summaryrefslogtreecommitdiffstats
path: root/puppet/hieradata
AgeCommit message (Collapse)AuthorFilesLines
2016-05-27Enable proxy header handling for cinderJuan Antonio Osorio Robles1-0/+4
Cinder is using http_proxy_to_wsgi middleware. This parses the headers provided by the proxy, and helps us properly use TLS for keystone discovery. There was an option introduced in this middleware to have it disabled by default, and this change enables it. Change-Id: Ia33b3fa04d71eab10effd0b33eb2c194282cd15b
2016-05-16Remove Nova EC2 deploymentEmilien Macchi1-2/+0
Nova EC2 does not exist anymore since Mitaka, parameters are already deprecated in Mitaka and send warnings to the Puppet catalog. The service has been replaced by ec2api project, where Puppet OpenStack team is currently writting a module. In the meantime we add support in TripleO, this patch removes all occurences of Nova EC2 configuration, which are useless and send warnings for nothing. Change-Id: Ief2d0e5c77b5ac58560606fee930fbd66c40ffc3
2016-05-10composable neutron dhcp serviceDan Prince1-2/+0
Adds new puppet and puppet pacemaker specific services for the Neutron DHCP agent. Depends-On: Ibbfd79421f871e41f870745a593cca65e8c0e58a Partially-implements: blueprint composable-services-within-roles Change-Id: Ia61295943e67efe354a51a26fe4540f288ff6ede
2016-05-10Set nova neutron auth back to 'v3password'.Derek Higgins1-0/+2
Puppet-nova recently changed the default neutron auth setting in I3416ae594e972e40ff0336779258a887987e46b1 to 'password'. This single setting seems to break the tripleo upgrades job. Setting it here manually for now and following up in puppet-nova. Closes-bug: #1580076 Change-Id: I3f38a3e1ef3378a272a51ecbc1e8a801c8d3608a
2016-05-04Pass parameters to manage endpoints via puppetJuan Antonio Osorio Robles1-0/+15
This commit passes the necessary hieradata in order to create the endpoints, users and roles of the services in keystone via puppet. Change-Id: I2470dfa4661be7ba8218f6035fffa05f547214f0
2016-04-15Enable client address in Horizon's logs.Dimitri Savineau1-0/+1
Horizon's backends (httpd) see IP address of the haproxy in the logs instead of the client address. This patch allows to: - Install the remoteip httpd module [1]. - Use the X-Forwarded-For HTTP header and override the haproxy address. - Configure the Horizon's logs with the client address via httpd logformat. [1] https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html [2] https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#logformat Change-Id: Ib2f215913065426848b48f6293f33a75aff3d328 Depends-On: I54f0f5549d64768dacca71539c71a28cc99d9d95
2016-04-11Deploy Gnocchi as a Ceilometer metrics storage backendPradeep Kilambi3-0/+27
* Deploy Gnocchi API. * Storage backends: swift, rbd and file. * Indexer backend default to mysql * Configure Ceilometer to send metrics datas to Gnocchi * Pacemaker config Depends-On: Ic8778a3104e0ed0460423e4bf857682220dc5802 Depends-On: I7d2eb9405e0171fc54fa0b616122f69db5f51ce2 Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Change-Id: Ifde17b1ab8fa2b30544633e455e1c7eb475705aa
2016-04-06Increase corosync token timeoutJiri Stransky1-0/+1
This might prevent dropping members from corosync cluster on high load environments. Symptoms of this problem happening can sometimes be found in corosync log: dub 05 17:23:45 overcloud-controller-0 corosync[14152]: [MAIN ] Corosync main process was not scheduled for 3691.8391 ms (threshold is 1320.0000 ms). Consider token timeout increase. The default in the Puppet manifest is 1 second, which matches the corosync default, and we override it with hiera to 10 seconds. Change-Id: I5ea850ada657e5eecafa3e8b28613a0ac48e78f3
2016-04-01Disable Nova v3 APIJiri Stransky1-1/+0
Microversions since Nova API v2.1 are aimed to replace the v3 work. The /v2.1 is backwards compatible with the legacy /v2 endpoint. What we called in the past /v3 is now something defunct in-tree. The /v2.1 API is based on the v3 work, but there are many things that differ, in particular with the backwards-compat thing. We keep the /v2 path in api-paste.ini for making sure an upgrade doesn't trample operators and users but if you look in tree, that's redirecting to the v2.1 codepath (just not asking for microversions). In summary, we only need one endpoint, ie. /v2.1. Additional information at https://bugzilla.redhat.com/show_bug.cgi?id=1291291 Related-Bug: #1564372 Change-Id: I1654665663bc5a19c201f7d25407910654ac1308 Depends-On: I6d64b8bcd0f79f1f298ddc809e6d92fbc2985c45
2016-03-24Merge "Deploy Aodh services, replacing Ceilometer Alarm"Jenkins2-0/+9
2016-03-23Remove the glance/rbd user name from static hieradataGiulio Fidente1-1/+0
The static setting for the glance/rbd user name was overriding any customization provided via template param because it was up in the hierarchy for the controller nodes. More at: https://bugzilla.redhat.com/show_bug.cgi?id=1308889 Change-Id: I3d112de7eeffd524fb1308d5976a28f04aa5ff23
2016-03-20Deploy Aodh services, replacing Ceilometer AlarmPradeep Kilambi2-0/+9
Ceilometer Alarm is deprecated in Liberty by Aodh. This patch: * manage Aodh Keystone resources * deploy Aodh API under WSGI, Notifier, Listener and Evaluator * manage new parameters to customize Aodh deployment * uses ceilometer DB for the upgrade path * pacemaker config * Add migration logic to remove pcs resources Depends-On: I5333faa72e52d2aa2a622ac2d4b60825aadc52b5 Depends-On: Ib6c9c4c35da3fb55e0ca8e2d5a58ebaf4204d792 Co-Authored-By: Emilien Macchi <emilien@redhat.com> Change-Id: Ib47a22884afb032ebc1655e1a4a06bfe70249134
2016-03-14Merge "Keystone domain for Heat"Jenkins1-0/+7
2016-03-10Allow the vnc server to bind on IPv6 address on computesMarius Cornea1-1/+0
Currently the vnc server on the compute nodes binds on 0.0.0.0. which only works with IPv4 addresses, it breaks connectivity with IPv6 addressing. This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1300678. Change-Id: Id642d224fb3c62f786453dc684634adca1c2c09d Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
2016-03-10Keystone domain for HeatMartin Mágr1-0/+7
This patch adds support for configuring Keystone domain for Heat via heat-keystone-setup-domain script. It should be reverted as soon as Keystone v3 is fully functional. This patch won't be fully functional without either python-keystoneclient fix [1] or workaround [2]. [1] https://bugs.launchpad.net/python-keystoneclient/+bug/1452298 [2] https://review.openstack.org/180563 Change-Id: Ie9cdd518b299c141f0fdbb3441a7761c27321a88 Co-Authored-By: Jiri Stransky <jistr@redhat.com> Depends-On: Ic541f11978908f9344e5590f3961f0d31c04bb0c
2016-03-08Merge "Permits configuration of Cinder enabled_backend via hieradata"Jenkins2-0/+3
2016-03-08Increase default netdev_max_backlog to 10xGiulio Fidente1-0/+2
It has been observed that on large clouds the netdev backlog buffer might overflow. This change increases the default by ten times. The /proc/net/softnet_stat file contains a counter in the 2nd column that is incremented when the netdev backlog queue overflows. If this value is incrementing over time, then netdev_max_backlog needs to be increased [1]. [1]. https://bugzilla.redhat.com/show_bug.cgi?id=1283676 Change-Id: Iec12324fd3a24e8b608b1e1849c270cc24cb0e60
2016-03-04Revert "Deploy Aodh services, replacing Ceilometer Alarm"James Slagle2-9/+0
This just a revert to see if reverting this gets back to a normal CI run time. This reverts commit f72aed85594f223b6f888e6d0af3c880ea581a66. Change-Id: I04a0893f6cf69f547a4db26261005e580e1fc90b
2016-03-04Merge "Set notification driver for nova to send"Jenkins1-1/+1
2016-03-03Deploy Aodh services, replacing Ceilometer AlarmEmilien Macchi2-0/+9
Ceilometer Alarm is deprecated in Liberty by Aodh. This patch: * manage Aodh Keystone resources * deploy Aodh API under WSGI, Notifier, Listener and Evaluator * manage new parameters to customize Aodh deployment * uses ceilometer DB for the upgrade path * pacemaker config Depends-On: I9e34485285829884d9c954b804e3bdd5d6e31635 Depends-On: I891985da9248a88c6ce2df1dd186881f582605ee Depends-On: Ied8ba5985f43a5c5b3be5b35a091aef6ed86572f Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Change-Id: I58d419173e80d2462accf7324c987c71420fd5f6
2016-03-02Merge "Use service tenant for ceilometer"Jenkins1-3/+1
2016-03-01Merge "Enable heat-manage purge_deleted cron job"Jenkins1-0/+4
2016-02-25Set notification driver for nova to sendPradeep Kilambi1-1/+1
Currently since nova compute is not configured to send notifications to ceilometer, tempest tests fail on tempest.api.telemetry.test_telemetry_notification_api. Change-Id: I763b7d246ae3f5955b6f555c8fd107d2cac89787
2016-02-25Enable notifications on the overcloudBen Nemec1-0/+1
Configures all services to send notifications to rabbit. The puppet modules are not consistent regarding how this is done - some expose notification config as a top-level param, others you need to set it through a *_config structure, and cinder provides a separate class dedicated to enabling ceilometer notifications. Change-Id: I23e2ddad3c59a06cfbfe5d896a16e6bad2abd943
2016-02-23Permits configuration of Cinder enabled_backend via hieradataGiulio Fidente2-0/+3
It is currently possible to provide arbitrary config settings for Cinder using the "cinder::config::cinder_config:" hiera key. To add a backend though particular one has to edit the list of enabled backends in Cinder too which isn't possible. This change will make it possible using a user-customizable array of backends to be enabled. Change-Id: Ic664c1c2b0f7b1b4b6be8b5064a38650694d4857
2016-02-22Update nova::network::neutron variables to drop deprecated parametersDavid Moreau Simard1-2/+2
This commit ensures we are not using any deprecated parameters for nova::network::neutron and are using the right variable names. Change-Id: Ic1b41e2cdbb6b180496822cc363c433e9388aa02
2016-02-19Merge "Use the class param to configure Cinder 'host' setting"Jenkins1-3/+1
2016-02-19Use the class param to configure Cinder 'host' settingGiulio Fidente1-3/+1
By configuring the Cinder 'host' setting via the appropriate class param instead of cinder_config we don't risk to override it if the user is to pass additional config settings using cinder_config in ExtraConfig. Change-Id: Idf33d87e08355b5b4369ccb0001db8d4c3b4c20f
2016-02-18Add sysctl settings to disable IPv6 autoconfig and accept_raDan Sneddon1-0/+5
This change adds puppet hieradata settings which disable IPv6 autoconfiguration and accept_ra by default on all interfaces. When IPv6 is used, the interfaces are individually enabled and configured with static IP addresses. The networking on the compute host needs to be completely separate from the tenant networking, in order to safeguard the compute host and isolate tenant traffic. This change disables IPv6 autoconfiguration and acceptance of RAs by default on interfaces unless specifically enabled. Without these settings, IPv6 is enabled on all interfaces, as well as autoconfiguration and accept_ra, so when the compute host creates a bridge interface for the router (qbr-<ID>), the compute node will automatically assign an IPv6 address and will install a default IPv6 route on the bridge interface when it receives the RAs from the Neutron router. The change to turn off autoconfiguration means that interfaces will not self-assign an IPv6 address, and the change to not accept RAs is a security hardening feature. This requires that a static gateway address be declared in the network environment in the parameter ExternalNetworkDefaultRoute. Alternately, sysctl can be modified to change the accept_ra behavior for specific interfaces. Change-Id: I8a8d311a14b41baf6e7e1b8ce26a63abc2eaabef Closes-bug: 1544296
2016-02-18Merge "Increase size of connection tracking table"Jenkins1-0/+7
2016-02-12Merge "Nova now requires an api database to be created"Jenkins2-0/+8
2016-02-12Enable heat-manage purge_deleted cron jobSteve Baker1-0/+4
Without this the heat database tables will grow without limit. Change-Id: I687e733db1a73ebc2047609a03be768093010dd4 DependsOn: Ia2b80e5003450cd794ebb0c9ca72200ec8616e81
2016-02-11Merge "puppet: run keystone in wsgi"Jenkins1-0/+2
2016-02-10Nova now requires an api database to be createdDavid Moreau Simard2-0/+8
This enables the creation of the nova_api database that is now mandatory since https://review.openstack.org/#/c/245828/ Change-Id: Ia8242f23864ebb14ccf858a77ba754059e9c2d4a Related-Bug: #1539793
2016-02-09puppet: run keystone in wsgiEmilien Macchi1-0/+2
For both HA & non-HA scenarios, switch puppet-keystone configuration to be run in a WSGI process instead of eventlet. WSGI is the way to go for scaling Keystone, moreover, eventlet won't be support in next OpenStack releases. Co-Authored-By: Dan Prince <dprince@redhat.com> Depends-On: I22a348c298ff44f616b2e898f4872eddea040239 Change-Id: I862b4a68f43347564ec3c0ddc4ec9e1d1c755cf2 Signed-off-by: Jason Guiditta <jguiditt@redhat.com>
2016-02-09Increase size of connection tracking tableJames Slagle1-0/+7
During high load, the default limit of the kernel connection tracking table (65536) is often too low, resuling in error messages such as: kernel: nf_conntrack: table full, dropping packet This patch increases the limit to 500,000. Since the nf_conntrack kernel module is not always loaded by default, it also adds a mechanism to load kernel modules via hieradata using the kmod puppet module. In order to express the needed dependency in puppet that kernel modules are loaded before sysctl settings are applied, the Exec resources tagged with 'kmod::load' are specified in a resource collector to express that that Exec resources with the tag should run before Sysctl resources. Depends-On: I59cc2280ebae315af38fb5008e6ee0073195ae51 Change-Id: Iffa0a77852729786b69945c1e72bc90ad57ce3bb
2016-02-08Set 'host' globally in Cinder instead of per-backend basisGiulio Fidente1-0/+3
This change will set a common value for 'host' across all controllers. We missed to do so for the NFS backend previously. It will still be possible to set a different per-backend 'host' value by providing it via ExtraData. Change-Id: I00fd05660a15be3611e1a394650be6ab713670f9
2016-01-22neutron: delete by default router/dhcp namespacesEmilien Macchi1-0/+2
The 'router_delete_namespaces' (L3 agent) and 'dhcp_delete_namespaces' (DHCP agent) configuration settings default to false OpenStack Neutron resulting in network namespaces not being deleted when no longer needed. Disabling automatic namespace cleanup was appropriate for older Linux distributions but is no longer required. TripleO should set the values to true. Change-Id: I39e1a347d24ecc99b6f878807c47103c4b3f85e1
2016-01-14Enable keystone handling of X-Forwarded-Proto headerJuan Antonio Osorio Robles1-0/+5
If the X-Forwarded-Proto header is received by keystone, this option will make the service properly handle it. This is useful, for instance, if TLS is enabled for the admin endpoint. Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
2016-01-12Merge "Sahara Integration"Jenkins2-0/+9
2016-01-08Use service tenant for ceilometerJames Slagle1-3/+1
Configure ceilometer to use the service tenant instead of the admin tenant. Using the admin tenant is not required and a security risk. This brings the ceilometer configuration in line with the recommendations from the official installation guide: http://docs.openstack.org/kilo/install-guide/install/yum/content/ceilometer-controller-install.html Change-Id: Ia14695eb23a1ff551fd27f74b4cb864e80b100e3 Partial-Bug: #1358237
2016-01-08Sahara IntegrationEthan Gafford2-0/+9
Integration of OpenStack data processing service (sahara) with TripleO. - Deploys sahara in distributed mode (separate api and engine processes on each controller node) - Load balancing w/haproxy - RabbitMQ/MySQL supported per current TripleO standard - Minimal configurability at this time Change-Id: I77a6a69ed5691e3b1ba34e9ebb4d88c80019642c Partially-implements: blueprint sahara-integration Depends-On: I0f0a1dc2eaa57d8226bad8cfb250110296ab9614 Depends-On: Ib84cc59667616ec94e7edce2715cbd7dd944f4ae Depends-On: I9fe321fd4284f7bfd55bd2e69dcfe623ed6f8a2a
2016-01-08Switch for Keystone DB cron jobMartin Mágr1-0/+1
- Adds parameter to enable switching off token flush cron job. - Sets destination for deleted rows to /dev/null Change-Id: I9e8aed969e81595d8a1d0a5300da17da6ba15c03 Partial-bug: rhbz#1249106 Depends-On: I5e51562338f68b4ba1b2e942907e6f6a0ab7a61e
2016-01-06Remove deleted Cinder rowsMartin Mágr1-0/+1
Creates cron job running every 24 hours for "cinder-manage db purge" Partial-bug: rhbz#1249106 Change-Id: I9156e0bf1401eda49a7c9a2921dc3a8723af026d Depends-On: I677f2ef3d9ca81fff0f672c8e34b6e4278674a96
2016-01-04Remove deleted Nova rowsMartin Mágr1-0/+2
Creates cron job running every twelve hours for "nova-manage db archive_deleted_rows" Partial-bug: rhbz#1249106 Depends-On: Ic674f4d39bc88f89abfeb0ce99a571c2534e57e4 Change-Id: I4740cc02aa9714f48798521fe9918ac3487db031
2015-12-04Making nova parameters configurable for nuage-metadata-agentRohit Pagedar2-1/+1
Exposing 'instance_name_template' to be set via extra config for nuage-metadata-agent to function Making nova::api::admin_tenant_name available on the compute node which is required by nuage-metadata-agent service Making KeystonePublicApiVirtualIP available on the compute node, which is used by the nuage-metadata-agent to build the auth-url Change-Id: I9736015e18cebf32b07940bf559063b60085f2fb
2015-11-23Merge "Implement Advanced Firewalling support"Jenkins1-0/+106
2015-11-20Merge "Change default host reserved memory to 2048MB from 512MB"Jenkins1-0/+6
2015-11-19Change default host reserved memory to 2048MB from 512MBJoe Talerico1-0/+6
Results from pmap of idle nova-compute: https://gist.github.com/jtaleric/addd9079d6cdf4f7cf42 Results from free -m and cat /proc/meminfo: https://gist.github.com/jtaleric/410130f09c2aad2dc7e9 bug: https://bugzilla.redhat.com/show_bug.cgi?id=1282644 Change-Id: I9b3ceecabfdae0a516cfc72886fde7b26cc68f82
2015-11-19Implement Advanced Firewalling supportEmilien Macchi1-0/+106
Consume puppet-tripleo to create/manage IPtables from Heat templates. This review put in place the logic to enable and setup firewall rules. A known set of rules are applied. More to come. Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22 Co-Authored-By: Yanis Guenane <yguenane@redhat.com> Depends-On: I144c60db2a568a94dce5b51257f1d10980173325