6637 Commits

Author SHA1 Message Date
Emilien Macchi
2468fe12e7 undercloud_post: fix subnet name
The default control plane subnet name is "ctlplane-subnet", so let's
create the right subnet for the containerized undercloud.

Note: the subnet can't be overriden (yet) but for now we rely on the
default.

Change-Id: I15954bced81ef6c3e1a1f4a73bc989f33d08d6f7
2018-02-15 05:30:27 +00:00
Zuul
c0293adb6e Merge "Disable SNMP service in all CI jobs" 2018-02-15 03:00:16 +00:00
Zuul
6b449eaa52 Merge "Do not depends on the order of the hash vars in ffu repo switching." 2018-02-15 01:58:15 +00:00
Zuul
0834134fd6 Merge "ffu: Allow FASTFORWARDUPGRADE as a StackUpdateType" 2018-02-14 18:27:22 +00:00
Emilien Macchi
cb90c8ce48 Disable SNMP service in all CI jobs
Some work is being done in I46fce28926cb5a881f7384948480266712ae75e3
to secure SNMP on a specific network but until then we need to stop
opening the services so cloud providers won't report any security issue
for TripleO jobs.

Change-Id: Icd8a6ddda6152186d6be4a227f6449232fecba5e
Related-Bug: #1749324
2018-02-14 09:32:55 -08:00
Sofer Athlan-Guyot
d20264c8ba Do not depends on the order of the hash vars in ffu repo switching.
As vars in defined as an hash and we can't depends on the ordering
here.

Change-Id: I93fb1811aff6a5c0e5f984f8562a6cdd207f1b5c
Related-Bug: #1749338
2018-02-14 15:35:07 +01:00
Zuul
7c084d8431 Merge "Add OVNController service to Networker role" 2018-02-14 12:06:16 +00:00
Zuul
9a91a71426 Merge "Enable Barbican health checks" 2018-02-14 07:41:14 +00:00
Zuul
9727a0d813 Merge "Render NIC config templates with jinja2" 2018-02-14 05:54:31 +00:00
Zuul
42913cf2bf Merge "Fixes missing SSL configuration for Neutron DHCP agent" 2018-02-13 23:58:24 +00:00
Zuul
8a3fbc0738 Merge "Add Mistral to the provided controller roles" 2018-02-13 23:36:31 +00:00
Zuul
9604728016 Merge "Fix Redis TLS setup and its HA deployment" 2018-02-13 23:34:49 +00:00
Zuul
15f7620ca4 Merge "Adding new config parameters for Cisco UCSM ML2 driver" 2018-02-13 23:30:18 +00:00
Zuul
8519911d3b Merge "Add name to debug tasks" 2018-02-13 20:22:18 +00:00
Tim Rozet
2adb2b6f57 Fixes missing SSL configuration for Neutron DHCP agent
Currently when deploying with TLS for internal API traffic, Neutron is
not configured to securely communicate with OVSDB.  In regular OVS agent
deployments OVS listens on ptcp and accepts any incoming connection.  In
ODL deployments OVS is configured to only listen for pssl connections.
To allow Neutron agents to communicate with OVSDB in pssl, Neutron needs
to be configured with SSL key/certificate in order to connect to OVS.

This patch adds key/certificate generation for NeutronBase service to be
consumed by any agent.  The only agent required with ODL is DHCP, so
this patch only addresses configuring SSL there.  However, a future
patch could enable SSL for default ML2/OVS agent deployments as well by
building off of this change.

Note, by default OVSDB listens on port 6640.  This does not work in ODL
deployments when ODL is on the control node because ODL also listens
on port 6640.  Therefore from the ODL service, the ovsdb_connection
setting for DHCP agent is modified when ODL is deployed.

Depends-On: I82281eefa1aa81207ccd8ea565cffc6ca0ec48de
Depends-On: I4bbaf00f0776cab0be34d814a541fb2fd1e64326

Closes-Bug: 1746762

Change-Id: I97352027d7f750d0820610fb9e06f82b47e77056
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-02-13 12:28:27 -05:00
Zuul
c4bd454739 Merge "Fix hardcoded dependency for ExtraConfigPost." 2018-02-13 16:39:37 +00:00
Sandhya Dasu
b2d76220f0 Adding new config parameters for Cisco UCSM ML2 driver
UCSM ML2 driver now supports the following additional
configuration parameters:
1. ucsm_https_verify
2. sp_template_list
3. vnic_template_list

Change-Id: Ie74f1b9653894f8c717156beb604dae9d9e60e6a
2018-02-13 16:26:12 +00:00
Lee Yarwood
3d8f47a71a ffu: Allow FASTFORWARDUPGRADE as a StackUpdateType
This change allows FASTFORWARDUPGRADE to be fed to puppet-tripleo
allowing mainifests to act according when applied during FFU.

Change-Id: I8792937c2524c31becfb8a9f28047b73617c0fc3
2018-02-13 10:53:55 -05:00
Zuul
7777f7b02e Merge "Adding docker service for BGPVPN Service Plugin" 2018-02-13 12:57:46 +00:00
Dan Sneddon
1dec175241 Render NIC config templates with jinja2
This change converts the existing NIC templates to jinja2 in
order to dynamically render the ports and networks according
to the network_data.yaml. If networks are added to the
network_data.yaml file, parameters will be added to all
NIC templates. The YAML files (as output from jinja with
the default network_data.yaml) are present as an example.

The roles in roles_data.yaml are used to produce NIC configs
for the standard and custom composable roles. In order to
keep the ordering of NICs the same in the multiple-nics
templates, the order of networks was changed in the
network_data.yaml file. This is reflected in the network
templates, and in some of the files that is the only
change.

The roles and roles_data.yaml were modified to include
a legacy name for the NIC config templates for the
built-in roles Controller, Compute, Object Storage,
Block Storage, Ceph Storage, Compute-DPDK, and
Networker roles. There will now be a file produced
with the legacy name, but also one produced with the
<role>-role.j2.yaml format (along with environment
files to help use the new filenames).

Note this change also fixes some typos as well as
a number of templates that had VLANs with device:
entries which were ignored.

Closes-Bug: 1737041
Depends-On: I49c0245c36de3103671080fd1c8cfb3432856f35
Change-Id: I3bdb7d00dab5a023dd8b9c94c0f89f84357ae7a4
2018-02-13 00:19:37 -08:00
Zuul
a8520b8c13 Merge "Adding docker service for the L2GW" 2018-02-13 02:13:35 +00:00
Zuul
0a01a40a8f Merge "Add bond-network-templates for OVB public bond CI" 2018-02-12 19:40:49 +00:00
Zuul
d01d2ea23e Merge "logging: use service_config_settings for fluentd" 2018-02-12 19:40:36 +00:00
Zuul
ec1b23de0f Merge "Ignore same file errors for templates processor" 2018-02-12 19:40:18 +00:00
Zuul
39058d302f Merge "ffu: tripleo-packages repo management" 2018-02-12 19:39:27 +00:00
Zuul
e9b0c28b81 Merge "ffu: Add fast-forward upgrade outputs to RoleConfig" 2018-02-12 19:39:14 +00:00
Zuul
4e3cd0df30 Merge "Always evaluate step first in conditional" 2018-02-12 19:39:06 +00:00
Martin Mágr
b121325f6c Enable Barbican health checks
This patch enables health checks execution for all Barbican docker container.

Change-Id: I2e542fa0adb52447abb251910f3ff1095289c726
Depends-On: Ic0573f6dfe550dd7f5d6bc579b3b44a60d4bf1fc
2018-02-12 15:18:41 +01:00
Zuul
d11a90b62c Merge "Fix custom output dir for templates processor" 2018-02-12 11:39:43 +00:00
Steven Hardy
7f4811779f Add name to debug tasks
This makes it clearer that the previous task failed, which isn't
immediately evident from the ansible task output due to the failed_when
on those tasks.

Change-Id: I765208d5865f6e5a292e5b52c572e2e79540c663
Closes-Bug: #1748443
2018-02-12 10:13:25 +00:00
Bogdan Dobrelya
60a209b45e Ignore same file errors for templates processor
When copying templates or files with the
process-templates.py's shutil, ignore cases when
the source and the destination are same files.

This allows the following scenario:
  - Symlink t-h-t from the installed package to a work dir
  - Process j2 templates with overwrite in the work dir

Required-by: https://review.openstack.org/#/c/542875

Change-Id: I9a9c32f05fde325709998f4fe8bc7fef6c25b5c5
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-02-12 11:11:30 +01:00
Zuul
d51c3e3103 Merge "Expose params to enable panko expirer cron" 2018-02-10 13:03:59 +00:00
Zuul
89a790fd4b Merge "[Upgrade] Reuse OVS workaround in docker neutron ovs agent" 2018-02-09 18:51:23 +00:00
Zuul
97e2c6c5ca Merge "Fixes SSL/TLS with OpenDaylight docker service" 2018-02-09 18:51:22 +00:00
Zuul
62987bc1b2 Merge "Add S3 storage driver as an option and its config" 2018-02-09 18:18:08 +00:00
marios
7cf9a76b76 ffu: tripleo-packages repo management
This change introduces some basic repo management for fast-forward
upgrades using the tripleo-repos tool as the default implementation.

The following parameters have been added to the template to allow for
additional implementations to be added.

FastForwardRepoType - Currently defaults to tripleo-repos
FastForwardRepoArgs - Currently defaults to tripleo-repos args for O and P

bp fast-forward-upgrades
Change-Id: I92f6f5015f34e6c5e8ef131f303d9c8144d1c83e
2018-02-09 17:13:31 +01:00
Lee Yarwood
acb2475e4c ffu: Add fast-forward upgrade outputs to RoleConfig
As outlined in the spec, fast-forward upgrades aim to take an
environment from an initial release of N to a release of N>=2, beyond
that of the traditionally supported N+1 upgrade path provided today by
many OpenStack projects.

For TripleO the first phase of this upgrade will be to move the
environment to the release prior to the target release. This will be
achieved by disabling all OpenStack control plane services and then
preforming the minimum number of steps required to upgrade each service
through each release until finally reaching the target release.

This change introduces the framework for this phase of the fast-forward
upgrades by adding playbooks and task files as outputs to RoleConfig.

- fast_forward_upgrade_playbook.yaml

This is the top level play and acts as the outer loop of the process,
iterating through the required releases as set by the
FastForwardUpgradeReleases parameter for the fast-forward section of the
upgrade. This currently defaults to Ocata and Pike for Queens.

Note that this play is run against the overcloud host group and it is
currently assumed that the inventory used to run this play is provided
by the tripleo-ansible-inventory command.

- fast_forward_upgrade_release_tasks.yaml

This output simply imports the top level prep and bootstrap task files.

- fast_forward_upgrade_prep_tasks.yaml
- fast_forward_upgrade_bootstrap_tasks.yaml

These outputs act as the inner loop for the fast-forward upgrade phase,
iterating over step values while importing their associated role tasks.

As prep tasks are carried out first for each release we loop over step
values starting at 0 and ending at the defined
fast_forward_upgrade_prep_steps_max, currently 3.

Following this we then complete the bootstrap tasks for each release,
looping over steps values starting at
fast_forward_upgrade_prep_steps_max + 1 , currently 4 and ending at
fast_forward_upgrade_steps_max,currently 9.

- fast_forward_upgrade_prep_role_tasks.yaml
- fast_forward_upgrade_bootstrap_role_tasks.yaml

These outputs then finally import the fast_forward_upgrade_tasks files
generated by the FastForwardUpgradeTasks YAQL query for each role. For
prep tasks these are always included when on an Ansible host of a given
role. This differs from bootstrap tasks that are only included for the
first host associated with a given role.

This will result in the following order of task imports with their
associated value of release and step:

fast_forward_upgrade_playbook
\_fast_forward_upgrade_release_tasks
  \_fast_forward_upgrade_prep_tasks              - release=ocata
     \_fast_forward_upgrade_prep_role_tasks      - release=ocata
       \_$roleA/fast_forward_upgrade_tasks       - release=ocata, step=0
       \_$roleB/fast_forward_upgrade_tasks       - release=ocata, step=0
       \_$roleA/fast_forward_upgrade_tasks       - release=ocata, step=1
       \_$roleB/fast_forward_upgrade_tasks       - release=ocata, step=1
       \_$roleA/fast_forward_upgrade_tasks       - release=ocata, step=2
       \_$roleB/fast_forward_upgrade_tasks       - release=ocata, step=2
       \_$roleA/fast_forward_upgrade_tasks       - release=ocata, step=3
       \_$roleB/fast_forward_upgrade_tasks       - release=ocata, step=3
  \_fast_forward_upgrade_bootstrap_tasks         - release=ocata
     \_fast_forward_upgrade_bootstrap_role_tasks - release=ocata
       \_$roleA/fast_forward_upgrade_tasks       - release=ocata, step=4
       \_$roleB/fast_forward_upgrade_tasks       - release=ocata, step=4
       \_$roleA/fast_forward_upgrade_tasks       - release=ocata, step=5
       \_$roleB/fast_forward_upgrade_tasks       - release=ocata, step=5
       \_$roleA/fast_forward_upgrade_tasks       - release=ocata, step=N
       \_$roleB/fast_forward_upgrade_tasks       - release=ocata, step=N
\_fast_forward_upgrade_release_tasks
  \_fast_forward_upgrade_prep_tasks              - release=pike
     \_fast_forward_upgrade_prep_role_tasks      - release=pike
       \_$roleA/fast_forward_upgrade_tasks       - release=pike, step=0
       \_$roleB/fast_forward_upgrade_tasks       - release=pike, step=0
       \_$roleA/fast_forward_upgrade_tasks       - release=pike, step=1
       \_$roleB/fast_forward_upgrade_tasks       - release=pike, step=1
       \_$roleA/fast_forward_upgrade_tasks       - release=pike, step=2
       \_$roleB/fast_forward_upgrade_tasks       - release=pike, step=2
       \_$roleA/fast_forward_upgrade_tasks       - release=pike, step=3
       \_$roleB/fast_forward_upgrade_tasks       - release=pike, step=3
   \_fast_forward_upgrade_bootstrap_tasks        - release=pike
     \_fast_forward_upgrade_bootstrap_role_tasks - release=pike
       \_$roleA/fast_forward_upgrade_tasks       - release=pike, step=4
       \_$roleB/fast_forward_upgrade_tasks       - release=pike, step=4
       \_$roleA/fast_forward_upgrade_tasks       - release=pike, step=5
       \_$roleB/fast_forward_upgrade_tasks       - release=pike, step=5
       \_$roleA/fast_forward_upgrade_tasks       - release=pike, step=N
       \_$roleB/fast_forward_upgrade_tasks       - release=pike, step=N

bp fast-forward-upgrades
Change-Id: Ie2683fd7b81167abe724a7b9245bf85a0a87ad1d
2018-02-09 17:13:31 +01:00
Lukas Bezdicka
0cb5c847f3 Always evaluate step first in conditional
If we use variables defined in later step in conditional before
checking which step are we on we will fail.

Resolves: rhbz#1535457
Closes-Bug: #1743764
Change-Id: Ic21f6eb5c4101f230fa894cd0829a11e2f0ef39b
2018-02-09 17:12:29 +01:00
Bogdan Dobrelya
e6946bc5f2 Fix custom output dir for templates processor
Templates processor fails to locate *.j2 files,
when a custom output dir is specified.

Ensure *.j2 templates are on their expected search
paths for upcoming pasring and rendering

Change-Id: Idbc93e27574c66a9a5a73e3fcd7e88647282f201
Closes-bug: #1748425
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-02-09 14:48:30 +01:00
Zuul
5ed2221959 Merge "Fix docker nova logging" 2018-02-09 12:45:19 +00:00
Lukas Bezdicka
a1c479f93c [Upgrade] Reuse OVS workaround in docker neutron ovs agent
In puppet neutron ovs agent we apply workaround which we forgot
to reuse in the docker service definition.

Resolves: rhbz#1536142
Closes-Bug: #1744126

Change-Id: If3a63cad754a875f56b604033c1aff498243140c
2018-02-09 13:40:29 +01:00
Ricardo Noriega
39cf6ef832 Adding docker service for the L2GW
L2GW Neutron driver is only present in neutron-server-opendaylight
  image. This service will apply its configuration to that image,
  but it should be extensible to other containers such neutron-server
  in the future.

Depends-On: I22023a645c4752c6371b5cea5ab69c7503991887
Change-Id: I9c39e9ff2ce2e15d3e383035c8cac7413e9eeb03
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2018-02-09 11:26:44 +01:00
Ricardo Noriega
910e39ca34 Adding docker service for BGPVPN Service Plugin
BGPVPN Neutron driver is only present in neutron-server-opendaylight
  image. This service will apply its configuration to that image,
  but it should be extensible to other containers such neutron-server
  in the future.

Depends-On: I22023a645c4752c6371b5cea5ab69c7503991887
Change-Id: Ie2b958f67859d285b02af5a80b2a14ccaaf9820a
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
2018-02-09 11:21:32 +01:00
Zuul
4bef5bd4e4 Merge "Mount central agent log dir to access outside the container" 2018-02-09 08:37:19 +00:00
Zuul
09d6828f13 Merge "Adding /usr/share/neutron/server config dir" 2018-02-09 06:43:17 +00:00
Oliver Walsh
8318923dd7 Fix docker nova logging
rootwrap.conf is not a nova conf file.
Also cleaned up redundant config file args, were the same as the defaults.

Change-Id: I4db5b0c896e7b3ee00c0d97cf07caacb83f04a9c
Related-bug: 1739492
2018-02-09 00:19:39 +00:00
Zuul
5f49e090e3 Merge "Do not generate apache/haproxy certs for invalid networks" 2018-02-08 23:15:21 +00:00
Pradeep Kilambi
5defc7a8c4 Expose params to enable panko expirer cron
Partial-Bug: #1746514

Depends-On: I23359239008105cd77a599d2c08c067f132099b7

Change-Id: Iec9825169dcf0f902c57c057e5f375351cf752f2
2018-02-08 21:40:16 +00:00
Pradeep Kilambi
cc9ec3d39b Mount central agent log dir to access outside the container
Change-Id: Ib01abbefba42e862d7628edd80b9da008bbafff9
2018-02-08 16:13:34 -05:00
Zuul
50f3daacc5 Merge "RHSM: update parameters in doc" 2018-02-08 18:06:46 +00:00