This change removes the UpgradeRemoveUnusedPackages parameter from
the fast-forward-upgrade environment to avoid removing packages
during upgrade which leads to failures.
Change-Id: I3e9ca8ef653f8298bc68bfe9752ae773f0fc34c0
This change introduces a simple environment file to be used when
updating the inital overcloud stack to generate the required Ansible
outputs. This environment introduces the following:
- resource_registry entries to ensure compatability between the deployed
Newton stack and the new Queens stack. These services having been
previously deprecated in Ocata before removal in Pike.
- parameter_defaults for StackUpdateType and UpgradeRemoveUnusedPackages
bp fast-forward-upgrades
Change-Id: I3c690b8d08ca3a7d75481e176760a0efddebf82a
* Add $ to to eval hosts to get proper dereference
* Add quatas around eval
* Replace let with ((i++))
Change-Id: I5dbb6ef16598905b6d3bbb9efc448e0b45cbe099
Adds the ability to specify firewall chains via heat templates.
Additionally newer versions of docker have switched to updating
the FORWARD chain to DROP by default. Neutron needs this to be
ACCEPT by default. This change adds the ability to specify
firewall chains via templates.
Depends-On: Ib75f97748540b9162d76c9c189d3ca7e082b3784
Change-Id: I15ec9216013a1b0b935dcd1f5bc8281348777189
Related-Bug: #1750194
Due to an incompatible change in yaql, it's hard to use the aggregration
of groupBy as the behavior is completely different depending on the
version. Let's try to not rely on it.
Change-Id: I2887011f6baf4867d422579b116b5e143acf5679
Related-Bug: #1750032
The current structure is unnecessarily complex forcing the use of
json_query filter with a parameter. The quoting inside that line
become hard to read and is currently failing.
We change the structure to a simple hash, as this is currently all
what is needed.
Change-Id: I17f2d1b4e549e275d7d6a675cd522c6b567815ac
Closes-Bug: #1749911
Now SNMP is secured, we can re-enable it in CI.
This reverts commit cb90c8ce484d8e0328a0f2a8250e1c0fa81dd6cb.
Change-Id: I4ec805015ab8975d8922279ea64546799f5ce92a
Add a parameter, SnmpdIpSubnet, which can be an IP/MASK that will be
used to secure with IPtables the source network authorized to reach
SNMP service on the host.
If SnmpdIpSubnet is left empty (default) the parameter will be set to
SnmpdNetwork.
Also change the IPtables id, 127 was used by Horizon, so let's switch
SNMP to 124. No impact on users.
Change-Id: I46fce28926cb5a881f7384948480266712ae75e3
Closes-Bug: #1749324
horizon::vhost_extra_params is already configured in
puppet/services/horizon.yaml, and users can change the value with
HorizonVhostExtraParams parameter.
Docker deployments didn't have HorizonVhostExtraParams taken in account
since we were overriding with Hiera. This patch fix it.
Closes-Bug: #1749627
Change-Id: I77f1312112c7f613d795242060709082ef72f150
... so we can configure IPtables on containerized undercloud.
Depends-On: https://review.openstack.org/545367
Change-Id: I9f8c3d18938926257456388fd15e8eeb2e2868fd
... or the deployment fails since we try to deploy twice the
OS::TripleO::Services::NeutronApi service.
Change-Id: I92d5d037074494c40fb2b1968985a95ffd2fae12
... needed when the undercloud is containerized, since the overcloud
need access to the undercloud registry.
Change-Id: Idf55b14b79b9e3073a5f8caaa4a3c4634c3d3d7d
When containerizing mistral-executor, we need to mount /var/lib/mistral so
our operators can get the config-download logs when the undercloud is
containerized and config-download is used to deploy the overcloud.
To help our operators, we also create /var/lib/mistral/readme.txt so
they know where to find the config-download data.
Change-Id: I8d31d5fec2721c6e4f82b1ad2169a7635cb57600
Closes-Bug: #1749823
YAQL introduced a backward incompatible change in one of its minor
versions:
3fb9178401 (diff-f36776b660e5fe4f88e3295e5b751396R215)
It changes the expected behavior of groupBy() aggregator, so we need to
update our queries otherwise it fails with a "list index out of range"
error.
Change-Id: I2ca2ebb2c8d22aeedbcb6920072db5b6dba3311b
Closes-Bug: #1750032
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
A recent change [1] removed dysfunctional environment templates
for manila with the "generic" back end. Add a release note for
same.
[1] I2e1db2bd614eae65e59712f50dc3391f16f6b388
Change-Id: Iaca0250361055d5175fc93814334cd393e959395
In change Icf4a64ed76635e39bbb34c3a088c55e1f14fddca we did a refactoring
of the puppet apply commmands into a single script. A typo slipped in
where we set FACTOR_uuid instead of FACTER_uuid
Change-Id: If67d1bbf50d4fdaffa14e197dffc90f5b1577712
Closes-Bug: #1750000
Ceph Luminous does not create a pool if the pg_number,
pool size, and mon_max_pg_per_osd are outside of Ceph
recomended practice for production clusters. TripleO
development environments which use low-memory-usage.yaml
may not meet this criteria and fail a deployment with
Luminous unless the defaults for these values are overriden
as in this change.
Change-Id: I12ee495b780f29fc098c5c3bd57c46fd946146ae
Closes-Bug: #1749544
See context here: Ia5cc7b34ebee8cf2f49300ce23050370d5f1038a
This user will be useful for containerized undercloud, to maintain
parity with what was done in instack-undercloud.
Depends-On: Ia5cc7b34ebee8cf2f49300ce23050370d5f1038a
Depends-On: Ifd1bec1262dfbd213810bb2b4d561f47bf010e69
Change-Id: I48ab4a0ba0240e931391602943b471b5b6ec8e80
The UseDNS causes the sshd server to perform a reverse DNS lookup when
a client connects which introduces reasonable delay when everything is
fine, but can be counted in seconds when DNS is not setup correctly.
This is particularly annoying when using ansible to configure the node
as it is failing with timeouts waiting for privilege escalation prompt.
This commit disables the UseDNS option since we do not use hostname
based authentication in TripleO.
Change-Id: Ib000f3488326a802d97d0bcdb3299d54248f0935
