aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/profile/base/aodh/api.pp1
-rw-r--r--manifests/profile/base/barbican/api.pp1
-rw-r--r--manifests/profile/base/ceilometer/api.pp1
-rw-r--r--manifests/profile/base/cinder/api.pp1
-rw-r--r--manifests/profile/base/database/mongodb.pp11
-rw-r--r--manifests/profile/base/gnocchi/api.pp1
-rw-r--r--manifests/profile/base/keystone.pp5
-rw-r--r--manifests/profile/base/nova/api.pp1
-rw-r--r--manifests/profile/base/nova/placement.pp1
-rw-r--r--manifests/profile/base/panko/api.pp1
-rw-r--r--manifests/profile/base/swift/ringbuilder.pp36
-rw-r--r--manifests/profile/base/zaqar.pp1
-rw-r--r--releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml10
-rw-r--r--releasenotes/notes/restrict-mongodb-memory-c19d69638b63feb4.yaml6
-rw-r--r--spec/classes/tripleo_profile_base_swift_ringbuilder.rb65
15 files changed, 141 insertions, 1 deletions
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp
index 1c03059..a9c94f4 100644
--- a/manifests/profile/base/aodh/api.pp
+++ b/manifests/profile/base/aodh/api.pp
@@ -81,6 +81,7 @@ class tripleo::profile::base::aodh::api (
if $step >= 3 {
include ::aodh::api
+ include ::apache::mod::ssl
class { '::aodh::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp
index b464317..42ac8cd 100644
--- a/manifests/profile/base/barbican/api.pp
+++ b/manifests/profile/base/barbican/api.pp
@@ -99,6 +99,7 @@ class tripleo::profile::base::barbican::api (
include ::barbican::api::logging
include ::barbican::keystone::notification
include ::barbican::quota
+ include ::apache::mod::ssl
class { '::barbican::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp
index 71ea5e7..468f79a 100644
--- a/manifests/profile/base/ceilometer/api.pp
+++ b/manifests/profile/base/ceilometer/api.pp
@@ -78,6 +78,7 @@ class tripleo::profile::base::ceilometer::api (
if $step >= 3 {
include ::ceilometer::api
+ include ::apache::mod::ssl
class { '::ceilometer::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp
index 450a8e6..ef5bd06 100644
--- a/manifests/profile/base/cinder/api.pp
+++ b/manifests/profile/base/cinder/api.pp
@@ -89,6 +89,7 @@ class tripleo::profile::base::cinder::api (
if $step >= 4 or ($step >= 3 and $sync_db) {
include ::cinder::api
+ include ::apache::mod::ssl
class { '::cinder::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/database/mongodb.pp b/manifests/profile/base/database/mongodb.pp
index 8967f5b..4740d67 100644
--- a/manifests/profile/base/database/mongodb.pp
+++ b/manifests/profile/base/database/mongodb.pp
@@ -30,10 +30,15 @@
# for more details.
# Defaults to hiera('step')
#
+# [*memory_limit*]
+# (Optional) Limit amount of memory mongodb can use
+# Defaults to 20G
+#
class tripleo::profile::base::database::mongodb (
$mongodb_replset,
$bootstrap_node = downcase(hiera('bootstrap_nodeid')),
$step = hiera('step'),
+ $memory_limit = '20G',
) {
if $step >= 2 {
@@ -56,5 +61,11 @@ class tripleo::profile::base::database::mongodb (
}
}
+ # Limit memory utilization
+ ::systemd::service_limits { 'mongod.service':
+ limits => {
+ 'MemoryLimit' => $memory_limit
+ }
+ }
}
}
diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp
index e79f800..92431e4 100644
--- a/manifests/profile/base/gnocchi/api.pp
+++ b/manifests/profile/base/gnocchi/api.pp
@@ -98,6 +98,7 @@ class tripleo::profile::base::gnocchi::api (
if $step >= 4 {
include ::gnocchi::api
+ include ::apache::mod::ssl
class { '::gnocchi::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index bc8b4db..9aa3eb3 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -161,6 +161,7 @@ class tripleo::profile::base::keystone (
}
include ::keystone::config
+ include ::apache::mod::ssl
class { '::keystone::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
@@ -171,7 +172,9 @@ class tripleo::profile::base::keystone (
if $ldap_backend_enable {
validate_hash($ldap_backends_config)
- create_resources('::keystone::ldap_backend', $ldap_backends_config)
+ create_resources('::keystone::ldap_backend', $ldap_backends_config, {
+ create_domain_entry => $manage_domain,
+ })
}
}
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 287d14c..f09f083 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -116,6 +116,7 @@ class tripleo::profile::base::nova::api (
$tls_keyfile = undef
}
if $step >= 4 or ($step >= 3 and $sync_db) {
+ include ::apache::mod::ssl
class { '::nova::wsgi::apache_api':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index c429373..614a3e7 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -86,6 +86,7 @@ class tripleo::profile::base::nova::placement (
}
if $step >= 3 {
+ include ::apache::mod::ssl
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp
index a6643ce..be6df8d 100644
--- a/manifests/profile/base/panko/api.pp
+++ b/manifests/profile/base/panko/api.pp
@@ -92,6 +92,7 @@ class tripleo::profile::base::panko::api (
class { '::panko::api':
sync_db => $sync_db,
}
+ include ::apache::mod::ssl
class { '::panko::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/swift/ringbuilder.pp b/manifests/profile/base/swift/ringbuilder.pp
index 7e5fc74..f7cfea4 100644
--- a/manifests/profile/base/swift/ringbuilder.pp
+++ b/manifests/profile/base/swift/ringbuilder.pp
@@ -63,6 +63,12 @@
# Minimum amount of time before partitions can be moved.
# Defaults to undef
#
+# [*swift_ring_get_tempurl*]
+# GET tempurl to fetch Swift rings from
+#
+# [*swift_ring_put_tempurl*]
+# PUT tempurl to upload Swift rings to
+#
class tripleo::profile::base::swift::ringbuilder (
$replicas,
$build_ring = true,
@@ -74,7 +80,23 @@ class tripleo::profile::base::swift::ringbuilder (
$swift_storage_node_ips = hiera('swift_storage_node_ips', []),
$part_power = undef,
$min_part_hours = undef,
+ $swift_ring_get_tempurl = hiera('swift_ring_get_tempurl', ''),
+ $swift_ring_put_tempurl = hiera('swift_ring_put_tempurl', ''),
) {
+
+ if $step == 2 and $swift_ring_get_tempurl != '' {
+ exec{'fetch_swift_ring_tarball':
+ path => ['/usr/bin'],
+ command => "curl --insecure --silent '${swift_ring_get_tempurl}' -o /tmp/swift-rings.tar.gz",
+ returns => [0, 3]
+ } ~>
+ exec{'extract_swift_ring_tarball':
+ path => ['/bin'],
+ command => 'tar xzf /tmp/swift-rings.tar.gz -C /',
+ returns => [0, 2]
+ }
+ }
+
if $step >= 2 {
# pre-install swift here so we can build rings
include ::swift
@@ -112,4 +134,18 @@ class tripleo::profile::base::swift::ringbuilder (
Ring_object_device<| |> ~> Exec['rebalance_container']
}
}
+
+ if $step == 5 and $build_ring and $swift_ring_put_tempurl != '' {
+ exec{'create_swift_ring_tarball':
+ path => ['/bin', '/usr/bin'],
+ command => 'tar cvzf /tmp/swift-rings.tar.gz /etc/swift/*.builder /etc/swift/*.ring.gz /etc/swift/backups/',
+ unless => 'swift-recon --md5 | grep -q "doesn\'t match"'
+ } ~>
+ exec{'upload_swift_ring_tarball':
+ path => ['/usr/bin'],
+ command => "curl --insecure --silent -X PUT '${$swift_ring_put_tempurl}' --data-binary @/tmp/swift-rings.tar.gz",
+ require => Exec['create_swift_ring_tarball'],
+ refreshonly => true,
+ }
+ }
}
diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp
index 89a03ad..7fbcd34 100644
--- a/manifests/profile/base/zaqar.pp
+++ b/manifests/profile/base/zaqar.pp
@@ -50,6 +50,7 @@ class tripleo::profile::base::zaqar (
uri => $database_connection,
}
include ::zaqar::transport::websocket
+ include ::apache::mod::ssl
include ::zaqar::transport::wsgi
# TODO (bcrochet): At some point, the transports should be split out to
diff --git a/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml
new file mode 100644
index 0000000..92f2360
--- /dev/null
+++ b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml
@@ -0,0 +1,10 @@
+---
+fixes:
+ - |
+ With having package mod_ssl by default installed in images we introduced
+ issue with mod_ssl package update. In case of SSL not being used or
+ provided by HAproxy the puppet-apache module by default purges the
+ ssl.conf file. The package update then recreates the file with default
+ Listen 443 option. This causes conflict on 443 port during httpd restart.
+ If we include ::apache::mod::ssl the ssl.conf file will be configured and
+ the Listen option will be used only if there is vhost set to use SSL.
diff --git a/releasenotes/notes/restrict-mongodb-memory-c19d69638b63feb4.yaml b/releasenotes/notes/restrict-mongodb-memory-c19d69638b63feb4.yaml
new file mode 100644
index 0000000..1186bb9
--- /dev/null
+++ b/releasenotes/notes/restrict-mongodb-memory-c19d69638b63feb4.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - Add a way for mongodb to limit amount of memory it comsumes
+ with systemd. A new param memory_limit has been added to
+ tripleo::profile::base::database::mongodb class with
+ default limit of 20G.
diff --git a/spec/classes/tripleo_profile_base_swift_ringbuilder.rb b/spec/classes/tripleo_profile_base_swift_ringbuilder.rb
new file mode 100644
index 0000000..0139815
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_swift_ringbuilder.rb
@@ -0,0 +1,65 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::swift::ringbuilder' do
+ shared_examples_for 'tripleo::profile::base::swift::ringbuilder' do
+
+ let :pre_condition do
+ "class { '::swift':
+ swift_hash_path_prefix => 'foo',
+ }"
+ end
+
+ context 'with step 2 and swift_ring_get_tempurl set' do
+ let(:params) { {
+ :step => 2,
+ :replicas => 1,
+ :swift_ring_get_tempurl=> 'http://something'
+ } }
+
+ it 'should fetch and extract swift rings' do
+ is_expected.to contain_exec('fetch_swift_ring_tarball')
+ is_expected.to contain_exec('extract_swift_ring_tarball')
+ end
+ end
+
+ context 'with step 5 and swift_ring_put_tempurl set' do
+ let(:params) { {
+ :step => 5,
+ :replicas => 1,
+ :swift_ring_put_tempurl=> 'http://something'
+ } }
+
+ it 'should pack and upload swift rings' do
+ is_expected.to contain_exec('create_swift_ring_tarball')
+ is_expected.to contain_exec('upload_swift_ring_tarball')
+ end
+ end
+
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({})
+ end
+
+ it_behaves_like 'tripleo::profile::base::swift::ringbuilder'
+ end
+ end
+end