aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/database
AgeCommit message (Collapse)AuthorFilesLines
2017-05-03MySQL client: Make CA file configurableJuan Antonio Osorio Robles1-1/+6
It used to be hardcoded to use the OpenSSL default CA Bundle, however, this will be changed in t-h-t. Change-Id: I75bdaf71d88d169e64687a180cb13c1f63418a0f
2017-04-06Don't try and create the my.cnf.d dir everytimeAlex Schultz1-0/+1
The creation of /etc/my.cnf.d is not idempotent and is run anytime the mysql client profile is included. This change adds an unless parameter to ensure it is only run if not used. Change-Id: I4a30eaccf72f5687dc22ba93c19136e55d36dcab Closes-Bug: #1680570
2017-04-03Restrict mongodb memory usagePradeep Kilambi1-0/+11
Currently, mongodb has no limits on how much memory it can consume. This enforces restriction so mongodb service limits through systemd. The puppet-systemd module has support for limits. The MemoryLimit support is added in the follwoing pull request https://github.com/camptocamp/puppet-systemd/pull/23 Closes-bug: #1656558 Change-Id: Ie9391aa39532507c5de8dd668a70d5b66e17c891
2017-03-26Remove certificate request bits from service profilesJuan Antonio Osorio Robles1-10/+0
This is now the job of the certmonger_user profile. So these bits are not needed anymore in the service profiles. Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800 Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
2017-03-13Fixes issues with raising mysql file limitTim Rozet1-3/+8
Changes Include: - Adds spec testing - Only raise limits if nonha. puppet-systemd will restart the mariadb service which breaks ha deployments. Hence we only want to do this in noha. - Minor fix to hiera value refrenced not as parameter to mysql.pp Partial-Bug: #1648181 Related-Bug: #1524809 Co-Authored By: Feng Pan <fpan@redhat.com> Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5 Signed-off-by: Tim Rozet <trozet@redhat.com> Signed-off-by: Feng Pan <fpan@redhat.com>
2017-03-03Merge "mariadb: Move generation of systemd drop-in to puppet-tripleo"Jenkins1-0/+15
2017-03-01Merge "mysqlclient: Drop hiera calls in favor of getting these via t-h-t"Jenkins1-7/+7
2017-03-01Merge "Configure MySQL client SSL connections via the config file"Jenkins1-5/+26
2017-02-28mysqlclient: Drop hiera calls in favor of getting these via t-h-tJuan Antonio Osorio Robles1-7/+7
This also updates a leftover comment. Change-Id: I870caf20103b044655e699aac09f6621414f5326 Depends-On: I5af5ccb88e644f4dd25503d8e7a93796695d3039
2017-02-28Configure MySQL client SSL connections via the config fileJuan Antonio Osorio Robles1-5/+26
This does the actual configuration for the mysql client to use SSL if the parameter is set via t-h-t. Change-Id: I24e4c195a31109835739e78a6b53d36f661f9fd0 Depends-On: Ifd1a06e0749a05a65f6314255843f572d2209067
2017-02-27mariadb: Move generation of systemd drop-in to puppet-tripleoDamien Ciabrini1-0/+15
Systemd starts mariadb as user mysql, so in order to allow a large number of connections (e.g. max_connections=4096) it is necessary to raise the file descriptor limit via a system drop-in file. When installing an undercloud, such drop-in file is currently generated by instack-undercloud (in file puppet-stack-config.pp). But non-HA overcloud also need such drop-in to be generated. In order to avoid duplicating code, the drop-in creation code should be provided by puppet-tripleo. By default, no drop-in is generated; it has to be enabled by instack-undercloud or tripleo-heat-template once they will use it (resp. to create undercloud or non-HA overcloud). This patch does not aim at generating a dynamic file limit based on the number of connections, this should land in another dedicated patch. Instead, it just reuses the limit currently set for undercloud and HA-overclouds. Also, the generation of the drop-in does not force a mysql restart like it currently does in instack-undercloud, to avoid unexpected service disruption on a non-HA overcloud after a minor update. Co-Authored-By: Tim Rozet <trozet@redhat.com> Depends-On: I7ca7b5f7614971455cae2bf7c4bf8264b642b0dc Change-Id: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6 Partial-Bug: #1648181 Related-Bug: #1524809
2017-02-20Ironic inspector supportDan Prince1-0/+3
This includes a new ironic-inspector profile, and updates to the mysql and keystone profiles so that a database and endpoints are also created when the inspector is enabled. Change-Id: I4a71a95efb87a10528df0600277768969a32117b
2017-02-17Create /etc/my.cnf.d/tripleo.cnf with proper bind-addressMichele Baldessari1-0/+72
When fixing LP#1643487 we added ?bind_address to all DB URIs. Since this clashes with Cellsv2 due to the URIs becoming host dependent, we need a new approach to pass bind_address to pymysql that leaves the DB URIs host-independent. We first create a /etc/my.cnf.d/tripleo.cnf file with a [tripleo] section and in this section we add the correct bind-address option. Note that we use the puppet augeas lens and not the mysql one because the mysql one does not support custom sections *and* there are older versions around which do not like the /etc/my.cnf.d/* path. The reason for not reusing an existing mariadb file (my.cnf or galera.cnf) is that pymysql's ini file support is not robust enough at the moment: https://github.com/PyMySQL/PyMySQL/issues/548 The reason for putting this file creation code only on the controller nodes the following: The slow VIP failover only happens if a service runs where the VIPs exist. The VIPs get created in the haproxy profile and that is why in order to have fast VIP failovers the MySQLClient profile must live where the Haproxy service is running. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Partial-Bug: #1663181 Change-Id: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
2017-02-03Revert "Revert "set innodb_file_per_table to ON for MySQL / Galera""Alex Schultz1-7/+8
This reverts commit 3f7e74ab24bb43f9ad7e24e0efd4206ac6a3dd4e. After identifying how to workaround the performance issues on the undercloud, let's put this back in. Enabling innodb_file_per_table is important for operators to be able to better manage their databases. Change-Id: I435de381a0f0e3ef221e498f442335cdce3fb818 Depends-On: I77507c638237072e38d9888aff3da884aeff0b59 Closes-Bug: #1660722
2017-02-02Revert "set innodb_file_per_table to ON for MySQL / Galera"Alex Schultz1-8/+7
This reverts commit 621ea892a299d2029348db2b56fea1338bd41c48. We're getting performance problems on SATA disks. Change-Id: I30312fd5ca3405694d57e6a4ff98b490de388b92 Closes-Bug: #1661396 Related-Bug: #1660722
2017-02-01set innodb_file_per_table to ON for MySQL / GaleraMike Bayer1-7/+8
InnoDB uses a single file by default which can grow to be tens/hundreds of gigabytes, and is not shrinkable even if data is deleted from the database. Best practices are that innodb_file_per_table is set to ON which instead stores each database table in its own file, each of which is also shrinkable by the InnoDB engine. Closes-Bug: #1660722 Change-Id: I59ee53f6462a2eeddad72b1d75c77a69322d5de4
2017-01-26Adding congress serviceDan Radez1-0/+3
Change-Id: Ic74ccd5fa7b3b04ca810416e5160463252f17474 Signed-off-by: Dan Radez <dradez@redhat.com>
2017-01-25Adding tacker serviceDan Radez1-0/+3
Change-Id: I3d6bbc05644e840395f87333ec80e3b844f69903
2017-01-20Implement Nova ec2api profileSven Anderson1-0/+3
Change-Id: If4b091e1ca02f43aa9c65392baf8ceea007b7cfb
2017-01-11Implement Nova Placement API profileEmilien Macchi1-0/+3
Allow TripleO to deploy Nova Placement API with a new profile. Change-Id: I5e25a50f3d7a9b39f4146a61cb528963ee09e90c
2017-01-09Move nova cells db sync into nova-api profileDan Prince1-65/+0
Having the db_sync code live in the mysql profile causes coupling that doesn't work unless your MySQL server has the latest Nova packages installed. This may not work for some baremetal setups (where an isolated database exists) or with containers where the MySQL container definately doesn't have nova packages installed. Moving this code into the nova-api role also matches where we were already db syncing the normal API database so it should be fine and safe. Change-Id: Ib625e2ac9c8d6bd1d335c58e291facc4ea5839ae Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2017-01-09Use THT to define cell0 creationAlex Schultz1-4/+1
As part of the initial implementation, we hard coded the cell0 setup in puppet. This change switches it to leverage the defined value in the tripleo-heat-templates Change-Id: I896a124d91d06ca85b77c9fbe24fd252815a2d28 Depends-On: I08119d781ef60750cc19753bc03190e413159925 Related-Bug: #1649341
2016-12-22Add cell_v2 setup for novaAlex Schultz1-1/+70
We need to run the basic cell v2 setup for nova as it is required for Ocata. Change-Id: I693239ff5026f58a65eb6278b1a8fcb97af4f561 Depends-On: I43ba77cd4c8da7c6dc117ab0bd53e5cd330dc3de Depends-On: I9462ef16fd64a577c3f950bd121f0bd28670fabc Closes-Bug: #1649341
2016-12-07Create Glance's database if glance-api is enabledFlavio Percoco1-1/+1
Instead of checking for glance_registry_enabled, we should be checking for glance_api_enabled. The glance-api v1 depends on the registry, which means the database will be created but glance-api v2 doesn't which means that not deploying the registry would result in the glance database not being created. On the other hand, glance-registry is never deployed without glance-api Change-Id: Ief25dafb65f7a043fbb3d16f1d7ef834c9947a93
2016-11-25Enable internal TLS for MySQLJuan Antonio Osorio Robles1-6/+47
this adds the necessary code in the manfiest to configure TLS if internal TLS is enabled. this also adds the capability of auto-generating the certificate via certmonger. bp tls-via-certmonger Change-Id: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
2016-11-14Add panko service supportPradeep Kilambi1-0/+3
Change-Id: I35f283bdf8dd0ed979c65633724f0464695130a4
2016-09-27Move db syncs into mysql base roleDan Prince1-0/+58
This patch moves the various DB syncs into the MySQL role. Database creation needs to occur on the MySQL server to avoid permission issues. This patch also moves database creation to step 2 so we can guarantee that all per-service databases exist at this time. This avoids complex ordering needed during step 3 where services, on different hosts, can run their own db sync's in a distributed fashion. Change-Id: I05cc0afa9373429a3197c194c3e8f784ae96de5f Partial-bug: #1620595
2016-09-24Make mysql bind-address configurableJuan Antonio Osorio Robles1-3/+7
It used to be hardcoded that the bind-address was always coming from the $::hostname fact. This is wrong, as it disregards where we have configured the mysql address. This commit actually makes it configurable, so we'll be able to set it via hieradata. On the other hand, we use the hiera key that we already set 'mysql_bind_host' as a default; if, for some reason, that's unavailable then we fall back to $::hostname. Related-Bug: #1627060 Change-Id: I316acfd514aac63b84890e20283c4ca611ccde8b
2016-09-16Wait for MongoDB connections before creating replsetJiri Stransky1-0/+7
Sometimes the mongodb_replset resource fails with: Could not evaluate: Can't find master host for replicaset tripleo. This issue is intermittent so the fix cannot be perfectly verified, but the assumption is that if we wait for MongoDB to be reachable on all nodes, it will assure that the members will appear to the puppet module as alive when creating or verifying the replset. If the validation fails, it should help us uncover which of the members was causing trouble. Change-Id: I0bcd0d063a7a766483426fdd5ea81cbe1dfaa348 Closes-Bug: #1624420
2016-08-11Align hiera keys with service namesSteven Hardy1-1/+1
These hiera keys aren't aligned with the service names, which will be required for composable generation of the ip lists per service. Change-Id: I423b544df174254ac511b906b0c570e701678022 Depends-On: I7febf28bf409e25e8e5961ab551b6d56bb11e0c6 Partially-Implements: blueprint custom-roles
2016-08-09Fix use of bootstrap_node in cinder base profileGiulio Fidente1-2/+1
By inspecting bootstrap_nodeid in cinder base profile we can set sync_db appropriately and not always default to true. Change-Id: I2484b1d70a17436c0d8eab9ea8df927d57783784
2016-08-08Fix parameters and headers inconsistency in the puppet manifests.Carlos Camacho4-25/+22
As we are staring to manually check overcloud services the first step is to check that the puppet profiles are all aligned. Changes applied: No logic added or removed in this submission. Removed unused parameters. Align header comments structure. All profiles parameters sorted following: "Mandatory params first sorted alphabetically then optional params sorted alphabetically." Note: Following submissions will check pacemaker, cinder, mistral and redis services in the base profiles as some of them has the $pacemaker_master parameter defaulted to true. Change-Id: I2f91c3f6baa33f74b5625789eec83233179a9655
2016-07-22use parameter to lookup the step instead of hiera againEmilien Macchi1-1/+1
In some profiles, we were looking up the $step by using Hiera again, while we already do it in the parameter definition. When using this class outside THT, it will fail but with this patch, we could use just set the $step parameter and the rest of the manifest will work. Change-Id: I7082f47204fb4e529b164e4c4f1032e7bdd88f02
2016-07-13Add MySQL profilesEmilien Macchi1-0/+85
Add MySQL profiles, for non-ha and ha scenarios. Change-Id: I7ddae28a6affd55c5bffc15d72226a18c708850e Closes-Bug: #1601853
2016-06-13Add mongodb profilesPradeep Kilambi2-0/+106
Implements: blueprint refactor-puppet-manifests Co-Authored-By: Carlos Camacho <ccamacho@redhat.com> Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Idb1e78ebec7682fe68ca5902a22cfb6030498091
2016-06-02Composable roles within services - RedisPradeep Kilambi1-0/+57
Implements: blueprint refactor-puppet-manifests Co-Authored-By: Carlos Camacho <ccamacho@redhat.com> Change-Id: I60493a3aa64e5136b763e8e2084d728f5f812f8a
2016-05-03Move databases creation and sync with the roleGiulio Fidente1-132/+0
This change moves the database creation and sync with the role profile, so that it's only executed when the role is enabled and by the role itself. It also calls the non-pacemaker profiles out of the 'step' conditional because the non-pacemaker profiles know how to deal with 'step' already. Change-Id: I6c752cb53090e7ef8e0319bade462f2453ed7660 Related-Bug: 1572952
2016-04-22Add aodh and gnocchi to schema profilesGiulio Fidente1-13/+38
Change-Id: Ifb0cc7769ef99e4c7142c8f955f0ca721d61e9b5
2016-04-20Add steps to database profilesMichael Chapman1-25/+31
Database schema profiles were missing step information, causing schemas to be created too early. Change-Id: Ic381804ce5f1aa257ece75d2e079f4b02f446344
2016-03-22Add keystone and db sync profilesMichael Chapman1-0/+101
Implements: blueprint refactor-puppet-manifests Add keystone profiles for both pacemaker and non-ha. Add db sync profiles for pacemaker and non-ha. HA profiles are designed such that they include the base profiles, disabling features as needed, while the base profile can be used independently. Change-Id: I2faf5a78db802549053ec41678bf83bf28108189