This patch properly enables or disables Ceilometer, general
OpenStack and Swift deployment properly.
For the moment the containers will still be created, but
none of the related software will be installed, configured
or tested.
A fix to limit the containers created will be implemented
after a revision of the haproxy playbook/role to accommodate
this is implemented.
Closes-Bug: #1485945
Implements: blueprint split-aio-gates
Change-Id: Ia6657a02a6d1c53a4d76d7a17f74748ec9d2a2ee
This patch updates all git SHA's to the current head of
the appropriate branches.
This patch includes the upstream fix for CVE-2015-5163:
- https://review.openstack.org/212567
This patch removes the configuration for the cryptography
repository as they have now released tag 1.0 which contains
the SHA we required for fernet tokens to work.
Change-Id: Iaab3a9d1007ccae6d51942fe045e274b7a518e9f
Closes-Bug: #1484766
This patch enables debug logging for all OpenStack services
in the gate checks to ensure that the maximum amount of
information is available for debugging gate check failures.
Change-Id: Ide583fa6dc06008641bbc10b1abcaa816e662337
Closes-Bug: #1482572
The will now run flake8 on all Python files and bashate on all shell
scripts. Right now I'm ignoring the bashate errors, since there were so
many of them. Follow up patches will start fixing those issues.
A few Python files had minor modifications to pass flake8.
Change-Id: I5f773eb6ea9f1311aa045951ff9bdad16cca6491
Previously, we simply checked $? which at that point would be the exit
status of echo, not openstack-ansible. By recording the actual
openstack-ansible exit status, we can properly report failures of the
upgrade script.
Closes-bug: 1480342
Change-Id: Icf43bea84660e4160a2dfcdb4ac93055340b3573
(cherry picked from commit 8a106d184a566f1baed616aee7747d5f2d581c1b)
This patch adds irqbalance to the apt package list to resolve
the issue where a deployer may not have the package installed
in their base OS deployment.
Change-Id: I968c483fd6eb926f32d55b3761574a6d3c3139b9
Closes-Bug: #1482146
(cherry picked from commit 64f7af7e552a0df1ec613d70a44f36b90497adb5)
When running in an AIO environment, we need to drop an iptables rule to
ensure that communication between instances and the neutron metadata
service works.
Change-Id: Icc081fe83712ce883baa88f99db60c52dcc4c1ae
Closes-Bug: #1483603
Installs must have either the repo-infra_hosts list, or the
openstack_repo_url defined. Otherwise, greenfield installations
following our installation docs will fail.
Change-Id: I116040302e846530895836dd8aab9d4136b110af
Closes-Bug: #1475000
In env.d/cinder.yml there is is_metal:true.
But there was no mention of it in the documentation.
Therefore, if an user wants to use a cinder volume container with
netapp/ceph/whatever, the container will be (by default)
considered as metal.
This should be documented somewhere.
Change-Id: I65e9d0654d50d8c8825f858e89fdf4595134dddb
This commit adds the following new variables to customise whether nova
will allow key/partition/password injection:
nova_libvirt_inject_key
nova_libvirt_inject_partition
nova_libvirt_inject_password
Additionally, the following variable has been added to allow setting
password via Horizon:
horizon_can_set_password
Lastly, password injection can now be tested with tempest via:
tempest_compute_change_password
Note that all variables have been defaulted to their current values.
Closes-Bug: #1469238
Change-Id: Iff434ed7c042f7990990485c34d0f35b9a7baa7a
This change removes the forced use of config drive to ensure that a user
can choose to use config drive as needed. This adds ability to
disable/enable config drive and allows libvirt to listen for connections
on tcp as needed for live migrations (prohibited otherwise by config drive).
The following new variables were added to os_nova role:
nova_force_config_drive
nova_libvirtd_listen_tls: 1
nova_libvirtd_listen_tcp: 0
nova_libvirtd_auth_tcp: sasl
Change-Id: I1de35a4b3611b8bc33a21930dae3fd38f9aaa151
Closes-Bug: #1468514
DocImpact
Update all branches to Liberty-2.
Also, as of Change ID I3823900bc5aaf7757c37edb804027cf4d9c757ab
the new neutron releases have a new db upgrade and stamp process
in order for these version to be rev'd we need to incorporate
those change. As such the neutron_db_setup.yml has been updated
along with the neutron `neutron_db_revision` default variable.
Change-Id: Icfb75d377498e288e67be1a8bc049b42d8aa57b1
This gets rid of the warning message saying that nothing is actually
linking to the document.
To get rid of the chicken-egg problem:
The -infra templated job for docs requires that a venv be created using
tox. It will actually run this command to build the documentation:
tox -evenv -- python setup.py build_sphinx
Change-Id: I0f03ad6efe2a997c9cecac6240e1e8be8e85ccf6
Add the ability to enable the resume_guests_state_on_host_boot flag in
nova.conf to start guests that were running before the host rebooted.
Change-Id: I7365d972dc7e41a46b340396a73518b1da918f05
Closes-Bug: 1483246
With cinder_volumes we were creating a specific udev device, this will
fail to mount if lxc.autodev=1. This should only be required when lvm is
a backend for the cinder_volumes container.
We can specify lxc.autodev=0 for cinder_volumes containers. To do this
properly we first check if lvm is in use. We can also use this to ensure
that redundant "lvm" configuration isn't setup on volumes hosts with no
lvm backend.
Additionally this will fix the formatting on the "udev" lxc.mount.entry
as it was adding additional spaces.
Change-Id: Iabe72003ebcfefe11d360131fdde64ca4b21a192
Closes-Bug: #1483650
This replaces the example provided in the keystone defaults
with something more familiar to Microsoft Systems Engineers.
Change-Id: I6c5e13a78a0bb23eef0a86b1a07353a98e793cca
Implements: blueprint keystone-sp-adfs-idp
Neutron now uses ebtables as an extra security layer for ARP
spoof filtering. This patch adds the ebtables package and
rootwrap to the neutron role to ensure that the agent is able
to use this subsystem. Without it the networking from the
instances to the L3 router will fail.
Co-Authored-By: Evan Callicoat <diopter@gmail.com>
Closes-Bug: #1482756
Change-Id: Ibc960564a3acfbb10cfbc3cfe0ad60d3366d2443
Enacting the log link creation and the ansible.cfg change has
resulted in polluted patch reviews by developers making use of
AIO's for dev/test purposes.
This patch moves the Ansible logging changes to the
gate-check-script only as that's the only time that it's
actually required.
Change-Id: I4a1accad94ae153bf363b53fda0905e814c15173
Closes-Bug: #1479824
This patch does the following:
1. Introduces two new Keystone variables which are useful for
debugging the Keystone service. The values are defaulted
to the same values as before the patch.
- keystone_wsgi_processes: number of wsgi processes to run
- keystone_wsgi_threads: number of wsgi threads to run
4. Moves the keystone service and admin processes into their
own wsgi groups for better isolation.
5. Sets each wsgi process to run under the keystone group.
6. Bring the configuration file in line with the upstream
recommended configuration as at 4 Aug 2015 in order to
overcome import race conditions.
Change-Id: I861d1ef233dd6121452dc0e9e590d2d9f9b7973e
Closes-Bug: #1481339
This patch adds a small script that automates the process of accessing a
service provider (SP) cloud using credentials from a identity provider
cloud (IdP), where both clouds use Keystone based authentication. The
script performs the complete authentication flow and displays the token
and endpoints to use with the openstack command line client.
Implements: blueprint keystone-federation
Change-Id: I4b8113d0aef9c754fb55497d44138df660332bb8
An ADFS v3.0 (Windows 2012 R2) Identity Provider is capable of
interacting via SAML2 to the Service provider, so there is no
special configuration over and above the same as required from
the TestShib/Keystone IdP.
This patch adds a sample configuration to the defaults file.
DocImpact
Implements: blueprint keystone-sp-adfs-idp
Change-Id: I37728e618d4624699a00f4ecfbb8cab0745e9e52
This patch adds a sha256sum verification to the lxc cache file
download task and also sets the task to retry.
Change-Id: Ie6342c1ee004a3d2de2256408361259d2fb47f1b
Closes-Bug: #1482091
(cherry picked from commit 0ccf11eeddaad8b8f4b53e3a7cf3f33f81d208ee)