89 Commits

Author SHA1 Message Date
Emilien Macchi
f3b85e4ba5 Remove Congress
Congress doesn't seem to be used anywhere, we never had a bug report or
any sign of somebody out there actually using it.

Let's remove its support in TripleO, to reduce the codebase.

Change-Id: Idca6b12f1c0ca3bc15bedf6469d4063a4dac31fa
2019-02-28 16:29:03 -05:00
Zuul
9ded745e65 Merge "Deprecate xinetd service management" 2019-02-21 18:55:15 +00:00
Alex Schultz
78f1901da4 Deprecate xinetd service management
We stopped managing this service with the switch containers. This change
starts the removal and deprecated the TripleO management of the service.

Change-Id: Idc35bdfad126f21280444ebffaa5017e73ba8368
2019-02-14 12:46:41 -07:00
Ade Lee
2a83856585 Move ipa enrollment to host_prep_tasks
This addresses a possible bug when using FreeIPA to do TLS
everywhere.

It is possible that the IPA server is not on the ctlplane.
In this case, when the nodes start up, the registration of the node
with IPA will fail, resulting in failed certificate issuance requests
later on.

We introduce a composable service to run in host_prep_tasks.
This will always run once the networks have been set up.  If the
instance has already been enrolled (by cloud-init or in an update),
then the script executed by the service will just exit.

In this iteration, we simply execute the code that the cloud-init
would have done.  In later releases, we will execute all the code
performed by novajoin-server here in ansible - and deprecate the
novajoin server.

Change-Id: I31f64c3cbd1d151e3c2a436cc3e2ec5316535087
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Resolves: rhbz#1661635
Closes-Bug: #1815924
2019-02-14 16:07:17 +00:00
Zuul
63a657d2f4 Merge "Remove all glance-registry related changes" 2019-01-24 00:00:44 +00:00
Simon Dodsley
f77d8e7909 Add missing entries for Pure Storage Cinder Backend and fix typos
Closes-bug: 1807195
Change-Id: Ibaaaab9d4169829c0f71cf7acea25971b4526695
2019-01-23 09:34:13 -05:00
Pranali Deore
2dcd56041c Remove all glance-registry related changes
Removed all glance-registry related changes from THT, since
Glance Registry has become redundant & been deprecated from
glance due to support of Glance V2. The registry code base is
also going to be removed from Glance project once all the
dependencies removed from other projects.

Change-Id: I548816e3f2d8b9deed8a6f0ba3e203f84ad3d9ca
Closes-Bug: #1808911
2019-01-22 15:07:29 -07:00
Zuul
845bc3e845 Merge "Remove MongoDB" 2019-01-07 18:39:49 +00:00
Emilien Macchi
be07f991b6 Remove MongoDB
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.

Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
2019-01-04 15:17:00 +00:00
Harald Jensås
2f2d8183e6 L3 routed networks - subnet fixed_ips (3/3)
When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.

a) For the Vip's:

Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:

parameter_defaults:
  VipSubnetMap:
    ctlplane: ctlplane-leaf1
    InternalApi: internal_api_leaf1
    Storage: storage_leaf1
    redis: internal_api_leaf1

b) For overcloud node ports:

Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:

- name: <role_name>
  networks:
    <network_name>
      subnet: <subnet_name>

For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.

When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.

Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.

Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
2019-01-03 19:07:20 +01:00
karthik s
512c032a0b Add bootparams service for all roles
NIC partitioning requires IOMMU to be enabled on roles using it.
By adding the BootParams service to all the roles, we could
enable IOMMU selectively by supplying the role specific parameter
"KernelArgs". If a role doesn't use NIC Partitioning then
"KernelArgs" shall be not be set and backward compatibility would
be retained.

Change-Id: I2eb078d9860d9a46d6bffd0fe2f799298538bf73
2018-11-19 05:02:07 -05:00
Emilien Macchi
7bebdefda8 Introduce OS::TripleO::Services::Podman
Podman service will be in charge of installing, configuring, upgrading
and updating podman in TripleO.

For now, the service is disabled by default but included in all roles.
In the cycle, we'll make it the default.

Note: when Podman will be able to run in TripleO without Docker,
we'll do like https://review.openstack.org/#/c/586679/ and make it as
a generic service that can be switched to either podman or docker.
But for now, we need podman & docker working side by side.

Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: If9e311df2fc7b808982ee54224cc0ea27e21c830
2018-10-02 01:47:46 +00:00
Alex Schultz
f7f9053963 Create a Timesync service declaration
In order to support switching between multiple timesync backends, let's
simplify the service configurations for the roles so that there is a
single timesync service.  This timesync service should point to the
expected backend (ntp/ptp/chrony).

Change-Id: I986d39398b6143f6c11be29200a4ce364575e402
Related-Blueprint: tripleo-chrony
2018-09-04 21:00:56 +00:00
Steve Baker
93d87cf18d Always enable image prepare service for docker clouds
This change includes the service
OS::TripleO::Services::ContainerImagePrepare by default in the overcloud
which will trigger a container image prepare in the same way as is
currently done for the containerized undercloud.

Along with the mistral action which populates the container image
parameters, this change makes blueprint container-prepare-workflow
functionally complete.

Change-Id: I8b0c5e630e63ef6a2e6f70f1eb00fd02f4cfd1c0
Blueprint: container-prepare-workflow
2018-08-15 12:09:23 +00:00
Zuul
7248cd24ba Merge "Allow to remove xinetd service" 2018-08-02 08:14:58 +00:00
Martin Mágr
b76d7623ac QDR for metrics collection purposes
This patch adds composable new service (QDR) for containerized deployments.
Metrics QDR will run on each overcloud node in 'edge' mode. This basically
means that there is a possibility that there will be two QDRs running
on controllers in case that oslo messaging is deployed. This is a reason why
we need separate composable service for this use case.

Depends-On: If9e3658d304c3071f53ecb1c42796d2603875fcd
Depends-On: I68f39b6bda02ba3920f2ab1cf2df0bd54ad7453f
Depends-On: I73f988d05840eca44949f13f248f86d094a57c46
Change-Id: I1353020f874b348afd98e7ed3832033f85a5267f
2018-07-31 21:55:45 +00:00
Cédric Jeanneret
6237903852 Allow to remove xinetd service
The xinetd service isn't used anymore on the host - it runs in
containers where it is needed, meaning that service can be dropped
for good, as well as its package.

Change-Id: I004a43c1b6c9cee21c24749bd6589435530e48e0
2018-07-31 15:21:59 +02:00
Alex Schultz
f8d0edac5f Drop old ceilometer services
These were needed for FFU to Queens so we should remove them for Rocky.

Change-Id: I0e24d19cd17d35644fa02e989fa9ef592195b9f1
2018-05-29 20:51:07 +00:00
Zuul
30dbc58252 Merge "Add IronicInspector to the Controller roles" 2018-05-28 13:58:18 +00:00
Hamdy Khader
afcf2c71e3 Add support for NVMeOF cinder backend
Change-Id: I2ee3b44fc4a7bede635b0bfcacd1dab8547d123a
2018-05-07 15:45:42 +03:00
Zuul
822bd996b3 Merge "Support separate oslo.messaging services for RPC and Notification" 2018-04-25 04:43:46 +00:00
Andrew Smith
78bc457585 Support separate oslo.messaging services for RPC and Notification
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.

This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
  (rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
  and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note

Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
2018-04-22 04:33:44 +00:00
Derek Higgins
c2a555f77f Add IronicInspector to the Controller roles
By default its stubbed out with OS::Heat::None, so the
default Controler wont include it.

Change-Id: I3bb104538a836a8f2e20e04dea58edfa0e568c2d
2018-04-18 11:21:56 +01:00
Carlos Goncalves
9526cef547 Containerize Neutron LBaaS service plugin
Change-Id: I68e5ca5a78a2bd08082a494b636c6e2debb6bbae
2018-04-18 10:53:48 +02:00
Harald Jensas
5203e43979 Add Ironic Networking Baremetal Templates
Ironic neutron agent will be installed on controller nodes, or
networker nodes, when environments/services/ironic.yaml or
environments/services-docker/ironic.yaml is used.

It should also be enabled on undercloud.

Also enables ``baremetal`` ML2 mechanism driver on undercloud.

Depends-On: Ic1f44414e187393d35e1382a42d384760d5757ef
Depends-On: I3c40f84052a41ed440758b971975c5c81ace4225
Change-Id: I0b4ef83a5383ff9726f6d69e0394fc544c381a7e
2018-04-12 23:59:34 +02:00
Ben Nemec
c45d027c43 Designate Integration
Change-Id: I1ddefb7b6a6e1c7b0b76589b9f8f1b99776d39e8
Depends-On: I115090679bd2577cdc3998ab3cc97f9581e5e18a
bp designate-support
2018-03-27 15:45:39 +00:00
Zuul
97664cb9fe Merge "FFU: Fix glance tasks" 2018-03-19 08:23:35 +00:00
Zuul
78af246b66 Merge "Adds fast_forward_upgrade_tasks for Heat services" 2018-03-16 23:35:08 +00:00
Zuul
0da17202ec Merge "Add support for Dell EMC XtremIO Cinder ISCSI Backend" 2018-03-16 01:18:44 +00:00
Lukas Bezdicka
9765f8d225 FFU: Fix glance tasks
We need to register fact instead of reruning checks and we can't
hijack glance-api service with glance-registry removal. For the
removal of glance-registry we reintroduce the disabled service
to Controller role.

Change-Id: I38ab5a91b541e7e070f188ee73ef4c7dd7f65eaa
2018-03-14 17:54:35 +00:00
rajinir
a462d796a7 Add support for Dell EMC XtremIO Cinder ISCSI Backend
This change adds a new define for cinder::backend::dellemc_xtremio_iscsi

Change-Id: Icf4a199383064e7884953f0f5085dcef54c3b9a4
Implements: blueprint dellemc-xtremeio-cinder
2018-03-09 14:25:14 -06:00
marios
fa66d68c08 Adds fast_forward_upgrade_tasks for Heat services
Adds ffu tasks for the heat services -api, -api-cfn,
-api-cloudwatch and -engine under systemd are stopped
and also disabled (e.g. to be containerized, migrated httpd etc).
Services stopped step 1, package update step 6, dbsync step8.

Change-Id: Ida0b4cb7f6f0a9d966e2a79dd05460565d98aaf9
2018-03-07 17:41:27 +01:00
Zuul
9727a0d813 Merge "Render NIC config templates with jinja2" 2018-02-14 05:54:31 +00:00
Zuul
8a3fbc0738 Merge "Add Mistral to the provided controller roles" 2018-02-13 23:36:31 +00:00
Dan Sneddon
1dec175241 Render NIC config templates with jinja2
This change converts the existing NIC templates to jinja2 in
order to dynamically render the ports and networks according
to the network_data.yaml. If networks are added to the
network_data.yaml file, parameters will be added to all
NIC templates. The YAML files (as output from jinja with
the default network_data.yaml) are present as an example.

The roles in roles_data.yaml are used to produce NIC configs
for the standard and custom composable roles. In order to
keep the ordering of NICs the same in the multiple-nics
templates, the order of networks was changed in the
network_data.yaml file. This is reflected in the network
templates, and in some of the files that is the only
change.

The roles and roles_data.yaml were modified to include
a legacy name for the NIC config templates for the
built-in roles Controller, Compute, Object Storage,
Block Storage, Ceph Storage, Compute-DPDK, and
Networker roles. There will now be a file produced
with the legacy name, but also one produced with the
<role>-role.j2.yaml format (along with environment
files to help use the new filenames).

Note this change also fixes some typos as well as
a number of templates that had VLANs with device:
entries which were ignored.

Closes-Bug: 1737041
Depends-On: I49c0245c36de3103671080fd1c8cfb3432856f35
Change-Id: I3bdb7d00dab5a023dd8b9c94c0f89f84357ae7a4
2018-02-13 00:19:37 -08:00
zshi
d0a92f1c20 Add PTP composable service
Precision Time Protocol (PTP) is a protocol used to
synchronize clocks throughout a network. When used
in conjunction with hardware support, PTP is capable
of sub-microsecond accuracy which is far better than
is normally obtainable with NTP.

Change-Id: I98a1833db28944cfd5a89e4f28c192bb9af8ebbb
Depends-On: Idc78df3a90b73be504480bc9d33a3f0041d2d84f
2018-02-08 15:20:17 +08:00
Brad P. Crochet
5d81257224 Add Mistral to the provided controller roles
Mistral is not in the provided controller roles. Let's add that.

Change-Id: I8938fef87343d66cb216db364304ec7144ecaca6
2018-02-07 15:57:28 -05:00
Zuul
16e15b73b9 Merge "Add support for Dell EMC VNX Cinder Backend" 2018-02-07 03:47:17 +00:00
Pradeep Kilambi
4308485b2c Restore disable templates for telemetry for Queens
We need these templates accessible for fast forward upgrades
workflow to disable these services. Lets put these back in
and remove them in Rocky instead. These were originally
removed in commit  5ebbc81c2ad90c34925173942bdd4a468964d53b.

Change-Id: Iba1e13c7a78dd012373830331682c9e29d775f73
2018-02-05 14:56:35 +00:00
rajinir
afe81a4e05 Add support for Dell EMC VNX Cinder Backend
This change adds a new define for cinder::backend::dellemc_vnx

Change-Id: I57af2f781c24c74b355410ffb4dc28382ee183fd
Implements: blueprint dellemc-vnx-cinder
2018-01-30 10:57:56 -06:00
Zuul
2ebc2ee3af Merge "Run Octavia configuration on the overcloud" 2018-01-22 19:50:12 +00:00
Or Idgar
9d692aaa2f Run Octavia configuration on the overcloud
Fully configuring Octavia requires resources such as the load balancer
management network and amphora image to be created in the overcloud
during deployment. This is handled through some ansible driven through a
mistral workflow. This patch enables configuring and triggering this
workflow from heat.

Co-Authored-By: Brent Eagles <beagles@redhat.com>
Depends-on: If07ded033be9f44b7c7a7e09214032fa89a02e77

Change-Id: I2d10dbd33b3a0ed0463096849d01aa2c1b9f293e
2018-01-16 13:19:09 +00:00
lhinds
7e68dbdf8c Implements AIDE Intrusion Detection System
Introduces a service to configure AIDE Intrusion Detection.

This service init's the database and copies the new database
to the active naming. It also sets a cron job, using email if
`AideEmail` is populated, otherwise the reports are sent to
`/var/log/aide/`.

AIDE rules can be supplied as a hash, and should the rules ever
be changed, the service will populate the new rules and re-init
a fresh integrity database.

Related-Blueprint: tripleo-aide-database
Depends-On: Iac2ceb7fc6b610f8920ae6f75faa2885f3edf6eb
Change-Id: I23d8ba2c43e907372fe079026df1fca5fa1c9881
2018-01-15 13:10:16 +00:00
Emilien Macchi
6a6872f390 Introduce OS::TripleO::Services::Rhsm
Background:
extraconfig/pre_deploy/rhel-registration interface has been maintained
for some time now but it's missing some features and the code overlaps
with ongoing efforts to convert everything to Ansible.

Plan:
Consume ansible-role-redhat-subscription from TripleO, so all the logics
goes into the Ansible role, and not in TripleO anymore.
The single parameter exposed to TripleO is RhsmVars and any Ansible
parameter can be given to make the role working.
The parameter can be overriden per roles, so we can think at specific
cases were some Director roles would have specific RHSM configs.
Once we have feature parity between what is done and what was here
before, we'll deprecate the old interface.

Testing:
Because RHSM can't be tested on CentOS, this code was manually tested on
RHEL against the public subscription portal. Also, we verified that
generated Ansible playbooks were correct and called the role with the
right parameters.

Documentation:
We'll work on documentation during the following weeks and explain
how to switch from the previous interface to the new one, and also
document new uses requested by our users.

Change-Id: I8610e4f1f8478f2dcbe3afc319981df914ce1780
2017-12-27 11:03:49 -08:00
Zuul
20a5994716 Merge "Add multiple secret store backends for barbican" 2017-12-08 01:23:23 +00:00
Ade Lee
f8decc73fc Add multiple secret store backends for barbican
Change-Id: I7aaa242ee1ecbfcbcc7502b0ce8e5a9191d307f2
Depends-On: I07e52897897f453382f74aa4fdaa98c37e6eca30
2017-12-05 13:07:50 -05:00
Juan Antonio Osorio Robles
898ad4f54b Add IPSEC composable service
This service is tied to the external_deploy_tasks (such as the k8s
service); and it deploys IPSEC in the overcloud.

bp ipsec

Change-Id: Ie3b7af92c0ec97241de6d8badec13b9e93ee9305
2017-12-05 13:10:18 +00:00
lhinds
502fde7a64 Implements management of /etc/login.defs
Enables management of shadow password directives in login.defs

By allowing operators to set values in login.defs, they are able
to improve password security for newly created system accounts.

This change will in turn allow operators to adhere with security
hardening frameworks, such as STIG DISA & CIS Security Benchmarks.

bp login-defs

Change-Id: Id4fe88cb9569f18f27f94c35b5c27a85fe7947ae
Depends-On: Iec8c032adb44593da3770d3c6bb5a4655e463637
2017-11-29 09:23:25 +00:00
Zuul
b2bc4f36a3 Merge "logging: merge fluentd-client and fluentd-base" 2017-11-22 10:41:19 +00:00
Zuul
a4877d7272 Merge "Removes manila-generic-config from TripleO" 2017-11-21 16:54:11 +00:00