23 Commits

Author SHA1 Message Date
Flavio Percoco
99b8119d98 HA support for OpenShift
The OSA assisted HA deployment is not recommended for production
environments, besides it being limited. Therefore, we're relying on our
deployment of HAproxy + Keepalived to provide HA on top of OpenShift in
addition to adding more OpenShift nodes.

Depends-On: Ib573758b515264d1dda90cc9de61f4fa6659dc7d

Change-Id: I7ab677e4803e9df5f6641204cb0b6ccc5b1eb79f
2018-07-11 07:41:51 +02:00
Zuul
096cef093c Merge "Manage public certificate with ansible" 2018-06-01 17:37:48 +00:00
Cédric Jeanneret
59b762658d Manage public certificate with ansible
This is basically a rewrite of the bash script pushed by
puppet/extraconfig/tls/tls-cert-inject.yaml

UpgradeImpact: NodeTLSData is not used anymore

Change-Id: Iaf7386207e5bd8b336759f51e4405fe15114123a
2018-05-31 14:50:00 +02:00
Alex Schultz
f8d0edac5f Drop old ceilometer services
These were needed for FFU to Queens so we should remove them for Rocky.

Change-Id: I0e24d19cd17d35644fa02e989fa9ef592195b9f1
2018-05-29 20:51:07 +00:00
Juan Antonio Osorio Robles
9be5b8fce3 Add no-tls environment to env-generator
It was missed from the commit that introduced the environment.

Change-Id: I7e370f5b16ba8b29cd1af36fec6da436f70843a6
2018-05-08 18:15:53 +03:00
Alex Schultz
03c8cbcdc2 Fix sample env data
I934561612d26befd88a9053262836b47bdf4efb0 renamed the rabbit ssl
parameters that we use in the same environment generate but since the
script did not fail, it made it past CI. This change fixes the
RabbitClientUseSsl parameter in the environment to match the new
RpcUseSsl flag and updates the check script to fail if this happens
again.

Change-Id: I47c63875c6934bca2903883787467fc1804ba5da
Closes-Bug: #1768358
2018-05-01 16:05:02 -06:00
Emilien Macchi
87a48d730b Enable SSL when UI is containerized
The protocol and ports were wrong when UI is containerized and SSL
enabled.

Change-Id: I06a6a2ea72bfcdad579b968c353e2139e8a15093
2018-04-11 19:19:19 -07:00
Zuul
95761ae6f1 Merge "Designate Integration" 2018-04-10 20:44:18 +00:00
Juan Antonio Osorio Robles
1877ef80be Default NodeTLSData to always attempt setting TLS cert
This is part of enabling TLS by default. It'll be needed in order to get
the certificate injection to work.

Needed-By: I3d3cad0eb1396e7bee146794b29badad302efdf3
Change-Id: I25e35ad1e4f12eb4cca7a0cd3e120e70e4a8c564
2018-04-09 07:46:45 +03:00
Ben Nemec
c45d027c43 Designate Integration
Change-Id: I1ddefb7b6a6e1c7b0b76589b9f8f1b99776d39e8
Depends-On: I115090679bd2577cdc3998ab3cc97f9581e5e18a
bp designate-support
2018-03-27 15:45:39 +00:00
Honza Pokorny
7cbe28b5ef docker: add support for TripleO UI
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Partially-Implements: bp tripleo-ui-undercloud-container
Change-Id: I1109d19e586958ac4225107108ff90187da30edd
2018-03-15 23:43:17 +01:00
Martin André
417e192eac Add enpoints for TripleO UI Config
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Change-Id: I1e08f3b614e5f5754f0a0876fc7ff267b2970c25
Partially-Implements: bp tripleo-ui-undercloud-container
2018-02-20 01:30:32 +00:00
Jan Provaznik
b9ebc4e162 Pass storage nfs VIP to ceph-ansible
This VIP is needed in ceph-ansible to tell ganesha service
to listen on this IP only.
This parameter is passed through the endpoint map, it could be
done also by passing allNodesConfig to ceph-ansible (addressed
in patch https://review.openstack.org/#/c/509146/) and then getting
this value from allNodesConfig in tripleo-common ceph-ansible workbook.
Disadvantage of this alternative approach is that any parameter
change would require also change in tripleo-common.

Depends-On: If31722d669efe91082c93ecb815e6c41676480c8
Change-Id: I3c0da46dd0f0252158c6065b7c122b8567c88bc0
Partially-Implements: blueprint nfs-ganesha
2018-02-06 19:05:19 +00:00
Juan Antonio Osorio Robles
64e648d815 Fix the paths for the enable-internal-tls.yaml file in the ssl/ dir
These paths were wrong.

Change-Id: Id57e2e27b1edc04627c10e6f5a257c24e5e24b28
Closes-Bug: #1746951
2018-02-03 17:11:11 +00:00
Janki Chhatbar
278b141183 Add endpoint for ODL
Add ODL endpoint and use it to get ODL port. Public access to
ODL is not allowed and hence the public endpoint is missing.
Internal endpoint is used for all internal communication and
TLS is enabled for that.

Change-Id: I66af960c6732f5d2efa8ea2db28cad122e321999
2018-01-24 10:29:22 +05:30
Dan Prince
cec41586f7 Add docker-registry service
This is required for the containerized undercloud.

Change-Id: I542a19c084f37aaafd72378857af4f379f335a39
2017-12-27 01:41:50 +00:00
Pradeep Kilambi
96667edee2 Update panko port in env ssl yaml files to correct one
Change-Id: Iafe17a91c4695e442881e6fe813a6499f812f4b4
2017-09-19 11:08:45 +00:00
Ben Nemec
7c06db3d1c Convert enable-internal-tls.yaml to be generated
All of the other SSL environments were converted, but this one was
missed.  That's an inconsistent user experience and should be
cleaned up.

This environment also exposed a bug in the tool where it did not
include the parameter_defaults section key if all the parameters
were marked static.

Change-Id: I19bc422c22b9f60f781e696ce703b026dc317786
Closes-Bug: 1713761
2017-08-29 10:50:00 -05:00
Ben Nemec
406b1982ba Update generated ssl environments
These were edited manually and the input file was not updated, which
is causing problems when trying to generate new/updated envs.

Change-Id: Ia2e53e52361e35d94e2dedf9b8885498693bc2e0
Partial-Bug: 1713761
2017-08-29 10:49:47 -05:00
Michael Henkel
aa5194f878 Contrail network realignement + DPDK enablement
This patch moves Contrail roles communication from public/external
to internal_api network for OpenStack API.
It also adds the option to enable dpdk.
Monolithic firstboot script is broken down into small pre-network
and per-node extraconfig scripts

Change-Id: I296a3bf60cef6fa950fd71d6e68effe367d1e66b
Closes-Bug: 1698422
2017-07-25 18:24:13 +02:00
Ben Nemec
204a582099 Add nested sample environments for inject-trust-anchor
Fix a bug that prevented these working.  A unit test and
documentation for the nested environment functionality is also
included.

Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
2017-06-12 15:02:50 -05:00
Ben Nemec
8d086b1710 Add storage sample environments
Starts converting storage-related sample environments to the tool,
and adds a few new ones for demonstration purposes.

This has required the addition of a new category of parameter
overrides in the tool.  There are some parameters that are part of
the public API of roles that should not normally be included in a
sample environment for that role.  Examples are EndpointMap and
ServiceNetMap.  Those are both passed into most (all?) roles, but
their template defaults are not useful (both default to {}).
Unless we are explicitly creating a sample environment that
overrides those defaults we don't want them included.

Parameters such as RoleName and RoleParameters are similar.  We
can't change them because they are part of the composable roles
interface and that would break any existing custom roles, but we
don't really want them included normally either.  It's possible
these could be made completely private, but there have been some
very preliminary discussions about generating role samples that
might actually want to set them.

In order to avoid issues with editing the unit test file in editors
that strip trailing whitespace, the minor formatting bug where
params like EndpointMap had a trailing space after the name has
also been fixed.

Change-Id: If11f30c734bfbc17d463a9890c736d7477186fb9
2017-06-12 15:02:50 -05:00
Ben Nemec
f503d1b0e7 Support config dir for env generator input files
We're not going to want to list every single sample environment in
a single file, so let's also take a directory and just read every
yaml file in it.  This commit adds support for that as well as
some initial environments to demonstrate its use.

Change-Id: If2c608f2a61fc5e16784ab594d23f1fa335e1d3c
2017-06-12 15:02:50 -05:00