This patch updates all the roles to the latest available stable
SHA's, updates all the OpenStack Service SHA's and also updates
the appropriate python requirements pins.
Note that 'ceilometer_api' has been removed from the standard
tempest testing in the integrated build as the tests have been
removed from the tempest repository with
I0775bcc15dc9cbae6e075fe92f44b5f6c9b9d5d2
The ceilometer testing will have to be re-introduced using the
tempest plugin framework.
Change-Id: Iea7e4213893fb331c410c2d09e3258493f4643f3
This commit adds the nova-powervm repo url to support
PowerVM Virt Driver function.
Partially-Implements: blueprint powervm-virt-driver
Change-Id: I46f304f059c7ad3130c479d712bfe1cf70d41abb
os_swift role has been updated to work w/ a more recent version of
swift, without this bump swift services do not start correctly.
This change is necessary to unblock the current openstack-ansible
gate failures.
Change-Id: I25b25f98c809f46d8b7265dcf0dad0a30959e2fd
This patch adds the initial support for the ironic role in
openstack-ansible, but leaves ironic unconfigured and not
installed by default.
Configuration, including Nova configuration, will be addressed in
subsequent patches.
Change-Id: Id9f01deb5c46ee2186b9c41c7f88205560b5f437
Depends-On: Ide66c7ee59192ac441ac2919028eca0ad665ceea
Depends-On: I590f5ade90b3e37af7f1b8ee333000d4f993f8c5
Partially-implements: blueprint role-ironic
Signed-off-by: Michael Davies <michael@the-davies.net>
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch sets all role requirements to use 'master' and OpenStack SHA's
to the latest SHA's from the master branches.
Change-Id: I519ac4ab034287f6eea2209d2a806c120635762f
This patch includes updates of all SHA's and pip, wheel and setuptools
pins.
Due to Bug #1561947, the backend glance store has been changed from swift
to file in the AIO gate. This has been done becuase the glance store project
has an issue with session that causes it to be incompatible with swift. Being
that the master integration gate is depending on this change to go it is
needed to temporarily disable the swift image store in glance until this issue
is fixed.
The branch updater sciprt was modified to search for and update roles if they're
found within the default or user provided role path. This change is resolving
bash errors that happen when the script is run in mitaka+.
Related-Bug: 1561947
Change-Id: I2e09e3e0abb61f5e97e2af7b283f0aed6dadd853
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change adds in the nova_api db migration that has to happen
within mitaka. This is a new required DB though the DB entry has
existed since Kilo.
Change:
* The SHA was moved forward to the new version of nova to support
this change. This was done independently of the rest of the stack
to ensure functionality of this new DB.
* An entry was added to the secrets file to support a new db user
and password.
* The requirements repo was rev'd forward to support the new
requirements within nova.
Depends-On: If63b541bfaf91333ac5963d391e6058ac8254eec
UpgradeImpact
Change-Id: I711018f4f1f27d667a3dda94a01dc76616f98f4c
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The git source for python2_lxc was necessary before the package was
available on pypi, which it now is:
- https://pypi.python.org/pypi/lxc-python2
This patch removes the py_from_git role dependency from the
lxc_hosts playbook, the role from the required roles list and the
repo details from the repo_packages as none of these are required.
Change-Id: Ia32665c9507b3a80096b201067f5329a1c3533fb
This patch does the following:
- updates the Master SHAs for new development work.
- includes updates to policy, paste and rootwrap files as required
- moves the Aodh repository to openstack_services as it now has
implemented a stable branch
- Updated the keystone-wsgi file as it was still running the code from
liberty
- add 2 package requirements to keystone which must be present for the
new wsgi file.
- updates tempest.conf.j2 to replace ssh_auth_method with auth_method,
and change auth_method to 'keypair' (configured is no longer an
a valid option)
Change-Id: I933c24c03518865d9d40519dafb2ba46769a5453
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The py_pkgs lookup plugin will now handle multiple sources. This change
was needed to enable the system to allow for overrides of repo_package
resources and general python packaging as found throughout the stack.
The module has precedence as it loads / searches for packages and he item
loaded last is the one that has the most precedence.
The repo-build play has been updated to now search for compatible packages
in the main playbook directory, the root ansible role directory and the
user_variables file.
Documentation has been added regarding this capability and how to override
and set items to meet the needs of the deployment.
Closes-Bug: #1510575
Implements: blueprint independent-role-repositories
Change-Id: Ib7cda14db18c0ca58bb5ac495d1c201812cf0f48
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch updates the Master SHA's for new development work, and
removes the oslo.messaging 2.6.0 block as this is now done upstream.
Change-Id: I3a1c13b5a3e5a970a8c4380320133d6947c1938c
Closes-Bug: #1505295
The alarming function of Telemetry has been seperated out
by design. This patchset creates new containers for these
alarming services and deploys them accordingly.
See:
http://lists.openstack.org/pipermail/openstack-dev/2015-September/073897.html
DocImpact
UpgradeImpact
Implements: blueprint liberty-release
Change-Id: I25294a25afa76d4d8bddad0a51c48485f33a6d20
This patch updates the nova and tempest SHA's to address more issues
found in Liberty testing.
It also removes the git-based pin for django-openstack-auth and
instead implements a lower cap for the package which includes the
appropriate fix.
Change-Id: Ib30e02dbc681d4a6005c864f0b4ccfbb604de812
Closes-Bug: #1497679
'ws://' is currently hardcoded within the spice_auto.html file included
in the packaged release of spice-html5, raising a security error when
accessing consoles over HTTPS.
Remove the existing apt package and install spice-html5 from source
instead since this issue has been corrected as of spice-html5-0.1.6.
Change-Id: Ie308a477143037963f903f2ac21b2b1f0328fcb3
Partial-Bug: #1424797
This change adds in support for the novnc console type in Nova.
* The change adds in a few new variables to the defaults which allow
for the novnc console to be configued.
* A port entry was added to haproxy to support the console type.
* noVNC is being installed from source in the nova_console container.
The git repo has been added to the openstack_other.yml repo-package file
which allows for the repo to be cloned into the repo containers and then
distributed out where needed from within the environment.
Closes-Bug: 1428833
Change-Id: I221557aad77bf266b4e2fae23007ffa210aa1f75
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This also addresses an issue in the openstackclient where the tagged
version has a neutron client version dependency which is unresolvable
without the client entry being presnet to allow the repo infra to
index the requirements.
Version 2.0.0 of the django openstack auth package was recently
released and causes session backed with mysql for horizon to fail a
DB sync.
Change-Id: Icd18f77e2b1525d4769c3df604030e7aa73917f3
This patch updates the OpenStack service SHA's to the Liberty-3
milestone in order to finalise testing and configuration
adjustments before the release of Liberty.
Change-Id: I30291da03c8293518fe81be121079fc52af55020
This patch removes all SHA specifications for the OpenStack clients
so that any client requirement versions are determined solely from
the requirements of the OpenStack service and Global requirements
files.
This resolves issues where the client versions we carry are
incompatible with the services, resulting in unexpected failures.
The Tempest SHA configuration is moved into openstack_other so that
it can be addressed seperately when updating the SHA's. This will
be useful when master is branched to become liberty and all the
OpenStack services start to track an upstream stable/liberty branch.
The Global Requirements SHA configuration is shifted to
openstack_services for a similar reason. It will track an upstream
stable/liberty branch with all the openstack services.
Change-Id: I8f90389d22d2581814c4c62cfd37d0a4405bfd30
We're seeing some neutron db sync failures in master branch (liberty).
It looks like there may be a few issues with the way we're handling
migrations:
1. We're not capturing the correct information in the 'Check last DB
revision' task as the first line returned by 'neutron-db-manage
history' is a header (this also means that the 'Inspect on disk
neutron DB revision' task will never do what we intend).
2. We delegate 'Check last DB revision' to 'neutron_all' group, but in
an ideal world this is probably only necessary on 'neutron_server'.
3. When stopping neutron server to run 'Perform a Neutron DB Upgrade',
we're only stopping it on groups['neutron_server'][0], while all
other neutron server containers are up servicing requests.
4. Perform a db stamp, which doesn't appear to be necessary.
This change makes the following changes:
1. Bumps neutron SHA to include 43c00a9, which introduces new
--expand / --contract upgrade options (otherwise, you have to
specify liberty_expand@head / liberty_contract@head which may no
longer work when neutron gets bumped in the future)
2. Checks if migrations have previously run, and if not runs a
'neutron-db-manage upgrade heads'
3. If migrations have previously run:
a) it runs an online migration against expand alembic branch using
'neutron-db-manage upgrade --expand'.
b) it stops all neutron-server services
c) it runs an offline migration against contract alembic branch
using 'neutron-db-manage upgrade --contract'
d) it starts all neutron-server instances
4. It removes the temporary pin introduced in
https://review.openstack.org/218572 as the SHA bump includes the
upstream fix https://review.openstack.org/218723
TODO: Currently, we upgrade expand and contract branches (shutting down
neutron-server in the proceses), even if there are no pending
migrations. We need to find a clean way to check what migration
we are on and compare to alembic HEADS file to see if we're up to
date. Unfortunately, 'neutron-db-manage current' doesn't indicate
which migration is in which alembic branch, so you would have to
further grep for each migration in the neutron migrations code to
determine the branch.
NOTE: Liberty introduces the split alembic branches for online/offline
migrations, see [1] for more information.
[1] http://docs.openstack.org/developer/neutron/devref/alembic_migrations.html
Change-Id: I1176b5fe12cad1ee732486ae179e76deea5623e1
Closes-Bug: #1486593
This commit updates ceilometer_git_repo to use git.openstack.org rather
than github.com, which is what all other OpenStack services are using.
Change-Id: I2096ea74e81c4c50da51394512ccdaa66b958555
This patch updates all git SHA's to the current head of
the appropriate branches.
This patch includes the upstream fix for CVE-2015-5163:
- https://review.openstack.org/212567
This patch removes the configuration for the cryptography
repository as they have now released tag 1.0 which contains
the SHA we required for fernet tokens to work.
Change-Id: Iaab3a9d1007ccae6d51942fe045e274b7a518e9f
Closes-Bug: #1484766
Update all branches to Liberty-2.
Also, as of Change ID I3823900bc5aaf7757c37edb804027cf4d9c757ab
the new neutron releases have a new db upgrade and stamp process
in order for these version to be rev'd we need to incorporate
those change. As such the neutron_db_setup.yml has been updated
along with the neutron `neutron_db_revision` default variable.
Change-Id: Icfb75d377498e288e67be1a8bc049b42d8aa57b1
This patch removes the unused python clients from the tempest
role and the openstack_clients in the repo as these projects
may introduce incompatible requirements to the projects we
deploy and support.
Change-Id: I2d412dea8d91c94fc4ff9a5f64c19ae9c44fed8e
Closes-Bug: #1482260
This patch implements the implement-ceilometer blueprint.
It addes the necessary role/variables to deploy ceilometer
with a Mongodb backend. The Monogdb backend is assumed to
be up and configured and the playbooks only require a few
values to be set in user_variables to establish a connection.
Change-Id: I2164a1f27f632ce254cc2711ada2c449a9961fed
Implements: blueprint implement-ceilometer
github.com's repos are a mirror of the openstack.org primary repos.
We should use the openstack.org ones.
Change-Id: Id2bae517c7972b8553b63b92dccffa8d32231f3f
This change updates the way that the packages are installed in an
isolated deployment. This ensures that our build packages are used
within the deployment while also allowing temptest to go online and
consume upstream packages from pypi. Additionally this updates
tempest-lib which is needed to make keystone w/ fernet tokens go as
there is an upstream issues with date timestamps with all versions
of tempest-lib that will prohibit the use of fernet tokens.
Change-Id: Ia479610b9ab69d64d1de756099d840b2ab331378
Related-Bug: #1466010
This change adds a number of new tasks that are dependent on the value
of the Keystone token provider (keystone_token_provider) user variable.
If the keystone_token_provider user_variable is set to
keystone.token.providers.fernet.Provider then the playbooks will
appropriately create the fernet keys and distribute them to the rest of
the keystone containers.
This also implements key rotation for generated fernet keys similar to
how the os_nova roles implement key rotation.
Finally, we also need to build cryptography from master for now.
Currently, 0.8.x and 0.9.x use versions of cffi<1.0 which causes a bug
when used with mod_wsgi and Apache. This is fixed in cryptography master
and will be released in 1.0.
Closes-bug: 1463569
Change-Id: I8605e0490a8889d57c6b1b7e03e078fb0da978ab
This change makes it possible for OSAD to instruct yaprt to NEVER
do anything with tempest and the requirements that are being
brought with the requirements that can cause issues with un-versioned
requirements. This flag simply instructs yaprt to index the repo
as a item in the report but in this case absolutely no requirements
will be indexed or built for tempest.
This was done because tempest does not version anything and its
forward movement makes it impossible to maintain a consistent stack
and for our purposes, we install tempest in a venv using an isolated
install so none of these tempest requirements are necessary for us
to have to deal with.
Change-Id: I619300352efe50828fc34ee1ded96e13a43522cd
Closes-Bug: #1466010
The extraroute plugin has been incorporated into the heat project,
it is not installed separately anymore.
Change-Id: Ieea909fbdc4dd5f72b52e8ace257e59173cf2eee
The building of heat_repo_plugins was disabled while upstream heat
sorted out issues w/ the contrib packages and pbr >= 0.11.0. The
upstream fix has since gone in (see
https://review.openstack.org/#/c/179671/) so we can now continue to
build heat_repo_plugins as we were prior to pbr 0.11.0 dropping.
NOTE: heat SHA has been bumped to include the commit in review 179671.
Closes-Bug: #1453864
Change-Id: Ibeffd38fc3229ab4effc95ef256ce8af3a6ffc9f
This change updates all of the sha's throughout the stack to the
latest sha within the master branch.
Change-Id: I7cbcc6ed351a85c198386af866a8693f618bdbbd
This change will make it so that the specific versions of OpenStack
package sources can be overridden using hostvars and or a
user_variable. This should assist in the developer case where various
versions of things may be desirable.
Change-Id: I30d84ee6840f224a7687179c522e6e9c38ec58a4