Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This gives the option to generate the service certificate(s) that
HAProxy will use. This will be used for both the overcloud and the
undercloud.
bp tls-via-certmonger
Change-Id: I3d0b729d0bad5252c1ae8852109c3a70c0c6ba7d
|
|
|
|
|
|
|
|
service"
|
|
|
|
Deploy Keystone and Gnocchi API with the new Apache/Pacemaker profile.
Change-Id: Id28c618133e53e28dfac7e3e9cf9f5f5a6b2421a
|
|
Change-Id: I6ba962c682dc2ab8c6ee5238e0c176d9ae05d696
|
|
|
|
This class extracts the certificate and adds it to the trusted certs.
bp tls-via-certmonger
Change-Id: I6dc1e0469cd7dbbb51659c8f29975d25b2941ec3
|
|
Change I67a15dc83a754fb6f5fe25c64ae9e7d29c58fcec removed the
gnocchi configuration completely from non-bootstrap nodes. This
changes it so the configuration is included on all nodes, but the
db sync is only included on bootstrap.
Change-Id: If402becc900c175f5b3bb95c3413276e5a04b4f7
Closes-Bug: 1604708
|
|
Deploy Apache with Pacemaker in a new profile.
Change-Id: I9ae6cee2bfb0f8974d41d700454cfde2df06c2d1
|
|
Heat needs stack_user_domain_id or stack_user_domain_name config
options set in the heat.conf before starting. The domain itself
doesn't need to exist until a stack is actually created, but the
value needs to be there. This patch ensures that the heat domain
parameters are configured before starting the heat-engine service
with Pacemaker at step3 and 4, and at step5, Pacemaker will start
the services and Puppet will create the domains.
(note: commit message copied from
https://review.openstack.org/#/c/331652/ to mitaka tht, which came
first)
Change-Id: I58fa53357265c1607d2df1b04cc2296083212ab7
Closes-Bug: 1599232
|
|
|
|
|
|
|
|
The gnocchi db sync is being run from multiple controllers causing errors in
CI. See the bug for more details.
Change-Id: I67a15dc83a754fb6f5fe25c64ae9e7d29c58fcec
Closes-Bug: #1604624
|
|
In the Next Generation HA architecture a number of active/active services
will be run via systemd. In order for this to work we need to make sure that
the sync_db operation only takes place on the bootstrap node, just like it is
done today for the pacemaker profiles.
We do this by removing sync_db as a parameter and instead set it to true
or false depending if the hostname matches the bootstrap_node as it is done
today in the pacemaker role.
Note that we call hiera('bootstrap_nodeid', undef) because if a profile
is included on a non controller node that variable will be undefined.
The following testing was done:
- HA puppet-pacemaker.yaml scenario with three computes
- NonHA with one controller
- NonHA with three controllers
Fixes-Bug: 1600149
Co-Author: cmsj@tenshu.net
Change-Id: I04a7b9e3c18627ea512000a34357acb7f27d6e0e
Implements: blueprint ha-lightweight-architecture
|
|
The principal is needed for kerberos-based solutions like FreeIPA.
bp tls-via-certmonger
Change-Id: Ie27848f522d11135b061aef766de2b696c77fcb9
|
|
The code was in THT before but now in the Nova API profile.
Change-Id: I7035f7998c11dc5508dae8c1a750b93c2944b2d4
|
|
|
|
|
|
The dummy openstack-core resource was meant to replace keystone so that
restarting keystone would not restart the whole cloud. When this
resource was introduced the paramter interleave=true was mistakenly left
out.
This causes a simple promote operation on the galera resource to restart
openstack-core and its children.
Change-Id: Ic590005a9419be87e6e6ea131b0ac0630c5afc19
Closes-Bug: 1603381
|
|
|
|
Add Mistral profiles for non-ha and ha scenarios
Change-Id: I1a072326091fd3b0c21d2f78041e3532b67c60eb
Implements: blueprint refactor-puppet-manifests
Depends-On: I6ce61054384c15876c498ba8cf582f88d9f7f54c
|
|
|
|
|
|
Add MySQL profiles, for non-ha and ha scenarios.
Change-Id: I7ddae28a6affd55c5bffc15d72226a18c708850e
Closes-Bug: #1601853
|
|
This resource will be used in both the overcloud and the undercloud,
and can be called in several instances (for public-facing or
internal-facing certificates).
bp tls-via-certmonger
Change-Id: I0410fe0dbbed97d16909e911f7318d78a5bd7d7b
|
|
This base class just executes the main certmonger include (which gets
the package and starts the service) and configures the global CA, as
well as some options for the certificates that it will be issuing.
bp tls-via-certmonger
Change-Id: Ib748946130209bf9ccf6670b6f3fbbe0424400ec
|
|
|
|
|
|
|
|
Change-Id: I46215f82480854b5e04aef1ac1609dd99455181b
Closes-Bug: #1601970
|
|
As not having guarantee of being installed on same node, the dbsync
will be on step 3 and the clustercheck on 2.
Change-Id: Id728aae79442c45ab48fe0914c065f1807e8890d
|
|
|
|
|
|
Change-Id: Iff6508972edfd5f330b239719bc5eb14d3f71944
Implements: blueprint refactor-puppet-manifests
|
|
|
|
|
|
|
|
The Nuage agent will also get used on compute nodes.
Change-Id: Ic842ebdc183918ec9a24f83ae39adfba27bc799c
|
|
We include this from the midonet profile (which is for the controller).
Agent will also get used on compute nodes as well.
Change-Id: I2393fc3c360f5f5786411f64dbcd06f380376093
|
|
Simplify the base neutron profile so that we always include
the neutron and neutron::config classes at step 3. In doing so
we can now simplify the pacemaker version to use a simple include
which will avoid duplicate class errors.
Change-Id: I95b9188607ab6c599ad4cde6faa1deb081618f3e
|
|
In order for each service to operate independently when used with Pacemaker,
the roles needed to be separated.
This also drops all pacemaker constraints, as they do not make much sense
in the composable realm.
Change-Id: Id61eb15b1e2366f5b73c6e7d47941651e40651b1
Partial-Bug: #1592284
|
|
* Configure ceilometer to default mongodb backend.
* remove useless sync_db parameter in pacemaker class.
* Remove duplicated resource for ceilometer central agent service with
pcmk.
* Remove pacemaker delay resource dependency, the resource does not
exist anymore.
Change-Id: Ie337bfe770c5b22158dc307eb36e39c2b93b95a9
|
|
When nova-compute and nova-conductor are collocated, we need to make
sure nova-conductor starts before nova-compute otherwise nova-compute
will just fail to start.
Change-Id: Icc3ed768af2a08e2db78d9c9278d309a62d26850
|
|
Deploy composable iptables rules for HAproxy.
Note: we can't use Hiera here because we have some logic in
puppet-tripelo that select the services that we actually deploy.
Using this code in the Define will easily create IPtables rules that we
actually need. Some other services will be able to create IPtables rules
in Hiera (in THT), but not HAproxy now.
Change-Id: If03b18992c68461e97789c0318078a0b243c84fe
|
|
|