Jenkins [Fri, 11 Aug 2017 19:07:26 +0000 (19:07 +0000)]
Merge "Add script to create tripleo-admin on deployed servers"
Jose Luis Franco Arza [Tue, 8 Aug 2017 14:19:20 +0000 (16:19 +0200)]
Correct gnocchi-upgrade command quotes
After merging commit 488796, single quotation marks
were missed. This causes the upgrade to fail as the
flag --sacks-number is considered a su command flag.
Also mounts Ceph config data into the container which
seems needed for the gnocchi-upgrade command when
configured to use Ceph.
Also move the gnocchi db sync to step 4, so ceph is
ready. Add a retry loop to ceilometer-upgrade cmd so
it doesnt fail while apache is restarted.
Closes-Bug: #
1709322
Change-Id: I62f3a5fa2d43a2cd579f72286661d503e9f08b90
Jenkins [Fri, 11 Aug 2017 17:55:43 +0000 (17:55 +0000)]
Merge "openstack-heat-templates: fix deprecation path"
Steven Hardy [Thu, 13 Jul 2017 12:40:48 +0000 (13:40 +0100)]
Consolidate puppet/docker deployments with one deploy steps workflow
If we consolidate these we can focus on one implementation (the new ansible
based one used for docker-steps)
Change-Id: Iec0ad2278d62040bf03613fc9556b199c6a80546
Depends-On: Ifa2afa915e0fee368fb2506c02de75bf5efe82d5
Steven Hardy [Tue, 11 Jul 2017 16:28:38 +0000 (17:28 +0100)]
Convert cephstorage-role.yaml to role.role.j2.yaml
Add some special-casing for backwards compatibility, such that the
CephStorage role can be rendered via j2 for support of composable networks.
Change-Id: Iee92bb6ee94963717d3a8ef400e7970f62576a0d
Partially-Implements: blueprint composable-networks
Steven Hardy [Tue, 11 Jul 2017 16:22:28 +0000 (17:22 +0100)]
Convert blockstorage-role.yaml to role.role.j2.yaml
Add some special-casing for backwards compatibility, such that the
BlockStorage role can be rendered via j2 for support of composable networks.
Change-Id: Ia5fb5ff6dbe218710e95a69583ac289cf7b4af9e
Partially-Implements: blueprint composable-networks
Steven Hardy [Tue, 11 Jul 2017 16:09:04 +0000 (17:09 +0100)]
Convert objectstorage-role.yaml to role.role.j2.yaml
Add some special-casing for backwards compatibility, such that the
ObjectStorage role can be rendered via j2 for support of composable networks.
Change-Id: I52abbefe2f5035059ccbed925990faab020c6c89
Partially-Implements: blueprint composable-networks
Steven Hardy [Tue, 11 Jul 2017 14:45:52 +0000 (15:45 +0100)]
Convert compute-role.yaml to role.role.j2.yaml
Add some special-casing for backwards compatibility, such that the
Compute role can be rendered via j2 for support of composable networks.
Change-Id: Ieee446583f77bb9423609d444c576788cf930121
Partially-Implements: blueprint composable-networks
Steven Hardy [Tue, 4 Jul 2017 17:20:10 +0000 (18:20 +0100)]
Convert controller-role.yaml to role.role.j2.yaml
Add deprecated role-specific parameters to role definition, in
order to special-case some parameters for backwards compatibility,
such that the Controller role can be rendered via j2 for support
of composable networks.
Co-Authored By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: I5983f03ae1b7f0b6add793914540b8ca405f9b2b
Partially-Implements: blueprint composable-networks
Juan Antonio Osorio Robles [Fri, 11 Aug 2017 08:46:49 +0000 (11:46 +0300)]
Internal TLS support for mongodb container
This bind mounts the necessary files for the mongodb container to serve
TLS in the internal network.
bp tls-via-certmonger-containers
Change-Id: Ieef2a456a397f7d5df368ddd5003273cb0bb7259
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Juan Antonio Osorio Robles [Fri, 11 Aug 2017 13:07:13 +0000 (16:07 +0300)]
TLS everywhere: Configure CA for mongodb
It wasn't being configured, thus making mongodb fail.
Change-Id: If0d7513aacfa74493a9747440fb97f915a77db84
Closes-Bug: #
1710162
Jenkins [Fri, 11 Aug 2017 12:02:30 +0000 (12:02 +0000)]
Merge "Move HAProxy's public TLS logic from controller to service template"
Jenkins [Fri, 11 Aug 2017 11:28:41 +0000 (11:28 +0000)]
Merge "Set virsh secret with an init step when using Ceph"
Jenkins [Fri, 11 Aug 2017 11:26:41 +0000 (11:26 +0000)]
Merge "Keep dynamic network creation backward compatible."
Juan Antonio Osorio Robles [Wed, 2 Aug 2017 06:58:46 +0000 (09:58 +0300)]
Enable TLS for nova api and placement containers
With these two services running over httpd in the containers, we can now
enable TLS for them.
bp tls-via-certmonger-containers
Change-Id: Ib8fc37a391e3b32feef0ac6492492c0088866d21
Juan Antonio Osorio Robles [Mon, 19 Jun 2017 12:21:15 +0000 (15:21 +0300)]
Make containerized nova-api run with httpd
The non-containerized version will run over httpd [1], and for the
containerized TLS work, it is needed in the container version as well.
[1] Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3
bp tls-via-certmonger-containers
Depends-On: I1c5f13039414f17312f91a5e0fd02019aa08e00e
Change-Id: I2c39a2957fd95dd261b5b8c4df5e66e00a68d2f7
Damien Ciabrini [Wed, 2 Aug 2017 10:13:48 +0000 (06:13 -0400)]
Enable TLS configuration for containerized Galera
In non-containerized deployments, Galera can be configured to use TLS
for gcomm group communication when enable_internal_tls is set to true.
Fix the metadata service definition and update the Kolla configuration
to make gcomm use TLS in containers, if configured.
bp tls-via-certmonger-containers
Change-Id: Ibead27be81910f946d64b8e5421bcc41210d7430
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Closes-Bug: #
1708135
Depends-On: If845baa7b0a437c28148c817b7f94d540ca15814
Juan Antonio Osorio Robles [Mon, 7 Aug 2017 11:25:38 +0000 (14:25 +0300)]
Move HAProxy's public TLS logic from controller to service template
This de-couples public TLS from controllers to now run wherever HAProxy
is deployed.
Partially-Implements: blueprint composable-networks
Change-Id: I9e84a25a363899acf103015527787bdd8248949f
Jenkins [Thu, 10 Aug 2017 21:49:55 +0000 (21:49 +0000)]
Merge "Noop controller pre and post config resources."
Jenkins [Thu, 10 Aug 2017 19:41:17 +0000 (19:41 +0000)]
Merge "Fix cidr get_attr in custom networks"
Jenkins [Thu, 10 Aug 2017 19:37:55 +0000 (19:37 +0000)]
Merge "Create parameters for haproxy TLS certs and keys"
Jiri Stransky [Thu, 10 Aug 2017 16:21:12 +0000 (18:21 +0200)]
Accept multiple registries in DockerInsecureRegistryAddress
We allow using multiple registries (e.g. for OpenStack vs. Ceph
container images). We should allow it also in the insecure registry
configuration.
Change-Id: Icf4a51baf2a230b3fa0d5ced0e9cd1983cd93fb0
Closes-Bug: #
1709310
Depends-On: I5cddd20a123a85516577bde1b793a30d43171285
Oliver Walsh [Thu, 10 Aug 2017 11:24:16 +0000 (12:24 +0100)]
Remove duplicate Iscsid service in resource registry
I forgot to remove the existing entry in
I11232fc412adcc18087928c281ba82546388376e.
Change-Id: I40b12e857dc40881f5fe9cf73963ac90caacb17d
Pranali Deore [Fri, 4 Aug 2017 11:39:16 +0000 (17:09 +0530)]
Mount NFS volume to docker container.
After creating glance image successfully, share location
was remaining empty because the NFS volume on controller was
not mounted to docker container.
Now, connecting NFS volume to the docker container.
Change-Id: Ib45f117cbbf2b7b2c0faf024e9a8b049c440d872
Closes-Bug:
1708629
Jenkins [Thu, 10 Aug 2017 04:32:32 +0000 (04:32 +0000)]
Merge "Docker/TLS everywhere: Add telemetry and neutron services to environment"
Damien Ciabrini [Mon, 7 Aug 2017 20:38:19 +0000 (20:38 +0000)]
Enable TLS configuration for containerized HAProxy
In non-containerized deployments, HAProxy can be configured to use TLS for
proxying internal services.
Fix the creation of the of the haproxy bundle resource to enable TLS when
configured. The keys and certs files are all passed as configuration files and
must be copied by Kolla at container startup.
For the time being, disable the use of the CRL file until we find a means
of restarting the containerized HAProxy service when that file expires.
Change-Id: If307e3357dccb7e96bdb80c9c06d66a09b55f3bd
Depends-On: I4b72739446c63f0f0ac9f859314a4d6746e20255
Closes-Bug: #
1709563
Jenkins [Wed, 9 Aug 2017 15:11:25 +0000 (15:11 +0000)]
Merge "Addition of Nuage as mechanism driver for ML2"
Giulio Fidente [Wed, 9 Aug 2017 10:13:46 +0000 (12:13 +0200)]
Set virsh secret with an init step when using Ceph
Run virsh secret-define and secret-set-value in an init step
instead of relying on the puppet-nova exec.
Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: Ic950e290af1c66d34b40791defbdf4f8afaa11da
Closes-Bug: #
1709583
Damien Ciabrini [Mon, 7 Aug 2017 20:39:52 +0000 (20:39 +0000)]
Enable TLS configuration for containerized RabbitMQ
In non-containerized deployments, RabbitMQ can be configured to use TLS for
serving and mirroring traffic.
Fix the creation of the rabbitmq bundle resource to enable TLS when configured.
The key and cert are passed as other configuration files and must be copied by
Kolla at container startup.
Change-Id: I8af63a1cb710e687a593505c0202d717842d5496
Depends-On: Ia64d79462de7012e5bceebf0ffe478a1cccdd6c9
Closes-Bug: #
1709558
Michele Baldessari [Thu, 15 Jun 2017 08:22:21 +0000 (10:22 +0200)]
Make network-isolation-v6 environment rendered for all roles
In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2
templating to render the networks. This change aims at doing so for the
IPv6 network isolation environment.
Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21
Jenkins [Wed, 9 Aug 2017 07:42:18 +0000 (07:42 +0000)]
Merge "Use number for KeystoneCronTokenFlushMaxDelay instead of string"
Jenkins [Wed, 9 Aug 2017 04:41:12 +0000 (04:41 +0000)]
Merge "Don't curl metadata server in userdata example"
Jenkins [Tue, 8 Aug 2017 21:53:34 +0000 (21:53 +0000)]
Merge "MariaDB: create clustercheck user at container bootstrap"
Michele Baldessari [Tue, 8 Aug 2017 19:27:48 +0000 (21:27 +0200)]
Make HA container bundle work on remote nodes
Right now when we deploy an HA bundle on a pacemaker remote node,
the deploy will fail due to the fact that the bundle includes
tripleo::profile::base::pacemaker which makes a call to
hiera('hacluster_pwd') which will fail on pcmk remote nodes.
While we could noop the profile on pcmk nodes, it's much simpler
to just make sure this hiera key exists on pcmk remote nodes.
Also make sure that pacemaker::corosync::manage_fw is set to false
on remote nodes, otherwise the mere inclusion of the pacemaker
profile will cause iptables-save to run in a container and thus failing.
Change-Id: I09b3e54a470cc2d600a701d23463962501c5c9d6
Giulio Fidente [Tue, 8 Aug 2017 19:00:30 +0000 (21:00 +0200)]
Fix cidr get_attr in custom networks
We were missing the square brackets around the list of arguments
for get_attr when building the networks cidr output.
This passed CI because Heat does not fail validation and Ceph (which
is consuming the cidr output) is tested with a single network (ctlplane)
which does not build the output using the same templates.
Change-Id: I40bba0784a30295cb0d4eda1fbff20ebac85db99
Closes-Bug: #
1709464
Sofer Athlan-Guyot [Tue, 8 Aug 2017 13:18:42 +0000 (15:18 +0200)]
Make cinder-manage db sync run on only one controller during upgrade
We got to ensure that the cinder-manage db sync is run on only one
controller.
Change-Id: I88a6aa4c49d893b95a26795fbfcf163a780fd0bc
Closes-Bug: #
1709315
Juan Antonio Osorio Robles [Tue, 8 Aug 2017 12:35:05 +0000 (12:35 +0000)]
Docker/TLS everywhere: Add telemetry and neutron services to environment
some resources were missing, so this syncs up what's working right now.
bp tls-via-certmonger-containers
Change-Id: Ic8fe20d0240f1ad8f18218d66634029d522d4d5a
Sofer Athlan-Guyot [Mon, 7 Aug 2017 14:04:08 +0000 (16:04 +0200)]
Keep dynamic network creation backward compatible.
We had an history mapping for InternalApi to InternalNetwork. If we
remove it then heat will want to destroy InternalNetwork and create
InternalApi which cannot work during upgrade.
This adds compat name parameters to network_data.yaml.
Closes-Bug: #
1709105
Change-Id: I8ce6419a5e13a13ee6e991db5ca2196763f52d7a
Jiri Stransky [Thu, 3 Aug 2017 12:23:27 +0000 (14:23 +0200)]
Add script to create tripleo-admin on deployed servers
When using deployed servers, we want to create a standard
tripleo-admin user for Mistral's ssh tasks (e.g. running Ansible on
overcloud). This script wraps the respective Mistral workflow.
Change-Id: I2de698b4aae07f74569243a9e7c1c56eb578e700
Related-Bug: #
1708180
Depends-On: Ibe8e54f7b38d8c6c8d944d2b13f0eed004c34c4c
Juan Antonio Osorio Robles [Mon, 7 Aug 2017 08:01:24 +0000 (11:01 +0300)]
Create parameters for haproxy TLS certs and keys
this removes the hardcoded paths for the haproxy certs and keys and will
enable re-use. We'll use this in a further commit in the containterized
TLS work.
Change-Id: I602e5a569e2e7e60835deb80532abcedd7a1f63d
Juan Antonio Osorio Robles [Fri, 4 Aug 2017 05:36:42 +0000 (08:36 +0300)]
Use number for KeystoneCronTokenFlushMaxDelay instead of string
Using a string results in an erroneous check in puppet-keystone, which
sets up a zero where it shouldn't. So we change it to number to avoid
that. Note that there will also be a puppet-keystone fix for this.
Changing the value here assures that deployers only give valid values to
this parameter.
Change-Id: I00823e23358df91ce54f421c12636f05d4196e15
Closes-Bug: #
1708584
Jenkins [Sat, 5 Aug 2017 16:22:56 +0000 (16:22 +0000)]
Merge "Add Telemetry services to scenario002"
Jenkins [Sat, 5 Aug 2017 15:22:56 +0000 (15:22 +0000)]
Merge "Start redis service after upgrade"
Jenkins [Fri, 4 Aug 2017 20:47:16 +0000 (20:47 +0000)]
Merge "Stop and disable openstack-nova-compute service on compute nodes"
Jenkins [Fri, 4 Aug 2017 20:47:07 +0000 (20:47 +0000)]
Merge "Run gnocchi upgrade with sacks in docker template"
Jenkins [Fri, 4 Aug 2017 14:04:44 +0000 (14:04 +0000)]
Merge "Change the directory for haproxy certs/keys to be service-specific"
Dan Sneddon [Fri, 21 Jul 2017 21:33:33 +0000 (14:33 -0700)]
Render VIPs dynamically based on network_data.yaml
This change modifies the templates to dynamically define the VIPs
based on network_data.yaml. If a network is defined and marked
with "vip: true" in network_data.yaml, it will be included in the
overcloud.yaml which defines the deployment-level resources.
This should make it possible to create custom networks and
use them for services which use high-availability through VIPs.
Also, extraconfig/nova_metadata/krb-service-pricipals.yaml
was modified to dynamically produce the FQDN map for VIPs on
isolated networks, to match overcloud.j2.yaml.
Depends-On: If074f87494a46305c990a0ea332c7b576d3c6ed8
Depends-On: Iab8aca2f1fcaba0c8f109717a4b3068f629c9aab
Partially-implements: blueprint composable-networks
Closes-bug:
1667104
Change-Id: I71339a6ac41133e95dbc3f93abb7a9fdeb0f2da0
Jenkins [Fri, 4 Aug 2017 13:20:11 +0000 (13:20 +0000)]
Merge "Copy scheduler configuration from service/ironic to services-docker/ironic"
Jenkins [Fri, 4 Aug 2017 12:31:57 +0000 (12:31 +0000)]
Merge "Fix up multipath docker indentation"
Juan Antonio Osorio Robles [Wed, 2 Aug 2017 07:27:15 +0000 (10:27 +0300)]
Change the directory for haproxy certs/keys to be service-specific
This moves the directories containing the certs/keys for haproxy one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.
bp tls-via-certmonger-containers
Depends-On: Iba3adb9464a755e67c6f87d1233b3affa8be565a
Change-Id: I73df8d442b361cb5ef4e343b4ea2a198a5b95da9
Jenkins [Fri, 4 Aug 2017 10:16:42 +0000 (10:16 +0000)]
Merge "Adds environment file for ODL + SRIOV"
Jenkins [Fri, 4 Aug 2017 06:33:48 +0000 (06:33 +0000)]
Merge "Changing the default port-binding configuration"
Pradeep Kilambi [Thu, 27 Jul 2017 13:53:59 +0000 (09:53 -0400)]
Update EventPipelinePublisher param description to include zaqar
Since we now support zaqar:// publisher, Enhance the description to indicate
how to set the zaqar publisher.
Change-Id: Ib7eba98d199fade2346620672e33b74686d4685b
Jenkins [Thu, 3 Aug 2017 21:53:09 +0000 (21:53 +0000)]
Merge "Make UpgradeLevelNovaCompute parameters consistent"
Jenkins [Thu, 3 Aug 2017 21:52:28 +0000 (21:52 +0000)]
Merge "Add environment for setting a custom domain name"
lokesh-jain [Thu, 15 Jun 2017 21:19:20 +0000 (17:19 -0400)]
Addition of Nuage as mechanism driver for ML2
Adding composable services for Nuage mechanism driver for ML2. This
is separate from Nuage as the core plugin and intentional duplication
of Nuage under puppet services. Parameters required for working of
Nuage as mechanism driver are also added.
Change-Id: I2b564610721152c4f4dab9da79442256ba8d0b33
Jenkins [Thu, 3 Aug 2017 17:59:45 +0000 (17:59 +0000)]
Merge "Update capabilities map to match latest environments"
Dan Prince [Thu, 3 Aug 2017 14:20:15 +0000 (10:20 -0400)]
Remove baremetal cron jobs on docker upgrade
Change-Id: I072a3f582cdb978187d14233ea1ba636d12a1293
Closes-bug: #
1708466
Jenkins [Thu, 3 Aug 2017 14:19:44 +0000 (14:19 +0000)]
Merge "Make many networking parameters consistent"
Marius Cornea [Wed, 2 Aug 2017 21:44:17 +0000 (23:44 +0200)]
Stop and disable openstack-nova-compute service on compute nodes
This change stops and disables the openstack-nova-compute service
on the compute nodes during the upgrade to the containers architecture.
Closes-bug:
1708371
Change-Id: I9ca909d4e91d0a0e4de15572f727f959d9185c64
Jenkins [Thu, 3 Aug 2017 06:46:16 +0000 (06:46 +0000)]
Merge "Fix CA file bind mounting in containers"
Jenkins [Thu, 3 Aug 2017 04:30:48 +0000 (04:30 +0000)]
Merge "Render isolated network templates using jinja2"
Jenkins [Thu, 3 Aug 2017 01:40:17 +0000 (01:40 +0000)]
Merge "Make RoleParameters and key_name descriptions consistent"
Jenkins [Thu, 3 Aug 2017 01:02:42 +0000 (01:02 +0000)]
Merge "Set redis password hiera value in compute agent"
Jenkins [Thu, 3 Aug 2017 01:02:35 +0000 (01:02 +0000)]
Merge "Cinder volume/backup containers shouldn't mount two paths at same point"
Jenkins [Thu, 3 Aug 2017 00:45:30 +0000 (00:45 +0000)]
Merge "Update TLS-everywhere docker environment"
Jenkins [Thu, 3 Aug 2017 00:44:41 +0000 (00:44 +0000)]
Merge "Fix keystone, cinder, heat-api cron containers"
Ben Nemec [Fri, 14 Jul 2017 20:36:56 +0000 (15:36 -0500)]
Make UpgradeLevelNovaCompute parameters consistent
There is logic in nova-base.yaml that depends on the default for
this parameter being '', and the nova-compute service only needs it
set to auto during upgrade. That will be done by [1] anyway, so it
doesn't matter what the default is. It's also not clear to me that
the nova-compute task is even needed now that we're post-Ocata, but
that's not a change I feel comfortable making.
1: https://github.com/openstack/tripleo-heat-templates/blob/master/environments/major-upgrade-composable-steps.yaml
Change-Id: Iccfcb5b68e406db1b942375803cfedbb929b4307
Partial-Bug:
1700664
Ben Nemec [Thu, 13 Jul 2017 18:14:51 +0000 (13:14 -0500)]
Make many networking parameters consistent
These are mostly the low hanging fruit that only required a few
minor changes to fix. There are more that require a lot of changes
or might be more controversial that will be done later.
Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62
Partial-Bug:
1700664
Ben Nemec [Tue, 27 Jun 2017 16:07:52 +0000 (11:07 -0500)]
Make RoleParameters and key_name descriptions consistent
The key_name default is ignored because the parameter is used in
some mutually exclusive environments where the default doesn't
need to be the same.
Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7
Partial-Bug:
1700664
Jenkins [Wed, 2 Aug 2017 21:04:45 +0000 (21:04 +0000)]
Merge "Fix ceilometer agent compute service name"
Pradeep Kilambi [Fri, 16 Jun 2017 13:11:43 +0000 (09:11 -0400)]
Add Telemetry services to scenario002
We need to test gnocchi with swift backend. So adding
telemetry to scenario002 job to cover that.
Change-Id: I284de61bbefac9e9b37390650016643ffe38b5cc
Pradeep Kilambi [Wed, 2 Aug 2017 19:52:29 +0000 (15:52 -0400)]
Start redis service after upgrade
We install redis if its not already there, but we should also
ensure redis service is started in the next step 4.
related to issues we're seeing in I284de61bbefac9e9b37390650016643ffe38b5cc
Change-Id: Ic01db53ea8669f14e87f6987045b2be5a3480024
Sébastien Han [Wed, 2 Aug 2017 14:20:18 +0000 (16:20 +0200)]
openstack-heat-templates: fix deprecation path
The right file is external-ceph.yaml, not ceph-external.yaml.
Change-Id: If21a4f183305f82916e1ef2aadb0706e7dab4657
Signed-off-by: Sébastien Han <seb@redhat.com>
Jiri Tomasek [Fri, 14 Jul 2017 09:12:44 +0000 (11:12 +0200)]
Update capabilities map to match latest environments
This change updates capabilities-map.yaml to properly map existing
environments
Closes-Bug:
1708159
Change-Id: I4104b6b59b3e9b19a06cdc233dae4f68fe033580
Michele Baldessari [Wed, 2 Aug 2017 09:55:23 +0000 (11:55 +0200)]
Fix up multipath docker indentation
Deploying a multipathd container gives the following error:
failed: [localhost] (item={'key': u'config_files', 'value': [{u'dest': u'/', u'merge': True, u'source':
u'/var/lib/kolla/config_files/src-iscsid/*', u'preserve_properties': True}]}) =>
{\"checksum\": \"
72ad81489381571c5043b7613f6828b06ae364bd\", \"failed\": true, \"item\":
{\"key\": \"config_files\", \"value\": [{\"dest\": \"/\", \"merge\": true, \"preserve_properties\": true,
\"source\": \"/var/lib/kolla/config_files/src-iscsid/*\"}]}, \"msg\": \"Destination directory does not exist\"}
The reason is the wrong indentation of the config_files key in the
multipath docker service.
Change-Id: I0e1fbb9eb188a903994b9e5da90ab4a6fb81f00a
Closes-Bug: #
1708129
Jenkins [Wed, 2 Aug 2017 05:11:22 +0000 (05:11 +0000)]
Merge "Fix iscsid role data's section"
John Fulton [Wed, 2 Aug 2017 02:54:56 +0000 (02:54 +0000)]
Cinder volume/backup containers shouldn't mount two paths at same point
Docker refuses to start the container because config_files/src-ceph:ro
is mounted at both /etc/ceph and config-data/puppet-generated/ceph.
The mount to /var/lib/config-data/puppet-generated/ceph should have
been removed in commit
ed0b77ff93a1a1e071d32f6a758e04c6d0b041ef.
Change-Id: I411b4764a54fc21e97e4c41a5fef00c7e6e2b64d
Closes-Bug: #
1707956
Jenkins [Wed, 2 Aug 2017 01:35:47 +0000 (01:35 +0000)]
Merge "Fix network-isolation.j2.yaml to ignore VIPs for disabled networks"
Jenkins [Wed, 2 Aug 2017 01:30:11 +0000 (01:30 +0000)]
Merge "Remove empty metadata_settings from iscsid and multipathd templates"
Jenkins [Wed, 2 Aug 2017 01:29:22 +0000 (01:29 +0000)]
Merge "Adds stop and disable for libvirtd on upgrade to containers"
Pradeep Kilambi [Wed, 26 Jul 2017 15:18:40 +0000 (11:18 -0400)]
Set redis password hiera value in compute agent
Without this config defaults to undef in containers
Change-Id: Id47f365364e7b0d399de92995871b136550cd625
Pradeep Kilambi [Mon, 24 Jul 2017 19:26:47 +0000 (15:26 -0400)]
Fix ceilometer agent compute service name
Make sure this matches whats in roles_data.yaml
Change-Id: Id41c457914f557af7c9ec195c4c6f98669523ac1
Jenkins [Tue, 1 Aug 2017 20:00:18 +0000 (20:00 +0000)]
Merge "Generate MySQL client config if service requires database"
Pradeep Kilambi [Fri, 28 Jul 2017 21:03:02 +0000 (17:03 -0400)]
Run gnocchi upgrade with sacks in docker template
Without this gnocchi is not initializing the sacks like puppet does
and gnocchi containers dont respond properly.
Change-Id: I2c53b00793f99420fd12ccc0b5646cf21d528e46
Jenkins [Tue, 1 Aug 2017 17:20:06 +0000 (17:20 +0000)]
Merge "Add missing metadata_settings from docker services"
marios [Tue, 1 Aug 2017 14:24:18 +0000 (17:24 +0300)]
Adds stop and disable for libvirtd on upgrade to containers
Adds this into the tripleo_upgrade_node.sh executed by the
operator for the major upgrade see the bug for more info
Change-Id: Ic54b48b149594e8ea08e95152111bcdaf7b252b7
Closes-Bug:
1707926
Dan Prince [Mon, 31 Jul 2017 21:49:24 +0000 (17:49 -0400)]
Fix keystone, cinder, heat-api cron containers
The cron containers need to run as root in order to create PID files
correctly.
Additionally, the keystone_cron container was misconfigured to
use /usr/bin/cron instead of the correct /usr/bin/crond.
Additionally we have an issue where the Kolla keystone container has
hard coded ARGS for the docker container which causes -DFOREGROUND
(an Apache specific argument) to get appended onto the kolla_start
command thus causing crond to fail to startup correctly. This
works around the issue by overriding the command and calling
kolla_set_configs manually. Once we fix this in Kolla we can
revisit this.
Change-Id: Ib8fb2bef9a3bb89131265051e9ea304525b58374
Related-bug:
1707785
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 07:01:54 +0000 (07:01 +0000)]
Fix CA file bind mounting in containers
The syntax was wrong and wasn't actually bind mounting the CA file.
This fixes it.
Change-Id: Icfa2118ccd2a32fdc3d1af27e3e3ee02bdfbb13b
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 05:54:05 +0000 (08:54 +0300)]
Update TLS-everywhere docker environment
Some resources have changed. So the environment needed syncing
Change-Id: I9aa310ae80edfccd3ed28e67a431aad6e1ed8a7f
Juan Antonio Osorio Robles [Tue, 1 Aug 2017 05:42:33 +0000 (08:42 +0300)]
Remove empty metadata_settings from iscsid and multipathd templates
metadata_settings is meant to have a specific format or be completely
absent. Unfortunately the hook [1] doesn't an empty value for this. So
we remove it as an easy fix before figuring out how to add such a
functionality to the hook.
[1] https://github.com/openstack/tripleo-heat-templates/blob/master/extraconfig/nova_metadata/krb-service-principals.yaml
Co-Authored-By: Thomas Herve <therve@redhat.com>
Change-Id: Ieac62a8076e421b5c4843a3cbe1c8fa9e3825b38
Jenkins [Mon, 31 Jul 2017 19:32:47 +0000 (19:32 +0000)]
Merge "Enable Dpdk after rebooting with Hugepages for OvS2.7"
Damien Ciabrini [Fri, 28 Jul 2017 16:13:53 +0000 (12:13 -0400)]
MariaDB: create clustercheck user at container bootstrap
In HA overclouds, the helper script clustercheck is called by HAProxy to poll
the state of the galera cluster. Make sure that a dedicated clustercheck user
is created at deployment, like it is currently done in Ocata.
The creation of the clustercheck user happens on all controller nodes, right
after the database creation. This way, it does not need to wait for the galera
cluster to be up and running.
Partial-Bug: #
1707683
Change-Id: If8e0b3f9e4f317fde5328e71115aab87a5fa655f
Jenkins [Mon, 31 Jul 2017 15:26:54 +0000 (15:26 +0000)]
Merge "Fix creation of iptables rules for non-HA containerized HAproxy"
Juan Antonio Osorio Robles [Mon, 31 Jul 2017 15:22:44 +0000 (18:22 +0300)]
Add missing metadata_settings from docker services
These are needed for the TLS everywhere bits.
Change-Id: I81fcf453fc1aaa2545e0ed24013f0f13b240a102
Jenkins [Mon, 31 Jul 2017 14:23:06 +0000 (14:23 +0000)]
Merge "Add 'ovn-controller' service"
Dmitry Tantsur [Mon, 31 Jul 2017 13:47:23 +0000 (15:47 +0200)]
Copy scheduler configuration from service/ironic to services-docker/ironic
That was missed back then. Without it bug
1697724 is not fixed for containers.
Change-Id: Ie859f10129cbdeebd9ea4522510768cec99a1df3
Related-Bug: #
1697724
Saravanan KR [Fri, 14 Jul 2017 04:11:28 +0000 (09:41 +0530)]
Enable Dpdk after rebooting with Hugepages for OvS2.7
With OvS2.7, DPDK is initialized immediately after setting
dpdk-init flag. DPDK requires hugepages configuration to be
available on kernel args with a reboot. This patch reboots
the node after applying the kernel args. And once the node
is rebooted, DPDK will be enabled and then the deployment
continues.
Change-Id: Ide442e09c2bea56a38399247de588e63b4272326
Jenkins [Sat, 29 Jul 2017 00:59:17 +0000 (00:59 +0000)]
Merge "add lbaasv2 to NeutronServicePlugins in octavia containers"
Jenkins [Fri, 28 Jul 2017 15:57:33 +0000 (15:57 +0000)]
Merge "Also log docker-puppet.py puppet output to console"
Code Review / apex-tripleo-heat-templates.git / log