163 Commits

Author SHA1 Message Date
Hamdy Khader
afcf2c71e3 Add support for NVMeOF cinder backend
Change-Id: I2ee3b44fc4a7bede635b0bfcacd1dab8547d123a
2018-05-07 15:45:42 +03:00
Zuul
822bd996b3 Merge "Support separate oslo.messaging services for RPC and Notification" 2018-04-25 04:43:46 +00:00
Andrew Smith
78bc457585 Support separate oslo.messaging services for RPC and Notification
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.

This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
  (rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
  and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note

Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
2018-04-22 04:33:44 +00:00
Carlos Goncalves
9526cef547 Containerize Neutron LBaaS service plugin
Change-Id: I68e5ca5a78a2bd08082a494b636c6e2debb6bbae
2018-04-18 10:53:48 +02:00
Harald Jensas
5203e43979 Add Ironic Networking Baremetal Templates
Ironic neutron agent will be installed on controller nodes, or
networker nodes, when environments/services/ironic.yaml or
environments/services-docker/ironic.yaml is used.

It should also be enabled on undercloud.

Also enables ``baremetal`` ML2 mechanism driver on undercloud.

Depends-On: Ic1f44414e187393d35e1382a42d384760d5757ef
Depends-On: I3c40f84052a41ed440758b971975c5c81ace4225
Change-Id: I0b4ef83a5383ff9726f6d69e0394fc544c381a7e
2018-04-12 23:59:34 +02:00
Zuul
95761ae6f1 Merge "Designate Integration" 2018-04-10 20:44:18 +00:00
mandreou
66df6bdb46 Remove no longer used disable_upgrade_deployment flag
In I75f087dc456c50327c3b4ad98a1f89a7e012dc68 we removed much of
the legacy upgrade workflow. This now also removes the
disable_upgrade_deployment flag and the tripleo_upgrade_node.sh
script, both of which are no longer used and have no effect on
the upgrade.

Related reviews
    I7b19c5299d6d60a96a73cafaf0d7103c3bd7939d tripleo-common
    I4227f82168271089ae32cbb1f318d4a84e278cc7 python-tripleoclient

Change-Id: Ib340376ee80ea42a732a51d0c195b048ca0440ac
2018-03-29 15:27:30 +03:00
Ben Nemec
c45d027c43 Designate Integration
Change-Id: I1ddefb7b6a6e1c7b0b76589b9f8f1b99776d39e8
Depends-On: I115090679bd2577cdc3998ab3cc97f9581e5e18a
bp designate-support
2018-03-27 15:45:39 +00:00
Zuul
97664cb9fe Merge "FFU: Fix glance tasks" 2018-03-19 08:23:35 +00:00
Zuul
78af246b66 Merge "Adds fast_forward_upgrade_tasks for Heat services" 2018-03-16 23:35:08 +00:00
Zuul
0da17202ec Merge "Add support for Dell EMC XtremIO Cinder ISCSI Backend" 2018-03-16 01:18:44 +00:00
Lukas Bezdicka
9765f8d225 FFU: Fix glance tasks
We need to register fact instead of reruning checks and we can't
hijack glance-api service with glance-registry removal. For the
removal of glance-registry we reintroduce the disabled service
to Controller role.

Change-Id: I38ab5a91b541e7e070f188ee73ef4c7dd7f65eaa
2018-03-14 17:54:35 +00:00
rajinir
a462d796a7 Add support for Dell EMC XtremIO Cinder ISCSI Backend
This change adds a new define for cinder::backend::dellemc_xtremio_iscsi

Change-Id: Icf4a199383064e7884953f0f5085dcef54c3b9a4
Implements: blueprint dellemc-xtremeio-cinder
2018-03-09 14:25:14 -06:00
marios
fa66d68c08 Adds fast_forward_upgrade_tasks for Heat services
Adds ffu tasks for the heat services -api, -api-cfn,
-api-cloudwatch and -engine under systemd are stopped
and also disabled (e.g. to be containerized, migrated httpd etc).
Services stopped step 1, package update step 6, dbsync step8.

Change-Id: Ida0b4cb7f6f0a9d966e2a79dd05460565d98aaf9
2018-03-07 17:41:27 +01:00
Jiri Stransky
293dc73265 Fix invalid Ceph and BlockStorage role template
The roles would get generated with deprecated parameter group, but no
parameter in that group. Heat would then refuse that template.

Change-Id: I526c8177d1a759ae9e48cdb8b94fc2aa7fe3c6fb
Closes-Bug: #1750828
2018-02-22 11:08:36 +01:00
Zuul
9727a0d813 Merge "Render NIC config templates with jinja2" 2018-02-14 05:54:31 +00:00
Zuul
8a3fbc0738 Merge "Add Mistral to the provided controller roles" 2018-02-13 23:36:31 +00:00
Dan Sneddon
1dec175241 Render NIC config templates with jinja2
This change converts the existing NIC templates to jinja2 in
order to dynamically render the ports and networks according
to the network_data.yaml. If networks are added to the
network_data.yaml file, parameters will be added to all
NIC templates. The YAML files (as output from jinja with
the default network_data.yaml) are present as an example.

The roles in roles_data.yaml are used to produce NIC configs
for the standard and custom composable roles. In order to
keep the ordering of NICs the same in the multiple-nics
templates, the order of networks was changed in the
network_data.yaml file. This is reflected in the network
templates, and in some of the files that is the only
change.

The roles and roles_data.yaml were modified to include
a legacy name for the NIC config templates for the
built-in roles Controller, Compute, Object Storage,
Block Storage, Ceph Storage, Compute-DPDK, and
Networker roles. There will now be a file produced
with the legacy name, but also one produced with the
<role>-role.j2.yaml format (along with environment
files to help use the new filenames).

Note this change also fixes some typos as well as
a number of templates that had VLANs with device:
entries which were ignored.

Closes-Bug: 1737041
Depends-On: I49c0245c36de3103671080fd1c8cfb3432856f35
Change-Id: I3bdb7d00dab5a023dd8b9c94c0f89f84357ae7a4
2018-02-13 00:19:37 -08:00
zshi
d0a92f1c20 Add PTP composable service
Precision Time Protocol (PTP) is a protocol used to
synchronize clocks throughout a network. When used
in conjunction with hardware support, PTP is capable
of sub-microsecond accuracy which is far better than
is normally obtainable with NTP.

Change-Id: I98a1833db28944cfd5a89e4f28c192bb9af8ebbb
Depends-On: Idc78df3a90b73be504480bc9d33a3f0041d2d84f
2018-02-08 15:20:17 +08:00
Brad P. Crochet
5d81257224 Add Mistral to the provided controller roles
Mistral is not in the provided controller roles. Let's add that.

Change-Id: I8938fef87343d66cb216db364304ec7144ecaca6
2018-02-07 15:57:28 -05:00
Zuul
16e15b73b9 Merge "Add support for Dell EMC VNX Cinder Backend" 2018-02-07 03:47:17 +00:00
Pradeep Kilambi
4308485b2c Restore disable templates for telemetry for Queens
We need these templates accessible for fast forward upgrades
workflow to disable these services. Lets put these back in
and remove them in Rocky instead. These were originally
removed in commit  5ebbc81c2ad90c34925173942bdd4a468964d53b.

Change-Id: Iba1e13c7a78dd012373830331682c9e29d775f73
2018-02-05 14:56:35 +00:00
rajinir
afe81a4e05 Add support for Dell EMC VNX Cinder Backend
This change adds a new define for cinder::backend::dellemc_vnx

Change-Id: I57af2f781c24c74b355410ffb4dc28382ee183fd
Implements: blueprint dellemc-vnx-cinder
2018-01-30 10:57:56 -06:00
Zuul
2ebc2ee3af Merge "Run Octavia configuration on the overcloud" 2018-01-22 19:50:12 +00:00
Or Idgar
9d692aaa2f Run Octavia configuration on the overcloud
Fully configuring Octavia requires resources such as the load balancer
management network and amphora image to be created in the overcloud
during deployment. This is handled through some ansible driven through a
mistral workflow. This patch enables configuring and triggering this
workflow from heat.

Co-Authored-By: Brent Eagles <beagles@redhat.com>
Depends-on: If07ded033be9f44b7c7a7e09214032fa89a02e77

Change-Id: I2d10dbd33b3a0ed0463096849d01aa2c1b9f293e
2018-01-16 13:19:09 +00:00
lhinds
7e68dbdf8c Implements AIDE Intrusion Detection System
Introduces a service to configure AIDE Intrusion Detection.

This service init's the database and copies the new database
to the active naming. It also sets a cron job, using email if
`AideEmail` is populated, otherwise the reports are sent to
`/var/log/aide/`.

AIDE rules can be supplied as a hash, and should the rules ever
be changed, the service will populate the new rules and re-init
a fresh integrity database.

Related-Blueprint: tripleo-aide-database
Depends-On: Iac2ceb7fc6b610f8920ae6f75faa2885f3edf6eb
Change-Id: I23d8ba2c43e907372fe079026df1fca5fa1c9881
2018-01-15 13:10:16 +00:00
Daniel Alvarez
85e006d19d Add support for OVN Metadata Agent
This patch adds support for networking-ovn-metadata-agent.
It will deploy the agent on compute nodes and disable Nova
force_config_drive.

The following two patches have been squashed into this one:
* https://review.openstack.org/#/c/525164/
* https://review.openstack.org/#/c/522813/
The reason behind the squash is that we had interdepenencies
and this patch alone wouldn't be testing the code properly
without the two other ones since scenario007 job in baremetal
has been removed for this cycle.

UpgradeImpact

Depends-On: I678652294cb8f964c34b742a0bc0ea360d736fb9
Depends-On: If3dffde5e0db8f7607a9708d36d54d1600fe5da8
Depends-On: I38f775479d178f5b252619635b67f876bc8c5ed5
Depends-On: Ifdd42437333730a3b3e6f36cbab6df0a2971a5a1
Depends-On: I940cec6d670df39ac6e2a3559a028acbeee99331

Change-Id: Idc2bb4e31a64502ac6fcdac771d823509dc328e7
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
2018-01-12 09:40:06 +00:00
Emilien Macchi
6a6872f390 Introduce OS::TripleO::Services::Rhsm
Background:
extraconfig/pre_deploy/rhel-registration interface has been maintained
for some time now but it's missing some features and the code overlaps
with ongoing efforts to convert everything to Ansible.

Plan:
Consume ansible-role-redhat-subscription from TripleO, so all the logics
goes into the Ansible role, and not in TripleO anymore.
The single parameter exposed to TripleO is RhsmVars and any Ansible
parameter can be given to make the role working.
The parameter can be overriden per roles, so we can think at specific
cases were some Director roles would have specific RHSM configs.
Once we have feature parity between what is done and what was here
before, we'll deprecate the old interface.

Testing:
Because RHSM can't be tested on CentOS, this code was manually tested on
RHEL against the public subscription portal. Also, we verified that
generated Ansible playbooks were correct and called the role with the
right parameters.

Documentation:
We'll work on documentation during the following weeks and explain
how to switch from the previous interface to the new one, and also
document new uses requested by our users.

Change-Id: I8610e4f1f8478f2dcbe3afc319981df914ce1780
2017-12-27 11:03:49 -08:00
Zuul
20a5994716 Merge "Add multiple secret store backends for barbican" 2017-12-08 01:23:23 +00:00
Ade Lee
f8decc73fc Add multiple secret store backends for barbican
Change-Id: I7aaa242ee1ecbfcbcc7502b0ce8e5a9191d307f2
Depends-On: I07e52897897f453382f74aa4fdaa98c37e6eca30
2017-12-05 13:07:50 -05:00
Juan Antonio Osorio Robles
898ad4f54b Add IPSEC composable service
This service is tied to the external_deploy_tasks (such as the k8s
service); and it deploys IPSEC in the overcloud.

bp ipsec

Change-Id: Ie3b7af92c0ec97241de6d8badec13b9e93ee9305
2017-12-05 13:10:18 +00:00
lhinds
502fde7a64 Implements management of /etc/login.defs
Enables management of shadow password directives in login.defs

By allowing operators to set values in login.defs, they are able
to improve password security for newly created system accounts.

This change will in turn allow operators to adhere with security
hardening frameworks, such as STIG DISA & CIS Security Benchmarks.

bp login-defs

Change-Id: Id4fe88cb9569f18f27f94c35b5c27a85fe7947ae
Depends-On: Iec8c032adb44593da3770d3c6bb5a4655e463637
2017-11-29 09:23:25 +00:00
Zuul
b2bc4f36a3 Merge "logging: merge fluentd-client and fluentd-base" 2017-11-22 10:41:19 +00:00
Zuul
a4877d7272 Merge "Removes manila-generic-config from TripleO" 2017-11-21 16:54:11 +00:00
Zuul
301e8d84e9 Merge "Deploy Ceph Luminous and add support for CephMgr service" 2017-11-21 01:48:51 +00:00
Giulio Fidente
3cea68f12c Deploy Ceph Luminous and add support for CephMgr service
The upgrade of Ceph to Luminous requires a new daemon, ceph-mgr, to be
deployed with every ceph-mon. This submission adds support for the
deployment of ceph-mgr via ceph-ansible.

Change-Id: I4226233d02b70980c6b53518ae2d511b653ce2de
Depends-On: I3645c6c3f68fcefc93fa8699796ba8892aa946c8
Implements: blueprint ceph-luminous
2017-11-20 21:11:23 +01:00
Lars Kellogg-Stedman
f982eb55c4 logging: merge fluentd-client and fluentd-base
The fluentd implementation was originally split across multiple files
in order to support both client and server services. we ultimately
decided to only implement the client as part of tripleo so this
division is no longer necessary.  This commit merges
fluentd-client.yaml and fluentd-base.yaml into fluentd.yaml, and
renames things appropriately.

Partial-bug: #1715187
Depends-On: Iace34b7baae8822d2233d97adabf6ebc8833adab
Change-Id: Idb9886f04d56ffc75a78c4059ff319b58b4acf9f
2017-11-17 11:04:52 +01:00
Juan Antonio Osorio Robles
97f9a01f79 Add rsyslog-sidecar resource and configuration
This introduces a "sidecar" container, which is meant to be used
besides other containers (or as part of the pod). It merely uses
rsyslog to listen on a specific UNIX socket and outputs what it
gets to stdout.

This adds the service to each relevant role and introduces a
composable service which merely configures the container. Subsequently
it'll be used as part of other templates.

Note that it is only enabled if "stdout logging" is enabled.

bp logging-stdout-rsyslog
Depends-On: I4864ddca223becd0a17f902729cf2e566df5e521

Change-Id: I2c54acaaa820961c936f1fbe304f42162f720496
2017-11-17 10:38:57 +02:00
Zuul
5840413021 Merge "Barbican: Add ability to specify KEK for simple crypto plugin" 2017-11-13 14:18:39 +00:00
Pradeep Kilambi
5ebbc81c2a Remove deprecated Telemetry services from roles data
Ceilometer API, Collector and Expirer are removed from upstream,
so lets clean these deprecated services.

Change-Id: Ifd28a3029cd39644833ab0e9fc66efb7b5b67c9d
2017-11-07 12:54:41 +00:00
Ade Lee
2089a53afd Barbican: Add ability to specify KEK for simple crypto plugin
It adds the profile to enable the backend and a relevant environment
file that will be used.

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Depends-On: I44391b91b01bc03c9773410152e117ec6bbba491
Change-Id: I39ce9f203af0dea20f7c14ba8b484f600f4aad49
2017-11-02 15:31:17 +00:00
Saravanan KR
739b05f528 Added a new role definition for SR-IOV Compute role
In order to support the role generation command, a new role for
hosting SR-IOV workloads has been added. This also removes the
SR_IOV services from the default compute so that compute and compute
sriov can co-exist in the same cluster.
Closes-Bug: #1715829

Change-Id: If48bd6a69209da556cc75ece035b341eb59f41a9
2017-10-25 15:16:28 +05:30
Victoria Martinez de la Cruz
6740f94914 Removes manila-generic-config from TripleO
Generic driver is not intended to be used in real environments
since it introduces a SPOF in the data path. Due to this, it
doesn't make sense and generates confusion to have the environment
file, so in this patch set we simply remove it.

Change-Id: I2e1db2bd614eae65e59712f50dc3391f16f6b388
Closes-Bug: #1708680
2017-10-16 16:54:47 -03:00
Zuul
7b3e9f7d54 Merge "Remove Heat Cloudwatch API" 2017-10-16 09:22:39 +00:00
Jenkins
efd86fb1a8 Merge "Add a Skydive composable service" 2017-10-13 20:37:59 +00:00
Alex Schultz
5c3efe66a4 Remove Heat Cloudwatch API
The heatwatch api has long be deprecated[0] so this should not be in the
roles and environment configuration.

[0]
http://lists.openstack.org/pipermail/openstack-dev/2015-April/061834.html

Change-Id: I322979c34a92565a7dd54248c312b692e9c83f74
Closes-Bug: #1720865
2017-10-11 09:54:38 +02:00
Bernard Cafarelli
7059ca1316 Add networking-sfc support
Enables deployment of service function chaining via the networking-sfc
project.

Implements: blueprint networking-sfc-support

Co-Authored-By: Bernard Cafarelli <bcafarel@redhat.com>
Change-Id: I230b31dc9ed0ecc5046064628ba2f2505e589522
Depends-On: Icd433ddc6ae7de19a09f9e33b410a362c317138a
2017-10-10 13:33:32 +00:00
Sylvain Baubeau
d31bc3a573 Add a Skydive composable service
This commits adds one service for the agent, and one
other for the analyzer. When using multiple controller nodes,
the analyzers are deployed in cluster mode, with a single etcd node.
These services are deployed as containers using a Mistral
workflow with Ansible.

Depends-on: I0442d2a75a4931a4bd8399c58ff6b016d5486945
Change-Id: I56c53158f9ed294dac95dbd7087d057e427f16a1
2017-10-04 10:32:07 +02:00
Derek Higgins
a850d8059f Add IronicPxe to the default controller
It doesn't exist in the non containerized openstack so leave it
stubbed out by default.

Change-Id: I5fcb1f0b9958ac90f034a12f1ee733dae6571f9c
2017-09-25 17:07:47 +01:00
Jenkins
9126ca5459 Merge "Add Swift dispersion profile" 2017-09-11 12:21:12 +00:00