| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This uses the tls_proxy resource in front of the Redis server when
internal TLS is enabled.
bp tls-via-certmonger
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia50933da9e59268b17f56db34d01dcc6b6c38147
(cherry picked from commit 2d1d7875aa6f0b68005c84189627bc0716a7693f)
|
|
The zaqar service name switched to zaqar-api[1], so the hieradata key
is zaqar_api_enabled now instead of zaqar_enabled.
[1] I9b451eac4427a52ad8eec62ff89acc6c6d3ab799
Closes-Bug: #1714213
Change-Id: I692658337e7afc9d0a99b245f8b0b4f76a076bc4
(cherry picked from commit bc6a526f91c156e1cecfb9226ae3686102e655d4)
|
|
This makes sure that the database creation is only executed on the mysql
profile (or container if that's enabled), and stops the conflicts and
errors that were happening when barbican was deployed in containerized
environments.
Change-Id: Ib5c99482f62397fc5fb79a9dc537dfb06ee7f4df
Closes-Bug: #1710928
|
|
Adds a hiera-enabled setting for mysql.pp to
allow configuration of innodb_buffer_pool_size, a key
configurational element for MySQL performance tuning.
Change-Id: Iabdcb6f76510becb98cba35c95db550ffce44ff3
Closes-bug: #1704978
|
|
|
|
Add new hook in the keystone profile for Veritas HyperScale.
Add new hook in the rabbitmq profile for Veritas HyperScale.
Add new hook in the mysql profile for Veritas HyperScale.
Change-Id: I9168bffa5c73a205d1bb84b831b06081c40af549
Depends-On: I316b22f4f7f9f68fe5c46075dc348a70e437fb1d
Depends-On: Id188af5e2f7bf628a97a70b8f20bef28e42b372d
Signed-off-by: abhishek.kane <abhishek.kane@veritas.com>
Signed-off-by: Dnyaneshwar Pawar <dnyaneshwar.pawar@veritas.com>
|
|
When the tripleo::profile::base::database::mysql::client profile is
included by other openstack services, the file /etc/my.cnf.d/tripleo.cnf
is not generated because docker-puppet is configured to disregard the
exec tags.
Make the profile use either File or Exec resource based on how it's
being called, to make it work for both containerized and non-containerized
use cases.
Change-Id: I103baa02373f6713cc300ac039a6f173ff0bbf1c
|
|
|
|
Adds the ability to create an empty MySQL database for Zaqar
if zaqar is enabled and settings for the mysql backend are
also available in hiera. This should allow Zaqar's database to
get created when needed, but skipped if MongoDB is used
instead (per overcloud defaults).
Change-Id: I3598e39c0a3cdf80b96e728d9aa8a7e6505e0690
|
|
This forces the MySQL users to use SSL when connecting to MySQL.
bp tls-via-certmonger
Depends-On: I24e4c195a31109835739e78a6b53d36f661f9fd0
Change-Id: I98856955132b680a159144204da1d5b400fe9794
|
|
|
|
The bootstrap_nodeid comparison should be case insensitive.
Change-Id: I1e6672bb0219c1cf56ab21dd911c6f33e2436cc3
Closes-Bug: #1698190
|
|
The step is typically set with the hieradata setting an integer value:
{"step": 1}
However it would be useful for the value to be a string so that
substitutions are possible, for example:
{"step": "%{::step}"}
This change ensures the step parameter defaults to an integer by
calling Integer(hiera('step'))
This change was made by manually removing the undef defaults from
fluentd.pp, uchiwa.pp, and sensu.pp then bulk updating with:
find ./ -type f -print0 |xargs -0 sed -i "s/= hiera('step')/= Integer(hiera('step'))/"
Change-Id: I8a47ca53a7dea8391103abcb8960a97036a6f5b3
|
|
This patch makes sure the octavia mysql user is created when the
octavia_api service is enabled.
Change-Id: I270f3f6879737fc29370165e4a8fa8c9c19fffb3
|
|
It used to be hardcoded to use the OpenSSL default CA Bundle, however,
this will be changed in t-h-t.
Change-Id: I75bdaf71d88d169e64687a180cb13c1f63418a0f
|
|
The creation of /etc/my.cnf.d is not idempotent and is run anytime the
mysql client profile is included. This change adds an unless parameter
to ensure it is only run if not used.
Change-Id: I4a30eaccf72f5687dc22ba93c19136e55d36dcab
Closes-Bug: #1680570
|
|
Currently, mongodb has no limits on how much memory
it can consume. This enforces restriction so mongodb
service limits through systemd.
The puppet-systemd module has support for limits. The
MemoryLimit support is added in the follwoing pull
request https://github.com/camptocamp/puppet-systemd/pull/23
Closes-bug: #1656558
Change-Id: Ie9391aa39532507c5de8dd668a70d5b66e17c891
|
|
This is now the job of the certmonger_user profile. So these bits are
not needed anymore in the service profiles.
Change-Id: Iaa3137d7d13d5e707f587d3905a5a32598c08800
Depends-On: Ibf58dfd7d783090e927de6629e487f968f7e05b6
|
|
Changes Include:
- Adds spec testing
- Only raise limits if nonha. puppet-systemd will restart the mariadb
service which breaks ha deployments. Hence we only want to do this
in noha.
- Minor fix to hiera value refrenced not as parameter to mysql.pp
Partial-Bug: #1648181
Related-Bug: #1524809
Co-Authored By: Feng Pan <fpan@redhat.com>
Change-Id: Id063bf4b4ac229181b01f40965811cb8ac4230d5
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
|
|
|
|
|
|
This also updates a leftover comment.
Change-Id: I870caf20103b044655e699aac09f6621414f5326
Depends-On: I5af5ccb88e644f4dd25503d8e7a93796695d3039
|
|
This does the actual configuration for the mysql client to use SSL if
the parameter is set via t-h-t.
Change-Id: I24e4c195a31109835739e78a6b53d36f661f9fd0
Depends-On: Ifd1a06e0749a05a65f6314255843f572d2209067
|
|
Systemd starts mariadb as user mysql, so in order to allow a large
number of connections (e.g. max_connections=4096) it is necessary to
raise the file descriptor limit via a system drop-in file.
When installing an undercloud, such drop-in file is currently
generated by instack-undercloud (in file puppet-stack-config.pp). But
non-HA overcloud also need such drop-in to be generated.
In order to avoid duplicating code, the drop-in creation code should
be provided by puppet-tripleo. By default, no drop-in is generated;
it has to be enabled by instack-undercloud or tripleo-heat-template
once they will use it (resp. to create undercloud or non-HA overcloud).
This patch does not aim at generating a dynamic file limit based on
the number of connections, this should land in another dedicated
patch. Instead, it just reuses the limit currently set for undercloud
and HA-overclouds.
Also, the generation of the drop-in does not force a mysql restart
like it currently does in instack-undercloud, to avoid unexpected
service disruption on a non-HA overcloud after a minor update.
Co-Authored-By: Tim Rozet <trozet@redhat.com>
Depends-On: I7ca7b5f7614971455cae2bf7c4bf8264b642b0dc
Change-Id: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6
Partial-Bug: #1648181
Related-Bug: #1524809
|
|
This includes a new ironic-inspector profile, and updates
to the mysql and keystone profiles so that a database
and endpoints are also created when the inspector
is enabled.
Change-Id: I4a71a95efb87a10528df0600277768969a32117b
|
|
When fixing LP#1643487 we added ?bind_address to all DB URIs.
Since this clashes with Cellsv2 due to the URIs becoming host
dependent, we need a new approach to pass bind_address to pymysql
that leaves the DB URIs host-independent.
We first create a /etc/my.cnf.d/tripleo.cnf file with a [tripleo]
section and in this section we add the correct bind-address option.
Note that we use the puppet augeas lens and not the mysql one
because the mysql one does not support custom sections *and* there
are older versions around which do not like the /etc/my.cnf.d/* path.
The reason for not reusing an existing mariadb file (my.cnf or
galera.cnf) is that pymysql's ini file support is not robust
enough at the moment: https://github.com/PyMySQL/PyMySQL/issues/548
The reason for putting this file creation code only on the controller
nodes the following: The slow VIP failover only happens if a
service runs where the VIPs exist. The VIPs get created in the
haproxy profile and that is why in order to have fast VIP failovers
the MySQLClient profile must live where the Haproxy service is running.
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Partial-Bug: #1663181
Change-Id: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
|
|
This reverts commit 3f7e74ab24bb43f9ad7e24e0efd4206ac6a3dd4e.
After identifying how to workaround the performance issues on the
undercloud, let's put this back in. Enabling innodb_file_per_table is
important for operators to be able to better manage their databases.
Change-Id: I435de381a0f0e3ef221e498f442335cdce3fb818
Depends-On: I77507c638237072e38d9888aff3da884aeff0b59
Closes-Bug: #1660722
|
|
This reverts commit 621ea892a299d2029348db2b56fea1338bd41c48.
We're getting performance problems on SATA disks.
Change-Id: I30312fd5ca3405694d57e6a4ff98b490de388b92
Closes-Bug: #1661396
Related-Bug: #1660722
|
|
InnoDB uses a single file by default which can grow to be
tens/hundreds of gigabytes, and is not shrinkable even
if data is deleted from the database.
Best practices are that innodb_file_per_table is set to ON
which instead stores each database table in its own file, each of
which is also shrinkable by the InnoDB engine.
Closes-Bug: #1660722
Change-Id: I59ee53f6462a2eeddad72b1d75c77a69322d5de4
|
|
Change-Id: Ic74ccd5fa7b3b04ca810416e5160463252f17474
Signed-off-by: Dan Radez <dradez@redhat.com>
|
|
Change-Id: I3d6bbc05644e840395f87333ec80e3b844f69903
|
|
Change-Id: If4b091e1ca02f43aa9c65392baf8ceea007b7cfb
|
|
Allow TripleO to deploy Nova Placement API with a new profile.
Change-Id: I5e25a50f3d7a9b39f4146a61cb528963ee09e90c
|
|
Having the db_sync code live in the mysql profile causes
coupling that doesn't work unless your MySQL server has the
latest Nova packages installed. This may not work for some
baremetal setups (where an isolated database exists) or
with containers where the MySQL container definately doesn't
have nova packages installed.
Moving this code into the nova-api role also matches where we
were already db syncing the normal API database so it should be
fine and safe.
Change-Id: Ib625e2ac9c8d6bd1d335c58e291facc4ea5839ae
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
|
|
As part of the initial implementation, we hard coded the cell0 setup in
puppet. This change switches it to leverage the defined value in the
tripleo-heat-templates
Change-Id: I896a124d91d06ca85b77c9fbe24fd252815a2d28
Depends-On: I08119d781ef60750cc19753bc03190e413159925
Related-Bug: #1649341
|
|
We need to run the basic cell v2 setup for nova as it is required for
Ocata.
Change-Id: I693239ff5026f58a65eb6278b1a8fcb97af4f561
Depends-On: I43ba77cd4c8da7c6dc117ab0bd53e5cd330dc3de
Depends-On: I9462ef16fd64a577c3f950bd121f0bd28670fabc
Closes-Bug: #1649341
|
|
Instead of checking for glance_registry_enabled, we should be checking
for glance_api_enabled. The glance-api v1 depends on the registry, which
means the database will be created but glance-api v2 doesn't which means
that not deploying the registry would result in the glance database not
being created. On the other hand, glance-registry is never deployed
without glance-api
Change-Id: Ief25dafb65f7a043fbb3d16f1d7ef834c9947a93
|
|
this adds the necessary code in the manfiest to configure TLS
if internal TLS is enabled. this also adds the capability of
auto-generating the certificate via certmonger.
bp tls-via-certmonger
Change-Id: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
|
|
Change-Id: I35f283bdf8dd0ed979c65633724f0464695130a4
|
|
This patch moves the various DB syncs into the MySQL role.
Database creation needs to occur on the MySQL server to
avoid permission issues.
This patch also moves database creation to step 2 so we can
guarantee that all per-service databases exist at this time.
This avoids complex ordering needed during step 3 where
services, on different hosts, can run their own db sync's
in a distributed fashion.
Change-Id: I05cc0afa9373429a3197c194c3e8f784ae96de5f
Partial-bug: #1620595
|
|
It used to be hardcoded that the bind-address was always coming from
the $::hostname fact. This is wrong, as it disregards where we have
configured the mysql address. This commit actually makes it
configurable, so we'll be able to set it via hieradata.
On the other hand, we use the hiera key that we already set
'mysql_bind_host' as a default; if, for some reason, that's
unavailable then we fall back to $::hostname.
Related-Bug: #1627060
Change-Id: I316acfd514aac63b84890e20283c4ca611ccde8b
|
|
Sometimes the mongodb_replset resource fails with:
Could not evaluate: Can't find master host for replicaset tripleo.
This issue is intermittent so the fix cannot be perfectly verified, but
the assumption is that if we wait for MongoDB to be reachable on all
nodes, it will assure that the members will appear to the puppet module
as alive when creating or verifying the replset. If the validation
fails, it should help us uncover which of the members was causing
trouble.
Change-Id: I0bcd0d063a7a766483426fdd5ea81cbe1dfaa348
Closes-Bug: #1624420
|
|
These hiera keys aren't aligned with the service names, which
will be required for composable generation of the ip lists
per service.
Change-Id: I423b544df174254ac511b906b0c570e701678022
Depends-On: I7febf28bf409e25e8e5961ab551b6d56bb11e0c6
Partially-Implements: blueprint custom-roles
|
|
By inspecting bootstrap_nodeid in cinder base profile we can
set sync_db appropriately and not always default to true.
Change-Id: I2484b1d70a17436c0d8eab9ea8df927d57783784
|
|
As we are staring to manually check overcloud services
the first step is to check that the puppet profiles
are all aligned.
Changes applied:
No logic added or removed in this submission.
Removed unused parameters.
Align header comments structure.
All profiles parameters sorted following:
"Mandatory params first sorted alphabetically
then optional params sorted alphabetically."
Note: Following submissions will check pacemaker,
cinder, mistral and redis services in the base profiles
as some of them has the $pacemaker_master parameter
defaulted to true.
Change-Id: I2f91c3f6baa33f74b5625789eec83233179a9655
|
|
In some profiles, we were looking up the $step by using Hiera
again, while we already do it in the parameter definition.
When using this class outside THT, it will fail but with this patch, we
could use just set the $step parameter and the rest of the manifest will
work.
Change-Id: I7082f47204fb4e529b164e4c4f1032e7bdd88f02
|
|
Add MySQL profiles, for non-ha and ha scenarios.
Change-Id: I7ddae28a6affd55c5bffc15d72226a18c708850e
Closes-Bug: #1601853
|
|
Implements: blueprint refactor-puppet-manifests
Co-Authored-By: Carlos Camacho <ccamacho@redhat.com>
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Idb1e78ebec7682fe68ca5902a22cfb6030498091
|
|
Implements: blueprint refactor-puppet-manifests
Co-Authored-By: Carlos Camacho <ccamacho@redhat.com>
Change-Id: I60493a3aa64e5136b763e8e2084d728f5f812f8a
|
Martin André
Juan Antonio Osorio Robles
Mike Bayer
Jenkins
abhishek.kane
Damien Ciabrini
Dan Prince
Alex Schultz
Steve Baker
Pradeep Kilambi
Tim Rozet
Michele Baldessari
Dan Radez
Sven Anderson
Emilien Macchi
Flavio Percoco
Jiri Stransky
Steven Hardy
Giulio Fidente
Carlos Camacho