Age | Commit message (Collapse) | Author | Files | Lines |
|
This optionally enables TLS for Nova API in the internal network.
If internal TLS is enabled, each node that is serving the Nova API
service will use certmonger to request its certificate.
Note that this doesn't enable internal TLS for the nova metadata
service since it doesn't run over httpd. This will be handled in
a later commit.
bp tls-via-certmonger
Change-Id: I88380a1ed8fd597a1a80488cbc6ce357f133bd70
|
|
|
|
|
|
This patch updates the Nova profile so that we set memcached
servers correctly for the Nova keystone auth_token middleware.
Most of the hiera settings for ::nova::keystone::authtoken are
already included in the t-h-t nova-api service.
Change-Id: I3b7ff02abbd0d5e0c38232d02b33e4c7bc411120
Closes-bug: #1633595
|
|
The patch making nova run over httpd had added migration logic to
stop nova-api, However, this doesn't work since nova-metadata is
running over the same process. Now, the fact that is was running
seems to be just luck, since the systemctl runs, then we start the
service via the nova::api resource. So this is fragile in it's
current state.
This then removes the exec, as we don't need it for the migration.
Change-Id: I4603b81d30a704b07eef461b3cdbfe164614b04f
|
|
We can now get this parameter from t-h-t, so it's not needed here.
Change-Id: I014e7b3a6feb5609ace2e8ef1e4df11448b0a0cc
Depends-On: Ic229182cc5c887b57f6182c3db1bac8bed330f7c
|
|
This adds the necessary resources to the manifest to migrate nova
to run over httpd. The service name will be moved to t-h-t in a
subsequent commit, but since this patch depends on t-h-t, we try to
avoid circular dependencies of repos.
Change-Id: I91d430a3871672f90b0f885736f067ddae3c238c
Depends-On: I57fb20cf0d58b3376243ba4aeb04e995e7152ce3
|
|
This patch moves the various DB syncs into the MySQL role.
Database creation needs to occur on the MySQL server to
avoid permission issues.
This patch also moves database creation to step 2 so we can
guarantee that all per-service databases exist at this time.
This avoids complex ordering needed during step 3 where
services, on different hosts, can run their own db sync's
in a distributed fashion.
Change-Id: I05cc0afa9373429a3197c194c3e8f784ae96de5f
Partial-bug: #1620595
|
|
|
|
In the Next Generation HA architecture a number of active/active services
will be run via systemd. In order for this to work we need to make sure that
the sync_db operation only takes place on the bootstrap node, just like it is
done today for the pacemaker profiles.
We do this by removing sync_db as a parameter and instead set it to true
or false depending if the hostname matches the bootstrap_node as it is done
today in the pacemaker role.
Note that we call hiera('bootstrap_nodeid', undef) because if a profile
is included on a non controller node that variable will be undefined.
The following testing was done:
- HA puppet-pacemaker.yaml scenario with three computes
- NonHA with one controller
- NonHA with three controllers
Fixes-Bug: 1600149
Co-Author: cmsj@tenshu.net
Change-Id: I04a7b9e3c18627ea512000a34357acb7f27d6e0e
Implements: blueprint ha-lightweight-architecture
|
|
The code was in THT before but now in the Nova API profile.
Change-Id: I7035f7998c11dc5508dae8c1a750b93c2944b2d4
|
|
We perform the Galera setup in step 2 so there is no guarantee that the
database will be available in that same step [1].
We used to implement a dependency in puppet using the 'galera-ready'
resource (clustercheck) but this is not possible with roles because we
also don't have any guarantee about clustercheck being installed on the
same node.
Because of the above all services must create/sync their databases
in a later step. This patch fixes Nova API and Neutron Server, the other
services use step 3 already.
1. https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/README.rst
Change-Id: I22750ffb64afbe40b5560a6a0d0dabc5b8927d32
|
|
|
|
Move nova::db classes from THT to puppet-tripleo in Nova API profile.
Implements: blueprint refactor-puppet-manifests
Change-Id: I4fc3cb822822adc1c58b2cfa2de8584a73fa6427
|
|
It was included in THT before, but it's now in nova/api role.
It will also be added in nova/compute role later.
Change-Id: I6b5857d3d4740c0bf3f748719f30a05f1c62cb59
|
|
Change-Id: I1dde63a5a7d1624494a7157a9679f88f4cb780e0
Implements: blueprint refactor-puppet-manifests
|