Go to file

yatinkarel 318ec87c36 Fix sshd firewall rule

After migration to tripleo-ansible firewall role with [1],
firwall rules for sshd were not applied correctly as value
of heat param SshFirewallAllowAll was not being honored.
This patch fixes it by using conditions properly.

Issue was not hit in CI in CentOS7 jobs as rule to allow
access to port 22 is done while creating nodepool images with
nodepool-base element. Issue got visible in rhel8 jobs(rhel8
nodepool images don't have nodepool-base element applied due
to [3]) after [2] was merged which fixed apply of DROP rules.

[1] https://review.opendev.org/#/c/677237/
[2] https://review.opendev.org/#/c/699692/
[3] https://softwarefactory-project.io/r/#/c/15863/

Closes-Bug: #1857463
Change-Id: Ifd5db368d63e89150c5c46877cd20e1e4a65a08c

2020-01-01 13:13:22 +05:30

Deploy /etc/openstack/clouds.yaml with Ansible

2019-12-19 20:09:08 +00:00

common

Merge "Use async tasks for long running common tasks"

2019-12-30 18:29:56 +00:00

container_config_scripts

Merge "HA: ensure TRIPLEO_MINOR_UPDATE is defined for <svc>_restart_bundle"

2019-10-25 04:22:55 +00:00

deployed-server

Remove deployed-server-roles-data.yaml

2019-11-08 18:42:24 +00:00

deployment

Fix sshd firewall rule

2020-01-01 13:13:22 +05:30

environments

Merge "Deploy /etc/openstack/clouds.yaml with Ansible"

2019-12-21 02:43:01 +00:00

extraconfig

Deploy /etc/openstack/clouds.yaml with Ansible

2019-12-19 20:09:08 +00:00

firstboot

Replace chronyc "waitsync" with "makestep"

2019-10-15 15:47:57 +01:00

network

Correct invalid jinja set

2019-12-20 17:55:10 +00:00

plan-samples

Role specific derive parameters workflow parameter

2018-06-28 08:10:27 -04:00

puppet

Use ansible for hosts entries

2019-11-14 11:29:51 -05:00

releasenotes

Merge "Provide option to set reserved_huge_pages"

2019-12-19 22:19:40 +00:00

roles

Merge "Add netcontrold service for DPDK roles"

2019-12-13 02:29:05 +00:00

sample-env-generator

Deploy /etc/openstack/clouds.yaml with Ansible

2019-12-19 20:09:08 +00:00

scripts

Move instanceha into scripts

2019-07-18 19:13:08 +00:00

tools

Merge "Provide utility to generate NodeDataLookup from Ironic"

2019-12-19 17:12:05 +00:00

tripleo_heat_templates

Ansible lint check in THT

2019-10-30 04:56:05 -04:00

validation-scripts

Make comparisons case insensitive

2019-06-19 10:01:41 -06:00

zuul.d

Make tripleo-ci-centos-7-containers-undercloud-minion depends on pep

2019-12-09 16:28:10 -05:00

.gitignore

Remove mac_hostname & random_string

2019-07-18 19:10:31 +00:00

.gitreview

OpenDev Migration Patch

2019-04-19 19:34:55 +00:00

.testr.conf

Improve nova statedir ownership logic

2018-07-09 17:07:30 +01:00

all-nodes-validation.yaml

Optional ICMP validation of controllers and gateways

2019-01-28 17:18:27 +00:00

babel.cfg

Add release configuration.

2013-10-22 17:49:35 +01:00

bindep.txt

Use https instead of http for docs links

2018-12-03 03:29:26 -08:00

capabilities-map.yaml

Merge "Remove EC2 api"

2019-10-30 13:54:19 +00:00

config-download-software.yaml

Change template names to rocky

2018-05-09 08:28:42 +02:00

config-download-structured.yaml

Change template names to rocky

2018-05-09 08:28:42 +02:00

default_passwords.yaml

Change template names to rocky

2018-05-09 08:28:42 +02:00

hosts-config.yaml

[Templates] Use str_replace for hosts.

2018-11-12 16:33:27 +01:00

j2_excludes.yaml

Remove ipv6 specific network templates

2017-08-31 13:12:17 -07:00

LICENSE

Add license file

2014-01-20 11:58:20 +01:00

lower-constraints.txt

Merge "tox: Keeping going with docs"

2019-11-07 20:02:09 +00:00

net-config-bond.j2.yaml

Drop EC2MetadataIp parameter and its uses

2019-07-05 14:05:59 +02:00

net-config-bridge.j2.yaml

Drop EC2MetadataIp parameter and its uses

2019-07-05 14:05:59 +02:00

net-config-linux-bridge.j2.yaml

Drop EC2MetadataIp parameter and its uses

2019-07-05 14:05:59 +02:00

net-config-noop.j2.yaml

Drop EC2MetadataIp parameter and its uses

2019-07-05 14:05:59 +02:00

net-config-standalone.j2.yaml

Drop EC2MetadataIp parameter and its uses

2019-07-05 14:05:59 +02:00

net-config-static-bridge-with-external-dhcp.j2.yaml

Drop EC2MetadataIp parameter and its uses

2019-07-05 14:05:59 +02:00

net-config-static-bridge.j2.yaml

Drop EC2MetadataIp parameter and its uses

2019-07-05 14:05:59 +02:00

net-config-static.j2.yaml

Drop EC2MetadataIp parameter and its uses

2019-07-05 14:05:59 +02:00

net-config-undercloud.j2.yaml

Drop EC2MetadataIp parameter and its uses

2019-07-05 14:05:59 +02:00

network_data_dashboard.yaml

Add a StorageDashboard network used by CephGrafana service

2019-08-30 19:16:47 +02:00

network_data_ganesha.yaml

Merge "Allow overlay tunnel endpoints on IPv6 address"

2019-01-10 21:13:19 +00:00

network_data_routed.yaml

Merge "Allow overlay tunnel endpoints on IPv6 address"

2019-01-10 21:13:19 +00:00

network_data_subnets_routed.yaml

L3 routed networks - data + env (1/3)

2018-12-30 19:24:29 +01:00

network_data_undercloud.yaml

Add network data for the undercloud

2019-01-21 19:35:37 +01:00

network_data.yaml

Add external_resource_vip_id property to network_data.yaml

2019-03-25 10:48:40 -04:00

overcloud-resource-registry-puppet.j2.yaml

Merge "Install tmpwatch on the overcloud"

2019-12-16 10:29:38 +00:00

overcloud.j2.yaml

overcloud/service_names: merge service_names & enabled_services

2019-12-07 04:00:45 +00:00

plan-environment.yaml

Add name and description fields to plan-environment.yaml

2017-04-12 17:25:40 +02:00

README.rst

Remove EC2 api

2019-10-23 15:24:39 +02:00

requirements.txt

Enable paunch logging to its full extent

2019-03-22 11:42:12 +01:00

roles_data_undercloud.yaml

Optional enable undercloud nova-metadata-api

2019-12-11 09:44:23 +13:00

roles_data.yaml

Adding ReaR THT

2019-11-21 11:07:51 -03:00

setup.cfg

Replace git.openstack.org URLs with opendev.org URLs

2019-06-26 02:43:46 +00:00

setup.py

Updated from global requirements

2017-03-28 13:03:01 +00:00

test-ansible-requirements.txt

Ansible lint check in THT

2019-10-30 04:56:05 -04:00

test-requirements.txt

Merge "tox: Keeping going with docs"

2019-11-07 20:02:09 +00:00

tox.ini

Stop configuring install_command in tox.

2019-11-14 13:04:50 +01:00

README.rst

Team and repository tags

tripleo-heat-templates

Heat templates to deploy OpenStack using OpenStack.

Free software: Apache License (2.0)
Documentation: https://docs.openstack.org/tripleo-docs/latest/
Source: https://opendev.org/openstack/tripleo-heat-templates
Bugs: https://bugs.launchpad.net/tripleo
Release notes: https://docs.openstack.org/releasenotes/tripleo-heat-templates/

Features

The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:

Choice of deployment/configuration tooling: puppet, (soon) docker

Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage

physical network configuration: support for isolated networks, bonding, and standard ctlplane networking

Directories

A description of the directory layout in TripleO Heat Templates.

environments: contains heat environment files that can be used with -e

on the command like to enable features, etc.

extraconfig: templates used to enable 'extra' functionality. Includes

functionality for distro specific registration and upgrades.

firstboot: example first_boot scripts that can be used when initially

creating instances.

network: heat templates to help create isolated networks and ports

puppet: templates mostly driven by configuration with puppet. To use these

templates you can use the overcloud-resource-registry-puppet.yaml.

validation-scripts: validation scripts useful to all deployment

configurations

roles: example roles that can be used with the tripleoclient to generate

a roles_data.yaml for a deployment See the roles/README.rst for additional details.

Service testing matrix

The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:

-	scn000	scn001	scn002	scn003	scn004	scn006	scn007	scn009	scn010	non-ha	ovh-ha
keystone	X	X	X	X	X	X	X		X	X	X
glance		rbd	swift	file	rgw	file	file		rbd	file	file
cinder		rbd	iscsi
heat		X	X
ironic						X
mysql	X	X	X	X	X	X	X		X	X	X
neutron		ovn	ovn	ovn	ovn	ovn	ovs		ovn	ovn	ovn
neutron-bgpvpn					wip
ovn							X
neutron-l2gw					wip
om-rpc		rabbit	rabbit	amqp1	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit
om-notify		rabbit	rabbit	rabbit	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit
redis		X	X
haproxy		X	X	X	X	X	X		X	X	X
memcached		X	X	X	X	X	X		X	X	X
pacemaker		X	X	X	X	X	X		X	X	X
nova		qemu	qemu	qemu	qemu	ironic	qemu		qemu	qemu	qemu
ntp	X	X	X	X	X	X	X	X	X	X	X
snmp	X	X	X	X	X	X	X	X	X	X	X
timezone	X	X	X	X	X	X	X	X	X	X	X
sahara				X
mistral				X
swift			X
aodh		X	X
ceilometer		X	X
gnocchi		rbd	swift
barbican			X
zaqar			X
cephrgw					X
tacker							X
cephmds					X
manila					X
collectd		X
designate				X
octavia									X