summaryrefslogtreecommitdiffstats
path: root/manifests/profile
AgeCommit message (Collapse)AuthorFilesLines
2017-08-01Enable encryption of pacemaker traffic by defaultJuan Antonio Osorio Robles1-2/+18
We already are setting a pre-shared key by default for the pacemaker cluster. This was done in order to communicate with TLS-PSK with pacemaker-remote clusters. This key is also useful for us to enable encrypted traffic for the regular cluster traffic, which we enable by default with this patch. Change-Id: I349b8bf79eeeaa4ddde1c17b7014603913f184cf
2017-07-27Handle SSL options for ZaqarThomas Herve1-5/+43
This allows running Zaqar with SSL under Apache. Change-Id: I4c68a662c2433398249f770ac50ba0791449fe71
2017-07-27Fix nova and selinux unit testsAlex Schultz1-2/+2
The unit tests jobs are failing because of missing pre conditions for the new shared class introduced by Ib233689fdcdda391596d01a21f77bd8e1672ae04. Additionally this change moved some classes around so that the tests are now failing due to duplicate class declarations for nova::compute::libvirt::services. This change moves the include that pulls in the declaration first prior to the include that exists in tripleo::profile::base::nova::libvirt. The selinux test was also failing due to a type issue with the fact being used (boolean vs string) Change-Id: I5bd4b61d6008820729d58f7743e7e61955dd6f51 Closes-Bug: #1707034
2017-07-27Merge "Move gnocchi::api resource to run with wsgi setup"Jenkins1-1/+1
2017-07-26Move gnocchi::api resource to run with wsgi setupJuan Antonio Osorio Robles1-1/+1
Having this run in step 4 causes a refresh (restart) for httpd, which in turn is problematic for the gnocchi db upgrade command, since when it runs httpd is not available at that point. This fixes the issue, since the API configuration is now ran at the same time as the wsgi bits. Change-Id: Ie0ab389a4450bb940757e34d1964423911885fa3
2017-07-24Configure redis as incoming storage driver in gnocchiPradeep Kilambi1-0/+5
puppet support for this is added in Id8d4d091da2611de75390e045ebd473caf2a8909 Change-Id: I3354b54571a1b9d0a9187698217628d273cd7d7e
2017-07-24Merge "Puppet module to deploy Manila Share bundle for HA"Jenkins1-0/+136
2017-07-24Merge "Deprecates using exec workaround for ODL clustering"Jenkins3-94/+2
2017-07-24Merge "Fix lint issues to upgrade to puppet-lint 2.3"Jenkins8-29/+29
2017-07-22Merge "Make calls to nova::compute::rbd from libvirt profile"Jenkins3-19/+50
2017-07-21Deprecates using exec workaround for ODL clusteringTim Rozet3-94/+2
Previously we had used an exec defined in puppet-tripleo to do clustering with OpenDaylight docker containers. The clustering issue is now fixed in puppet-opendaylight by: https://git.opendaylight.org/gerrit/#/c/60491 So removing the custom function and class workaround. Also, 'ha_node_index' is deprecated for configuring clustering with puppet-opendaylight so that is also removed. Depends-On: I21c1eb2eff6d4cb855eff4a1122f55ad625d84cc Change-Id: I7693b692c74071945fdcc08292542e9b458a540b Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-07-21Fix lint issues to upgrade to puppet-lint 2.3Carlos Camacho8-29/+29
2017-07-20 15:09:38.571317 | manifests/glance/nfs_mount.pp:65:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571430 | manifests/pacemaker/haproxy_with_vip.pp:107:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571473 | manifests/pacemaker/haproxy_with_vip.pp:108:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571511 | manifests/pacemaker/haproxy_with_vip.pp:109:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571551 | manifests/pacemaker/resource_restart_flag.pp:44:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571590 | manifests/profile/base/cinder/volume/nfs.pp:72:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571625 | manifests/profile/base/docker.pp:188:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571661 | manifests/profile/base/docker.pp:210:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571699 | manifests/profile/base/logging/fluentd.pp:79:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571735 | manifests/profile/base/pacemaker.pp:107:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571773 | manifests/profile/base/swift/ringbuilder.pp:97:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571811 | manifests/profile/base/swift/ringbuilder.pp:125:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571850 | manifests/profile/base/swift/ringbuilder.pp:130:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571889 | manifests/profile/pacemaker/ceph/rbdmirror.pp:79:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571927 | manifests/profile/pacemaker/cinder/backup.pp:66:WARNING: arrow should be on the right operand's line 2017-07-20 15:09:38.571965 | manifests/profile/pacemaker/ovn_northd.pp:96:WARNING: arrow should be on the right operand's line Change-Id: I9393c5e04310cf84695531df9bb16f33e7e15abb
2017-07-21Fix up the control-port for rabbitmq bundlesMichele Baldessari3-5/+5
Mistakenly this was set to 3121 which is the same port that pacemaker remote uses. Move this to 3122 which was the plan all along. Also fix a wrong port comment in redis and mysql at the same time. Change-Id: Iccca6a53a769570443091577c7d86f47119d9cbb
2017-07-19Merge "PS Cinder: Added support for password less login"Jenkins1-0/+1
2017-07-19Make calls to nova::compute::rbd from libvirt profileGiulio Fidente3-19/+50
Some of the tasks carried by nova::compute::rbd class apply libvirt. Change-Id: Ib233689fdcdda391596d01a21f77bd8e1672ae04 Depends-On: I28557deb13b75922932cd3e86c3467a541c988d0
2017-07-18Puppet module to deploy Manila Share bundle for HAVictoria Martinez de la Cruz1-0/+136
This module is used by tripleo-heat-templates to configure and deploy Kolla-based manila-share containers managed by pacemaker. We use short-lived containers that call pcs via puppet to create the needed pacemaker resources, properties and constraints. Based on work done in fc5bc07b3be401694681420ba453af29b95a9fcf Change-Id: I89f65e8a34a3a88029498463942016a9f5285f1c Partial-Bug: #1668922
2017-07-18PS Cinder: Added support for password less loginrajinir1-0/+1
Added missing san_private_key parameter used for password less SSH authentication. Change-Id: Ia9857064692681172573e9092b53a352cd776cbd Depends-On: 0743d42ed1ed66e08ab7f4355145b4c06c589801
2017-07-18Merge "Create a Mesh of qdrouterd links for messaging high availability"Jenkins1-5/+67
2017-07-18Merge "Allow disabling udev usage by LVM"Jenkins1-0/+40
2017-07-18Merge "Retry ceilometer-upgrade"Jenkins1-2/+10
2017-07-17Merge "Add option for innodb_flush_log_at_trx_commit = 2 for Galera only"Jenkins1-35/+44
2017-07-17Merge "Modified glance stores parameter values"Jenkins1-4/+4
2017-07-16Create a Mesh of qdrouterd links for messaging high availabilityJohn Eckersberg1-5/+67
For multi-node deployments of the dispatch router, a mesh of inter-router links is created. Note that bi-directional links must not be configured. Example: For nodes A, B, C Node Inter-Router Link A: [] B: [A] C: [A,B] Change-Id: If43beea7a53c1f8f1dff062341c7ea81751c3122
2017-07-16Retry ceilometer-upgradeAlex Schultz1-2/+10
When the ceilometer-upgrade command is run in step5, it talks to gnocchi and keystone on all the controllers. Since these other nodes might have httpd restarted mid-upgrade we should retry if we get a failure. Change-Id: I874cf9c34b41d055a258704dabe9150eab0f7968 Closes-Bug: #1703444
2017-07-15Merge "Add new profile for the Veritas HyperScale's cinder backend."Jenkins5-7/+73
2017-07-14Merge "Fix typo in haproxy bundle"Jenkins1-2/+2
2017-07-14Merge "Add insecure_registry_address to docker profile"Jenkins1-11/+23
2017-07-14Modified glance stores parameter valuesPranaliD1-4/+4
The stores parameter should be set with the new parameters as they are going to be deprecated in the old method. Change-Id: If272345e96988778ceccb8f2f624db1c38aea365 Closes-Bug: 1704327
2017-07-14Add new profile for the Veritas HyperScale's cinder backend.abhishek.kane5-7/+73
Add new hook in the keystone profile for Veritas HyperScale. Add new hook in the rabbitmq profile for Veritas HyperScale. Add new hook in the mysql profile for Veritas HyperScale. Change-Id: I9168bffa5c73a205d1bb84b831b06081c40af549 Depends-On: I316b22f4f7f9f68fe5c46075dc348a70e437fb1d Depends-On: Id188af5e2f7bf628a97a70b8f20bef28e42b372d Signed-off-by: abhishek.kane <abhishek.kane@veritas.com> Signed-off-by: Dnyaneshwar Pawar <dnyaneshwar.pawar@veritas.com>
2017-07-13Merge "Refactor iscsi initiator-name reset into separate profile"Jenkins2-13/+45
2017-07-13Merge "Fix mysql client config generation with containerized environment"Jenkins1-12/+27
2017-07-13Fix typo in haproxy bundleMichele Baldessari1-2/+2
Change I6f4d3a5abae8f1781cfe6f69ff960aad500061e3 slipped in a typo and it removed the '$' character from a puppet manifest. Which causes a deployment to fail with: INFO: running container haproxy-bundle-docker-0 for the first time ERROR: /usr/bin/docker-current: Error response from daemon: Invalid bind mount spec "deployed_ssl_cert_path:deployed_ssl_cert_path:ro": Invalid volume destination path: 'deployed_ssl_cert_path' mount path must be absolute.. See '/usr/bin/docker-current run --help'. ERROR: docker failed to launch container Change-Id: Ic602fd443d38482bf1f924531561b2174dc38293
2017-07-13Add insecure_registry_address to docker profileDan Prince1-11/+23
This patch adds a new insecure_registry_address parameter to the docker profile. This parameter is meant to replace two deprecated parameters which did the same thing. Co-Authored-By: Ian Main <imain@redhat.com> Change-Id: I729fa00175cb36b02b882d729aae5ff06d0e3fbc
2017-07-13Remove dependency on memcached_node_ips_v6Steven Hardy3-27/+26
This is set via all_nodes_config in t-h-t, but it's a special case for this service, so it'll be better if we handle the ipv6 transformation in puppet instead of relying on the service specific list mangling in t-h-t (one aspect of which has been identified as a potential performance problem). Related-Bug: #1684272 Change-Id: Iccb9089db4b382db3adb9340f18f6d2364ca7f58
2017-07-13Merge "Leverage kolla config_files to copy config into containers"Jenkins6-43/+23
2017-07-12Merge "Refactor nova migration config into client & target profiles"Jenkins6-146/+271
2017-07-12Leverage kolla config_files to copy config into containersMartin André6-43/+23
This solves a problem with bind-mounts when the containers are holding files descriptors open. At the same time this makes the template more robust to puppet changes since new config files will be available in the containers without needing to update the templates. Closes-Bug: #1698323 Change-Id: I857c94ba5f7f064d7c58df621ec5d477654b9166 Depends-On: I78dcec741a941dc21adba33ba33a6dc6ff1d217c
2017-07-12Fix mysql client config generation with containerized environmentDamien Ciabrini1-12/+27
When the tripleo::profile::base::database::mysql::client profile is included by other openstack services, the file /etc/my.cnf.d/tripleo.cnf is not generated because docker-puppet is configured to disregard the exec tags. Make the profile use either File or Exec resource based on how it's being called, to make it work for both containerized and non-containerized use cases. Change-Id: I103baa02373f6713cc300ac039a6f173ff0bbf1c
2017-07-11Refactor iscsi initiator-name reset into separate profileOliver Walsh2-13/+45
This currently assumes nova-compute and iscsid run in the same context which isn't true for a containerized deployment Change-Id: I91f1ce7625c351745dbadd84b565d55598ea5b59
2017-07-10Let pacemaker bind-mount needed cert for haproxy bundleDamien Ciabrini1-5/+16
When SSL configuration is enabled, haproxy expects to load a SSL certificate file at startup. Update the bundle configuration to always bind-mount the cert file, to support both SSL and non SSL HAproxy bundle deployments. Change-Id: I6f4d3a5abae8f1781cfe6f69ff960aad500061e3
2017-07-08Merge "Remove reference to bootstack_nodeid"Jenkins2-4/+4
2017-07-06Merge "Add Swift dispersion profile"Jenkins1-0/+33
2017-07-06Add option for innodb_flush_log_at_trx_commit = 2 for Galera onlyMike Bayer1-35/+44
The innodb_flush_log_at_trx_commit flag changes the timing of when the log buffer is written to disk for writes. At its default of 1, transactions are written to disk and the buffer flushed on a per-transaction basis; but when set to 2, the flush of the buffer proceeds only once per second. This removes the durability guarantee for the single node. However the central concept of Galera is that durability is achieved via the cluster as a whole, in that transactions are replicated to other nodes before the commit succeeds (though not necessarily written to disk unless wsrep_causal_reads is set). In this model, data would only be lost of all nodes of the Galera cluster were killed within one second of each other. Percona's blog post at https://www.percona.com/blog/2014/11/17/typical-misconceptions-on-galera-for-mysql/ recommends that the value of 2 should be considered "safe" for a Galera cluster unless you are in fact worried that all three nodes will be powered off simultaneously. The value here is added as an option only, defaulting to the usual default of "1", flush per transaction. Change-Id: Id5a30f1daf978e094a74db2d284febbc9ae64bb3
2017-07-06Remove reference to bootstack_nodeidSteven Hardy2-4/+4
This has been replaced with bootstrap_nodeid which isn't hard-coded to the Controller role and thus will work should this service be deployed on any other role via composable services. Change-Id: I0a9fced847caf344e5d26b452f1bd40afab8f029
2017-07-03Update puppet-tripleo libvirt to support docker deploymentsKeith Schincke1-5/+1
It is not necessary to mangle libvirt_rbd_secret_key parameter as this is now given by the templates. Depends-On: Iff3dbcb0f1b4d2373570e184e636a71553cea708 Change-Id: I6b163ab102f505f0d0ce9eb1ad9d4274e4ff6348
2017-07-03Refactor nova migration config into client & target profilesOliver Walsh6-146/+271
The nova migration config has always been applied by the base::nova profile. It assumed that libvirtd/nova-compute and are all running on the same host. Where this config didn't apply (e.g a nova api host) it was disabled by a flag. This approach is not compatible with containers. Hieradata for all containers are combined so per-host flags no longer work, and we can no longer assume libvirtd and nova-compute run in the same context. This change refactors the profiles out of the base nova profile and into a client profile and a target profile that can be included where appropriate. Change-Id: I063a84a8e6da64ae3b09125cfa42e48df69adc12 Implements: blueprint tripleo-cold-migration
2017-06-29Zaqar: support configurable backendsDan Prince1-12/+39
This patch updates the Zaqar profile so that we have support for configuring alternate versions of the messaging and management backends. In Pike instack-undercloud started using the swift/sqlalchemy backends and the intent here is to update the new containers undercloud to use a similar default (thus letting us drop Mongodb). Change-Id: Ie6a56b9163950cee2c0341afa0c0ddce665f3704
2017-06-28Merge "Split docker options and insecure registry"Jenkins1-6/+18
2017-06-27Allow disabling udev usage by LVMJiri Stransky1-0/+40
Disabling udev usage from LVM seems to be the only observed working way of running containerized cinder-volume with local LVM backend. I didn't come across reports that not using udev would have negative impact on the functionality. Additional info at https://groups.google.com/forum/#!topic/docker-user/n4Xtvsb4RAw Change-Id: I1bf395a6228dba66fa6bf9b8bcc9f3ac3d922a49 Related-Bug: #1700140
2017-06-27Split docker options and insecure registryBogdan Dobrelya1-6/+18
Use augeas to modify only parameters' dedicated configuration. Split options from insecure registry. Overlapping those params may unschedule the docker service restarts for some cases, ending up with a split brain state for the docker service run-time config vs changed /etc/sysconfig/options config. Change-Id: Ic5640061837b022f7175f0db0dc269f9a61e6023 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>