summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/profile/base')
-rw-r--r--manifests/profile/base/certmonger_user.pp5
-rw-r--r--manifests/profile/base/cinder/api.pp11
-rw-r--r--manifests/profile/base/database/mysql.pp22
-rw-r--r--manifests/profile/base/ironic.pp5
-rw-r--r--manifests/profile/base/nova/compute.pp11
-rw-r--r--manifests/profile/base/rabbitmq.pp15
6 files changed, 45 insertions, 24 deletions
diff --git a/manifests/profile/base/certmonger_user.pp b/manifests/profile/base/certmonger_user.pp
index 231a1d0..2ac4b6e 100644
--- a/manifests/profile/base/certmonger_user.pp
+++ b/manifests/profile/base/certmonger_user.pp
@@ -80,13 +80,16 @@ class tripleo::profile::base::certmonger_user (
unless empty($haproxy_certificates_specs) {
$reload_haproxy = ['systemctl reload haproxy']
Class['::tripleo::certmonger::ca::crl'] ~> Haproxy::Balancermember<||>
- Class['::tripleo::certmonger::ca::crl'] ~> Class['::haproxy']
+ if defined(Class['::haproxy']) {
+ Class['::tripleo::certmonger::ca::crl'] ~> Class['::haproxy']
+ }
} else {
$reload_haproxy = []
}
class { '::tripleo::certmonger::ca::crl' :
reload_cmds => $reload_haproxy,
}
+ Certmonger_certificate<||> -> Class['::tripleo::certmonger::ca::crl']
include ::tripleo::certmonger::ca::libvirt
unless empty($apache_certificates_specs) {
diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp
index 54880ad..892e4ed 100644
--- a/manifests/profile/base/cinder/api.pp
+++ b/manifests/profile/base/cinder/api.pp
@@ -43,6 +43,12 @@
# (Optional) Whether TLS in the internal network is enabled or not.
# Defaults to hiera('enable_internal_tls', false)
#
+# [*keymgr_api_class*]
+# (Optional) The encryption key manager API class. The default value
+# ensures Cinder's legacy key manager is enabled when no hiera value is
+# specified.
+# Defaults to hiera('cinder::api::keymgr_api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager')
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -53,6 +59,7 @@ class tripleo::profile::base::cinder::api (
$certificates_specs = hiera('apache_certificates_specs', {}),
$cinder_api_network = hiera('cinder_api_network', undef),
$enable_internal_tls = hiera('enable_internal_tls', false),
+ $keymgr_api_class = hiera('cinder::api::keymgr_api_class', 'cinder.keymgr.conf_key_mgr.ConfKeyManager'),
$step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -75,7 +82,9 @@ class tripleo::profile::base::cinder::api (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- include ::cinder::api
+ class { '::cinder::api':
+ keymgr_api_class => $keymgr_api_class,
+ }
include ::apache::mod::ssl
class { '::cinder::wsgi::apache':
ssl_cert => $tls_certfile,
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 3bf41cf..7e7d68b 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -47,6 +47,10 @@
# limit for the mysql service.
# Defaults to false
#
+# [*innodb_buffer_pool_size*]
+# (Optional) Configure the size of the MySQL buffer pool.
+# Defaults to hiera('innodb_buffer_pool_size', undef)
+#
# [*manage_resources*]
# (Optional) Whether or not manage root user, root my.cnf, and service.
# Defaults to true
@@ -76,6 +80,7 @@ class tripleo::profile::base::database::mysql (
$certificate_specs = {},
$enable_internal_tls = hiera('enable_internal_tls', false),
$generate_dropin_file_limit = false,
+ $innodb_buffer_pool_size = hiera('innodb_buffer_pool_size', undef),
$manage_resources = true,
$mysql_server_options = {},
$mysql_max_connections = hiera('mysql_max_connections', undef),
@@ -123,14 +128,15 @@ class tripleo::profile::base::database::mysql (
# MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
$mysql_server_default = {
'mysqld' => {
- 'bind-address' => $bind_address,
- 'max_connections' => $mysql_max_connections,
- 'open_files_limit' => '-1',
- 'innodb_file_per_table' => 'ON',
- 'ssl' => $enable_internal_tls,
- 'ssl-key' => $tls_keyfile,
- 'ssl-cert' => $tls_certfile,
- 'ssl-ca' => undef,
+ 'bind-address' => $bind_address,
+ 'max_connections' => $mysql_max_connections,
+ 'open_files_limit' => '-1',
+ 'innodb_buffer_pool_size' => $innodb_buffer_pool_size,
+ 'innodb_file_per_table' => 'ON',
+ 'ssl' => $enable_internal_tls,
+ 'ssl-key' => $tls_keyfile,
+ 'ssl-cert' => $tls_certfile,
+ 'ssl-ca' => undef,
}
}
$mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options)
diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp
index 2739f33..7e6efec 100644
--- a/manifests/profile/base/ironic.pp
+++ b/manifests/profile/base/ironic.pp
@@ -70,8 +70,9 @@ class tripleo::profile::base::ironic (
if $step >= 4 or ($step >= 3 and $sync_db) {
$oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::ironic':
- sync_db => $sync_db,
- default_transport_url => os_transport_url({
+ sync_db => $sync_db,
+ db_online_data_migrations => $sync_db,
+ default_transport_url => os_transport_url({
'transport' => $oslomsg_rpc_proto,
'hosts' => $oslomsg_rpc_hosts,
'port' => sprintf('%s', $oslomsg_rpc_port),
diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp
index 3eae880..a9a1f94 100644
--- a/manifests/profile/base/nova/compute.pp
+++ b/manifests/profile/base/nova/compute.pp
@@ -27,9 +27,16 @@
# (Optional) Whether or not Cinder is backed by NFS.
# Defaults to hiera('cinder_enable_nfs_backend', false)
#
+# [*keymgr_api_class*]
+# (Optional) The encryption key manager API class. The default value
+# ensures Nova's legacy key manager is enabled when no hiera value is
+# specified.
+# Defaults to hiera('nova::compute::keymgr_api_class', 'nova.keymgr.conf_key_mgr.ConfKeyManager')
+#
class tripleo::profile::base::nova::compute (
$step = Integer(hiera('step')),
$cinder_nfs_backend = hiera('cinder_enable_nfs_backend', false),
+ $keymgr_api_class = hiera('nova::compute::keymgr_api_class', 'nova.keymgr.conf_key_mgr.ConfKeyManager'),
) {
if $step >= 4 {
@@ -37,7 +44,9 @@ class tripleo::profile::base::nova::compute (
include ::tripleo::profile::base::nova
# deploy basic bits for nova-compute
- include ::nova::compute
+ class { '::nova::compute':
+ keymgr_api_class => $keymgr_api_class,
+ }
# If Service['nova-conductor'] is in catalog, make sure we start it
# before nova-compute.
Service<| title == 'nova-conductor' |> -> Service['nova-compute']
diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp
index d0b4a05..fbe5113 100644
--- a/manifests/profile/base/rabbitmq.pp
+++ b/manifests/profile/base/rabbitmq.pp
@@ -98,15 +98,6 @@ class tripleo::profile::base::rabbitmq (
$tls_keyfile = undef
}
- # IPv6 environment, necessary for RabbitMQ.
- if $ipv6 {
- $rabbit_env = merge($environment, {
- 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"',
- 'RABBITMQ_CTL_ERL_ARGS' => '"-proto_dist inet6_tcp"'
- })
- } else {
- $rabbit_env = $environment
- }
if $inet_dist_interface {
$real_kernel_variables = merge(
$kernel_variables,
@@ -125,10 +116,11 @@ class tripleo::profile::base::rabbitmq (
cluster_nodes => $nodes,
config_kernel_variables => $real_kernel_variables,
config_variables => $config_variables,
- environment_variables => $rabbit_env,
+ environment_variables => $environment,
# TLS options
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
+ ipv6 => $ipv6,
}
# when running multi-nodes without Pacemaker
if $manage_service {
@@ -144,10 +136,11 @@ class tripleo::profile::base::rabbitmq (
class { '::rabbitmq':
config_kernel_variables => $kernel_variables,
config_variables => $config_variables,
- environment_variables => $rabbit_env,
+ environment_variables => $environment,
# TLS options
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
+ ipv6 => $ipv6,
}
}
}