3372 Commits

Author SHA1 Message Date
Zuul
e64c10b9c1 Merge "Change template names to rocky" 2018-05-09 16:21:49 +00:00
Zuul
a09f481909 Merge "Add EnablePublicTLS flag" 2018-05-09 16:21:45 +00:00
Zuul
8bdd618ec3 Merge "ironic-inspector: store ramdisk logs even on success in debug mode" 2018-05-09 15:40:19 +00:00
Zuul
be4b9c1c4f Merge "Generate and mount wrappers for neutron agent processes" 2018-05-09 09:13:08 +00:00
Carlos Camacho
44ef2a3ec1 Change template names to rocky
The new master branch should point now to rocky.

So, HOT templates should specify that they might contain features
for rocky release [1]

Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
2018-05-09 08:28:42 +02:00
Zuul
62a266c6c4 Merge "Add support for NVMeOF cinder backend" 2018-05-08 18:22:19 +00:00
Brent Eagles
b022737652 Generate and mount wrappers for neutron agent processes
The neutron agents use things like dnsmasq and keepalived as part of
their implementation. Running these "subprocesses" in separate
containers prevent dataplane breakages/unnecessary failover on agent
container restart. This patch triggers the creation and mounting of
wrappers for launching these processes in containers.

Related-Bug: #1749209
Depends-On: Icd4c24ac686d957391548a04722266cefc1bce27
Depends-On: I8d93f4eccde1dc6e55e10399184ee80671355769
Depends-On: Ib2d2ad4960ea34ec9e3fca1eeb322742341f7eb7
Change-Id: Iea53489c916765bcfd88d7d12e6a32e1b6276d81
2018-05-08 15:10:06 -02:30
Dmitry Tantsur
f7e867b6b4 ironic-inspector: store ramdisk logs even on success in debug mode
Change-Id: I4ec0e1f48a508a8681e6115021cf7bb65ac903d4
2018-05-08 18:35:56 +02:00
Juan Antonio Osorio Robles
1260da2746 Add EnablePublicTLS flag
This flag is on by default, and serves to enable (or disable) the
public TLS by default feature.

It differs from the PublicSSLCertificateAutogenerated flag in the fact
that it works with mistral, while PublicSSLCertificateAutogenerated
works with certmonger in the overcloud.

Change-Id: If553ecff26d5ecd529c37ca438e0ba1795e9ecca
2018-05-08 10:45:09 +00:00
Zuul
4f5dceca90 Merge "undercloud: switch to the "direct" deploy interface by default" 2018-05-08 04:20:57 +00:00
Zuul
f9c2ae1f82 Merge "Fix deprecations in the ironic modules" 2018-05-07 21:18:50 +00:00
Hamdy Khader
afcf2c71e3 Add support for NVMeOF cinder backend
Change-Id: I2ee3b44fc4a7bede635b0bfcacd1dab8547d123a
2018-05-07 15:45:42 +03:00
Zuul
ab48921795 Merge "[DellEMC]Update Manila Unity driver" 2018-05-06 20:40:15 +00:00
Zuul
2a10c8d349 Merge "Fix case-sensitive OctaviaUserName parameter" 2018-05-04 18:41:25 +00:00
Emilien Macchi
56898d95fb heat: align config with instack-undercloud
- Enable heat convergence for containerized undercloud
- Set max_json_body_size=4194304 for containerized undercloud.
- Introduce HeatMaxNestedStackDepth parameter.
- Introduce HeatReauthenticationAuthMethod parameter and configure it to
  'trusts' for the undercloud.

Change-Id: I044bf29e7ae320a478e0ba0eb12870f47735d4f1
2018-05-03 08:35:09 -07:00
Carlos Goncalves
cdaa063342 Fix case-sensitive OctaviaUserName parameter
Change-Id: I89057ec906f5ccd36981bf01a419c7ca8ba502e5
2018-05-03 13:38:01 +02:00
Dmitry Tantsur
89de728acb undercloud: switch to the "direct" deploy interface by default
Instead of serving images via slow and somewhat unreliable iSCSI protocol,
this deploy method makes IPA download them from the undercloud Swift.

Change-Id: Ic569358b781337ec6ba8ba802ada1f940917bd61
Implements: blueprint ironic-direct-deploy
2018-05-02 11:58:41 +02:00
Zuul
3018374ad0 Merge "Remove step_config from CinderVolume backend services" 2018-05-01 20:26:13 +00:00
Zuul
c803490a77 Merge "Add www_authenticate_uri option to replace auth_uri." 2018-05-01 08:55:39 +00:00
Zuul
bf85ebfc01 Merge "[DellEMC]Update Manila VNX driver" 2018-05-01 08:55:38 +00:00
Zuul
8a8d820d66 Merge "Set live_migration_inbound_addr for ssh transport" 2018-05-01 08:37:42 +00:00
Alan Bishop
94b5c1155e Remove step_config from CinderVolume backend services
Cinder backends should not repeat the step_config that the CinderVolume
service uses to trigger things in puppet-tripleo. This is benign when
Cinder runs on baremetal, but causes problems when Cinder runs in
containers. It causes the cinder-volume service to run twice, in both
the container as well as on the baremetal host.

Closes-Bug: #1768063
Change-Id: Ie02553f74563883094a13c67a958b15371e90424
2018-04-30 11:40:38 -04:00
Zuul
5e17a83d02 Merge "Define Octavia SSH key name and file path" 2018-04-30 12:52:34 +00:00
venkata anil
ae4aac8cb5 Restrict tenant network to geneve
OVN doesn't support VXLAN networks. VLAN tenant networks
have limitations and should be blocked till they are fixed.
So we restrict tenant network to geneve.

Change-Id: I4cabde39c252a605d769e137ae402f6fbc5a3041
Closes-Bug: 1767070
2018-04-27 15:40:03 +05:30
Dmitry Tantsur
8cbbd08259 Fix deprecations in the ironic modules
* auth_uri was replaced by www_authenticate_uri
* conductor::api_url is redundant, can be fetched from keystone
* glance_api_servers is redundant, can be fetched from keystone

Change-Id: I654f312754e169c54f3e7072160006b8d3112265
2018-04-26 15:49:23 +02:00
Zuul
b70527f41a Merge "Explicitly set nova/neutron/ceilometer host to expected fqdn" 2018-04-26 00:40:05 +00:00
Zuul
d023a6b1ca Merge "Add neutron "segments" plugin to the default list" 2018-04-25 21:21:32 +00:00
Zuul
822bd996b3 Merge "Support separate oslo.messaging services for RPC and Notification" 2018-04-25 04:43:46 +00:00
Yong Huang
79719a11cc [DellEMC]Update Manila Unity driver
This patch adds following 3 options:

* network_plugin_ipv6_enabled
* emc_ssl_cert_verify
* emc_ssl_cert_path

Depends-On: https://review.openstack.org/538146

Change-Id: Ic0391618cf00413d6adc0ed3cba97eb76793c36a
2018-04-25 11:22:07 +08:00
Peter Wang
60796ebfc9 [DellEMC]Update Manila VNX driver
This patch adds following 3 options:

* network_plugin_ipv6_enabled
* emc_ssl_cert_verify
* emc_ssl_cert_path

Depends-On: https://review.openstack.org/555648

Change-Id: I42b0555c077dbc9f9d5ae4efaf1ec41a9c563b6a
2018-04-25 02:08:39 +00:00
Oliver Walsh
9faea7204c Set live_migration_inbound_addr for ssh transport
Currently this is only set when TLS is enabled, which means that with the ssh
transport we cannot control the network used, and we are relying on DNS or
hosts file to be correct, which is not guaranteed (especially with DNS).

Related-Bug: 1765462
Depends-On: Ifdc5fbd05195604ab6ea6564d0905f9385c6df67
Change-Id: I89011d06233dafb5ca3bbb45431387ebda521711
2018-04-24 15:00:51 +01:00
Zuul
373a873689 Merge "Default collectd to overcloud gnocchi" 2018-04-24 11:44:06 +00:00
Zuul
8e95d2c251 Merge "Start using nova_metadata_host" 2018-04-24 11:23:20 +00:00
Zuul
aead20e3cf Merge "Modify libvirt port range for live-migration" 2018-04-24 08:34:55 +00:00
bc3600b362 Add neutron "segments" plugin to the default list
[1] Added a tests which requires "segments" plugin but
we don't have it enabled in overcloud. It is enabled in
neutron jobs from long[2]. This patch adds this plugin
to the default enabled plugins.

[1] https://review.openstack.org/#/c/558609/
[2] https://review.openstack.org/#/c/459439/

Related-Bug: #1765008
Change-Id: I1bc36c4533dcaadd81d7c93a194e9319217c69cd
2018-04-24 11:18:04 +05:30
Zuul
784145857d Merge "Add environment file for Mellanox SDN" 2018-04-23 17:11:52 +00:00
Oliver Walsh
31e4c0194d Explicitly set nova/neutron/ceilometer host to expected fqdn
This avoids any issues where the host/domainname is altered by a DHCP lease.
Also the puppet/facter fqdn can be unpredictable when there are multiple NICs.

Change-Id: I7ed52727d1515ee7f191a82b0b1d645a9d597cd3
Closes-bug: 1758034
2018-04-23 15:17:58 +01:00
Martin Mágr
723e428f40 Default collectd to overcloud gnocchi
This patch makes it possible to use overcloud gnocchi instance as datastore
for collectd.

Closes-Bug: #1766255
Change-Id: I122c705eed80a4ee0cefcbd077e6f03cd320d448
2018-04-23 15:35:31 +02:00
Carlos Goncalves
38eee383e5 Define Octavia SSH key name and file path
This will enable Octavia Ansible roles in tripleo-common to get these
values and configure keys for accessing Octavia amphorae via SSH.

This patch also makes the Octavia username and project name
configurable.

Change-Id: I80aa324254e6837e8d3c39e9d05a5e152783f0bb
2018-04-23 09:04:53 +02:00
Andrew Smith
78bc457585 Support separate oslo.messaging services for RPC and Notification
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.

This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
  (rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
  and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note

Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
2018-04-22 04:33:44 +00:00
Zuul
9adbefc722 Merge "Disallow SSLv2, SSLv3 and TLS1.0 in httpd for FedRAMP compliance." 2018-04-20 13:59:45 +00:00
Zuul
ae4ff0148c Merge "Containerize Neutron LBaaS service plugin" 2018-04-19 22:53:30 +00:00
Zuul
52511a976c Merge "Add missing hiera interpolation calls" 2018-04-19 09:13:58 +00:00
Juan Antonio Osorio Robles
1b54e4b5a7 Disallow SSLv2, SSLv3 and TLS1.0 in httpd for FedRAMP compliance.
We now enforce TLS1.1 or higher for httpd connections, to meet the
requirements for FedRAMP.

Change-Id: If875822f1cb705d17405621e64fea2536edc142a
Related-Bug: #1754368
2018-04-19 09:51:20 +03:00
Hamdy Khader
e4c1531a42 Add environment file for Mellanox SDN
Depends-On: I805bdfc6f2bed8f998f73d3e17a4c2ab493f5717
Change-Id: I2a8f66b2f3b2f5e9eb3542bd7a1ab7bb4d1ba90d
2018-04-18 17:20:28 +03:00
Carlos Goncalves
9526cef547 Containerize Neutron LBaaS service plugin
Change-Id: I68e5ca5a78a2bd08082a494b636c6e2debb6bbae
2018-04-18 10:53:48 +02:00
Jose Luis Franco Arza
2b662be9a4 Add www_authenticate_uri option to replace auth_uri.
auth_uri option has been depreacted in
favor of www_authenticate_uri from group
keystone_authtoken in puppet-keystone [0]
and keystonemiddleware [1].

This patch adds the new option keeping auth_uri
references in the templates until the replace
will be updated in all puppet packages.

[0] https://review.openstack.org/#/c/558344/
[1] https://review.openstack.org/#/c/508522/

Closes-Bug: #1761171
Change-Id: I804ec73b970844d245dbb0911710ec817359beb0
2018-04-18 10:36:18 +02:00
Bogdan Dobrelya
2e224ddaaa Add missing hiera interpolation calls
Complements [0], [1]

[0] https://review.openstack.org/#/c/526692
[1] https://review.openstack.org/#/c/561498

Related-bug: #1742915

Change-Id: I57859178988e92f926b6c41370afd8b0d1552831
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-04-18 10:10:46 +02:00
Zuul
628cd0e390 Merge "Add Ironic Networking Baremetal Templates" 2018-04-18 05:52:20 +00:00
Rajesh Tailor
3da3f5d8de Modify libvirt port range for live-migration
By default, libvirtd uses ports 49152 to 49215 for live-migration,
as specified in qemu.conf

Since these ports is subset to ephemeral port range, which is from
32768 to 61000 for linux, it can be consumed by any other service
as well. It causes live-migration to fail, with below error:

Live Migration failure: internal error: Unable to find an unused
port in range 'migration' (49152-49215)

Using port range out of ephemeral port range.

Change-Id: I2039eca87c11638faf6262259b7bcface982f5c6
2018-04-18 11:05:52 +05:30