9194 Commits

Author SHA1 Message Date
Dan Prince
e32663b1fe Add missing Ironic monitoring_subscription
These got dropped in the service flattening patches.

Change-Id: Id0f5da6be5bd4f9c12ea9a2dfd18e64ace35f451
2019-01-11 09:53:49 -05:00
Zuul
653856c58f Merge "Deprecate duplicate NFV environment files" 2019-01-11 07:05:04 +00:00
Zuul
2ca3c7c94c Merge "Move docker into deployment directory" 2019-01-10 23:35:05 +00:00
Zuul
52f2d2dce8 Merge "Restart openshift master services after stack update" 2019-01-10 23:31:52 +00:00
Zuul
985b9e9b9d Merge "Set keystone bind_host to both public and admin" 2019-01-10 23:29:21 +00:00
Zuul
80256b9159 Merge "Snmp - Use net_cidr_map for firewall rules" 2019-01-10 21:13:32 +00:00
Zuul
5d00839ffe Merge "Memcached - Use net_cidr_map for firewall rules" 2019-01-10 21:13:28 +00:00
Zuul
825ae19190 Merge "Designate - Use net_cidr_map for rndc_allowed_addresses" 2019-01-10 21:13:25 +00:00
Zuul
86755894f7 Merge "Apache - Use net_cidr_map for proxy_ips" 2019-01-10 21:13:22 +00:00
Zuul
f5394e7e2d Merge "Allow overlay tunnel endpoints on IPv6 address" 2019-01-10 21:13:19 +00:00
Zuul
dcc6c9bcad Merge "Allow container healthchecks to access netlink data" 2019-01-10 20:47:04 +00:00
Zuul
94abbdd3d6 Merge "Add scenario002-standalone to gates as we make it voting" 2019-01-10 20:46:23 +00:00
Zuul
0ec13316a5 Merge "Add Distributed Compute roles" 2019-01-10 15:48:51 +00:00
Tobias Urdin
4b8c7055cf Set keystone bind_host to both public and admin
Since they are on different networks we need it to
listen on both.

Change-Id: I6ac6d13b588a92818cd41b8697c6b4389e42aeba
2019-01-10 15:44:38 +00:00
Zuul
6cbb1a797a Merge "Ensure /var/lib/iscsi actually exists before mounting it" 2019-01-10 14:38:57 +00:00
Zuul
b0409666a0 Merge "Rework the generated openshift-ansible playbook" 2019-01-10 13:37:28 +00:00
Cédric Jeanneret
a315858378 Allow container healthchecks to access netlink data
This will allow the port healtchecks to run as expected.

It's better to use SELinux booleans instead of adding custom
policies.

Change-Id: I9ebdf09c36fd2c69d05128b584593b41d9144e56
Related-Bug: #1810512
2019-01-10 13:59:10 +01:00
Marios Andreou
f86c89e08c Add scenario002-standalone to gates as we make it voting
Adds scen2 to the gate jobs as well as check.

Change-Id: Ida84c67ba6426c0498fcc99c39a0857a772728a4
2019-01-10 14:53:27 +02:00
Janki Chhatbar
fe8b808fd3 Allow overlay tunnel endpoints on IPv6 address
Overlay tunnel endpoints are supported only on
IPv4 address. Now that OVS and Neutron support
having v6 endpoints, edit network enviroment
files in TripleO to allow this.

Change-Id: Ie2523cf4e359289298e4ea5d0992093976a19e04
Closes-Bug: #1793239
2019-01-10 10:26:24 +00:00
Zuul
eb5b6952c2 Merge "Fall back public_virtual_ip to ctlplane if External net not present" 2019-01-10 08:32:00 +00:00
Zuul
0435f6cc23 Merge "Only add internal_api_virtual_ip if InternalApi in network_data" 2019-01-10 08:31:58 +00:00
Martin André
df8e592498 Restart openshift master services after stack update
For some configs changes, such as the identity providers, it is
necessary to restart the master services in order for them to take
effect.

Change-Id: I6ecb054d0e18acc4dc422a7ce136432d5135c64c
Closes-Bug: #1807668
2019-01-10 09:03:04 +01:00
Martin André
bb1a1209ac Rework the generated openshift-ansible playbook
The `prerequisites.yml` playbook should only be explicitly run on
initial deployment to prepare the nodes. It is already included in the
scaleup playbooks for the new nodes so there is no need to include it
again. Re-running the `prerequisites.yml` playbook reconfigures the
container runtime and may cause outage, it is supposed to be run only
once.

Make update and upgrade playbooks exclusive. There is no need to run
both of them.

Add comments to clarify the intent for each playbooks.

Change-Id: I30278360fcc1ffa9bd7ce7cb77d023629fb6fa47
Closes-Bug: #1804790
2019-01-10 09:02:34 +01:00
Zuul
f1ce0b106b Merge "Flatten Keystone service configuration" 2019-01-10 05:37:26 +00:00
Emilien Macchi
2d608e07b5 Move docker into deployment directory
This changes moves docker services from puppet to deployment directory.

Change-Id: I11a34708ee91f5b5928d7c647c83e95ca1b01cae
Related-Blueprint: services-yaml-flattening
2019-01-09 22:58:50 +00:00
Zuul
909338f74a Merge "Fix scenario003-standalone remove extra cinder/horizon/swift" 2019-01-09 22:34:28 +00:00
Zuul
8197d776bc Merge "modify assignment spelling" 2019-01-09 22:34:25 +00:00
Zuul
829cde2f35 Merge "Add horizon WebSSO support for OpenID Connect" 2019-01-09 22:26:48 +00:00
Zuul
8f4a2607d8 Merge "Make NetCidrMapValue contain list of cidrs in each net" 2019-01-09 20:02:14 +00:00
Zuul
738eb1aa7c Merge "Let the operator manage openshift updates and upgrades" 2019-01-09 14:59:00 +00:00
Zuul
34daecbff7 Merge "docker-puppet.py: only create docker-puppet.sh when it doesn't exist" 2019-01-09 14:16:50 +00:00
Marios Andreou
832a895087 Fix scenario003-standalone remove extra cinder/horizon/swift
As tracked by ci squad in [1] the scenario3 standalone has some
extra services cinder/horizon/swift removed here.

[1] https://tree.taiga.io/project/tripleo-ci-board/task/544

Change-Id: Ibb09de39cf2769a8516e4245d4a41150c97f6e0c
2019-01-09 14:36:33 +02:00
Nathan Kinder
78ee893158 Add horizon WebSSO support for OpenID Connect
This adds support for configuring horizon for WebSSO when keystone
federation with OpenID Connect is enabled.  This patch just exposes
some new parameters to use puppet-horizon for configuration.  The
sample environment file for OpenID Connect federation is also updated
to use the new parameters.  Some of the sample defaults were updated
to more closely match the URLs that horizon expects.

Change-Id: I7c3ee6b54cc0c9653742c3ce1de60b2851d1fe68
2019-01-09 11:55:34 +00:00
Zuul
5dc292d198 Merge "Configure undercloud timezone" 2019-01-09 11:49:48 +00:00
Harald Jensås
a017ecac9f Fall back public_virtual_ip to ctlplane if External net not present
public_virtual_ip previously required the External network to be
present in networks data. Add a conditional to use the VIP on the
ctlplane if the External network is not in networks data.

Closes-Bug: #1774401
Change-Id: Ie6c3d7124d11ee89788b432da39df16f031fcf12
2019-01-09 11:49:14 +01:00
Harald Jensås
868c7685f1 Only add internal_api_virtual_ip if InternalApi in network_data
Add's a conditional to only include internal_api_virtual_ip if
InternalApi network is defined in custom networks.

According to code comment internal_api_virtual_ip is only used
by Contrail.

Change-Id: Ifd8f59bd03c9bab1283e580a64957f201eb8f335
Closes-Bug: #1772124
2019-01-09 11:49:07 +01:00
Cédric Jeanneret
a15509f999 Ensure /var/lib/iscsi actually exists before mounting it
Change I803ed2ba9ff52f9a02c550a28d21cc9102568c8e adds this directory
as bind-mount for many services, but there is no guarantee this directory
actually exists on the node.

This might break the deploy, as it will prevent the iscsi container to
start as expected when using podman.

Although this directory is managed by a package (iscsi-initiator-utils),
this one isn't always present (i.e. on undercloud, or deployed servers,
or standalone).

Related-Bug: #1810338
Change-Id: I8fc52b2a872fd77b342a0f20e4602b21d9e33fed
2019-01-09 06:43:17 +01:00
Zuul
919aedcdf3 Merge "Fix scenario002-standalone missing aodh/ceilo/heat/gnocchi services" 2019-01-09 05:38:35 +00:00
Zuul
9ac9e0c3c3 Merge "Add standalone scenario jobs into the gate as well as check" 2019-01-09 04:09:59 +00:00
Emilien Macchi
d8ee4b9e73 docker-puppet.py: only create docker-puppet.sh when it doesn't exist
In docker-puppet.py, we only create docker-puppet.sh script if it
doesn't exist yet. It's not useful to re-create it and it can be
dangerous to regenerate the script while docker-puppet.py is running,
since we bind mount the script to the containers.
It's possible that during a multi-process task, the script changes and
then the entrypoint fails to run correctly if the interpreter is not
present in the script.

This patch makes sure that we create the script only when needed, and
also that we remove it before running docker-puppet.py, which will be
useful when doing clean deployments or upgrades.

Context: https://github.com/containers/libpod/issues/1844
Change-Id: I0ac69adb47f59a9ca82764b5537532014a782913
2019-01-08 21:55:10 -05:00
Zuul
d71c8b4aaa Merge "Do not dereference .stdout if dmidecode is missing" 2019-01-08 22:32:07 +00:00
Marios Andreou
1bd0bf02a3 Add standalone scenario jobs into the gate as well as check
Since they are voting we need to add them in gate too

Change-Id: If43962653ff7474ac2617bde6992ccbcd09e2153
2019-01-08 22:00:45 +00:00
Zuul
a815f16d60 Merge "Reno only - Check for available networks for a role" 2019-01-08 20:13:40 +00:00
Zuul
7f2441dcb1 Merge "update datatype for "OctaviaFlavorId"" 2019-01-08 20:13:37 +00:00
Zuul
ec79c41d50 Merge "Fix example in releasenotes/notes/composable-network-subnets" 2019-01-08 18:11:05 +00:00
Marios Andreou
884ceb1035 Fix scenario002-standalone missing aodh/ceilo/heat/gnocchi services
As tracked by ci squad at [1] scenario2 standalone is missing some
services and has extra horizon compared to the multinode being
replaced

[1] https://tree.taiga.io/project/tripleo-ci-board/task/543

Change-Id: I034dd365f6fd20060f9ad49c4e81b3c534efbe4b
2019-01-08 19:08:48 +02:00
Juan Antonio Osorio Robles
40ba776463 Flatten Keystone service configuration
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
keystone has been removed.

Related-Blueprint: services-yaml-flattening
Change-Id: I6140b02ad1ab6d88990e173dcf556977f065b3c5
2019-01-08 10:13:43 -05:00
Zuul
4fbd9960db Merge "Update hacking version" 2019-01-08 14:44:31 +00:00
Zuul
d442624344 Merge "Explicitly set KVM machine_type for migration compatibility" 2019-01-08 14:44:28 +00:00
Zuul
ee2d5946ae Merge "Fix scenario001-standalone missing aodh/ceilo/heat/gnocchi services" 2019-01-08 14:06:01 +00:00