93 Commits

Author SHA1 Message Date
Zuul
20a5994716 Merge "Add multiple secret store backends for barbican" 2017-12-08 01:23:23 +00:00
Zuul
adeb5df53c Merge "Add IPSEC composable service" 2017-12-06 22:53:33 +00:00
Ade Lee
f8decc73fc Add multiple secret store backends for barbican
Change-Id: I7aaa242ee1ecbfcbcc7502b0ce8e5a9191d307f2
Depends-On: I07e52897897f453382f74aa4fdaa98c37e6eca30
2017-12-05 13:07:50 -05:00
Zuul
7d0d74891f Merge "Add NovaMigrationTarget service to SR-IOV Compute role" 2017-12-05 16:15:52 +00:00
Juan Antonio Osorio Robles
898ad4f54b Add IPSEC composable service
This service is tied to the external_deploy_tasks (such as the k8s
service); and it deploys IPSEC in the overcloud.

bp ipsec

Change-Id: Ie3b7af92c0ec97241de6d8badec13b9e93ee9305
2017-12-05 13:10:18 +00:00
Zuul
3d992e3086 Merge "Implements management of /etc/login.defs" 2017-12-01 05:29:20 +00:00
Zuul
ad0fd1f778 Merge "Added NovaMigrationTarget service to OVS-DPDK role" 2017-12-01 05:29:16 +00:00
Saravanan KR
44e1b941d3 Add NovaMigrationTarget service to SR-IOV Compute role
The service NovaMigrationTarget is missing in SR-IOV compute role,
but is required for migration of instances. Added the missing
service to the role. And added validation to avoid such mistakes.
Closes-Bug: #1730275

Change-Id: I49d310b0c61331eef2d2bf5fd05cf67b34095bbb
2017-11-30 11:00:15 +05:30
lhinds
502fde7a64 Implements management of /etc/login.defs
Enables management of shadow password directives in login.defs

By allowing operators to set values in login.defs, they are able
to improve password security for newly created system accounts.

This change will in turn allow operators to adhere with security
hardening frameworks, such as STIG DISA & CIS Security Benchmarks.

bp login-defs

Change-Id: Id4fe88cb9569f18f27f94c35b5c27a85fe7947ae
Depends-On: Iec8c032adb44593da3770d3c6bb5a4655e463637
2017-11-29 09:23:25 +00:00
Tony Breeds
cfcbf3d8a0 Add ComputeAlt role and environment
In order to support compute services ppc64le, which currently don't
have supported methods for building and distributing container images,
we create a role 'ComputeAlt' which directly uses the puppet/services
templates to configure services that would typically be containers.

This new role is supposed to minimally diverge from the Compute role

The following services have been switch for the puppet versions:
 - OS::TripleO::Services::ComputeCeilometerAgent
 - OS::TripleO::Services::ComputeNeutronOvsAgent
 - OS::TripleO::Services::Iscsid
 - OS::TripleO::Services::NovaCompute
 - OS::TripleO::Services::NovaLibvirt
 - OS::TripleO::Services::NovaMigrationTarget

The following services have been removed as they're only available as
docker containers:
 - OS::TripleO::Services::Docker
 - OS::TripleO::Services::ContainersLogrotateCrond
 - OS::TripleO::Services::RsyslogSidecar

Alternate versions for the following services are configured, they are
left as OS::Heat::None the operator will need to define them
appropriately if they're needed:
 - OS::TripleO::Services::Collectd
 - OS::TripleO::Services::Fluentd
 - OS::TripleO::Services::SensuClient
 - OS::TripleO::Services::OVNController

Change-Id: I31d673dd048f687c9125733a77d0c9e6069e0614
2017-11-29 14:28:05 +11:00
Zuul
4fa81458d4 Merge "Undercloud: Add router for IPv6 ctlplane subnet" 2017-11-27 23:08:23 +00:00
Zuul
b2bc4f36a3 Merge "logging: merge fluentd-client and fluentd-base" 2017-11-22 10:41:19 +00:00
Zuul
a4877d7272 Merge "Removes manila-generic-config from TripleO" 2017-11-21 16:54:11 +00:00
Zuul
301e8d84e9 Merge "Deploy Ceph Luminous and add support for CephMgr service" 2017-11-21 01:48:51 +00:00
Giulio Fidente
3cea68f12c Deploy Ceph Luminous and add support for CephMgr service
The upgrade of Ceph to Luminous requires a new daemon, ceph-mgr, to be
deployed with every ceph-mon. This submission adds support for the
deployment of ceph-mgr via ceph-ansible.

Change-Id: I4226233d02b70980c6b53518ae2d511b653ce2de
Depends-On: I3645c6c3f68fcefc93fa8699796ba8892aa946c8
Implements: blueprint ceph-luminous
2017-11-20 21:11:23 +01:00
Lars Kellogg-Stedman
f982eb55c4 logging: merge fluentd-client and fluentd-base
The fluentd implementation was originally split across multiple files
in order to support both client and server services. we ultimately
decided to only implement the client as part of tripleo so this
division is no longer necessary.  This commit merges
fluentd-client.yaml and fluentd-base.yaml into fluentd.yaml, and
renames things appropriately.

Partial-bug: #1715187
Depends-On: Iace34b7baae8822d2233d97adabf6ebc8833adab
Change-Id: Idb9886f04d56ffc75a78c4059ff319b58b4acf9f
2017-11-17 11:04:52 +01:00
Juan Antonio Osorio Robles
97f9a01f79 Add rsyslog-sidecar resource and configuration
This introduces a "sidecar" container, which is meant to be used
besides other containers (or as part of the pod). It merely uses
rsyslog to listen on a specific UNIX socket and outputs what it
gets to stdout.

This adds the service to each relevant role and introduces a
composable service which merely configures the container. Subsequently
it'll be used as part of other templates.

Note that it is only enabled if "stdout logging" is enabled.

bp logging-stdout-rsyslog
Depends-On: I4864ddca223becd0a17f902729cf2e566df5e521

Change-Id: I2c54acaaa820961c936f1fbe304f42162f720496
2017-11-17 10:38:57 +02:00
Zuul
f0be3d1f0d Merge "Add Docker service to the undercloud roles" 2017-11-16 15:25:09 +00:00
Saravanan KR
3ebcb8eead Added NovaMigrationTarget service to OVS-DPDK role
The service NovaMigrationTarget is missing in DPDK compute role,
but is required for migration of instances. Added the missing
service to the role.
Partial-Bug: #1730275

Change-Id: I1b51af450d6fcc36d57398e9ee3f2c3e73924e7f
2017-11-16 13:55:26 +05:30
Dan Prince
ef78b46338 Undercloud: Add router for IPv6 ctlplane subnet
A router is needed so that router advertisements are send out for
the subnet. Also add the router plugin and start the l3 agent
which are responsible for the router handling.

Change-Id: I2c7c6232d00a11f550ad186f94ce628090ec93ed
2017-11-13 14:20:32 -05:00
Zuul
5840413021 Merge "Barbican: Add ability to specify KEK for simple crypto plugin" 2017-11-13 14:18:39 +00:00
Pradeep Kilambi
07ce5c4bae Add undercloud cinder roles and environment files
If enable_cinder is true in undercloud.conf, we will need to include
these env files to setup cinder containers.

Change-Id: I208347c52ac5ad24a54aade0be23a31f5bdd4249
2017-11-10 16:39:04 +00:00
Dan Prince
f0b4b0dffe Add Docker service to the undercloud roles
This patch adds the Docker service to the default undercloud
roles data. By default Docker is set to OS::Heat::None.
When using environments/docker.yaml however it will get set
to puppet/service/docker.yaml which will facilitate installing
the Docker service early in the deployment at step 1.

Change-Id: I2d569eef136254dc81bdee93a7869fd361a8400d
2017-11-09 12:18:13 +11:00
Pradeep Kilambi
5ebbc81c2a Remove deprecated Telemetry services from roles data
Ceilometer API, Collector and Expirer are removed from upstream,
so lets clean these deprecated services.

Change-Id: Ifd28a3029cd39644833ab0e9fc66efb7b5b67c9d
2017-11-07 12:54:41 +00:00
Ade Lee
2089a53afd Barbican: Add ability to specify KEK for simple crypto plugin
It adds the profile to enable the backend and a relevant environment
file that will be used.

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: I44391b91b01bc03c9773410152e117ec6bbba491
Change-Id: I39ce9f203af0dea20f7c14ba8b484f600f4aad49
2017-11-02 15:31:17 +00:00
Saravanan KR
739b05f528 Added a new role definition for SR-IOV Compute role
In order to support the role generation command, a new role for
hosting SR-IOV workloads has been added. This also removes the
SR_IOV services from the default compute so that compute and compute
sriov can co-exist in the same cluster.
Closes-Bug: #1715829

Change-Id: If48bd6a69209da556cc75ece035b341eb59f41a9
2017-10-25 15:16:28 +05:30
Victoria Martinez de la Cruz
6740f94914 Removes manila-generic-config from TripleO
Generic driver is not intended to be used in real environments
since it introduces a SPOF in the data path. Due to this, it
doesn't make sense and generates confusion to have the environment
file, so in this patch set we simply remove it.

Change-Id: I2e1db2bd614eae65e59712f50dc3391f16f6b388
Closes-Bug: #1708680
2017-10-16 16:54:47 -03:00
Zuul
7b3e9f7d54 Merge "Remove Heat Cloudwatch API" 2017-10-16 09:22:39 +00:00
Jenkins
efd86fb1a8 Merge "Add a Skydive composable service" 2017-10-13 20:37:59 +00:00
Jenkins
3f6db21211 Merge "Add Mistral event engine" 2017-10-13 12:50:20 +00:00
Alex Schultz
5c3efe66a4 Remove Heat Cloudwatch API
The heatwatch api has long be deprecated[0] so this should not be in the
roles and environment configuration.

[0]
http://lists.openstack.org/pipermail/openstack-dev/2015-April/061834.html

Change-Id: I322979c34a92565a7dd54248c312b692e9c83f74
Closes-Bug: #1720865
2017-10-11 09:54:38 +02:00
Bernard Cafarelli
7059ca1316 Add networking-sfc support
Enables deployment of service function chaining via the networking-sfc
project.

Implements: blueprint networking-sfc-support

Co-Authored-By: Bernard Cafarelli <bcafarel@redhat.com>
Change-Id: I230b31dc9ed0ecc5046064628ba2f2505e589522
Depends-On: Icd433ddc6ae7de19a09f9e33b410a362c317138a
2017-10-10 13:33:32 +00:00
Jenkins
c0817e6a65 Merge "Remove pacemaker remote from the Networker role" 2017-10-05 00:44:19 +00:00
Sylvain Baubeau
d31bc3a573 Add a Skydive composable service
This commits adds one service for the agent, and one
other for the analyzer. When using multiple controller nodes,
the analyzers are deployed in cluster mode, with a single etcd node.
These services are deployed as containers using a Mistral
workflow with Ansible.

Depends-on: I0442d2a75a4931a4bd8399c58ff6b016d5486945
Change-Id: I56c53158f9ed294dac95dbd7087d057e427f16a1
2017-10-04 10:32:07 +02:00
Brad P. Crochet
95a7a27fcb Add Mistral event engine
Mistral has an event engine to trigger cron-type events. Let's use it.

Change-Id: I15b48bd7a501608b1fad64fea8d4f9822946dcb2
Depends-On: I71f556c96ed7c2bbafacab4b2f66874effbd8b73
2017-09-28 06:55:46 -04:00
Jenkins
97161236cf Merge "Add IronicPxe to the default controller" 2017-09-27 18:17:43 +00:00
Derek Higgins
a850d8059f Add IronicPxe to the default controller
It doesn't exist in the non containerized openstack so leave it
stubbed out by default.

Change-Id: I5fcb1f0b9958ac90f034a12f1ee733dae6571f9c
2017-09-25 17:07:47 +01:00
Michele Baldessari
f4bdf655f7 Remove pacemaker remote from the Networker role
It currently surves no purpose, as there are no
pacemaker managed resource in this role.

Change-Id: I0ea0d28e651646acb8bdd1ee53bfb7c8b16fe75b
2017-09-22 16:33:36 +02:00
Alex Schultz
964a5d738b Move neutron api services to ControllerOpenstack
The Networker role should not have the api services run on it. Instead
these services should run as part of the ControllerOpenstack role that
should be used with this role.

Change-Id: Iabfe276fe700843f3a8da0b9e9220b2f82e20ec9
Closes-Bug: #1718299
2017-09-19 15:50:06 -06:00
Jenkins
9126ca5459 Merge "Add Swift dispersion profile" 2017-09-11 12:21:12 +00:00
Michele Baldessari
1760079dfe Move the clustercheck service to the DB role
The clustercheck service is currently in the ControllerOpenstack role
which represents a controller without the DB. Since the clustercheck
service/container always talks to the SQL server via a localhost
connection it *has* to run on the very same node that hosts the DB.

In a containerized deployment this error shows up with db syncs simply
hanging because haproxy will stop serving port 3306 because the
clustercheck service on port 9200 cannot talk to mysql locally.

Errors like this will be logged when trying to connect to the DB VIP:
mysql -u heat -h 172.17.1.13 -p3UazsaeTC64V9UvEcJ3GZ9rbd
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

Fix this by making sure that the clustercheck service runs on
the DB role.

Change-Id: Iec4c9678d8b8d44e002c1e53110dedc0674359fb
Closes-Bug: #1715847
2017-09-08 12:31:18 +02:00
Brent Eagles
94c9c2f954 Add Neutron SR-IOV agent container
This patch adds support for running the neutron SR-IOV agent in a
container.

Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f
Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec

Closes-Bug: #1715388

Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9
2017-09-06 22:18:24 -02:30
Jenkins
ec6252e00b Merge "Add Bagpipe driver composable service" 2017-09-01 16:24:35 +00:00
Ricardo Noriega
a18a94e498 Add Bagpipe driver composable service
The BaGPipe driver for the BGPVPN service plugin is designed
  to work jointly with the openvswitch ML2 mechanism driver.

Change-Id: I17ed258231e7efdd1ca8e0697d074b11961ed0ae
Depends-On: I1e0227d8055f456043fe63c6a9cbd722d7bf84a7
Partially-Implements: blueprint bgpvpn-service-integration
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2017-09-01 11:56:47 +02:00
Bogdan Dobrelya
fe8ad28ef4 Add a lightweight UC template/role data for deployed-servers
Allows to deploy the minimal UC services capable
to install overcloud on pre-provisioned deployed servers.
Zaqar is configured to be mongo-less.

Follows up the filtered prepare images command changes
https://review.openstack.org/#/q/topic:bug/1710992

Related-bug: #1693448

Change-Id: I26cbeb7ce5fd07ffdc2e22da91777316b7de6294
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-08-30 18:16:50 +02:00
Jenkins
5a5a49d282 Merge "Add support for Dell EMC Isilon Manila backend" 2017-08-30 12:44:26 +00:00
Jenkins
4ef304108e Merge "Add support for Dell EMC VMAX Manila Backend" 2017-08-30 12:44:19 +00:00
Jenkins
57fc61cca8 Merge "Add support for Dell EMC VMAX ISCSI Backend" 2017-08-30 12:43:38 +00:00
rajinir
f6c9906d51 Add support for Dell EMC Isilon Manila backend
This change adds support for manila::backend::dellemc_isilon

Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd
Implements: blueprint dellemc-isilon-manila
2017-08-30 04:42:09 +00:00
rajinir
04daabdc84 Add support for Dell EMC VMAX Manila Backend
This change adds support for manila::backend::dellemc_vmax

Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b
Implements: blueprint dellemc-vmax-manila
2017-08-30 04:42:01 +00:00