3891 Commits

Author SHA1 Message Date
Zuul
52e273e653 Merge "flatten cinder service configuration" 2019-01-18 20:45:50 +00:00
Zuul
61ca2022c9 Merge "flatten the heat service configurations" 2019-01-18 16:38:08 +00:00
David J Peacock
123f40a565 flatten cinder service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of cinder services has been removed.

Change-Id: I88f047a8ee9c3eed80e4c48ed9cabdb3035d518b
Related-Blueprint: services-yaml-flattening
2019-01-18 08:55:26 -05:00
Zuul
aa624468b5 Merge "Move cellv2 discovery from control plane services to compute services" 2019-01-18 10:27:02 +00:00
Zuul
733a7f4ee9 Merge "Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive" 2019-01-17 22:25:43 +00:00
Douglas Mendizábal
9012fff849 Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive
Added support for setting the Barbican option
always_set_cka_sensitive.  The option defaults to true as
needed by Safenet HSMs.  It is set to false in the ATOS
and Thales HSM environments.

Change-Id: If3fa975e8243dfe30ef67ec81db891943a94a9d5
Story: 2004734
2019-01-17 08:50:24 -06:00
David J Peacock
ae1efdd44c flatten sahara service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of sahara services has been removed.

Change-Id: I5a555155c881e0e92acc3ebba7b844abdd686e6e
Related-Blueprint: services-yaml-flattening
2019-01-17 09:43:11 -05:00
Dan Prince
9ed011efcd flatten the heat service configurations
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for all heat services.

With this patch the baremetal version of each heat service has been removed.

Change-Id: I5d639135b19b8fabfaa8beac54ae0dfc48f070f9
Related-Blueprint: services-yaml-flattening
2019-01-13 10:03:55 -05:00
Zuul
512f59a8cf Merge "flatten tripleo-packages service configuration" 2019-01-12 19:03:19 +00:00
Zuul
2ca3c7c94c Merge "Move docker into deployment directory" 2019-01-10 23:35:05 +00:00
Zuul
825ae19190 Merge "Designate - Use net_cidr_map for rndc_allowed_addresses" 2019-01-10 21:13:25 +00:00
Zuul
86755894f7 Merge "Apache - Use net_cidr_map for proxy_ips" 2019-01-10 21:13:22 +00:00
Zuul
eb5b6952c2 Merge "Fall back public_virtual_ip to ctlplane if External net not present" 2019-01-10 08:32:00 +00:00
Zuul
0435f6cc23 Merge "Only add internal_api_virtual_ip if InternalApi in network_data" 2019-01-10 08:31:58 +00:00
Zuul
f1ce0b106b Merge "Flatten Keystone service configuration" 2019-01-10 05:37:26 +00:00
Emilien Macchi
2d608e07b5 Move docker into deployment directory
This changes moves docker services from puppet to deployment directory.

Change-Id: I11a34708ee91f5b5928d7c647c83e95ca1b01cae
Related-Blueprint: services-yaml-flattening
2019-01-09 22:58:50 +00:00
Zuul
829cde2f35 Merge "Add horizon WebSSO support for OpenID Connect" 2019-01-09 22:26:48 +00:00
Zuul
8f4a2607d8 Merge "Make NetCidrMapValue contain list of cidrs in each net" 2019-01-09 20:02:14 +00:00
Nathan Kinder
78ee893158 Add horizon WebSSO support for OpenID Connect
This adds support for configuring horizon for WebSSO when keystone
federation with OpenID Connect is enabled.  This patch just exposes
some new parameters to use puppet-horizon for configuration.  The
sample environment file for OpenID Connect federation is also updated
to use the new parameters.  Some of the sample defaults were updated
to more closely match the URLs that horizon expects.

Change-Id: I7c3ee6b54cc0c9653742c3ce1de60b2851d1fe68
2019-01-09 11:55:34 +00:00
Harald Jensås
a017ecac9f Fall back public_virtual_ip to ctlplane if External net not present
public_virtual_ip previously required the External network to be
present in networks data. Add a conditional to use the VIP on the
ctlplane if the External network is not in networks data.

Closes-Bug: #1774401
Change-Id: Ie6c3d7124d11ee89788b432da39df16f031fcf12
2019-01-09 11:49:14 +01:00
Harald Jensås
868c7685f1 Only add internal_api_virtual_ip if InternalApi in network_data
Add's a conditional to only include internal_api_virtual_ip if
InternalApi network is defined in custom networks.

According to code comment internal_api_virtual_ip is only used
by Contrail.

Change-Id: Ifd8f59bd03c9bab1283e580a64957f201eb8f335
Closes-Bug: #1772124
2019-01-09 11:49:07 +01:00
Zuul
7f2441dcb1 Merge "update datatype for "OctaviaFlavorId"" 2019-01-08 20:13:37 +00:00
Juan Antonio Osorio Robles
40ba776463 Flatten Keystone service configuration
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
keystone has been removed.

Related-Blueprint: services-yaml-flattening
Change-Id: I6140b02ad1ab6d88990e173dcf556977f065b3c5
2019-01-08 10:13:43 -05:00
Zuul
d442624344 Merge "Explicitly set KVM machine_type for migration compatibility" 2019-01-08 14:44:28 +00:00
Zuul
8f5fb5144d Merge "flatten sshd service configuration" 2019-01-08 06:50:55 +00:00
Zuul
e9de300da2 Merge "flatten time service configuration" 2019-01-08 03:37:03 +00:00
Zuul
845bc3e845 Merge "Remove MongoDB" 2019-01-07 18:39:49 +00:00
Zuul
9292982060 Merge "Prevent service bootstrap node facts from colliding with each other" 2019-01-07 10:40:28 +00:00
Harald Jensås
5666a4fe0d Designate - Use net_cidr_map for rndc_allowed_addresses
Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes
NetCidrMapValue a list of ip networks.

The designate service configures the dns backend security
to contol from wich addresses updates are allowed. We
should use the list of cidr's associated with the
DesignateApiNetwork to allow all nodes in the network to
remotely control the nameserver.

Partial: blueprint tripleo-routed-networks-templates
Change-Id: I5c5cd51c8f127e8879c5528883c3abd261f4a5b3
2019-01-06 18:20:58 +01:00
Harald Jensås
da1de3aafc Apache - Use net_cidr_map for proxy_ips
Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes
NetCidrMapValue a list of ip networks.

Pass the list of cidr's from the ApacheNetwork entry in
the cidr map to 'apache::mod::remoteip::proxy_ips:'.

Partial: blueprint tripleo-routed-networks-templates
Change-Id: Ieb6aff9889136f0ccbec32e36b46140aa7826019
2019-01-06 18:20:38 +01:00
Harald Jensås
8665a0d97b Make NetCidrMapValue contain list of cidrs in each net
Prior to routed networks we only had one subnet per network.
With routed networks each network can have multiple subnets.
The NetCidrMapValue should contain a list storing the cidr
of each subnet for each network.

Ceph:
  list_join is used to make a comma separated list of
  cidrs for public_network, monitor_address_block,
  cluster_network and radosgw_address_block.

Partial: blueprint tripleo-routed-networks-templates
Depends-On: Ia8e219b30d4f8b199b882e95fe2834252a92c15a
Depends-On: I1ace0a02e6aa2610559fee0d8576e6f1bc98d699
Change-Id: I68e064d23ec5d43f59146d974cae604d2c5fdb52
2019-01-06 18:20:27 +01:00
Zuul
5488e61c35 Merge "Update auth parameters" 2019-01-05 02:47:11 +00:00
Zuul
df10ea7afa Merge "Add template code to configure hsm backends for barbican" 2019-01-05 02:47:09 +00:00
Zuul
0e68a0e30f Merge "L3 routed networks - subnet fixed_ips (3/3)" 2019-01-04 20:38:01 +00:00
Emilien Macchi
be07f991b6 Remove MongoDB
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.

Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
2019-01-04 15:17:00 +00:00
Zuul
6a81b393c9 Merge "Move [neutron] auth_url to KeystoneV3Internal" 2019-01-04 11:14:51 +00:00
Zuul
2346d52362 Merge "Flatten Zaqar service configuration" 2019-01-03 19:03:17 +00:00
Zuul
98ac59b933 Merge "Introduce container_cli hiera key" 2019-01-03 19:03:14 +00:00
Zuul
08a36109eb Merge "Add missing role_specific tag for NUMA aware vswitches params" 2019-01-03 19:03:12 +00:00
Harald Jensås
2f2d8183e6 L3 routed networks - subnet fixed_ips (3/3)
When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.

a) For the Vip's:

Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:

parameter_defaults:
  VipSubnetMap:
    ctlplane: ctlplane-leaf1
    InternalApi: internal_api_leaf1
    Storage: storage_leaf1
    redis: internal_api_leaf1

b) For overcloud node ports:

Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:

- name: <role_name>
  networks:
    <network_name>
      subnet: <subnet_name>

For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.

When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.

Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.

Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
2019-01-03 19:07:20 +01:00
Pratik Bandarkar
38f752255c update datatype for "OctaviaFlavorId"
Currently, heat templates will expect “OctaviaFlavorId” value to
"number". But, if a user specifies alphanum value, the deployment
fails. Hence, updating datatype of "OctaviaFlavorId" to "string"
Closes-Bug: #1810415

Change-Id: I9f1c8c5df61f3070a3df404e9f726ed40f138431
2019-01-03 16:34:31 +00:00
Jiri Stransky
54fb81ecd9 Prevent service bootstrap node facts from colliding with each other
Many services currently set an `is_bootstrap_node` fact, meaning they
override each other's results when the fact is being set. As long as
the fact doesn't belong into a particular step but it's executed on
every step, nothing bad happens, as the correct is_bootstrap_node
setting directly precedes any service upgrade tasks. However, we
intend to put the fact setting into step 0 in change
Ib04b051e8f4275e06be0cafa81e2111c9cced9b7 and at that point the name
collision would break upgrades (only one service would "win" in
setting the is_bootstrap_node fact).

This patch changes the is_bootstrap_node facts in upgrade_tasks to use
per-service naming.

Note that fast_forward_upgrade_tasks use their own is_boostrap_node
logic. We've uncovered some weirdness there while looking into the
is_boostrap_node issue, but the fix is not a low hanging fruit and
likely we'll be completely redoing the FFU tasks for Q->T
upgrade. So the FFU tasks are left alone for now.

Change-Id: I9c585d3cb282b7e4eb0bacb3cf6909e04a9a495e
Closes-Bug: #1810408
2019-01-03 17:27:27 +01:00
Zuul
697cefb95e Merge "Add keystone::wsgi::apache::api_port" 2019-01-03 09:55:01 +00:00
Zuul
3619ca4d00 Merge "CiscoNexus: Update and Remove deprecated vars" 2019-01-03 07:47:55 +00:00
Zuul
9f27a86ab0 Merge "Disable deprecated parameter ControllerEnableSwiftStorage" 2019-01-03 05:46:14 +00:00
Zuul
4fe86d2f41 Merge "Fix Octavia hieradata keys" 2019-01-03 05:46:11 +00:00
Zuul
ea7b1134ac Merge "Include cpu plugin in default collect plugins" 2019-01-03 05:43:12 +00:00
Zuul
0f62b10039 Merge "Run collectd socket cleanup on container start" 2019-01-02 20:11:23 +00:00
Zuul
18d77c1704 Merge "Use mtu of Tenant network to control neutron global_physnet_mtu" 2018-12-30 18:03:01 +00:00
Zuul
98f869e340 Merge "Add MTU to neutron networks and nic-config templates" 2018-12-30 16:29:16 +00:00