aboutsummaryrefslogtreecommitdiffstats
path: root/spec
AgeCommit message (Collapse)AuthorFilesLines
2016-05-25Add lookup_hiera_hash functionGiulio Fidente4-0/+31
The lookup_hiera_hash function is meant to lookup for the value of a given key from a given Hiera hash. In the manifests this is possible by saving the value of the hash in a variable first but when driving lookups from the Heat templates we can't do it. Change-Id: Ie31bb70314db44a0a18e86090cc74aa4df5de169
2016-05-05Add tripleo::selinuxJames Slagle1-0/+106
Adds a class to configure SELinux. The code is taken from puppet-openstack-cloud: https://github.com/redhat-cip/puppet-openstack-cloud This allows to share the same code for usage by both the Undercloud and Overcloud. Co-Authored By: Emilien Macchi <emilien@redhat.com> Co-Authored By: Yanis Guenane <yguenane@redhat.com> blueprint undercloud-elements Change-Id: If214005df733d41c2fa4e197df247d8a14baaa14
2016-05-05Add dport/sport parameter to firewall ruleJames Slagle1-2/+16
The port parameter to puppetlabs-firewall is actually deprecated[1]. This adds support for using the new parameter names dport and sport. The port parameter is still retained in puppet-tripleo for backwards compatibily for anyone using that interface. It is marked deprecated in the documentation, however no deprecation warning is needed because there is already a warning from from puppetlabs-firewall. blueprint undercloud-elements Change-Id: I0598007f90018f80a3266193bb24dbf112de49b7
2016-04-20Add destination parameter to firewall ruleJames Slagle1-1/+6
Specifying a destination cidr is already supported by puppetlabs-firewall, we just need to pass through the parameter in rule.pp in puppet-tripleo. This will allow creating iptables rules that forward network traffic for a given cidr via puppet-tripleo. Change-Id: I23582a55cd97248be52f45e14de7e813ff499ff7
2016-02-18Merge "packages: secure upgrade workflow from dependency cycles"Jenkins1-5/+1
2016-01-22Drop webmock dependencyEmilien Macchi1-1/+0
webmock is not used anywhere in puppet-tripleo, let's clean it. Change-Id: Idd8646e69e31a63791a345765c459d094a23f813
2016-01-20packages: secure upgrade workflow from dependency cyclesEmilien Macchi1-5/+1
Change the workflow to be: Upgrade all packages before any services that is notified & managed by Puppet. It also disable the Exec timeout so we rely on Heat timeout and not on the 300s that are the default in Puppet [1] Example: we upgrade and OpenStack config will change (obviously). Puppet catalog will contain 3 important things: * config resources * service resources * package-upgrade Exec resource with that patch, what will happen: * puppet will update config first or second and notify services * puppet will run package-upgrade first or second but before the package-upgrade Exec resource * at the very end, puppet will restart services That way, we avoid complications with Puppet dependency cycle issues. [1] https://docs.puppetlabs.com/references/latest/type.html#exec-attribute-timeout Closes-Bug: 1536349 Change-Id: I07310bdfc5b07b03ac9fa5f8c13e87eaa2bfef4d
2015-12-23Upgrade all packages after puppet managed onesDan Prince1-0/+52
This updates tripleo::packages so that when enable_upgrade is used it will: 1) upgrade puppet managed packages (will trigger puppet dependencies) 2) then upgrade all packages via exec 3) then restart services NOTE: the intention here is that the Exec['update-packages'] will always execute if enable_upgrade is set. It is not idempotent in this regard because I think we always want to execute it if enable_upgrade is set. Change-Id: I02f7cf07792765359f19fdf357024d9e48690e42 Related-bug: #1522943
2015-12-14Modify cassandra dependencyJaume Devesa1-7/+16
Switch to locp/cassandra module since it has much more options than midonet/puppet-cassandra and it is already defined on the openstack-puppet-modules packages in RHEL. More info: https://bugzilla.redhat.com/show_bug.cgi?id=1285718 Depends-On: I72f21036fda795b54312a7d39f04c30bbf16c41b Change-Id: Icea9bd96e4c80a26b9e813d383f84099c736d7bf
2015-12-08Merge "Fix unit tests failing against Puppet 4.3.x"Jenkins1-0/+1
2015-12-08Fix unit tests failing against Puppet 4.3.xGael Chamoulaud1-0/+1
Change-Id: Ie2f3e29005570805fbf2ca75a930fab746f5f299 Related-bug: #1517805 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-12-01Remove `validate_ip_address` validator.Jaume Devesa1-46/+0
It is already merged on the puppetlabs-stdlib module: https://github.com/puppetlabs/puppetlabs-stdlib/commit/88a9a314c3e9cccbea5add95081655f2c14ec4c1 And we don't need to carry with this validation anymore. Change-Id: I2cee12e7601c546e616e2c249157e7739af29490
2015-11-30Merge "Fix unit tests failing against Puppet 4.3.0"Jenkins1-1/+4
2015-11-25Fix unit tests failing against Puppet 4.3.0Gael Chamoulaud1-1/+4
Change-Id: I10c0d35b473026a5e1ede265099f73c803402adc Related-bug: #1517805 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-11-23MidoNet services manifestsJaume Devesa6-0/+343
Provide TripleO overcloud manifests to deploy MidoNet and the cluster services that needs to run. Change-Id: I24f852e74fc4652d4609e1a71897e813448055fe
2015-09-11Merge "Initial msync run for all Puppet OpenStack modules"Jenkins7-0/+112
2015-09-03Add package_manifest resource.Dan Prince1-0/+37
This patch converts the write_package_names function into a proper resource. Using the write_package_names only works if the function comes last in the puppet manifest. By making the same functionality a custom resource we allow for it to exist anywhere in the manifest and provide the same functionality. The new syntax would be: package_manifest{'/tmp/foo': ensure => present} Co-Authored-By: Martin Mágr <mmagr@redhat.com> Change-Id: If3e03b1983fed47082fac8ce63f975557dbc503c
2015-08-18Initial msync run for all Puppet OpenStack modulesCody Herriges7-0/+112
This patch is the initial modulesync run, it impacts: * gitignore: just a sync between projects * gemfile: - update and allow to setup facter version and gem source - split beaker gems with a dedicated group - switch to rspec-puppet 2.2.0 * rakefile: - use the new syntax for lint configuration - add a acceptance target * acceptance: - sync nodesets - update tests in order to use zuul-cloner * spec: added rspec coverage report Change-Id: Iadefbe2cc0525224e9917c6712712c67ce1e0fff
2015-07-15Implement firewalling in tripleo::firewallYanis Guenane2-91/+114
Currently firewalling is implemented in tripleo/init.pp this commit moves it to its own scope tripleo/firewall.pp. This is done so that in tripleo-heat-templates we can have a simple and generic `include tripleo::firewall` in every manifest - unconditional. The rest of the behavior will all be managed by hiera. If a user wants to enable firewalling: ``` tripleo::firewall::manage_firewall: true ``` If a user wants to specify firewall rules: ``` tripleo::firewall::firewall_rules: '103 mongod': port: 27017 ``` Change-Id: I144c60db2a568a94dce5b51257f1d10980173325
2015-06-12Implement Advanced Firewalling supportEmilien Macchi1-0/+114
* Provide a Define function which will allow to manage IPtables rules. * Manage rules in 'pre' and 'post' Puppet stages, it allows to create rules before and after regular Puppet stages (ie: to make sure no rule exists *before* and everything is blocked *after* regular Puppet stages) Change-Id: I84fc79096f6fc3db76a61d012d8cb62dd12bdd89
2015-02-02Add basic structure for a Puppet moduleEmilien Macchi2-0/+21