diff options
| -rw-r--r-- | manifests/haproxy.pp | 4 | ||||
| -rw-r--r-- | manifests/profile/base/database/mysql.pp | 15 | ||||
| -rw-r--r-- | manifests/profile/base/nova/api.pp | 37 | ||||
| -rw-r--r-- | manifests/profile/base/nova/compute/libvirt.pp | 13 | ||||
| -rw-r--r-- | manifests/profile/pacemaker/database/mysql.pp | 1 | ||||
| -rw-r--r-- | releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml | 20 | ||||
| -rw-r--r-- | releasenotes/notes/vncserver_listen-4417377cac38464c.yaml | 7 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_nova_api_spec.rb | 8 |
8 files changed, 62 insertions, 43 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index e1c44ee..42de8ba 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -1044,7 +1044,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[nova_api_ssl_port], service_network => $nova_osapi_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), + #member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -1064,7 +1064,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[nova_placement_ssl_port], service_network => $nova_placement_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), + #member_options => union($haproxy_member_options, $internal_tls_member_options), } } diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 4ccfabc..d3c3f21 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -119,13 +119,14 @@ class tripleo::profile::base::database::mysql ( # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap $mysql_server_default = { 'mysqld' => { - 'bind-address' => $bind_address, - 'max_connections' => hiera('mysql_max_connections'), - 'open_files_limit' => '-1', - 'ssl' => $enable_internal_tls, - 'ssl-key' => $tls_keyfile, - 'ssl-cert' => $tls_certfile, - 'ssl-ca' => undef, + 'bind-address' => $bind_address, + 'max_connections' => hiera('mysql_max_connections'), + 'open_files_limit' => '-1', + 'innodb_file_per_table' => 'ON', + 'ssl' => $enable_internal_tls, + 'ssl-key' => $tls_keyfile, + 'ssl-cert' => $tls_certfile, + 'ssl-ca' => undef, } } $mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options) diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 83baae2..99911d2 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -70,21 +70,6 @@ class tripleo::profile::base::nova::api ( include ::tripleo::profile::base::nova - if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - - if !$nova_api_network { - fail('nova_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - if $step >= 3 and $sync_db { include ::nova::cell_v2::simple_setup } @@ -105,9 +90,25 @@ class tripleo::profile::base::nova::api ( sync_db => $sync_db, sync_db_api => $sync_db, } - class { '::nova::wsgi::apache_api': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, + if hiera('nova_wsgi_enabled', true) { + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$nova_api_network { + fail('nova_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + class { '::nova::wsgi::apache_api': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } include ::nova::network::neutron } diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp index 6767f6b..cc9beb6 100644 --- a/manifests/profile/base/nova/compute/libvirt.pp +++ b/manifests/profile/base/nova/compute/libvirt.pp @@ -40,24 +40,13 @@ class tripleo::profile::base::nova::compute::libvirt ( } } - # TODO(emilien): Some work needs to be done in puppet-nova to separate nova-compute config - # when running libvirt and libvirt itself, so we allow micro-services deployments. - if str2bool(hiera('nova::use_ipv6', false)) { - $vncserver_listen = '::0' - } else { - $vncserver_listen = '0.0.0.0' - } - if $rbd_ephemeral_storage { class { '::nova::compute::libvirt': libvirt_disk_cachemodes => ['network=writeback'], libvirt_hw_disk_discard => 'unmap', - vncserver_listen => $vncserver_listen, } } else { - class { '::nova::compute::libvirt' : - vncserver_listen => $vncserver_listen, - } + include ::nova::compute::libvirt } include ::nova::compute::libvirt::qemu diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index 6a83f10..ca9a1a8 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -75,6 +75,7 @@ class tripleo::profile::pacemaker::database::mysql ( 'default-storage-engine' => 'innodb', 'innodb_autoinc_lock_mode' => '2', 'innodb_locks_unsafe_for_binlog'=> '1', + 'innodb_file_per_table' => 'ON', 'query_cache_size' => '0', 'query_cache_type' => '0', 'bind-address' => $bind_address, diff --git a/releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml b/releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml new file mode 100644 index 0000000..e0b7c3c --- /dev/null +++ b/releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml @@ -0,0 +1,20 @@ +--- +features: + - Enable innodb_file_per_table for MySQL/MariaDB databases +upgrade: + - | + Newly created MySQL database tables will be stored in their own datafiles, + instead of in a single monolithic ibdata file. + - | + Existing MySQL database tables that are persisted within the monolithic + ibdata file will remain so unless the database is migrated as well. + - | + Migration of all current database tables out of the monolithic ibdata + file is possible by dumping and restoring the whole database to a new data + directory, however when using Galera the entire cluster must be shut + down and upgraded at once. + - | + Migration of individual tables to datafiles is possible using the + MySQL command "ALTER TABLE <databasename>.<tablename> ENGINE=InnoDB;", + however this will not shrink the ibdata file and also is not safe to run + on a running Galera cluster for large tables. diff --git a/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml b/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml new file mode 100644 index 0000000..0c0f8ea --- /dev/null +++ b/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml @@ -0,0 +1,7 @@ +--- +features: + - Configure VNC server to be binded on internal network interface on compute nodes. + This value comes from tripleo-heat-templates and is configured by default to use + an IP address from the internal API network. + We use the ServiceNetMap in tripleo-heat-templates to compute the IP address, and we won't + configure 0.0.0.0 anymore as it used to open the binding to any network, which is unsecure. diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb index f930342..def4f4e 100644 --- a/spec/classes/tripleo_profile_base_nova_api_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb @@ -39,7 +39,7 @@ eos is_expected.to contain_class('tripleo::profile::base::nova') is_expected.to_not contain_class('nova::keystone::authtoken') is_expected.to_not contain_class('nova::api') - is_expected.to_not contain_class('nova::wsgi::apache_api') + #is_expected.to_not contain_class('nova::wsgi::apache_api') is_expected.to_not contain_class('nova::network::neutron') } end @@ -56,7 +56,7 @@ eos is_expected.to contain_class('nova::cell_v2::simple_setup') is_expected.to contain_class('nova::keystone::authtoken') is_expected.to contain_class('nova::api') - is_expected.to contain_class('nova::wsgi::apache_api') + #is_expected.to contain_class('nova::wsgi::apache_api') is_expected.to contain_class('nova::network::neutron') } end @@ -73,7 +73,7 @@ eos is_expected.to_not contain_class('nova::db::sync_cell_v2') is_expected.to_not contain_class('nova::keystone::authtoken') is_expected.to_not contain_class('nova::api') - is_expected.to_not contain_class('nova::wsgi::apache_api') + #is_expected.to_not contain_class('nova::wsgi::apache_api') is_expected.to_not contain_class('nova::network::neutron') } end @@ -88,7 +88,7 @@ eos is_expected.to_not contain_class('nova::db::sync_cell_v2') is_expected.to contain_class('nova::keystone::authtoken') is_expected.to contain_class('nova::api') - is_expected.to contain_class('nova::wsgi::apache_api') + #is_expected.to contain_class('nova::wsgi::apache_api') is_expected.to contain_class('nova::network::neutron') } end |