Commit Graph

279 Commits (19be98ba07d9c8881d67a359b9c1a424f824e2ac)

Author SHA1 Message Date
Juan Antonio Osorio Robles 00c9ec85c9 Add CACerts service to all scenario environment files
This service is needed to install CA certificates for the overcloud. We
need it because the plan is to enable public TLS by default. And without
this it won't work.

Change-Id: I168e6a543f7143900fdb855ec29d8532fb9736ae
2018-04-11 16:49:51 +03:00
yatin e534a7a213 Correctly set NeutronMl2PluginBase for OVN scenario
OVN configuration was not done when deployed with
scenario007 as default for NeutronMl2PluginBase was
used which is neutron-plugin-ml2.yaml. This patch
fixes this to use neutron-plugin-ml2-ovn.yaml which
correctly configures neutron for ovn metadata.

Change-Id: I7cadd0567951b85c1ba69d4b4843ee29b67e7a11
Closes-Bug: #1757134
2018-03-26 11:30:18 +05:30
Zuul 87bddc6608 Merge "Consume ceph-container project's new style of tags" 2018-03-24 01:31:12 +00:00
Zuul 45d6ce722e Merge "Fix network-isolation.yaml relative paths for ci" 2018-03-19 23:17:10 +00:00
John Fulton 09ff488f0d Consume ceph-container project's new style of tags
The ceph-container project is moving to a new style of tags for
Ceph. Update scenario001/004 to pull Ceph container images using
the new tags.

Change-Id: I2a6a7c5fb5148e951f85850c09be7cbb59fce0f8
2018-03-16 13:57:27 -04:00
Wes Hayutin 8dadaa165e A keystone only controller deployment
A very basic deployment to be used with free-ipa, and upgrade ci.
There may be other valuable uses for this deployment as well.


Co-Authored-By: Jiri Stransky <>
Change-Id: I433297dcd597e49a2ffccc2e61118bbba69f883c
2018-03-11 12:56:51 +00:00
James Slagle b6bfa5b7cb Fix network-isolation.yaml relative paths for ci
These relative paths were incorrect given where these environment files
live in the templates directory tree.

These environment files aren't actually used by ci as their equivalent
network-isolation-absolute.yaml versions are preferred. However, if we
fix these paths we could consider switching ci over to use these as it's
arguable more preferrable instead of the hardcoded packaged path.

Change-Id: Ib0e4779c4883776e25bf7eb5aee60a91ce28a73d
2018-03-06 10:45:25 -05:00
Sofer Athlan-Guyot 97c0c1fca8 Make ping test support older overcloud release.
In mixed version test scenario, we can have a ping test triggered
after the overcloud installation just to make sure that it works.

If we fix the version to queen then this scenario cannot work.

Change-Id: Ifdc0531cdba03af63231d3c3b16f59e4e22ec837
2018-03-06 12:04:47 +00:00
Emilien Macchi c43a9100fa Import net-config-simple-bridge.yaml from tropleo-ci repo
This file has been used for the containerized undercloud so we can
deploy a simple bridge with os-net-config.

We're moving the environments used for CI into THT, so we can branch
them. This is part of this effort.

Change-Id: I4255120e12123568a388c75956e6e8d32dec66aa
2018-03-02 00:31:37 +00:00
Giulio Fidente 0b1afb48e5 Allows for configuration of the Ceph cluster name
To be able to support multiple Ceph cluster, an initial step is
to allow for configuration of each cluster name.

Depends-On: I8d5293eaaf104b6374dfa13992a67ddc37397f10
Implements: blueprint custom-ceph-cluster-name
Change-Id: I1b4d51ca6a2d08fa7a68eea680eb104eff732057
2018-02-20 11:35:01 +01:00
Emilien Macchi f48709e22e Revert "Disable SNMP service in all CI jobs"
Now SNMP is secured, we can re-enable it in CI.
This reverts commit cb90c8ce48.

Change-Id: I4ec805015ab8975d8922279ea64546799f5ce92a
2018-02-19 02:24:44 +00:00
Emilien Macchi cb90c8ce48 Disable SNMP service in all CI jobs
Some work is being done in I46fce28926cb5a881f7384948480266712ae75e3
to secure SNMP on a specific network but until then we need to stop
opening the services so cloud providers won't report any security issue
for TripleO jobs.

Change-Id: Icd8a6ddda6152186d6be4a227f6449232fecba5e
Related-Bug: #1749324
2018-02-14 09:32:55 -08:00
Dan Sneddon 1dec175241 Render NIC config templates with jinja2
This change converts the existing NIC templates to jinja2 in
order to dynamically render the ports and networks according
to the network_data.yaml. If networks are added to the
network_data.yaml file, parameters will be added to all
NIC templates. The YAML files (as output from jinja with
the default network_data.yaml) are present as an example.

The roles in roles_data.yaml are used to produce NIC configs
for the standard and custom composable roles. In order to
keep the ordering of NICs the same in the multiple-nics
templates, the order of networks was changed in the
network_data.yaml file. This is reflected in the network
templates, and in some of the files that is the only

The roles and roles_data.yaml were modified to include
a legacy name for the NIC config templates for the
built-in roles Controller, Compute, Object Storage,
Block Storage, Ceph Storage, Compute-DPDK, and
Networker roles. There will now be a file produced
with the legacy name, but also one produced with the
<role>-role.j2.yaml format (along with environment
files to help use the new filenames).

Note this change also fixes some typos as well as
a number of templates that had VLANs with device:
entries which were ignored.

Closes-Bug: 1737041
Depends-On: I49c0245c36de3103671080fd1c8cfb3432856f35
Change-Id: I3bdb7d00dab5a023dd8b9c94c0f89f84357ae7a4
2018-02-13 00:19:37 -08:00
Zuul 0a01a40a8f Merge "Add bond-network-templates for OVB public bond CI" 2018-02-12 19:40:49 +00:00
Lars Kellogg-Stedman b20bce1bf0 logging: use service_config_settings for fluentd
The initial fluentd client implementation predates the introduction of
service_config_settings, and necessitated some invasive changes to
what is now common/serivces.yaml. This commit modifies existing
services to use the service_config_settings based configuration
mechanism supported by more recent versions of the fluentd support in

Partial-bug: #1715187
Depends-On: I3149902401d68d6fd236073a73a20f982d4b952a
Depends-On: I2b057190ec0e4e75ee4ee47ebe0164c2644e5ab7
Depends-On: Ie7df4b8b94cb0ae38096ab95800f211ef1cd8455
Change-Id: I28028ffa00df2da8e0478a551d3de89c3ee46e1f
2018-02-07 16:37:00 +01:00
Jan Provaznik ee65c76a27 Add a StorageNFS network for use by Manila/Ganesha
This change adds a StorageNFS network. It's required by which implements
NFS Ganesha backend for Manila service.

To define and enable the StorageNFS network, deploy using
network_data_ganesha.yaml instead of network_data.yaml.
Besides the former adding the StorageNFS network, these
are otherwise identical.

If enabled it's also necessary to add StorageNFSIpSubnet and
StorageNFSNetworkVlanID heat parameters into network templates.

Co-Authored-By: Dan Sneddon <>

Change-Id: If31722d669efe91082c93ecb815e6c41676480c8
Partially-Implements: blueprint nfs-ganesha
2018-02-03 10:11:20 -05:00
Ronelle Landy 897f828bfc Add bond-network-templates for OVB public bond CI
te-broker can set up an OVB stack to deploy the overcloud
with public bond network isolation but the heat templates
used in the overcloud deployment were missing.

This review adds these templates from openstack-virtual-baremetal
so that public bond network isolation can be tested in CI.

Change-Id: Ied543e70491ff85d6fab4371812bca802c6b1032
2018-02-02 10:34:29 -05:00
Zuul 17b3dccbb5 Merge "Add IPSEC service to ovb-ha environment" 2018-01-31 09:24:30 +00:00
Zuul 16f41086f9 Merge "Update pingtest description" 2018-01-31 09:03:07 +00:00
Juan Antonio Osorio Robles a9890d7a68 Add IPSEC service to ovb-ha environment
This is needed to test out IPSEC in OVB.

bp ipsec

Change-Id: I666e03fdb8be27253a0024de4a0ea18f47995f05
2018-01-24 13:56:43 +00:00
Thomas Herve c889a3d1eb Update pingtest description
The description of the pingtest template is hightly confusing, this
removes the outdated comment.

Change-Id: I13108d87f841b39e913db6bb0bc51a21296240c7
2018-01-24 11:03:02 +01:00
Jiri Stransky e2c18c34ec OpenShift: Don't pre-install Docker
We installed docker our traditional way when deploying with Kubespray
and disabled Kubespray's management of Docker, because Kubespray
installs non-CentOS Docker binaries.

However, openshift-ansible installs Docker from CentOS, we don't need
to install it using the Docker composable service too. That way
openshift-ansible will be the authority on Docker configuration when
deploying OpenShift.

Change-Id: I1352d4050e2f38300068d858b19e0b4a31cf50a7
Related-Bug: #1741224
2018-01-23 11:52:54 +00:00
Zuul 1557048c25 Merge "Containerize multinode-3nodes" 2018-01-18 00:02:15 +00:00
Daniel Alvarez 85e006d19d Add support for OVN Metadata Agent
This patch adds support for networking-ovn-metadata-agent.
It will deploy the agent on compute nodes and disable Nova

The following two patches have been squashed into this one:
The reason behind the squash is that we had interdepenencies
and this patch alone wouldn't be testing the code properly
without the two other ones since scenario007 job in baremetal
has been removed for this cycle.


Depends-On: I678652294cb8f964c34b742a0bc0ea360d736fb9
Depends-On: If3dffde5e0db8f7607a9708d36d54d1600fe5da8
Depends-On: I38f775479d178f5b252619635b67f876bc8c5ed5
Depends-On: Ifdd42437333730a3b3e6f36cbab6df0a2971a5a1
Depends-On: I940cec6d670df39ac6e2a3559a028acbeee99331

Change-Id: Idc2bb4e31a64502ac6fcdac771d823509dc328e7
Signed-off-by: Daniel Alvarez <>
2018-01-12 09:40:06 +00:00
Emilien Macchi fb9d83401c Containerize multinode-3nodes
This patch will force the 3nodes job to be containerized, like all jobs
should be in Queens.
Another patch in tripleo-quickstart will update the featureset.
Also moving Clustercheck service where MariaDB & Pacemaker run.
Also remove Heat since we'll run Tempest.

Change-Id: I31e1fe29491d2cbaa8ed9cd35ee84bbb1d455154
2018-01-11 20:56:36 -08:00
Emilien Macchi a1088cbc94 ci: update multinode-3nodes-registry
... to match with other multinode jobs.

Change-Id: Icb771e598594a9555ef417e781d9a155f1863d2b
2018-01-10 11:42:22 -08:00
Zuul ee371478d7 Merge "Convert ipv4 nic-config templates" 2018-01-10 07:16:53 +00:00
Zuul 88759da151 Merge "Use relative path in ipv6 nic configs" 2018-01-09 19:13:47 +00:00
Zuul 89a5b72460 Merge "Add PublicVirtualFixedIPs to ci network-environment.yaml" 2018-01-09 15:12:55 +00:00
James Slagle c3cbce2ba9 Convert ipv4 nic-config templates
The ipv4 nic-config templates in tripleo-heat-templates were never
updated to use "group: script" and were still using the deprecated
"group: os-apply-config".

This commit updates the templates. Doing so means they will also work
with the config-download deploy mechanism which only supports the
"group: script" method. This update allows us to move forward with
converting ci jobs that use these templates (such as ovb-ha) to use

Change-Id: If3cc2749c070a9e88a33b8b0643aeef8a97dd181
2018-01-08 11:54:19 -05:00
James Slagle c74318381c Use relative path in ipv6 nic configs
The path to in these nic config templates for ci
should be relative, not absolute. The absolute path does not honor a
different directory specified via --templates, and it also fails the
overcloud deploy entirely b/c the absolute path does not exist in the
plan in swift.

Change-Id: I85ac081571965f42beef4bd283db985b9a03078f
2018-01-08 11:54:19 -05:00
John Fulton d68619a26e Update Ceph container CPU/memory limits in Ceph scenarios
Ceph containers are started with `docker run --memory`
and `docker run --cpus` to limit their memory and CPU
resources. The defaults for OSD and MDS containers were
recently increased [1] to values better for production
but this change keeps them at lower values just for


Change-Id: I5b5cf5cc52907af092bea5e162d4b577ee05c23a
Related-Bug: 1741499
2018-01-08 11:24:27 -05:00
Zuul 587cd86c54 Merge "Parameterize ceph-ansible environment variables" 2018-01-07 18:00:54 +00:00
Alex Schultz 3764ab157b Enable DockerPuppetDebug uses the DockerPuppetDebug boolean to trigger debug
logging. It is disabled by default which makes it hard to understand
what is happening in CI. Let's enable it for CI.

Change-Id: I071955df802d09bb4f6496617942868c7da421fd
2018-01-06 15:22:13 +00:00
Mehdi Abaakouk bf819a0cdb ci/telemetry: Decrease test_telemetry_integration time
To decrease the time test_telemetry_integration takes, we do the

* Enable ManagePolling so ceilometer agents will poll every
  ceilometer::agent::polling::polling_interval interval (already set to
* We change the publishers list to set an archive policy to use for
  Gnocchi. We use high so one 1 points will be keep every 60s.

Note that the tempest telemetry.alarm_granularity configuration must be
kept in sync with the archive policy. This is done here:

The test should takes 2 minutes instead of 10 after this change.

Change-Id: Ie00d3487d54f4d1226f6a8a210975eabdcd8a96c
Depends-On: I62c47723d68bb1cef9733df2f737c3ab3f5aa8fb
2018-01-05 18:00:46 +00:00
James Slagle fc49be56bb Add PublicVirtualFixedIPs to ci network-environment.yaml
This parameter must have been missed (or was adder later) when these
were templates were copied from tripleo-ci in

Change-Id: Iccd871647f44f9ebad7319c664d45188c42c4aae
2018-01-04 21:03:00 -05:00
Zuul d05b39d149 Merge "Remove pingtest env for scenario007" 2017-12-30 13:06:03 +00:00
Emilien Macchi f855222a93 CI: move tacker / congress from scenario001 to 007
scenario001 is timeouting a lot while scenario 007 is fine and far from
timeout limit, so moving out services.

Change-Id: Id34321f95a0584cbc9f6e40f3cd47ed0386cfc9d
2017-12-29 13:52:48 -08:00
Emilien Macchi ae81ed9f93 scenario001: disable mongodb (not used)
Change-Id: I4184146486840f9f226749da2cd054864fa42498
2017-12-29 08:36:57 -08:00
Emilien Macchi fc2d8b2cdc Remove pingtest env for scenario007
We don't need it anymore, since we run Tempest.

Change-Id: I6a78f19fa49a0d53167a6b5a105ba43bd5ab6fc8
2017-12-29 07:47:17 -08:00
Emilien Macchi 2fa0ecece5 multinode-contaier: reduce the number of services
The job timeouts too much, some services are already covered by
scenarios, no need to duplicate testing.

Change-Id: I30092400142af5c3308534a8da9daa22cbb82bad
Depends-On: I2a4aa707fa10664f1fc9026e3eb417f35834436f
2017-12-29 07:38:03 -08:00
Zuul 8809cd0ad4 Merge "Update templates alias to queens" 2017-12-23 07:20:34 +00:00
John Fulton ba2169d0a3 Parameterize ceph-ansible environment variables
Add CephAnsibleEnvironmentVariables which allows a user to
override any Ansible environment variable.

Depends-On: I5d69af146ca6ca8b3d5f78445cd1b47828daa955
Change-Id: Ic731c8f0c988c485c5b3448182a568b8514cab0a
Closes-Bug: 1738276
2017-12-20 17:48:05 +00:00
Carlos Camacho b13728cac3 Update templates alias to queens
There are still some templates with the wrong
alias name. This patch updates them with the
correct version.

Change-Id: I43549ac98f3736029d4aaad1ead745caf40f9299
2017-12-20 10:27:23 +01:00
Tom Barron d8b1d64add Manila network plugin address family support
Set NetworkPluginIpv6Enabled if IPv6 networks
have been enabled.  Currently this parameter and
NetworkPluginIPv4Enabled are mutually exclusive so
set the latter false as well.  Default is IPv4
with NetworkPluginIPv4Enabled.

Depends-On: Ic7e5b5351e429755ba48613ab89d1b7e7d6e2d34
Change-Id: Ia895d7190f0fb8e97c87b3178461d9fc26393b9b
2017-12-19 17:10:07 -05:00
Flavio Percoco 8dd99ba7fd Deploy OpenShift using OOO on the overcloud
Add external_deploy_tasks for OpenShift installation. This makes
OpenShift installation work with the config download mechanism.

Co-Authored-By: Jiri Stransky <>
Depends-On: I9786f1a27cb7c765211dffe0ea06afd75f8e5275
Change-Id: I4c995dcfd97b5c9ccb751862ff77ab785ad0ac5b
2017-12-15 15:41:15 +00:00
Ade Lee ec6a94bd79 Autogenerate the barbican simple crypto KEK
Code recently merged in tripleo-common to autogenerate the simple
crypto KEK.  Can therefore not specify it in scenario002.

Change-Id: I8e432b3500fc0e65154c34b292d05ff8c19c45d6
2017-12-12 15:37:23 -05:00
Zuul bc84846239 Merge "Set simple crypto plugin as global default for Barbican" 2017-12-07 22:58:06 +00:00
Zuul 2e6ea5f5dc Merge "CI: Test multi-rbd backend for cinder in scenario001" 2017-12-07 19:08:36 +00:00
Zuul f11fd9b918 Merge "Don't assume single sub_node in nic config" 2017-12-07 03:38:32 +00:00