summaryrefslogtreecommitdiffstats
path: root/puppet/hieradata/controller.yaml
AgeCommit message (Collapse)AuthorFilesLines
2015-09-16Merge "Set pacemaker default resource-stickiness"Jenkins1-0/+2
2015-09-15Merge "Ensure mysql root can only connect from localhost"Jenkins1-0/+1
2015-09-02Set pacemaker default resource-stickinessJiri Stransky1-0/+2
This is required for HA to work correctly. Change-Id: I9faa8fd7bbbac67de5c468ab6fc4edb2260dffe7 Depends-On: https://github.com/redhat-openstack/puppet-pacemaker/pull/61
2015-09-02Set the nova scheduler ram_allocation_ration to 1.0Emilien Macchi1-0/+1
We don't have swap space enabled on overcloud-full deploys as discussed at https://bugs.launchpad.net/tripleo/+bug/1491335 The default is 1.5 so configure Virtual ram to physical ram allocation ratio to 1:1 so we don't allow overcommit. Related-Bug: 1491335 Change-Id: I58cfe6dc68e8615a5519428412dec8c653bd6093
2015-08-04Ensure mysql root can only connect from localhostYanis Guenane1-0/+1
Currently mysql root user can connect in a passwordless way from : * localhost * 127.0.0.1 * ::1 * <HOSTNAME> This patch ensures that the mysql root user can connect only from localhost. Change-Id: If64fd383737c2fbeed4adbe8d98b1f92610956b2
2015-07-28Merge "Keystone token flushing"Jenkins1-0/+3
2015-07-24Merge "Set heat::instance_user to empty string"Jenkins1-0/+1
2015-07-24Keystone token flushingJiri Stransky1-0/+3
Set up a cron job to flush keystone tokens periodically. The job runs once a day near midnight per puppet-keystone defaults, and we pass maxdelay 3600 which means each controller will wait a random delay of up to 1 hour before running the task. Change-Id: I351f0273c61106c182aa3945b7ad1ce8f5c7d12b
2015-07-23Use 'public' instead of 'nova' as default floating pool nameGiulio Fidente1-0/+4
The dafault in nova.conf for default_floating_pool is set to nova which is confusing given to make Tempest tests to pass one has to create a public network with such a name. Change-Id: I148222a9f276309ede062ee5292993898ff899d6
2015-07-13Allow a user to disable MongoDB journalingYanis Guenane1-0/+1
By default MongoDB enables a journaling system that prevents loss of data in case of an unexpected shut-down. When journaling is enabled, MongoDB will create the journal files before actually starting the daemon[1]. The journaling feature is useful in production environment, but not really on a CI-like system, where we only want to make sure MongoDB is setup correctly and running, hence here we allow a user to enable/disable MongoDB journaling. [1] http://docs.mongodb.org/manual/core/journaling/ Change-Id: I0e4e65af9f650c10fdf5155ff709b4eb984cf4e1 Closes-bug: #1468246
2015-07-09Adds the NeutronDhcpAgentsPerNetwork parametermarios1-1/+0
Currently for both puppet and image-elements based deploys we set the dhcp_agents_per_network in neutron.conf to 2 and there is no control over that number (in the hieradata for the former and the image element for the latter). This change adds the NeutronDhcpAgentsPerNetwork parameter and also changes the default to 3 when not explicitly set. In the puppet case propagate this parameter in the hieradata for the neutron class and in the non-puppet case expose a new item in the neutron config to be consumed by the neutron image element (that change will point here) Change-Id: Id97c7796db7231b636f2001e28412452cf89562b
2015-07-08Set heat::instance_user to empty stringSteve Baker1-0/+1
In the overcloud heat, heat.conf instance_user is set to heat-admin. The consequence of this is that SSHing into heat created guest VMs will require the user 'heat-admin'. I predict that this will result in user confusion as to how to SSH into their VMs since they will be attempting default usernames (centos, cloud-user etc) or the documented heat default user (ec2-user) This change sets it to an empty string so that default usernames are used. This change depends on the puppet-heat fix to allow empty string instance_user: Depends-On: I9e8be0dd50709d271fc81683770c78380724e405 Change-Id: Id14bf3a4ac1b1c95797dae16c674b32a2da230f8
2015-07-07Don't set heat_stack_user_role to empty stringBen Nemec1-2/+1
This value doesn't work, and the default of heat_stack_user is fine. See https://github.com/openstack/puppet-heat/blob/989ffa65f4339bfd9612cff3b5ddcc4fd301f695/manifests/engine.pp#L22 Resolves: rhbz#1238844 Change-Id: I247121cb91d2b2a34f0f9f769fb411fcbfe6b571
2015-07-06Allow customization of included classes via hieradataGiulio Fidente1-0/+2
Allows inclusion of additional arbitrary puppet classes by the manifests if defined in the *_classes hieradata. Example: to specify the Nova RAM allocation ratio there is a param in nova::scheduler::filter but we do not include it by default; if needed one can use: nova::scheduler::filter::ram_allocation_ratio: 1.8 controller_classes: - nova::scheduler::filter Change-Id: I61d64d2498bed5c49376dee917d106598392db51
2015-06-29Merge "Drop swift ceilometer middleware."Jenkins1-1/+0
2015-06-26Merge "Set MariaDB package name in RedHat.yaml"Jenkins1-1/+0
2015-06-24Set MariaDB package name in RedHat.yamlDan Prince1-1/+0
This moves the hard coded package name for mariadb into the RedHat specific hieradata file. This was recently added to controller.yaml in a1b3fa3e84185b6969a8acfda475fe7fc48bd5a1. Also, resolves an issue where RedHat.yaml wasn't actually getting deployed. This is something that should have happened in 5009cc64322e9fb5723799eb9fbd79076a2dc5da. Change-Id: Iaa30be3c53a7c54d31d47b997966b0106a202ea4
2015-06-24Do not set explicitly galera_master to any of the nodesGiulio Fidente1-4/+1
We will manage nodes membership using the clustercheck script and marking all backends as backup, see change: I7199c7e5d759a76f58c0f48b40e9d460a3163886 Related-Bug: 1467918 Change-Id: I56ebd2d8405ac35c707666d993b396f04aeb683e
2015-06-23Merge "Specify mariadb package name to meet puppetlabs-mysql requirement"Jenkins1-0/+1
2015-06-21Drop swift ceilometer middleware.Dan Prince1-1/+0
Per Ceilometer commit 191f7bf9ccee33d8444f7dac5c09ceccce72ca29 (change ID: Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97) the Swift Ceilometer middleware no longer exists so we need to drop it in order to work with the latest upstream package. Change-Id: Iebaad0ba477001d663c6875b32d691bbfcda3d8d
2015-06-18Enable httpd balancing for HorizonGiulio Fidente1-0/+1
We need to customize the default apache::ip param or the default vhost configured will listen on ::80 Change-Id: I195a083f727da940841beb3a0c37dade02c6d1ca
2015-06-12Adds horizon to pacemaker when puppet-pacemaker is enabledmarios1-0/+2
Adds the horizon (httpd) service as pacemaker resource Also adds a default for the horizon::django_session_engine [1] which was previously unconfigured. Also adds a server-status.conf for httpd/pacemaker [2] [1] https://docs.djangoproject.com/en/dev/topics/http/sessions/#using-cached-sessions [2] https://github.com/beekhof/osp-ha-deploy/blob/master/pcmk/horizon.scenario#L72 Change-Id: I320837dfecf3241355e8a3345d0ff271592da491
2015-06-03Set VXLAN tunnels range to match GRE rangeGiulio Fidente1-2/+0
Change-Id: I16d259055fe4cd22541cd7abd7a26c71bbbaf292
2015-05-27Specify mariadb package name to meet puppetlabs-mysql requirementYanis Guenane1-0/+1
Specify the MariaDB package name to meet new requirement from puppetlabs-mysql introduce but latest commit[1][2] [1] https://github.com/puppetlabs/puppetlabs-mysql/commit/4bab65edcb98f82f87a4414840fe90ab81b6cea3 [2] https://github.com/puppetlabs/puppetlabs-mysql/commit/29788fb4c492865b5246daef6cbefe99c4aa067d Change-Id: I1b855934a88ceb4995ca1a44394db6b7a20c038d
2015-05-21Add Glance as Pacemaker resourceGiulio Fidente1-1/+0
Change-Id: If87cc4d55e8524246d2cd41a62805f84780006b2
2015-05-19Provide RabbitMQ clients with a list of servers instead of VIPGiulio Fidente1-1/+0
This will change the way how RabbitMQ clients get to the servers, they will not go through HAProxy anymore. Change-Id: I522d7520b383a280505e0e7c8fecba9ac02d2c9b
2015-05-13Merge "Add Galera as a Pacemaker resource when EnablePacemaker"Jenkins1-0/+4
2015-05-13Add Galera as a Pacemaker resource when EnablePacemakerYanis Guenane1-0/+4
This commit aims to support the creation of the galera cluster via Pacemaker. With this commit in, three use-cases will be supported. * Non HA setup / Non Pacemaker setup : The deployment will take place as it is currently the case in f20puppet-nonha. Nothing changes. * Non HA setup / Pacemaker setup : Even though it is a non ha setup, galera cluster via pacemaker will be deployed with a cluster nbr of 1. * HA setup / Non Pacemaker setup : N/A * HA setup / Pacemaker setup : It is assumed that HA setup will always be with pacemaker. So in this situation pacemaker will deploy a cluster of 3 galera master nodes. Depends-On: I7aed9acec11486e0f4f67e4d522727476c767d83 Change-Id: If0c37a86fa8b5aa6d452129bccf7341a3a3ba667
2015-05-11Use optimized config for RabbitMQ clusterGiulio Fidente1-0/+10
Use some optimized configuration settings for RabbitMQ when clustered. Data is ported from Astapor. Change-Id: If54aff5654dbe75e68197588be12cb3995c77ec7
2015-05-05Merge "puppet: install Horizon on overcloud-controller"Jenkins1-0/+3
2015-05-04Add support for Glance RBD backendDan Prince1-3/+1
This patch adds support for a new GlanceBackend setting which can be set to one of swift, rbd, or file to control which Glance backend is configured for use by default. Change-Id: Id6a3fbc3477e85e8e2446e3dc13d424f9535d0ff
2015-04-27puppet: install Horizon on overcloud-controllerEmilien Macchi1-0/+3
Install OpenStack Dashboad (Horizon) on the Overcloud Controller with Puppet. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Depends-On: If9b12d373e407be8be8428d77145f131eb450e88 Change-Id: I254e895014f58a51dade3dcdc63eabbb5dc458ac
2015-04-21Merge "Perform basic setup of Pacemaker cluster using puppet-pacemaker"Jenkins1-2/+2
2015-04-20Perform basic setup of Pacemaker cluster using puppet-pacemakerGiulio Fidente1-2/+2
Depends-On: Ia1bbf53c674e34ba7c70249895b106ec0af3c249 Change-Id: Ifa9f579d26a3cba9f8705226984c7b987ae0ad1c
2015-04-16Add support for Redis configurationYanis Guenane1-0/+6
Add support for Redis configuration on the overcloud controller role. Change-Id: I917ff1e7c0abf9d76b9939a97978e858268deac2 Depends-On: I80a6c284af9eceb6b669a03c5d93256261523331
2015-04-16Merge "Perform basic setup of pacemaker cluster on controllers"Jenkins1-0/+4
2015-04-14puppet: implement MongoDB on controller nodesEmilien Macchi1-0/+2
This patch aims to configure MongoDB server on controller nodes with Puppet. It also create a default replicaset for Ceilometer, so MongoDB can be highly available when multiple controllers are run. Change-Id: I3c1ff06ebc3c9dac44fc790caaea711d0eba4bb7
2015-04-14Perform basic setup of pacemaker cluster on controllersGiulio Fidente1-0/+4
Change-Id: Ia2e4eae619ca95c0f417f713676732eb4f01304b Depends-On: I9563eec0a2266deb2ebef2e3d76ae89d39b2be29
2015-03-13puppet/loadbalancer: use puppet-tripleoEmilien Macchi1-0/+18
The loadbalancer Puppet code moved to puppet-tripleo (lightweight) composition layer. This patch aims to use it and refactor the loadbalancer.pp file. Co-Authored-By: Dan Prince <dprince@redhat.com> Change-Id: I1765ac9b6cb01cb64d5d28dad646674ddca859e9
2015-02-12Revert "puppet: disable swift proxy and glance backend"Dan Prince1-1/+1
This reverts commit 4d470abc589c660cd55e4ced92de234fdf83d882 where we disabled swift (and the glance swift backend) due to the fact that some of the Heat metadata wasn't showing up. Change-Id: Ib0c01be5844aa79d74b7de02ba3d0657db5047ba Closes-bug: 1418805
2015-02-06puppet: disable swift proxy and glance backendDan Prince1-1/+1
We have an issue where swift.devices metadata isn't showing up on our controllers. This causes ringbuilding to fail meaning swift-proxy won't startup. This patch disables the swift-proxy and glance swift backend until we can figure out exactly what caused this change. Change-Id: I723a4b703d979d7475ac48f41c4c0ac91c306884 Partial-bug: 1418805
2015-02-04Puppet: wire in neutron_dnsmasq_optionsDan Prince1-0/+1
This patch updates puppet on the controller so that it configures the Neutron dnsmasq options file data with the value provided by the Heat NeutronDnsmasqOptions parameter. Properly configuring this setting can help resolve/tune overcloud instance connectivity issues w/ SSH etc. Change-Id: If47ab3d3002ebe19fc980ca5d37f84f4d8851f9b
2015-02-04Puppet: Heat API and EngineDan Prince1-0/+6
This patch adds the ability to configure the Heat API and Heat engine on controller nodes via puppet. Change-Id: Ie81090bceed3e18199a36ebb11d1cbcaea83c410
2015-02-03Puppet: Ceilometer controller supportDan Prince1-0/+2
This patch adds support for the Ceilometer controller role including the Ceilometer: -API -central agent -alarm notifier -alarm evaluator -collector -expirer In order to enable swift metering the swift::proxy ceilometer middleware was added in. Also, a minor adjustment to the existing ceilometer HA proxy setting was made to accommodate ceilometer auth settings. (not exactly sure why but this seems to be required) Like upstream TripleO Ceilometer is currently using a MySQL database backend. A follow on patch can support configuring MongoDB for use with Ceilometer. Change-Id: I4e171274bd7679d386d93492d13dfa7c5d37f6a8
2015-01-27Puppet: Switch glance to use a swift backendDan Prince1-0/+4
Now that we have swift we can switch glance over to make use of it. Change-Id: I9513cb63079235337b684aa734af73a0f0cc0afd
2015-01-27Puppet: Swift Overcloud Proxy/Storage supportDan Prince1-0/+17
This patch adds support for a Swift proxy and storage node on the controller. The implementation is fairly straightforward with the exception of building the ring. I've followed an upstream TripleO model here where we build the actual ring on each node (rather than build once and rsync). This works because Heat will always know all the devices ahead of time. In the future when we have Heat breakpoints it might be possible to consider optimizing this by generating the ring once and then rsyncing to all the nodes. The ringbuilder logic is executed as a seperate Heat software deployment. On the controller the ring is executed in between the base service (mysql/rabbit) and OpenStack service steps. This is to ensure the ring exists before the Swift proxy is started. Having the ringbuilder.pp logic as a separate software config should allow us to reuse it for the Storage node role. It should also be noted that swift.zones support is added here but we are missing an upstream Heat template change in order for it to be wired in properly. See: I0e0f5189da1575f2e1ed7fba4bbbe13a8fbf6221 Likewise we need to properly wire in SwiftRingBuild as well. See: I01311ec3ca265b151f8740bf7dc57cdf0cf0df6f The underlying puppet ringbuilder code is already wired to support this change when it lands. As is this works today and will provide a working Overcloud Swift-proxy/storage node config. Will follow this up with a related Swift storage node patch which should allow puppet to be used for configuration on the storage nodes as well... Change-Id: Id1272f796e2507a7357309e8cd6a51ad9e0160af
2015-01-08Puppet: overcloud controller configDan Prince1-0/+43
This patch provides an alternate implementation of the OS::TripleO::Controller::SoftwareConfig which uses Puppet to drive the configuration. Using this it is possible to create a fully functional overcloud controller instance which has the controller node configured via Puppet stackforge modules. Initially this includes only the following services: MySQL RabbitMQ Keepalived/HAProxy (HA is not yet fully supported however) Nova Neutron Keystone Glance (file backend) Cinder Using these services it is possible to run devtest_overcloud.sh to completion. The idea is that we can quickly add more services once we have CI in place. In order to test this you'll want to build your images with these elements: os-net-config heat-config-puppet puppet-modules hiera None of the OpenStack specific TripleO elements should be used with this approach (the nova/neutron elements were NOT used to build the controller image). Also, rather than use neutron-openvswitch-agent to configure low level networking it is recommended that os-net-config by configured directly via heat modeling rather than parameter passing to init-neutron-ovs. This allows us to configure the physical network while avoiding the coupling to the neutron-openvswitch-element that our standard parameter driven networking currently uses. (We still need to move init-neutron-ovs so that it isn't coupled and/or deprecate its use entirely because the heat drive stuff is more flexible.) Packages may optionally be pre-installed via DIB using the -p option (-p openstack-neutron,openstack-nova) etc. Change-Id: If8462e4eacb08eced61a8b03fd7c3c4257e0b5b8