summaryrefslogtreecommitdiffstats
path: root/puppet/hieradata
AgeCommit message (Collapse)AuthorFilesLines
2015-10-05Fix MariaDB account removal race conditionJiri Stransky1-1/+0
The removal of default MariaDB accounts was being triggered roughly at the same time on all controllers, causing a race condition -- multiple nodes found an account present and attempted deletion, but then only one succeeded with the deletion, the others failed. HA controller deletes the accounts only on bootstrap node now, which fixes the issue. Change-Id: Ieacd10a6ce26da50f6a37eaa3221d866c24353fa
2015-10-01Merge "swift::storage::all deprecation cleanup"Jenkins1-1/+4
2015-09-25Adding core_plugin, type_drivers and service_plugins parametersShiva Prasad Rao2-8/+0
Make core_plugin, type_drivers and service_plugins parameter in neutron configurable through heat. Also changing the type_drivers order to "vxlan,vlan,flat,gre" Change-Id: Iba895ed5897bdaf7bb772ffc063c424abb6e1638
2015-09-23Merge "Remove default_floating_pool in compute.yaml"Jenkins1-1/+0
2015-09-22Put staticweb middleware after keystoneauth in proxy pipelineEmilien Macchi1-1/+1
The staticweb middleware needs to be put after authentication middlewares to ensure correct functionality as documented in http://docs.openstack.org/developer/swift/middleware.html#staticweb Without this Swift sends a HTML response even if the request was done using a X-Auth-Token. This might result in a faulty handling of the response on the client side; for example, "swift stat containername" would report an empty, private container, while the container might actually be public readable with data stored in it. Closes-bug: 1494896 Change-Id: Id48840e0041f8d272e08def292fbedfaf76bbfbb Co-Authored-By: Christian Schwede <cschwede@redhat.com>
2015-09-22swift::storage::all deprecation cleanupDan Prince1-1/+4
This patch adds settings for swift::storage::all so that we set the recommended the incoming and outgoing chmod permissions. Depends-On: I627ab2255087b0ebc2d3ddc9cd4a7a7d254abb65 Change-Id: I2f14c9afe7b7135ad1bfecb9db0a39bfc3b4d03a
2015-09-22Remove default_floating_pool in compute.yamlJames Slagle1-1/+0
This is unused on compute nodes and does not need to be specified. Further, nova::api is not even included in the compute puppet manifest, so it had no effect anyway. Change-Id: I7589bf544fb1ddad3cd371869756cb880c0bac37
2015-09-22Pass default_floating_pool into nova::api classDerek Higgins2-7/+3
We were calling nova_config resource to define it but as of Ic060fc18c8f5d7dc8fcf1d7bd921623dc505a515 its now included as part of the nova::api class. Closes-bug: #1498237 Change-Id: I948f26304536e2d692acf38d994d29167672168b Depends-On: I2789e782a4fd673e09c6334b6d56819c68414c80
2015-09-16Merge "Set pacemaker default resource-stickiness"Jenkins1-0/+2
2015-09-15Merge "Ensure mysql root can only connect from localhost"Jenkins1-0/+1
2015-09-10Merge "Set the nova scheduler ram_allocation_ration to 1.0"Jenkins1-0/+1
2015-09-02Set pacemaker default resource-stickinessJiri Stransky1-0/+2
This is required for HA to work correctly. Change-Id: I9faa8fd7bbbac67de5c468ab6fc4edb2260dffe7 Depends-On: https://github.com/redhat-openstack/puppet-pacemaker/pull/61
2015-09-02Set the nova scheduler ram_allocation_ration to 1.0Emilien Macchi1-0/+1
We don't have swap space enabled on overcloud-full deploys as discussed at https://bugs.launchpad.net/tripleo/+bug/1491335 The default is 1.5 so configure Virtual ram to physical ram allocation ratio to 1:1 so we don't allow overcommit. Related-Bug: 1491335 Change-Id: I58cfe6dc68e8615a5519428412dec8c653bd6093
2015-08-18Enable Keystone notificationsGiulio Fidente1-0/+1
This change enables Keystone notifications and adds two parameters to control the notification driver and format. Change-Id: I23ac3c46ee9eb49523d3b8dab027ef21fc6e42df
2015-08-06Merge "Drive DB initialization via Hiera"Jenkins1-0/+55
2015-08-04Ensure mysql root can only connect from localhostYanis Guenane1-0/+1
Currently mysql root user can connect in a passwordless way from : * localhost * 127.0.0.1 * ::1 * <HOSTNAME> This patch ensures that the mysql root user can connect only from localhost. Change-Id: If64fd383737c2fbeed4adbe8d98b1f92610956b2
2015-07-28Merge "Keystone token flushing"Jenkins1-0/+3
2015-07-24Merge "Set rabbitmq heatbeat timeout threshold to 60"Jenkins1-0/+6
2015-07-24Merge "Ensure SELinux is permissive on Ceph OSDs"Jenkins1-1/+3
2015-07-24Merge "Set heat::instance_user to empty string"Jenkins1-0/+1
2015-07-24Keystone token flushingJiri Stransky1-0/+3
Set up a cron job to flush keystone tokens periodically. The job runs once a day near midnight per puppet-keystone defaults, and we pass maxdelay 3600 which means each controller will wait a random delay of up to 1 hour before running the task. Change-Id: I351f0273c61106c182aa3945b7ad1ce8f5c7d12b
2015-07-23Use 'public' instead of 'nova' as default floating pool nameGiulio Fidente2-0/+6
The dafault in nova.conf for default_floating_pool is set to nova which is confusing given to make Tempest tests to pass one has to create a public network with such a name. Change-Id: I148222a9f276309ede062ee5292993898ff899d6
2015-07-21Drive DB initialization via HieraDan Prince1-0/+55
This patch moves most of the ::db::mysql parameter initialization into a new database.yaml Hiera file. This cleans up the controller manifests and allows us to define things in a single location across the two implementations (HA and nonHA). Change-Id: I895b753b329097a96a6c6f3a03a5fcebefe32dd4
2015-07-20Merge "Ensure compute nodes use internalURL as catalog_info"Jenkins1-0/+4
2015-07-20Merge "Allow overlapping IPs in Neutron"Jenkins1-0/+1
2015-07-18Set rabbitmq heatbeat timeout threshold to 60Dan Prince1-0/+6
Updates the default settings for Nova, Neutron, Cinder, Ceilometer, and Heat services so we set the default rabbitmq threshold to 60 seconds. Change-Id: If537ae16968eb6b264b2ab071144f1eecab18b64
2015-07-17Allow overlapping IPs in NeutronJiri Stransky1-0/+1
Change-Id: I7703013b62bd67869c268fb8689389ec0eeb5aad
2015-07-17Ensure CinderStorage nodes use internalURL as catalog_infoGiulio Fidente1-0/+6
By default Cinder will get the publicURL for Nova and Swift, which is not reachable by the CinderStorage nodes. Change-Id: I25b7900c9ab261e0f706257ffdf6844533b63b94
2015-07-17Ensure compute nodes use internalURL as catalog_infoGiulio Fidente1-0/+4
By default Nova will get the publicURL instead, which is not reachable by the compute nodes. Change-Id: I57b6a7a7eddb0ffaf6d2d152d932f390c48f908e
2015-07-15Merge "Adds the NeutronTunnelIdRanges and NeutronVniRanges parameters"Jenkins1-5/+1
2015-07-13Ensure SELinux is permissive on Ceph OSDsJiri Stransky1-1/+3
Currently we build the overcloud image with selinux-permissive element in CI. However, even in environments where selinux-permissive element is not used, it should be ensured that SELinux is set to permissive mode on nodes with Ceph OSD [1]. We have no nice way to manage SELinux status via Puppet at the moment, so i'm resorting to execs, but with proper "onlyif" guards. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1241422 Change-Id: I31bd685ad4800261fd317eef759bcfd285f2ba80
2015-07-13Adds the NeutronTunnelIdRanges and NeutronVniRanges parametersmarios1-5/+1
This adds the NeutronTunnelIdRanges and NeutronVniRanges parameters which govern the GRE or VXLAN tunnel IDs (respectively) that are to be made available for overcloud tenant networks. These both default to "1:1000," to retain the current behaviour. They are propagated to the hiera data for puppet deploys and there is a separate change to support passing these into the config via the neutron tripleo-image-element at https://review.openstack.org/#/c/199592/ Change-Id: I967a8cae218a31e888abc438e9de5756ae627adb Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1240631
2015-07-13Allow a user to disable MongoDB journalingYanis Guenane1-0/+1
By default MongoDB enables a journaling system that prevents loss of data in case of an unexpected shut-down. When journaling is enabled, MongoDB will create the journal files before actually starting the daemon[1]. The journaling feature is useful in production environment, but not really on a CI-like system, where we only want to make sure MongoDB is setup correctly and running, hence here we allow a user to enable/disable MongoDB journaling. [1] http://docs.mongodb.org/manual/core/journaling/ Change-Id: I0e4e65af9f650c10fdf5155ff709b4eb984cf4e1 Closes-bug: #1468246
2015-07-09Adds the NeutronDhcpAgentsPerNetwork parametermarios1-1/+0
Currently for both puppet and image-elements based deploys we set the dhcp_agents_per_network in neutron.conf to 2 and there is no control over that number (in the hieradata for the former and the image element for the latter). This change adds the NeutronDhcpAgentsPerNetwork parameter and also changes the default to 3 when not explicitly set. In the puppet case propagate this parameter in the hieradata for the neutron class and in the non-puppet case expose a new item in the neutron config to be consumed by the neutron image element (that change will point here) Change-Id: Id97c7796db7231b636f2001e28412452cf89562b
2015-07-08Set heat::instance_user to empty stringSteve Baker1-0/+1
In the overcloud heat, heat.conf instance_user is set to heat-admin. The consequence of this is that SSHing into heat created guest VMs will require the user 'heat-admin'. I predict that this will result in user confusion as to how to SSH into their VMs since they will be attempting default usernames (centos, cloud-user etc) or the documented heat default user (ec2-user) This change sets it to an empty string so that default usernames are used. This change depends on the puppet-heat fix to allow empty string instance_user: Depends-On: I9e8be0dd50709d271fc81683770c78380724e405 Change-Id: Id14bf3a4ac1b1c95797dae16c674b32a2da230f8
2015-07-07Don't set heat_stack_user_role to empty stringBen Nemec1-2/+1
This value doesn't work, and the default of heat_stack_user is fine. See https://github.com/openstack/puppet-heat/blob/989ffa65f4339bfd9612cff3b5ddcc4fd301f695/manifests/engine.pp#L22 Resolves: rhbz#1238844 Change-Id: I247121cb91d2b2a34f0f9f769fb411fcbfe6b571
2015-07-06Allow customization of included classes via hieradataGiulio Fidente5-0/+10
Allows inclusion of additional arbitrary puppet classes by the manifests if defined in the *_classes hieradata. Example: to specify the Nova RAM allocation ratio there is a param in nova::scheduler::filter but we do not include it by default; if needed one can use: nova::scheduler::filter::ram_allocation_ratio: 1.8 controller_classes: - nova::scheduler::filter Change-Id: I61d64d2498bed5c49376dee917d106598392db51
2015-06-29Merge "Drop swift ceilometer middleware."Jenkins1-1/+0
2015-06-26Merge "Set MariaDB package name in RedHat.yaml"Jenkins2-1/+7
2015-06-24Set MariaDB package name in RedHat.yamlDan Prince2-1/+7
This moves the hard coded package name for mariadb into the RedHat specific hieradata file. This was recently added to controller.yaml in a1b3fa3e84185b6969a8acfda475fe7fc48bd5a1. Also, resolves an issue where RedHat.yaml wasn't actually getting deployed. This is something that should have happened in 5009cc64322e9fb5723799eb9fbd79076a2dc5da. Change-Id: Iaa30be3c53a7c54d31d47b997966b0106a202ea4
2015-06-24Do not set explicitly galera_master to any of the nodesGiulio Fidente1-4/+1
We will manage nodes membership using the clustercheck script and marking all backends as backup, see change: I7199c7e5d759a76f58c0f48b40e9d460a3163886 Related-Bug: 1467918 Change-Id: I56ebd2d8405ac35c707666d993b396f04aeb683e
2015-06-23Merge "Specify mariadb package name to meet puppetlabs-mysql requirement"Jenkins1-0/+1
2015-06-21Drop swift ceilometer middleware.Dan Prince1-1/+0
Per Ceilometer commit 191f7bf9ccee33d8444f7dac5c09ceccce72ca29 (change ID: Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97) the Swift Ceilometer middleware no longer exists so we need to drop it in order to work with the latest upstream package. Change-Id: Iebaad0ba477001d663c6875b32d691bbfcda3d8d
2015-06-18Enable httpd balancing for HorizonGiulio Fidente1-0/+1
We need to customize the default apache::ip param or the default vhost configured will listen on ::80 Change-Id: I195a083f727da940841beb3a0c37dade02c6d1ca
2015-06-12Adds horizon to pacemaker when puppet-pacemaker is enabledmarios1-0/+2
Adds the horizon (httpd) service as pacemaker resource Also adds a default for the horizon::django_session_engine [1] which was previously unconfigured. Also adds a server-status.conf for httpd/pacemaker [2] [1] https://docs.djangoproject.com/en/dev/topics/http/sessions/#using-cached-sessions [2] https://github.com/beekhof/osp-ha-deploy/blob/master/pcmk/horizon.scenario#L72 Change-Id: I320837dfecf3241355e8a3345d0ff271592da491
2015-06-05Fix list of type_drivers for ML2 pluginGiulio Fidente1-0/+5
The list of drivers loaded by the ML2 plugin does not have to match the list of tenant_network_types, this will make ML2 load the flat, gre, vxlan and vlan drivers so that the provider networks can be of flat (default) and vlan type as well. Change-Id: I0b74f86acf5c1ff644deb46c0a1d14129c1882d4
2015-06-03Set VXLAN tunnels range to match GRE rangeGiulio Fidente3-4/+5
Change-Id: I16d259055fe4cd22541cd7abd7a26c71bbbaf292
2015-05-27Specify mariadb package name to meet puppetlabs-mysql requirementYanis Guenane1-0/+1
Specify the MariaDB package name to meet new requirement from puppetlabs-mysql introduce but latest commit[1][2] [1] https://github.com/puppetlabs/puppetlabs-mysql/commit/4bab65edcb98f82f87a4414840fe90ab81b6cea3 [2] https://github.com/puppetlabs/puppetlabs-mysql/commit/29788fb4c492865b5246daef6cbefe99c4aa067d Change-Id: I1b855934a88ceb4995ca1a44394db6b7a20c038d
2015-05-21Add Glance as Pacemaker resourceGiulio Fidente1-1/+0
Change-Id: If87cc4d55e8524246d2cd41a62805f84780006b2
2015-05-20Move sysctl settings into hieradataGiulio Fidente1-0/+8
This will configure the sysctl settings via puppet instead of sysctl image element. Change-Id: Ieb129d4cbe4b6d4184172631499ecd638073564f