Age | Commit message (Collapse) | Author | Files | Lines |
|
This uses the tls_proxy resource in front of the Redis server when
internal TLS is enabled.
bp tls-via-certmonger
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit 2d1d7875aa6f0b68005c84189627bc0716a7693f)
|
|
Puppet wipes out whatever is not in it's resource catalog each run for
httpd. This causes httpd to restart if in the next step there are
reasources added that were not there earlier.
This patch, thus changes the instances of httpd to start at the same
time: On step 3 for the bootstrap node, and on step 4 for every other
node.
Closes-Bug: #1699502
Change-Id: I3d29728c1ab7bd5b78100f89e00e5fa082f97b0c
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
|
|
The step is typically set with the hieradata setting an integer value:
{"step": 1}
However it would be useful for the value to be a string so that
substitutions are possible, for example:
{"step": "%{::step}"}
This change ensures the step parameter defaults to an integer by
calling Integer(hiera('step'))
This change was made by manually removing the undef defaults from
fluentd.pp, uchiwa.pp, and sensu.pp then bulk updating with:
find ./ -type f -print0 |xargs -0 sed -i "s/= hiera('step')/= Integer(hiera('step'))/"
Change-Id: I8a47ca53a7dea8391103abcb8960a97036a6f5b3
|
|
Every time we call apache module regardless of using SSL we have to
configure mod_ssl from puppet-apache or we'll hit issue during package
update. File /etc/httpd/conf.d/ssl.conf from mod_ssl package contains
Listen 443 while apache::mod::ssl just configures SSL bits but does not
add Listen. If the apache::mod::ssl is not included the ssl.conf file is
removed and recreated during mod_ssl package update. This causes
conflict on port 443.
Change-Id: Ic5a0719f67d3795a9edca25284d1cf6f088073e8
Related-Bug: 1682448
Resolves: rhbz#1441977
|
|
So we avoid useless apache restart and save time during the deployment.
Related-Bug: #1664418
Change-Id: Ie00b717a6741e215e59d219710154f0d2ce6b39e
|
|
This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.
Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
|
|
combination alarms are completely removed in Ocata.
Remove this from tripleo.
Change-Id: Icdf81d2f489db33533a1a0979cba3b5a652535d5
|
|
This optionally enables TLS for aodh in the internal network.
If internal TLS is enabled, each node that is serving the aodh
service will use certmonger to request its certificate.
This, in turn should also configure a command that should be ran when
the certificate is refreshed (which requires the service to be
restarted).
bp tls-via-certmonger
Change-Id: I50ef0c8fbecb19d6597a28290daa61a91f3b13fc
|
|
Normalize coordination_url for Telemetry services, so we can deploy them
with IPv6.
Change-Id: Ic6de09acf0d36ca90cc2041c0add1bc2b4a369a5
Partial-Bug: #1629279
Depends-On: I038e2bac22e3bfa5047d2e76e23cff664546464d
|
|
Combination alarms are deprecated in Newton and hence turned off
by default. This allows users still using this type of alarms to
flip the flag and use until they migrate themselves to composite
alarms.
Change-Id: I9220b7d020dc8ed45dd6ca83ea9647efd67ea648
|
|
Change-Id: I7c89fcef8cdd0e73ef8c5d615bb55db177abd375
|
|
The services in the AODH profiles were
limited to be executed only in the
bootstrap master node.
Change-Id: I85cfa97f0e5e9a70e86e51d8188a2abf86e2ec1c
|
|
Change-Id: Ie48a123cc5bc402aee635a5daf118b158c6f3b6a
Implements: blueprint refactor-puppet-manifests
|