diff options
Diffstat (limited to 'manifests/profile/base')
-rw-r--r-- | manifests/profile/base/aodh/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/barbican/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/ceilometer/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/cinder/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/database/mongodb.pp | 11 | ||||
-rw-r--r-- | manifests/profile/base/gnocchi/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/keystone.pp | 5 | ||||
-rw-r--r-- | manifests/profile/base/nova/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/nova/placement.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/panko/api.pp | 1 | ||||
-rw-r--r-- | manifests/profile/base/swift/ringbuilder.pp | 36 | ||||
-rw-r--r-- | manifests/profile/base/zaqar.pp | 1 |
12 files changed, 60 insertions, 1 deletions
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index 1c03059..a9c94f4 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -81,6 +81,7 @@ class tripleo::profile::base::aodh::api ( if $step >= 3 { include ::aodh::api + include ::apache::mod::ssl class { '::aodh::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index b464317..42ac8cd 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -99,6 +99,7 @@ class tripleo::profile::base::barbican::api ( include ::barbican::api::logging include ::barbican::keystone::notification include ::barbican::quota + include ::apache::mod::ssl class { '::barbican::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 71ea5e7..468f79a 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -78,6 +78,7 @@ class tripleo::profile::base::ceilometer::api ( if $step >= 3 { include ::ceilometer::api + include ::apache::mod::ssl class { '::ceilometer::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index 450a8e6..ef5bd06 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -89,6 +89,7 @@ class tripleo::profile::base::cinder::api ( if $step >= 4 or ($step >= 3 and $sync_db) { include ::cinder::api + include ::apache::mod::ssl class { '::cinder::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/database/mongodb.pp b/manifests/profile/base/database/mongodb.pp index 8967f5b..4740d67 100644 --- a/manifests/profile/base/database/mongodb.pp +++ b/manifests/profile/base/database/mongodb.pp @@ -30,10 +30,15 @@ # for more details. # Defaults to hiera('step') # +# [*memory_limit*] +# (Optional) Limit amount of memory mongodb can use +# Defaults to 20G +# class tripleo::profile::base::database::mongodb ( $mongodb_replset, $bootstrap_node = downcase(hiera('bootstrap_nodeid')), $step = hiera('step'), + $memory_limit = '20G', ) { if $step >= 2 { @@ -56,5 +61,11 @@ class tripleo::profile::base::database::mongodb ( } } + # Limit memory utilization + ::systemd::service_limits { 'mongod.service': + limits => { + 'MemoryLimit' => $memory_limit + } + } } } diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index e79f800..92431e4 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -98,6 +98,7 @@ class tripleo::profile::base::gnocchi::api ( if $step >= 4 { include ::gnocchi::api + include ::apache::mod::ssl class { '::gnocchi::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index bc8b4db..9aa3eb3 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -161,6 +161,7 @@ class tripleo::profile::base::keystone ( } include ::keystone::config + include ::apache::mod::ssl class { '::keystone::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, @@ -171,7 +172,9 @@ class tripleo::profile::base::keystone ( if $ldap_backend_enable { validate_hash($ldap_backends_config) - create_resources('::keystone::ldap_backend', $ldap_backends_config) + create_resources('::keystone::ldap_backend', $ldap_backends_config, { + create_domain_entry => $manage_domain, + }) } } diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 287d14c..f09f083 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -116,6 +116,7 @@ class tripleo::profile::base::nova::api ( $tls_keyfile = undef } if $step >= 4 or ($step >= 3 and $sync_db) { + include ::apache::mod::ssl class { '::nova::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index c429373..614a3e7 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -86,6 +86,7 @@ class tripleo::profile::base::nova::placement ( } if $step >= 3 { + include ::apache::mod::ssl class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index a6643ce..be6df8d 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -92,6 +92,7 @@ class tripleo::profile::base::panko::api ( class { '::panko::api': sync_db => $sync_db, } + include ::apache::mod::ssl class { '::panko::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/swift/ringbuilder.pp b/manifests/profile/base/swift/ringbuilder.pp index 7e5fc74..f7cfea4 100644 --- a/manifests/profile/base/swift/ringbuilder.pp +++ b/manifests/profile/base/swift/ringbuilder.pp @@ -63,6 +63,12 @@ # Minimum amount of time before partitions can be moved. # Defaults to undef # +# [*swift_ring_get_tempurl*] +# GET tempurl to fetch Swift rings from +# +# [*swift_ring_put_tempurl*] +# PUT tempurl to upload Swift rings to +# class tripleo::profile::base::swift::ringbuilder ( $replicas, $build_ring = true, @@ -74,7 +80,23 @@ class tripleo::profile::base::swift::ringbuilder ( $swift_storage_node_ips = hiera('swift_storage_node_ips', []), $part_power = undef, $min_part_hours = undef, + $swift_ring_get_tempurl = hiera('swift_ring_get_tempurl', ''), + $swift_ring_put_tempurl = hiera('swift_ring_put_tempurl', ''), ) { + + if $step == 2 and $swift_ring_get_tempurl != '' { + exec{'fetch_swift_ring_tarball': + path => ['/usr/bin'], + command => "curl --insecure --silent '${swift_ring_get_tempurl}' -o /tmp/swift-rings.tar.gz", + returns => [0, 3] + } ~> + exec{'extract_swift_ring_tarball': + path => ['/bin'], + command => 'tar xzf /tmp/swift-rings.tar.gz -C /', + returns => [0, 2] + } + } + if $step >= 2 { # pre-install swift here so we can build rings include ::swift @@ -112,4 +134,18 @@ class tripleo::profile::base::swift::ringbuilder ( Ring_object_device<| |> ~> Exec['rebalance_container'] } } + + if $step == 5 and $build_ring and $swift_ring_put_tempurl != '' { + exec{'create_swift_ring_tarball': + path => ['/bin', '/usr/bin'], + command => 'tar cvzf /tmp/swift-rings.tar.gz /etc/swift/*.builder /etc/swift/*.ring.gz /etc/swift/backups/', + unless => 'swift-recon --md5 | grep -q "doesn\'t match"' + } ~> + exec{'upload_swift_ring_tarball': + path => ['/usr/bin'], + command => "curl --insecure --silent -X PUT '${$swift_ring_put_tempurl}' --data-binary @/tmp/swift-rings.tar.gz", + require => Exec['create_swift_ring_tarball'], + refreshonly => true, + } + } } diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp index 89a03ad..7fbcd34 100644 --- a/manifests/profile/base/zaqar.pp +++ b/manifests/profile/base/zaqar.pp @@ -50,6 +50,7 @@ class tripleo::profile::base::zaqar ( uri => $database_connection, } include ::zaqar::transport::websocket + include ::apache::mod::ssl include ::zaqar::transport::wsgi # TODO (bcrochet): At some point, the transports should be split out to |