aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/hieradata/controller.yaml
AgeCommit message (Collapse)AuthorFilesLines
2016-03-10Keystone domain for HeatMartin Mágr1-0/+7
This patch adds support for configuring Keystone domain for Heat via heat-keystone-setup-domain script. It should be reverted as soon as Keystone v3 is fully functional. This patch won't be fully functional without either python-keystoneclient fix [1] or workaround [2]. [1] https://bugs.launchpad.net/python-keystoneclient/+bug/1452298 [2] https://review.openstack.org/180563 Change-Id: Ie9cdd518b299c141f0fdbb3441a7761c27321a88 Co-Authored-By: Jiri Stransky <jistr@redhat.com> Depends-On: Ic541f11978908f9344e5590f3961f0d31c04bb0c
2016-03-08Merge "Permits configuration of Cinder enabled_backend via hieradata"Jenkins1-0/+1
2016-03-04Revert "Deploy Aodh services, replacing Ceilometer Alarm"James Slagle1-6/+0
This just a revert to see if reverting this gets back to a normal CI run time. This reverts commit f72aed85594f223b6f888e6d0af3c880ea581a66. Change-Id: I04a0893f6cf69f547a4db26261005e580e1fc90b
2016-03-03Deploy Aodh services, replacing Ceilometer AlarmEmilien Macchi1-0/+6
Ceilometer Alarm is deprecated in Liberty by Aodh. This patch: * manage Aodh Keystone resources * deploy Aodh API under WSGI, Notifier, Listener and Evaluator * manage new parameters to customize Aodh deployment * uses ceilometer DB for the upgrade path * pacemaker config Depends-On: I9e34485285829884d9c954b804e3bdd5d6e31635 Depends-On: I891985da9248a88c6ce2df1dd186881f582605ee Depends-On: Ied8ba5985f43a5c5b3be5b35a091aef6ed86572f Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Change-Id: I58d419173e80d2462accf7324c987c71420fd5f6
2016-03-01Merge "Enable heat-manage purge_deleted cron job"Jenkins1-0/+4
2016-02-25Enable notifications on the overcloudBen Nemec1-0/+1
Configures all services to send notifications to rabbit. The puppet modules are not consistent regarding how this is done - some expose notification config as a top-level param, others you need to set it through a *_config structure, and cinder provides a separate class dedicated to enabling ceilometer notifications. Change-Id: I23e2ddad3c59a06cfbfe5d896a16e6bad2abd943
2016-02-23Permits configuration of Cinder enabled_backend via hieradataGiulio Fidente1-0/+1
It is currently possible to provide arbitrary config settings for Cinder using the "cinder::config::cinder_config:" hiera key. To add a backend though particular one has to edit the list of enabled backends in Cinder too which isn't possible. This change will make it possible using a user-customizable array of backends to be enabled. Change-Id: Ic664c1c2b0f7b1b4b6be8b5064a38650694d4857
2016-02-19Use the class param to configure Cinder 'host' settingGiulio Fidente1-3/+1
By configuring the Cinder 'host' setting via the appropriate class param instead of cinder_config we don't risk to override it if the user is to pass additional config settings using cinder_config in ExtraConfig. Change-Id: Idf33d87e08355b5b4369ccb0001db8d4c3b4c20f
2016-02-12Merge "Nova now requires an api database to be created"Jenkins1-0/+1
2016-02-12Enable heat-manage purge_deleted cron jobSteve Baker1-0/+4
Without this the heat database tables will grow without limit. Change-Id: I687e733db1a73ebc2047609a03be768093010dd4 DependsOn: Ia2b80e5003450cd794ebb0c9ca72200ec8616e81
2016-02-11Merge "puppet: run keystone in wsgi"Jenkins1-0/+2
2016-02-10Nova now requires an api database to be createdDavid Moreau Simard1-0/+1
This enables the creation of the nova_api database that is now mandatory since https://review.openstack.org/#/c/245828/ Change-Id: Ia8242f23864ebb14ccf858a77ba754059e9c2d4a Related-Bug: #1539793
2016-02-09puppet: run keystone in wsgiEmilien Macchi1-0/+2
For both HA & non-HA scenarios, switch puppet-keystone configuration to be run in a WSGI process instead of eventlet. WSGI is the way to go for scaling Keystone, moreover, eventlet won't be support in next OpenStack releases. Co-Authored-By: Dan Prince <dprince@redhat.com> Depends-On: I22a348c298ff44f616b2e898f4872eddea040239 Change-Id: I862b4a68f43347564ec3c0ddc4ec9e1d1c755cf2 Signed-off-by: Jason Guiditta <jguiditt@redhat.com>
2016-02-08Set 'host' globally in Cinder instead of per-backend basisGiulio Fidente1-0/+3
This change will set a common value for 'host' across all controllers. We missed to do so for the NFS backend previously. It will still be possible to set a different per-backend 'host' value by providing it via ExtraData. Change-Id: I00fd05660a15be3611e1a394650be6ab713670f9
2016-01-22neutron: delete by default router/dhcp namespacesEmilien Macchi1-0/+2
The 'router_delete_namespaces' (L3 agent) and 'dhcp_delete_namespaces' (DHCP agent) configuration settings default to false OpenStack Neutron resulting in network namespaces not being deleted when no longer needed. Disabling automatic namespace cleanup was appropriate for older Linux distributions but is no longer required. TripleO should set the values to true. Change-Id: I39e1a347d24ecc99b6f878807c47103c4b3f85e1
2016-01-14Enable keystone handling of X-Forwarded-Proto headerJuan Antonio Osorio Robles1-0/+5
If the X-Forwarded-Proto header is received by keystone, this option will make the service properly handle it. This is useful, for instance, if TLS is enabled for the admin endpoint. Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
2016-01-12Merge "Sahara Integration"Jenkins1-0/+2
2016-01-08Sahara IntegrationEthan Gafford1-0/+2
Integration of OpenStack data processing service (sahara) with TripleO. - Deploys sahara in distributed mode (separate api and engine processes on each controller node) - Load balancing w/haproxy - RabbitMQ/MySQL supported per current TripleO standard - Minimal configurability at this time Change-Id: I77a6a69ed5691e3b1ba34e9ebb4d88c80019642c Partially-implements: blueprint sahara-integration Depends-On: I0f0a1dc2eaa57d8226bad8cfb250110296ab9614 Depends-On: Ib84cc59667616ec94e7edce2715cbd7dd944f4ae Depends-On: I9fe321fd4284f7bfd55bd2e69dcfe623ed6f8a2a
2016-01-08Switch for Keystone DB cron jobMartin Mágr1-0/+1
- Adds parameter to enable switching off token flush cron job. - Sets destination for deleted rows to /dev/null Change-Id: I9e8aed969e81595d8a1d0a5300da17da6ba15c03 Partial-bug: rhbz#1249106 Depends-On: I5e51562338f68b4ba1b2e942907e6f6a0ab7a61e
2016-01-06Remove deleted Cinder rowsMartin Mágr1-0/+1
Creates cron job running every 24 hours for "cinder-manage db purge" Partial-bug: rhbz#1249106 Change-Id: I9156e0bf1401eda49a7c9a2921dc3a8723af026d Depends-On: I677f2ef3d9ca81fff0f672c8e34b6e4278674a96
2016-01-04Remove deleted Nova rowsMartin Mágr1-0/+2
Creates cron job running every twelve hours for "nova-manage db archive_deleted_rows" Partial-bug: rhbz#1249106 Depends-On: Ic674f4d39bc88f89abfeb0ce99a571c2534e57e4 Change-Id: I4740cc02aa9714f48798521fe9918ac3487db031
2015-12-04Making nova parameters configurable for nuage-metadata-agentRohit Pagedar1-1/+0
Exposing 'instance_name_template' to be set via extra config for nuage-metadata-agent to function Making nova::api::admin_tenant_name available on the compute node which is required by nuage-metadata-agent service Making KeystonePublicApiVirtualIP available on the compute node, which is used by the nuage-metadata-agent to build the auth-url Change-Id: I9736015e18cebf32b07940bf559063b60085f2fb
2015-11-19Implement Advanced Firewalling supportEmilien Macchi1-0/+106
Consume puppet-tripleo to create/manage IPtables from Heat templates. This review put in place the logic to enable and setup firewall rules. A known set of rules are applied. More to come. Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22 Co-Authored-By: Yanis Guenane <yguenane@redhat.com> Depends-On: I144c60db2a568a94dce5b51257f1d10980173325
2015-11-11Merge "Enable glance-api show_image_direct_url for COW"Jenkins1-0/+1
2015-11-04Revert "Manage keystone initialization directly in t-h-t manifests"Ben Nemec1-12/+0
This reverts commit 86d6c1ddc76bad423194e789ffb5474e4e12960e. This likely has an impact on upgrades, and since we don't have an upgrade CI job yet I'm concerned that we may have just broken ourselves. I would prefer to wait to merge this until the CI job is in place. Change-Id: Ib2366cb4b40471a28122f6e9955da9bdb31a53fb
2015-11-03Manage keystone initialization directly in t-h-t manifestsYanis Guenane1-0/+12
This is the second change of a servies of two, it creates the user, user_role, service and endpoint for: * glance * nova * neutron * cinder * horizon * swift * ceilometer * heat Change-Id: I50e792d98a2ba516ff498c58ad402f463c5f7e76
2015-11-03Create keystone roles and admin user from t-h-t manifestsYanis Guenane1-0/+2
Currently keystone initialization happens via os-cloud-config [1]. This commit moves some of that directly into the manifests. This is the first in a series of two changes to migrate it entirely into t-h-t. This change focus on implementing what keystone.initialize() was doing on the tripleoclient [2], creates the admin tenant, user and roles. It also creates the keystone endpoint itself. 1. https://github.com/openstack/os-cloud-config/blob/master/os_cloud_config/keystone.py#L128-L158 2. https://github.com/openstack/python-tripleoclient/blob/master/tripleoclient/v1/overcloud_deploy.py#L462-L527 Change-Id: I98555b707ff9b91c6e218de5dca68106ea05c8ea Depends-On: Ia4b3244f114dcff746ab89d355ad4933f8fdbddf
2015-11-02Merge "Support NFS backend for Glance (via Pacemaker)"Jenkins1-0/+1
2015-10-21Merge "controller/ceilometer: use internalURL for os endpoint type"Jenkins1-0/+3
2015-10-21Merge "Sync httpd vhost settings in between pcmk and non-pcmk scenarios"Jenkins1-0/+3
2015-10-19Support NFS backend for Glance (via Pacemaker)Jiri Stransky1-0/+1
Adds support for NFS backend in Glance by allowing the storage directory for the 'file' backend to be a mount managed by Pacemaker. Default behavior is unchanged. Since the Pacemaker-related parameters are not exposed on top level, change storage-environment.yaml to use parameter_defaults instead of parameters. Depends on a Heat fix for environment file's parameter_defaults to work well with JSONs and comma delimited lists (see Depends-On). Change-Id: I6e7e2eaf6919b955650c0b32e1629a4067602c89 Depends-On: I85b13a79dbc97a77e20c0d5df8eaf05b3000815e
2015-10-19controller/ceilometer: use internalURL for os endpoint typeEmilien Macchi1-0/+3
To let ceilometer access to keystone endpoints, use internalURL instead of publicURL for security & performances reasons. Ceilometer services (API, agents) will use internalURL endpoint to talk to other services (keystone, neutron, etc). Change-Id: I4cb843400f244cd34bbae4bc76371977780c7943
2015-10-15Sync httpd vhost settings in between pcmk and non-pcmk scenariosGiulio Fidente1-0/+3
Moves the vhost_params out of the manifest and into static hiera; also removes unneeded server_alias parameter as that matched the vhost servername anyway. Change-Id: I4b5971b23ef3be9529a59075fa93ccc64af75b9c
2015-10-15Set Django cache backend to Memcached instead of LocMemCacheGiulio Fidente1-0/+1
Change-Id: Ia2079fc3e350cc677811ebb970cd2b306d6e7040
2015-10-12Allow one to specify horizon ALLOWED_HOSTSYanis Guenane1-1/+0
If horizon is running in production (DEBUG is False), it will answer only to the IPs/hostnames specified in the ALLOWED_HOSTS variable in the local_settings.py configuration file. The puppet-horizon module offer the feature to customize that, tripleo-heat-teamplates was missing the link between the top-level parameter and the puppet parameter, hence this commit. More info : * https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts * https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L14-L24 Change-Id: I5faede8b74a0318e15baa761dc502b95b051ae0d
2015-10-05Fix MariaDB account removal race conditionJiri Stransky1-1/+0
The removal of default MariaDB accounts was being triggered roughly at the same time on all controllers, causing a race condition -- multiple nodes found an account present and attempted deletion, but then only one succeeded with the deletion, the others failed. HA controller deletes the accounts only on bootstrap node now, which fixes the issue. Change-Id: Ieacd10a6ce26da50f6a37eaa3221d866c24353fa
2015-09-25Adding core_plugin, type_drivers and service_plugins parametersShiva Prasad Rao1-3/+0
Make core_plugin, type_drivers and service_plugins parameter in neutron configurable through heat. Also changing the type_drivers order to "vxlan,vlan,flat,gre" Change-Id: Iba895ed5897bdaf7bb772ffc063c424abb6e1638
2015-09-22Put staticweb middleware after keystoneauth in proxy pipelineEmilien Macchi1-1/+1
The staticweb middleware needs to be put after authentication middlewares to ensure correct functionality as documented in http://docs.openstack.org/developer/swift/middleware.html#staticweb Without this Swift sends a HTML response even if the request was done using a X-Auth-Token. This might result in a faulty handling of the response on the client side; for example, "swift stat containername" would report an empty, private container, while the container might actually be public readable with data stored in it. Closes-bug: 1494896 Change-Id: Id48840e0041f8d272e08def292fbedfaf76bbfbb Co-Authored-By: Christian Schwede <cschwede@redhat.com>
2015-09-22Enable glance-api show_image_direct_url for COWFrançois Charlier1-0/+1
Setting `show_image_direct_url` to true allows to enable Copy-On-Write features when using some storage backends across Nova, Cinder & Glance. It allows for example nearly instantaneous creation of instances root disk and volumes when using RBD as a storage backend for all projects by using Ceph features instead of downloading from Ceph via Glance, then convert the image, then upload to Ceph via Nova or Cinder. Change-Id: I1f56273c6b7c8d3922799cae07a66eebc0884205
2015-09-22Pass default_floating_pool into nova::api classDerek Higgins1-4/+1
We were calling nova_config resource to define it but as of Ic060fc18c8f5d7dc8fcf1d7bd921623dc505a515 its now included as part of the nova::api class. Closes-bug: #1498237 Change-Id: I948f26304536e2d692acf38d994d29167672168b Depends-On: I2789e782a4fd673e09c6334b6d56819c68414c80
2015-09-16Merge "Set pacemaker default resource-stickiness"Jenkins1-0/+2
2015-09-15Merge "Ensure mysql root can only connect from localhost"Jenkins1-0/+1
2015-09-02Set pacemaker default resource-stickinessJiri Stransky1-0/+2
This is required for HA to work correctly. Change-Id: I9faa8fd7bbbac67de5c468ab6fc4edb2260dffe7 Depends-On: https://github.com/redhat-openstack/puppet-pacemaker/pull/61
2015-09-02Set the nova scheduler ram_allocation_ration to 1.0Emilien Macchi1-0/+1
We don't have swap space enabled on overcloud-full deploys as discussed at https://bugs.launchpad.net/tripleo/+bug/1491335 The default is 1.5 so configure Virtual ram to physical ram allocation ratio to 1:1 so we don't allow overcommit. Related-Bug: 1491335 Change-Id: I58cfe6dc68e8615a5519428412dec8c653bd6093
2015-08-04Ensure mysql root can only connect from localhostYanis Guenane1-0/+1
Currently mysql root user can connect in a passwordless way from : * localhost * 127.0.0.1 * ::1 * <HOSTNAME> This patch ensures that the mysql root user can connect only from localhost. Change-Id: If64fd383737c2fbeed4adbe8d98b1f92610956b2
2015-07-28Merge "Keystone token flushing"Jenkins1-0/+3
2015-07-24Merge "Set heat::instance_user to empty string"Jenkins1-0/+1
2015-07-24Keystone token flushingJiri Stransky1-0/+3
Set up a cron job to flush keystone tokens periodically. The job runs once a day near midnight per puppet-keystone defaults, and we pass maxdelay 3600 which means each controller will wait a random delay of up to 1 hour before running the task. Change-Id: I351f0273c61106c182aa3945b7ad1ce8f5c7d12b
2015-07-23Use 'public' instead of 'nova' as default floating pool nameGiulio Fidente1-0/+4
The dafault in nova.conf for default_floating_pool is set to nova which is confusing given to make Tempest tests to pass one has to create a public network with such a name. Change-Id: I148222a9f276309ede062ee5292993898ff899d6
2015-07-13Allow a user to disable MongoDB journalingYanis Guenane1-0/+1
By default MongoDB enables a journaling system that prevents loss of data in case of an unexpected shut-down. When journaling is enabled, MongoDB will create the journal files before actually starting the daemon[1]. The journaling feature is useful in production environment, but not really on a CI-like system, where we only want to make sure MongoDB is setup correctly and running, hence here we allow a user to enable/disable MongoDB journaling. [1] http://docs.mongodb.org/manual/core/journaling/ Change-Id: I0e4e65af9f650c10fdf5155ff709b4eb984cf4e1 Closes-bug: #1468246