"
Simon Dodsley [Fri, 31 Mar 2017 13:30:59 +0000 (09:30 -0400)]
Composable services support for Cinder Pure Storage FlashArray
Added the heat templates for Cinder Pure Storage FlashArray
backend to use composable services
Change-Id: I6f46f45a3af394de85672261c7d72ddc492a07b2
Dmitry Tantsur [Mon, 3 Apr 2017 16:42:35 +0000 (18:42 +0200)]
Include ironic::drivers::interfaces in the ironic-conductor profile
This enables configuring new-style drivers (aha hardware types).
Part of blueprint ironic-driver-composition
Change-Id: I72eb8b06cca14073d1d1c82462fb702630e02de3
Pradeep Kilambi [Wed, 11 Jan 2017 18:56:57 +0000 (13:56 -0500)]
Restrict mongodb memory usage
Currently, mongodb has no limits on how much memory
it can consume. This enforces restriction so mongodb
service limits through systemd.
The puppet-systemd module has support for limits. The
MemoryLimit support is added in the follwoing pull
request https://github.com/camptocamp/puppet-systemd/pull/23
Closes-bug: #
1656558
Change-Id: Ie9391aa39532507c5de8dd668a70d5b66e17c891
Tim Rozet [Mon, 3 Apr 2017 14:58:49 +0000 (10:58 -0400)]
Fixes missing neutron base in sriov
This causes issues in deployments that is not using ML2
ComputeNeutronCorePlugin or OVS agent on the compute nodes.
Closes-Bug:
1679202
Change-Id: I9cdfd115add8c0d2d3ae6802e7bde007c1677c67
Signed-off-by: Tim Rozet <trozet@redhat.com>
Ben Nemec [Mon, 3 Apr 2017 14:04:47 +0000 (14:04 +0000)]
Use correct manage_firewall hieradata
The manage_firewall hieradata was moved to
tripleo::firewall::manage_firewall but some of the references to it
were not updated, which makes it impossible to completely disable
the firewall rules.
Change-Id: I5f40f3b8b07bd312cce862aa319b8a1ef331ee49
Closes-Bug:
1679189
Oliver Walsh [Tue, 28 Mar 2017 15:02:18 +0000 (16:02 +0100)]
Configure migration SSH tunnel
This patch configures SSH tunneling for nova cold-migration and reuses the
tunnel for libvirt live-migration unless TLS has been enabled.
Change-Id: I367757cbe8757d11943af7e41af620f9ce919a06
Depends-On: Iac1763761c652bed637cb7cf85bc12347b5fe7ec
Emilien Macchi [Wed, 29 Mar 2017 21:42:32 +0000 (17:42 -0400)]
Deploy WSGI apps at the same step (3)
So we avoid useless apache restart and save time during the deployment.
Related-Bug: #
1664418
Change-Id: Ie00b717a6741e215e59d219710154f0d2ce6b39e
Alex Schultz [Fri, 31 Mar 2017 23:41:36 +0000 (17:41 -0600)]
Move horizon to step 3
We configure apache in step 3 so horizon should be configured at the
same time or else updates will cause horizon to be unvailable during the
update process.
Change-Id: I4032f7c24edc0ff9ed637e213870cdd3beb9a54e
Closes-Bug: #
1678338
Jenkins [Sun, 2 Apr 2017 03:53:20 +0000 (03:53 +0000)]
Merge "Decouple ceilometer user create from API"
Dan Trainor [Fri, 31 Mar 2017 00:36:04 +0000 (20:36 -0400)]
Add tunnel timeout for ui proxy container
Add an explicit tunnel timeout configuration option to increase the
tunnel timeout for persistent socket connections from two minutes (2m)
to one hour (3600s). A configuration was already present to apply a
tunnel timeout to the zaqar_ws endpoint, but that only applies to
connections made directly to the zaqar_ws endpoint directly. Since UI
now uses mod_proxy to proxy WebSocket connections for Zaqar, the timeout
is now applied for the same reasons to the ui haproxy server.
Change-Id: If749dc9148ccf8f2fa12b56b6ed6740f42e65aeb
Closes-Bug:
1672826
Jenkins [Thu, 30 Mar 2017 22:07:36 +0000 (22:07 +0000)]
Merge "Add missing include of ::ec2api::keystone::authtoken"
Jenkins [Thu, 30 Mar 2017 21:42:20 +0000 (21:42 +0000)]
Merge "Fix deprecated eqlx parameters"
Code Review / apex-puppet-tripleo.git / log