aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
AgeCommit message (Collapse)AuthorFilesLines
2017-02-21Merge "Add VPP service"Jenkins1-0/+32
2017-02-21Stop accidentally removing docker-distributionJiri Stransky1-1/+2
By default Puppet does virtual package matching if precise name matching fails. Docker-distribution RPM "provides" docker-registry: bash-4.2# rpm -q --whatprovides docker-registry docker-distribution-2.5.1-1.el7.x86_64 This means that when we wanted to make docker-registry package absent, we were actually removing docker-distribution instead. This is now fixed by allow_virtual => false. Only name matching is performed. Change-Id: I1f93b404085f0bc2b6c063f573c801db6409c0bb Closes-Bug: #1666459
2017-02-20Ironic inspector supportDan Prince3-0/+52
This includes a new ironic-inspector profile, and updates to the mysql and keystone profiles so that a database and endpoints are also created when the inspector is enabled. Change-Id: I4a71a95efb87a10528df0600277768969a32117b
2017-02-20Replace default to be more robustDavid Gurtner1-2/+2
Specifying undef as the fallback only works because the merge function specifically checks for this: next if arg.is_a? String and arg.empty? # empty string is synonym for puppet's undef But the empty Hash would be a much more robust default. Change-Id: I7e302c00ef030d75998e352d88b3ccc60b194ab7
2017-02-20Merge "Allow neutron_options customization for dashboard"Jenkins1-3/+8
2017-02-20Merge "Use rpc and notify transport_url for oslo_messaging backends"Jenkins16-251/+913
2017-02-17Create /etc/my.cnf.d/tripleo.cnf with proper bind-addressMichele Baldessari1-0/+72
When fixing LP#1643487 we added ?bind_address to all DB URIs. Since this clashes with Cellsv2 due to the URIs becoming host dependent, we need a new approach to pass bind_address to pymysql that leaves the DB URIs host-independent. We first create a /etc/my.cnf.d/tripleo.cnf file with a [tripleo] section and in this section we add the correct bind-address option. Note that we use the puppet augeas lens and not the mysql one because the mysql one does not support custom sections *and* there are older versions around which do not like the /etc/my.cnf.d/* path. The reason for not reusing an existing mariadb file (my.cnf or galera.cnf) is that pymysql's ini file support is not robust enough at the moment: https://github.com/PyMySQL/PyMySQL/issues/548 The reason for putting this file creation code only on the controller nodes the following: The slow VIP failover only happens if a service runs where the VIPs exist. The VIPs get created in the haproxy profile and that is why in order to have fast VIP failovers the MySQLClient profile must live where the Haproxy service is running. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Partial-Bug: #1663181 Change-Id: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
2017-02-17Use rpc and notify transport_url for oslo_messaging backendsAndrew Smith16-251/+913
This commit adds the transport_url for specifying the oslo.messaging rpc and notify transport schemes. The rpc or notification backend can be one of rabbit, amqp, zmq, etc. Oslo.messaging is deprecating the host, port and auth configuration options. All drivers will get the options via the transport_url. This patch: * Adds transport_url to base services * Updates the corresponding specs * Adds to default hierdata Depends-On: I1cf93d2caebfa1f7373c16754a2ad9bd15eb1a40 Change-Id: Iea5607dbb3ee6b1dd50acc1395de52dc920aa915
2017-02-17Add VPP serviceFeng Pan1-0/+32
Vector Packet Processing (VPP) is a high performance packet processing stack that runs in user space in Linux. VPP is used as an alternative to kernel networking stack for accelerated network data path. Implements: blueprint fdio-integration-tripleo Change-Id: I70a68a204a8b9d533fc2fa4fc33c39c3b1c366bf Signed-off-by: Feng Pan <fpan@redhat.com>
2017-02-14tuning: manage keystone resources only at step3Emilien Macchi3-15/+7
1. Manage Keystone resources only at step 3. Don't verify them at step 4 and 5, it's a huge loss of time. 2. Don't require Keystone resources for Gnocchi services, they are already ready at Step 5. Related-Bug: #1664418 Change-Id: I9879718a1a86b862e5eb97e6f938533c96c9f5c8
2017-02-14Merge "Add ::ironic::config to Ironic base profile"Jenkins1-0/+1
2017-02-13nova: move placement credentials config at step 3Emilien Macchi1-1/+1
nova placement credentials in nova.conf need to be configured at step 3 so Nova services can use them as soon as they start. Change-Id: I0abdd305b7e6c8d83f23e25b3872e98eb56dd299
2017-02-12Merge "Add support to changing the Rabbitmq password on update"Jenkins1-0/+26
2017-02-11Merge "nova/api: more cleanup"Jenkins1-16/+24
2017-02-10Merge "Add module to support ScaleIO backend in Cinder"Jenkins2-0/+69
2017-02-10Merge "Rebranding of Eqlx to Dell EMC PS Series"Jenkins2-13/+13
2017-02-10Merge "Run nova-cell_v2-discover_hosts at step 5"Jenkins5-5/+12
2017-02-10nova/api: more cleanupEmilien Macchi1-16/+24
- transform nova_api_wsgi_enabled in a parameter - update rspec tests - fix TLS to run at step 1 Change-Id: I4d3f9c92f0717ae8c3bc8d71065fab281de82008
2017-02-09Run nova-cell_v2-discover_hosts at step 5Emilien Macchi5-5/+12
We need to run nova-cell_v2-discover_hosts at the very end of the deployment because nova database needs to be aware of all registred compute hosts. 1. Move keystone resources management at step 3. 2. Move nova-compute service at step 4. 3. Move nova-placement-api at step 3. 5. Run nova-cell_v2-discover_hosts at step 5 on one nova-api node. 6. Run neutron-ovs-agent at step 5 to avoid racy deployments where it starts before neutron-server when doing HA deployments. With that change, we expect Nova aware of all compute services deployed in TripleO during an initial deployment. Depends-On: If943157b2b4afeb640919e77ef0214518e13ee15 Change-Id: I6f2df2a83a248fb5dc21c2bd56029eb45b66ceae Related-Bug: #1663273 Related-Bug: #1663458
2017-02-09Merge "nova: disable API in WSGI by default"Jenkins1-1/+3
2017-02-09Add module to support ScaleIO backend in CinderGiulio Fidente2-0/+69
Also adds an initial spec file for basic testing of the module. Change-Id: I5534aab53b70de215336a076d25263c73b8d7b5b Partial-Bug: #1661316
2017-02-09Rebranding of Eqlx to Dell EMC PS Seriesrajinir2-13/+13
This changes rebrands Dell Eqlx to Dell PS series and matches the tripleo-heat-templates. Change-Id: I3536147a06b426ace18cf415e99361c47b4cf5d9
2017-02-09start nova-compute when keystone resources are createdEmilien Macchi2-4/+5
1. Move keystone resources management at step 4. 2. Move nova-compute startup at step 5. That way, we make sure nova-compute will start when all Keystone resources are ready. Change-Id: I6e153e11b8519254d2a67b9142bf774a25bce69d Closes-Bug: #1663273
2017-02-09nova: disable API in WSGI by defaultEmilien Macchi1-1/+3
Cleanup patch once the THT patch is merged. Change-Id: Iba439a4758a4728197d7620b764a4f0f2648ee0f Depends-On: I09b73476762593642a0e011f83f0233de68f2c33
2017-02-06Merge "nova/libvirt: switch vnc server binding"Jenkins1-12/+1
2017-02-06nova/libvirt: switch vnc server bindingEmilien Macchi1-12/+1
On compute nodes, instead of binding vnc server on 0.0.0.0, use the IP address provided by libvirt's t-h-t profile (hiera). Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: Ie377c09734e9f6170daa519aed69c53fc67c366b Change-Id: If6b116b238a52144aad5e76c9edc7df6aa15313c Closes-Bug: #1660099
2017-02-06Stop deploying Nova API in WSGI with ApacheEmilien Macchi1-18/+19
It was suggested by Nova team to not deploying Nova API in WSGI with Apache in production. It's causing some issues that we didn't catch until now (see in the bug report). Until we figure out what was wrong, let's disable it so we can move forward in the upgrade process. Related-Bug: 1661360 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
2017-02-06Merge "Revert "Revert "set innodb_file_per_table to ON for MySQL / Galera"""Jenkins1-7/+8
2017-02-04Add ::ironic::config to Ironic base profileDan Prince1-0/+1
I have ExtraConfig settings that need to be set in ironic.conf. Adding the ::ironic::config module to our base Ironic profile should allow users to customize Ironic if needed. Change-Id: I93e9b3b5d4def1d8fa42b77b611b7d9d6cb7963b
2017-02-03Revert "Revert "set innodb_file_per_table to ON for MySQL / Galera""Alex Schultz1-7/+8
This reverts commit 3f7e74ab24bb43f9ad7e24e0efd4206ac6a3dd4e. After identifying how to workaround the performance issues on the undercloud, let's put this back in. Enabling innodb_file_per_table is important for operators to be able to better manage their databases. Change-Id: I435de381a0f0e3ef221e498f442335cdce3fb818 Depends-On: I77507c638237072e38d9888aff3da884aeff0b59 Closes-Bug: #1660722
2017-02-03Add support to changing the Rabbitmq password on updateSaravanan KR1-0/+26
Rabbitmq Password is set on the fresh deployment, but during update, if the password is changed, it is modified in all config files including rabbitmq config. But the rabbitmq connection fails because the new password is not successful applied to rabbitmq. Setting the rabbitmq_user will invoke 'rabbitmqctl change_password'. Scenario: The password change is applied on Step1 when configuring Rabbitmq. Other services may be updated on different Steps. Till other services config is updated with new rabbitmq password, and restarted, the connections will get Access Denied response. It has cyclic dependency. So the passwords will be changes at Step1 and once all services are updated, the connections will work as is. Partial-Bug: #1611704 Change-Id: I44865af3d5eb2d37eb648ac7227277e86c8fbc54
2017-02-03Merge "Use transport_url for rabbitmq connection parameters in heat"Jenkins1-12/+43
2017-02-03Merge "Add initial profiles for rest of Octavia services"Jenkins3-0/+101
2017-02-03Merge "add cache to object-expirer pipeline"Jenkins1-0/+1
2017-02-02Revert "set innodb_file_per_table to ON for MySQL / Galera"Alex Schultz1-8/+7
This reverts commit 621ea892a299d2029348db2b56fea1338bd41c48. We're getting performance problems on SATA disks. Change-Id: I30312fd5ca3405694d57e6a4ff98b490de388b92 Closes-Bug: #1661396 Related-Bug: #1660722
2017-02-02Merge "set innodb_file_per_table to ON for MySQL / Galera"Jenkins1-7/+8
2017-02-01set innodb_file_per_table to ON for MySQL / GaleraMike Bayer1-7/+8
InnoDB uses a single file by default which can grow to be tens/hundreds of gigabytes, and is not shrinkable even if data is deleted from the database. Best practices are that innodb_file_per_table is set to ON which instead stores each database table in its own file, each of which is also shrinkable by the InnoDB engine. Closes-Bug: #1660722 Change-Id: I59ee53f6462a2eeddad72b1d75c77a69322d5de4
2017-02-01Use transport_url for swift-proxy instead of rabbitmq paramsJuan Antonio Osorio Robles1-25/+52
These parameters are being deprecated, so we should be using the transport_url format instead. Change-Id: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
2017-01-27Merge "Clean TLS proxy-related setup for neutron-server profile"Jenkins2-16/+21
2017-01-27Merge "Rename controller_admin_vip to controller_admin_host"Jenkins1-8/+9
2017-01-27Merge "Add AuditD Profile"Jenkins1-0/+30
2017-01-27Clean TLS proxy-related setup for neutron-server profileJuan Antonio Osorio Robles2-16/+21
Since the commit this depends on sets it up via hieradata, the conditionals here are no longer needed. bp tls-via-certmonger Depends-On: I9252512dbf9cf2e3eec50c41bf10629d36070bbd Change-Id: I37275e42763e103b81878b6af07c750a524c5697
2017-01-27nova: deploy basic setup for cellsEmilien Macchi1-19/+2
it's not required in Ocata, let's configure the basic setup for cells. note: it also cleanup old code that is not valid anymore. Change-Id: Iac5b2fbe1b03ec7ad4cb8cab2c7694547be6957d
2017-01-27Add AuditD ProfileSteven Hardy1-0/+30
This patch allows the management of the AuditD service and its associated files (such as `audit.rules`) This is achieved by means of the `puppet-auditd` puppet module. Closes-Bug: #1640302 Co-Authored-By: Luke Hinds (lhinds@redhat.com) Change-Id: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
2017-01-27Merge "horizon: be more flexible in hiera neutron"Jenkins1-1/+1
2017-01-27Merge "Use TLS proxy for neutron server's internal TLS"Jenkins2-13/+81
2017-01-26horizon: be more flexible in hiera neutronEmilien Macchi1-1/+1
Requiring the neutron mechanism driver from hiera is too rigid, if Neutron is not deployed in the catalog. Be more flexible so catalog won't fail if the value is not set in Hiera. Change-Id: I1475687c4dc53c77e763f42a440355a7c8d014bc Partial-Bug: #1659662
2017-01-26Use TLS proxy for neutron server's internal TLSJuan Antonio Osorio Robles2-13/+81
This uses the tls_proxy resource added in a previous commit [1] in front of the neutron server when internal TLS is enabled. Right now values are passed quite manually, but a subsequent commit will use t-h-t to pass the appropriate hieradata, and then we'll be able to clean it up from here. Note that the proxy is only deployed when internal TLS is enabled. [1] I82243fd3acfe4f23aab373116b78e1daf9d08467 bp tls-via-certmonger Change-Id: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e
2017-01-26Adding congress serviceDan Radez3-0/+92
Change-Id: Ic74ccd5fa7b3b04ca810416e5160463252f17474 Signed-off-by: Dan Radez <dradez@redhat.com>
2017-01-26Use transport_url for rabbitmq connection parameters in heatCarlos Camacho1-12/+43
Depends-On: I91b9959a6f71b4e6885e55a568116cc28cf16ddd Change-Id: I1a152dd0a7e7949ee8d91a6f63425dba2406fcaf