aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
AgeCommit message (Collapse)AuthorFilesLines
2016-10-18Merge "Set memcached_servers for nova API"Jenkins1-0/+10
2016-10-18Merge "Remove explicit service_name setting from nova manifest"Jenkins1-3/+2
2016-10-18Set memcached_servers for nova APIDan Prince1-0/+10
This patch updates the Nova profile so that we set memcached servers correctly for the Nova keystone auth_token middleware. Most of the hiera settings for ::nova::keystone::authtoken are already included in the t-h-t nova-api service. Change-Id: I3b7ff02abbd0d5e0c38232d02b33e4c7bc411120 Closes-bug: #1633595
2016-10-18Merge "Remove faulty migration logic to stop nova-api"Jenkins1-13/+0
2016-10-17Remove faulty migration logic to stop nova-apiJuan Antonio Osorio Robles1-13/+0
The patch making nova run over httpd had added migration logic to stop nova-api, However, this doesn't work since nova-metadata is running over the same process. Now, the fact that is was running seems to be just luck, since the systemctl runs, then we start the service via the nova::api resource. So this is fragile in it's current state. This then removes the exec, as we don't need it for the migration. Change-Id: I4603b81d30a704b07eef461b3cdbfe164614b04f
2016-10-14Merge "Move heat domain/user creation into keystone profile"Jenkins2-15/+24
2016-10-14Move heat domain/user creation into keystone profileSteven Hardy2-15/+24
This needs to happen on the node running keystone, or things break when you try to deploy e.g the heat_engine service on a non Controller role. We check the enabled flag for heat engine so this only happens if the heat_engine service is running on some (any) role. Partial-Bug: #1631130 Change-Id: Ib088a572b384b479f51d56555734d78ab840a1f3
2016-10-14Remove explicit service_name setting from nova manifestJuan Antonio Osorio Robles1-3/+2
We can now get this parameter from t-h-t, so it's not needed here. Change-Id: I014e7b3a6feb5609ace2e8ef1e4df11448b0a0cc Depends-On: Ic229182cc5c887b57f6182c3db1bac8bed330f7c
2016-10-14Merge "Deploy nova over Apache httpd"Jenkins1-2/+18
2016-10-14Merge "Add part_power and min_part_hours for Swift"Jenkins1-0/+13
2016-10-13Merge "Only run ceilometer::db::sync on bootstrap node"Jenkins1-5/+4
2016-10-13Add part_power and min_part_hours for SwiftChristian Schwede1-0/+13
Change-Id: I78049105adf52226d47cc6764b1ba6c2c06e91e5 Related-Bug: 1631926
2016-10-13Merge "Ensure presence of pacemaker restart directory."Jenkins1-4/+0
2016-10-13Ensure presence of pacemaker restart directory.Sofer Athlan-Guyot1-4/+0
Currently the /var/lib/tripleo/pacemaker-restarts directory is created only when base/pacemaker.pp file is included in the manifest. There is a notification that ensures precedence order and trigger the touch. The trigger and the dependency on the base/pacemaker.pp should not be required as someone using the tripleo::pacemaker::resource_restart_flag would expect the file to be created no matter what. For instance in the Cinder upgrade in the convergence step has this defined: Cinder_config<||> ~> Tripleo::Pacemaker::Resource_restart_flag["${::cinder::params::volume_service}"] but in the convergence step, the base/pacemaker.pp is not included and the above trigger fails as the directory is not created. It looks the same for manilla.pp. This patch removes the trigger and ensures the directory is created when needed. Change-Id: Ic3aa82c818662e9e88e21c8381d657adef5b43ac Closes-Bug: #1632232
2016-10-13Deploy nova over Apache httpdJuan Antonio Osorio Robles1-2/+18
This adds the necessary resources to the manifest to migrate nova to run over httpd. The service name will be moved to t-h-t in a subsequent commit, but since this patch depends on t-h-t, we try to avoid circular dependencies of repos. Change-Id: I91d430a3871672f90b0f885736f067ddae3c238c Depends-On: I57fb20cf0d58b3376243ba4aeb04e995e7152ce3
2016-10-12Merge "Fix eqlx chap password"Jenkins1-1/+1
2016-10-12Merge "Add versioned_writes to Swift proxy config"Jenkins1-0/+1
2016-10-11Add versioned_writes to Swift proxy configChristian Schwede1-0/+1
Tempest expects object versioning to be enabled by default in Swift; if not it has to be disabled explicitly in the Tempest config. This is a commonly used middleware, therefore it should be enabled in the overcloud proxy nodes as well. Closes-Bug: 1632215 Change-Id: I07a206473ff7939749e3eba1dfe3ea8c4526eb5c
2016-10-10Merge "Fetch internal certificates for HAProxy based on network"Jenkins1-1/+3
2016-10-07Fix eqlx chap passwordAlex Schultz1-1/+1
The hiera key generated by THT is eqlx_chap_password and not eql_san_password. https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml#L63 Change-Id: Ic062d9060f0ce437336e2bd6aaca3887fc33c8cf Closes-Bug: #1631527
2016-10-07Only run ceilometer::db::sync on bootstrap nodeAlex Schultz1-5/+4
The ceilometer::db::sync is included by default in ceilometer::db but we only want it to run on the bootstrap node. This change passes the sync_db parameter to ceilometer::db to manage the db sync process rather than trying to manage the inclusion of ceilometer::db::sync within the profile class. Change-Id: Ib56db1a90dd6fbfe7582fc57b7728df81942cce2 Closes-Bug: #1629373
2016-10-07Set enabled_share_protocols based on enabled backendsGiulio Fidente1-3/+32
When deploying manila with cephfs, share creation fails because 'enabled_share_protocols' sticks to NFS,CIFS and does not get updated with CEPHFS. This change aims at fixing it by building the list of enabled protocols based on the list of enabled backends. Co-Authored-By: Tom Barron <tbarron@redhat.com> Closes-Bug: 1630564 Change-Id: I86ba8b9d5872c0f1a94e74215e97b796ad129bfb
2016-10-07Merge "Add ceilometer profile rspec testing"Jenkins1-23/+45
2016-10-05Fetch internal certificates for HAProxy based on networkJuan Antonio Osorio Robles1-1/+3
The service profile in HAProxy has the capability of creating certificates based on a map. The idea is to standardize this, as some of those certificates should match certain networks the services are listening on (with the exception of the external network which is handled differently and the tenant network which doesn't need a certificate). So, based on which network a certain service is listening on, we fetch the appropriate certificate. bp tls-via-certmonger Change-Id: I89001ae32f46c9682aecc118753ef6cd647baa62
2016-10-05Enable usage of "short names" for Ceph clusterJuan Antonio Osorio Robles1-6/+11
We're not able to use FQDNs yet, so to work around this, we give precedence to a "short name" list we'll get from t-h-t. We can migrate to using FQDNs in the next cycle. Change-Id: Ic6fec1057439ed9122d44ef294be890d3ff8a8ee Related-Bug: #1628521
2016-10-03Fix the timeout for pacemaker systemd resourcesMichele Baldessari1-7/+0
Back in the Mitaka cycle via the change If6b43982c958f63bc78ad997400bf1279c23df7e we made sure that the default start and stop timeouts for pacemaker systemd resources is 200s (>= twice the default 90s DefaultTimeoutStopSec in systemd). We did this change by setting puppet resource defaults for the Pacemaker::Resource::Service class: Pacemaker::Resource::Service { op_params => 'start timeout=200s stop timeout=200s', } The problem is that after the composable services rework, this does not work anymore and the pacemaker systemd resources that still exist do not have these timeouts set. We want to move away from resource defaults for this because its results are dependent on the inclusion order which in tripleo is not guaranteed any longer (https://docs.puppet.com/puppet/latest/reference/lang_scope.html#scope-lookup-rules) The only services affected in Newton are: cinder-volume, cinder-backup, manila-share, haproxy. I preferred fixing all the pacemaker resources because it seems the cleanest and most logical commit. Change-Id: If89a95706514e536a7a2949871a0002c79b6046e Closes-Bug: #1629366
2016-10-03Merge "Add swift proxy for ceilometer middleware"Jenkins1-0/+1
2016-10-03Merge "Cinder: Add iSCSI protocol parameter"Jenkins1-0/+6
2016-09-30Add ceilometer profile rspec testingAlex Schultz1-23/+45
This change adds rspec testing for the ceilometer profiles. While writing these tests, the tripleo::profile::base::ceilometer::collector class needed to have the hiera lookups moved to class parameters to allow for testing the possible options around the database backend. These tests add coverage for ipv4 and ipv6 configurations for the collector profile as well as excluding mongodb on the backend. Change-Id: I1abae040104e8492a9fe266de74080e1e7701731
2016-09-30telemetry: normalize coordination_urlEmilien Macchi3-3/+10
Normalize coordination_url for Telemetry services, so we can deploy them with IPv6. Change-Id: Ic6de09acf0d36ca90cc2041c0add1bc2b4a369a5 Partial-Bug: #1629279 Depends-On: I038e2bac22e3bfa5047d2e76e23cff664546464d
2016-09-27Move db syncs into mysql base roleDan Prince15-54/+58
This patch moves the various DB syncs into the MySQL role. Database creation needs to occur on the MySQL server to avoid permission issues. This patch also moves database creation to step 2 so we can guarantee that all per-service databases exist at this time. This avoids complex ordering needed during step 3 where services, on different hosts, can run their own db sync's in a distributed fashion. Change-Id: I05cc0afa9373429a3197c194c3e8f784ae96de5f Partial-bug: #1620595
2016-09-26Merge "Make mysql bind-address configurable"Jenkins1-3/+7
2016-09-26Merge "Move inclusion of ::manila::db::mysql in manila/api profile"Jenkins4-29/+73
2016-09-26Merge "Fix Swift manifest for Puppet4 deployment"Jenkins2-2/+2
2016-09-24Make mysql bind-address configurableJuan Antonio Osorio Robles1-3/+7
It used to be hardcoded that the bind-address was always coming from the $::hostname fact. This is wrong, as it disregards where we have configured the mysql address. This commit actually makes it configurable, so we'll be able to set it via hieradata. On the other hand, we use the hiera key that we already set 'mysql_bind_host' as a default; if, for some reason, that's unavailable then we fall back to $::hostname. Related-Bug: #1627060 Change-Id: I316acfd514aac63b84890e20283c4ca611ccde8b
2016-09-23Add swift proxy for ceilometer middlewarePradeep Kilambi1-0/+1
swift proxy has already been updated to use updated ceilometermiddleware as indicated here [1]. Include it in the proxy class. [1] https://github.com/openstack/puppet-swift/commit/e8ad981eff0f97c24a53197c42caf350627d3c9f Change-Id: Ie49f4a750368ff174b23b8d6baa743d0956d727e
2016-09-23Move inclusion of ::manila::db::mysql in manila/api profileGiulio Fidente4-29/+73
In puppet-manila it is the api service performing db sync, not scheduler. This change moves ::manila::db::mysql (which creates the empty database and users) in the tripleo manila/api profile. Also moves rabbit config into a general manila base profile as that would be needed by the scheduler service as well. Change-Id: I2b537f735b8d1be8f39e8c274be3872b193c1014
2016-09-23Add support for rabbit hosts to mistralBrad P. Crochet1-1/+8
The mistral puppet did not have support for configuring the rabbit hosts. This change adds that support. Change-Id: I6cb2cbf4a2abf494668d24b8c36b0d525643f0af
2016-09-21Merge "Manage tripleo-ui configuration files with puppet"Jenkins1-0/+2
2016-09-21Fix Swift manifest for Puppet4 deploymentEmilien Macchi2-2/+2
1) swift/ringbuilder: seed must be a String Because we use validate_re in puppet-swift and puppet4 requires the regex to be a string, not an integer. 2) Fix Swift package name In puppet4, we need the resource title, not the resource name. Change-Id: I50cea96d45e0eb46c19040d9a7105ab72c2dbef7
2016-09-20swift: normalize memcache servers IP addressesEmilien Macchi1-1/+1
In the case of memcache servers are IPv6, make sure brackets set in the way we construct the list of memcache server + memcache port parameter. Also add unit-tests to test that the output is what we want in the configuration. Depends-On: I8d361ce9cfcfe6a3f8592b2b7991971a3c748c75 Closes-Bug: 1625335 Change-Id: I9fb8168d8fb56c9d8465d58a45fd8c6edfee6fdd
2016-09-17Merge "Swift add_devices.pp IPv6 handling"Jenkins1-1/+4
2016-09-17Merge "Fix dependencies for HAProxy when certmonger is used"Jenkins1-0/+3
2016-09-16Wait for MongoDB connections before creating replsetJiri Stransky1-0/+7
Sometimes the mongodb_replset resource fails with: Could not evaluate: Can't find master host for replicaset tripleo. This issue is intermittent so the fix cannot be perfectly verified, but the assumption is that if we wait for MongoDB to be reachable on all nodes, it will assure that the members will appear to the puppet module as alive when creating or verifying the replset. If the validation fails, it should help us uncover which of the members was causing trouble. Change-Id: I0bcd0d063a7a766483426fdd5ea81cbe1dfaa348 Closes-Bug: #1624420
2016-09-16Swift add_devices.pp IPv6 handlingGabriele Cerami1-1/+4
Add brackets to IPv6 addresses before forming $object from $base Change-Id: I4568d538561a0102b69f331a122d4989333a3bfa Closes-Bug: #1623096
2016-09-16Manage tripleo-ui configuration files with puppetMartin André1-0/+2
This commit ensures the tripleo-ui configuration files are present and are matching the environment. Change-Id: I0deeffa9026b1f5cd36a9810aaee7832e31c3c93
2016-09-15Fix dependencies for HAProxy when certmonger is usedJuan Antonio Osorio Robles1-0/+3
Installing the undercloud with generate_service_certificate=True fails if HAProxy is not pre-installed. This is due to missing dependency setting on our puppet manifests. We need to specify that the PEM file needs to be written only if the haproxy user and group exist (which comes from the package) and that the haproxy frontend configuration needs to be notified if there are changes in the certificates. Change-Id: Iba3030e4489eb31f9c07ab49913687d8b595a91b Closes-Bug: #1623805
2016-09-12Add validations profile for tripleoTomas Sedovic1-0/+29
This adds the tripleo::profile::base::validations profile which sets up the `validations` user and installs the openstack-tripleo-validations package. Change-Id: Ib2b1ddcda3a41cb7263171d3024f05ba8bfd2f28
2016-09-09Merge "Add Ceph RGW profile"Jenkins1-0/+63
2016-09-08Cinder: Add iSCSI protocol parameterDimitri Savineau1-0/+6
This patch allows to spefify the iscsi_protocol in the iSCSI cinder backend when we want to use iSCSI Extensions for RDMA (iSER). The default value remains 'iscsi'. Change-Id: I6d2c4d71fb3ab1f7749d6e1defb59e86b9364cc1