aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--manifests/haproxy.pp6
-rw-r--r--manifests/profile/base/horizon.pp2
-rw-r--r--manifests/profile/base/keystone.pp5
-rw-r--r--manifests/profile/base/rabbitmq.pp3
-rw-r--r--manifests/profile/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml6
-rw-r--r--releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml6
-rw-r--r--releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml5
-rw-r--r--releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml6
-rw-r--r--spec/classes/tripleo_profile_base_horizon_spec.rb57
-rw-r--r--spec/fixtures/hieradata/default.yaml1
10 files changed, 95 insertions, 2 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 0f1bece..37a7aeb 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -1592,6 +1592,12 @@ class tripleo::haproxy (
server_names => $controller_hosts_names_real,
mode => 'http',
public_ssl_port => $ports[ui_ssl_port],
+ listen_options => {
+ # NOTE(dtrainor): in addition to the zaqar_ws endpoint, the HTTPS
+ # (443/tcp) endpoint that answers for the UI must also use a long-lived
+ # tunnel timeout for the same reasons mentioned above.
+ 'timeout' => ['tunnel 3600s'],
+ },
}
}
if $contrail_config {
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index bd28ab0..4db5e50 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -26,7 +26,7 @@
class tripleo::profile::base::horizon (
$step = hiera('step'),
) {
- if $step >= 4 {
+ if $step >= 3 {
# Horizon
include ::apache::mod::remoteip
include ::apache::mod::status
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 999bcf6..8d8c235 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -196,7 +196,10 @@ class tripleo::profile::base::keystone (
if hiera('barbican_api_enabled', false) {
include ::barbican::keystone::auth
}
- if hiera('ceilometer_api_enabled', false) {
+ # ceilometer user is needed even when ceilometer api
+ # not running, so it can authenticate with keystone
+ # and dispatch data.
+ if hiera('ceilometer_auth_enabled', false) {
include ::ceilometer::keystone::auth
}
if hiera('ceph_rgw_enabled', false) {
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index 1eaabf0..71d08f0 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -118,6 +118,9 @@ class tripleo::profile::base::rabbitmq (
environment_variables => $rabbit_env,
}
}
+ }
+
+ if $step >= 2 {
# In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency
# to Service['rabbitmq-server'] will not work. Sticking with UPDATE action.
if $stack_action == 'UPDATE' {
diff --git a/manifests/profile/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml b/manifests/profile/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml
new file mode 100644
index 0000000..e1caf4c
--- /dev/null
+++ b/manifests/profile/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - The rabbitmq user check is moved to step >= 2 from step >= 1. There
+ is no gaurantee that rabbitmq is running at step 1, especially if
+ updating a failed stack that never made it past step 1 to begin
+ with.
diff --git a/releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml b/releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml
new file mode 100644
index 0000000..a1a04c1
--- /dev/null
+++ b/releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - |
+ Add a tunnel timeout to the HAProxy tripleo-ui configuration to ensure
+ Zaqar WebSocket tunnels persist longer than two minutes
+ https://bugs.launchpad.net/tripleo/+bug/1672826
diff --git a/releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml b/releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml
new file mode 100644
index 0000000..07407f2
--- /dev/null
+++ b/releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+ - We need ceilometer user in cases where ceilometer API is disabled.
+ This is to ensure other ceilometer services can still authenticate
+ with keystone.
diff --git a/releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml b/releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml
new file mode 100644
index 0000000..5c200dd
--- /dev/null
+++ b/releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - |
+ Fixes horizon getting temporarily deconfigured during a stack update due
+ to the apache configuration occuring in step 3 but the horizon
+ configuration not occuring until step 4.
diff --git a/spec/classes/tripleo_profile_base_horizon_spec.rb b/spec/classes/tripleo_profile_base_horizon_spec.rb
new file mode 100644
index 0000000..63d3b4f
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_horizon_spec.rb
@@ -0,0 +1,57 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::horizon' do
+ shared_examples_for 'tripleo::profile::base::horizon' do
+ let(:pre_condition) do
+ "class { '::tripleo::profile::base::aodh': step => #{params[:step]} }"
+ end
+
+ context 'with step less than 3' do
+ let(:params) { { :step => 2 } }
+
+ it 'should do nothing' do
+ is_expected.to contain_class('tripleo::profile::base::horizon')
+ is_expected.to_not contain_class('horizon')
+ end
+ end
+
+ context 'with step 3' do
+ let(:params) { {
+ :step => 3,
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('horizon')
+ is_expected.to contain_class('apache::mod::remoteip')
+ is_expected.to contain_class('apache::mod::status')
+ end
+ end
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::horizon'
+ end
+ end
+end
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index 4d5dc99..592c308 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -33,3 +33,4 @@ memcached_node_ips_v6:
- '::1'
memcached_node_ips:
- '127.0.0.1'
+horizon::secret_key: 'secrete'