aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
AgeCommit message (Collapse)AuthorFilesLines
2016-12-12Add networking-fujitsu support to puppet-tripleoKoki Sanagi1-0/+5
Enable ml2.pp to call networking-fujitsu manifest in puppet-neutron. The implementation in puppet-neutron is in progress separately. Change-Id: I5eb2c2a9c50b5991d62f4b6d74b83351c86b02de Implements: blueprint integration-networking-fujitsu Depends-On: I37a502b43eb7d91bfe20625248ed117eae3ca535
2016-12-11Decouple swift-proxy from ceilometer packagesDan Prince1-8/+15
This patch updates the swift proxy so that it only depends on ceilometer if the ceilometer_api_enabled all-nodes-data hiera setting has been set. Also removes a parameter dependency where the tripleo::profile::base::swift::proxy class was referencing a puppet-ceilometer value from hiera (which can also cause ceilometer dependencies). Depends-On: Ief5399d7ea4d26e96ce54903a69d660fa4fe3ce9 Change-Id: I8d9f69f5e9160543b372bd9886800f16f625fdc6 Closes-bug: #1648736
2016-12-09Disable legacy ceilometer api by defaultPradeep Kilambi1-1/+6
Ceilometer api is deprectaed in Ocata. Lets disable by default. This can still be enabled by setting enable_legacy_ceilometer_api param. Change-Id: Iffb8c2cfed53d8b29e777c35cee44921194239e9
2016-12-09HPELeftHandISCSIDriver support for cinderchinthagovardhan2-8/+92
Cinder Backend configuration support for HPELeftHandISCSIDriver for VSA storage Change-Id: Ia7e5f3d436283f7949b0eb8f109b3dc0309af4f5
2016-12-09Merge "Add cinder profile spec tests"Jenkins1-7/+13
2016-12-08Do not use hardcoded controller_node_names when setting up the clusterMichele Baldessari1-1/+2
Currently we chose the pacemaker cluster node by simply taking hiera('controller_node_names'). We should instead use the pacemaker_short_node_names array which is built dynamically from all the nodes that include the pacemaker service. Change-Id: I0a3e4acaab11e078da5eeb2ef2adde5387785927
2016-12-07Create Glance's database if glance-api is enabledFlavio Percoco1-1/+1
Instead of checking for glance_registry_enabled, we should be checking for glance_api_enabled. The glance-api v1 depends on the registry, which means the database will be created but glance-api v2 doesn't which means that not deploying the registry would result in the glance database not being created. On the other hand, glance-registry is never deployed without glance-api Change-Id: Ief25dafb65f7a043fbb3d16f1d7ef834c9947a93
2016-12-05Add cinder profile spec testsAlex Schultz1-7/+13
This change adds rspec testing for the cinder profiles with in puppet-tripleo. Additionally while testing, it was found that the backends may incorrectly have an extra , included in the settings for cinder volume when running puppet 3. This change includes a fix the cinder volume backends to make sure we are not improperly configuring it with a trailing comma. Change-Id: Ibdfee330413b6f9aecdf42a5508c21126fc05973
2016-12-01Merge "Update ceilometer collector ipv6 handling"Jenkins1-13/+2
2016-11-30Include swift::storage::loopbacks classChristian Schwede1-0/+1
This makes it possible to create loopback devices for Swift by using additional Hieradata. For example, to create a 100M loopback device that will be mounted on /srv/node/d1: parameter_defaults: ControllerExtraConfig: swift::storage::loopbacks::args: {"d1": {'seek': '100000'}} Depends-On: I11a230b7cf08a4cc2a144d9af0e6c81bb3827348 Change-Id: I8741acc8afa1f1d23c5b25fa4bf27622f674a561
2016-11-30Merge "Use FQDNs for RabbitMQ's cluster configuration"Jenkins1-2/+2
2016-11-30Merge "Use FQDNs for the services' RabbitMQ configuration"Jenkins13-52/+52
2016-11-30Set memcache_servers in /etc/swift/object-expirer.confChristian Schwede1-1/+3
This defaults to 127.0.0.1:11211 without setting these explicitly. The object-expirer is working without a correct memcache server, however it is slower and warnings will be logged. Related-Bug: 1627927 Depends-On: Ie139f018c4a742b014dd4d682970e154d66a8c6d Change-Id: I89a879592a264d541cf42f007584e2e78058c867
2016-11-29Enable object-expirer on Swift proxy profileChristian Schwede1-0/+2
This service is required to delete expired automatically. It is often run on the proxy nodes, therefore adding it to the Swift proxy profile. Change-Id: I3250c205ffc166ae628bc427de2e3492d086c3bb Closes-Bug: 1645657
2016-11-28Merge "Enable TLS in the internal network for Panko API"Jenkins1-2/+53
2016-11-28Use FQDNs for RabbitMQ's cluster configurationJuan Antonio Osorio Robles1-2/+2
This sets the cluster_nodes configuration in RabbitMQ to use FQDNs instead of IP addresses. Note that in HA, RabbitMQ is already configured using FQDNs. Change-Id: I2b1cec25ff25f4afd72a28246c2cda9c58d7b61e
2016-11-28Use FQDNs for the services' RabbitMQ configurationJuan Antonio Osorio Robles13-52/+52
This replaces the services' IP-based RabbitMQ configuration and uses FQDNs instead. Change-Id: I2be81aecacf50839a029533247981f5edf59cb7f
2016-11-28Merge "adding new swift middleware that is typically enabled by default"Jenkins1-0/+5
2016-11-25Enable TLS in the internal network for Panko APIJuan Antonio Osorio Robles1-2/+53
This optionally enables TLS for Panko API in the internal network. If internal TLS is enabled, each node that is serving the Panko API service will use certmonger to request its certificate. bp tls-via-certmonger Change-Id: Ie9be7ce19601435b1b83b4ba58d9c7e8d53f23ba
2016-11-25Enable internal TLS for MySQLJuan Antonio Osorio Robles1-6/+47
this adds the necessary code in the manfiest to configure TLS if internal TLS is enabled. this also adds the capability of auto-generating the certificate via certmonger. bp tls-via-certmonger Change-Id: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4
2016-11-23Merge "Remove Combination alarms support"Jenkins1-12/+0
2016-11-23Merge "Move calculation of neutron l3_ha into puppet profile"Jenkins1-0/+33
2016-11-22Update ceilometer collector ipv6 handlingAlex Schultz1-13/+2
The normalize_ip_for_uri handles ipv6 bracketing correctly. Rather than continue to do it manually, this change updates the ceilometer collector profile to leverage the normalize_ip_for_uri function to properly escape ipv6 addresses. Change-Id: Ifaf6568785235db55f8dc593d83e534216413d31 Closes-Bug: #1629380
2016-11-22Split ovn plugin and northd configurationSteven Hardy3-16/+63
This allows us to use the composable services interfaces to handle providing the IP address for northd, and will be more flexible in the event folks want to deploy northd/ovndb on a different node to the neutron plugin. This also adds ovn_northd to the haproxy configuration so we can access it via the ovn_northd_vip in other service profiles. Note we need to ensure the haproxy config only hits the bootstrap node as northd won't be running on the other nodes. Change-Id: I9af7bd837c340c3df016fc7ad4238b2941ba7a95 Partial-Bug: #1634171
2016-11-21Merge "Adds auto-detection for VIP interfaces"Jenkins1-3/+44
2016-11-21Merge "Add panko service support"Jenkins4-0/+88
2016-11-21Move calculation of neutron l3_ha into puppet profileSteven Hardy1-0/+33
This is currently calculated in t-h-t but has a hard-coded reference to the ControllerCount which is incompatible with custom-roles. So instead calculate the setting based on the number of neutron API services running (on any role, not just Controller), combined with whether DVR is enabled (equivalent to current t-h-t logic). To avoid breaking the NeutronL3HA parameter in t-h-t we maintain an optional parameter to override the calculated value. Change-Id: I01c50973eec8138ec61304f2982d5026142f267c Partial-Bug: #1629187
2016-11-20Adds auto-detection for VIP interfacesTim Rozet1-3/+44
Previously the ctrl plane VIP would default to 'br-ex' which in non-vlan deployments ends up being the wrong interface. The public VIP interface was also defaulted to 'br-ex' which would be incorrect for vlan based deployments. Since a user has already given the nic template (and in most cases the subnet that corresponds to the nic) the installer should be able to figure out which interface the public/control vip should be on. These changes enable that type of auto-detection, unless a user explicitly overrides the heat parameters for ControlVirtualInterface and PublicVirtualInterface. Also removes calling keepalived from haproxy now that the services are composed separately on the Controller role. Partial-Bug: 1606632 Change-Id: I05105fce85be8ace986db351cdca2916f405ed04 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-11-18Allow neutron_options customization for dashboardDimitri Savineau1-3/+8
By default only profile_support can be configured depending of the neutron mechanism driver used (cisco_n1kv). This patch allows to add more neutron options to enable lbaas, vpnaas, etc... Change-Id: I7c040519b45b60910778f93b8ffe7a413b4cb6ae Closes-Bug: #1594388
2016-11-17Remove Combination alarms supportPradeep Kilambi1-12/+0
combination alarms are completely removed in Ocata. Remove this from tripleo. Change-Id: Icdf81d2f489db33533a1a0979cba3b5a652535d5
2016-11-16Sort parameters in keystone profile alphabeticallyJuan Antonio Osorio Robles1-20/+20
Change-Id: I035c26e0f50e4b3fc0f6085fa5a4bf524e4852b7
2016-11-16Remove explicit hiera calls for heat in keystone profileJuan Antonio Osorio Robles1-9/+8
These are now passed via the heat profiles in t-h-t (via heat-base.yaml and heat-engine.yaml) and use the actual names of keystone parameters instead. Change-Id: Id0f5dd03b6757df989339c93b58a5b7eac3402a2 Depends-On: I0e5124d57fdc519262fdec2dbeaaac85afaeebdf
2016-11-14Add panko service supportPradeep Kilambi4-0/+88
Change-Id: I35f283bdf8dd0ed979c65633724f0464695130a4
2016-11-14 Enable TLS in the internal network for Barbican APIJuan Antonio Osorio Robles1-3/+54
This optionally enables TLS for Barbican API in the internal network. If internal TLS is enabled, each node that is serving the Barbican API service will use certmonger to request its certificate. bp tls-via-certmonger Change-Id: I1c1d3dab9bba7bec6296a55747e9ade242c47bd9
2016-11-11Merge "Normalize civetweb binding address if IPv6"Jenkins1-2/+18
2016-11-11Merge "Enable TLS in the internal network for Cinder API"Jenkins1-3/+54
2016-11-11Normalize civetweb binding address if IPv6Giulio Fidente1-2/+18
The civetweb binding format is IP:PORT; this change ensures the IP is enclosed in brackets if IPv6. To do so we add the bind_ip and bind_port parameters to the rgw service class. Change-Id: Ib84fa3479c2598bff7e89ad60a1c7d5f2c22c18c Co-Authored-By: Lukas Bezdicka <social@v3.sk> Related-Bug: #1636515
2016-11-10Fix puppet lint failureBen Nemec1-3/+3
I'm not sure how this merged, but it's causing failures in other patches to puppet-tripleo. Change-Id: Ib20d349fa9abd6347739190bb29a02b6e3eb839d
2016-11-09adding new swift middleware that is typically enabled by defaultThiago da Silva1-0/+5
These are features that are typically enabled by default in any swift cluster. Change-Id: Ie323f68255a73d46e774cbf49d9353c3bf90c35e Signed-off-by: Thiago da Silva <thiago@redhat.com>
2016-11-09Merge "Enable TLS in the internal network for Nova API"Jenkins1-3/+54
2016-11-08Merge "Add proper handling of IPv6 addresses for rabbit host/port handling"Jenkins12-13/+24
2016-11-08Merge "Enable TLS in the internal network for gnocchi"Jenkins1-4/+55
2016-11-08Add proper handling of IPv6 addresses for rabbit host/port handlingBrent Eagles12-13/+24
This patch changes the rabbit_hosts config generation to work properly with IPv6 addresses. Closes-Bug: #1639881 Change-Id: I07cd983880a4a75a051e081dcb96134cb5c6f5e8
2016-11-04swift/proxy: configure rabbitmq properlyEmilien Macchi1-3/+16
Use rabbitmq_node_ips to find out where rabbitmq nodes are, and have correct ipv6 syntax if required. Closes-Bug: 1637443 Change-Id: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d
2016-11-02Create heat user in keystone profileAlex Schultz2-16/+37
Rather than use the heat::keystone::domain class which also includes the configuration options, we should just create the user for heat in keystone independently of the configuration. Change-Id: I7d42d04ef0c53dc1e62d684d8edacfed9fd28fbe Related-Bug: #1638350 Closes-Bug: #1638626
2016-11-02Enable TLS in the internal network for Cinder APIJuan Antonio Osorio Robles1-3/+54
This optionally enables TLS for Cinder API in the internal network. If internal TLS is enabled, each node that is serving the Cinder API service will use certmonger to request its certificate. bp tls-via-certmonger Change-Id: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863
2016-11-01Merge "Add barbican profile"Jenkins3-0/+95
2016-11-01Merge "NFS mounting for Glance file backend"Jenkins1-4/+13
2016-11-01Enable TLS in the internal network for Nova APIJuan Antonio Osorio Robles1-3/+54
This optionally enables TLS for Nova API in the internal network. If internal TLS is enabled, each node that is serving the Nova API service will use certmonger to request its certificate. Note that this doesn't enable internal TLS for the nova metadata service since it doesn't run over httpd. This will be handled in a later commit. bp tls-via-certmonger Change-Id: I88380a1ed8fd597a1a80488cbc6ce357f133bd70
2016-10-31Merge "Calculate zaqar mongo from mongodb_node_ips"Jenkins1-2/+17