This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of cinder services has been removed.
Change-Id: I88f047a8ee9c3eed80e4c48ed9cabdb3035d518b
Related-Blueprint: services-yaml-flattening
Added support for setting the Barbican option
always_set_cka_sensitive. The option defaults to true as
needed by Safenet HSMs. It is set to false in the ATOS
and Thales HSM environments.
Change-Id: If3fa975e8243dfe30ef67ec81db891943a94a9d5
Story: 2004734
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.
With this patch the baremetal version of sahara services has been removed.
Change-Id: I5a555155c881e0e92acc3ebba7b844abdd686e6e
Related-Blueprint: services-yaml-flattening
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for all heat services.
With this patch the baremetal version of each heat service has been removed.
Change-Id: I5d639135b19b8fabfaa8beac54ae0dfc48f070f9
Related-Blueprint: services-yaml-flattening
This changes moves docker services from puppet to deployment directory.
Change-Id: I11a34708ee91f5b5928d7c647c83e95ca1b01cae
Related-Blueprint: services-yaml-flattening
This adds support for configuring horizon for WebSSO when keystone
federation with OpenID Connect is enabled. This patch just exposes
some new parameters to use puppet-horizon for configuration. The
sample environment file for OpenID Connect federation is also updated
to use the new parameters. Some of the sample defaults were updated
to more closely match the URLs that horizon expects.
Change-Id: I7c3ee6b54cc0c9653742c3ce1de60b2851d1fe68
public_virtual_ip previously required the External network to be
present in networks data. Add a conditional to use the VIP on the
ctlplane if the External network is not in networks data.
Closes-Bug: #1774401
Change-Id: Ie6c3d7124d11ee89788b432da39df16f031fcf12
Add's a conditional to only include internal_api_virtual_ip if
InternalApi network is defined in custom networks.
According to code comment internal_api_virtual_ip is only used
by Contrail.
Change-Id: Ifd8f59bd03c9bab1283e580a64957f201eb8f335
Closes-Bug: #1772124
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
keystone has been removed.
Related-Blueprint: services-yaml-flattening
Change-Id: I6140b02ad1ab6d88990e173dcf556977f065b3c5
Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes
NetCidrMapValue a list of ip networks.
The designate service configures the dns backend security
to contol from wich addresses updates are allowed. We
should use the list of cidr's associated with the
DesignateApiNetwork to allow all nodes in the network to
remotely control the nameserver.
Partial: blueprint tripleo-routed-networks-templates
Change-Id: I5c5cd51c8f127e8879c5528883c3abd261f4a5b3
Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes
NetCidrMapValue a list of ip networks.
Pass the list of cidr's from the ApacheNetwork entry in
the cidr map to 'apache::mod::remoteip::proxy_ips:'.
Partial: blueprint tripleo-routed-networks-templates
Change-Id: Ieb6aff9889136f0ccbec32e36b46140aa7826019
Prior to routed networks we only had one subnet per network.
With routed networks each network can have multiple subnets.
The NetCidrMapValue should contain a list storing the cidr
of each subnet for each network.
Ceph:
list_join is used to make a comma separated list of
cidrs for public_network, monitor_address_block,
cluster_network and radosgw_address_block.
Partial: blueprint tripleo-routed-networks-templates
Depends-On: Ia8e219b30d4f8b199b882e95fe2834252a92c15a
Depends-On: I1ace0a02e6aa2610559fee0d8576e6f1bc98d699
Change-Id: I68e064d23ec5d43f59146d974cae604d2c5fdb52
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.
Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
When using neutron routed networks we need to specify
either the subnet or a ip address in the fixed-ips-request
when creating neutron ports.
a) For the Vip's:
Adds VipSubnetMap and VipSubnetMapDefaults parameters in
service_net_map.yaml. The two maps are merged, so that the
operator can override the subnet where VIP port should be
hosted. For example:
parameter_defaults:
VipSubnetMap:
ctlplane: ctlplane-leaf1
InternalApi: internal_api_leaf1
Storage: storage_leaf1
redis: internal_api_leaf1
b) For overcloud node ports:
Enrich 'networks' in roles defenition to include both
network and subnet data. Changes the list to a map
instead of a list of strings. New schema:
- name: <role_name>
networks:
<network_name>
subnet: <subnet_name>
For backward compatibility a conditional is used to check
if the data is a map or not. In either case the internal
list of role networks is created as '_role_networks' in
the jinja2 templates.
When the data is a map, and the map contains the 'subnet'
key the subnet specified in roles_data.yaml is used as
the subnet in the fixed-ips-reqest when ports are created.
If subnet is not set (or role.networks is not a map) the
default will be {{network.name_lower}}_subnet.
Also, since the fixed_ips request passed to Vip ports are no
longer [] by default, the conditinal has been updated to
test for 'ip_address' entries in the request.
Partial: blueprint tripleo-routed-networks-templates
Depends-On: I773a38fd903fe287132151a4d178326a46890969
Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443
Currently, heat templates will expect “OctaviaFlavorId” value to
"number". But, if a user specifies alphanum value, the deployment
fails. Hence, updating datatype of "OctaviaFlavorId" to "string"
Closes-Bug: #1810415
Change-Id: I9f1c8c5df61f3070a3df404e9f726ed40f138431
Many services currently set an `is_bootstrap_node` fact, meaning they
override each other's results when the fact is being set. As long as
the fact doesn't belong into a particular step but it's executed on
every step, nothing bad happens, as the correct is_bootstrap_node
setting directly precedes any service upgrade tasks. However, we
intend to put the fact setting into step 0 in change
Ib04b051e8f4275e06be0cafa81e2111c9cced9b7 and at that point the name
collision would break upgrades (only one service would "win" in
setting the is_bootstrap_node fact).
This patch changes the is_bootstrap_node facts in upgrade_tasks to use
per-service naming.
Note that fast_forward_upgrade_tasks use their own is_boostrap_node
logic. We've uncovered some weirdness there while looking into the
is_boostrap_node issue, but the fix is not a low hanging fruit and
likely we'll be completely redoing the FFU tasks for Q->T
upgrade. So the FFU tasks are left alone for now.
Change-Id: I9c585d3cb282b7e4eb0bacb3cf6909e04a9a495e
Closes-Bug: #1810408