2676 Commits

Author SHA1 Message Date
Jenkins
ac16b57460 Merge "Consolidate puppet/docker deployments with one deploy steps workflow" 2017-08-12 07:18:07 +00:00
Jenkins
699ec62274 Merge "Convert compute-role.yaml to role.role.j2.yaml" 2017-08-12 03:19:08 +00:00
Jenkins
0785c93df2 Merge "Convert controller-role.yaml to role.role.j2.yaml" 2017-08-12 03:17:49 +00:00
Steven Hardy
7f6305980d Consolidate puppet/docker deployments with one deploy steps workflow
If we consolidate these we can focus on one implementation (the new ansible
based one used for docker-steps)

Change-Id: Iec0ad2278d62040bf03613fc9556b199c6a80546
Depends-On: Ifa2afa915e0fee368fb2506c02de75bf5efe82d5
2017-08-11 17:25:02 +00:00
Steven Hardy
d8e2531820 Convert compute-role.yaml to role.role.j2.yaml
Add some special-casing for backwards compatibility, such that the
Compute role can be rendered via j2 for support of composable networks.

Change-Id: Ieee446583f77bb9423609d444c576788cf930121
Partially-Implements: blueprint composable-networks
2017-08-11 15:06:34 +01:00
Steven Hardy
1aad286ca3 Convert controller-role.yaml to role.role.j2.yaml
Add deprecated role-specific parameters to role definition, in
order to special-case some parameters for backwards compatibility,
such that the Controller role can be rendered via j2 for support
of composable networks.

Co-Authored By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: I5983f03ae1b7f0b6add793914540b8ca405f9b2b
Partially-Implements: blueprint composable-networks
2017-08-11 15:06:34 +01:00
Juan Antonio Osorio Robles
0d8a3399eb TLS everywhere: Configure CA for mongodb
It wasn't being configured, thus making mongodb fail.

Change-Id: If0d7513aacfa74493a9747440fb97f915a77db84
Closes-Bug: #1710162
2017-08-11 16:07:13 +03:00
Jenkins
4e5ba44218 Merge "Move HAProxy's public TLS logic from controller to service template" 2017-08-11 12:02:30 +00:00
Jenkins
13668d83ba Merge "Set virsh secret with an init step when using Ceph" 2017-08-11 11:28:41 +00:00
Juan Antonio Osorio Robles
74e7e67459 Move HAProxy's public TLS logic from controller to service template
This de-couples public TLS from controllers to now run wherever HAProxy
is deployed.

Partially-Implements: blueprint composable-networks
Change-Id: I9e84a25a363899acf103015527787bdd8248949f
2017-08-11 04:07:38 +00:00
Jenkins
78c191215e Merge "Create parameters for haproxy TLS certs and keys" 2017-08-10 19:37:55 +00:00
Jenkins
7cbc378fe3 Merge "Addition of Nuage as mechanism driver for ML2" 2017-08-09 15:11:25 +00:00
Giulio Fidente
c20033524d Set virsh secret with an init step when using Ceph
Run virsh secret-define and secret-set-value in an init step
instead of relying on the puppet-nova exec.

Co-Authored-By: Jiri Stransky <jistr@redhat.com>
Change-Id: Ic950e290af1c66d34b40791defbdf4f8afaa11da
Closes-Bug: #1709583
2017-08-09 16:19:39 +02:00
Juan Antonio Osorio Robles
65e9ffa15f Create parameters for haproxy TLS certs and keys
this removes the hardcoded paths for the haproxy certs and keys and will
enable re-use. We'll use this in a further commit in the containterized
TLS work.

Change-Id: I602e5a569e2e7e60835deb80532abcedd7a1f63d
2017-08-07 13:03:25 +03:00
Juan Antonio Osorio Robles
79aca264ff Use number for KeystoneCronTokenFlushMaxDelay instead of string
Using a string results in an erroneous check in puppet-keystone, which
sets up a zero where it shouldn't. So we change it to number to avoid
that. Note that there will also be a puppet-keystone fix for this.
Changing the value here assures that deployers only give valid values to
this parameter.

Change-Id: I00823e23358df91ce54f421c12636f05d4196e15
Closes-Bug: #1708584
2017-08-07 08:28:23 +00:00
Jenkins
92535b10ec Merge "Start redis service after upgrade" 2017-08-05 15:22:56 +00:00
Juan Antonio Osorio Robles
0414e97f81 Change the directory for haproxy certs/keys to be service-specific
This moves the directories containing the certs/keys for haproxy one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.

bp tls-via-certmonger-containers

Depends-On: Iba3adb9464a755e67c6f87d1233b3affa8be565a
Change-Id: I73df8d442b361cb5ef4e343b4ea2a198a5b95da9
2017-08-04 10:43:50 +00:00
Jenkins
4d2bb6fcec Merge "Changing the default port-binding configuration" 2017-08-04 06:33:48 +00:00
Pradeep Kilambi
0800daaae5 Update EventPipelinePublisher param description to include zaqar
Since we now support zaqar:// publisher, Enhance the description to indicate
how to set the zaqar publisher.

Change-Id: Ib7eba98d199fade2346620672e33b74686d4685b
2017-08-03 22:38:06 +00:00
Jenkins
1ea7c35f4f Merge "Make UpgradeLevelNovaCompute parameters consistent" 2017-08-03 21:53:09 +00:00
lokesh-jain
0bc2403ecf Addition of Nuage as mechanism driver for ML2
Adding composable services for Nuage mechanism driver for ML2. This
is separate from Nuage as the core plugin and intentional duplication
of Nuage under puppet services. Parameters required for working of
Nuage as mechanism driver are also added.

Change-Id: I2b564610721152c4f4dab9da79442256ba8d0b33
2017-08-03 17:15:18 -04:00
Jenkins
b3b9e953a9 Merge "Make many networking parameters consistent" 2017-08-03 14:19:44 +00:00
Jenkins
8ef458559e Merge "Make RoleParameters and key_name descriptions consistent" 2017-08-03 01:40:17 +00:00
Jenkins
fd002f479a Merge "Set redis password hiera value in compute agent" 2017-08-03 01:02:42 +00:00
Ben Nemec
7f84409a6a Make UpgradeLevelNovaCompute parameters consistent
There is logic in nova-base.yaml that depends on the default for
this parameter being '', and the nova-compute service only needs it
set to auto during upgrade.  That will be done by [1] anyway, so it
doesn't matter what the default is.  It's also not clear to me that
the nova-compute task is even needed now that we're post-Ocata, but
that's not a change I feel comfortable making.

1: https://github.com/openstack/tripleo-heat-templates/blob/master/environments/major-upgrade-composable-steps.yaml

Change-Id: Iccfcb5b68e406db1b942375803cfedbb929b4307
Partial-Bug: 1700664
2017-08-02 16:20:12 -05:00
Ben Nemec
c05e72cd72 Make many networking parameters consistent
These are mostly the low hanging fruit that only required a few
minor changes to fix.  There are more that require a lot of changes
or might be more controversial that will be done later.

Change-Id: I55cebc92ef37a3bb167f5fae0debe77339395e62
Partial-Bug: 1700664
2017-08-02 16:20:08 -05:00
Ben Nemec
4502b7cba6 Make RoleParameters and key_name descriptions consistent
The key_name default is ignored because the parameter is used in
some mutually exclusive environments where the default doesn't
need to be the same.

Change-Id: I77c1a1159fae38d03b0e59b80ae6bee491d734d7
Partial-Bug: 1700664
2017-08-02 16:18:25 -05:00
Pradeep Kilambi
ba2441932c Start redis service after upgrade
We install redis if its not already there, but we should also
ensure redis service is started in the next step 4.

related to issues we're seeing in I284de61bbefac9e9b37390650016643ffe38b5cc

Change-Id: Ic01db53ea8669f14e87f6987045b2be5a3480024
2017-08-02 15:53:18 -04:00
Jenkins
0adf7553f4 Merge "Fix iscsid role data's section" 2017-08-02 05:11:22 +00:00
Pradeep Kilambi
f04235c3eb Set redis password hiera value in compute agent
Without this config defaults to undef in containers

Change-Id: Id47f365364e7b0d399de92995871b136550cd625
2017-08-01 21:26:24 +00:00
Jenkins
04d797c09e Merge "Add 'ovn-controller' service" 2017-07-31 14:23:06 +00:00
Jenkins
9e74d2d0ac Merge "Enable Zaqar API SSL" 2017-07-28 15:46:58 +00:00
Itzik Brown
52e8df6614 Changing the default port-binding configuration
networking-odl no longer supports the network-topology port
binding controller and instead now relies on a pseudo-agent binding
controller.  This means that each OVS node must be configured with
host configuration in OVSDB about which VIF types, network types,
functions, etc that this OVS node supports.  The end result is this
affects where nova and neutron will schedule instances.

Changes Include:
 - Modifying default port binding controller to use pseudo agent
 - Adds necessary per role parameters to be able to configure host
   config on a per role basis to allow for heterogenous compute node
   configurations.

Change-Id: I50458abf6a8a6bf724ad97accb6444d9c497d287
Closes-Bug: 1674995
Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-27 16:20:51 -04:00
Numan Siddique
5f313f27c9 Add 'ovn-controller' service
Presently the ovn-controller service (puppet/services/neutron-compute-plugin-ovn.yaml)
is started only on compute nodes. But for the cases where the controller nodes
provide the north/south traffic, we need ovn-controller service runninng in controller
nodes as well.

This patch
 - Renames the neutron-compute-plugin-ovn.yaml to ovn-controller.yaml which makes more
   sense and sets the service name as 'ovn-controller'.
 - Adds the service 'ovn-controller' to Controller and Compute roles.
 - Adds the missing 'upgrade_tasks' section in ovn-dbs.yaml and ovn-controller.yaml

Depends-On: Ie3f09dc70a582f3d14de093043e232820f837bc3
Depends-On: Ide11569d81f5f28bafccc168b624be505174fc53
Change-Id: Ib7747406213d18fd65b86820c1f86ee7c39f7cf5
2017-07-27 18:22:03 +00:00
Damien Ciabrini
74072672d6 Fix iscsid role data's section
The iscsid service definition has a typo, config_setting should
read config_settings

Change-Id: I12605dba61fd5f6ce80c3ab78e883ed5ebf3ca62
2017-07-27 12:47:18 -04:00
Thomas Herve
03af5f8f4d Enable Zaqar API SSL
This sets the SSL flag in the docker service and expose the parameter in
the docker service.

Depends-On: I4c68a662c2433398249f770ac50ba0791449fe71
Change-Id: Ic3df2b9ab7432ffbed5434943e04085a781774a0
2017-07-27 09:24:17 +00:00
Jenkins
b9063bac5c Merge "Adding Tuned Service" 2017-07-27 06:06:46 +00:00
Jenkins
d1b8863dd7 Merge "aodh: add gnocchi_external_project_owner config" 2017-07-26 22:57:25 +00:00
Jenkins
4a441359fb Merge "Stop Heat WSGI services on docker upgrade" 2017-07-26 13:47:21 +00:00
Jenkins
c57543bba2 Merge "Ps Cinder: Added support for password less login" 2017-07-26 13:47:14 +00:00
Jenkins
542a99794e Merge "Add parameters for Veritas HyperScale distributed setup." 2017-07-26 13:22:15 +00:00
Jenkins
083d654e5c Merge "Add NodeTLSData to generic role.role.j2.yaml" 2017-07-26 13:14:21 +00:00
Jenkins
37099cce3d Merge "Make various password descriptions consistent" 2017-07-26 13:13:56 +00:00
Jenkins
95a6da6112 Merge "Stop also openstack-swift-object-expirer when upgrading swift services" 2017-07-26 13:13:47 +00:00
Steven Hardy
98d6d84ca3 Add NodeTLSData to generic role.role.j2.yaml
This is currently included in the controller-role template, so we need
to add it to the generic role.role.j2.yaml in order to convert the
controller-role template to be rendered via j2

Change-Id: I01bf01c8a31e4cc26f202dd1774845ec33f50bcd
Partially-Implements: blueprint composable-networks
2017-07-25 15:33:40 -07:00
Joe Talerico
c2b2cc555a Adding Tuned Service
Allow the user to set a specific Tuned profile on a given host.

Defaults to throughput-performance

Change-Id: I0c66193d2733b7a82ad44b1cd0d2187dd732065a
2017-07-25 17:08:37 +00:00
Michael Henkel
aa5194f878 Contrail network realignement + DPDK enablement
This patch moves Contrail roles communication from public/external
to internal_api network for OpenStack API.
It also adds the option to enable dpdk.
Monolithic firstboot script is broken down into small pre-network
and per-node extraconfig scripts

Change-Id: I296a3bf60cef6fa950fd71d6e68effe367d1e66b
Closes-Bug: 1698422
2017-07-25 18:24:13 +02:00
Jenkins
8193431e94 Merge "Modifying Cisco templates to support composable roles" 2017-07-25 05:56:33 +00:00
Jenkins
46bbb1e064 Merge "Increase default RabbitMQ/Erlang TCP timeout from 5 to 15 seconds" 2017-07-25 05:56:06 +00:00
Jenkins
c282288e97 Merge "Add metadata_settings in Heat APIs" 2017-07-25 05:11:45 +00:00