6657 Commits

Author SHA1 Message Date
Emilien Macchi
fd7999c14e mistral-executor: mount /var/lib/mistral
When containerizing mistral-executor, we need to mount /var/lib/mistral so
our operators can get the config-download logs when the undercloud is
containerized and config-download is used to deploy the overcloud.

To help our operators, we also create /var/lib/mistral/readme.txt so
they know where to find the config-download data.

Change-Id: I8d31d5fec2721c6e4f82b1ad2169a7635cb57600
Closes-Bug: #1749823
2018-02-17 01:41:52 +00:00
Emilien Macchi
e897da3b69 Update YAQL queries with groupBy
YAQL introduced a backward incompatible change in one of its minor
versions:
3fb9178401 (diff-f36776b660e5fe4f88e3295e5b751396R215)

It changes the expected behavior of groupBy() aggregator, so we need to
update our queries otherwise it fails with a "list index out of range"
error.

Change-Id: I2ca2ebb2c8d22aeedbcb6920072db5b6dba3311b
Closes-Bug: #1750032
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2018-02-17 01:41:12 +00:00
Emilien Macchi
985e037dc2 docker: configure group/user for deployment_user
See context here: Ia5cc7b34ebee8cf2f49300ce23050370d5f1038a

This user will be useful for containerized undercloud, to maintain
parity with what was done in instack-undercloud.

Depends-On: Ia5cc7b34ebee8cf2f49300ce23050370d5f1038a
Depends-On: Ifd1bec1262dfbd213810bb2b4d561f47bf010e69
Change-Id: I48ab4a0ba0240e931391602943b471b5b6ec8e80
2018-02-15 20:17:55 +00:00
Zuul
0b719f3023 Merge "Unify the Cinder HA and non-HA docker configurations" 2018-02-15 19:27:45 +00:00
Zuul
4b6a7462ce Merge "Undercloud: support for external VIP for SSL" 2018-02-15 19:24:13 +00:00
Zuul
b3e566422b Merge "Fix PublicVirtualFixedIPs in envs" 2018-02-15 16:03:02 +00:00
Zuul
d582730249 Merge "Align zaqar max_messages_post_size with undercloud" 2018-02-15 15:57:53 +00:00
Zuul
da9d3e3a31 Merge "Change type of CephAnsiblePlaybook from string to comma_delimited_list" 2018-02-15 13:57:10 +00:00
Zuul
5a5d1a745c Merge "undercloud_post: fix subnet name" 2018-02-15 13:38:12 +00:00
Emilien Macchi
dc9fcd3c4a Align zaqar max_messages_post_size with undercloud
When deploying a containerized undercloud, we need the same
configuration as we used to have in instack-undercloud.

For max_messages_post_size, we used to have 1048576 due to the high size
of the messages with config-download.

Let's sync the config here, so we can deploy an overcloud with
config-download when a containerized undercloud is used.

Change-Id: Ib43c811d9ea4e71558c15c78cfb9999f738b8098
2018-02-15 10:15:03 +00:00
Zuul
c93028f254 Merge "Added and modified the services for ComputeLiquidio role" 2018-02-15 09:19:30 +00:00
Dan Prince
53c2327ac6 Undercloud: support for external VIP for SSL
Wires in the use of ../network/ports/external_from_pool.yaml
so that we can control the named 'public_virtual_ip' created in
overcloud.yaml when using Undercloud SSL.

By default this has previously gone to the ctlplane IP for the
Undercloud itself. When SSL is enabled we want it set to a different
VIP managed by Haproxy/keepalived. If SSL is disabled
python-tripleoclient just sets it to the ctlplane so the previous
behavior is preserved.

Change-Id: Id8127efc658f4bae3176d7394a32face6030303c
2018-02-15 05:52:12 +00:00
Emilien Macchi
ac9af72f99 Fix PublicVirtualFixedIPs in envs
PublicVirtualFixedIPs vs PublicVirtualFixedIps

It was a typo introduced in this commit:
I4e926f1c6b30d4009d24a307bc21e07e1731b387

And found here:
http://logs.openstack.org/79/535479/4/check/tripleo-ci-centos-7-undercloud-containers/670d906/logs/undercloud/home/zuul/undercloud_install.log.gz#_2018-02-14_11_04_59

Change-Id: I15a632376451a7554e3304202872694e70cd4ecd
2018-02-15 05:52:07 +00:00
Zuul
321c3fe6f7 Merge "Undercloud: fix stackrc TLS URL detection" 2018-02-15 05:43:46 +00:00
Zuul
30e2412506 Merge "Add tls roles for undercloud" 2018-02-15 05:43:43 +00:00
Emilien Macchi
2468fe12e7 undercloud_post: fix subnet name
The default control plane subnet name is "ctlplane-subnet", so let's
create the right subnet for the containerized undercloud.

Note: the subnet can't be overriden (yet) but for now we rely on the
default.

Change-Id: I15954bced81ef6c3e1a1f4a73bc989f33d08d6f7
2018-02-15 05:30:27 +00:00
Zuul
c0293adb6e Merge "Disable SNMP service in all CI jobs" 2018-02-15 03:00:16 +00:00
Alan Bishop
f89d8d2077 Unify the Cinder HA and non-HA docker configurations
Relocate the list of docker volumes used by the CinderVolume and
CinderBackup services so that a common list can be used in both HA and
non-HA deployments. For HA, the list is passed to puppet-tripleo via
hiera data.

Closes-Bug: #1748290
Depends-On: I4ba0d78ad17183b97290b853a6c103e55bc8977c
Change-Id: I41d6ff1dc60a799cec18fbeb64c8b63961953388
2018-02-15 02:34:33 +00:00
Zuul
6b449eaa52 Merge "Do not depends on the order of the hash vars in ffu repo switching." 2018-02-15 01:58:15 +00:00
Dan Prince
32fe279eec Undercloud: fix stackrc TLS URL detection
We want to configure a TLS url for the underclouds stackrc
when a user specified or generated TLS certificate is used.
This patch updates the existing check so that
the PublicSSLCertificateAutogenerated paremeter is also used
when deciding if the SSL URL should be enabled.

Change-Id: I7561b5de7749ca57f8ac8056b470228e1026eb31
2018-02-15 00:02:39 +00:00
Pradeep Kilambi
7a5d5a8e1b Add tls roles for undercloud
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Ian Main <imain@redhat.com>

Change-Id: Icca382db28e4ea57f3cbf24e9e794b428b824db5
2018-02-15 00:00:05 +00:00
Zuul
0834134fd6 Merge "ffu: Allow FASTFORWARDUPGRADE as a StackUpdateType" 2018-02-14 18:27:22 +00:00
Emilien Macchi
cb90c8ce48 Disable SNMP service in all CI jobs
Some work is being done in I46fce28926cb5a881f7384948480266712ae75e3
to secure SNMP on a specific network but until then we need to stop
opening the services so cloud providers won't report any security issue
for TripleO jobs.

Change-Id: Icd8a6ddda6152186d6be4a227f6449232fecba5e
Related-Bug: #1749324
2018-02-14 09:32:55 -08:00
Sofer Athlan-Guyot
d20264c8ba Do not depends on the order of the hash vars in ffu repo switching.
As vars in defined as an hash and we can't depends on the ordering
here.

Change-Id: I93fb1811aff6a5c0e5f984f8562a6cdd207f1b5c
Related-Bug: #1749338
2018-02-14 15:35:07 +01:00
Zuul
7c084d8431 Merge "Add OVNController service to Networker role" 2018-02-14 12:06:16 +00:00
hanish gogada
7e434667a6 Added and modified the services for ComputeLiquidio role
Change-Id: Iedbcfc02983390f431d40ee2263bed0cb7581f77
Closes-Bug: 1749372
2018-02-14 15:43:47 +05:30
Zuul
9a91a71426 Merge "Enable Barbican health checks" 2018-02-14 07:41:14 +00:00
Zuul
9727a0d813 Merge "Render NIC config templates with jinja2" 2018-02-14 05:54:31 +00:00
Zuul
42913cf2bf Merge "Fixes missing SSL configuration for Neutron DHCP agent" 2018-02-13 23:58:24 +00:00
Zuul
8a3fbc0738 Merge "Add Mistral to the provided controller roles" 2018-02-13 23:36:31 +00:00
Zuul
9604728016 Merge "Fix Redis TLS setup and its HA deployment" 2018-02-13 23:34:49 +00:00
Zuul
15f7620ca4 Merge "Adding new config parameters for Cisco UCSM ML2 driver" 2018-02-13 23:30:18 +00:00
Zuul
8519911d3b Merge "Add name to debug tasks" 2018-02-13 20:22:18 +00:00
Tim Rozet
2adb2b6f57 Fixes missing SSL configuration for Neutron DHCP agent
Currently when deploying with TLS for internal API traffic, Neutron is
not configured to securely communicate with OVSDB.  In regular OVS agent
deployments OVS listens on ptcp and accepts any incoming connection.  In
ODL deployments OVS is configured to only listen for pssl connections.
To allow Neutron agents to communicate with OVSDB in pssl, Neutron needs
to be configured with SSL key/certificate in order to connect to OVS.

This patch adds key/certificate generation for NeutronBase service to be
consumed by any agent.  The only agent required with ODL is DHCP, so
this patch only addresses configuring SSL there.  However, a future
patch could enable SSL for default ML2/OVS agent deployments as well by
building off of this change.

Note, by default OVSDB listens on port 6640.  This does not work in ODL
deployments when ODL is on the control node because ODL also listens
on port 6640.  Therefore from the ODL service, the ovsdb_connection
setting for DHCP agent is modified when ODL is deployed.

Depends-On: I82281eefa1aa81207ccd8ea565cffc6ca0ec48de
Depends-On: I4bbaf00f0776cab0be34d814a541fb2fd1e64326

Closes-Bug: 1746762

Change-Id: I97352027d7f750d0820610fb9e06f82b47e77056
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-02-13 12:28:27 -05:00
Zuul
c4bd454739 Merge "Fix hardcoded dependency for ExtraConfigPost." 2018-02-13 16:39:37 +00:00
Sandhya Dasu
b2d76220f0 Adding new config parameters for Cisco UCSM ML2 driver
UCSM ML2 driver now supports the following additional
configuration parameters:
1. ucsm_https_verify
2. sp_template_list
3. vnic_template_list

Change-Id: Ie74f1b9653894f8c717156beb604dae9d9e60e6a
2018-02-13 16:26:12 +00:00
Lee Yarwood
3d8f47a71a ffu: Allow FASTFORWARDUPGRADE as a StackUpdateType
This change allows FASTFORWARDUPGRADE to be fed to puppet-tripleo
allowing mainifests to act according when applied during FFU.

Change-Id: I8792937c2524c31becfb8a9f28047b73617c0fc3
2018-02-13 10:53:55 -05:00
Zuul
7777f7b02e Merge "Adding docker service for BGPVPN Service Plugin" 2018-02-13 12:57:46 +00:00
Dan Sneddon
1dec175241 Render NIC config templates with jinja2
This change converts the existing NIC templates to jinja2 in
order to dynamically render the ports and networks according
to the network_data.yaml. If networks are added to the
network_data.yaml file, parameters will be added to all
NIC templates. The YAML files (as output from jinja with
the default network_data.yaml) are present as an example.

The roles in roles_data.yaml are used to produce NIC configs
for the standard and custom composable roles. In order to
keep the ordering of NICs the same in the multiple-nics
templates, the order of networks was changed in the
network_data.yaml file. This is reflected in the network
templates, and in some of the files that is the only
change.

The roles and roles_data.yaml were modified to include
a legacy name for the NIC config templates for the
built-in roles Controller, Compute, Object Storage,
Block Storage, Ceph Storage, Compute-DPDK, and
Networker roles. There will now be a file produced
with the legacy name, but also one produced with the
<role>-role.j2.yaml format (along with environment
files to help use the new filenames).

Note this change also fixes some typos as well as
a number of templates that had VLANs with device:
entries which were ignored.

Closes-Bug: 1737041
Depends-On: I49c0245c36de3103671080fd1c8cfb3432856f35
Change-Id: I3bdb7d00dab5a023dd8b9c94c0f89f84357ae7a4
2018-02-13 00:19:37 -08:00
Zuul
a8520b8c13 Merge "Adding docker service for the L2GW" 2018-02-13 02:13:35 +00:00
Zuul
0a01a40a8f Merge "Add bond-network-templates for OVB public bond CI" 2018-02-12 19:40:49 +00:00
Zuul
d01d2ea23e Merge "logging: use service_config_settings for fluentd" 2018-02-12 19:40:36 +00:00
Zuul
ec1b23de0f Merge "Ignore same file errors for templates processor" 2018-02-12 19:40:18 +00:00
Zuul
39058d302f Merge "ffu: tripleo-packages repo management" 2018-02-12 19:39:27 +00:00
Zuul
e9b0c28b81 Merge "ffu: Add fast-forward upgrade outputs to RoleConfig" 2018-02-12 19:39:14 +00:00
Zuul
4e3cd0df30 Merge "Always evaluate step first in conditional" 2018-02-12 19:39:06 +00:00
Martin Mágr
b121325f6c Enable Barbican health checks
This patch enables health checks execution for all Barbican docker container.

Change-Id: I2e542fa0adb52447abb251910f3ff1095289c726
Depends-On: Ic0573f6dfe550dd7f5d6bc579b3b44a60d4bf1fc
2018-02-12 15:18:41 +01:00
Zuul
d11a90b62c Merge "Fix custom output dir for templates processor" 2018-02-12 11:39:43 +00:00
Steven Hardy
7f4811779f Add name to debug tasks
This makes it clearer that the previous task failed, which isn't
immediately evident from the ansible task output due to the failed_when
on those tasks.

Change-Id: I765208d5865f6e5a292e5b52c572e2e79540c663
Closes-Bug: #1748443
2018-02-12 10:13:25 +00:00
Bogdan Dobrelya
60a209b45e Ignore same file errors for templates processor
When copying templates or files with the
process-templates.py's shutil, ignore cases when
the source and the destination are same files.

This allows the following scenario:
  - Symlink t-h-t from the installed package to a work dir
  - Process j2 templates with overwrite in the work dir

Required-by: https://review.openstack.org/#/c/542875

Change-Id: I9a9c32f05fde325709998f4fe8bc7fef6c25b5c5
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-02-12 11:11:30 +01:00