970 Commits

Author SHA1 Message Date
Zuul
f51ab50072 Merge "Switch Manila API to httpd and support TLS" 2019-02-15 17:41:07 +00:00
Daniel Alvarez
6053eb1964 Switch default neutron ML2 mechanism driver to OVN
This patch switches the default mechanism driver for neutron from
openvswitch to OVN.

It will also flip scenario007 job to run with ML2/OVS.

Depends-On: I74ffb6b7f912e1fce6ce428cd23a7283c91b8b96
Depends-On: I99ba2fd6a85b4895b577719a7541b7cbf1fdb85c
Depends-On: Ib60de9b0df451273d1d81ba049b46b5214e09080
Depends-On: Iaed7304adf40a87a0f14b7a95339f8416140e947
Change-Id: Iab52cdf5d0f7a392c4f17c884493b5c5beb1d89f
Co-Authored-By: Kamil Sambor <ksambor@redhat.com>
2019-02-14 15:58:27 +01:00
Goutham Pacha Ravi
1cb6886a21 Switch Manila API to httpd and support TLS
manila-api can be deployed in two ways:
- Using the service-provided eventlet based server
- Behind any popular web server as a wsgi process

[1] adds support to the kolla image to install necessary
packages and write configuration files to enable deploying
manila-api with Apache/mod-wsgi/
[2] and [3] add support to puppet-{manila,tripleo} to
honor httpd options like other API services.

So, switch the manila-api docker/service to running
httpd, and add necessary configuration options.
Honor the "EnableInternalTLS" option to allow running
manila-api with TLS.

[1] https://review.openstack.org/#/c/590061/
[2] https://review.openstack.org/#/c/591869/
[3] https://review.openstack.org/#/c/592188/

Depends-On: https://review.openstack.org/#/c/592188/
Change-Id: Ic88a2f08e013a49e3da45a2bfc82c62ba284526a
2019-02-14 06:42:32 +00:00
Zuul
23302ca1ce Merge "Fix Chinese quotes" 2019-02-11 23:36:59 +00:00
Zuul
f765c4a165 Merge "Add GlobalConfigExtraMapData" 2019-02-11 19:24:15 +00:00
Zuul
1abf7987e2 Merge "Disable stack check and cancel update for undercloud" 2019-02-08 16:11:23 +00:00
James Slagle
2634ffaa5d Add GlobalConfigExtraMapData
Adds a new GlobalConfigExtraMapData parameter that can be used to inject
global_config_settings hieradata into the deployment. Any values generated
in the stack will override those passed in by the parameter value.

This will be used for the distributed compute node when deploying with separate
stacks and data from the control plane stack needs to be injected into the
compute stack.

Change-Id: Id3e52e272bae67ee4036c81b3d7640255e0349ae
2019-02-08 10:29:04 -05:00
Zuul
3b2c7f9960 Merge "Create tripleo-admin user on the undercloud" 2019-02-05 17:18:41 +00:00
Zuul
43c2a8e8a6 Merge "Change NodeDataLookup type from string to json" 2019-02-05 16:48:29 +00:00
John Fulton
fe2fda491b Change NodeDataLookup type from string to json
The NodeDataLookup parameter should be valid JSON and we should
help the user by adding type checking for this early in the
deployment so that the user doesn't experience the related bug.

Change-Id: Id9d2208f1cbaba9234d7657420cd7efcad3507a0
Related-Bug: #1784967
Related-Bug: #1814070
2019-02-05 11:53:45 +00:00
Rabi Mishra
18f4e11773 Disable stack check and cancel update for undercloud
'overcloud update abort' command had been dropped since few
releases. However, users can still use heat commands to cancel
an update which is not recommended.

Undercloud now uses heat convergence architecture and stack check
has not been migrated to convergence yet.

let's add heat policy to disable both on undercloud.

Change-Id: Ib5e2dab1e94810ac02e5d64859d2e84f749f3994
2019-02-05 10:50:32 +05:30
Zuul
b8a5dbe071 Merge "Add support for native TLS encryption on NBD for disk migration" 2019-02-01 10:05:52 +00:00
Zuul
2e55557806 Merge "flatten haproxy service configuration" 2019-01-31 17:28:27 +00:00
Steve Baker
0d106a261d Create tripleo-admin user on the undercloud
The resulting user home directory is mounted into the mistral-executor
container. A later change in tripleo-common will populate
.ssh/authorized_users with the generated private key so that
mistral-executor can manage the undercloud host via ansible localhost ssh.

Change-Id: I4c8ee04534636622581eb386c01790d6610e7f58
Partial-Bug: #1813832
Depends-On: Id89cc920e165c2103707609fd37639c3032cc8ea
2019-01-31 11:33:32 -05:00
David J Peacock
05d77c9ed5 flatten haproxy service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of haproxy services has been removed.

Change-Id: Id55ae44a7b1b5f08b40170f7406e14973fa93639
Related-Blueprint: services-yaml-flattening
2019-01-29 12:33:16 -05:00
Zuul
adff253fdd Merge "Remove external_network_bridge Neutron option" 2019-01-29 15:20:24 +00:00
Zuul
9c887d2340 Merge "Update parameters for cinder's Netapp backend" 2019-01-29 06:02:40 +00:00
Harald Jensås
b807077a21 Enable ML2 baremetal by default with Ironic service
When support for routed provider networks and Ironic was
added in tripleo the mechanism driver was only enabled
for the undercloud.

Override the NeutronMechanismDrivers parameter to add
'baremetal' mech driver in the Ironic service environment.

Closes-Bug: #1812936
Change-Id: I555684541846f325c02c0fd8cb9c82ac4b8ede5b
2019-01-26 14:32:12 +00:00
Alan Bishop
639285f091 Update parameters for cinder's Netapp backend
Update THT to align with puppet-tripleo changes made in [1]
- Add new CinderNetappPoolNameSearchPattern parameter
- Deprecate CinderNetappStoragePools parameter
- Remove previously deprecated CinderNetappEseriesHostType parameter

[1] https://review.openstack.org/570406

Fix relative path in file the sample-env-generator uses to generate
environments/storage/cinder-netapp-config.yaml.

Change-Id: I813ca60eb5ce9e008e1b72e88d83709d3125676f
2019-01-24 15:39:00 -05:00
Zuul
63a657d2f4 Merge "Remove all glance-registry related changes" 2019-01-24 00:00:44 +00:00
Zuul
ac8ebf638c Merge "Remove deprecated TLS-related environment files" 2019-01-23 22:17:10 +00:00
Pranali Deore
2dcd56041c Remove all glance-registry related changes
Removed all glance-registry related changes from THT, since
Glance Registry has become redundant & been deprecated from
glance due to support of Glance V2. The registry code base is
also going to be removed from Glance project once all the
dependencies removed from other projects.

Change-Id: I548816e3f2d8b9deed8a6f0ba3e203f84ad3d9ca
Closes-Bug: #1808911
2019-01-22 15:07:29 -07:00
Zuul
a79b7cb921 Merge "Service check in nova_cell_v2_discover_host.py to use internal API" 2019-01-22 01:43:28 +00:00
Martin Schuppert
cde4134d55 Service check in nova_cell_v2_discover_host.py to use internal API
e0e885b8ca3332e0815c537a32c564cac81f7f7e moved the cellv2 discovery from
control plane to compute services. In case the computes won't have access
to the external API the service check will fail. This switch the service
check to use the internal endpoint.

Change-Id: I234db0866fb6f1adefdcf7a2b2a82412e443b7c9
Closes-bug: 1812632
2019-01-21 18:16:54 +00:00
Zuul
9525423f7b Merge "Allow Octavia deployments for Standalone" 2019-01-21 16:10:18 +00:00
Slawek Kaplonski
397e2b4a35 Remove external_network_bridge Neutron option
Config option "external_network_bridge" in Neutron was deprecated
in Ocata cycle.
Now it is going to be removed completly with [1].
Background of the deprecation and removal is described in [2].

[1] https://review.openstack.org/#/c/567369/
[2] http://lists.openstack.org/pipermail/openstack-dev/2018-September/134859.html

Change-Id: I05522521aa4e63d6e4138cbcdb97b212664d3b81
2019-01-21 13:11:58 +01:00
Martin Schuppert
fe9372eceb Add support for native TLS encryption on NBD for disk migration
The NBD protocol previously runs in clear text, offering no security
protection for the data transferred, unless it is tunnelled over some
external transport like SSH. Such tunnelling is inefficient and
inconvenient to manage. Support for TLS to the NBD clients & servers
provided by QEMU was added. In tls-everywhere use case we want to
take advantage of this feature to create the certificates and configure
qemu to use nbd tls.

Closes-Bug: 1793093
Depends-On: Ifa5cf08d5104a62c9c094e3585de33e19e265110
Depends-On: I1db1b60be4907511f0ec0f5aa0f0a45e1c5d9b45
Depends-On: I347881cf4822583179c0c042c42fa1e33dbcedd2
Change-Id: I7d9df304d75bdbe36ecdfe50e5ce6b42a53063cc
2019-01-18 10:52:35 +00:00
Juan Antonio Osorio Robles
a72f8d4ae9 Remove deprecated TLS-related environment files
The ones in environments/ssl/ are preferred instead. These have been
available since pike.

Change-Id: I84a7b354ede46d6ec88964e5dcbd5678d89c8c0f
Depends-On: I5a905ec7499a6faa08cbcacfccb19a6e424e4a80
2019-01-18 09:57:48 +00:00
Bogdan Dobrelya
2a5baa5979 Allow Octavia deployments for Standalone
We have yet Nova for SSH keys management, when deploying a standalone
cloud. Allow Octavia deployments for such a case as well.
Jinja2 rendering of the octavia service template provides that
functionality by relying on a new role tag 'standalone'.

Change-Id: I69f3623646ec5b65109e0a4f0c16139018da9282
Closes-bug: #1806113
Co-Authored-By: Harald Jensas <hjensas@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-01-18 10:36:06 +01:00
Zuul
733a7f4ee9 Merge "Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive" 2019-01-17 22:25:43 +00:00
Zuul
7a01baca25 Merge "flatten sahara service configuration" 2019-01-17 22:25:33 +00:00
Douglas Mendizábal
9012fff849 Added Barbican option BarbicanPkcs11AlwaysSetCkaSensitive
Added support for setting the Barbican option
always_set_cka_sensitive.  The option defaults to true as
needed by Safenet HSMs.  It is set to false in the ATOS
and Thales HSM environments.

Change-Id: If3fa975e8243dfe30ef67ec81db891943a94a9d5
Story: 2004734
2019-01-17 08:50:24 -06:00
David J Peacock
ae1efdd44c flatten sahara service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of sahara services has been removed.

Change-Id: I5a555155c881e0e92acc3ebba7b844abdd686e6e
Related-Blueprint: services-yaml-flattening
2019-01-17 09:43:11 -05:00
Zuul
3027b16fa6 Merge "Fix paunch logs verbosity control" 2019-01-16 22:53:28 +00:00
Zuul
e0a53f4429 Merge "Enable image inject metadata properties & user roles to be ignored" 2019-01-16 17:33:14 +00:00
Bogdan Dobrelya
c5d1b6fb63 Fix paunch logs verbosity control
Make ConfigDebug also controlling the paunch logs verbosity.

Depends-On: https://review.openstack.org/614166
Related-Bug: #1799182

Change-Id: I89fd73eaa2120f06ab245be148a60bb08f0cb512
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-01-16 15:06:32 +00:00
Zuul
e8fd828d3b Merge "Remove default role-name from merge network param script" 2019-01-14 16:10:20 +00:00
Zuul
b34baf9242 Merge "Add Swift container sharder service" 2019-01-14 10:18:39 +00:00
Harald Jensås
c740b54214 Remove default role-name from merge network param script
The merge-new-params-nic-config-script.py previosly had the
'Controller' role as the default for --role-name. It is not
obvious that this parameter must be changed when merging
nic config templates.

Remove the default and make the argument required. Improves
UX since user error is less likely.

Making the mistake of using a Role with too many networks
is'nt as forgiving since we now only pass parameters for
the role.networks.

Related-Bug: #1800811
Change-Id: Iff9e364db66ad09a30ac10a7814a3c01d50caf58
2019-01-12 13:16:18 +00:00
Christian Schwede
ef1b85702a Add Swift container sharder service
This is a new service required for sharding containers.

It is disabled by default and can be enabled by setting the
SwiftContainerSharderEnabled to true.

Change-Id: I73119496ca6dd99b2f42f97529ad91273735c848
2019-01-11 14:50:02 +01:00
Zuul
653856c58f Merge "Deprecate duplicate NFV environment files" 2019-01-11 07:05:04 +00:00
Zuul
f5394e7e2d Merge "Allow overlay tunnel endpoints on IPv6 address" 2019-01-10 21:13:19 +00:00
Zuul
0ec13316a5 Merge "Add Distributed Compute roles" 2019-01-10 15:48:51 +00:00
Janki Chhatbar
fe8b808fd3 Allow overlay tunnel endpoints on IPv6 address
Overlay tunnel endpoints are supported only on
IPv4 address. Now that OVS and Neutron support
having v6 endpoints, edit network enviroment
files in TripleO to allow this.

Change-Id: Ie2523cf4e359289298e4ea5d0992093976a19e04
Closes-Bug: #1793239
2019-01-10 10:26:24 +00:00
Pranali Deore
ae8998f36a Enable image inject metadata properties & user roles to be ignored
Adding GlanceInjectMetadataProperties & GlanceIgnoreUserRoles to
inject metadata properties to the image with specific user roles
to be ignored for injecting metadata properties in the image.

Depends-on: I02482dff7b1412d6254ce82d80257ce26c23430d
Change-Id: Ie6504f73fd5f7492389d6c55a89c66b8ca568ef7
2019-01-10 09:47:01 +00:00
Zuul
f1ce0b106b Merge "Flatten Keystone service configuration" 2019-01-10 05:37:26 +00:00
Zuul
8f4a2607d8 Merge "Make NetCidrMapValue contain list of cidrs in each net" 2019-01-09 20:02:14 +00:00
Zuul
a815f16d60 Merge "Reno only - Check for available networks for a role" 2019-01-08 20:13:40 +00:00
Zuul
ec79c41d50 Merge "Fix example in releasenotes/notes/composable-network-subnets" 2019-01-08 18:11:05 +00:00
Juan Antonio Osorio Robles
40ba776463 Flatten Keystone service configuration
This change combines the previous puppet and docker files
into a single file that performs the docker service installation
and configuration. With this patch the baremetal version of
keystone has been removed.

Related-Blueprint: services-yaml-flattening
Change-Id: I6140b02ad1ab6d88990e173dcf556977f065b3c5
2019-01-08 10:13:43 -05:00