aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-01-20packages: secure upgrade workflow from dependency cyclesEmilien Macchi2-9/+12
Change the workflow to be: Upgrade all packages before any services that is notified & managed by Puppet. It also disable the Exec timeout so we rely on Heat timeout and not on the 300s that are the default in Puppet [1] Example: we upgrade and OpenStack config will change (obviously). Puppet catalog will contain 3 important things: * config resources * service resources * package-upgrade Exec resource with that patch, what will happen: * puppet will update config first or second and notify services * puppet will run package-upgrade first or second but before the package-upgrade Exec resource * at the very end, puppet will restart services That way, we avoid complications with Puppet dependency cycle issues. [1] https://docs.puppetlabs.com/references/latest/type.html#exec-attribute-timeout Closes-Bug: 1536349 Change-Id: I07310bdfc5b07b03ac9fa5f8c13e87eaa2bfef4d
2016-01-14Enable X-Forwarded-Proto header for keystone admin endpointJuan Antonio Osorio Robles1-0/+4
This is useful for handling URLs properly when TLS is enabled. Change-Id: I4defed679cf3b2980dcc4ce1db030c0fdf154bfe
2016-01-13Disable ip_nonlocal_bind (rely on the HAProxy 'transparent' option)Giulio Fidente1-2/+0
Change-Id: Ib57a4bf463900e68cbf97900027f972e590799c2
2016-01-13Use HAProxy 'transparent' bind option for compat with IPv6Giulio Fidente1-91/+118
Change-Id: Iddf1fdaabc1c758546999e7af7e7412158400e7f
2016-01-13Enable X-Forwarded-Proto header for cinderJuan Antonio Osorio Robles1-0/+4
Change-Id: I3bd836140537fc5b7e3fba600a712d6a9d6f1185
2016-01-08Make haproxy balancer default options configurableGiulio Fidente1-26/+31
Change-Id: Id5e119e0949d27a6e3b3f21ecd5e2eb39f1eeb13
2016-01-07Merge "Haproxy has non-working Horizon session persistence."Jenkins1-1/+1
2016-01-07Merge "Upgrade all packages after puppet managed ones"Jenkins2-1/+72
2016-01-06Merge "loadbalancer: fix MySQL timeout HAproxy config"Jenkins1-5/+7
2016-01-05Merge "Trove integration"Jenkins1-0/+43
2016-01-05Merge "Sahara integration"Jenkins1-0/+42
2016-01-05Merge "Enable X-Forwarded-Proto header for Heat and Nova"Jenkins1-0/+5
2016-01-05Merge "Enable X-Forwarded-Proto header for keystone_public"Jenkins1-0/+4
2016-01-05Haproxy has non-working Horizon session persistence.Sofer Athlan-Guyot1-1/+1
Haproxy is using session persistence[1] for horizon. It is not correctly configured though. The cookie is not properly set. This add the necessary code. [1]: http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/ Change-Id: Ic9d79475cf84c25fb8146ecbc5f0a45862c106f0 Closes-Bug: 1526786
2016-01-04Trove integrationEthan Gafford1-0/+43
Adds configuration for Trove to loadbalancer class. Partially-implements: blueprint trove-integration Change-Id: I3cdf43b6d63ad0ee68db047518743c62b6689f56
2016-01-04Sahara integrationEthan Gafford1-0/+42
Adds configuration for Sahara to loadbalancer class. Change-Id: I0f0a1dc2eaa57d8226bad8cfb250110296ab9614 Partially-implements: blueprint sahara-integration
2015-12-23Upgrade all packages after puppet managed onesDan Prince2-1/+72
This updates tripleo::packages so that when enable_upgrade is used it will: 1) upgrade puppet managed packages (will trigger puppet dependencies) 2) then upgrade all packages via exec 3) then restart services NOTE: the intention here is that the Exec['update-packages'] will always execute if enable_upgrade is set. It is not idempotent in this regard because I think we always want to execute it if enable_upgrade is set. Change-Id: I02f7cf07792765359f19fdf357024d9e48690e42 Related-bug: #1522943
2015-12-22Merge "Adds IPv6 support for interface_for_ip function"Jenkins2-13/+66
2015-12-17Enable X-Forwarded-Proto header for Heat and NovaJuan Antonio Osorio Robles1-0/+5
Change-Id: Icd666d9988d14ac1e9581f55589bf95243cc7641
2015-12-17Merge "Allows customization of the HAProxy default timeouts"Jenkins1-1/+6
2015-12-15Adds IPv6 support for interface_for_ip functionGilles Dubreuil2-13/+66
Proper interface matching when an IPv6 address is provided. If Facter version used is < 3 then it adds the netmask6 facts as custom facts. Fix bugs https://bugzilla.redhat.com/show_bug.cgi?id=1280523 Change-Id: Ide26ca1740dc12ea5f47a28f4cecacd6ef0b18f9
2015-12-14Modify cassandra dependencyJaume Devesa3-19/+27
Switch to locp/cassandra module since it has much more options than midonet/puppet-cassandra and it is already defined on the openstack-puppet-modules packages in RHEL. More info: https://bugzilla.redhat.com/show_bug.cgi?id=1285718 Depends-On: I72f21036fda795b54312a7d39f04c30bbf16c41b Change-Id: Icea9bd96e4c80a26b9e813d383f84099c736d7bf
2015-12-14Adding psych on Gemfile explicitlyJaume Devesa1-0/+4
It seems like bundle has a bug[1] that, somehow, it unloads the psych library unless is installed through bundle itself. It will be fixed on bundle 1.2. [1]: http://github.com/bundler/bundler/issues/2068 Change-Id: Ic2fa8a8f114c3183a656bfdb1bc2d6d6413dbb75
2015-12-12Merge "Remove all 'validate_array' statements"Jenkins4-6/+25
2015-12-11Adding MidoNet LoadBalancing optionsJaume Devesa1-0/+24
MidoNet API needs to be loadbalanced if the midonet environment is activated. Change-Id: I6f1ac659297b8cf6671e11ad23284f8f543568b0
2015-12-11Remove all 'validate_array' statementsJaume Devesa4-6/+25
Unfortunately, some distributions like CentOS 7 (I guess RedHat 7 as well) still using puppet < 3.7, which experience the annoying 'PUP-1299' bug: https://tickets.puppetlabs.com/browse/PUP-1299 So passing a single array element, it magically transforms to a string (or whatever the inside elements are) and the validate_array fails. We need to get rid of these validations. Change-Id: Icc22ee575b7c236d1a6358f8593cf813d339a4b5
2015-12-10Merge "loadbalancer: add Aodh API support"Jenkins1-0/+43
2015-12-10Allows customization of the HAProxy default timeoutsGiulio Fidente1-1/+6
Change-Id: I3fdb705bbac26b4bc43a18131407a0a86d36a8a5
2015-12-08Enable X-Forwarded-Proto header for keystone_publicJuan Antonio Osorio Robles1-0/+4
One of the ways to make use of TLS in keystone is through the usage of the X-Fowarded-Proto header, which will be forwarded with the request by the loadbalancer, and it will tell keystone what protocol was used to access it. This also requires configuration from the keystone side. Change-Id: I9b899ba95e28b7dfae0c1ed84ca8431054673925
2015-12-08Merge "Fix unit tests failing against Puppet 4.3.x"Jenkins1-0/+1
2015-12-08Fix unit tests failing against Puppet 4.3.xGael Chamoulaud1-0/+1
Change-Id: Ie2f3e29005570805fbf2ca75a930fab746f5f299 Related-bug: #1517805 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-12-01loadbalancer: add Gnocchi API supportEmilien Macchi1-0/+43
Add Gnocchi (OpenStack Metric storage) support in TripleO Loadbalancer config. Change-Id: Ia991819f57616a9a11bd4dfb77893748130268a0
2015-12-01Remove `validate_ip_address` validator.Jaume Devesa2-99/+0
It is already merged on the puppetlabs-stdlib module: https://github.com/puppetlabs/puppetlabs-stdlib/commit/88a9a314c3e9cccbea5add95081655f2c14ec4c1 And we don't need to carry with this validation anymore. Change-Id: I2cee12e7601c546e616e2c249157e7739af29490
2015-11-30Merge "Fix unit tests failing against Puppet 4.3.0"Jenkins1-1/+4
2015-11-26Merge "MidoNet services manifests"Jenkins14-0/+767
2015-11-25Merge "Set tunnel timeout for nova_novncproxy"Jenkins1-0/+1
2015-11-25Fix unit tests failing against Puppet 4.3.0Gael Chamoulaud1-1/+4
Change-Id: I10c0d35b473026a5e1ede265099f73c803402adc Related-bug: #1517805 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-11-25loadbalancer: add Aodh API supportEmilien Macchi1-0/+43
Add Aodh (Ceilometer Alarming) support in TripleO Loadbalancer config. Change-Id: I891985da9248a88c6ce2df1dd186881f582605ee
2015-11-23MidoNet services manifestsJaume Devesa14-0/+767
Provide TripleO overcloud manifests to deploy MidoNet and the cluster services that needs to run. Change-Id: I24f852e74fc4652d4609e1a71897e813448055fe
2015-11-12Remove class_parameter_defaults puppet-lint checkGael Chamoulaud1-1/+1
Change-Id: I9c6fafa4b7b57cc0941040e899bcdd2e89fc9d58 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-10-22Resolve repeated ports for ssl frontends (nova vnc and swift proxy)Juan Antonio Osorio Robles1-1/+1
Nova vnc and swift proxy were listening on the same port if SSL is enabled in the load balancer Change-Id: Ibf4aa118d6c8e94f8f2a68bf270d5445ebda7593
2015-10-22Merge "Resolve repeated ports for ssl frontends"Jenkins1-1/+1
2015-10-21Resolve repeated ports for ssl frontendsJuan Antonio Osorio Robles1-1/+1
keystone and heat_cfn were listening on the same port if SSL is enabled inm the load balancer. Change-Id: I099119198ebf3322a783581f0c6758417e705a2e
2015-10-09Set tunnel timeout for nova_novncproxyJavier Pena1-0/+1
When using websockets in HAProxy, like nova_novncproxy does, we need to set "timeout tunnel" to avoid disconnections after a short period without traffic. Change-Id: I1b66cd9a1d20cbbe35a2ada5782a76a01b14bcd1 Closes-BZ: 1267043
2015-10-01loadbalancer: fix MySQL timeout HAproxy configEmilien Macchi1-5/+7
Current HAproxy config is broken for MySQL timeout parameters. This is what we have today by default in HAproxy logs: -------------- [WARNING] 238/115010 (13878) : config : missing timeouts for proxy 'mysql'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. -------------- This patch aims to: * Use the correct parameters to configure puppetlabs-haproxy * Update the database timeouts to higher values to prevent the services from disconnecting too frequently by setting the Galera HAProxy timeout to 90 minutes. Change-Id: I06dd4bf81d4f4fd3c01bb681f6f0b3152f2b8eea
2015-10-01Merge "Automatically install packages when upgrading"Jenkins1-4/+1
2015-09-29Fix manila conditional statementGael Chamoulaud1-1/+1
- s/manila/$manila Change-Id: I7aaa8f83fe758484ab39af28c914fa3d78464633 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-09-28Automatically install packages when upgradingDan Prince1-4/+1
This simplifies use of tripleo::packages so that when enable_upgrade is set to true you no longer have to enable_install as well. Change-Id: Ic3050a64530be9e2b6827ed8566f59d28547ae81
2015-09-15Merge "Allow a user to specify the syslog address for HAProxy"Jenkins1-1/+6
2015-09-13loadbalancer: use http mode for Horizon haproxy configEmilien Macchi1-0/+1
The haproxy configuration for horizon does not have 'mode http' set. This proxy needs to be in http mode since it is using a cookie for persistence. The default section has 'mode tcp', which is fine, but horizon proxy needs to override this setting to get http mode. Without this, you will likely see an error like this: [WARNING] 238/115010 (13878) : config : cookie will be ignored for proxy 'horizon' (needs 'mode http').' Closes BZ-1257687 Change-Id: I397986ea022f47a33a5210696752509f4a2731a5