The OSA assisted HA deployment is not recommended for production
environments, besides it being limited. Therefore, we're relying on our
deployment of HAproxy + Keepalived to provide HA on top of OpenShift in
addition to adding more OpenShift nodes.
Depends-On: Ib573758b515264d1dda90cc9de61f4fa6659dc7d
Change-Id: I7ab677e4803e9df5f6641204cb0b6ccc5b1eb79f
This is basically a rewrite of the bash script pushed by
puppet/extraconfig/tls/tls-cert-inject.yaml
UpgradeImpact: NodeTLSData is not used anymore
Change-Id: Iaf7386207e5bd8b336759f51e4405fe15114123a
I934561612d26befd88a9053262836b47bdf4efb0 renamed the rabbit ssl
parameters that we use in the same environment generate but since the
script did not fail, it made it past CI. This change fixes the
RabbitClientUseSsl parameter in the environment to match the new
RpcUseSsl flag and updates the check script to fail if this happens
again.
Change-Id: I47c63875c6934bca2903883787467fc1804ba5da
Closes-Bug: #1768358
This is part of enabling TLS by default. It'll be needed in order to get
the certificate injection to work.
Needed-By: I3d3cad0eb1396e7bee146794b29badad302efdf3
Change-Id: I25e35ad1e4f12eb4cca7a0cd3e120e70e4a8c564
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Partially-Implements: bp tripleo-ui-undercloud-container
Change-Id: I1109d19e586958ac4225107108ff90187da30edd
This VIP is needed in ceph-ansible to tell ganesha service
to listen on this IP only.
This parameter is passed through the endpoint map, it could be
done also by passing allNodesConfig to ceph-ansible (addressed
in patch https://review.openstack.org/#/c/509146/) and then getting
this value from allNodesConfig in tripleo-common ceph-ansible workbook.
Disadvantage of this alternative approach is that any parameter
change would require also change in tripleo-common.
Depends-On: If31722d669efe91082c93ecb815e6c41676480c8
Change-Id: I3c0da46dd0f0252158c6065b7c122b8567c88bc0
Partially-Implements: blueprint nfs-ganesha
Add ODL endpoint and use it to get ODL port. Public access to
ODL is not allowed and hence the public endpoint is missing.
Internal endpoint is used for all internal communication and
TLS is enabled for that.
Change-Id: I66af960c6732f5d2efa8ea2db28cad122e321999
All of the other SSL environments were converted, but this one was
missed. That's an inconsistent user experience and should be
cleaned up.
This environment also exposed a bug in the tool where it did not
include the parameter_defaults section key if all the parameters
were marked static.
Change-Id: I19bc422c22b9f60f781e696ce703b026dc317786
Closes-Bug: 1713761
These were edited manually and the input file was not updated, which
is causing problems when trying to generate new/updated envs.
Change-Id: Ia2e53e52361e35d94e2dedf9b8885498693bc2e0
Partial-Bug: 1713761
This patch moves Contrail roles communication from public/external
to internal_api network for OpenStack API.
It also adds the option to enable dpdk.
Monolithic firstboot script is broken down into small pre-network
and per-node extraconfig scripts
Change-Id: I296a3bf60cef6fa950fd71d6e68effe367d1e66b
Closes-Bug: 1698422
Fix a bug that prevented these working. A unit test and
documentation for the nested environment functionality is also
included.
Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
Starts converting storage-related sample environments to the tool,
and adds a few new ones for demonstration purposes.
This has required the addition of a new category of parameter
overrides in the tool. There are some parameters that are part of
the public API of roles that should not normally be included in a
sample environment for that role. Examples are EndpointMap and
ServiceNetMap. Those are both passed into most (all?) roles, but
their template defaults are not useful (both default to {}).
Unless we are explicitly creating a sample environment that
overrides those defaults we don't want them included.
Parameters such as RoleName and RoleParameters are similar. We
can't change them because they are part of the composable roles
interface and that would break any existing custom roles, but we
don't really want them included normally either. It's possible
these could be made completely private, but there have been some
very preliminary discussions about generating role samples that
might actually want to set them.
In order to avoid issues with editing the unit test file in editors
that strip trailing whitespace, the minor formatting bug where
params like EndpointMap had a trailing space after the name has
also been fixed.
Change-Id: If11f30c734bfbc17d463a9890c736d7477186fb9
We're not going to want to list every single sample environment in
a single file, so let's also take a directory and just read every
yaml file in it. This commit adds support for that as well as
some initial environments to demonstrate its use.
Change-Id: If2c608f2a61fc5e16784ab594d23f1fa335e1d3c