This service is tied to the external_deploy_tasks (such as the k8s
service); and it deploys IPSEC in the overcloud.
bp ipsec
Change-Id: Ie3b7af92c0ec97241de6d8badec13b9e93ee9305
The service NovaMigrationTarget is missing in SR-IOV compute role,
but is required for migration of instances. Added the missing
service to the role. And added validation to avoid such mistakes.
Closes-Bug: #1730275
Change-Id: I49d310b0c61331eef2d2bf5fd05cf67b34095bbb
Enables management of shadow password directives in login.defs
By allowing operators to set values in login.defs, they are able
to improve password security for newly created system accounts.
This change will in turn allow operators to adhere with security
hardening frameworks, such as STIG DISA & CIS Security Benchmarks.
bp login-defs
Change-Id: Id4fe88cb9569f18f27f94c35b5c27a85fe7947ae
Depends-On: Iec8c032adb44593da3770d3c6bb5a4655e463637
In order to support compute services ppc64le, which currently don't
have supported methods for building and distributing container images,
we create a role 'ComputeAlt' which directly uses the puppet/services
templates to configure services that would typically be containers.
This new role is supposed to minimally diverge from the Compute role
The following services have been switch for the puppet versions:
- OS::TripleO::Services::ComputeCeilometerAgent
- OS::TripleO::Services::ComputeNeutronOvsAgent
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
The following services have been removed as they're only available as
docker containers:
- OS::TripleO::Services::Docker
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::RsyslogSidecar
Alternate versions for the following services are configured, they are
left as OS::Heat::None the operator will need to define them
appropriately if they're needed:
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Fluentd
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::OVNController
Change-Id: I31d673dd048f687c9125733a77d0c9e6069e0614
The upgrade of Ceph to Luminous requires a new daemon, ceph-mgr, to be
deployed with every ceph-mon. This submission adds support for the
deployment of ceph-mgr via ceph-ansible.
Change-Id: I4226233d02b70980c6b53518ae2d511b653ce2de
Depends-On: I3645c6c3f68fcefc93fa8699796ba8892aa946c8
Implements: blueprint ceph-luminous
The fluentd implementation was originally split across multiple files
in order to support both client and server services. we ultimately
decided to only implement the client as part of tripleo so this
division is no longer necessary. This commit merges
fluentd-client.yaml and fluentd-base.yaml into fluentd.yaml, and
renames things appropriately.
Partial-bug: #1715187
Depends-On: Iace34b7baae8822d2233d97adabf6ebc8833adab
Change-Id: Idb9886f04d56ffc75a78c4059ff319b58b4acf9f
This introduces a "sidecar" container, which is meant to be used
besides other containers (or as part of the pod). It merely uses
rsyslog to listen on a specific UNIX socket and outputs what it
gets to stdout.
This adds the service to each relevant role and introduces a
composable service which merely configures the container. Subsequently
it'll be used as part of other templates.
Note that it is only enabled if "stdout logging" is enabled.
bp logging-stdout-rsyslog
Depends-On: I4864ddca223becd0a17f902729cf2e566df5e521
Change-Id: I2c54acaaa820961c936f1fbe304f42162f720496
The service NovaMigrationTarget is missing in DPDK compute role,
but is required for migration of instances. Added the missing
service to the role.
Partial-Bug: #1730275
Change-Id: I1b51af450d6fcc36d57398e9ee3f2c3e73924e7f
A router is needed so that router advertisements are send out for
the subnet. Also add the router plugin and start the l3 agent
which are responsible for the router handling.
Change-Id: I2c7c6232d00a11f550ad186f94ce628090ec93ed
If enable_cinder is true in undercloud.conf, we will need to include
these env files to setup cinder containers.
Change-Id: I208347c52ac5ad24a54aade0be23a31f5bdd4249
This patch adds the Docker service to the default undercloud
roles data. By default Docker is set to OS::Heat::None.
When using environments/docker.yaml however it will get set
to puppet/service/docker.yaml which will facilitate installing
the Docker service early in the deployment at step 1.
Change-Id: I2d569eef136254dc81bdee93a7869fd361a8400d
Ceilometer API, Collector and Expirer are removed from upstream,
so lets clean these deprecated services.
Change-Id: Ifd28a3029cd39644833ab0e9fc66efb7b5b67c9d
It adds the profile to enable the backend and a relevant environment
file that will be used.
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: I44391b91b01bc03c9773410152e117ec6bbba491
Change-Id: I39ce9f203af0dea20f7c14ba8b484f600f4aad49
In order to support the role generation command, a new role for
hosting SR-IOV workloads has been added. This also removes the
SR_IOV services from the default compute so that compute and compute
sriov can co-exist in the same cluster.
Closes-Bug: #1715829
Change-Id: If48bd6a69209da556cc75ece035b341eb59f41a9
Generic driver is not intended to be used in real environments
since it introduces a SPOF in the data path. Due to this, it
doesn't make sense and generates confusion to have the environment
file, so in this patch set we simply remove it.
Change-Id: I2e1db2bd614eae65e59712f50dc3391f16f6b388
Closes-Bug: #1708680
Enables deployment of service function chaining via the networking-sfc
project.
Implements: blueprint networking-sfc-support
Co-Authored-By: Bernard Cafarelli <bcafarel@redhat.com>
Change-Id: I230b31dc9ed0ecc5046064628ba2f2505e589522
Depends-On: Icd433ddc6ae7de19a09f9e33b410a362c317138a
This commits adds one service for the agent, and one
other for the analyzer. When using multiple controller nodes,
the analyzers are deployed in cluster mode, with a single etcd node.
These services are deployed as containers using a Mistral
workflow with Ansible.
Depends-on: I0442d2a75a4931a4bd8399c58ff6b016d5486945
Change-Id: I56c53158f9ed294dac95dbd7087d057e427f16a1
Mistral has an event engine to trigger cron-type events. Let's use it.
Change-Id: I15b48bd7a501608b1fad64fea8d4f9822946dcb2
Depends-On: I71f556c96ed7c2bbafacab4b2f66874effbd8b73
The Networker role should not have the api services run on it. Instead
these services should run as part of the ControllerOpenstack role that
should be used with this role.
Change-Id: Iabfe276fe700843f3a8da0b9e9220b2f82e20ec9
Closes-Bug: #1718299
The clustercheck service is currently in the ControllerOpenstack role
which represents a controller without the DB. Since the clustercheck
service/container always talks to the SQL server via a localhost
connection it *has* to run on the very same node that hosts the DB.
In a containerized deployment this error shows up with db syncs simply
hanging because haproxy will stop serving port 3306 because the
clustercheck service on port 9200 cannot talk to mysql locally.
Errors like this will be logged when trying to connect to the DB VIP:
mysql -u heat -h 172.17.1.13 -p3UazsaeTC64V9UvEcJ3GZ9rbd
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
Fix this by making sure that the clustercheck service runs on
the DB role.
Change-Id: Iec4c9678d8b8d44e002c1e53110dedc0674359fb
Closes-Bug: #1715847
This patch adds support for running the neutron SR-IOV agent in a
container.
Depends-On: I4a63845a97c890d7d408731ec5509c320289f18f
Depends-On: Ie5d8cd7863c0d042cc6a4e1fc52602d8a03a1935
Depends-On: I1b5ab0a64ae1f5735f1bd5a68e6ae8bdcf47ddec
Closes-Bug: #1715388
Change-Id: I7ee603b32eddacd02d846dff00dd1b786d4a7ad9
The BaGPipe driver for the BGPVPN service plugin is designed
to work jointly with the openvswitch ML2 mechanism driver.
Change-Id: I17ed258231e7efdd1ca8e0697d074b11961ed0ae
Depends-On: I1e0227d8055f456043fe63c6a9cbd722d7bf84a7
Partially-Implements: blueprint bgpvpn-service-integration
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
Allows to deploy the minimal UC services capable
to install overcloud on pre-provisioned deployed servers.
Zaqar is configured to be mongo-less.
Follows up the filtered prepare images command changes
https://review.openstack.org/#/q/topic:bug/1710992
Related-bug: #1693448
Change-Id: I26cbeb7ce5fd07ffdc2e22da91777316b7de6294
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This change adds support for manila::backend::dellemc_isilon
Change-Id: I92592e4b717d4b1812ccd810ec1daaedd181c3dd
Implements: blueprint dellemc-isilon-manila
This change adds support for manila::backend::dellemc_vmax
Change-Id: I92e189c8741c496ef6c27130f73829c327a99f1b
Implements: blueprint dellemc-vmax-manila