diff options
10 files changed, 95 insertions, 2 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 0f1bece..37a7aeb 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -1592,6 +1592,12 @@ class tripleo::haproxy ( server_names => $controller_hosts_names_real, mode => 'http', public_ssl_port => $ports[ui_ssl_port], + listen_options => { + # NOTE(dtrainor): in addition to the zaqar_ws endpoint, the HTTPS + # (443/tcp) endpoint that answers for the UI must also use a long-lived + # tunnel timeout for the same reasons mentioned above. + 'timeout' => ['tunnel 3600s'], + }, } } if $contrail_config { diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index bd28ab0..4db5e50 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -26,7 +26,7 @@ class tripleo::profile::base::horizon ( $step = hiera('step'), ) { - if $step >= 4 { + if $step >= 3 { # Horizon include ::apache::mod::remoteip include ::apache::mod::status diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 999bcf6..8d8c235 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -196,7 +196,10 @@ class tripleo::profile::base::keystone ( if hiera('barbican_api_enabled', false) { include ::barbican::keystone::auth } - if hiera('ceilometer_api_enabled', false) { + # ceilometer user is needed even when ceilometer api + # not running, so it can authenticate with keystone + # and dispatch data. + if hiera('ceilometer_auth_enabled', false) { include ::ceilometer::keystone::auth } if hiera('ceph_rgw_enabled', false) { diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp index 1eaabf0..71d08f0 100644 --- a/manifests/profile/base/rabbitmq.pp +++ b/manifests/profile/base/rabbitmq.pp @@ -118,6 +118,9 @@ class tripleo::profile::base::rabbitmq ( environment_variables => $rabbit_env, } } + } + + if $step >= 2 { # In case of HA, starting of rabbitmq-server is managed by pacemaker, because of which, a dependency # to Service['rabbitmq-server'] will not work. Sticking with UPDATE action. if $stack_action == 'UPDATE' { diff --git a/manifests/profile/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml b/manifests/profile/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml new file mode 100644 index 0000000..e1caf4c --- /dev/null +++ b/manifests/profile/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - The rabbitmq user check is moved to step >= 2 from step >= 1. There + is no gaurantee that rabbitmq is running at step 1, especially if + updating a failed stack that never made it past step 1 to begin + with. diff --git a/releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml b/releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml new file mode 100644 index 0000000..a1a04c1 --- /dev/null +++ b/releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Add a tunnel timeout to the HAProxy tripleo-ui configuration to ensure + Zaqar WebSocket tunnels persist longer than two minutes + https://bugs.launchpad.net/tripleo/+bug/1672826 diff --git a/releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml b/releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml new file mode 100644 index 0000000..07407f2 --- /dev/null +++ b/releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - We need ceilometer user in cases where ceilometer API is disabled. + This is to ensure other ceilometer services can still authenticate + with keystone. diff --git a/releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml b/releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml new file mode 100644 index 0000000..5c200dd --- /dev/null +++ b/releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes horizon getting temporarily deconfigured during a stack update due + to the apache configuration occuring in step 3 but the horizon + configuration not occuring until step 4. diff --git a/spec/classes/tripleo_profile_base_horizon_spec.rb b/spec/classes/tripleo_profile_base_horizon_spec.rb new file mode 100644 index 0000000..63d3b4f --- /dev/null +++ b/spec/classes/tripleo_profile_base_horizon_spec.rb @@ -0,0 +1,57 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::horizon' do + shared_examples_for 'tripleo::profile::base::horizon' do + let(:pre_condition) do + "class { '::tripleo::profile::base::aodh': step => #{params[:step]} }" + end + + context 'with step less than 3' do + let(:params) { { :step => 2 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::horizon') + is_expected.to_not contain_class('horizon') + end + end + + context 'with step 3' do + let(:params) { { + :step => 3, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('horizon') + is_expected.to contain_class('apache::mod::remoteip') + is_expected.to contain_class('apache::mod::status') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::horizon' + end + end +end diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 4d5dc99..592c308 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -33,3 +33,4 @@ memcached_node_ips_v6: - '::1' memcached_node_ips: - '127.0.0.1' +horizon::secret_key: 'secrete' |