aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile
AgeCommit message (Collapse)AuthorFilesLines
2017-02-06Stop deploying Nova API in WSGI with ApacheEmilien Macchi1-18/+19
It was suggested by Nova team to not deploying Nova API in WSGI with Apache in production. It's causing some issues that we didn't catch until now (see in the bug report). Until we figure out what was wrong, let's disable it so we can move forward in the upgrade process. Related-Bug: 1661360 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
2017-02-06Merge "Revert "Revert "set innodb_file_per_table to ON for MySQL / Galera"""Jenkins2-7/+9
2017-02-04Add ::ironic::config to Ironic base profileDan Prince1-0/+1
I have ExtraConfig settings that need to be set in ironic.conf. Adding the ::ironic::config module to our base Ironic profile should allow users to customize Ironic if needed. Change-Id: I93e9b3b5d4def1d8fa42b77b611b7d9d6cb7963b
2017-02-03Revert "Revert "set innodb_file_per_table to ON for MySQL / Galera""Alex Schultz2-7/+9
This reverts commit 3f7e74ab24bb43f9ad7e24e0efd4206ac6a3dd4e. After identifying how to workaround the performance issues on the undercloud, let's put this back in. Enabling innodb_file_per_table is important for operators to be able to better manage their databases. Change-Id: I435de381a0f0e3ef221e498f442335cdce3fb818 Depends-On: I77507c638237072e38d9888aff3da884aeff0b59 Closes-Bug: #1660722
2017-02-03Add support to changing the Rabbitmq password on updateSaravanan KR1-0/+26
Rabbitmq Password is set on the fresh deployment, but during update, if the password is changed, it is modified in all config files including rabbitmq config. But the rabbitmq connection fails because the new password is not successful applied to rabbitmq. Setting the rabbitmq_user will invoke 'rabbitmqctl change_password'. Scenario: The password change is applied on Step1 when configuring Rabbitmq. Other services may be updated on different Steps. Till other services config is updated with new rabbitmq password, and restarted, the connections will get Access Denied response. It has cyclic dependency. So the passwords will be changes at Step1 and once all services are updated, the connections will work as is. Partial-Bug: #1611704 Change-Id: I44865af3d5eb2d37eb648ac7227277e86c8fbc54
2017-02-03Merge "Use transport_url for rabbitmq connection parameters in heat"Jenkins1-12/+43
2017-02-03Merge "Add initial profiles for rest of Octavia services"Jenkins3-0/+101
2017-02-03Merge "add cache to object-expirer pipeline"Jenkins1-0/+1
2017-02-02Revert "set innodb_file_per_table to ON for MySQL / Galera"Alex Schultz2-9/+7
This reverts commit 621ea892a299d2029348db2b56fea1338bd41c48. We're getting performance problems on SATA disks. Change-Id: I30312fd5ca3405694d57e6a4ff98b490de388b92 Closes-Bug: #1661396 Related-Bug: #1660722
2017-02-02Merge "set innodb_file_per_table to ON for MySQL / Galera"Jenkins2-7/+9
2017-02-01set innodb_file_per_table to ON for MySQL / GaleraMike Bayer2-7/+9
InnoDB uses a single file by default which can grow to be tens/hundreds of gigabytes, and is not shrinkable even if data is deleted from the database. Best practices are that innodb_file_per_table is set to ON which instead stores each database table in its own file, each of which is also shrinkable by the InnoDB engine. Closes-Bug: #1660722 Change-Id: I59ee53f6462a2eeddad72b1d75c77a69322d5de4
2017-02-01Use transport_url for swift-proxy instead of rabbitmq paramsJuan Antonio Osorio Robles1-25/+52
These parameters are being deprecated, so we should be using the transport_url format instead. Change-Id: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
2017-01-27Merge "Clean TLS proxy-related setup for neutron-server profile"Jenkins2-16/+21
2017-01-27Merge "Rename controller_admin_vip to controller_admin_host"Jenkins1-8/+9
2017-01-27Merge "Add AuditD Profile"Jenkins1-0/+30
2017-01-27Clean TLS proxy-related setup for neutron-server profileJuan Antonio Osorio Robles2-16/+21
Since the commit this depends on sets it up via hieradata, the conditionals here are no longer needed. bp tls-via-certmonger Depends-On: I9252512dbf9cf2e3eec50c41bf10629d36070bbd Change-Id: I37275e42763e103b81878b6af07c750a524c5697
2017-01-27nova: deploy basic setup for cellsEmilien Macchi1-19/+2
it's not required in Ocata, let's configure the basic setup for cells. note: it also cleanup old code that is not valid anymore. Change-Id: Iac5b2fbe1b03ec7ad4cb8cab2c7694547be6957d
2017-01-27Add AuditD ProfileSteven Hardy1-0/+30
This patch allows the management of the AuditD service and its associated files (such as `audit.rules`) This is achieved by means of the `puppet-auditd` puppet module. Closes-Bug: #1640302 Co-Authored-By: Luke Hinds (lhinds@redhat.com) Change-Id: Ie31c063b674075e35e1bfa28d1fc07f3f897407b
2017-01-27Merge "horizon: be more flexible in hiera neutron"Jenkins1-1/+1
2017-01-27Merge "Use TLS proxy for neutron server's internal TLS"Jenkins2-13/+81
2017-01-26Merge "Support composable HA for the Ceph rbdmirror daemon"Jenkins1-1/+21
2017-01-26Merge "Adding congress service"Jenkins3-0/+92
2017-01-26horizon: be more flexible in hiera neutronEmilien Macchi1-1/+1
Requiring the neutron mechanism driver from hiera is too rigid, if Neutron is not deployed in the catalog. Be more flexible so catalog won't fail if the value is not set in Hiera. Change-Id: I1475687c4dc53c77e763f42a440355a7c8d014bc Partial-Bug: #1659662
2017-01-26Support composable HA for the Ceph rbdmirror daemonGiulio Fidente1-1/+21
Follow up patch for I63da4f48da14534fd76265764569e76300534472 to support composable HA for the Ceph rbdmirror daemon. Change-Id: I3767bee4b1c7849fa85e71bcc57534b393d2d415
2017-01-26Use TLS proxy for neutron server's internal TLSJuan Antonio Osorio Robles2-13/+81
This uses the tls_proxy resource added in a previous commit [1] in front of the neutron server when internal TLS is enabled. Right now values are passed quite manually, but a subsequent commit will use t-h-t to pass the appropriate hieradata, and then we'll be able to clean it up from here. Note that the proxy is only deployed when internal TLS is enabled. [1] I82243fd3acfe4f23aab373116b78e1daf9d08467 bp tls-via-certmonger Change-Id: I6dfbf49f45aef9f47e58b5c0dbedd2b4e239979e
2017-01-26Merge "Ensure basic Ceph configuration is performed by RBD mirror"Jenkins1-0/+1
2017-01-26Adding congress serviceDan Radez3-0/+92
Change-Id: Ic74ccd5fa7b3b04ca810416e5160463252f17474 Signed-off-by: Dan Radez <dradez@redhat.com>
2017-01-26Use transport_url for rabbitmq connection parameters in heatCarlos Camacho1-12/+43
Depends-On: I91b9959a6f71b4e6885e55a568116cc28cf16ddd Change-Id: I1a152dd0a7e7949ee8d91a6f63425dba2406fcaf
2017-01-26Rename controller_admin_vip to controller_admin_hostMartin André1-8/+9
Bring change of I53151d4f555d5d161a3e53ce5f022e3bf3b2ffbd into puppet-tripleo. Change-Id: I1227956a0389497eedc00e4ec817f52be608dc75 Related-Bug: #1643655
2017-01-25Merge "Adding tacker service"Jenkins3-0/+92
2017-01-25Merge "Composable HA"Jenkins7-47/+204
2017-01-25Merge "Remove double include of neutron::server class"Jenkins1-8/+1
2017-01-25Add initial profiles for rest of Octavia servicesBrent Eagles3-0/+101
Initial profile files for Octavia services. Partially-implements: blueprint octavia-service-integration Change-Id: Ic6f945cdf36744382a4a63fcc374d5562964ca68
2017-01-25Composable HAMichele Baldessari7-47/+204
This commit implements composable HA for the pacemaker profiles. - Everytime a pacemaker resource gets included on a node, that node will add a node cluster property with the name of the resource (e.g. galera-role=true) - Add a location rule constraint to force running the resource only on the nodes that have that property - We also make sure that any pacemaker resource/property creation has a predefined number of tries (20 by default). The reason for this is that within composable HA, it might be possible to get "older CIB" errors when another node changed the CIB while we were doing an operation on it. Simply retrying fixes this. - Also make sure that we use the newly introduced pacemaker::constraint::order class instead of the older pacemaker::constraint::base class. The former uses the push_cib() function and hence behaves correctly in case multiple nodes try to modify the CIB at the same time. Change-Id: I63da4f48da14534fd76265764569e76300534472 Depends-On: Ib931adaff43dbc16220a90fb509845178d696402 Depends-On: I8d78cc1b14f0e18e034b979a826bf3cdb0878bae Depends-On: Iba1017c33b1cd4d56a3ee8824d851b38cfdbc2d3
2017-01-25Adding tacker serviceDan Radez3-0/+92
Change-Id: I3d6bbc05644e840395f87333ec80e3b844f69903
2017-01-25Remove double include of neutron::server classJuan Antonio Osorio Robles1-8/+1
This class was being included in the same way in two different branches of the code which could be joined in the initial branch (or if statement). Change-Id: Iee3c1663a2fe929b21a9c089d89b721600af66bd
2017-01-25Ensure basic Ceph configuration is performed by RBD mirrorGiulio Fidente1-0/+1
Previously we missed to perform the basic Ceph client configuration on a node where only the RBD mirror service was deployed. Change-Id: Ie6a4284a88714bcee964a38636e12aa88bb95c9d Co-Authored-By: Michele Baldessari <michele@acksyn.org> Related-Bug: #1652177
2017-01-25Fix wrong hiera key in ceph_rbdmirrorMichele Baldessari1-1/+1
There is a typo in the bootstrap check which will lead to: Could not find data item ceph_rbdmirror_bootstrap_short_node_name in any Hiera data file and no default supplied at /etc/puppet/modules/tripleo/manifests/profile/pacemaker/ceph/rbdmirror.pp We need to be using the correct one: $ hiera ceph_rbdmirror_short_bootstrap_node_name overcloud-remote-0 Change-Id: Ic343e5f99e48360bdd2d2989781a4b6ca484e8fc
2017-01-25Merge "Clean TLS proxy-related setup for glance api profile"Jenkins1-11/+29
2017-01-25Merge "Make sure we bind the rabbit inter-cluster to a specific interface"Jenkins1-7/+21
2017-01-25Merge "pacemaker remote profile support"Jenkins2-2/+95
2017-01-24Clean TLS proxy-related setup for glance api profileJuan Antonio Osorio Robles1-11/+29
Since the commit this depends on sets it up via hieradata, the conditions here are no longer needed. bp tls-via-certmonger Change-Id: I66956f0b85e8e3bf1ab9562221d51d51c230b88e Depends-On: I693213a1f35021b540202240e512d121cc1cd0eb
2017-01-24Merge "Use TLS proxy for Glance API's internal TLS"Jenkins1-9/+68
2017-01-24Merge "updates to collectd support"Jenkins3-48/+80
2017-01-24pacemaker remote profile supportMichele Baldessari2-2/+95
This support enables a base profile called pacemaker_remote which will allow the operator to automatically configure the pacemaker_remote service on such nodes. This manifest also automatically adds any pacemaker_remote nodes to the pacemaker cluster. Depends-On: I0c01ecb7df1a0f9856fdc866b9d06acf0283fa4f Depends-On: Ic0488f4fc63e35b9aede60fae1e2cab34b1fbdd5 Change-Id: I92953afcc7d536d387381f08164cae8b52f41605
2017-01-24Merge "Add retries to the ::pacemaker::stonith property"Jenkins1-1/+7
2017-01-23Merge "Implement Nova ec2api profile"Jenkins3-1/+41
2017-01-23Merge "Remove last bits of Glance Registry"Jenkins1-50/+0
2017-01-23Merge "Add Ceph RBD mirror Pacemaker profile"Jenkins1-0/+77
2017-01-23Use TLS proxy for Glance API's internal TLSJuan Antonio Osorio Robles1-9/+68
This uses the tls_proxy resource added in the previous commit [1] in front of the Glance API server when internal TLS is enabled. Right now values are passed quite manually, but a subsequent commit will use t-h-t to pass the appropriate hieradata, and then we'll be able to clean it up from here. Note that the proxy is only deployed when internal TLS is enabled. [1] I82243fd3acfe4f23aab373116b78e1daf9d08467 bp tls-via-certmonger Depends-On: Id5dfb38852cf2420f4195a3c1cb98d5c47bbd45e Change-Id: Id35a846d43ecae8903a0d58306d9803d5ea00bee