Commit Graph

1149 Commits

Author SHA1 Message Date
Julie Pichon
b140cf180b Update UI language list
Change-Id: I848b3cc747f1be06aeda57ba15d4ec557c23ad46
Depends-On: Idf3d82058d87d9c8a3b6d8973d5166043dad2252
2017-04-11 12:07:35 +01:00
Jenkins
b10fa039b3 Merge "Add registry_mirror to base::docker profile" 2017-04-11 06:10:03 +00:00
Jenkins
dc6eedcb50 Merge "Use docker profile in docker_registry" 2017-04-11 02:25:15 +00:00
Jenkins
f808cfa65a Merge "Move etcd to step 2" 2017-04-10 13:45:40 +00:00
Dan Prince
936aece1de Add registry_mirror to base::docker profile
This patch adds a new registry_mirror option to help
configure /etc/docker/daemon.json so that we can make use
of HTTP docker mirrors within upstream TripleO CI (infra).

Change-Id: I4b966e9b9b174ca5a6f57974185e0149ea12f232
2017-04-08 08:48:01 -04:00
Dan Prince
2ec381a475 Use docker profile in docker_registry
The docker_registry profile has resources to configure
the docker service and package. These conflict with the
entries in the tripleo::profile::base::docker class which
exists specifically to manage these resources (and has
unit tests).

This patch removes the duplicate resources and updates
the docker_registry profile to simply include the
base docker profile instead.

This instack-undercloud change below needs to land first.
Depends-On: I6154f4c7435b02b92f6f64687e9ee89d6b86186a

Change-Id: I75c740e7efc6662861c28caeb7fa965ba55438cb
2017-04-07 16:27:03 -04:00
Jenkins
b8a11a5d80 Merge "Adding listen_options for Contrail Webui https in haproxy" 2017-04-07 18:45:48 +00:00
Jenkins
ffed067dbf Merge "TLS-everywhere: Add resources for libvirt's cert for live migration" 2017-04-07 18:45:43 +00:00
Jenkins
cad6c62fee Merge "Stop including ironic::drivers::ssh in the ironic-conductor profile" 2017-04-07 18:45:18 +00:00
Jenkins
02a50caf4e Merge "Enable creation of keystone domain when ldap backends are created" 2017-04-07 18:05:40 +00:00
Jenkins
fc7067761f Merge "syntax error extra comma in rabbitmq.pp" 2017-04-07 17:43:57 +00:00
Jenkins
31a065dd58 Merge "Add networking-vpp ML2 mechanism driver support" 2017-04-07 17:32:58 +00:00
Jenkins
d8273a4860 Merge "Add missing octavia auth include to keystone manifest" 2017-04-07 14:44:50 +00:00
Jenkins
a9b9392c45 Merge "Make galera-ready exec refreshonly" 2017-04-07 13:50:18 +00:00
Jon Schlueter
33e0fe959d syntax error extra comma in rabbitmq.pp
bundle rake syntax

Could not parse for environment *root*: Syntax error at ')'; expected '}'

Change-Id: Idfb254df068b3d7342a6ea3c71dabd1316a61bdf
2017-04-07 07:32:39 -04:00
Dmitry Tantsur
ac5445fb7f Stop including ironic::drivers::ssh in the ironic-conductor profile
The SSH drivers are deprecated, pxe_ipmitool + virtualbmc should be used instead.
This is a follow-up to blueprint switch-to-virtualbmc.

Change-Id: I4fd567dffa3992042eebcf495334b8130e1bdc9f
2017-04-07 11:16:47 +02:00
Juan Antonio Osorio Robles
8b40d4670d TLS-everywhere: Add resources for libvirt's cert for live migration
This merely requests the certificates that will be used for libvirt's
live migration if TLS-everywhere is enabled.

bp tls-via-certmonger

Change-Id: If18206d89460f6660a81aabc4ff8b97f1f99bba7
2017-04-07 11:31:40 +03:00
Jenkins
d826518a77 Merge "Don't try and create the my.cnf.d dir everytime" 2017-04-07 07:50:17 +00:00
Juan Antonio Osorio Robles
13ea87e658 Enable creation of keystone domain when ldap backends are created
This sets the flag create_domain_entry for the ldap_backend resource,
which will create the domain for the ldap backend (this was previously
not the case since only the configuration was created). Furtherly, this
flag will also refresh the keystone server, so the changes come into
effect.

Note that this is only done in step 3, so the domains are created there
and the refresh happens in that step. Also, this is only done for the
bootstrap node, since when the other nodes start, they will already have
the domains available in the keystone database and there won't be a need
to restart.

Related-Bug: #1677603
Depends-On: Ib6c633b6a975e4b760c10a2aef3c252885b05e28
Change-Id: Id879cf5c5ae39d37bf58b73c78733001d2b03d9c
2017-04-07 10:12:54 +03:00
Jenkins
652acd99ab Merge "Composable services support for Cinder Pure Storage FlashArray" 2017-04-07 07:04:52 +00:00
Jenkins
a05be0f0be Merge "Adjust UI manifest (language list)" 2017-04-07 05:14:51 +00:00
Jenkins
e25cd7438d Merge "Migrate Swift ring handling from tripleo-heat-templates to puppet-tripleo" 2017-04-07 02:49:31 +00:00
Jenkins
222b1e0b16 Merge "Adding OVNDBs vip to keepalive" 2017-04-07 02:39:21 +00:00
Jenkins
459055a08a Merge "Make the cluster-check property configurable" 2017-04-07 00:43:41 +00:00
Jenkins
cc9243b4ec Merge "Add httpchk for http services" 2017-04-07 00:43:34 +00:00
Jenkins
08ea0193f9 Merge "Include ironic::drivers::interfaces in the ironic-conductor profile" 2017-04-06 23:18:29 +00:00
Jenkins
e7ed81107a Merge "Adding support for Bagpipe Agent as BGPVPN driver" 2017-04-06 23:16:39 +00:00
Jenkins
4fa62dfaaa Merge "Add a trigger to call ldap_backend define" 2017-04-06 22:30:07 +00:00
Alex Schultz
3589d94586 Make galera-ready exec refreshonly
Previously we were always run the galera-ready exec every step. This
change switches it to be refreshonly so we only wait when the service is
setup or restarted.

Change-Id: I5ff9d49c2590751913b96777bcd72c8a15627a01
Closes-Bug: #1680586
2017-04-06 14:41:29 -06:00
Brent Eagles
23e723255c Add missing octavia auth include to keystone manifest
This patch adds the appropriate include to make sure that appropriate
keystone user, services, etc. are created when octavia is selected.

Closes-bug: #1680588

Change-Id: I0b6d657a0300538292223923d8808c23f936c193
2017-04-06 17:33:03 -02:30
Alex Schultz
a22c6c7223 Don't try and create the my.cnf.d dir everytime
The creation of /etc/my.cnf.d is not idempotent and is run anytime the
mysql client profile is included. This change adds an unless parameter
to ensure it is only run if not used.

Change-Id: I4a30eaccf72f5687dc22ba93c19136e55d36dcab
Closes-Bug: #1680570
2017-04-06 13:03:59 -06:00
Julie Pichon
12de93c2f5 Adjust UI manifest (language list)
tripleo-ui is removing en-GB from the locale list, adjust the manifest
to reflect this change.

Change-Id: If3f6603d703a1af07a7eaab56e47e8b0b90947af
Related-Bug: #1680397
2017-04-06 11:19:52 +01:00
Jenkins
bd89e21fe8 Merge "Clean up TLS-related bits from swift-proxy" 2017-04-06 02:10:26 +00:00
Jenkins
feeff5e8d3 Merge "Fix missing groups for fluentd user" 2017-04-06 00:20:19 +00:00
Jenkins
da8f651cd4 Merge "Add TLS in the internal network for Swift Proxy" 2017-04-05 19:53:07 +00:00
Jenkins
ed9c09bb1e Merge "Introduce profile to configure l2 gateway Neutron agent." 2017-04-05 17:21:14 +00:00
Cyril Lopez
b8388e378a Add a trigger to call ldap_backend define
Ldap_backend is a define so we need a resource to talk it. If
ldap_backend_enable set by tripleo-heat-templates, we call the
ldap_backend as a resource.

Given an environment such as the following:

parameter_defaults:
  KeystoneLdapDomainEnable: true
  KeystoneLDAPBackendConfigs:
    tripleoldap:
      url: ldap://192.0.2.250
      user: cn=openstack,ou=Users,dc=redhat,dc=example,dc=com
      password: Secrete
      suffix: dc=redhat,dc=example,dc=com
      user_tree_dn: ou=Users,dc=redhat,dc=example,dc=com
      user_filter: "(memberOf=cn=OSuser,ou=Groups,dc=redhat,dc=example,dc=com)"
      user_objectclass: person
      user_id_attribute: cn
      user_allow_create: false
      user_allow_update: false
      user_allow_delete: false
  ControllerExtraConfig:
    nova::keystone::authtoken::auth_version: v3
    cinder::keystone::authtoken::auth_version: v3

It would then create a domain called tripleoldap with an LDAP
configuration as defined by the hash. The parameters from the
hash are defined by the keystone::ldap_backend resource in
puppet-keystone.

More backends can be added as more entries to that hash.

Partial-Bug: 1677603
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Authored-By: Guillaume Coré <gucore@redhat.com>
Signed-off-by: Cyril Lopez <cylopez@redhat.com>
Change-Id: I1593c6a33ed1a0ea51feda9dfb6e1690eaeac5db
2017-04-05 17:41:01 +03:00
Christian Schwede
3412150d91 Migrate Swift ring handling from tripleo-heat-templates to puppet-tripleo
This allows decoupling the Swift ringbuilding logic from the Controller
and ObjectStorage roles. A follow up patch will modify
tripleo-heat-templates and use this modified class.

Actually this downloads the Swift rings even if ring building is
disabled or if there is no need to rebalance. This is required, because
operators can disable ring building, but use the same mechanism to
distribute pre-built rings to the nodes.

If ring building is disabled, these won't be uploaded at the end back to
the undercloud.

Related-Bug: 1665641
Change-Id: Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b
2017-04-05 16:09:56 +02:00
Jenkins
6f19cb59f3 Merge "Certmonger/rabbitmq: Remove parameter doc for unexisting parameter" 2017-04-05 13:47:50 +00:00
Ricardo Noriega
5e109f99c9 Adding support for Bagpipe Agent as BGPVPN driver
Partially-Implements: blueprint bgpvpn-service-integration

Change-Id: I54ef40f9d958e87d187a6d124995aa6951c0651a
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-04-05 15:33:53 +02:00
Jenkins
ccb78ad309 Merge "SSHD Service extensions" 2017-04-05 07:41:56 +00:00
Michele Baldessari
f464e9f703 Make the cluster-check property configurable
This change will make the global cluster-check property configurable
and will pick a lower default (60s) in case a pacemaker remote node
is deployed.

The cluster-recheck-interval is set to default to 15minutes by
pacemaker. This value is too high when a pacemaker remote service
is deployed. With this default value a reboot of a pacemaker remote
node will be reported as offline by pacemaker for up to 15minutes.

With this change we do the following:
1) Do nothing in case pacemaker remote is not deployed
2) When pacemaker remote is deployed and the operator has not
   specified otherwise, we set the recheck interval to 60s.
3) When the operator specifies the recheck interval we set that.

Change-Id: I900952b33317b7998a1f26a65f4d70c1726df19c
Closes-Bug: #1679753
2017-04-05 08:41:27 +02:00
Juan Antonio Osorio Robles
ec7f064060 Certmonger/rabbitmq: Remove parameter doc for unexisting parameter
This parameter was used at some point in the implementation but ended up
not being needed in favor of getting this information from the puppet
manifest. So it's removed as the parameter doesn't actually exist.

Change-Id: I09f4091ee7a2221b26249959ea2927090d36ba0f
2017-04-05 09:12:37 +03:00
Feng Pan
e5fe7a5ac1 Move etcd to step 2
Etcd should be configured and started in step 2 with other core
services when required.

Change-Id: If95a74d211a194f2bfbe9653a6e19e05b095a210
Signed-off-by: Feng Pan <fpan@redhat.com>
2017-04-04 20:57:32 -04:00
Jenkins
916529214d Merge "Configure migration SSH tunnel" 2017-04-04 23:29:07 +00:00
Jenkins
7c0fbef916 Merge "Refactor enabled languages from an array to a hash" 2017-04-04 22:09:54 +00:00
Jenkins
4ce1828118 Merge "Use correct manage_firewall hieradata" 2017-04-04 22:02:55 +00:00
Jenkins
1645db04ff Merge "Fixes missing neutron base in sriov" 2017-04-04 21:50:00 +00:00
Jenkins
09881742f0 Merge "Remove cluster_enabled setting for etcd" 2017-04-04 19:02:23 +00:00
Alex Schultz
dc52f322ea Add httpchk for http services
The httpchk health check option should help reduce the situtations
where haproxy thinks the service is up but the service is only
listening and not actively serving http requests.

Change-Id: I13cc5dcf2eea53731e756d078586ab9a97340912
Closes-Bug: #1629052
2017-04-04 15:41:14 +00:00