summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/nova/api.pp
AgeCommit message (Collapse)AuthorFilesLines
2017-01-27nova: deploy basic setup for cellsEmilien Macchi1-19/+2
it's not required in Ocata, let's configure the basic setup for cells. note: it also cleanup old code that is not valid anymore. Change-Id: Iac5b2fbe1b03ec7ad4cb8cab2c7694547be6957d
2017-01-14nova: disable ::nova::db::sync_cell_v2Emilien Macchi1-10/+12
This feature is broken for us now and there is work in progress in Nova to improve nova cell deployment. Until it's fixed upstream, we need to disable cells deployment for now, so we can promote our CI. Change-Id: I379ba9e94a92ed225a03a67fc975b542447a9c8b Related-Bug: #1649341
2017-01-09Move nova cells db sync into nova-api profileDan Prince1-0/+19
Having the db_sync code live in the mysql profile causes coupling that doesn't work unless your MySQL server has the latest Nova packages installed. This may not work for some baremetal setups (where an isolated database exists) or with containers where the MySQL container definately doesn't have nova packages installed. Moving this code into the nova-api role also matches where we were already db syncing the normal API database so it should be fine and safe. Change-Id: Ib625e2ac9c8d6bd1d335c58e291facc4ea5839ae Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2017-01-04nova-api: switch to new wsgi classEmilien Macchi1-1/+1
nova::wsgi::apache was deprecated in ocata in favor of nova::wsgi::apache_api. Let's switch to it. Change-Id: I59b3b36be33268fa6e261a7db3c4aa8e8e712ffb Depends-On: I5fc99062d349597393e2248c66f2d863029c7730
2016-11-01Enable TLS in the internal network for Nova APIJuan Antonio Osorio Robles1-3/+54
This optionally enables TLS for Nova API in the internal network. If internal TLS is enabled, each node that is serving the Nova API service will use certmonger to request its certificate. Note that this doesn't enable internal TLS for the nova metadata service since it doesn't run over httpd. This will be handled in a later commit. bp tls-via-certmonger Change-Id: I88380a1ed8fd597a1a80488cbc6ce357f133bd70
2016-10-18Merge "Set memcached_servers for nova API"Jenkins1-0/+10
2016-10-18Merge "Remove explicit service_name setting from nova manifest"Jenkins1-3/+2
2016-10-18Set memcached_servers for nova APIDan Prince1-0/+10
This patch updates the Nova profile so that we set memcached servers correctly for the Nova keystone auth_token middleware. Most of the hiera settings for ::nova::keystone::authtoken are already included in the t-h-t nova-api service. Change-Id: I3b7ff02abbd0d5e0c38232d02b33e4c7bc411120 Closes-bug: #1633595
2016-10-17Remove faulty migration logic to stop nova-apiJuan Antonio Osorio Robles1-13/+0
The patch making nova run over httpd had added migration logic to stop nova-api, However, this doesn't work since nova-metadata is running over the same process. Now, the fact that is was running seems to be just luck, since the systemctl runs, then we start the service via the nova::api resource. So this is fragile in it's current state. This then removes the exec, as we don't need it for the migration. Change-Id: I4603b81d30a704b07eef461b3cdbfe164614b04f
2016-10-14Remove explicit service_name setting from nova manifestJuan Antonio Osorio Robles1-3/+2
We can now get this parameter from t-h-t, so it's not needed here. Change-Id: I014e7b3a6feb5609ace2e8ef1e4df11448b0a0cc Depends-On: Ic229182cc5c887b57f6182c3db1bac8bed330f7c
2016-10-13Deploy nova over Apache httpdJuan Antonio Osorio Robles1-2/+18
This adds the necessary resources to the manifest to migrate nova to run over httpd. The service name will be moved to t-h-t in a subsequent commit, but since this patch depends on t-h-t, we try to avoid circular dependencies of repos. Change-Id: I91d430a3871672f90b0f885736f067ddae3c238c Depends-On: I57fb20cf0d58b3376243ba4aeb04e995e7152ce3
2016-09-27Move db syncs into mysql base roleDan Prince1-5/+0
This patch moves the various DB syncs into the MySQL role. Database creation needs to occur on the MySQL server to avoid permission issues. This patch also moves database creation to step 2 so we can guarantee that all per-service databases exist at this time. This avoids complex ordering needed during step 3 where services, on different hosts, can run their own db sync's in a distributed fashion. Change-Id: I05cc0afa9373429a3197c194c3e8f784ae96de5f Partial-bug: #1620595
2016-07-21Merge "nova/api: purge archive_deleted_rows via cron"Jenkins1-0/+6
2016-07-18Make ::tripleo::profile::base classes work with multiple nodesMichele Baldessari1-7/+10
In the Next Generation HA architecture a number of active/active services will be run via systemd. In order for this to work we need to make sure that the sync_db operation only takes place on the bootstrap node, just like it is done today for the pacemaker profiles. We do this by removing sync_db as a parameter and instead set it to true or false depending if the hostname matches the bootstrap_node as it is done today in the pacemaker role. Note that we call hiera('bootstrap_nodeid', undef) because if a profile is included on a non controller node that variable will be undefined. The following testing was done: - HA puppet-pacemaker.yaml scenario with three computes - NonHA with one controller - NonHA with three controllers Fixes-Bug: 1600149 Co-Author: cmsj@tenshu.net Change-Id: I04a7b9e3c18627ea512000a34357acb7f27d6e0e Implements: blueprint ha-lightweight-architecture
2016-07-18nova/api: purge archive_deleted_rows via cronEmilien Macchi1-0/+6
The code was in THT before but now in the Nova API profile. Change-Id: I7035f7998c11dc5508dae8c1a750b93c2944b2d4
2016-06-30Nova API and Neutron server should run database creation in step 3Giulio Fidente1-2/+1
We perform the Galera setup in step 2 so there is no guarantee that the database will be available in that same step [1]. We used to implement a dependency in puppet using the 'galera-ready' resource (clustercheck) but this is not possible with roles because we also don't have any guarantee about clustercheck being installed on the same node. Because of the above all services must create/sync their databases in a later step. This patch fixes Nova API and Neutron Server, the other services use step 3 already. 1. https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/README.rst Change-Id: I22750ffb64afbe40b5560a6a0d0dabc5b8927d32
2016-06-20Merge "Deploy nova::db classes in api profile"Jenkins1-0/+7
2016-06-17Deploy nova::db classes in api profileEmilien Macchi1-0/+7
Move nova::db classes from THT to puppet-tripleo in Nova API profile. Implements: blueprint refactor-puppet-manifests Change-Id: I4fc3cb822822adc1c58b2cfa2de8584a73fa6427
2016-06-16nova/api: include ::nova::network::neutronEmilien Macchi1-0/+1
It was included in THT before, but it's now in nova/api role. It will also be added in nova/compute role later. Change-Id: I6b5857d3d4740c0bf3f748719f30a05f1c62cb59
2016-06-14Implement Nova API profileEmilien Macchi1-0/+43
Change-Id: I1dde63a5a7d1624494a7157a9679f88f4cb780e0 Implements: blueprint refactor-puppet-manifests