4593 Commits

Author SHA1 Message Date
James Slagle
d6c0979eb3 Blacklist support for ExtraConfig
Commit I46941e54a476c7cc8645cd1aff391c9c6c5434de added support for
blacklisting servers from triggered Heat deployments.

This commit adds that functionality to the remaining Deployments in
tripleo-heat-templates for the ExtraConfig interfaces.

Since we can not (should not) change the interface to ExtraConfig, Heat
conditions are used on the actual <role>ExtraConfigPre and
NodeExtraConfig resources instead of using the actions approach on
Deployments.

Change-Id: I38fdb50d1d966a6c3651980c52298317fa3bece4
2017-06-16 11:13:25 -04:00
Jenkins
0354927a11 Merge "Bind mount internal CA file to all containers" 2017-06-15 20:22:15 +00:00
Jenkins
e23e8c46f4 Merge "Containerize Cinder-volume for HA" 2017-06-15 20:22:08 +00:00
Jenkins
d95394a01c Merge "Containerize Ceilometer Agent Ipmi" 2017-06-15 13:05:36 +00:00
Jenkins
cea62f129c Merge "Modify PreNetworkConfig config inline with role-specific parameters" 2017-06-15 13:05:28 +00:00
Jenkins
24d552ae33 Merge "Fix race conditions between containers" 2017-06-15 00:30:13 +00:00
Jenkins
d68a938d14 Merge "Containerize Manila Scheduler service" 2017-06-15 00:15:32 +00:00
Jenkins
a92fbaca54 Merge "Update Panko api port" 2017-06-14 21:55:59 +00:00
Jenkins
8a111d6d0f Merge "Role Specific parameters for neutron-sriov-agent service" 2017-06-14 21:16:01 +00:00
Jenkins
5ed6cc394b Merge "Sample environment generator" 2017-06-14 21:15:53 +00:00
Jenkins
bf66addf38 Merge "Add Nova Consoleauth service to containerized deployment" 2017-06-14 17:34:47 +00:00
Jenkins
cbb3a9ec72 Merge "Add Nova Vncproxy service to containerized deployment" 2017-06-14 16:45:32 +00:00
Jenkins
12aaefa939 Merge "Enable heat/puppet to manage the fernet keys and make it configurable" 2017-06-14 16:26:57 +00:00
Jenkins
dfdfc00312 Merge "Use KeystoneFernetKeys instead of individual parameters" 2017-06-14 16:24:11 +00:00
Pradeep Kilambi
b8a078ca43 Update Panko api port
The current port conflicts with trove. This is updated in puppet
module. See related change: https://review.openstack.org/#/c/471551/

Change-Id: Iefacb98320eef0bca782055e3da5d243993828d7
2017-06-14 15:08:09 +00:00
Jenkins
50ce7453d6 Merge "Fix network names when using network isolation" 2017-06-14 15:07:26 +00:00
Jenkins
e9cf19340a Merge "Dell SC: Add exclude_domain_ip option" 2017-06-14 15:06:30 +00:00
Jenkins
112236f8bb Merge "Docker service for Cinder Volume" 2017-06-14 15:06:08 +00:00
Jiri Stransky
248099db8c Fix race conditions between containers
In many occasions we had log directory initialization containers
without `detach: false`, which didn't guarantee that they'll finish
before the container depending on them will start using the log
directory.

This is now fixed by moving the initialization container one global
step earlier, so that we can keep the concurrency when creating the
log dirs. (Using `detach: false` makes paunch handle just one
container at a time, and as such it can have negative performance
impact.)

For services which have their container(s) starting in step_1,
initialization cannot be moved to an earlier step, so the solution
here was to just add `detach: false`.

As a minor related change, cinder DB sync container now mounts the log
directory from host to put cinder-manage.log into the expected
location.

Change-Id: I1340de4f68dd32c2412d9385cf3a8ca202b48556
2017-06-14 15:58:55 +02:00
Jenkins
4a7c142a92 Merge "Docker services for Cinder Backup" 2017-06-14 13:49:46 +00:00
Jenkins
0d87942dd7 Merge "Add fqdn_external" 2017-06-14 10:47:52 +00:00
Jenkins
81a4fee91a Merge "Generate HAproxy iptables rules for containerized HA deployments" 2017-06-14 10:27:47 +00:00
Jenkins
c0cfacd069 Merge "Replace NO_ARCHIVE block with single call to rsync" 2017-06-14 10:18:45 +00:00
Jenkins
2ff174b64f Merge "Docker services for Cinder Api and Scheduler" 2017-06-14 10:18:37 +00:00
Michele Baldessari
47a9472c88 Fix network names when using network isolation
When we merged If3989f24f077738845d2edbee405bd9198e7b7db we correctly
used name_lower for most things but we left out the the
OS::TripleO::Network resource which would cause errors like the
following:

Could not fetch contents for file:///tmp/tripleoclient-LdqQGJ/tripleo-heat-templates/network/internalapi.yaml

The reason is that the network filename is called internal_api.yaml.

Change-Id: I40f268668ed948e5d41ed0ff5a8fc954cef7b17c
Closes-Bug: #1697883
2017-06-14 10:10:03 +02:00
Juan Antonio Osorio Robles
350e1a81dd Enable heat/puppet to manage the fernet keys and make it configurable
With the addition of the KeystoneFernetKeys parameter, it's now possible
to do fernet key rotations using mistral, by modifying the
KeystoneFernetKeys variable in mistral; subsequently a rotation could
happen when doing a stack update.

So this re-enables the managing of the key files by puppet. However,
this is left configurable, as folks might want to manage those files
out-of-band.

bp keystone-fernet-rotation
Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
2017-06-14 10:04:06 +03:00
Juan Antonio Osorio Robles
490e237f09 Use KeystoneFernetKeys instead of individual parameters
This uses the newly introduced dict with the keys and paths instead of
the individual keys. Having the advantage that rotation will be
possible on stack update, as we no longer have a limit on how many keys
we can pass (as we did with the individual parameters).

bp keystone-fernet-rotation
Change-Id: I7d224595b731d9f3390fce5a9d002282b2b4b8f2
Depends-On: I63ae158fa8cb33ac857dcf9434e9fbef07ecb68d
2017-06-14 10:03:54 +03:00
Jenkins
4c78689966 Merge "Add support for Cinder "NAS secure" driver params" 2017-06-14 03:37:30 +00:00
Steve Baker
f600d459f0 Replace NO_ARCHIVE block with single call to rsync
Also attempts to move the workaround for bug #1696283 to before the
puppet apply call.

Closes-Bug: #1696622
Change-Id: I3a195466a5039e7641e843c11e5436440bfc5a01
2017-06-14 02:22:35 +00:00
Jenkins
44d0e1bddd Merge "Execute Swift ring up-/download in containerized environments" 2017-06-14 01:04:01 +00:00
Jenkins
10710ec571 Merge "Containerize Sahara" 2017-06-14 01:00:28 +00:00
Jenkins
74d4d65fa4 Merge "Containerized Sensu client" 2017-06-14 01:00:16 +00:00
Jenkins
0152cccd2b Merge "Containerize multipathd" 2017-06-14 01:00:09 +00:00
Jenkins
d9afde3696 Merge "Move iscsid to a container" 2017-06-14 01:00:01 +00:00
Jenkins
2dcad460b3 Merge "Change HorizonSecureCookies default to False" 2017-06-13 21:32:04 +00:00
Pradeep Kilambi
0849c76ca6 Containerize Ceilometer Agent Ipmi
Depends-On: I3e865f2e9b6935eb3dfa4b4579c803f0127848ae

Change-Id: I09327a63d238a130b6ac0f2361f80e2b244b4b52
2017-06-13 20:51:39 +00:00
Jenkins
6674bd9587 Merge "Add support to configure Num of Storage sacks" 2017-06-13 18:10:18 +00:00
Jenkins
ab3d03f46f Merge "Fix IronicInspectorAdmin to be https" 2017-06-13 18:10:11 +00:00
Jenkins
b97bfa35e3 Merge "Make network-isolation environment rendered for all roles" 2017-06-13 18:09:55 +00:00
Jenkins
737f40d755 Merge "Fix bug in docker-toool where values are sometimes empty." 2017-06-13 18:09:31 +00:00
Jenkins
d3ff20a100 Merge "Configure credentials for ironic to access cinder" 2017-06-13 18:09:15 +00:00
Alex Schultz
426de20288 Add fqdn_external
In newton, we used to construct the fqdn_$NETWORK in puppet-tripleo for
external, internal_api, storage, storage_mgmt, tenant, management, and
ctrlplane. When this was moved into THT, we accidently dropped external
which leads to deployment failures if a service is moved to the external
network and the configuration consumes the fqdn_external hiera key.
Specifically this is reproduced if the MysqlNetwork is switch to to
exernal, then the deployment fails because the bind address which is set
to use fqdn_external is blank.

Change-Id: I01ad0c14cb3dc38aad7528345c928b86628433c1
Closes-Bug: #1697722
2017-06-13 09:39:11 -06:00
Sven Anderson
15e74ab667 Add Nova Vncproxy service to containerized deployment
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481
Change-Id: Ifd138ea553a45a637a1a9fe3d0e946f8be51e119
2017-06-13 14:45:34 +00:00
Sven Anderson
e58faa9ceb Add Nova Consoleauth service to containerized deployment
Depends-On: I037858a445742de58bd2f8d879f2b1272b07f481
Change-Id: I808a5513decab1bd2cce949d05fd1acb17612a42
2017-06-13 14:45:25 +00:00
Juan Antonio Osorio Robles
31f773a95b Bind mount internal CA file to all containers
This will allow the services running in the containers to trust the CA.

bp tls-via-certmonger-containers

Change-Id: Ib7eb682da64473a651b34243c92ab76009964aba
2017-06-13 16:28:03 +03:00
Jenkins
7234e656a7 Merge "Unblock CI by reverting to non-containerized HAProxy" 2017-06-13 13:22:01 +00:00
Jenkins
10a2d81185 Merge "Remove deprecated multinode-container-upgrade.yaml" 2017-06-13 11:14:06 +00:00
Steven Hardy
cba5288867 Make network-isolation environment rendered for all roles
Currently there's some hard-coded references to roles here, rendering
from the roles_data.yaml is a step towards making the use of isolated
networks for custom roles easier.

Partial-Bug: #1633090
Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab
Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db
2017-06-13 11:19:02 +01:00
Jiri Stransky
6dbb8632ae Unblock CI by reverting to non-containerized HAProxy
In change I90253412a5e2cd8e56e74cce3548064c06d022b1 we merged
containerized HAProxy setup, but because of a typo in resource
registry, CI kept using the non-containerized variant and it went
unnoticed that the containerized HAProxy doesn't work yet.

We merged a resource registry fix in
Ibcbacff16c3561b75e29b48270d60b60c1eb1083 and it brought down the CI,
which now used the non-working HAProxy.

After putting in the missing haproxy container image to tripleo-common
in I41c1064bbf5f26c8819de6d241dd0903add1bbaa we got further, but the
CI still fails on HAProxy related problem, so we should revert back to
using non-containerized HAProxy for the time being.

Change-Id: If73bf28288de10812f430619115814494618860f
Closes-Bug: #1697645
2017-06-13 11:01:29 +02:00
Saravanan KR
0c66118b10 Modify PreNetworkConfig config inline with role-specific parameters
Existing host_config_and_reboot.role.j2.yaml is done in ocata to
configure kernel args. This can be enhanced with use of role-specific
parameters, which is done in the current patch. The earlier method is
deprecated and will be removed in Q releae.
Implements: blueprint ovs-2-6-dpdk

Change-Id: Ib864f065527167a49a0f60812d7ad4ad12c836d1
2017-06-13 11:02:33 +05:30