Nicolas Hicher [Thu, 21 Jan 2016 15:21:23 +0000 (16:21 +0100)]
OpenContrail heat templates
Deploy a TripleO overcloud with OpenContrail Vrouter plugin configured
to interact with an existing OpenContrail Server Manager.
OpenContrail is an Apache 2.0-licensed project that is built using
standards-based protocols and provides all the necessary components for
network virtualization–SDN controller, virtual router, analytics engine,
and published northbound APIs. It has an extensive REST API to configure
and gather operational and analytics data from the system.
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: I699a7c4ea09d024fe4d70c6a507c524f0a7aafd5
Jenkins [Thu, 21 Jan 2016 11:06:59 +0000 (11:06 +0000)]
Merge "Rename validate tox env to linters"
Jenkins [Thu, 21 Jan 2016 10:02:53 +0000 (10:02 +0000)]
Merge "Let Puppet update all packages on non-controllers"
Ben Nemec [Tue, 15 Dec 2015 22:35:53 +0000 (16:35 -0600)]
Rename validate tox env to linters
This is the new blessed naming scheme for lint-type jobs such as
pep8 or the yaml validation job we have in this project. Doing
this rename will allow us to use standard infra job templates
to run validation on proposed changes.
Change-Id: I0a4c4372429a08e0babb4d323f2b027f1d95f3d7
Jenkins [Tue, 19 Jan 2016 17:08:59 +0000 (17:08 +0000)]
Merge "Fix tunnel_types hieradata on compute nodes"
Jenkins [Tue, 19 Jan 2016 17:06:34 +0000 (17:06 +0000)]
Merge "Fix neutron-nova notifications"
Ben Nemec [Mon, 18 Jan 2016 23:39:38 +0000 (17:39 -0600)]
Fix tunnel_types hieradata on compute nodes
There was a missing : in the hieradata for the compute nodes that
caused tunnel_types to not be configured. This also made it
impossible to boot instances on tunneled networks because the port
binding always failed.
Change-Id: Icc2a45aa9514ce62497f91e6abe9261d1c1374ed
Partial-Bug:
1534349
Ben Nemec [Mon, 18 Jan 2016 23:48:52 +0000 (17:48 -0600)]
Fix neutron-nova notifications
In our neutron.conf we configure both keystone v2 and v3 options,
which confuses the keystoneclient code responsible for deciding
which to use. For whatever reason, having it talk to the
unversioned keystone endpoint and letting the client decide which
version that way makes it happy. Except that we write a wrong
value for project_name, which makes it unhappy again.
This change fixes both of those issues, which allows notifications
to work again.
Change-Id: Ic3a329354d0ed071363183b5e06c0a42d2dd84ad
Closes-Bug:
1519525
Jenkins [Mon, 18 Jan 2016 23:16:15 +0000 (23:16 +0000)]
Merge "Set the name property for all deployment resources"
James Slagle [Fri, 15 Jan 2016 18:52:03 +0000 (13:52 -0500)]
Let Puppet update all packages on non-controllers
With I02f7cf07792765359f19fdf357024d9e48690e42[1] in puppet-tripleo,
puppet is capable of updating all packages itself on non controller
nodes now.
This is a safer mechanism than using the exclude logic in yum_update.sh
since that can cause depdency problems across sub packages.
[1] https://review.openstack.org/#/c/261041/
Closes-Bug:
1534785
Change-Id: I9075a1bb85baa65a9d0afc5d0fd31a1f99a98819
Juan Antonio Osorio Robles [Thu, 14 Jan 2016 15:17:27 +0000 (17:17 +0200)]
Enable keystone handling of X-Forwarded-Proto header
If the X-Forwarded-Proto header is received by keystone, this option
will make the service properly handle it. This is useful, for instance,
if TLS is enabled for the admin endpoint.
Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
Jenkins [Wed, 13 Jan 2016 20:53:03 +0000 (20:53 +0000)]
Merge "Use pymysql database driver for OpenStack DBs"
Jenkins [Tue, 12 Jan 2016 17:31:04 +0000 (17:31 +0000)]
Merge "Sahara Integration"
Emilien Macchi [Fri, 8 Jan 2016 16:09:09 +0000 (11:09 -0500)]
Use pymysql database driver for OpenStack DBs
PyMySQL is a new driver introduced in Liberty.
This patch change the MySQL url to use mysql+pymysql like recommanded.
Change-Id: I28e14acacba865241a0cc388a879a003181a85f3
Depends-On: I7604cca9e2d7bf0b93c820adec5f937f72b64fa8
Closes-Bug: #
1499298
Ethan Gafford [Wed, 26 Aug 2015 21:43:52 +0000 (17:43 -0400)]
Sahara Integration
Integration of OpenStack data processing service (sahara) with
TripleO.
- Deploys sahara in distributed mode (separate api and engine
processes on each controller node)
- Load balancing w/haproxy
- RabbitMQ/MySQL supported per current TripleO standard
- Minimal configurability at this time
Change-Id: I77a6a69ed5691e3b1ba34e9ebb4d88c80019642c
Partially-implements: blueprint sahara-integration
Depends-On: I0f0a1dc2eaa57d8226bad8cfb250110296ab9614
Depends-On: Ib84cc59667616ec94e7edce2715cbd7dd944f4ae
Depends-On: I9fe321fd4284f7bfd55bd2e69dcfe623ed6f8a2a
Martin Mágr [Wed, 5 Aug 2015 14:28:04 +0000 (16:28 +0200)]
Switch for Keystone DB cron job
- Adds parameter to enable switching off token flush cron job.
- Sets destination for deleted rows to /dev/null
Change-Id: I9e8aed969e81595d8a1d0a5300da17da6ba15c03
Partial-bug: rhbz#
1249106
Depends-On: I5e51562338f68b4ba1b2e942907e6f6a0ab7a61e
Jenkins [Fri, 8 Jan 2016 11:25:59 +0000 (11:25 +0000)]
Merge "Add ExtraConfig to cinder storage role"
Jenkins [Fri, 8 Jan 2016 09:06:56 +0000 (09:06 +0000)]
Merge "Fix yaml validation errors in multiple-nics templates"
Jenkins [Thu, 7 Jan 2016 23:59:30 +0000 (23:59 +0000)]
Merge "updating enable_ceph conditions for controller"
Jenkins [Thu, 7 Jan 2016 23:58:46 +0000 (23:58 +0000)]
Merge "Adding ManagementIpSubnet to linux bridge net conf"
Jenkins [Thu, 7 Jan 2016 17:30:24 +0000 (17:30 +0000)]
Merge "Use new heat-docker-agents images"
Jenkins [Thu, 7 Jan 2016 17:23:10 +0000 (17:23 +0000)]
Merge "Remove deleted Cinder rows"
Jenkins [Thu, 7 Jan 2016 11:56:58 +0000 (11:56 +0000)]
Merge "Add TimeZone parameter for all node types"
Jenkins [Thu, 7 Jan 2016 11:40:01 +0000 (11:40 +0000)]
Merge "Enable configuration of Neutron QoS"
Brent Eagles [Wed, 18 Nov 2015 17:25:26 +0000 (13:55 -0330)]
Enable configuration of Neutron QoS
This change adds support for setting the configuration options required
to enable the quality of service feature in Neutron. The default values
will enable the feature.
Closes-Bug: #
1524052
Depends-On: Iefc289a6eee13b9c66f8131c258af982f232df4b
Change-Id: I1abf7d37d39e6927e482b56de4ee3d3d7c313a1c
rajinir [Thu, 12 Nov 2015 22:50:39 +0000 (16:50 -0600)]
Enable Dell Storage Center iscsi Backends in Cinder
Enables support for configuring Cinder with a Dell
Storage Center iscsi storage backend.
This change adds all relevant parameters for:
- Dell Storage Center SC Series (iSCSI)
Change-Id: I3b1a4346f494139ab123c7dc1a62f81d03c9e728
Jenkins [Wed, 6 Jan 2016 16:40:40 +0000 (16:40 +0000)]
Merge "Enable Equallogic Backends in Cinder"
Jenkins [Wed, 6 Jan 2016 12:55:46 +0000 (12:55 +0000)]
Merge "Ensure cluster remains stable during services restarts"
Jenkins [Wed, 6 Jan 2016 12:18:31 +0000 (12:18 +0000)]
Merge "Bump the pacemaker service op_params to 200s for start and stop"
Martin Mágr [Tue, 4 Aug 2015 12:00:11 +0000 (14:00 +0200)]
Remove deleted Cinder rows
Creates cron job running every 24 hours
for "cinder-manage db purge"
Partial-bug: rhbz#
1249106
Change-Id: I9156e0bf1401eda49a7c9a2921dc3a8723af026d
Depends-On: I677f2ef3d9ca81fff0f672c8e34b6e4278674a96
Jenkins [Wed, 6 Jan 2016 09:04:18 +0000 (09:04 +0000)]
Merge "Align template defaults with the client"
Dan Radez [Mon, 4 Jan 2016 18:59:46 +0000 (13:59 -0500)]
updating enable_ceph conditions for controller
- keeping enabled based on ceph node count being greater than 0
- adding enabled if ControllerEnableCephStorage is true
Intention here is to be able to run ceph without having dedicated
nodes for. Enabling Ceph alternativly from the ControllerEnableCeph
parameter allows ceph to be colocated on the controllers without
having to run any dedicated ceph nodes.
Change-Id: I71062d37226c679156380c0f4e194b51cb586bcf
Signed-off-by: Dan Radez <dradez@redhat.com>
James Slagle [Fri, 4 Dec 2015 21:36:11 +0000 (16:36 -0500)]
Add ExtraConfig to cinder storage role
The ExtraConfig resource was missing from the cinder
storage role. Adding it for consistency.
Change-Id: I05ad33c113af6f67ded7699976103508c47a3f1a
marios [Tue, 5 Jan 2016 13:35:31 +0000 (15:35 +0200)]
Bump the pacemaker service op_params to 200s for start and stop
Based on observed timeouts during updates bump the stop and start
timeouts for pacemaker service resources (via op_params) to 200.
This is based on the reasoning that the full timeout may be as
long as two elapsed timeout intervals. After an initial timeout,
the sigterm that follows is then allowed another
DefaultTimeoutStopSec seconds. The 200s is produced by allowing
this 2xDefaultTimeoutStopSec (@90s for systemd) and some
scheduling delta. Many thanks to Michele Baldessari.
Closes-Bug:
1531204
Change-Id: If6b43982c958f63bc78ad997400bf1279c23df7e
Jenkins [Tue, 5 Jan 2016 15:21:01 +0000 (15:21 +0000)]
Merge "Remove deleted Nova rows"
Giulio Fidente [Fri, 18 Dec 2015 16:36:25 +0000 (17:36 +0100)]
Ensure cluster remains stable during services restarts
Using crm_resource --wait we wait for the cluster to get into
a stable state before moving into the next step of the piloted
restart procedure.
Change-Id: I80199653024383fd07900dad0b8d23fb8afade26
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Ryan Hallisey [Fri, 4 Dec 2015 14:14:50 +0000 (14:14 +0000)]
Use new heat-docker-agents images
Hosted at tripleoupstream/heat-docker-agents.
Change-Id: I2133a7cb789a34c60b87339d816d29d353cb015f
Jenkins [Tue, 5 Jan 2016 13:10:26 +0000 (13:10 +0000)]
Merge "Network Isolation support for containerized compute"
Nico Auv [Wed, 25 Nov 2015 15:34:48 +0000 (16:34 +0100)]
Add TimeZone parameter for all node types
Adds a TimeZone parameter for node types and the top level
stack. Defaults to UTC.
Change-Id: I98123d894ce429c34744233fe3e631cbdd7c12b5
Depends-On: Icf7c681f359e3e48b653ea4648db6a73b532d45e
Jaume Devesa [Tue, 5 Jan 2016 10:38:15 +0000 (10:38 +0000)]
Adding ManagementIpSubnet to linux bridge net conf
Because of the new ManagementIpSubnet parameter (introduced by the
15bb6726 commit), the net-config-linux-bridge network configuration file
must be updated.
Change-Id: I020692eedd9a96e28d0b871e2c27b4f0ee87e3fa
Jenkins [Tue, 5 Jan 2016 10:19:15 +0000 (10:19 +0000)]
Merge "Wait for cluster to settle in yum_update.sh"
Ryan Hallisey [Mon, 7 Dec 2015 16:57:21 +0000 (11:57 -0500)]
Network Isolation support for containerized compute
The template will all neutron-agents to be configured so that it can
run the network isolation templates on the containerized compute node.
Co-Authored-By: Dan Prince <dpince@redhat.com>
Change-Id: I7837ed7ed3e807ec5c1276904893695918bef293
Jenkins [Mon, 4 Jan 2016 19:04:12 +0000 (19:04 +0000)]
Merge "Convert JSON generations from bash to python"
Jiri Stransky [Thu, 17 Dec 2015 13:40:15 +0000 (14:40 +0100)]
Wait for cluster to settle in yum_update.sh
Occasionally we hit "Error: unable to push cib" during update. This is
probably due to the fact that when we try to replace cib in
yum_update.sh, services on the previous updated controller are still
coming up and changing cib, and racing/conflicting with the cib push
from yum_update.sh.
This commit adds waiting for the cluster to settle before exiting from
yum_update.sh, to avoid this kind of conflict.
Also a check for cib-push success is added, to make the update fail
properly instead of hanging indefinitely as we've observed with this
issue.
Change-Id: I953087e0e565474ac553fd57bea2459d2e3a6081
Closes-Bug: #
1527644
Martin Mágr [Fri, 31 Jul 2015 14:01:56 +0000 (16:01 +0200)]
Remove deleted Nova rows
Creates cron job running every twelve hours
for "nova-manage db archive_deleted_rows"
Partial-bug: rhbz#
1249106
Depends-On: Ic674f4d39bc88f89abfeb0ce99a571c2534e57e4
Change-Id: I4740cc02aa9714f48798521fe9918ac3487db031
Jenkins [Tue, 29 Dec 2015 06:34:27 +0000 (06:34 +0000)]
Merge "Enable TLS in loadbalancer if cert path is detected"
Jenkins [Wed, 23 Dec 2015 17:29:37 +0000 (17:29 +0000)]
Merge "Add all isolated networks to all nodes."
Jenkins [Wed, 23 Dec 2015 17:27:25 +0000 (17:27 +0000)]
Merge "Add Management Network For System Administration."
Jenkins [Wed, 23 Dec 2015 16:37:17 +0000 (16:37 +0000)]
Merge "Remove unsafe "unset" defaults"
Jenkins [Tue, 22 Dec 2015 21:55:42 +0000 (21:55 +0000)]
Merge "Fix description of control plane route parameter"
Jenkins [Tue, 22 Dec 2015 21:31:44 +0000 (21:31 +0000)]
Merge "Add sample environment file to document usage of predictable IPs"
Jenkins [Tue, 22 Dec 2015 07:45:33 +0000 (07:45 +0000)]
Merge "MidoNet heat templates"
Jenkins [Mon, 21 Dec 2015 20:27:10 +0000 (20:27 +0000)]
Merge "Add SoftwareConfigTransport for switching transports"
Jaume Devesa [Sat, 17 Oct 2015 16:30:36 +0000 (16:30 +0000)]
MidoNet heat templates
Deploy a TripleO overcloud with networking midonet. MidoNet is a
monolithic plugin and quite changes on the puppet manifest must be done.
Depends-On: I72f21036fda795b54312a7d39f04c30bbf16c41b
Depends-On: I6f1ac659297b8cf6671e11ad23284f8f543568b0
Depends-On: Icea9bd96e4c80a26b9e813d383f84099c736d7bf
Change-Id: I9692e2ef566ea37e0235a6059b1ae1ceeb9725ba
Ben Nemec [Thu, 3 Dec 2015 00:08:34 +0000 (18:08 -0600)]
Fix yaml validation errors in multiple-nics templates
One of the interfaces was not indented at the same level as the
others in some of the templates.
Change-Id: Iabd835724848d754d5522968e1c8e3cf9f78e6c6
Dan Sneddon [Tue, 24 Nov 2015 17:08:01 +0000 (09:08 -0800)]
Add all isolated networks to all nodes.
This change allows every overcloud node to optionally participate in
any of the isolated networks. The optional networks are not enabled
by default, but allow additional flexibility. Since the new networks
are not enabled by default, the standared deployment is unchanged.
This change was originally requested for OpenDaylight support.
There are several use cases for using non-standard networks.
For instance, one example might be adding the Internal API network
to the Ceph nodes, in order to use that network for administrative
functions. Another example would be adding the Storage Management
network to the compute nodes, in order to use it for backup. Without
this change, any deviation from the standard set of roles that use a
network is a custom change to the Heat templates, which makes
upgrades much more difficult.
Change-Id: Ia386c964aa0ef79e457821d8d96ebb8ac2847231
Dan Sneddon [Mon, 21 Sep 2015 20:41:21 +0000 (13:41 -0700)]
Add Management Network For System Administration.
This change adds a system management network to all overcloud
nodes. The purpose of this network is for system administration,
for access to infrastructure services like DNS or NTP, or for
monitoring. This allows the management network to be placed on a
bond for redundancy, or for the system management network to be
an out-of-band network with no routing in or out. The management
network might also be configured as a default route instead of the
provisioning 'ctlplane' network.
This change does not enable the management network by default. An
environment file named network-management.yaml may be included to
enable the network and ports for each role. The included NIC config
templates have been updated with a block that may be uncommented
when the management network is enabled.
This change also contains some minor cleanup to the NIC templates,
particularly the multiple nic templates.
Change-Id: I0813a13f60a4f797be04b34258a2cffa9ea7e84f
Giulio Fidente [Mon, 14 Dec 2015 19:08:46 +0000 (20:08 +0100)]
Align template defaults with the client
This aligns the parameter default values from python-tripleoclient
with tripleo-heat-templates. This is in preparation for removing
all the defaults from the client, and maintaining them only in the
templates.
Change-Id: I7b635a250f1ecc170e18d8e434f0118c6fcbb942
Co-Authored-By: James Slagle <jslagle@redhat.com>
Jenkins [Fri, 18 Dec 2015 11:00:33 +0000 (11:00 +0000)]
Merge "Fix typo in HostsEntry output description"
Jenkins [Fri, 18 Dec 2015 10:22:39 +0000 (10:22 +0000)]
Merge "Allow for usage of pre-allocated IPs for the controller nodes"
Ryan Hallisey [Thu, 3 Dec 2015 18:54:30 +0000 (18:54 +0000)]
Convert JSON generations from bash to python
Python script in the heat template will handle JSON generation
for the containers.
Change-Id: I296fd4a4948f3f937e3a108bc926af6415b350c4
Jenkins [Thu, 17 Dec 2015 18:15:38 +0000 (18:15 +0000)]
Merge "Add fixup for pcs order constraints after update to new templates"
Jenkins [Thu, 17 Dec 2015 18:14:06 +0000 (18:14 +0000)]
Merge "pacemaker: run neutron-server-start-wait-stop only at step 4"
Jenkins [Thu, 17 Dec 2015 18:13:58 +0000 (18:13 +0000)]
Merge "Implement Workers parameters"
Jenkins [Wed, 16 Dec 2015 11:12:59 +0000 (11:12 +0000)]
Merge "Wire Neutron ML2 plugin and OVS agent settings as arrays"
Jiri Tomasek [Fri, 6 Nov 2015 10:54:31 +0000 (11:54 +0100)]
Add capabilities map
This file holds metadata about the capabilities of the tripleo-heat-templates
repository for deployment using puppet. It groups configuration by topic,
describes possible combinations of environments and resource capabilities
It's main purpose is to provide relevant information to the user to guide
him through the deployment options. tripleo-common can use this
information to streamline deployment process on environment and resource
registry level. Heat templates themself aren't currently able to provide
this information.
Change-Id: I82a7ba6defc13ac2efae73a6caa36bfee69dd94b
marios [Mon, 23 Nov 2015 18:10:45 +0000 (20:10 +0200)]
Add fixup for pcs order constraints after update to new templates
In https://review.openstack.org/#/c/248572/ yum_update.sh
sets the pcs constraints before restarting the cluster. However
after post-update pacemaker run, the previous constraint of
neutron-server...neutron-ovs-cleanup is re-added. Explicitly
remove this before the post-update restart of certain services
Change-Id: I84dd650dcc66ce3f48926cf369b7d691014c2254
Jenkins [Tue, 15 Dec 2015 13:26:50 +0000 (13:26 +0000)]
Merge "Pacemaker maintenance mode for the duration of Puppet run on update"
Giulio Fidente [Tue, 2 Jun 2015 13:33:11 +0000 (09:33 -0400)]
Wire Neutron ML2 plugin and OVS agent settings as arrays
Wires the following as arrays to the neutron module:
- mechanism_drivers
- flat_networks
- tenant_network_types
- tunnel_types
- bridge_mappings
Also updates the template version to use a Liberty feature which
allows serialization of comma_delimited_list into JSON.
Tidies up the manifests by removing the class declarations since
config is passed by the puppet/controller+compute hiera mapped_data.
Change-Id: Ie9f85fb827099f897ef750e267bc3ed3a864fe59
Co-Authored-By: Steven Hardy <shardy@redhat.com>
Jiri Stransky [Tue, 15 Dec 2015 12:25:36 +0000 (13:25 +0100)]
Fix description of control plane route parameter
In the other templates this seems to be already correct.
Change-Id: Ied3c49cca878bd370068c9b8d1cafdec176c1725
Giulio Fidente [Wed, 4 Nov 2015 13:51:08 +0000 (14:51 +0100)]
Add sample environment file to document usage of predictable IPs
This change adds a sample environment file which documents how to
assign to controllers a predictable IP on each network.
Change-Id: I5be21428c66c82488af8e0240c1614ac3b9b55f0
Giulio Fidente [Wed, 9 Dec 2015 12:07:32 +0000 (13:07 +0100)]
Allow for usage of pre-allocated IPs for the controller nodes
This change adds a new *_from_pool.yaml meant to return an IP from
a list instead of allocating a Neutron port, useful to pick an IP
from a pre-defined list and making it possible to configure, for
example an external balancer in advance (or dns), with the future
IPs of the controller nodes.
The list of IPs is provided via parameter_defaults (in the
ControllerIPs struct) using ControllerIPs param.
Also some additional VipPort types are created for the *VirtualIP
resources. The VIPs were previously created using the same port
resource used by the nodes, but when deploying with an external
balancer we want the VIP resource to be nooped instead.
Change-Id: Id3d4f12235501ae77200430a2dc022f378dce336
Jenkins [Tue, 15 Dec 2015 09:32:45 +0000 (09:32 +0000)]
Merge "Set swift replicas = min(device_count, replicas)"
Jenkins [Mon, 14 Dec 2015 22:48:51 +0000 (22:48 +0000)]
Merge "Fix wrong keypair parameter description"
Juan Antonio Osorio Robles [Mon, 14 Dec 2015 22:12:32 +0000 (00:12 +0200)]
Fix typo in HostsEntry output description
Change-Id: I72a79d8200adee8258033e8da370051bbfd1986b
Jenkins [Mon, 14 Dec 2015 22:05:57 +0000 (22:05 +0000)]
Merge "Add output for host entries"
Dan Prince [Mon, 14 Dec 2015 19:09:07 +0000 (14:09 -0500)]
Set swift replicas = min(device_count, replicas)
Per Swift upstream commit:
7035639dfd239b52d4ed46aae50f78d16ec8cbfe
Swift's ringbuilder now validates that the number of devices is greater
than or equal to the replicas.
Change-Id: I56eaa9ddda138e87f7615d3bde797b568fa5e302
Related-bug: #
1525356
Jenkins [Mon, 14 Dec 2015 15:20:41 +0000 (15:20 +0000)]
Merge "Enable per-role SchedulerHints"
Jenkins [Mon, 14 Dec 2015 15:14:41 +0000 (15:14 +0000)]
Merge "Remove deprecated overcloud-resource-registry.yaml"
Steven Hardy [Fri, 13 Nov 2015 11:18:50 +0000 (11:18 +0000)]
Pacemaker maintenance mode for the duration of Puppet run on update
This enables pacemaker maintenantce mode when running Puppet on stack
update. Puppet can try to restart some overcloud services, which
pacemaker tries to prevent, and this can result in a failed Puppet run.
At the end of the puppet run, certain pacemaker resources are restarted
in an additional SoftwareDeployment to make sure that any config changes
have been fully applied. This is only done on stack updates (when
UpdateIdentifier is set to something), because the assumption is that on
stack create services already come up with the correct config.
(Change I9556085424fa3008d7f596578b58e7c33a336f75 has been squashed into
this one.)
Change-Id: I4d40358c511fc1f95b78a859e943082aaea17899
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Co-Authored-By: James Slagle <jslagle@redhat.com>
Steve Baker [Fri, 27 Nov 2015 04:35:27 +0000 (04:35 +0000)]
Add SoftwareConfigTransport for switching transports
This change adds a SoftwareConfigTransport parameter to role templates
so that the transport can be changed via a parameter_defaults entry.
This change will have no effect on an existing overcloud as the current
default POLL_SERVER_CFN is now explicit in the parameter default.
Change-Id: I5c2a2d2170714093c5757282cba12ac65f8738a4
Jenkins [Fri, 11 Dec 2015 14:26:25 +0000 (14:26 +0000)]
Merge "Update typos"
Emilien Macchi [Thu, 10 Dec 2015 21:23:50 +0000 (16:23 -0500)]
pacemaker: run neutron-server-start-wait-stop only at step 4
neutron-server-start-wait-stop is a dangerous Exec that is exposed to
race conditions, because it does not have "onlyif" or "unless"
statements.
That means during a deployment, this exec can be run in the wrong order
during Step 5 and/or 6, while it was supposed to be run at Step 4 only.
If that happens, the exec will fail because puppet tries to start
neutron-server while Pacemaker already started the resource. So in that
case, systemd would returns 1 to Puppet which would return 6 to the
overcloud deployment and the deployment would fail to finish correctly.
This patch aims to prevent from this scenario by making sure we run the
exec only during the step 4.
Also, in order to secure it a bit more, we add 'unless' statement to
this exec, so we would make sure the Puppet run would be idempotent and
the Exec would run one successful time only.
https://bugzilla.redhat.com/show_bug.cgi?id=
1290582
Change-Id: I42813c5cff6c525c15c9c24baad4e355f88af672
Steven Hardy [Thu, 10 Dec 2015 10:40:16 +0000 (10:40 +0000)]
Fix wrong keypair parameter description
The parameters have nothing to do with EC2 keypairs, they are used to
specify Nova SSH key pairs.
Change-Id: Ia8d37cb5c443812d02133747cb54fcaf0110d091
Steve Baker [Thu, 10 Dec 2015 01:48:04 +0000 (14:48 +1300)]
Set the name property for all deployment resources
There are two reasons the name property should always be set for deployment
resources:
- The name often shows up in logs, files and API calls, the default
derived name is long and unhelpful
- Sorting by name determines the merge order of os-apply-config, and the
execution order of puppet/shell scripts (note this is different to
resource dependency order) so leaving the default name results in an
undetermined order which could lead to unpredictable deployment of
configs
This change simply sets the name to the resource name, but a future change
should prepend each name with a run-parts style 2 digit prefix so that the
order is explicitly stated. Documentation for extraconfig needs to clearly
state what prefix is needed to override which merge/execution order.
For existing overcloud stacks, heat currently replaces deployment resources
when the name changes, so this change
Depends-On: I95037191915ccd32b2efb72203b146897a4edbc9
Change-Id: Ic4bcd56aa65b981275c3d4214588bfc4de63b3b0
Steven Hardy [Wed, 9 Dec 2015 18:23:08 +0000 (18:23 +0000)]
Remove unsafe "unset" defaults
All of our sensitive parameters are defaulted to easily predictable
values, which is very bad from a security perspective because we don't
force clients to make sane choices thus risk deploying with the
predictable default values. tripleoclient supports generating random
values for all of these, so remove the defaults, for non-tripleoclient
usage we can create a developer-only environment with defaults.
Related-Bug: #
1516027
Change-Id: Ia0cf3b7e2de1aa42cf179cba195fb7770a1fc21c
Depends-On: Ifb34b43fdedc55ad220df358c3ccc31e3c2e7c14
Steven Hardy [Wed, 9 Dec 2015 17:57:39 +0000 (17:57 +0000)]
Remove deprecated overcloud-resource-registry.yaml
We recently removed all the templates this references
in I29e2a8f1b0c66f3cf88f40244d6da49f3d7420be
Change-Id: I599d18675d829935893d6bfb375f8f0d15e01197
Jenkins [Tue, 8 Dec 2015 21:27:04 +0000 (21:27 +0000)]
Merge "Remove Ceilometer Alarm from the overcloud"
Jenkins [Tue, 8 Dec 2015 12:21:45 +0000 (12:21 +0000)]
Merge "Change for configuring use_forwarded_for value for Nuage"
Emilien Macchi [Wed, 30 Sep 2015 15:08:48 +0000 (11:08 -0400)]
Implement Workers parameters
* For each OpenStack service, create a new parameter to change worker
number (default to 0 to keep default behavior)
* Use the parameter in Puppet configuration (Hiera) to configure the
services with the number of workers defined by the parameter.
Change-Id: Ic147bc9225aab48e94243a94a2189467829b8d55
Steven Hardy [Tue, 8 Dec 2015 10:28:08 +0000 (10:28 +0000)]
Enable per-role SchedulerHints
This adds a parameter for each role, where optional scheduler hints
may be passed to nova. One potential use-case for this is using
the ComputeCapabilities to pin deployment to a specific node (not
just a specific role/profile mapping to a pool of nodes like we
have currently documented in the ahc-match docs).
This could work as follows:
1. Tag a specific node as "node:controller-0" in Ironic:
ironic node-update <id> replace properties/capabilities='node:controller-0,boot_option:local'
2. Create a heat environment file which uses %index%
parameters:
ControllerSchedulerHints:
'capabilities:node': 'controller-%index%'
Change-Id: I79251dde719b4bb5c3b0cce90d0c9d1581ae66f2
Juan Antonio Osorio Robles [Wed, 25 Nov 2015 11:05:17 +0000 (13:05 +0200)]
Enable TLS in loadbalancer if cert path is detected
If there is a value for the certificate path (which should only happen
if the environment for enabling TLS is used) then the loadbalancer will
detect it and configure it's front ends correctly. On the other hand
a proper override for the example environment was given, since this
will be needed because we want to pass the hosts and protocols
correctly so the tripleoclient will catch it and pass it to
os-cloud-config
Change-Id: Ifba51495f0c99398291cfd29d10c04ec33b8fc34
Depends-On: Ie2428093b270ab8bc19fcb2130bb16a41ca0ce09
Jenkins [Mon, 7 Dec 2015 20:39:12 +0000 (20:39 +0000)]
Merge "Making nova parameters configurable for nuage-metadata-agent"
Jenkins [Mon, 7 Dec 2015 19:17:56 +0000 (19:17 +0000)]
Merge "Add option to add metadata for the overcloud nodes"
Lokesh Jain [Thu, 3 Dec 2015 19:22:30 +0000 (14:22 -0500)]
Change for configuring use_forwarded_for value for Nuage
Added a parameter to Nuage ExtraConfig template for setting
use_forwarded_for value required by Nuage metadata agent
Change-Id: I02c15311272126c5e530f118fbfb4a8f6e11a620
John Trowbridge [Fri, 4 Dec 2015 21:57:52 +0000 (16:57 -0500)]
Remove Ceilometer Alarm from the overcloud
The Ceilometer alarm service is no longer available
in Mitaka. It is replaced by Aodh.
Aodh support is added in a follow-up to this patch.
Partial-Bug:
1521922
Change-Id: I5babaab7029eaaccf3cc6f194b6c062fd62372cf
Backport: none
Jenkins [Mon, 7 Dec 2015 09:29:57 +0000 (09:29 +0000)]
Merge "Fix the wrong selinux context when glance uses nfs backend"
Rohit Pagedar [Wed, 14 Oct 2015 20:13:07 +0000 (16:13 -0400)]
Making nova parameters configurable for nuage-metadata-agent
Exposing 'instance_name_template' to be set via
extra config for nuage-metadata-agent to function
Making nova::api::admin_tenant_name
available on the compute node which is
required by nuage-metadata-agent service
Making KeystonePublicApiVirtualIP available
on the compute node, which is used by the
nuage-metadata-agent to build the auth-url
Change-Id: I9736015e18cebf32b07940bf559063b60085f2fb
Juan Antonio Osorio Robles [Fri, 4 Dec 2015 13:42:53 +0000 (15:42 +0200)]
Add output for host entries
For testing purposes it is useful to have an easy way to get the given
IPs for the nodes; since currently one would have to ssh to one of the
ndoes and actually fetch the entries from there.
This will facilitate testing when the keystone endpoints have been
changed for hostnames, as done in this CR:
https://review.openstack.org/#/c/238887
Change-Id: I9b9362192d7e97690ba23d02e74389225913adb9
Juan Antonio Osorio Robles [Fri, 4 Dec 2015 13:36:30 +0000 (15:36 +0200)]
Add option to add metadata for the overcloud nodes
Some Nova hooks might require custom properties/metadata set for the
servers deployed in the overcloud, and this would enable us to inject
such information.
For FreeIPA (IdM) integration, there is effectively a Nova hook that
requires such data.
Currently this inserts metadata for all servers, but a subsequent CR
will introduce per-role metadata. However, that was not added to this
because it will require the usage of map_merge. which will block those
changes to be backported. However, this one is not a problem in that
sense.
Change-Id: I98b15406525eda8dff704360d443590260430ff0
Code Review / apex-tripleo-heat-templates.git / log