Age | Commit message (Collapse) | Author | Files | Lines |
|
Unfortunately, some distributions like CentOS 7 (I guess RedHat 7 as
well) still using puppet < 3.7, which experience the annoying 'PUP-1299'
bug:
https://tickets.puppetlabs.com/browse/PUP-1299
So passing a single array element, it magically transforms to a string
(or whatever the inside elements are) and the validate_array fails. We
need to get rid of these validations.
Change-Id: Icc22ee575b7c236d1a6358f8593cf813d339a4b5
|
|
|
|
|
|
Change-Id: Ie2f3e29005570805fbf2ca75a930fab746f5f299
Related-bug: #1517805
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
|
|
It is already merged on the puppetlabs-stdlib module:
https://github.com/puppetlabs/puppetlabs-stdlib/commit/88a9a314c3e9cccbea5add95081655f2c14ec4c1
And we don't need to carry with this validation anymore.
Change-Id: I2cee12e7601c546e616e2c249157e7739af29490
|
|
|
|
|
|
|
|
Change-Id: I10c0d35b473026a5e1ede265099f73c803402adc
Related-bug: #1517805
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
|
|
Add Aodh (Ceilometer Alarming) support in TripleO Loadbalancer config.
Change-Id: I891985da9248a88c6ce2df1dd186881f582605ee
|
|
Provide TripleO overcloud manifests to deploy MidoNet and the cluster
services that needs to run.
Change-Id: I24f852e74fc4652d4609e1a71897e813448055fe
|
|
Change-Id: I9c6fafa4b7b57cc0941040e899bcdd2e89fc9d58
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
|
|
Nova vnc and swift proxy were listening on the same port if SSL is
enabled in the load balancer
Change-Id: Ibf4aa118d6c8e94f8f2a68bf270d5445ebda7593
|
|
|
|
keystone and heat_cfn were listening on the same port if SSL is enabled
inm the load balancer.
Change-Id: I099119198ebf3322a783581f0c6758417e705a2e
|
|
When using websockets in HAProxy, like nova_novncproxy does, we
need to set "timeout tunnel" to avoid disconnections after a short
period without traffic.
Change-Id: I1b66cd9a1d20cbbe35a2ada5782a76a01b14bcd1
Closes-BZ: 1267043
|
|
|
|
- s/manila/$manila
Change-Id: I7aaa8f83fe758484ab39af28c914fa3d78464633
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
|
|
This simplifies use of tripleo::packages so that when
enable_upgrade is set to true you no longer have to enable_install
as well.
Change-Id: Ic3050a64530be9e2b6827ed8566f59d28547ae81
|
|
|
|
The haproxy configuration for horizon does not have 'mode http' set.
This proxy needs to be in http mode since it is using a cookie for
persistence. The default section has 'mode tcp', which is fine, but
horizon proxy needs to override this setting to get http mode. Without
this, you will likely see an error like this:
[WARNING] 238/115010 (13878) : config : cookie will be ignored for proxy
'horizon' (needs 'mode http').'
Closes BZ-1257687
Change-Id: I397986ea022f47a33a5210696752509f4a2731a5
|
|
|
|
Currently the address of the syslog server for HAProxy is hardcoded to
/dev/log without a way to customize this setting.
This commit aims to give a user more flexibility about which syslog
server address to use.
Change-Id: If7f7c8154e544e5d8a49f79f642e1ad01644a66d
|
|
|
|
When establishing a connection from the client (Web Browser) to the
novncproxy (loadbalanced by HAproxy), we need to make sure the client
will stick on the same server the time he's connected, because HAproxy
load-balance to another novncproxy node, the client will loose the
connection and timeout like 'Connection Reset By Peer error'.
This patch aims to configure novnc HAproxy configuration to balance
using 'source' mode, so it will make sure the server remains the same
while the connection is established.
Change-Id: Ibbb7162b763f1fd2854a10a92a681910e0683c0a
Closes-BZ: 1257324
|
|
This patch converts the write_package_names function into
a proper resource. Using the write_package_names only works
if the function comes last in the puppet manifest. By
making the same functionality a custom resource we allow
for it to exist anywhere in the manifest and provide the
same functionality.
The new syntax would be:
package_manifest{'/tmp/foo': ensure => present}
Co-Authored-By: Martin Mágr <mmagr@redhat.com>
Change-Id: If3e03b1983fed47082fac8ce63f975557dbc503c
|
|
This patch is the initial modulesync run, it impacts:
* gitignore: just a sync between projects
* gemfile:
- update and allow to setup facter version and gem source
- split beaker gems with a dedicated group
- switch to rspec-puppet 2.2.0
* rakefile:
- use the new syntax for lint configuration
- add a acceptance target
* acceptance:
- sync nodesets
- update tests in order to use zuul-cloner
* spec: added rspec coverage report
Change-Id: Iadefbe2cc0525224e9917c6712712c67ce1e0fff
|
|
To make sure we don't use the ssl-hello-chk option set by the
puppet-haproxy module we used to redefine the listener options
for all listeners.
With this change a default for the options hash is provided to
the puppet class instead.
This change also configures use of tcpka only where wanted, as
documented by [1], removing it from the haproxy defaults section,
given it wasn't used anyway by the other listeners which were
indeed overriding options.
1. https://github.com/beekhof/osp-ha-deploy/blob/master/pcmk/lb.scenario
Change-Id: Ic8deb77533f561cea7ce7db1d20f6be5e2dc0d33
|
|
Adds bindings to the Manila service for HAProxy.
Change-Id: I175d5b7e35a781d04452fc6aee610e8dca005419
|
|
EC2 API returns 400 for unauthenticated requests, making HAProxy believe
that the service is down. We'll use TCP check instead of HTTP check for
EC2 API.
Change-Id: Ide7f9390603c9893b95cacd51d468461255dcf07
|
|
|
|
This updates some of the listener options set by loadbalancer.pp.
Iroinc needs to pass in the option to do a httpchk, otherwise
puppet-haproxy defaults it to doing a ssl-hello-chk, which won't work
against the non-ssl loadbalancer server.
Ceilometer and glance_registry both don't support a httpchk against the
root (/) of their webservers (they return a straight 401) so disable
those checks completely.
Change-Id: Ibfc81175842a748eb077b132b0818c4ea17bbcf6
|
|
The default per frontend maxconn is set to 2000, which can easily
be reached with modern hardware with multiple logic cores; this
change adds a parameter to configure the default maxconn value,
default it to 4096 and also increases the global maxconn to 20480
to preserve the 1:5 ratio.
Change-Id: I3fffc51ecc704ceccb86ca008ecba02578c29eb5
|
|
Currently firewalling is implemented in tripleo/init.pp this commit
moves it to its own scope tripleo/firewall.pp.
This is done so that in tripleo-heat-templates we can have a simple and
generic `include tripleo::firewall` in every manifest - unconditional.
The rest of the behavior will all be managed by hiera.
If a user wants to enable firewalling:
```
tripleo::firewall::manage_firewall: true
```
If a user wants to specify firewall rules:
```
tripleo::firewall::firewall_rules:
'103 mongod':
port: 27017
```
Change-Id: I144c60db2a568a94dce5b51257f1d10980173325
|
|
|
|
|
|
|
|
|
|
Backend options for Ceilometer and Ironic are aligned with what we
use for the other OpenStack services.
Listener options for Horizon is updated so that we do cookie
tracking as suggested by refarch doc.
Change-Id: I4640d974a3ab8188919eaae79dde71463234b5ff
|
|
|
|
|
|
Change-Id: Ic0ae6b743a732ccd2cf7e395b5ab172bf3daaf7d
|
|
|
|
|
|
This patch adds a new tripleo::noop class that can be
used to help switch all resources of a given type
to noop mode. The class does this via Puppet resource
collectors to enable the noop metaparam on all resources
of the specified type.
When a resource is in noop mode no action
will get taken (however puppet stdout will log information
about what would happen if noop were removed).
The motivation for this patch is to be able to do something
like this and run puppet to configure select resources
(like only config files):
class {'tripleo::noop':
file => false
}
It is important to note that when tripleo::noop is used all common
resources default to noop mode.
This could be used alongside docker containers to provide
a mechanism to pre-configure all related config files for
a set of docker containers ahead of time.
Change-Id: I67f9dbbf33a2d6bcee5005ae0b6b1aa7091039ad
|
|
When doing a heat stack-show, Heat initially returns a 302 redirect.
With the existing loadbalancer config for SSL, this results in a
redirect to an http:// address pointing at the SSL port, which
naturally doesn't work.
The fix for this is to use the rsprep haproxy option to rewrite the
Location header in responses from the Heat api server. This allows
us to properly handle redirect traffic as https.
Also note that http header rewriting requires "mode http", so that
is added here as well.
Change-Id: I7e5c5b1877e9aa46c4b88dfba45c1fddf61727fc
|
|
Just like any other OpenStack API endpoint.
Change-Id: Iaa45d7bef94c3c42df0988a58f146bb8a530f74e
|
|
This function writes out package names that have been
defined in a given puppet catalog.
In order to work this should be place last (or very late)
in a manifest to ensure it picks up packages.
Change-Id: Ie21b5bf7df71337da02ea43915dc4e70d3052bb7
|
|
This adds a new class to help configure package installation
and upgrades.
The previous approach was to use a global package declaration
at the top of each manifest within the tripleo-heat-templates.
The new approach is to use a Package collector (<| |>) to
allow us to configure the package provider within a
class. This should help remove some of the duplicated logic
within the triplo-heat-template manifests and is
also a good fit for puppet-tripleo in that is generic
and unlikely to change that often.
In addition to installation this class also support upgrades
to puppet managed packages as well.
Change-Id: Ie8fbc344149bc8c9977e127de77636903607617a
|
|
|