3891 Commits

Author SHA1 Message Date
Tobias Urdin
105ae9db35 Add keystone::wsgi::apache::api_port
This will be the parameter controlling the ports
for the Keystone WSGI vhost in Apache when this [1]
rework is done.

This is to make sure Keystone is still deployed
with both ports in TripleO until it's moved over.

[1] https://review.openstack.org/#/c/619257/

Change-Id: I1c69b27adf450489290a9f8b64f533de1cb28d8b
2018-12-30 01:56:40 +01:00
Zuul
0b5de70375 Merge "flatten snmp service configuration" 2018-12-30 00:34:39 +00:00
Victoria Martinez de la Cruz
cd86676615 Update auth parameters
Some parameters have been deprecated in puppet-manila
Whereas we are picking up deprecated parameters, it's good
that we fix this already here as well.

Change-Id: I29df069bd90eacdd01c9c600cfaebce22fe15731
Depends-On: I745a170ac4458a3f13efc255fc37540a11b54274
Partial-Bug: #1802393
2018-12-26 21:56:16 -03:00
Harald Jensås
bbfce240fc Use mtu of Tenant network to control neutron global_physnet_mtu
Change: I11e38f82eb9040f77412fe8ad200fcc48031e2f8 introduced mtu
property for composable networks. This change set the MTU of the
Tenant network as the global_physnet_mtu for neutron, unless the
NeutronGlobalPhysnetMtu is overridden. The default MTU used if
no MTU is defined for the Tenant network is 1500. (The same
default was previously used for the NeutronGlobalPhysnetMtu
parameter.)

Change-Id: I5e60d52ad571e1cdb3b82cd1d9947e33fa682bf8
2018-12-22 17:06:45 +01:00
Harald Jensås
e644e3dda9 Add MTU to neutron networks and nic-config templates
Neutron has support[1] to set the guaranteed MTU for
networks and network segments so that this is exposed
to plug-ins. In interest of supporting the use of
plug-ins to configure network devices in the future
this change adds MTU property on neutron networks.

The new (optional) property 'mtu' in the network
defenitions in 'network_data.yaml' is used to control
the MTU settings. By default the mtu is '1500'.

We already configure the MTU on the ctlplane neutron
networks, this adds the MTU to composable networks.

Also update the nic-config sample templates to include
mtu settings. A heat value resource is added to
nic-config templates to get the required minimum
viable MTU value for bridges, bonds and member
interfaces to ensure the MTU is large enough to allow
the largest configured MTU to traverse the path.

Closes-Bug: #1790537
Change-Id: I11e38f82eb9040f77412fe8ad200fcc48031e2f8
2018-12-22 17:03:09 +01:00
Ade Lee
17e0087e43 Add template code to configure hsm backends for barbican
Adds support for the Thales and ATOS client software.

Change-Id: I79f8608431fecc58c8bdeba2de4a692a7ee388e9
Co-Authored-By: Douglas Mendizabal <dmendiza@redhat.com>
2018-12-20 12:54:55 -06:00
Rajesh Tailor
f770724740 Explicitly set KVM machine_type for migration compatibility
Currently when nova launches a guest instance, libvirt uses
current default KVM/QEMU machine type for guest.
If compute node is running on RHEL-7.3.0, then the guest will
be given rhel-7.3.0 machine type. If in future, deployment has
added additional compute nodes which uses a newer RHEL version,
the guests launched on those compute nodes will get a newer
machine type. eg. rhel-7.4.0

It is now impossible to migrate guests from RHEL-7.4 based compute
nodes to a RHEL-7.3 based compute nodes, since RHEL-7.3 won't
know about RHEL-7.4 machine type.

To deal with this problem, the proposed change will explicitly
set machine type across all compute nodes during deployment.
Now even if additional compute nodes are added to deployment with
newer OS version, instances spawned on those will get the default
machine type explicitly set during initial deployment,
allowing migrating instances from higher machine type compute
nodes to lower machine type compute nodes.

Closes-Bug: 1806529
Change-Id: Ib57bfbb94e2acdfb3bb3a828ee3b085bf68d3b4c
2018-12-20 11:50:32 +05:30
Oliver Walsh
e0e885b8ca Move cellv2 discovery from control plane services to compute services
If compute nodes are deployed without deploying/updating the controllers then
the computes will not have cellv2 mappings as this is run in the controller
deploy steps (nova-api).
This can happen if the controller nodes are blacklisted during a compute scale
out. It's also likely to be an issue going forward if the deployment is staged
(e.g split control plane).

This change moves the cell_v2 discovery logic to the nova-compute/nova-ironic
deploy step.

Closes-bug: 1786961
Change-Id: I12a02f636f31985bc1b71bff5b744d346286a95f
2018-12-20 11:23:06 +05:30
Zuul
795dfcfdce Merge "Replace confusing usage of update_identifier" 2018-12-20 01:51:14 +00:00
Zuul
d074cff144 Merge "Fix issue with when statement in docker-registry.yaml." 2018-12-19 23:57:33 +00:00
David J Peacock
67e74a676c flatten sshd service configuration
This change realigns the sshd baremetal puppet service yaml config
files into a common hierachy as with the rest of this blueprint.

This change also removes container functionality, since this was a
temporary measure to proxy live-migration connections from
non-containerized to containerized compute nodes during upgrade.

Change-Id: I87e112a0f1973fa3b0e959777e00071c2bbf7c9c
Related-Blueprint: services-yaml-flattening
2018-12-19 13:04:08 -05:00
David J Peacock
89faf9c029 flatten tripleo-packages service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: If051277041d23641c92a1f370f08a521a4bb7a12
Related-Blueprint: services-yaml-flattening
2018-12-19 09:24:49 -05:00
Zuul
06e6cca300 Merge "flatten tripleo-firewall service configuration" 2018-12-19 05:18:25 +00:00
Zuul
7b42be32ba Merge "flatten tuned service configuration" 2018-12-19 05:18:24 +00:00
David J Peacock
cd331e44be flatten time service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

Change-Id: I6a9123627d754a153ab6cb68a33778a57846aeb7
Related-Blueprint: services-yaml-flattening
2018-12-18 10:41:15 -05:00
Jose Luis Franco Arza
8b72e4dac0 Fix issue with when statement in docker-registry.yaml.
The when statement was duplicated in the docker-registry
service, plus the equals operator was wrong.

Closes-Bug:#1808974
Change-Id: I1650acfd67b87be18ab03385ce35cccdf708f046
2018-12-18 13:56:09 +01:00
Rajesh Tailor
90717bdca6 Add missing role_specific tag for NUMA aware vswitches params
Change I318ba9c262f64c0d416a017ed836ae0729acedb4 expose NUMA
aware vswitches configuration parameter, which are role-specific.

The proposed patch adds role_specific tag for those parameters
which is missed in original patch.

Change-Id: I96fd7dfc5468bf1dbdc665b3d848b40223ee9454
2018-12-18 15:28:17 +05:30
Zuul
15d34de247 Merge "Move podman into deployment directory" 2018-12-18 05:58:50 +00:00
Zuul
9f4e2dc2cf Merge "flatten memcached service configuration" 2018-12-18 02:40:07 +00:00
Zuul
454eff05fe Merge "Flatten Ironic services configuration" 2018-12-18 02:40:05 +00:00
Zuul
dc178ca82c Merge "Fix misnaming of service in firewall rule" 2018-12-17 18:01:55 +00:00
Zuul
be9deb3575 Merge "Flatten Glance service configuration" 2018-12-17 18:01:53 +00:00
Zuul
13c59407b9 Merge "Perform docker reconfiguration on upgrade_tasks." 2018-12-17 18:01:50 +00:00
Zuul
7b3439b506 Merge "Fix horizon's iptables rules for haproxy when split off a separate role" 2018-12-17 13:01:56 +00:00
Emilien Macchi
7fe1730a38 Move podman into deployment directory
This changes moves podman service from puppet to deployment directory.

Change-Id: I31b8299b43158347f4f1f61f1e1fdf38b0a2102f
Related-Blueprint: services-yaml-flattening
2018-12-17 11:37:19 +00:00
Zuul
beb8ae7dd5 Merge "Correct file modes for rpmlint failures" 2018-12-15 19:06:38 +00:00
Zuul
cc4e903951 Merge "Add support for cinder NFS snapshots" 2018-12-15 05:07:25 +00:00
Zuul
f632a652de Merge "Enable support for openidc federation in keystone" 2018-12-15 04:23:11 +00:00
Zuul
e8f5104440 Merge "Flatten Keepalived service configuration" 2018-12-14 21:59:41 +00:00
Jill Rouleau
971d97bf99 Correct file modes for rpmlint failures
Numerous files have incorrect modes set. Correct these so that executables
have 755 and yaml files are 644 to address rpmlint errors.

Change-Id: I8db36209b41a492f6b85e3469994de884bf556e8
2018-12-14 13:21:28 -07:00
David J Peacock
bcc3335424 flatten tripleo-firewall service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: I9556a07d72fabfbd5f6f35eaf3d7a1bd88ef7470
Related-Blueprint: services-yaml-flattening
2018-12-14 13:16:34 -05:00
David J Peacock
7106a29273 flatten tuned service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: Ib648e3039c6445c932043fa48eb1468985d0acce
Related-Blueprint: services-yaml-flattening
2018-12-14 13:13:40 -05:00
David J Peacock
3d9863b6a0 flatten snmp service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: I35616168df73d8ae7790816b88d06d5bff9c151a
Related-Blueprint: services-yaml-flattening
2018-12-14 13:09:34 -05:00
David J Peacock
7a9d6cbc22 flatten memcached service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of memcached services has been removed.

Depends-On: https://review.rdoproject.org/r/#/c/16994/
Change-Id: Ibb74d9e1673d079a6090efe4215c7ee041fce7d6
Related-Blueprint: services-yaml-flattening
2018-12-14 12:06:53 -05:00
Michele Baldessari
3114300c9c Fix horizon's iptables rules for haproxy when split off a separate role
This should have been fixed via:
https://review.openstack.org/#/c/460175/2

where we did:
service_config_settings:
  haproxy:
    tripleo.horizon.firewall_rules:
     '127 horizon':
        dport:
          - 80
          - 443

The problem is that the above does not work. Reason for this is the way
tripleo::firewall works.  It will only apply iptables rules for that
show up in hiera('service_names'):
    $service_names = hiera('service_names', [])
    tripleo::firewall::service_rules { $service_names: }

And since horizon is not in the service running on the haproxy role, the
above rule would never have been created.

Tested this change and now I correctly get the iptables rules on the
haproxy role for horizon:
[root@overcloud-core-0 ~]# iptables -nvL |grep horizon
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 0.0.0.0/0            multiport dports 80,443 state NEW /* 127 horizon ipv4 */
[root@overcloud-core-0 ~]# hiera -c /etc/puppet/hiera.yaml service_names |grep horizon
[root@overcloud-core-0 ~]#

Closes-Bug: #1808530

Change-Id: Ia4a795d1a7fb926f5900c739c1932b20d81ed7fc
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
2018-12-14 14:40:08 +01:00
Martin Schuppert
228710fa21 Move [neutron] auth_url to KeystoneV3Internal
In other sections we already use the internal endpoints for
authentication urls. With this change the auth_uri in the neutron
section gets moved from KeystoneV3Admin to KeystoneV3Internal.

Change-Id: Ia553a60f57bdcd762dc0b92ebd64b91327261815
2018-12-14 14:37:11 +01:00
Cédric Jeanneret
7fbc4b098f Flatten Glance service configuration
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.

With this patch the baremetal version of glance services has been removed.

Change-Id: Ie2ac2072f0742ec5e521fc6e3734e89f8a007077
Related-Blueprint: services-yaml-flattening
2018-12-14 08:23:32 +01:00
Cédric Jeanneret
0de7bc09f3 Flatten Zaqar service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of zaqar service has been removed.

Change-Id: I8947d2fc5e5672e701d2802cd14a3fa176877a7d
Related-Blueprint: services-yaml-flattening
2018-12-14 07:45:24 +01:00
Cédric Jeanneret
ced9f888e9 Flatten Ironic services configuration
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.

With this patch the baremetal version of Ironic services have been removed.

Change-Id: Icb33158a129356d939940433c82dae25a6334baf
Related-Blueprint: services-yaml-flattening
2018-12-14 07:25:13 +01:00
Zuul
c4b816e8c5 Merge "Ensure we get dedicated logging file for HAProxy" 2018-12-14 05:40:57 +00:00
Zuul
75ff38ba62 Merge "Switch debug to use logging classes" 2018-12-14 05:06:23 +00:00
Zuul
f520c3bd99 Merge "Ironic Inspector - disjoint ip range(s) for HA" 2018-12-14 01:44:47 +00:00
Zuul
841c5b6dc6 Merge "Add TunedCustomProfile parameter and HCI Ceph filestore environment" 2018-12-13 20:32:23 +00:00
Zuul
5131988b82 Merge "Put user data in the main stack" 2018-12-13 18:53:27 +00:00
Zuul
d34892be63 Merge "docker: wire SELinuxMode with Ansible vars" 2018-12-13 18:07:58 +00:00
Emilien Macchi
7345963531 Flatten Keepalived service configuration
This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.
With this patch the baremetal version of keepalived service have been removed.

Change-Id: Ic0ddf1174e1d0a62f83f26f0ca6bc29ec7b078b7
Related-Blueprint: services-yaml-flattening
2018-12-13 10:26:26 -05:00
Carlos Goncalves
29da33fae2 Fix misnaming of service in firewall rule
On Octavia-enabled composable role deployments where the Octavia health
manager service doesn't run co-located with the API service, the
firewall rule to allow messages in to the o-hm0 interface was not being
created. As a result of that, the load balancers were not going ONLINE.

Closes-Bug: #1808190
Depends-On: https://review.openstack.org/#/c/624403/
Change-Id: Icc568a551b902e6d9f003250226468ed38a776fc
2018-12-13 08:28:54 +00:00
Lars Kellogg-Stedman
a0a7c4fa83 Enable support for openidc federation in keystone
This exposes parameters to configure OpenIDC federation in Keystone.

Change-Id: I3e06ca5fde65f3e2c3c084f96209d1b38d5f8b86
Depends-on: Id2ef3558a359883bf3182f50d6a082b1789a900a
2018-12-12 19:35:03 -08:00
Pranali Deore
9333740b69 Enable image import plugins & image output format
Adding GlanceImageImportPlugins & GlanceImageConversionOutputFormat
to enable glance image conversion.

Since, glance-image-import.conf has been newly added while adding
plugin framework in glance, passing the conf file to puppet_tags
in docker service.

Depends-on: I098aa0cabf2518b8861d5b58b885d9bdef54a7f6
Change-Id: I81b788e38eecb3e0be88b140df3ae1ebb70cb191
Closes-Bug: #1807366
2018-12-12 15:32:12 +05:30
Cédric Jeanneret
0576e26234 Ensure we get dedicated logging file for HAProxy
With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.

This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.

Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
2018-12-12 10:16:42 +01:00