aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/certmonger/mysql.pp9
-rw-r--r--manifests/glance/nfs_mount.pp2
-rw-r--r--manifests/haproxy.pp44
-rw-r--r--manifests/profile/base/aodh/api.pp12
-rw-r--r--manifests/profile/base/ceilometer/api.pp13
-rw-r--r--manifests/profile/base/database/mysql.pp7
-rw-r--r--manifests/profile/base/heat/api.pp13
-rw-r--r--manifests/profile/base/heat/api_cfn.pp13
-rw-r--r--manifests/profile/base/heat/api_cloudwatch.pp13
-rw-r--r--manifests/profile/base/horizon.pp13
-rw-r--r--manifests/profile/base/ironic/api.pp58
-rw-r--r--manifests/profile/base/kernel.pp28
-rw-r--r--manifests/profile/base/metrics/collectd.pp9
-rw-r--r--manifests/profile/base/mistral/api.pp6
-rw-r--r--manifests/profile/base/neutron/opendaylight/configure_cluster.pp45
-rw-r--r--manifests/profile/base/neutron/opendaylight/create_cluster.pp43
-rw-r--r--manifests/profile/base/neutron/plugins/ml2.pp4
-rw-r--r--manifests/profile/base/neutron/plugins/ml2/nuage.pp (renamed from manifests/profile/base/ui.pp)23
-rw-r--r--manifests/profile/base/neutron/server.pp12
-rw-r--r--manifests/profile/base/nova/placement.pp6
-rw-r--r--manifests/profile/base/swift/proxy.pp16
-rw-r--r--manifests/profile/base/zaqar.pp15
-rw-r--r--manifests/profile/pacemaker/database/mysql.pp49
-rw-r--r--manifests/ui.pp3
-rw-r--r--releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml5
-rw-r--r--releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml9
-rw-r--r--releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml5
-rw-r--r--releasenotes/source/conf.py7
-rw-r--r--spec/classes/tripleo_haproxy_spec.rb115
-rw-r--r--spec/classes/tripleo_profile_base_aodh_api_spec.rb25
-rw-r--r--spec/classes/tripleo_profile_base_ceilometer_api_spec.rb27
-rw-r--r--spec/classes/tripleo_profile_base_horizon_spec.rb28
-rw-r--r--spec/classes/tripleo_profile_base_kernel_spec.rb59
-rw-r--r--spec/classes/tripleo_profile_base_nova_placement_spec.rb20
-rw-r--r--spec/fixtures/hieradata/default.yaml3
-rw-r--r--test-requirements.txt2
36 files changed, 687 insertions, 74 deletions
diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp
index dd9b184..0988c55 100644
--- a/manifests/certmonger/mysql.pp
+++ b/manifests/certmonger/mysql.pp
@@ -31,6 +31,12 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*dnsnames*]
+# (Optional) The DNS names that will be added for the SubjectAltNames entry
+# in the certificate. If left unset, the value will be set to the $hostname.
+# This parameter can take both a string or an array of strings.
+# Defaults to $hostname
+#
# [*principal*]
# (Optional) The haproxy service principal that is set for MySQL in kerberos.
# Defaults to undef
@@ -40,6 +46,7 @@ class tripleo::certmonger::mysql (
$service_certificate,
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $dnsnames = $hostname,
$principal = undef,
) {
include ::certmonger
@@ -51,7 +58,7 @@ class tripleo::certmonger::mysql (
certfile => $service_certificate,
keyfile => $service_key,
hostname => $hostname,
- dnsname => $hostname,
+ dnsname => $dnsnames,
principal => $principal,
postsave_cmd => $postsave_cmd,
ca => $certmonger_ca,
diff --git a/manifests/glance/nfs_mount.pp b/manifests/glance/nfs_mount.pp
index 035191d..674bdd0 100644
--- a/manifests/glance/nfs_mount.pp
+++ b/manifests/glance/nfs_mount.pp
@@ -43,7 +43,7 @@ class tripleo::glance::nfs_mount (
$options = 'intr,context=system_u:object_r:glance_var_lib_t:s0',
$edit_fstab = true,
$fstab_fstype = 'nfs4',
- $fstab_prepend_options = 'bg'
+ $fstab_prepend_options = '_netdev,bg'
) {
$images_dir = '/var/lib/glance/images'
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 6b305cb..2f29674 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -155,6 +155,10 @@
# When set, enables SSL on the haproxy stats endpoint using the specified file.
# Defaults to undef
#
+# [*haproxy_stats*]
+# (optional) Enable or not the haproxy stats interface
+# Defaults to true
+#
# [*keystone_admin*]
# (optional) Enable or not Keystone Admin API binding
# Defaults to hiera('keystone_enabled', false)
@@ -279,6 +283,10 @@
# (optional) Enable check via clustercheck for mysql
# Defaults to false
#
+# [*mysql_max_conn*]
+# (optional) Set the maxconn parameter for mysql
+# Defaults to undef
+#
# [*mysql_member_options*]
# The options to use for the mysql HAProxy balancer members.
# If this parameter is undefined, the actual value configured will depend
@@ -522,7 +530,7 @@
# 'nova_novnc_port' (Defaults to 6080)
# 'nova_novnc_ssl_port' (Defaults to 13080)
# 'opendaylight_api_port' (Defaults to 8081)
-# 'panko_api_port' (Defaults to 8779)
+# 'panko_api_port' (Defaults to 8977)
# 'panko_api_ssl_port' (Defaults to 13779)
# 'ovn_nbdb_port' (Defaults to 6641)
# 'ovn_sbdb_port' (Defaults to 6642)
@@ -571,6 +579,7 @@ class tripleo::haproxy (
$ca_bundle = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt',
$crl_file = undef,
$haproxy_stats_certificate = undef,
+ $haproxy_stats = true,
$keystone_admin = hiera('keystone_enabled', false),
$keystone_public = hiera('keystone_enabled', false),
$neutron = hiera('neutron_api_enabled', false),
@@ -602,6 +611,7 @@ class tripleo::haproxy (
$ironic_inspector = hiera('ironic_inspector_enabled', false),
$mysql = hiera('mysql_enabled', false),
$mysql_clustercheck = false,
+ $mysql_max_conn = undef,
$mysql_member_options = undef,
$rabbitmq = false,
$etcd = hiera('etcd_enabled', false),
@@ -706,7 +716,7 @@ class tripleo::haproxy (
nova_novnc_port => 6080,
nova_novnc_ssl_port => 13080,
opendaylight_api_port => 8081,
- panko_api_port => 8779,
+ panko_api_port => 8977,
panko_api_ssl_port => 13779,
ovn_nbdb_port => 6641,
ovn_sbdb_port => 6642,
@@ -871,19 +881,21 @@ class tripleo::haproxy (
listen_options => $default_listen_options,
}
- $stats_base = ['enable', 'uri /']
- if $haproxy_stats_password {
- $stats_config = union($stats_base, ["auth ${haproxy_stats_user}:${haproxy_stats_password}"])
- } else {
- $stats_config = $stats_base
- }
- haproxy::listen { 'haproxy.stats':
- bind => $haproxy_stats_bind_opts,
- mode => 'http',
- options => {
- 'stats' => $stats_config,
- },
- collect_exported => false,
+ if $haproxy_stats {
+ $stats_base = ['enable', 'uri /']
+ if $haproxy_stats_password {
+ $stats_config = union($stats_base, ["auth ${haproxy_stats_user}:${haproxy_stats_password}"])
+ } else {
+ $stats_config = $stats_base
+ }
+ haproxy::listen { 'haproxy.stats':
+ bind => $haproxy_stats_bind_opts,
+ mode => 'http',
+ options => {
+ 'stats' => $stats_config,
+ },
+ collect_exported => false,
+ }
}
if $keystone_admin {
@@ -1314,6 +1326,7 @@ class tripleo::haproxy (
'timeout server' => '90m',
'stick-table' => 'type ip size 1000',
'stick' => 'on dst',
+ 'maxconn' => $mysql_max_conn
}
if $mysql_member_options {
$mysql_member_options_real = $mysql_member_options
@@ -1324,6 +1337,7 @@ class tripleo::haproxy (
$mysql_listen_options = {
'timeout client' => '90m',
'timeout server' => '90m',
+ 'maxconn' => $mysql_max_conn
}
if $mysql_member_options {
$mysql_member_options_real = $mysql_member_options
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp
index 300c0ca..d6ec32b 100644
--- a/manifests/profile/base/aodh/api.pp
+++ b/manifests/profile/base/aodh/api.pp
@@ -23,6 +23,10 @@
# This is set by t-h-t.
# Defaults to hiera('aodh_api_network', undef)
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -47,10 +51,16 @@
class tripleo::profile::base::aodh::api (
$aodh_network = hiera('aodh_api_network', undef),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
include ::tripleo::profile::base::aodh
@@ -66,7 +76,7 @@ class tripleo::profile::base::aodh::api (
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::aodh::api
include ::apache::mod::ssl
class { '::aodh::wsgi::apache':
diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp
index 6a30a40..11c1da3 100644
--- a/manifests/profile/base/ceilometer/api.pp
+++ b/manifests/profile/base/ceilometer/api.pp
@@ -23,6 +23,10 @@
# This is set by t-h-t.
# Defaults to hiera('ceilometer_api_network', undef)
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::ceilometer::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$ceilometer_network = hiera('ceilometer_api_network', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::ceilometer
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::ceilometer::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::ceilometer::api
include ::apache::mod::ssl
class { '::ceilometer::wsgi::apache':
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 8eb6079..fbb8b11 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -95,6 +95,9 @@ class tripleo::profile::base::database::mysql (
if $enable_internal_tls {
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
+
+ # Force users/grants created to use TLS connections
+ Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
} else {
$tls_certfile = undef
$tls_keyfile = undef
@@ -217,6 +220,10 @@ class tripleo::profile::base::database::mysql (
if hiera('ec2_api_enabled', false) {
include ::ec2api::db::mysql
}
+ if hiera('zaqar_enabled', false) and hiera('zaqar::db::mysql::user', '') == 'zaqar' {
+ # NOTE: by default zaqar uses mongodb
+ include ::zaqar::db::mysql
+ }
}
}
diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp
index ff90590..2221b37 100644
--- a/manifests/profile/base/heat/api.pp
+++ b/manifests/profile/base/heat/api.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_network = hiera('heat_api_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api
include ::apache::mod::ssl
class { '::heat::wsgi::apache_api':
diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp
index e14760a..1014b04 100644
--- a/manifests/profile/base/heat/api_cfn.pp
+++ b/manifests/profile/base/heat/api_cfn.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cfn (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_cfn_network = hiera('heat_api_cfn_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cfn (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cfn
include ::apache::mod::ssl
diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp
index 83d5307..4caac9d 100644
--- a/manifests/profile/base/heat/api_cloudwatch.pp
+++ b/manifests/profile/base/heat/api_cloudwatch.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*certificates_specs*]
# (Optional) The specifications to give to certmonger for the certificate(s)
# it will create.
@@ -45,11 +49,18 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::heat::api_cloudwatch (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$certificates_specs = hiera('apache_certificates_specs', {}),
$enable_internal_tls = hiera('enable_internal_tls', false),
$heat_api_cloudwatch_network = hiera('heat_api_cloudwatch_network', undef),
$step = Integer(hiera('step')),
) {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
include ::tripleo::profile::base::heat
if $enable_internal_tls {
@@ -63,7 +74,7 @@ class tripleo::profile::base::heat::api_cloudwatch (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cloudwatch
include ::apache::mod::ssl
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index 12482b6..26ea20f 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -23,15 +23,26 @@
# for more details.
# Defaults to hiera('step')
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*neutron_options*]
# (Optional) A hash of parameters to enable features specific to Neutron
# Defaults to hiera('horizon::neutron_options', {})
#
class tripleo::profile::base::horizon (
$step = Integer(hiera('step')),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$neutron_options = hiera('horizon::neutron_options', {}),
) {
- if $step >= 3 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
# Horizon
include ::apache::mod::remoteip
include ::apache::mod::status
diff --git a/manifests/profile/base/ironic/api.pp b/manifests/profile/base/ironic/api.pp
index 94b7efe..bbc91f5 100644
--- a/manifests/profile/base/ironic/api.pp
+++ b/manifests/profile/base/ironic/api.pp
@@ -18,16 +18,68 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*certificates_specs*]
+# (Optional) The specifications to give to certmonger for the certificate(s)
+# it will create.
+# Example with hiera:
+# apache_certificates_specs:
+# httpd-internal_api:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "haproxy/<overcloud controller fqdn>"
+# Defaults to hiera('apache_certificate_specs', {}).
+#
+# [*ironic_api_network*]
+# (Optional) The network name where the ironic API endpoint is listening on.
+# This is set by t-h-t.
+# Defaults to hiera('ironic_api_network', undef)
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
# [*step*]
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
class tripleo::profile::base::ironic::api (
- $step = Integer(hiera('step')),
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $certificates_specs = hiera('apache_certificates_specs', {}),
+ $ironic_api_network = hiera('ironic_api_network', undef),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $step = Integer(hiera('step')),
) {
include ::tripleo::profile::base::ironic
- if $step >= 4 {
- include ::ironic::api
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
}
+
+ if $enable_internal_tls {
+ if !$ironic_api_network {
+ fail('ironic_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${ironic_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${ironic_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
+ include ::ironic::api
+ include ::apache::mod::ssl
+ class { '::ironic::wsgi::apache':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
+ }
+
}
diff --git a/manifests/profile/base/kernel.pp b/manifests/profile/base/kernel.pp
index df13a98..48caf37 100644
--- a/manifests/profile/base/kernel.pp
+++ b/manifests/profile/base/kernel.pp
@@ -17,14 +17,32 @@
#
# Load and configure Kernel modules.
#
-class tripleo::profile::base::kernel {
+# === Parameters
+#
+# [*module_list*]
+# (Optional) List of kernel modules to load.
+# Defaults to hiera('kernel_modules')
+#
+# [*sysctl_settings*]
+# (Optional) List of sysctl settings to load.
+# Defaults to hiera('sysctl_settings')
+#
+class tripleo::profile::base::kernel (
+ $module_list = hiera('kernel_modules', undef),
+ $sysctl_settings = hiera('sysctl_settings', undef),
+) {
- if hiera('kernel_modules', undef) {
- create_resources(kmod::load, hiera('kernel_modules'), { })
+ if $module_list {
+ create_resources(kmod::load, $module_list, { })
}
- if hiera('sysctl_settings', undef) {
- create_resources(sysctl::value, hiera('sysctl_settings'), { })
+ if $sysctl_settings {
+ create_resources(sysctl::value, $sysctl_settings, { })
}
Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
+ # RHEL 7.4+ workaround where this functionality is built into the
+ # kernel instead of being built as a module.
+ # That way, we can support both 7.3 and 7.4 RHEL versions.
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1387537
+ Exec <| title == 'modprobe nf_conntrack_proto_sctp' |> { returns => [0,1] }
}
diff --git a/manifests/profile/base/metrics/collectd.pp b/manifests/profile/base/metrics/collectd.pp
index 098f795..088e6e2 100644
--- a/manifests/profile/base/metrics/collectd.pp
+++ b/manifests/profile/base/metrics/collectd.pp
@@ -23,6 +23,11 @@
# for more details.
# Defaults to hiera('step')
#
+# [*enable_file_logging*]
+# (Optional) Boolean. Whether to enable logfile plugin.
+# which we should send metrics.
+# Defaults to false
+#
# [*collectd_server*]
# (Optional) String. The name or address of a collectd server to
# which we should send metrics.
@@ -49,6 +54,7 @@
class tripleo::profile::base::metrics::collectd (
$step = Integer(hiera('step')),
+ $enable_file_logging = false,
$collectd_server = undef,
$collectd_port = undef,
$collectd_username = undef,
@@ -58,6 +64,9 @@ class tripleo::profile::base::metrics::collectd (
) {
if $step >= 3 {
include ::collectd
+ if $enable_file_logging {
+ include ::collectd::plugin::logfile
+ }
if ! ($collectd_securitylevel in [undef, 'None', 'Sign', 'Encrypt']) {
fail('collectd_securitylevel must be one of (None, Sign, Encrypt).')
diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp
index 2ea5c9a..b5ca85e 100644
--- a/manifests/profile/base/mistral/api.pp
+++ b/manifests/profile/base/mistral/api.pp
@@ -56,9 +56,9 @@ class tripleo::profile::base::mistral::api (
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
+ $is_bootstrap = true
} else {
- $sync_db = false
+ $is_bootstrap = false
}
include ::tripleo::profile::base::mistral
@@ -74,7 +74,7 @@ class tripleo::profile::base::mistral::api (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::mistral::api
include ::apache::mod::ssl
class { '::mistral::wsgi::apache':
diff --git a/manifests/profile/base/neutron/opendaylight/configure_cluster.pp b/manifests/profile/base/neutron/opendaylight/configure_cluster.pp
new file mode 100644
index 0000000..022e8ae
--- /dev/null
+++ b/manifests/profile/base/neutron/opendaylight/configure_cluster.pp
@@ -0,0 +1,45 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Configures an OpenDaylight cluster.
+# It creates the akka configuration file for ODL to cluster correctly
+# It will not configure clustering if less than 3 nodes
+#
+# == Function: tripleo::profile::base::neutron::opendaylight::configure_cluster
+#
+# == Parameters
+#
+# [*node_name*]
+# The short hostname of node
+#
+# [*odl_api_ips*] Array of IPs per ODL node
+# Defaults to empty array
+#
+define tripleo::profile::base::neutron::opendaylight::configure_cluster(
+ $node_name,
+ $odl_api_ips = [],
+) {
+ validate_array($odl_api_ips)
+ if size($odl_api_ips) > 2 {
+ $node_string = split($node_name, '-')
+ $ha_node_index = $node_string[-1] + 1
+ $ha_node_ip_str = join($odl_api_ips, ' ')
+ exec { 'Configure ODL Clustering':
+ command => "configure_cluster.sh ${ha_node_index} ${ha_node_ip_str}",
+ path => '/opt/opendaylight/bin/:/usr/sbin:/usr/bin:/sbin:/bin',
+ creates => '/opt/opendaylight/configuration/initial/akka.conf'
+ }
+ }
+}
+
diff --git a/manifests/profile/base/neutron/opendaylight/create_cluster.pp b/manifests/profile/base/neutron/opendaylight/create_cluster.pp
new file mode 100644
index 0000000..c3e4f7f
--- /dev/null
+++ b/manifests/profile/base/neutron/opendaylight/create_cluster.pp
@@ -0,0 +1,43 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Configures an OpenDaylight cluster.
+# It creates the akka configuration file for ODL to cluster correctly
+# It will not configure clustering if less than 3 nodes
+#
+# == Class: tripleo::profile::base::neutron::opendaylight::create_cluster
+#
+# OpenDaylight class only used for creating clusters with container deployments
+#
+# === Parameters
+#
+# [*odl_api_ips*]
+# (Optional) List of OpenStack Controller IPs for ODL API
+# Defaults to hiera('opendaylight_api_node_ips')
+#
+# [*node_name*]
+# (Optional) The short hostname of node
+# Defaults to hiera('bootstack_nodeid')
+#
+class tripleo::profile::base::neutron::opendaylight::create_cluster (
+ $odl_api_ips = hiera('opendaylight_api_node_ips'),
+ $node_name = hiera('bootstack_nodeid')
+) {
+
+ tripleo::profile::base::neutron::opendaylight::configure_cluster {'ODL cluster':
+ node_name => $node_name,
+ odl_api_ips => $odl_api_ips,
+ }
+
+}
diff --git a/manifests/profile/base/neutron/plugins/ml2.pp b/manifests/profile/base/neutron/plugins/ml2.pp
index f7a2935..1f440fa 100644
--- a/manifests/profile/base/neutron/plugins/ml2.pp
+++ b/manifests/profile/base/neutron/plugins/ml2.pp
@@ -85,5 +85,9 @@ class tripleo::profile::base::neutron::plugins::ml2 (
if 'vpp' in $mechanism_drivers {
include ::tripleo::profile::base::neutron::plugins::ml2::vpp
}
+
+ if 'nuage' in $mechanism_drivers {
+ include ::tripleo::profile::base::neutron::plugins::ml2::nuage
+ }
}
}
diff --git a/manifests/profile/base/ui.pp b/manifests/profile/base/neutron/plugins/ml2/nuage.pp
index 681496a..e9608d0 100644
--- a/manifests/profile/base/ui.pp
+++ b/manifests/profile/base/neutron/plugins/ml2/nuage.pp
@@ -1,4 +1,4 @@
-# Copyright 2016 Red Hat, Inc.
+# Copyright 2017 Nuage Networks from Nokia Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
@@ -12,15 +12,20 @@
# License for the specific language governing permissions and limitations
# under the License.
#
-# == Class: tripleo::profile::base::ui
+# == Class: tripleo::profile::base::neutron::plugins::ml2::nuage
#
-# UI profile for tripleo
+# Nuage Neutron ML2 profile for tripleo
#
-class tripleo::profile::base::ui () {
- package {'openstack-tripleo-ui': }
-
- include ::apache
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::neutron::plugins::ml2::nuage (
+ $step = hiera('step'),
+) {
- include ::tripleo::ui
+ if $step >= 4 {
+ include ::neutron::plugins::ml2::nuage
+ }
}
-
diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp
index 0dee53e..60ef443 100644
--- a/manifests/profile/base/neutron/server.pp
+++ b/manifests/profile/base/neutron/server.pp
@@ -113,10 +113,7 @@ class tripleo::profile::base::neutron::server (
$l3_ha = false
}
- # We start neutron-server on the bootstrap node first, because
- # it will try to populate tables and we need to make sure this happens
- # before it starts on other nodes
- if $step >= 4 and $sync_db or $step >= 5 and !$sync_db {
+ if $step >= 4 or ($step >= 3 and $sync_db) {
if $enable_internal_tls {
if !$neutron_network {
fail('neutron_api_network is not set in the hieradata.')
@@ -130,9 +127,14 @@ class tripleo::profile::base::neutron::server (
port => $tls_proxy_port,
tls_cert => $tls_certfile,
tls_key => $tls_keyfile,
- notify => Class['::neutron::server'],
}
+ Tripleo::Tls_proxy['neutron-api'] ~> Anchor<| title == 'neutron::service::begin' |>
}
+ }
+ # We start neutron-server on the bootstrap node first, because
+ # it will try to populate tables and we need to make sure this happens
+ # before it starts on other nodes
+ if $step >= 4 and $sync_db or $step >= 5 and !$sync_db {
include ::neutron::server::notifications
# We need to override the hiera value neutron::server::sync_db which is set
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index ac78287..48af39a 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -54,9 +54,9 @@ class tripleo::profile::base::nova::placement (
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
- $sync_db = true
+ $is_bootstrap = true
} else {
- $sync_db = false
+ $is_bootstrap = false
}
include ::tripleo::profile::base::nova
@@ -73,7 +73,7 @@ class tripleo::profile::base::nova::placement (
$tls_keyfile = undef
}
- if $step >= 3 {
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::apache::mod::ssl
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp
index b047c36..afb5fa6 100644
--- a/manifests/profile/base/swift/proxy.pp
+++ b/manifests/profile/base/swift/proxy.pp
@@ -18,6 +18,10 @@
#
# === Parameters
#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
# [*ceilometer_enabled*]
# Whether the ceilometer pipeline is enabled.
# Defaults to true
@@ -96,6 +100,7 @@
# defaults to 8080
#
class tripleo::profile::base::swift::proxy (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$ceilometer_enabled = true,
$ceilometer_messaging_driver = hiera('messaging_notify_service_name', 'rabbit'),
$ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)),
@@ -113,7 +118,12 @@ class tripleo::profile::base::swift::proxy (
$tls_proxy_fqdn = undef,
$tls_proxy_port = 8080,
) {
- if $step >= 4 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+ if $step >= 4 or ($step >= 3 and $is_bootstrap) {
if $enable_internal_tls {
if !$swift_proxy_network {
fail('swift_proxy_network is not set in the hieradata.')
@@ -127,9 +137,11 @@ class tripleo::profile::base::swift::proxy (
port => $tls_proxy_port,
tls_cert => $tls_certfile,
tls_key => $tls_keyfile,
- notify => Class['::swift::proxy'],
}
+ Tripleo::Tls_proxy['swift-proxy-api'] ~> Anchor<| title == 'swift::service::begin' |>
}
+ }
+ if $step >= 4 {
$swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}")
include ::swift::config
include ::swift::proxy
diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp
index b9171b0..063ccb8 100644
--- a/manifests/profile/base/zaqar.pp
+++ b/manifests/profile/base/zaqar.pp
@@ -18,9 +18,9 @@
#
# === Parameters
#
-# [*sync_db*]
-# (Optional) Whether to run db sync
-# Defaults to true
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
@@ -28,9 +28,16 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::zaqar (
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
$step = Integer(hiera('step')),
) {
- if $step >= 4 {
+ if $::hostname == downcase($bootstrap_node) {
+ $is_bootstrap = true
+ } else {
+ $is_bootstrap = false
+ }
+
+ if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::zaqar
if str2bool(hiera('mongodb::server::ipv6', false)) {
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index 3aff62f..22adbe9 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -26,6 +26,27 @@
# (Optional) The address that the local mysql instance should bind to.
# Defaults to $::hostname
#
+# [*ca_file*]
+# (Optional) The path to the CA file that will be used for the TLS
+# configuration. It's only used if internal TLS is enabled.
+# Defaults to undef
+#
+# [*certificate_specs*]
+# (Optional) The specifications to give to certmonger for the certificate
+# it will create. Note that the certificate nickname must be 'mysql' in
+# the case of this service.
+# Example with hiera:
+# tripleo::profile::base::database::mysql::certificate_specs:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "mysql/<overcloud controller fqdn>"
+# Defaults to hiera('tripleo::profile::base::database::mysql::certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
# [*gmcast_listen_addr*]
# (Optional) This variable defines the address on which the node listens to
# connections from other nodes in the cluster.
@@ -41,11 +62,14 @@
# Defaults to hiera('pcs_tries', 20)
#
class tripleo::profile::pacemaker::database::mysql (
- $bootstrap_node = hiera('mysql_short_bootstrap_node_name'),
- $bind_address = $::hostname,
- $gmcast_listen_addr = hiera('mysql_bind_host'),
- $step = Integer(hiera('step')),
- $pcs_tries = hiera('pcs_tries', 20),
+ $bootstrap_node = hiera('mysql_short_bootstrap_node_name'),
+ $bind_address = $::hostname,
+ $ca_file = undef,
+ $certificate_specs = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $gmcast_listen_addr = hiera('mysql_bind_host'),
+ $step = Integer(hiera('step')),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
@@ -70,6 +94,19 @@ class tripleo::profile::pacemaker::database::mysql (
$processed_galera_name_pairs = $galera_name_pairs.map |$pair| { join($pair, ':') }
$cluster_host_map = join($processed_galera_name_pairs, ';')
+ if $enable_internal_tls {
+ $tls_certfile = $certificate_specs['service_certificate']
+ $tls_keyfile = $certificate_specs['service_key']
+ if $ca_file {
+ $tls_ca_options = "socket.ssl_ca=${ca_file}"
+ } else {
+ $tls_ca_options = ''
+ }
+ $tls_options = "socket.ssl_key=${tls_keyfile};socket.ssl_cert=${tls_certfile};${tls_ca_options};"
+ } else {
+ $tls_options = ''
+ }
+
$mysqld_options = {
'mysqld' => {
'skip-name-resolve' => '1',
@@ -98,7 +135,7 @@ class tripleo::profile::pacemaker::database::mysql (
'wsrep_drupal_282555_workaround'=> '0',
'wsrep_causal_reads' => '0',
'wsrep_sst_method' => 'rsync',
- 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;",
+ 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;${tls_options}",
}
}
diff --git a/manifests/ui.pp b/manifests/ui.pp
index 825ffc2..d744044 100644
--- a/manifests/ui.pp
+++ b/manifests/ui.pp
@@ -136,13 +136,16 @@ class tripleo::ui (
$endpoint_config_swift = undef,
) {
+ package {'openstack-tripleo-ui': }
+ include ::apache
include ::apache::mod::proxy
include ::apache::mod::proxy_http
include ::apache::mod::proxy_wstunnel
::apache::vhost { 'tripleo-ui':
ensure => 'present',
+ require => Package['openstack-tripleo-ui'],
servername => $servername,
ip => $bind_host,
port => $ui_port,
diff --git a/releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml b/releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml
new file mode 100644
index 0000000..8359456
--- /dev/null
+++ b/releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ Added new parameter mysql_maxconn to the tripleo::haproxy class,
+ allowing haproxy maxconn to be configured for the MySQL server.
diff --git a/releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml b/releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml
new file mode 100644
index 0000000..9aad5ee
--- /dev/null
+++ b/releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml
@@ -0,0 +1,9 @@
+---
+issues:
+ - |
+ Ignore failures if nf_conntrack_proto_sctp module failed to load.
+ Since RHEL 7.4, nf_conntrack_proto_sctp module is compiled into the
+ kernel instead of as a module as the sctp support.
+ TripleO will still try to load the module to support RHEL 7.3, but
+ in the future will remove the module management and rely on the kernel
+ provided in newer versions of RHEL.
diff --git a/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml b/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml
new file mode 100644
index 0000000..02e0d48
--- /dev/null
+++ b/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+ - In order to avoid service restarts, all services deploy their httpd
+ configuration at the same time. Thus, httpd now starts in step 3 for the
+ bootstrap nodes, and step 4 for all other nodes.
diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py
index 4661b77..2597547 100644
--- a/releasenotes/source/conf.py
+++ b/releasenotes/source/conf.py
@@ -20,6 +20,8 @@
# -- General configuration ------------------------------------------------
+import openstackdocstheme
+
# If your documentation needs a minimal Sphinx version, state it here.
#needs_sphinx = '1.0'
@@ -27,7 +29,6 @@
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
- 'oslosphinx',
'reno.sphinxext',
]
@@ -99,7 +100,7 @@ pygments_style = 'sphinx'
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
-html_theme = 'default'
+html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
@@ -107,7 +108,7 @@ html_theme = 'default'
#html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
-#html_theme_path = []
+html_theme_path = [openstackdocstheme.get_html_theme_path()]
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
diff --git a/spec/classes/tripleo_haproxy_spec.rb b/spec/classes/tripleo_haproxy_spec.rb
new file mode 100644
index 0000000..966729a
--- /dev/null
+++ b/spec/classes/tripleo_haproxy_spec.rb
@@ -0,0 +1,115 @@
+# Copyright 2016 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::haproxy' do
+
+ shared_examples_for 'tripleo::haproxy' do
+ let :params do {
+ :controller_virtual_ip => '10.1.0.1',
+ :public_virtual_ip => '192.168.0.1'
+ }
+ end
+
+ describe "default settings" do
+ it 'should configure haproxy' do
+ is_expected.to contain_haproxy__listen('mysql').with(
+ :options => {
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'maxconn' => :undef
+ }
+ )
+ end
+ end
+
+ describe "set clustercheck" do
+ before :each do
+ params.merge!({
+ :mysql_clustercheck => true,
+ })
+ end
+
+ it 'should configure haproxy with clustercheck' do
+ is_expected.to contain_haproxy__listen('mysql').with(
+ :options => {
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'option' => ["tcpka", "httpchk"],
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'stick-table' => "type ip size 1000",
+ 'stick' => "on dst",
+ 'maxconn' => :undef
+ }
+ )
+ end
+ end
+
+ describe "override maxconn with clustercheck" do
+ before :each do
+ params.merge!({
+ :mysql_clustercheck => true,
+ :mysql_max_conn => 6500,
+ })
+ end
+
+ it 'should configure haproxy' do
+ is_expected.to contain_haproxy__listen('mysql').with(
+ :options => {
+ 'option' => ["tcpka", "httpchk"],
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'stick-table' => "type ip size 1000",
+ 'stick' => "on dst",
+ 'maxconn' => 6500
+ }
+ )
+ end
+ end
+
+ describe "override maxconn without clustercheck" do
+ before :each do
+ params.merge!({
+ :mysql_max_conn => 6500,
+ })
+ end
+
+ it 'should configure haproxy' do
+ is_expected.to contain_haproxy__listen('mysql').with(
+ :options => {
+ 'timeout client' => "90m",
+ 'timeout server' => "90m",
+ 'maxconn' => 6500
+ }
+ )
+ end
+ end
+
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ })
+ end
+
+ it_behaves_like 'tripleo::haproxy'
+ end
+ end
+
+end \ No newline at end of file
diff --git a/spec/classes/tripleo_profile_base_aodh_api_spec.rb b/spec/classes/tripleo_profile_base_aodh_api_spec.rb
index a82cf49..27bd735 100644
--- a/spec/classes/tripleo_profile_base_aodh_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_aodh_api_spec.rb
@@ -33,12 +33,35 @@ describe 'tripleo::profile::base::aodh::api' do
end
end
- context 'with step 3' do
+ context 'with step 3 and not bootstrap' do
let(:params) { {
:step => 3,
} }
it 'should trigger complete configuration' do
+ is_expected.not_to contain_class('aodh::api')
+ is_expected.not_to contain_class('aodh::wsgi::apache')
+ end
+ end
+
+ context 'with step 3 and bootstrap' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('aodh::api')
+ is_expected.to contain_class('aodh::wsgi::apache')
+ end
+ end
+
+ context 'with step 4' do
+ let(:params) { {
+ :step => 4,
+ } }
+
+ it 'should trigger complete configuration' do
is_expected.to contain_class('aodh::api')
is_expected.to contain_class('aodh::wsgi::apache')
end
diff --git a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb
index cec2b54..9cb657f 100644
--- a/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_ceilometer_api_spec.rb
@@ -32,9 +32,32 @@ describe 'tripleo::profile::base::ceilometer::api' do
end
end
- context 'with step 3' do
+ context 'with step 3 and not bootstrap' do
let(:params) { {
- :step => 3,
+ :step => 3,
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.not_to contain_class('ceilometer::api')
+ is_expected.not_to contain_class('ceilometer::wsgi::apache')
+ end
+ end
+
+ context 'with step 3 and bootstrap' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('ceilometer::api')
+ is_expected.to contain_class('ceilometer::wsgi::apache')
+ end
+ end
+
+ context 'with step 4' do
+ let(:params) { {
+ :step => 4,
} }
it 'should trigger complete configuration' do
diff --git a/spec/classes/tripleo_profile_base_horizon_spec.rb b/spec/classes/tripleo_profile_base_horizon_spec.rb
index fb076b8..d8a672b 100644
--- a/spec/classes/tripleo_profile_base_horizon_spec.rb
+++ b/spec/classes/tripleo_profile_base_horizon_spec.rb
@@ -31,11 +31,37 @@ describe 'tripleo::profile::base::horizon' do
end
end
- context 'with step 3' do
+ context 'with step 3 and not bootstrap' do
let(:params) { {
:step => 3,
} }
+ it 'should not configure anything' do
+ is_expected.to_not contain_class('horizon')
+ is_expected.to_not contain_class('apache::mod::remoteip')
+ is_expected.to_not contain_class('apache::mod::status')
+ end
+ end
+
+ context 'with step 3 and bootstrap' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('horizon')
+ is_expected.to contain_class('apache::mod::remoteip')
+ is_expected.to contain_class('apache::mod::status')
+ end
+ end
+
+ context 'with step 4' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
it 'should trigger complete configuration' do
is_expected.to contain_class('horizon')
is_expected.to contain_class('apache::mod::remoteip')
diff --git a/spec/classes/tripleo_profile_base_kernel_spec.rb b/spec/classes/tripleo_profile_base_kernel_spec.rb
new file mode 100644
index 0000000..4c2aab2
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_kernel_spec.rb
@@ -0,0 +1,59 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::kernel' do
+
+ shared_examples_for 'tripleo::profile::base::kernel' do
+ context 'with kernel modules' do
+ let :params do
+ {
+ :module_list => {
+ 'nf_conntrack' => {},
+ }
+ }
+ end
+
+ it 'should load kernel module' do
+ is_expected.to contain_kmod__load('nf_conntrack')
+ end
+ end
+ context 'with sysctl settings' do
+ let :params do
+ {
+ :sysctl_settings => {
+ 'net.ipv4.tcp_keepalive_intvl' => { 'value' => '1'},
+ }
+ }
+ end
+
+ it 'should load kernel module' do
+ is_expected.to contain_sysctl__value('net.ipv4.tcp_keepalive_intvl')
+ end
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) {
+ facts
+ }
+
+ it_behaves_like 'tripleo::profile::base::kernel'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_placement_spec.rb b/spec/classes/tripleo_profile_base_nova_placement_spec.rb
index 04e032a..574489e 100644
--- a/spec/classes/tripleo_profile_base_nova_placement_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_placement_spec.rb
@@ -67,8 +67,7 @@ eos
}
end
-
- context 'with step 3' do
+ context 'with step 3 and not bootstrap' do
let(:params) { {
:step => 3,
} }
@@ -77,15 +76,30 @@ eos
is_expected.to contain_class('tripleo::profile::base::nova::placement')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('nova::keystone::authtoken')
+ is_expected.not_to contain_class('nova::wsgi::apache_placement')
+ }
+ end
+
+ context 'with step 3 and bootstrap' do
+ let(:params) { {
+ :step => 3,
+ :bootstrap_node => 'node.example.com'
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::wsgi::apache_placement')
}
end
- context 'with step 3 with enable_internal_tls and skip generate certs' do
+ context 'with step 3 and bootstrap with enable_internal_tls and skip generate certs' do
let(:params) { {
:step => 3,
:enable_internal_tls => true,
:nova_placement_network => 'bar',
+ :bootstrap_node => 'node.example.com',
:certificates_specs => {
'httpd-bar' => {
'hostname' => 'foo',
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index 5d978cc..a0f4efc 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -33,6 +33,9 @@ cinder::keystone::authtoken::password: 'password'
gnocchi::keystone::authtoken::password: 'password'
gnocchi::storage::ceph::ceph_username: 'gnocchi'
gnocchi::storage::ceph::ceph_secret: 'password'
+# haproxy related items
+mysql_enabled: true
+controller_node_ips: '10.1.0.1,10.1.0.2'
# nova related items
nova::rabbit_password: 'password'
nova::keystone::authtoken::password: 'password'
diff --git a/test-requirements.txt b/test-requirements.txt
index 152ebef..31c3f5a 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,6 +1,6 @@
# This is required for the docs build jobs
sphinx!=1.6.1,>=1.5.1 # BSD
-oslosphinx>=4.7.0 # Apache-2.0
+openstackdocstheme>=1.5.0 # Apache-2.0
# This is required for the releasenotes build jobs
# FIXME: reno is manually pinned to !=2.0.0 because of bug #1651995