diff options
Diffstat (limited to 'manifests/profile')
| -rw-r--r-- | manifests/profile/base/database/mysql.pp | 15 | ||||
| -rw-r--r-- | manifests/profile/base/docker.pp | 68 |
2 files changed, 83 insertions, 0 deletions
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index dcd1b7f..a0193cf 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -42,6 +42,11 @@ # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # +# [*generate_dropin_file_limit*] +# (Optional) Generate a systemd drop-in file to raise the file descriptor +# limit for the mysql service. +# Defaults to false +# # [*generate_service_certificates*] # (Optional) Whether or not certmonger will generate certificates for # MySQL. This could be as many as specified by the $certificates_specs @@ -72,6 +77,7 @@ class tripleo::profile::base::database::mysql ( $bootstrap_node = hiera('bootstrap_nodeid', undef), $certificate_specs = {}, $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_dropin_file_limit = false, $generate_service_certificates = hiera('generate_service_certificates', false), $manage_resources = true, $mysql_server_options = {}, @@ -139,6 +145,15 @@ class tripleo::profile::base::database::mysql ( service_enabled => $manage_resources, remove_default_accounts => $remove_default_accounts, } + + if $generate_dropin_file_limit { + # Raise the mysql file limit + ::systemd::service_limits { 'mariadb.service': + limits => { + LimitNOFILE => 16384 + } + } + } } if $step >= 2 and $sync_db { diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp new file mode 100644 index 0000000..5e18a85 --- /dev/null +++ b/manifests/profile/base/docker.pp @@ -0,0 +1,68 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::docker +# +# docker profile for tripleo +# +# === Parameters +# +# [*docker_namespace*] +# The namespace to be used when setting INSECURE_REGISTRY +# this will be split on "/" to derive the docker registry +# (defaults to undef) +# +# [*insecure_registry*] +# Set docker_namespace to INSECURE_REGISTRY, used when a local registry +# is enabled (defaults to false) +# +# [*step*] +# step defaults to hiera('step') +# +class tripleo::profile::base::docker ( + $docker_namespace = undef, + $insecure_registry = false, + $step = hiera('step'), +) { + if $step >= 1 { + package {'docker': + ensure => installed, + } + + service { 'docker': + ensure => 'running', + enable => true, + require => Package['docker'], + } + + if $insecure_registry { + if $docker_namespace == undef { + fail('You must provide a $docker_namespace in order to configure insecure registry') + } + $namespace = strip($docker_namespace.split('/')[0]) + $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'", ] + } else { + $changes = [ 'rm INSECURE_REGISTRY', ] + } + + augeas { 'docker-sysconfig': + lens => 'Shellvars.lns', + incl => '/etc/sysconfig/docker', + changes => $changes, + subscribe => Package['docker'], + notify => Service['docker'], + } + } +} |