2974 Commits

Author SHA1 Message Date
Jenkins
6df32707e9 Merge "Add Mistral to scenario003" 2016-11-30 16:16:28 +00:00
Jenkins
8eb72c6134 Merge "get-occ-config.sh replace deprecated heat commands" 2016-11-30 16:11:52 +00:00
Jenkins
5fbcffc3f8 Merge "Test encrypted volumes in scenario002" 2016-11-30 16:00:39 +00:00
Jenkins
8f56a33e12 Merge "Apply os-net-config with a script instead of element" 2016-11-30 15:58:54 +00:00
Brad P. Crochet
dddddbf7da Add Mistral to scenario003
Install Mistral into the test overcloud and create a workflow to
verify the Mistral installation. This does not currently actually
execute the workflow. It merely tests that it can be created.

Change-Id: Ia03a605bcfd92498bf299d3042dca7c9932f5b63
Depends-On: Id5ff9cb498b5a47af38413d211ff0ed6ccd0015b
2016-11-30 07:24:00 -05:00
Jenkins
c060af6901 Merge "Disable all repos during rhel registration" 2016-11-30 11:26:12 +00:00
Emilien Macchi
0c7cbcffef Fix grammar
Fix English grammar error I did in a previous commit.

Change-Id: I06209ab782240f05844793e56270135d48792f3d
2016-11-29 21:49:18 -05:00
Jenkins
fafbefffc4 Merge "Revert "Set NeutronL3HA to false when deploying DVR"" 2016-11-29 17:22:25 +00:00
Jenkins
d5211348db Merge "Import TripleO CI environments from tripleo-ci" 2016-11-29 14:18:11 +00:00
Juan Antonio Osorio Robles
981c33a1fd Test encrypted volumes in scenario002
This effectively adds barbican-api to the deployment in scenario002
and uses it to provide encrypted volumes for cinder that a nova
instance boots from in the test.

Change-Id: I132e346755fb49c9563247b4404be06b97f77872
2016-11-29 14:17:57 +00:00
Jenkins
95e443cd10 Merge "Stop using puppet to configure VIPs in /etc/hosts" 2016-11-29 01:02:31 +00:00
Steve Baker
4f88933f9f get-occ-config.sh replace deprecated heat commands
The modern openstack equivalent heat commands require no awk and will
be slightly more efficient.

The roles variable is optionally populated by OVERCLOUD_ROLES so that
a subset of roles can be specified.

Change-Id: I6b66cb3bd81825fba726dd45b0db25896908f6dd
2016-11-28 21:53:19 +00:00
Dan Prince
2985cd9a3a Apply os-net-config with a script instead of element
Wire in os-net-config via a normal script heat deployment, which has the
following advantages:

1. Improved error path, currently o-a-c deployments don't report any
errors, thus hang and eventually the deployment times out

2. It's far more hackable from a deployer perspective, e.g it's
much easier to change the os-net-config options or include a
mapping file

3. Reduces our dependencies on o-a-c (it's only os-net-config and hiera
which requires it), although the script does currently still use oac to
get the metadata IP.

4. May enable passing os-net-config yaml via a json parameter in future,
reducing the need for resource_registry mappings (although we'll have to
support that for backwards compatibility)

The script used is based directly on 20-os-net-config (from t-i-e
at cf94c5e, we can probably improve this now that we have an error path,
but for this initial commit it's a straight copy other than the changes to
replace o-a-c for rendering the json config file.

Co-Authored-By: Steven Hardy <shardy@redhat.com>

Change-Id: I0ed08332cfc49a579de2e83960f0d8047690b97a
2016-11-28 14:23:11 -05:00
Martin Mágr
d1deaae25f Use correct type for SensuRedactVariables parameter
The parameter type is invalid making it impossible to enable monitoring-environment.

Change-Id: I835d1e82480edb0b6d082a7496d7ceebb1781728
Closes-Bug: #1641080
Closes-Bug: rhbz#1392473
2016-11-28 14:19:59 +01:00
Jenkins
d144f5e204 Merge "Enable TLS in the internal networkf or Mysql" 2016-11-28 10:17:03 +00:00
Jenkins
52d9139135 Merge "adding swift middleware that is typically enabled by default" 2016-11-28 09:48:31 +00:00
John Schwarz
8a849dd03c Revert "Set NeutronL3HA to false when deploying DVR"
DVR+HA routers are officially supported, so this patch can be reverted.

This reverts commit ce39dbac56123354576d2c31674e1b18535b0111.

Conflicts:
    environments/neutron-ovs-dvr.yaml

Change-Id: Ifeceb0c3ba01e81403903401ebfe69b9e9d7d2f2
2016-11-28 11:19:22 +02:00
Jenkins
597de6ec40 Merge "Cleanup some inline comments in network/config" 2016-11-27 19:31:39 +00:00
Dan Prince
933f1afefd Stop using puppet to configure VIPs in /etc/hosts
This patch drops use of the vip-hosts.yaml service which can
cause issues during deployment because puppet 'hosts' resources
overwrite the data in /etc/hosts. The only reason things seem to work
at all at the moment is because our hosts element in t-i-e runs
on each os-refresh-config iteration and re-adds the dropped hosts
entries.

To work around the issue we add a conditional which selectively
adds the extra hosts entries only if the AddVipsToEtcHosts is set
to true.

Closes-bug: 1645123

Change-Id: Ic6aaeb249a127df83894f32a704219683a6382b2
2016-11-27 13:20:33 -05:00
Emilien Macchi
2819cb391b Import TripleO CI environments from tripleo-ci
Import TripleO CI environments from tripleo-ci into THT for some
reasons:

1) THT is branched while tripleo-ci is not. Having them here would allow
   to make scenarios able to evolve over the releases without adding
   more scenarios.
2) Help our developers to run TripleO CI scenarios themselves from THT
   by exposing the templates here.

The whole discussion is here:
http://lists.openstack.org/pipermail/openstack-dev/2016-November/107816.html

Change-Id: I3527a64c0c8f56ca77115d32849fa23fe710112d
2016-11-25 07:54:33 -05:00
Giulio Fidente
2a7e044518 Provide full list of services for Compute role in HCI scenario
Until bug #1635409 is fixed, we can provide the full list of
services needed on the Compute role, plus CephOSD, in the
hyperconverged-ceph environment file, preserving the user
experience.

Change-Id: I42409bc098c740759b378969526e13efaf002d3c
Related-Bug: #1635409
2016-11-25 11:32:49 +01:00
Juan Antonio Osorio Robles
22003fbcba Enable TLS in the internal networkf or Mysql
This adds the necessary hieradata for enabling TLS for MySQL (which
happens to run on the internal network). It also adds a template so
this can be done via certmonger. As with other services, this will
fill the necessary specs for the certificate to be requested in a
hash that will be consumed in puppet-tripleo.

Note that this only enables that we can now use TLS, however, we still
need to configure the services (or limit the users the services use)
to only connect via SSL. But that will be done in another patch, as
there is some things that need to land before we can do this (changes
in puppetlabs-mysql and puppet-openstacklib).

Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118
Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
2016-11-25 08:45:36 +02:00
Jenkins
56c98446e7 Merge "Increase reserved memory for computes when enabling DVR" 2016-11-24 19:25:01 +00:00
Jenkins
e8b7c965fa Merge "Disable Neutron agents with OVN." 2016-11-24 19:24:54 +00:00
Jenkins
a864074f28 Merge "Make Ceilometer notifications non-blocking" 2016-11-24 19:24:48 +00:00
Jenkins
61ec62e080 Merge "Remove conditional for neutron l3_ha" 2016-11-24 17:30:28 +00:00
Jenkins
cbe4684432 Merge "Run os-net-config before restarting cluster on update" 2016-11-24 12:57:23 +00:00
Joe Talerico
9e3bf28cf0 Disable Neutron agents with OVN.
OVN natively implements services that are provided by Neutron agents.
This patch disables the Neutron DHCP agent as well as the OVS agent
for compute nodes.

Closes-bug: 1634580

Change-Id: I70631c2facbbf08257868e26e14af942ad7f2893
2016-11-24 10:09:53 +00:00
Jenkins
43b7712bd8 Merge "Explicitly set rabbit hosts so its not overridden during upgrade" 2016-11-24 09:23:59 +00:00
Jenkins
9c28b0f819 Merge "Add panko api support to service templates" 2016-11-24 06:45:11 +00:00
Jenkins
6800667195 Merge "Add necessary parameters for encrypted volumes support" 2016-11-23 18:50:49 +00:00
Brent Eagles
476b054428 Run os-net-config before restarting cluster on update
Running os-net-config before restarting the cluster prevents changes to
the interface files caused by changes to implementation from bouncing
network interfaces after the cluster has restarted.

Closes-Bug: #1644138

Change-Id: I65fb104465ff3d37ddc791634302994334136014
2016-11-23 14:43:27 -03:30
Jenkins
8659269164 Merge "Make the CloudDomain defaults match the doc strings" 2016-11-23 17:05:45 +00:00
Jenkins
42405fae72 Merge "Remove Combination alarms support" 2016-11-23 15:57:20 +00:00
Pradeep Kilambi
4e0e4a5cdf Explicitly set rabbit hosts so its not overridden during upgrade
During ceilometer pre upgrade, rabbit host config gets overridden in
ceilometer conf as its setting to defaults. This explicitly sets the
host info in standalone manifest.

Closes-Bug: #1644278

Change-Id: I862ea7165c5d42ba1f9a19111a8be8934c0ef883
2016-11-23 10:49:54 -05:00
Dan Prince
e2e0f9db0c Cleanup some inline comments in network/config
This patch cleans up some inline comments that are a bit
non-standardly formatted so that we can more easily parse
these templates in an automated fashion.

Change-Id: Ibf91f3478fd894f9323d8805729ece9c5fab256f
2016-11-23 10:35:07 -05:00
Jenkins
1459612717 Merge "Configure Keystone Fernet Keys" 2016-11-23 15:27:38 +00:00
Jenkins
fd870e423d Merge "Fix resource_registry path in enable-internal-tls" 2016-11-23 15:27:08 +00:00
Jenkins
539fc9de07 Merge "Fix ovs 2.4 to 2.5 upgrade - minor update non controllers" 2016-11-23 10:35:25 +00:00
Jenkins
48c1daac34 Merge "Containerized Services for Composable Roles" 2016-11-23 10:09:21 +00:00
Jenkins
22b01f75dd Merge "Enables auto-detection for VIP interfaces" 2016-11-23 01:29:08 +00:00
Julie Pichon
0ca8dab4cb Make the CloudDomain defaults match the doc strings
Not having the default easily accessible is causing issues for the UI,
as it cannot guess at it and can accidentally overwrite the value with
an empty string (the expected default when unset). The default is
already helpfully spelled out in the doc string for each file, this
updates the parameter to match it.

Change-Id: Ic284f9904e8f1d01cc717d59a0759f679d94106d
Closes-Bug: #1643670
2016-11-22 21:01:28 +00:00
marios
5a472f196e Fix ovs 2.4 to 2.5 upgrade - minor update non controllers
In I9b1f0eaa0d36a28e20b507bec6a4e9b3af1781ae and
I11fcf688982ceda5eef7afc8904afae44300c2d9 we landed a workaround
for the openvswitch 2.4 to 2.5 upgrade discussed in the bug below.

Unfortunately testing has revealed a problem with the minor update
case specifically for non controllers. It seems we would exit
before the ovs workaround has had a chance to execute. This moves
the block up a few lines to avoid this condition. As with the
other two reviews noted here, this will need to go into newton
and then mitaka too.

Change-Id: If905de82d96302334ebe02de9c43f00faed9b72b
Related-Bug: 1635205
2016-11-22 20:19:26 +02:00
Juan Antonio Osorio Robles
d9b80a8cf6 Fix resource_registry path in enable-internal-tls
It had a wrong path and thus crashed when one tried to use it.

Change-Id: Ida4f899c76cce6e819d7e0effaf038f699763bee
Closes-Bug: #1643863
2016-11-22 14:32:07 +02:00
Ian Main
6e866224fd Containerized Services for Composable Roles
This change modifies the template interface to support containers and
converts the compute services to composable roles.

Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Flavio Percoco <flavio@redhat.com>
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Steve Baker <sbaker@redhat.com>
Change-Id: I82fa58e19de94ec78ca242154bc6ecc592112d1b
2016-11-22 11:42:49 +01:00
Jenkins
2fc81bef2f Merge "Disable Options Indexes in horizon" 2016-11-22 04:15:23 +00:00
Jenkins
c8b6918776 Merge "Enable enforce_password_check" 2016-11-21 16:33:14 +00:00
Juan Antonio Osorio Robles
583e052df6 Add necessary parameters for encrypted volumes support
If barbican is set, it will configure cinder and nova-compute with
the necessary parameters to enable encrypted volumes to be created if
requested.

Change-Id: Id13811cf8e090706c590ffff46c237ff8131efd9
2016-11-21 13:48:23 +02:00
Christian Schwede
ab8b13d09b Make Ceilometer notifications non-blocking
Ceilometer notifications can be sent in a background thread, unblocking
the Swift proxy in case the RabbitMQ is not processing notifications
quick enough or even unavailable.

There is a default queue size of 1000 notifications. If more messages
are added to the queue these will be discarded, and a warning log entry
will be emitted.

Change-Id: I98022dcbf661a5bb7425f49ba8525225d61212dc
2016-11-18 15:00:23 +01:00
Steven Hardy
0f742c7ec9 Disable keepalived for HA deployments via t-h-t
Currently this is disabled via a conditional in the keepalived
profile in puppet-tripleo, but this will be incompatible with
the planned composable upgrades implementation.  Instead we should
disable the service template by mapping to OS::Heat::None, and
ensure the haproxy manifest uses the t-h-t generated hiera value
keepalived_enabled instead of hard-coding a hiera override in the
haproxy template.

Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef
Partial-Bug: #1642936
Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
2016-11-18 11:45:57 +00:00