4105 Commits

Author SHA1 Message Date
Matthew Flusche
cc1a8f9987 Validate NTP servers
Adds a validation to ensure at least one NTP source
is available.

Misconfigured or inaccessible NTP servers is a
common source of erratic behavior and failures. This
validation will ensure a NTP source is available
or fail with debug output from ntpdate.

The heat boolean: ValidateNtp can be set to disable
this check.

Change-Id: Ie93f943b53bf3a1b60a536df4a28ae203d98988f
2017-04-13 19:54:56 +00:00
Jenkins
8391468d16 Merge "Do not log errors on non-existing container" 2017-04-13 14:00:15 +00:00
Jenkins
b07dc6ba19 Merge "Add Docker to services list in multinode CI environments" 2017-04-13 12:51:50 +00:00
Jenkins
3e8b6289d7 Merge "Update Dell EMC Cinder back end services" 2017-04-12 20:09:14 +00:00
Jenkins
c89fe8da72 Merge "yum_update.sh - Use the yum parameter: check-update" 2017-04-12 18:04:48 +00:00
Jenkins
a5c30dfa25 Merge "Add upgrade tasks for gnocchi container services" 2017-04-12 16:39:56 +00:00
Jenkins
2f230e0775 Merge "Add IPv6 disable option" 2017-04-12 16:39:47 +00:00
Jenkins
af4f4caf70 Merge "Use httpd in Zaqar docker service" 2017-04-12 16:39:40 +00:00
Jenkins
c7b045e44e Merge "Add composable role support for NetApp Cinder back end" 2017-04-12 15:28:00 +00:00
Jenkins
4df0fcdffb Merge "Bind mount directories that contain the key/certs for keystone" 2017-04-12 14:18:57 +00:00
Jenkins
9584d5955c Merge "docker/all: Bind-mount OpenSSL CA bundle" 2017-04-12 14:18:50 +00:00
Jenkins
cec6d0d3dd Merge "Change the directory for httpd certs/keys to be service-specific" 2017-04-12 14:17:36 +00:00
Juan Antonio Osorio Robles
dd43ba1cf2 Bind mount directories that contain the key/certs for keystone
This is only done when TLS-everywhere is enabled, and depends on those
directories being exclusive for services that run over httpd. Which is
the commit this is on top of.

Also, an environment file was added that's similar to
environments/docker.yaml. The difference is that this one will contain
the services that can run containerized with TLS-everywhere. This file
will be updated as more services get support for this.

bp tls-via-certmonger-containers

Change-Id: I87bf59f2c33de6cf2d4ce0679a5e0e22bc24bf78
2017-04-12 09:45:17 +00:00
Juan Antonio Osorio Robles
39f63c5efa docker/all: Bind-mount OpenSSL CA bundle
The containers also need to trust the CA's that the overcloud node
trusts, else we'll get SSL verification failures.

bp tls-via-certmonger-containers

Change-Id: I7d3412a6273777712db2c90522e365c413567c49
2017-04-12 09:45:13 +00:00
Jenkins
ae6883323e Merge "Grouped all the Operational tools" 2017-04-12 02:22:11 +00:00
Jenkins
d33948a45b Merge "Add missing name properties on deloyment resources" 2017-04-11 22:22:14 +00:00
Dan Prince
349eb93209 docker: use noop_resource for Nova_cell_v2
Per puppet-nova commit 2c743a6bff5b17a85d1e0500f3a9ecb21468204e
there is now a custom resource for Nova_cell_v2 configuration.
As this resource runs automatically regardless of our use
of puppet tags we need to explicitly disable it to be able to
generate Nova API configs for docker.

Change-Id: Id675dc124464acddc3fc5a88b017a351e93ba685
Closes-bug: #1681841
2017-04-11 09:14:38 -04:00
Juan Antonio Osorio Robles
87f41c6ec6 Change the directory for httpd certs/keys to be service-specific
This moves the directories containing the certs/keys for httpd one step
further inside the hierarchy. This way we will be able to bind-mount
this certificate into the container without bind-mounting any other
certs/keys from other services.

bp tls-via-certmonger-containers

Change-Id: Ibe6e66ae4589b9eab7db330dd8b178e0f8775639
Depends-On: I0b71902358b754fa8bd7fdbb213479503c87aa46
2017-04-11 11:33:32 +00:00
Jenkins
74684af1ad Merge "Decouple Swift ringbuilding logic" 2017-04-11 11:03:13 +00:00
Jiri Stransky
5d9a8a0028 Add Docker to services list in multinode CI environments
We need the service to be present to run jobs involving containers. Note
that this is effectively a no-op for the current CI jobs, as by default
the Docker service is mapped to OS::Heat::None. Docker will actually be
deployed only if environments/docker.yaml is included in the deploy
command.

Change-Id: I97a35e30e428ff64feeb411bf63dbb7aa54f9829
2017-04-11 10:51:41 +02:00
Martin André
2eddc12be7 Do not log errors on non-existing container
This is cluttering up the logs with useless error messages, making it
more difficult than necessary to debug the CI job.

Change-Id: Icbdc4c74d99fea39b8722955dab56e5f538849aa
2017-04-11 09:29:52 +02:00
zshi
d22484d389 Add IPv6 disable option
This will give user the ability to set these values,
if IPv6 is not to be used, it's recommended that it be
disabled to reduce the attack surface of the system.

Change-Id: Ib3142cce49b93a421ca142a59961ce49a77e66b1
Co-Authored-By: Luke Hinds <lhinds@redhat.com>
Signed-off-by: zshi <zshi@redhat.com>
2017-04-11 15:29:04 +08:00
Jenkins
ccb0655db4 Merge "Replace references to the 192.0.2 network" 2017-04-11 07:09:54 +00:00
Jenkins
84690023cb Merge "Add BGPVPN services to scenario004" 2017-04-10 22:52:09 +00:00
Jenkins
e6d1aaac57 Merge "metadatahook: Use coalesce to handle null values" 2017-04-10 18:10:37 +00:00
Alan Bishop
5fb637c611 Update Dell EMC Cinder back end services
Add services for Dell EMC Cinder back ends to the resource registry
and to the Controller role (defaulting to OS::Heat::None).

Closes-Bug: #1681497
Change-Id: I694fd7738abd3601851bdcd38e3633607ce6152c
2017-04-10 13:30:43 -04:00
Alan Bishop
c533a3219e Add composable role support for NetApp Cinder back end
Convert NetApp Cinder back end to support composable roles via new
"CinderBackendNetApp" service.

Closes-Bug: #1680568
Change-Id: Ia3a78a48c32997c9d3cbe1629c2043cfc5249e1c
2017-04-10 11:38:49 -04:00
Jenkins
8bcd1ed110 Merge "Remove yaql call when building logging_groups" 2017-04-10 15:09:28 +00:00
Pradeep Kilambi
4713f2b951 Add upgrade tasks for gnocchi container services
Change-Id: I43c35bbf959e5dcdd7e87a8f6a604d5fe5b4f2a9
2017-04-10 13:53:53 +00:00
Jenkins
3a624e6fc1 Merge "sensu: fix upgrade case when service is added" 2017-04-10 12:25:56 +00:00
Giulio Fidente
b5b6681a74 Replace references to the 192.0.2 network
Following change I1393d65ffb20b1396ff068def237418958ed3289 the ctlplane
network will be 192.168.24 by default and not 192.0.2 anymore.

This change removes old references left to 192.0.2 network from the
overcloud templates.

Change-Id: I1986721d339887741038b6cd050a46171a4d8022
2017-04-10 14:05:50 +02:00
Jenkins
f71c4c2e1d Merge "Timeout early on pcs cluster status check0 during upgrade." 2017-04-10 11:05:20 +00:00
Juan Antonio Osorio Robles
99855339f7 metadatahook: Use coalesce to handle null values
This uses the coalesce function to take null values into account, else
these resources will fail validation.

Change-Id: Iaf4218dd731826f80b76ff8f7a902adc8c865be5
Closes-Bug: #1681332
2017-04-10 13:53:13 +03:00
Thomas Herve
687c53a05a Remove yaql call when building logging_groups
yaql calls are fairly expensive. Let's try to not nest them when we can
avoid it.

Change-Id: I5e7dbc42be625bbfe7989867794a67ebae08687d
2017-04-10 10:15:52 +00:00
Christian Schwede
76c1c0cbba Decouple Swift ringbuilding logic
This reverts commit b323f8a16035549d84cdec4718380bde3d23d6c3 and uses
the new logic in puppet-tripleo (see Ifd6fa5b398d98e8998630ea0c9a2ce9867ceba2b
), basically doing the same.

Closes-Bug: 1665641
Change-Id: Ib5cb0578be2993af0a0b8675005d838640bdb139
2017-04-10 07:23:27 +00:00
Jenkins
2bc62ed305 Merge "Avoid awk error in hosts-config.sh for large deployments" 2017-04-07 22:36:25 +00:00
Jenkins
a190acfa7d Merge "Prepare 7.0.0.0b1 (pike-1)" 2017-04-07 21:36:45 +00:00
Jenkins
7e5e9aa8bb Merge "Update ceph-rgw acccepted roles to fix OSP upgrade" 2017-04-07 21:35:39 +00:00
Emilien Macchi
1f172ca25e Prepare 7.0.0.0b1 (pike-1)
Change-Id: I93de22a4aa2d90966c24349e765475576947f2e0
2017-04-07 14:49:28 -04:00
Jenkins
aabb90e7a1 Merge "Add Docker service to all roles" 2017-04-07 16:51:36 +00:00
Emilien Macchi
deb9b4cad5 sensu: fix upgrade case when service is added
When service is added during an upgrade, fix the ansible syntax
to use the right variable for return code.

Change-Id: I974699fb8b0dcbe5ffa6935c394df4ac8e7b21d4
2017-04-07 11:54:48 -04:00
Sofer Athlan-Guyot
0ea21f51a8 Timeout early on pcs cluster status check0 during upgrade.
There is a windows for the pcs cluster status to hang forever[1].  We
add a timeout during check0 to avoid this situation.  2 minutes should
be more than enought to get all the pcsd nodes to reply.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1292858

Closes-Bug: #1680477

Change-Id: Icb3dc76e031a3d4f26294f37d169f2f61d30973e
2017-04-07 17:43:53 +02:00
Jenkins
e221203da4 Merge "Add password to authtoken section in congress.conf" 2017-04-07 15:28:28 +00:00
Jenkins
46376ccaa5 Merge "Add support for "neutron" Ironic networking plugin" 2017-04-07 15:27:31 +00:00
Jiri Stransky
e9abec8273 Add Docker service to all roles
This will add the Docker service to all roles. Note that currently by
default the Docker service is mapped to OS::Heat::None by default. It
will only be deployed if environments/docker.yaml file is included in
the deployment.

Change-Id: I9d8348b7b6576b94c872781bc89fecb42075cde0
Related-Bug: #1680395
2017-04-07 14:28:59 +02:00
Jenkins
47a4e9830c Merge "ovn: Add missing configurations required" 2017-04-07 10:09:42 +00:00
Steven Hardy
92b238ea17 Avoid awk error in hosts-config.sh for large deployments
This ports the fixes made to the legacy 51-hosts script, which this
script is derived from, to tht.

See related t-i-e patch Ibe0a9f6ec10d55750e3b0e16301236141f988d69

Change-Id: Ide922af93a5d185bd592e220327326f1d244c4e2
Closes-Bug: #1674732
2017-04-07 10:50:39 +01:00
Tomofumi Hayashi
09be1e1c6a Add password to authtoken section in congress.conf
Current puppet module miss password section hence congress is not
available due to missing password in congress.conf. This fix is to
add password.

Change-Id: I277c03ca93130a0337d5085f09c375fb0ac9331d
Signed-off-by: Tomofumi Hayashi <s1061123@gmail.com>
2017-04-07 18:38:21 +09:00
Carlos Camacho
4b4425dfb5 Add BGPVPN services to scenario004
This submission will enable the BGPVPN API
on scenario004.

This addition to scenario004 does not
provide any sanity check for the Neutron API
extension. At this stage is meant to
install the required packages and prerequisites,
configure the extension and
having the services started correctly.

In the README.rst file, this is displayed as
neutron-bgpvpn, so for further integrations
should be added as neutron-<extension_name>
for an easier reading.

Depends-On: I4d0617b0d7801426ea6827e70f5f31f10bbcc038
Depends-On: I2be0fab671ec1a804d029afc6dc27d19a193b064
Change-Id: I6c257417a9231c44e13535bc408d67d2a3cacbf8
2017-04-07 11:03:50 +02:00
Jenkins
8897a23aa1 Merge "Fix conntrack proto sctp module" 2017-04-07 08:26:38 +00:00