This will allow the port healtchecks to run as expected.
It's better to use SELinux booleans instead of adding custom
policies.
Change-Id: I9ebdf09c36fd2c69d05128b584593b41d9144e56
Related-Bug: #1810512
Overlay tunnel endpoints are supported only on
IPv4 address. Now that OVS and Neutron support
having v6 endpoints, edit network enviroment
files in TripleO to allow this.
Change-Id: Ie2523cf4e359289298e4ea5d0992093976a19e04
Closes-Bug: #1793239
For some configs changes, such as the identity providers, it is
necessary to restart the master services in order for them to take
effect.
Change-Id: I6ecb054d0e18acc4dc422a7ce136432d5135c64c
Closes-Bug: #1807668
The `prerequisites.yml` playbook should only be explicitly run on
initial deployment to prepare the nodes. It is already included in the
scaleup playbooks for the new nodes so there is no need to include it
again. Re-running the `prerequisites.yml` playbook reconfigures the
container runtime and may cause outage, it is supposed to be run only
once.
Make update and upgrade playbooks exclusive. There is no need to run
both of them.
Add comments to clarify the intent for each playbooks.
Change-Id: I30278360fcc1ffa9bd7ce7cb77d023629fb6fa47
Closes-Bug: #1804790
This changes moves docker services from puppet to deployment directory.
Change-Id: I11a34708ee91f5b5928d7c647c83e95ca1b01cae
Related-Blueprint: services-yaml-flattening
As tracked by ci squad in [1] the scenario3 standalone has some
extra services cinder/horizon/swift removed here.
[1] https://tree.taiga.io/project/tripleo-ci-board/task/544
Change-Id: Ibb09de39cf2769a8516e4245d4a41150c97f6e0c
This adds support for configuring horizon for WebSSO when keystone
federation with OpenID Connect is enabled. This patch just exposes
some new parameters to use puppet-horizon for configuration. The
sample environment file for OpenID Connect federation is also updated
to use the new parameters. Some of the sample defaults were updated
to more closely match the URLs that horizon expects.
Change-Id: I7c3ee6b54cc0c9653742c3ce1de60b2851d1fe68
public_virtual_ip previously required the External network to be
present in networks data. Add a conditional to use the VIP on the
ctlplane if the External network is not in networks data.
Closes-Bug: #1774401
Change-Id: Ie6c3d7124d11ee89788b432da39df16f031fcf12
Add's a conditional to only include internal_api_virtual_ip if
InternalApi network is defined in custom networks.
According to code comment internal_api_virtual_ip is only used
by Contrail.
Change-Id: Ifd8f59bd03c9bab1283e580a64957f201eb8f335
Closes-Bug: #1772124
Change I803ed2ba9ff52f9a02c550a28d21cc9102568c8e adds this directory
as bind-mount for many services, but there is no guarantee this directory
actually exists on the node.
This might break the deploy, as it will prevent the iscsi container to
start as expected when using podman.
Although this directory is managed by a package (iscsi-initiator-utils),
this one isn't always present (i.e. on undercloud, or deployed servers,
or standalone).
Related-Bug: #1810338
Change-Id: I8fc52b2a872fd77b342a0f20e4602b21d9e33fed
In docker-puppet.py, we only create docker-puppet.sh script if it
doesn't exist yet. It's not useful to re-create it and it can be
dangerous to regenerate the script while docker-puppet.py is running,
since we bind mount the script to the containers.
It's possible that during a multi-process task, the script changes and
then the entrypoint fails to run correctly if the interpreter is not
present in the script.
This patch makes sure that we create the script only when needed, and
also that we remove it before running docker-puppet.py, which will be
useful when doing clean deployments or upgrades.
Context: https://github.com/containers/libpod/issues/1844
Change-Id: I0ac69adb47f59a9ca82764b5537532014a782913
As tracked by ci squad at [1] scenario2 standalone is missing some
services and has extra horizon compared to the multinode being
replaced
[1] https://tree.taiga.io/project/tripleo-ci-board/task/543
Change-Id: I034dd365f6fd20060f9ad49c4e81b3c534efbe4b
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
keystone has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: I6140b02ad1ab6d88990e173dcf556977f065b3c5