2474 Commits

Author SHA1 Message Date
Zuul
52e273e653 Merge "flatten cinder service configuration" 2019-01-18 20:45:50 +00:00
Zuul
61ca2022c9 Merge "flatten the heat service configurations" 2019-01-18 16:38:08 +00:00
David J Peacock
123f40a565 flatten cinder service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of cinder services has been removed.

Change-Id: I88f047a8ee9c3eed80e4c48ed9cabdb3035d518b
Related-Blueprint: services-yaml-flattening
2019-01-18 08:55:26 -05:00
Zuul
733a7f4ee9 Merge "Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive" 2019-01-17 22:25:43 +00:00
Douglas Mendizábal
9012fff849 Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive
Added support for setting the Barbican option
always_set_cka_sensitive.  The option defaults to true as
needed by Safenet HSMs.  It is set to false in the ATOS
and Thales HSM environments.

Change-Id: If3fa975e8243dfe30ef67ec81db891943a94a9d5
Story: 2004734
2019-01-17 08:50:24 -06:00
David J Peacock
ae1efdd44c flatten sahara service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of sahara services has been removed.

Change-Id: I5a555155c881e0e92acc3ebba7b844abdd686e6e
Related-Blueprint: services-yaml-flattening
2019-01-17 09:43:11 -05:00
Dan Prince
9ed011efcd flatten the heat service configurations
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for all heat services.

With this patch the baremetal version of each heat service has been removed.

Change-Id: I5d639135b19b8fabfaa8beac54ae0dfc48f070f9
Related-Blueprint: services-yaml-flattening
2019-01-13 10:03:55 -05:00
Zuul
512f59a8cf Merge "flatten tripleo-packages service configuration" 2019-01-12 19:03:19 +00:00
Zuul
2ca3c7c94c Merge "Move docker into deployment directory" 2019-01-10 23:35:05 +00:00
Zuul
825ae19190 Merge "Designate - Use net_cidr_map for rndc_allowed_addresses" 2019-01-10 21:13:25 +00:00
Zuul
86755894f7 Merge "Apache - Use net_cidr_map for proxy_ips" 2019-01-10 21:13:22 +00:00
Zuul
f1ce0b106b Merge "Flatten Keystone service configuration" 2019-01-10 05:37:26 +00:00
Emilien Macchi
2d608e07b5 Move docker into deployment directory
This changes moves docker services from puppet to deployment directory.

Change-Id: I11a34708ee91f5b5928d7c647c83e95ca1b01cae
Related-Blueprint: services-yaml-flattening
2019-01-09 22:58:50 +00:00
Zuul
829cde2f35 Merge "Add horizon WebSSO support for OpenID Connect" 2019-01-09 22:26:48 +00:00
Zuul
8f4a2607d8 Merge "Make NetCidrMapValue contain list of cidrs in each net" 2019-01-09 20:02:14 +00:00
Nathan Kinder
78ee893158 Add horizon WebSSO support for OpenID Connect
This adds support for configuring horizon for WebSSO when keystone
federation with OpenID Connect is enabled.  This patch just exposes
some new parameters to use puppet-horizon for configuration.  The
sample environment file for OpenID Connect federation is also updated
to use the new parameters.  Some of the sample defaults were updated
to more closely match the URLs that horizon expects.

Change-Id: I7c3ee6b54cc0c9653742c3ce1de60b2851d1fe68
2019-01-09 11:55:34 +00:00
Zuul
7f2441dcb1 Merge "update datatype for "OctaviaFlavorId"" 2019-01-08 20:13:37 +00:00
Juan Antonio Osorio Robles
40ba776463 Flatten Keystone service configuration
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
keystone has been removed.

Related-Blueprint: services-yaml-flattening
Change-Id: I6140b02ad1ab6d88990e173dcf556977f065b3c5
2019-01-08 10:13:43 -05:00
Zuul
d442624344 Merge "Explicitly set KVM machine_type for migration compatibility" 2019-01-08 14:44:28 +00:00
Zuul
8f5fb5144d Merge "flatten sshd service configuration" 2019-01-08 06:50:55 +00:00
Zuul
e9de300da2 Merge "flatten time service configuration" 2019-01-08 03:37:03 +00:00
Zuul
845bc3e845 Merge "Remove MongoDB" 2019-01-07 18:39:49 +00:00
Zuul
9292982060 Merge "Prevent service bootstrap node facts from colliding with each other" 2019-01-07 10:40:28 +00:00
Harald Jensås
5666a4fe0d Designate - Use net_cidr_map for rndc_allowed_addresses
Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes
NetCidrMapValue a list of ip networks.

The designate service configures the dns backend security
to contol from wich addresses updates are allowed. We
should use the list of cidr's associated with the
DesignateApiNetwork to allow all nodes in the network to
remotely control the nameserver.

Partial: blueprint tripleo-routed-networks-templates
Change-Id: I5c5cd51c8f127e8879c5528883c3abd261f4a5b3
2019-01-06 18:20:58 +01:00
Harald Jensås
da1de3aafc Apache - Use net_cidr_map for proxy_ips
Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes
NetCidrMapValue a list of ip networks.

Pass the list of cidr's from the ApacheNetwork entry in
the cidr map to 'apache::mod::remoteip::proxy_ips:'.

Partial: blueprint tripleo-routed-networks-templates
Change-Id: Ieb6aff9889136f0ccbec32e36b46140aa7826019
2019-01-06 18:20:38 +01:00
Harald Jensås
8665a0d97b Make NetCidrMapValue contain list of cidrs in each net
Prior to routed networks we only had one subnet per network.
With routed networks each network can have multiple subnets.
The NetCidrMapValue should contain a list storing the cidr
of each subnet for each network.

Ceph:
  list_join is used to make a comma separated list of
  cidrs for public_network, monitor_address_block,
  cluster_network and radosgw_address_block.

Partial: blueprint tripleo-routed-networks-templates
Depends-On: Ia8e219b30d4f8b199b882e95fe2834252a92c15a
Depends-On: I1ace0a02e6aa2610559fee0d8576e6f1bc98d699
Change-Id: I68e064d23ec5d43f59146d974cae604d2c5fdb52
2019-01-06 18:20:27 +01:00
Zuul
5488e61c35 Merge "Update auth parameters" 2019-01-05 02:47:11 +00:00
Zuul
df10ea7afa Merge "Add template code to configure hsm backends for barbican" 2019-01-05 02:47:09 +00:00
Emilien Macchi
be07f991b6 Remove MongoDB
MongoDB support was stopped in Pike, it is not used anywhere now.
Therefore, in Stein are removing it to clean things up.

Change-Id: I4ec8f35b1dd71c25cfb41cc54105ac743ef67745
2019-01-04 15:17:00 +00:00
Zuul
6a81b393c9 Merge "Move [neutron] auth_url to KeystoneV3Internal" 2019-01-04 11:14:51 +00:00
Zuul
2346d52362 Merge "Flatten Zaqar service configuration" 2019-01-03 19:03:17 +00:00
Zuul
08a36109eb Merge "Add missing role_specific tag for NUMA aware vswitches params" 2019-01-03 19:03:12 +00:00
Pratik Bandarkar
38f752255c update datatype for "OctaviaFlavorId"
Currently, heat templates will expect “OctaviaFlavorId” value to
"number". But, if a user specifies alphanum value, the deployment
fails. Hence, updating datatype of "OctaviaFlavorId" to "string"
Closes-Bug: #1810415

Change-Id: I9f1c8c5df61f3070a3df404e9f726ed40f138431
2019-01-03 16:34:31 +00:00
Jiri Stransky
54fb81ecd9 Prevent service bootstrap node facts from colliding with each other
Many services currently set an `is_bootstrap_node` fact, meaning they
override each other's results when the fact is being set. As long as
the fact doesn't belong into a particular step but it's executed on
every step, nothing bad happens, as the correct is_bootstrap_node
setting directly precedes any service upgrade tasks. However, we
intend to put the fact setting into step 0 in change
Ib04b051e8f4275e06be0cafa81e2111c9cced9b7 and at that point the name
collision would break upgrades (only one service would "win" in
setting the is_bootstrap_node fact).

This patch changes the is_bootstrap_node facts in upgrade_tasks to use
per-service naming.

Note that fast_forward_upgrade_tasks use their own is_boostrap_node
logic. We've uncovered some weirdness there while looking into the
is_boostrap_node issue, but the fix is not a low hanging fruit and
likely we'll be completely redoing the FFU tasks for Q->T
upgrade. So the FFU tasks are left alone for now.

Change-Id: I9c585d3cb282b7e4eb0bacb3cf6909e04a9a495e
Closes-Bug: #1810408
2019-01-03 17:27:27 +01:00
Zuul
697cefb95e Merge "Add keystone::wsgi::apache::api_port" 2019-01-03 09:55:01 +00:00
Zuul
9f27a86ab0 Merge "Disable deprecated parameter ControllerEnableSwiftStorage" 2019-01-03 05:46:14 +00:00
Zuul
4fe86d2f41 Merge "Fix Octavia hieradata keys" 2019-01-03 05:46:11 +00:00
Zuul
ea7b1134ac Merge "Include cpu plugin in default collect plugins" 2019-01-03 05:43:12 +00:00
Zuul
0f62b10039 Merge "Run collectd socket cleanup on container start" 2019-01-02 20:11:23 +00:00
Zuul
18d77c1704 Merge "Use mtu of Tenant network to control neutron global_physnet_mtu" 2018-12-30 18:03:01 +00:00
Tobias Urdin
105ae9db35 Add keystone::wsgi::apache::api_port
This will be the parameter controlling the ports
for the Keystone WSGI vhost in Apache when this [1]
rework is done.

This is to make sure Keystone is still deployed
with both ports in TripleO until it's moved over.

[1] https://review.openstack.org/#/c/619257/

Change-Id: I1c69b27adf450489290a9f8b64f533de1cb28d8b
2018-12-30 01:56:40 +01:00
Zuul
0b5de70375 Merge "flatten snmp service configuration" 2018-12-30 00:34:39 +00:00
Victoria Martinez de la Cruz
cd86676615 Update auth parameters
Some parameters have been deprecated in puppet-manila
Whereas we are picking up deprecated parameters, it's good
that we fix this already here as well.

Change-Id: I29df069bd90eacdd01c9c600cfaebce22fe15731
Depends-On: I745a170ac4458a3f13efc255fc37540a11b54274
Partial-Bug: #1802393
2018-12-26 21:56:16 -03:00
Harald Jensås
bbfce240fc Use mtu of Tenant network to control neutron global_physnet_mtu
Change: I11e38f82eb9040f77412fe8ad200fcc48031e2f8 introduced mtu
property for composable networks. This change set the MTU of the
Tenant network as the global_physnet_mtu for neutron, unless the
NeutronGlobalPhysnetMtu is overridden. The default MTU used if
no MTU is defined for the Tenant network is 1500. (The same
default was previously used for the NeutronGlobalPhysnetMtu
parameter.)

Change-Id: I5e60d52ad571e1cdb3b82cd1d9947e33fa682bf8
2018-12-22 17:06:45 +01:00
Ade Lee
17e0087e43 Add template code to configure hsm backends for barbican
Adds support for the Thales and ATOS client software.

Change-Id: I79f8608431fecc58c8bdeba2de4a692a7ee388e9
Co-Authored-By: Douglas Mendizabal <dmendiza@redhat.com>
2018-12-20 12:54:55 -06:00
Rajesh Tailor
f770724740 Explicitly set KVM machine_type for migration compatibility
Currently when nova launches a guest instance, libvirt uses
current default KVM/QEMU machine type for guest.
If compute node is running on RHEL-7.3.0, then the guest will
be given rhel-7.3.0 machine type. If in future, deployment has
added additional compute nodes which uses a newer RHEL version,
the guests launched on those compute nodes will get a newer
machine type. eg. rhel-7.4.0

It is now impossible to migrate guests from RHEL-7.4 based compute
nodes to a RHEL-7.3 based compute nodes, since RHEL-7.3 won't
know about RHEL-7.4 machine type.

To deal with this problem, the proposed change will explicitly
set machine type across all compute nodes during deployment.
Now even if additional compute nodes are added to deployment with
newer OS version, instances spawned on those will get the default
machine type explicitly set during initial deployment,
allowing migrating instances from higher machine type compute
nodes to lower machine type compute nodes.

Closes-Bug: 1806529
Change-Id: Ib57bfbb94e2acdfb3bb3a828ee3b085bf68d3b4c
2018-12-20 11:50:32 +05:30
Zuul
d074cff144 Merge "Fix issue with when statement in docker-registry.yaml." 2018-12-19 23:57:33 +00:00
David J Peacock
67e74a676c flatten sshd service configuration
This change realigns the sshd baremetal puppet service yaml config
files into a common hierachy as with the rest of this blueprint.

This change also removes container functionality, since this was a
temporary measure to proxy live-migration connections from
non-containerized to containerized compute nodes during upgrade.

Change-Id: I87e112a0f1973fa3b0e959777e00071c2bbf7c9c
Related-Blueprint: services-yaml-flattening
2018-12-19 13:04:08 -05:00
David J Peacock
89faf9c029 flatten tripleo-packages service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: If051277041d23641c92a1f370f08a521a4bb7a12
Related-Blueprint: services-yaml-flattening
2018-12-19 09:24:49 -05:00
Zuul
06e6cca300 Merge "flatten tripleo-firewall service configuration" 2018-12-19 05:18:25 +00:00