6724 Commits

Author SHA1 Message Date
Zuul
db7f5ec2ed Merge "ffu: Introduce Swift fast-forward upgrade tasks" 2018-02-21 19:16:35 +00:00
Zuul
3f97f8dc21 Merge "ffu: Introduce Pacemaker fast-forward upgrade tasks" 2018-02-21 19:16:30 +00:00
Zuul
ed79ce09f1 Merge "ffu: Introduce prep workarounds for FFU" 2018-02-21 19:16:27 +00:00
Zuul
9f978d7425 Merge "Add new encryption middleware to swift proxy" 2018-02-21 16:09:54 +00:00
Zuul
655412089a Merge "Allows for configuration of the Ceph cluster name" 2018-02-21 16:09:51 +00:00
Zuul
e6a7ad95e6 Merge "Set rgw_keystone_revocation_interval to 0 for ceph-ansible" 2018-02-21 15:29:50 +00:00
Zuul
24dd89b305 Merge "Remove unused DeploymentActions resource" 2018-02-21 15:29:43 +00:00
Zuul
092bab01a6 Merge "Add RHELRegistrationActions to rhel-registration template" 2018-02-21 15:29:39 +00:00
Zuul
f85cefec43 Merge "Enable Neutron server health check" 2018-02-21 11:04:03 +00:00
Marius Cornea
ca7721003b Do not remove packages during FFU
This change removes the UpgradeRemoveUnusedPackages parameter from
the fast-forward-upgrade environment to avoid removing packages
during upgrade which leads to failures.

Change-Id: I3e9ca8ef653f8298bc68bfe9752ae773f0fc34c0
2018-02-20 20:58:52 -05:00
Zuul
e937174f99 Merge "ffu: Add fast-forward-upgrade env" 2018-02-21 01:56:01 +00:00
Zuul
b02849a0fe Merge "Refactor get-occ-config.sh" 2018-02-20 21:36:19 +00:00
Lee Yarwood
b627ccb686 ffu: Introduce Swift fast-forward upgrade tasks
fast_forward_upgrade_tasks for swift covering Ocata and Pike.
- Service status check
- Stop service when updating from Ocata to Pike
- Update swift packages

bp fast-forward-upgrades
Change-Id: I66879669cead2f7b5b2cd1398f344c063d771628
2018-02-20 13:22:04 -05:00
Lee Yarwood
65b05c03d4 ffu: Introduce Pacemaker fast-forward upgrade tasks
Resolves: rhbz#1535435
Closes-Bug: #1743751
Change-Id: I06a4202136966566a87b990aecf3de81ab3f639a
2018-02-20 13:22:04 -05:00
Lukas Bezdicka
c538e295e0 ffu: Introduce prep workarounds for FFU
We make sure is_bootstrap_node is always set and we reset hiera
hierarchy on first run.

Resolves: rhbz#1535406
Clodes-Bug: #1743740
Change-Id: Ib5cc32b798118c85bf09beab097be2f6eaeb405f
2018-02-20 13:22:04 -05:00
Lee Yarwood
93083a656c ffu: Add fast-forward-upgrade env
This change introduces a simple environment file to be used when
updating the inital overcloud stack to generate the required Ansible
outputs. This environment introduces the following:

- resource_registry entries to ensure compatability between the deployed
  Newton stack and the new Queens stack. These services having been
  previously deprecated in Ocata before removal in Pike.
- parameter_defaults for StackUpdateType and UpgradeRemoveUnusedPackages

bp fast-forward-upgrades
Change-Id: I3c690b8d08ca3a7d75481e176760a0efddebf82a
2018-02-20 13:22:04 -05:00
Sergii Golovatiuk
961f7315f3 Refactor get-occ-config.sh
* Add $ to to eval hosts to get proper dereference
* Add quatas around eval
* Replace let with ((i++))

Change-Id: I5dbb6ef16598905b6d3bbb9efc448e0b45cbe099
2018-02-20 16:14:14 +01:00
Zuul
69a011727e Merge "Add firewall chain configuration" 2018-02-20 15:00:33 +00:00
Zuul
69c0232a6f Merge "Mount netns as shared to persist namespaces" 2018-02-20 12:04:46 +00:00
Giulio Fidente
0b1afb48e5 Allows for configuration of the Ceph cluster name
To be able to support multiple Ceph cluster, an initial step is
to allow for configuration of each cluster name.

Depends-On: I8d5293eaaf104b6374dfa13992a67ddc37397f10
Implements: blueprint custom-ceph-cluster-name
Change-Id: I1b4d51ca6a2d08fa7a68eea680eb104eff732057
2018-02-20 11:35:01 +01:00
Zuul
2218e7baba Merge "Do not use the 3rd argument of yaql groupBy" 2018-02-20 07:18:53 +00:00
Zuul
1143294fee Merge "Cleanup /etc/sysconfig/iptables on stack update" 2018-02-20 05:08:33 +00:00
Zuul
a8d7d2ab9b Merge "Zuul: Remove project name" 2018-02-20 05:06:14 +00:00
Zuul
031fc65a0d Merge "Revert "Disable SNMP service in all CI jobs"" 2018-02-20 05:06:03 +00:00
Zuul
de8c27a223 Merge "Restrict SNMP to internal network" 2018-02-20 05:05:59 +00:00
Zuul
76d1a4c73c Merge "Add reno for manila generic driver removal" 2018-02-20 01:57:26 +00:00
Alex Schultz
a1ec856e61 Add firewall chain configuration
Adds the ability to specify firewall chains via heat templates.
Additionally newer versions of docker have switched to updating
the FORWARD chain to DROP by default. Neutron needs this to be
ACCEPT by default. This change adds the ability to specify
firewall chains via templates.

Depends-On: Ib75f97748540b9162d76c9c189d3ca7e082b3784
Change-Id: I15ec9216013a1b0b935dcd1f5bc8281348777189
Related-Bug: #1750194
2018-02-19 15:28:32 -07:00
Zuul
f075e46076 Merge "Ensure node is rebooted before enabling DPDK" 2018-02-19 20:46:36 +00:00
Zuul
d7ec3c48ac Merge "Allow passing custom openshift-ansible playbook" 2018-02-19 20:46:28 +00:00
Zuul
97afd58793 Merge "Simplify FastForwardRepoArgs structure used in FFU repo selection." 2018-02-19 20:46:12 +00:00
Zuul
583090d288 Merge "Add TripleOFirewall service to undercloud roles" 2018-02-19 20:46:00 +00:00
Zuul
b47f0e15d5 Merge "undercloud: remove duplicate Neutron Server entry" 2018-02-19 20:45:52 +00:00
Zuul
98d6527674 Merge "Revert "Enable *_use_fqdn in ceph-ansible when EnableInternalTLS"" 2018-02-19 20:45:37 +00:00
Zuul
db56757a66 Merge "Add pacemaker upgrade_tasks for P..Q major upgrade" 2018-02-19 20:20:59 +00:00
Zuul
1efa62a233 Merge "Disable UseDNS in sshd config" 2018-02-19 20:15:31 +00:00
Thomas Herve
0ddfff79ee Do not use the 3rd argument of yaql groupBy
Due to an incompatible change in yaql, it's hard to use the aggregration
of groupBy as the behavior is completely different depending on the
version. Let's try to not rely on it.

Change-Id: I2887011f6baf4867d422579b116b5e143acf5679
Related-Bug: #1750032
2018-02-19 16:32:42 +01:00
Steven Hardy
dcf126bc79 Remove unused DeploymentActions resource
This is potentially confusing now we added RHELRegistrationActions
since it's unused but mentions DeploymentActions.

Change-Id: Ifb335cb8055528fd9b64081b30e987524169dc95
2018-02-19 12:12:05 +00:00
Steven Hardy
db61b37345 Add RHELRegistrationActions to rhel-registration template
This can be used in the case where e.g a satellite has been added
after the initial deployment to re-register the nodes with the
satellite, even those nodes that already exist.

Change-Id: I944bc4c65b08de1ca08dd91f55764ebfe141dd9c
2018-02-19 12:12:02 +00:00
Zuul
0d78b528d2 Merge "Fix a typo in docker_puppet_apply.sh" 2018-02-19 09:20:53 +00:00
Sofer Athlan-Guyot
19029070c5 Simplify FastForwardRepoArgs structure used in FFU repo selection.
The current structure is unnecessarily complex forcing the use of
json_query filter with a parameter.  The quoting inside that line
become hard to read and is currently failing.

We change the structure to a simple hash, as this is currently all
what is needed.

Change-Id: I17f2d1b4e549e275d7d6a675cd522c6b567815ac
Closes-Bug: #1749911
2018-02-19 08:56:45 +00:00
Zuul
3b50fdf886 Merge "Add docker service for neutron-ovs-dpdk-agent service" 2018-02-19 08:47:03 +00:00
Emilien Macchi
f48709e22e Revert "Disable SNMP service in all CI jobs"
Now SNMP is secured, we can re-enable it in CI.
This reverts commit cb90c8ce484d8e0328a0f2a8250e1c0fa81dd6cb.

Change-Id: I4ec805015ab8975d8922279ea64546799f5ce92a
2018-02-19 02:24:44 +00:00
Emilien Macchi
43155ed146 Restrict SNMP to internal network
Add a parameter, SnmpdIpSubnet, which can be an IP/MASK that will be
used to secure with IPtables the source network authorized to reach
SNMP service on the host.
If SnmpdIpSubnet is left empty (default) the parameter will be set to
SnmpdNetwork.

Also change the IPtables id, 127 was used by Horizon, so let's switch
SNMP to 124. No impact on users.

Change-Id: I46fce28926cb5a881f7384948480266712ae75e3
Closes-Bug: #1749324
2018-02-19 02:24:28 +00:00
Zuul
7b8e0b7d72 Merge "Fix docker neutron logging" 2018-02-18 01:12:21 +00:00
Zuul
18a7258915 Merge "docker-registry: add missing firewall rules" 2018-02-17 22:57:59 +00:00
Zuul
b80b208359 Merge "docker: don't override horizon::vhost_extra_params" 2018-02-17 22:23:14 +00:00
Zuul
5d1c1d0bba Merge "Add non-production ceph defaults to low-memory-usage.yaml" 2018-02-17 20:27:07 +00:00
Emilien Macchi
995cf71057 docker: don't override horizon::vhost_extra_params
horizon::vhost_extra_params is already configured in
puppet/services/horizon.yaml, and users can change the value with
HorizonVhostExtraParams parameter.

Docker deployments didn't have HorizonVhostExtraParams taken in account
since we were overriding with Hiera. This patch fix it.

Closes-Bug: #1749627
Change-Id: I77f1312112c7f613d795242060709082ef72f150
2018-02-17 18:00:02 +00:00
Emilien Macchi
05a0f6cdec Add TripleOFirewall service to undercloud roles
... so we can configure IPtables on containerized undercloud.

Depends-On: https://review.openstack.org/545367
Change-Id: I9f8c3d18938926257456388fd15e8eeb2e2868fd
2018-02-17 01:42:06 +00:00
Emilien Macchi
9d9289cf6d undercloud: remove duplicate Neutron Server entry
... or the deployment fails since we try to deploy twice the
OS::TripleO::Services::NeutronApi service.

Change-Id: I92d5d037074494c40fb2b1968985a95ffd2fae12
2018-02-17 01:42:01 +00:00