The ipaclient ansible role requires that ansible_fqdn is defined but
due to [1] we don't have ansible_fqdn inside of ansible_facts. This
uses the 'fqdn' ansible fact for ansible_fqdn which is equivalent.
[1]: https://opendev.org/openstack/tripleo-heat-templates/commit/4e79336d69e
6b7fa4b026922bac7953bafeee96d
Related-Bug: 1915761
Closes-Bug: 1923248
Change-Id: I0a740e86588c96fff24fa09698c35e492d1c64db
Previously access to the sshd running by the nova-migration-target
container is only limited via the sshd_config. While login is
not possible from other networks, the service is reachable via
all networks. This change limits the access to the NovaLibvirt
and NovaApi networks which are used for cold and live-migration.
Change-Id: Ie868463143af66c7004dbcacefde76ca0977880e
This patch adds two new parameters for deploying Barbican with the
PCKS#11 backend `BarbicanPkcs11CryptoTokenLabels` and
`BarbicanPkcs11CryptoOsLockingOk`.
The patch also deprecates `BarbicanPkcs11CryptoTokenLabel` in favor of
the new option that can be set to more than one label.
Depends-On: Iba7013dd6e1b1e4650b25cd4dd8dc1f355ceb538
Change-Id: I1c5059799f613a62a13379eb82ba516a8ed3a15a
The ansible module to manage networks sets the name
upper as a tag hint on the neutron network resources.
tripleo_ansible/ansible_plugins/modules/tripleo_composable_network.py#L124
This change adds this tag for Heat managed networks as
well.
Change-Id: I717b06a0578dccca0e2152f6d454ad7a96cff8fb
Partial-Implements: blueprint network-data-v2-ports
Set up tag hints on all OS::Neutron::Port resources.
The network-data-v2 work uses tags on neutron resources
to find existing resources so that we update instead
of create. Also for generating environment files info
in the neutron tag field is utilized.
Partial-Implements: blueprint network-data-v2-ports
Change-Id: I3d43ae22cc45e5528ecfb1a6b2cb8602faa162a0
The bind pool information is now automatically generated and the
variables and sample config files are no longer needed. Matching bind9
and rndc key configuration is also generated.
Note: this patch also removes the use of puppet-dns which is problematic
when bind and the worker aren't on the same host and is awkward to use
with respect to rndc keys. It also modifies yaml-validate.py to correct
a rule changed with respect rndc_allowed_addresses.
Depends-On: Ib121888061b8bfcc4155528a8a209c7e274fafcb
Depends-On: I3383c19f80e70553ae71e644a01dda0f250d19da
Depends-On: I1b6674acbd6f999474cd66cb44357cf6b756a7d0
Change-Id: Ib89bcafe9f65431aee5756a32b2a82adc3d384dc
This would not have worked before we enabled server side
env merging and also we don't set that parameter in that
environment.
Change-Id: Icd6d9a12b59cf8234edb671f0f55b4df4d342d7e
Currently there is a known issue[1] in snapshot feature of cinder nfs
backend, which causes data corruption in several cases.
This change makes the feature disabled by default to require some
consideration by users before enabling the feature.
Note that this change makes the default value in Tripleo consistent
with the one(False) in cinder, so also fixes the inconsistency about
the default values.
[1] https://bugs.launchpad.net/cinder/+bug/1860913
Related-Bug: #1860913
Closes-Bug: #1896324
Change-Id: I12b8a01d0b28fed66be8ae0b1723dd89f6dc00ff
For configuring high availability for LDAP in keystone one
needs to edit /etc/openldap/ldap.conf. This worked
before control plane was containerised. Mounting the
openldap configuration into the keystone container
restores the previous behavior.
Change-Id: Id0d73a8ab0ddf7bf9e2b76ea14ffc9acff3a0ad3
Closes-Bug: #1923048
Resolves: rhbz#1944466
Zuul
Dave Wilde (d34dh0r53)
Martin Schuppert
Douglas Mendizábal
Harald Jensås
Brent Eagles
John Eckersberg
ramishra
Takashi Kajinami
Grzegorz Grasza