616 Commits

Author SHA1 Message Date
Zuul
a09f481909 Merge "Add EnablePublicTLS flag" 2018-05-09 16:21:45 +00:00
Zuul
62a266c6c4 Merge "Add support for NVMeOF cinder backend" 2018-05-08 18:22:19 +00:00
Juan Antonio Osorio Robles
1260da2746 Add EnablePublicTLS flag
This flag is on by default, and serves to enable (or disable) the
public TLS by default feature.

It differs from the PublicSSLCertificateAutogenerated flag in the fact
that it works with mistral, while PublicSSLCertificateAutogenerated
works with certmonger in the overcloud.

Change-Id: If553ecff26d5ecd529c37ca438e0ba1795e9ecca
2018-05-08 10:45:09 +00:00
Zuul
4f5dceca90 Merge "undercloud: switch to the "direct" deploy interface by default" 2018-05-08 04:20:57 +00:00
Zuul
e88997e51f Merge "Convert resource_name to number" 2018-05-08 04:01:41 +00:00
Zuul
cb9a66c41e Merge "Undercloud upgrades will use upgrade_tasks" 2018-05-07 21:18:46 +00:00
Hamdy Khader
afcf2c71e3 Add support for NVMeOF cinder backend
Change-Id: I2ee3b44fc4a7bede635b0bfcacd1dab8547d123a
2018-05-07 15:45:42 +03:00
Zuul
ab48921795 Merge "[DellEMC]Update Manila Unity driver" 2018-05-06 20:40:15 +00:00
Emilien Macchi
77aa6763f6 Undercloud upgrades will use upgrade_tasks
Instead of using host_prep_tasks (which are part of deployment tasks),
we'll use the upgrade tasks that are now well known and tested in
previous releases, when the we containerized the overcloud.

Depends-On: Id25e6280b4b4f060d5e3f78a50ff83aaca9e6b1a
Change-Id: Ic199c7d431e155e2d37996acd0d7b924d14af2b7
2018-05-05 06:52:34 +00:00
Zuul
72df07f8fd Merge "Octavia amphora image handling updates" 2018-05-04 17:59:23 +00:00
Dmitry Tantsur
89de728acb undercloud: switch to the "direct" deploy interface by default
Instead of serving images via slow and somewhat unreliable iSCSI protocol,
this deploy method makes IPA download them from the undercloud Swift.

Change-Id: Ic569358b781337ec6ba8ba802ada1f940917bd61
Implements: blueprint ironic-direct-deploy
2018-05-02 11:58:41 +02:00
Zuul
072d1bad02 Merge "Revert "Fixes ceph-external docker service name"" 2018-05-02 00:25:40 +00:00
Zuul
c803490a77 Merge "Add www_authenticate_uri option to replace auth_uri." 2018-05-01 08:55:39 +00:00
Zuul
bf85ebfc01 Merge "[DellEMC]Update Manila VNX driver" 2018-05-01 08:55:38 +00:00
Zuul
8a8d820d66 Merge "Set live_migration_inbound_addr for ssh transport" 2018-05-01 08:37:42 +00:00
James Slagle
49d0721335 Convert resource_name to number
When sorting by resource_name, first convert it to a number so that
it's sorted correctly. Otherwise, deployments with > 10 nodes could
configure nodes out of order.

Change-Id: I604428dacd63140f4e89b45c55f7eb859df27fe7
Closes-Bug: #1768158
2018-04-30 20:07:00 -04:00
Zuul
5e17a83d02 Merge "Define Octavia SSH key name and file path" 2018-04-30 12:52:34 +00:00
Giulio Fidente
cea554ee21 Revert "Fixes ceph-external docker service name"
This reverts commit b02740533db5bbb05331f127dc22866cc870f15b. The
CephExternal service is managed like CephClient by ceph-ansible,
except for the additional parameter we need to pass to explicitly
list the MONs.

Change-Id: Icb56b4dffb5c5d813239cb5077b1e3a4ae8f21d1
Closes-Bug: #1765788
2018-04-27 19:50:13 +02:00
Zuul
68bfa9828f Merge "Switch to config-download by default" 2018-04-27 08:14:36 +00:00
Zuul
b70527f41a Merge "Explicitly set nova/neutron/ceilometer host to expected fqdn" 2018-04-26 00:40:05 +00:00
Zuul
d023a6b1ca Merge "Add neutron "segments" plugin to the default list" 2018-04-25 21:21:32 +00:00
James Slagle
f44e8d7bd2 Switch to config-download by default
Updates overcloud-resource-registry.j2.yaml to include the mappings from
enviornments/config-download-environment.yaml. This enables
config-download by default. The environment to explicitly enable
config-download is deprecated.

An environment at environments/disable-config-download.yaml is added
which can be used to disable config-download but is marked as
deprecated.

Change-Id: I8389a0c48e1aa610fdc6a8580516889340883034
implements: blueprint config-download-default
2018-04-25 09:42:13 -04:00
Zuul
1bec57e977 Merge "Add validation for SoftwareConfig outputs" 2018-04-25 08:44:14 +00:00
Zuul
822bd996b3 Merge "Support separate oslo.messaging services for RPC and Notification" 2018-04-25 04:43:46 +00:00
Yong Huang
79719a11cc [DellEMC]Update Manila Unity driver
This patch adds following 3 options:

* network_plugin_ipv6_enabled
* emc_ssl_cert_verify
* emc_ssl_cert_path

Depends-On: https://review.openstack.org/538146

Change-Id: Ic0391618cf00413d6adc0ed3cba97eb76793c36a
2018-04-25 11:22:07 +08:00
Peter Wang
60796ebfc9 [DellEMC]Update Manila VNX driver
This patch adds following 3 options:

* network_plugin_ipv6_enabled
* emc_ssl_cert_verify
* emc_ssl_cert_path

Depends-On: https://review.openstack.org/555648

Change-Id: I42b0555c077dbc9f9d5ae4efaf1ec41a9c563b6a
2018-04-25 02:08:39 +00:00
Oliver Walsh
9faea7204c Set live_migration_inbound_addr for ssh transport
Currently this is only set when TLS is enabled, which means that with the ssh
transport we cannot control the network used, and we are relying on DNS or
hosts file to be correct, which is not guaranteed (especially with DNS).

Related-Bug: 1765462
Depends-On: Ifdc5fbd05195604ab6ea6564d0905f9385c6df67
Change-Id: I89011d06233dafb5ca3bbb45431387ebda521711
2018-04-24 15:00:51 +01:00
Zuul
373a873689 Merge "Default collectd to overcloud gnocchi" 2018-04-24 11:44:06 +00:00
Brent Eagles
4d8a80f386 Octavia amphora image handling updates
This patch changes some defaults that turned out to be not very good in
practice to be empty values. The default behavior is instead
distribution specific behavior in the ansible playbooks.

Change-Id: Ib5338d0fadc9c1c8fcf73c53e4364d35a5f29fe7
Related-Bug: #1754039
Depends-On: https://review.openstack.org/#/c/562019/
2018-04-24 11:10:10 +02:00
Zuul
aead20e3cf Merge "Modify libvirt port range for live-migration" 2018-04-24 08:34:55 +00:00
bc3600b362 Add neutron "segments" plugin to the default list
[1] Added a tests which requires "segments" plugin but
we don't have it enabled in overcloud. It is enabled in
neutron jobs from long[2]. This patch adds this plugin
to the default enabled plugins.

[1] https://review.openstack.org/#/c/558609/
[2] https://review.openstack.org/#/c/459439/

Related-Bug: #1765008
Change-Id: I1bc36c4533dcaadd81d7c93a194e9319217c69cd
2018-04-24 11:18:04 +05:30
Oliver Walsh
31e4c0194d Explicitly set nova/neutron/ceilometer host to expected fqdn
This avoids any issues where the host/domainname is altered by a DHCP lease.
Also the puppet/facter fqdn can be unpredictable when there are multiple NICs.

Change-Id: I7ed52727d1515ee7f191a82b0b1d645a9d597cd3
Closes-bug: 1758034
2018-04-23 15:17:58 +01:00
Martin Mágr
723e428f40 Default collectd to overcloud gnocchi
This patch makes it possible to use overcloud gnocchi instance as datastore
for collectd.

Closes-Bug: #1766255
Change-Id: I122c705eed80a4ee0cefcbd077e6f03cd320d448
2018-04-23 15:35:31 +02:00
Carlos Goncalves
38eee383e5 Define Octavia SSH key name and file path
This will enable Octavia Ansible roles in tripleo-common to get these
values and configure keys for accessing Octavia amphorae via SSH.

This patch also makes the Octavia username and project name
configurable.

Change-Id: I80aa324254e6837e8d3c39e9d05a5e152783f0bb
2018-04-23 09:04:53 +02:00
Andrew Smith
78bc457585 Support separate oslo.messaging services for RPC and Notification
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.

This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
  (rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
  and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note

Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
2018-04-22 04:33:44 +00:00
James Slagle
a134b717dd Add validation for SoftwareConfig outputs
SoftwareConfig/StructuredConfig outputs aren't supported with
config-download given that Heat doesn't know what the output values will
since Ansible is applying all configuration after the stack is complete.

This validation will report a warning whenever it finds use of outputs on
these resource types.

After config-download is the default and the Heat driven method is no
longer supported, we can switch this warning to an error.

Change-Id: I44d5ee3bab3d05ab0a59261d15ea915c75b35713
2018-04-20 13:27:22 +00:00
Zuul
ae4ff0148c Merge "Containerize Neutron LBaaS service plugin" 2018-04-19 22:53:30 +00:00
Zuul
574da27592 Merge "Correct indentation and file path" 2018-04-19 08:26:37 +00:00
Carlos Goncalves
9526cef547 Containerize Neutron LBaaS service plugin
Change-Id: I68e5ca5a78a2bd08082a494b636c6e2debb6bbae
2018-04-18 10:53:48 +02:00
Jose Luis Franco Arza
2b662be9a4 Add www_authenticate_uri option to replace auth_uri.
auth_uri option has been depreacted in
favor of www_authenticate_uri from group
keystone_authtoken in puppet-keystone [0]
and keystonemiddleware [1].

This patch adds the new option keeping auth_uri
references in the templates until the replace
will be updated in all puppet packages.

[0] https://review.openstack.org/#/c/558344/
[1] https://review.openstack.org/#/c/508522/

Closes-Bug: #1761171
Change-Id: I804ec73b970844d245dbb0911710ec817359beb0
2018-04-18 10:36:18 +02:00
Zuul
628cd0e390 Merge "Add Ironic Networking Baremetal Templates" 2018-04-18 05:52:20 +00:00
Rajesh Tailor
3da3f5d8de Modify libvirt port range for live-migration
By default, libvirtd uses ports 49152 to 49215 for live-migration,
as specified in qemu.conf

Since these ports is subset to ephemeral port range, which is from
32768 to 61000 for linux, it can be consumed by any other service
as well. It causes live-migration to fail, with below error:

Live Migration failure: internal error: Unable to find an unused
port in range 'migration' (49152-49215)

Using port range out of ephemeral port range.

Change-Id: I2039eca87c11638faf6262259b7bcface982f5c6
2018-04-18 11:05:52 +05:30
Alex Schultz
628da8a37e Move mod_ssl release note
The mod_ssl release note was in the wrong place. Moving it so it can be
with it's friends in releasenotes/notes

Change-Id: I33d6a2354f26e5571501d5810ac20bb9c0101634
2018-04-17 12:57:36 +00:00
Janki Chhatbar
871e9619d5 Correct indentation and file path
Indentation for few lines is corrected and
correct path for config file is updated. data
folder is deleted during update/upgrade. Set
correct permissions (42462:42462) for
genius-mdsalutil-config.xml. 42462 comes from
kolla and is id for odl user inside the container.

Closes-Bug: 1764603
Change-Id: Ie343cd4cab7cc009b1940a98fa73b1ac15b3b56d
2018-04-17 10:36:26 +00:00
Zuul
6d0f2f56af Merge "Handle undercloud upgrades via host_prep_tasks" 2018-04-13 14:42:32 +00:00
Zuul
83fdc0b30b Merge "Set ulimit for nova-compute and cinder-volume" 2018-04-13 10:58:37 +00:00
Emilien Macchi
d86025593b Handle undercloud upgrades via host_prep_tasks
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
containerization case.

Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.

Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
2018-04-12 18:14:28 -07:00
Harald Jensas
5203e43979 Add Ironic Networking Baremetal Templates
Ironic neutron agent will be installed on controller nodes, or
networker nodes, when environments/services/ironic.yaml or
environments/services-docker/ironic.yaml is used.

It should also be enabled on undercloud.

Also enables ``baremetal`` ML2 mechanism driver on undercloud.

Depends-On: Ic1f44414e187393d35e1382a42d384760d5757ef
Depends-On: I3c40f84052a41ed440758b971975c5c81ace4225
Change-Id: I0b4ef83a5383ff9726f6d69e0394fc544c381a7e
2018-04-12 23:59:34 +02:00
70276931a4 Set ulimit for nova-compute and cinder-volume
Nova compute and cinder volume uses oslo concurrency
processuitls.execute to run privileged commands.
Containers inherit file descriptor limit from docker daemon
(currently:1048576) which is too high and leads to performance
issue. This patch sets nofile limit to 1024 for nova compute
and 131072 for cinder volume, which is reasonable as before
containers nova compute used host defaults i.e 1024 and cinder
volume systemctl override([1]) i.e 131072. Also updated neutron
l3, dhcp and ovs agent to use Parameters for ulimit configuration.

[1] https://review.rdoproject.org/r/#/c/1360/.

Closes-Bug: #1762455
Related-Bug: #1760471
Related-Bug: #1757556
Change-Id: I4d4b36de32f8a8e311efd87ea1c4095c5568dec4
2018-04-12 11:14:02 +05:30
Tim Rozet
f51f533679 Removes odl-dlux-gui feature for ODL
The GUI feature is no longer supported with ODL and needs to be removed.
We relied on the URL provided by this feature in order to run our docker
healtcheck, which is modified in the depends-on patch to a new URI.

Depends-On: I2f33d2cf6a96005ef1d18468a8d2fcc71b17b6f8

Related-Bug: 1751857

Change-Id: I762789e65913b4f653bbf9019b5d3d05903912f1
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-04-11 15:52:47 -04:00