diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/objectstorage-role.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/apache.yaml | 33 | ||||
| -rw-r--r-- | puppet/services/ceilometer-base.yaml | 25 | ||||
| -rw-r--r-- | puppet/services/kernel.yaml | 29 |
4 files changed, 71 insertions, 18 deletions
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 84b646a2..fb60d2be 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -127,7 +127,7 @@ parameters: resources: SwiftStorage: - type: OS::Nova::ObjectStorageServer + type: OS::TripleO::ObjectStorageServer metadata: os-collect-config: command: {get_param: ConfigCommand} diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index ac371927..f3021060 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -84,21 +84,24 @@ outputs: apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" - - - generate_service_certificates: true - tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' - tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' - apache_certificates_specs: - map_merge: - repeat: - template: - httpd-NETWORK: - service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' - service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' - hostname: "%{hiera('fqdn_NETWORK')}" - principal: "HTTP/%{hiera('fqdn_NETWORK')}" - for_each: - NETWORK: {get_attr: [ApacheNetworks, value]} + - if: + - internal_tls_enabled + - + generate_service_certificates: true + tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' + tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' + apache_certificates_specs: + map_merge: + repeat: + template: + httpd-NETWORK: + service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' + service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" + for_each: + NETWORK: {get_attr: [ApacheNetworks, value]} + - {} metadata_settings: if: - internal_tls_enabled diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index d2f08bec..e60eb425 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -38,9 +38,27 @@ parameters: default: 0 description: Number of workers for Ceilometer service. type: number + ManageEventPipeline: + default: false + description: Whether to manage event_pipeline.yaml. + type: boolean EventPipelinePublishers: - default: ['notifier://?topic=alarm.all'] - description: A list of publishers to put in event_pipeline.yaml. + default: ['gnocchi://'] + description: > + A list of publishers to put in event_pipeline.yaml. When the + collector is used, override this with notifier:// publisher. + Set ManageEventPipeline to true for override to take effect. + type: comma_delimited_list + ManagePipeline: + default: false + description: Whether to manage pipeline.yaml. + type: boolean + PipelinePublishers: + default: ['gnocchi://'] + description: > + A list of publishers to put in pipeline.yaml. When the + collector is used, override this with notifier:// publisher. + Set ManagePipeline to true for override to take effect. type: comma_delimited_list Debug: default: '' @@ -97,7 +115,10 @@ outputs: ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + ceilometer::agent::notification::manage_event_pipeline: {get_param: ManageEventPipeline} ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} + ceilometer::agent::notification::manage_pipeline: {get_param: ManagePipeline} + ceilometer::agent::notification::pipeline_publishers: {get_param: PipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_user_domain_name: 'Default' diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 697ec228..8121454b 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -34,6 +34,28 @@ parameters: default: 0 description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys type: number + NeighbourGcThreshold1: + default: 1024 + description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value. + This is the minimum number of entries to keep in the ARP + cache. The garbage collector will not run if there are + fewer than this number of entries in the cache. + type: number + NeighbourGcThreshold2: + default: 2048 + description: Configures sysctl net.ipv4.neigh.default.gc_thresh2 value. + This is the soft maximum number of entries to keep in the + ARP cache. The garbage collector will allow the number of + entries to exceed this for 5 seconds before collection will + be performed. + type: number + NeighbourGcThreshold3: + default: 4096 + description: Configures sysctl net.ipv4.neigh.default.gc_thresh3 value. + This is the hard maximum number of entries to keep in the + ARP cache. The garbage collector will always run if there + are more than this number of entries in the cache. + type: number outputs: role_data: @@ -94,5 +116,12 @@ outputs: value: 1 fs.suid_dumpable: value: 0 + #avoid neighbour table overflow on large deployments + net.ipv4.neigh.default.gc_thresh1: + value: {get_param: NeighbourGcThreshold1} + net.ipv4.neigh.default.gc_thresh2: + value: {get_param: NeighbourGcThreshold2} + net.ipv4.neigh.default.gc_thresh3: + value: {get_param: NeighbourGcThreshold3} step_config: | include ::tripleo::profile::base::kernel |