Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
When doing a heat stack-show, Heat initially returns a 302 redirect.
With the existing loadbalancer config for SSL, this results in a
redirect to an http:// address pointing at the SSL port, which
naturally doesn't work.
The fix for this is to use the rsprep haproxy option to rewrite the
Location header in responses from the Heat api server. This allows
us to properly handle redirect traffic as https.
Also note that http header rewriting requires "mode http", so that
is added here as well.
Change-Id: I7e5c5b1877e9aa46c4b88dfba45c1fddf61727fc
|
|
Just like any other OpenStack API endpoint.
Change-Id: Iaa45d7bef94c3c42df0988a58f146bb8a530f74e
|
|
|
|
|
|
The glance-registry service is returning 401 to httpchk, which
makes haproxy think it is down. This change switches the check
mode to tcp.
Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1234637
Closes-Bug: 1468566
Change-Id: Icdd80aa9cd56e5afd3707eb7fa38aaedb8535af6
|
|
In the pacemaker scenario we want to use the clustercheck script
to evict galera nodes which are out of sync. This change adds a
parameter meant to enable use of clustercheck for the mysql service.
Change-Id: I7199c7e5d759a76f58c0f48b40e9d460a3163886
Closes-Bug: 1456701
|
|
We do not want to give users control over the galera_master_node,
this should be gathered using the clustercheck script instead.
Depends-On: I56ebd2d8405ac35c707666d993b396f04aeb683e
Change-Id: Ib6a36e9283b73133251fb9ff3f33e71c50edb3db
Closes-Bug: 1467918
Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1234817
|
|
Adds a class to configure fence devices and a helper function which
helps to select the devices for configuration on appropriate nodes.
Depends on patches outside OpenStack's Gerrit:
https://github.com/redhat-openstack/puppet-pacemaker/pull/50
https://github.com/redhat-openstack/puppet-pacemaker/pull/52
Change-Id: I819fc8c126ec47cd207c59b3dcf92ff699649c5a
|
|
This patch optionally creates new virtual IPs for
the storage, storage_mgmt, and internal_api
networks if ip addresses are provided.
Additionally the HAproxy configuration is updated
to use hiera lookups to obtain virtual IPs for
alternate networks. By default the ctlplane
VIP is still used.
Change-Id: I20483574920a1da689374b0eb1b39b0391c3d243
|
|
This patch updates the loadbalancer class so that it
defaults to trying to use the node IP list for each
respective service. This data is provided via Hiera
directly (all-nodes-config provides it via the Heat
templates).
By default the ctlplane IP address list is still used
if no service node IP list is provided.
Change-Id: I34cbdf8bd525e6ab61859fe8b8c18fe613dabbfe
|
|
This patch removes the public VIP for the nova metadata
and glance registry services.
Change-Id: I0878f7b3eeed6e16c5d30bdf76ebca56eb49d042
|
|
There are two methods included: Setting $service_certificate will
enable SSL for all public endpoints with the same cert file, while
service-specific certificate settings allow using a cert file for
just one service.
Change-Id: I6f87ed2ebbea08ff1a0dff981559c8f4fc8b67cc
|
|
The per-instance limit to 150 can easily be reached for the
database when OpenStack services are running on hosts with many
CPUs. The global maxconn is increased as per astapor. See [1].
1. https://bugzilla.redhat.com/show_bug.cgi?id=1218322
Change-Id: Ia9258372ca4f707929f11097193a91c138069725
|
|
The Galera code has been merged upstream directly into
tripleo-heat-templates[1], since this code is not used we can remove it.
[1] https://review.openstack.org/#/c/177765/
Change-Id: I536cf9b561b93ff26d03183331b6a527ab851286
|
|
We want to let the caller decide upon having the haproxy
service started and enabled or not on boot.
Change-Id: I24a9fd2245a974120892a8887c8b58647c65cba9
|
|
|
|
|
|
|
|
|
|
Currently RabbitMQ is listening on both private vip and public vip.
There is no need for RabbitMQ to listen on the public vip, so we remove
it.
Change-Id: I82ea2e1e18b7710ae391ffe4903439a9330b1461
|
|
Add support for Redis in the loadbalancer setup.
Redis loadbalancing system is particular as it does not provide
clustering capabilities yet, hence this pattern[1] will be applied.
[1] https://github.com/falsecz/haredis
Change-Id: I80a6c284af9eceb6b669a03c5d93256261523331
|
|
Change-Id: I98b9b3dbc48009ce255d964ac580e1a31f279f1e
|
|
Enable access to the HAProxy stats page. The listen directive is bound
to the controller virtual IP address.
Change-Id: Ie0012da77ffdd9bfa8f06341aca2d70991558a28
|
|
Initial logic for the backup option in the HAProxy was wrong and
wouldn't do what expected.
Current logic is implemented as follow
1. User passes an array of Galera IP addresses
2. User passes an array of Galera hostnames
3. User passes a Galera master IP and Galera master hostname
Result :
* Set a backend line with Galera master IP and Galera master hostname
* Remove those data from the two arrays of IP and Hostnames
* Set backend lines for whatever is left on those array with the backup
option on
Change-Id: Idfd72de4fafdce2a9c16945961fee996a98049b7
|
|
Currently since only one node was the backend until this commit[1],
servername was deducted from the $::hostname fact. Since commit[1],
several node can be the backend for a service, so we need to provide
their servername also.
The current situation result with HAProxy refusing to start because
current lint look like
server 192.0.2.2:8776 check fall 5 inter 2000 rise 2
when they really should look like
server MYHOSTNAME 192.0.2.2:8776 check fall 5 inter 2000 rise 2
Resulting in error message : 'server' expects <name> and <addr>[:<port>]
as arguments.
[1] https://review.openstack.org/#/c/168044/
Change-Id: I75424cf02f2d24308f33105f67d82a8d411e372d
|
|
Since we can have many controller_hosts backend in a setup, we use the
plural term to define it.
Change-Id: I2a46c250bc3325eef9c3128cac2ab45c88b1ae75
|
|
This commit allows to enable backup mode for non master galera node.
Change-Id: I8b27f470ae171d77c8c8283797ff1502ef44e17f
|
|
|
|
This should allow puppet to validate the required params.
Change-Id: I16b6ae1a9fbcb388bfe5a2a95022a2fdffbf0cd1
|
|
- This changes the puppet-lint requirement to 1.1.x, so that we can use
puppet-lint plugins. Most of these plugins are for 4.x compat, but some just
catch common errors.
Change-Id: I2660b960b6ef696bd5dc8a6965b4a9aa25409b66
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
|
|
Removes the (optional) comment from some of the required
parameters.
Change-Id: I0f2c96e0d77dfdb96d6b246c5f24511773592623
|
|
* Fix Gerrit config to be able to contribute at this module.
* Fix lint issues in adding documentation for tripleo::loadbalancer
Change-Id: If4d40962a4e5612410df441e8862e1870ec123c0
|
|
The Package provider scope needs to be global so this class
won't really help us much. Removing for now.
|
|
This patch adds a new norpm package provider that extends the
Puppet provided default RPM package provider and stubs out
all of the package install, update, purging so that no
packages will get installed. This may be useful when
deploying pre-built images where we effectively just
want to use Puppet for configuration (not installation).
Includes a ::tripleo::package_provider class that will assist
in cleanly disabling package installation via hiera.
|
|
|
|
|
|
This class configures an HAProxy/keepalived setup for TripleO.
|
|
|