summaryrefslogtreecommitdiffstats
path: root/puppet/hieradata
AgeCommit message (Collapse)AuthorFilesLines
2016-07-04Merge "Don't set selinux in 'permissive' mode on CephStorage nodes"Jenkins1-2/+0
2016-07-04Merge "Add Rabbit/epmd port to firewall"Jenkins1-0/+1
2016-07-01Add Rabbit/epmd port to firewallRaoul Scarazzini1-0/+1
This commit adds the epmd port 4369 to the firewall configuration for the service rabbit. This is necessary for having HA setups working, since without this port the rabbitmq cloned resource starts only on one node and the others are not able to complete the rabbit cluster creation. Change-Id: Iae042dd60a578e158b75539dc3998fc40185b343
2016-06-30First iteration of libvirt and nova-compute as a composable servicesEmilien Macchi1-2/+0
This is a first iteration of implementing libvirt and nova compute as composable services. Note: some parameters are still in puppet/compute.yaml -- we'll move them later in a next iteration. Implements: blueprint composable-services-within-roles Depends-On: I0b765f8cb08633005c1fc5a5a2a8e5658ff44302 Change-Id: I752198cdf231ef13062ba96c3877e5defd618c3a
2016-06-30Merge "Basic support for deploying Ironic in overcloud"Jenkins1-0/+8
2016-06-29Basic support for deploying Ironic in overcloudImre Farkas1-0/+8
Note that this change is not enough yet to deploy bare metal instances, it only deploys Ironic services themselves and makes sure they work. Also it does not support HA for now. Co-Authored-By: Dmitry Tantsur <dtansur@redhat.com> Partially-implements: blueprint ironic-integration Change-Id: I541be905022264e2d4828e7c46338f2e300df540
2016-06-29Don't set selinux in 'permissive' mode on CephStorage nodesGiulio Fidente1-2/+0
Change-Id: I469f2bd429eba23b2010b7380e794c67b18e7a47 Depends-On: I1aa46086f69e7c3efd2782da62fd18ade8343fde Partial-Bug: 1595518
2016-06-21Merge "Change Aodh to use own backend"Jenkins1-0/+9
2016-06-20Change Aodh to use own backendPradeep Kilambi1-0/+9
Currently aodh uses ceilometer backend, instead change it to use its own mysql db. Change-Id: Idaa879af4e6946e804111d581402e620beb89885
2016-06-20Allow sahara ports in firewallBen Nemec1-0/+4
Both with and without SSL. Change-Id: I3163cbac8cb37e03ae298fa02e85bdaa66157471
2016-06-20Allow pacemaker ports in firewallBen Nemec1-0/+9
This is required to allow ha deployments with ManageFirewall: True These are the ports documented in [1]. 1: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Configuring_the_Red_Hat_High_Availability_Add-On_with_Pacemaker/index.html#s1-firewalls-HAAR Change-Id: I446cc0ed863df15e28fa8ec1f5e2a06c5c03af8c Closes-Bug: 1594470
2016-06-16Stop using deprecated port param in firewall rulesBen Nemec1-27/+27
This has been removed by the puppet-firewall module in favor of explicit dport and sport params. I believe in every case we are intending to set dport, so that's what this change does. Change-Id: I35c9efca691f865f2e2562ee81a7195d48d27d7a
2016-06-14Enable nova-compute as a composable serviceSven Anderson1-2/+0
Implement NovaCompute service using nova-base for common parameters. Depends-On: I57f729daf675674ce37b49e17652c575715fbe23 Implements: blueprint composable-services-within-roles Change-Id: I4494a94a3813d255b9f2d5a18874efd6a63737df
2016-06-14Enable nova-consoleauth as a composable serviceEmilien Macchi1-1/+0
Implement NovaConsoleauth service using nova-base for common meters. Depends-On: I955b4fc07dc07d8adc32411848e3e131d77a5123 Implements: blueprint composable-services-within-roles Change-Id: I7248f9c0a7a575675a2c2551ca9f8f51290a6656
2016-06-14Enable nova-scheduler as a composable serviceEmilien Macchi1-2/+0
Implement NovaScheduler service using nova-base for common parameters. Depends-On: I5e1c90e3c6dc556f872ced73744c5c74caaa3635 Change-Id: Ie50716a09c53d656835b16991128c94b35cf1ed2 Implements: blueprint composable-services-within-roles
2016-06-07Merge "Don't overwrite ceph osd_journal_size"Jenkins1-1/+0
2016-06-06Enable nova-conductor as a composable serviceEmilien Macchi1-1/+0
Implement NovaConductor service using nova-base for common parameters. * Move rabbitmq parameters from controller.yaml to nova-base service, as an example. More parameters will move in the future. * Move nova-conductor bits from monolithic manifests to the new service using new profiles from puppet-tripleo. Depends-On: Iaaf3a3c2528d9747e41f360a1fe55f95ed37b2d1 Implements: blueprint composable-services-within-roles Change-Id: I178f092b74ae12f2cb6f006db7cb00e4d6bddfd8
2016-06-02Switch Cinder Api/Scheduler/Volume to composable rolesGiulio Fidente1-1/+0
Uses a shared cinder-base resource to do the database and messaging configuration for all three services. Depends-On: I3c6d5226eed5f0f852b0ad9476c7cd9a959fda69 Change-Id: I47c5fd190efca5f02e73fd22aba6cda573daf5cc
2016-06-02Merge "Take 'host' parameter from neutron manifest into use"Jenkins1-0/+2
2016-06-02Merge "Take 'host' parameter from nova manifest into use"Jenkins1-0/+1
2016-06-01Merge "Set rabbitmq loopback_users explicitely"Jenkins1-0/+1
2016-06-01Enable proxy header handling for novaJuan Antonio Osorio Robles1-0/+1
Nova is using http_proxy_to_wsgi middleware[1][2]. This parses the headers provided by the proxy, and helps us properly use TLS for keystone discovery. There was an option introduced in this middleware to have it disabled by default, and this change enables it. [1] Ia78f73e96585ab33a379a0b0be6d9682f7fbd810 [2] I808469f24066d382decf55b9dad5312d6e068da7 Change-Id: I3918f24c0c87cb626a28645b46e3df6360d5f924
2016-06-01Take 'host' parameter from neutron manifest into useJuan Antonio Osorio Robles1-0/+2
Recently the 'host' parameter was added to the neutron manifest. So we no longer need to manually add it to the configuration. Change-Id: I6cb73c6d5da8b99680dec97e03ac4805451835fb Depends-On: I81b86208826e99beccafd2871ce2afd45394e37f
2016-06-01Take 'host' parameter from nova manifest into useJuan Antonio Osorio Robles1-0/+1
Recently the 'host' parameter was added to the nova manifest. So we no longer need to manually add it to the configuration. Change-Id: I6f3dc50ea8737e5e7cd859685a9308edff976f31 Depends-On: Icce3ebc401442651942f8de3eabffadaad812377
2016-05-31Merge "Cleanup hieradata to reduce Puppet warnings"Jenkins2-0/+2
2016-05-31Cleanup hieradata to reduce Puppet warningsEmilien Macchi2-0/+2
Some puppet parameters were deprecated, some of them removed. This patch reduce the number of warnings to a few, and the rest of warnings are bugs that are in progress by Puppet OpenStack team. This patch is mostly some cleanup so we don't have useless warnings in Puppet catalog. Changes: * Update Ceilometer auth params * Update Neutron auth params * Update Heat auth params * Update Swift hash suffix param * Remove neutron::server::notifications::nova_url, useless. Change-Id: Ie32681a1fe32735f70ba372630da09f91227298c
2016-05-31Don't overwrite ceph osd_journal_sizeErno Kuvaja1-1/+0
The default journal size is 5 gigs. This change stops us overwriting it with 1 gig that is too small for production. The config value is used by ceph only when it creates the journal so this does not affect upgrades. Change-Id: I4bfd2ab47e131d8fcdd5dc75a5a56cfae8b22d5a
2016-05-30loadbalancer: update hiera parameters for HAproxy/keepalived splitEmilien Macchi1-20/+20
In puppet-tripleo, we split loadbalancer.pp in 2 classes to be more composable: haproxy & keepalived. This patch is just updating all hiera parameters related to HAproxy & keepalived. Depends-On: I46ed8348dc990d9aa0d896e1abea3b30a8292634 Change-Id: Ibf56184cd10af1d0dcae773c02b0f31a6204badf
2016-05-27Enable proxy header handling for cinderJuan Antonio Osorio Robles1-0/+4
Cinder is using http_proxy_to_wsgi middleware. This parses the headers provided by the proxy, and helps us properly use TLS for keystone discovery. There was an option introduced in this middleware to have it disabled by default, and this change enables it. Change-Id: Ia33b3fa04d71eab10effd0b33eb2c194282cd15b
2016-05-26Set rabbitmq loopback_users explicitelyMichele Baldessari1-0/+1
In Fedora/RHEL land we carry a patch that sets the loopback_users config explicitely to []. Since this patch diverges from upstream and sometimes gets dropped by mistake during rebases, let's set this value explicitely in our config files, instead of relying on a patch that is distro-specific. The patch is here: http://pkgs.fedoraproject.org/cgit/rpms/rabbitmq-server.git/tree/rabbitmq-server-0004-Allow-guest-login-from-non-loopback-connections.patch Change-Id: If9ca05b38a8bd2a6834c08336a816bbd0ae1ea94
2016-05-16Remove Nova EC2 deploymentEmilien Macchi1-2/+0
Nova EC2 does not exist anymore since Mitaka, parameters are already deprecated in Mitaka and send warnings to the Puppet catalog. The service has been replaced by ec2api project, where Puppet OpenStack team is currently writting a module. In the meantime we add support in TripleO, this patch removes all occurences of Nova EC2 configuration, which are useless and send warnings for nothing. Change-Id: Ief2d0e5c77b5ac58560606fee930fbd66c40ffc3
2016-05-10composable neutron dhcp serviceDan Prince1-2/+0
Adds new puppet and puppet pacemaker specific services for the Neutron DHCP agent. Depends-On: Ibbfd79421f871e41f870745a593cca65e8c0e58a Partially-implements: blueprint composable-services-within-roles Change-Id: Ia61295943e67efe354a51a26fe4540f288ff6ede
2016-05-10Set nova neutron auth back to 'v3password'.Derek Higgins1-0/+2
Puppet-nova recently changed the default neutron auth setting in I3416ae594e972e40ff0336779258a887987e46b1 to 'password'. This single setting seems to break the tripleo upgrades job. Setting it here manually for now and following up in puppet-nova. Closes-bug: #1580076 Change-Id: I3f38a3e1ef3378a272a51ecbc1e8a801c8d3608a
2016-05-04Pass parameters to manage endpoints via puppetJuan Antonio Osorio Robles1-0/+15
This commit passes the necessary hieradata in order to create the endpoints, users and roles of the services in keystone via puppet. Change-Id: I2470dfa4661be7ba8218f6035fffa05f547214f0
2016-04-15Enable client address in Horizon's logs.Dimitri Savineau1-0/+1
Horizon's backends (httpd) see IP address of the haproxy in the logs instead of the client address. This patch allows to: - Install the remoteip httpd module [1]. - Use the X-Forwarded-For HTTP header and override the haproxy address. - Configure the Horizon's logs with the client address via httpd logformat. [1] https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html [2] https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#logformat Change-Id: Ib2f215913065426848b48f6293f33a75aff3d328 Depends-On: I54f0f5549d64768dacca71539c71a28cc99d9d95
2016-04-11Deploy Gnocchi as a Ceilometer metrics storage backendPradeep Kilambi3-0/+27
* Deploy Gnocchi API. * Storage backends: swift, rbd and file. * Indexer backend default to mysql * Configure Ceilometer to send metrics datas to Gnocchi * Pacemaker config Depends-On: Ic8778a3104e0ed0460423e4bf857682220dc5802 Depends-On: I7d2eb9405e0171fc54fa0b616122f69db5f51ce2 Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Change-Id: Ifde17b1ab8fa2b30544633e455e1c7eb475705aa
2016-04-06Increase corosync token timeoutJiri Stransky1-0/+1
This might prevent dropping members from corosync cluster on high load environments. Symptoms of this problem happening can sometimes be found in corosync log: dub 05 17:23:45 overcloud-controller-0 corosync[14152]: [MAIN ] Corosync main process was not scheduled for 3691.8391 ms (threshold is 1320.0000 ms). Consider token timeout increase. The default in the Puppet manifest is 1 second, which matches the corosync default, and we override it with hiera to 10 seconds. Change-Id: I5ea850ada657e5eecafa3e8b28613a0ac48e78f3
2016-04-01Disable Nova v3 APIJiri Stransky1-1/+0
Microversions since Nova API v2.1 are aimed to replace the v3 work. The /v2.1 is backwards compatible with the legacy /v2 endpoint. What we called in the past /v3 is now something defunct in-tree. The /v2.1 API is based on the v3 work, but there are many things that differ, in particular with the backwards-compat thing. We keep the /v2 path in api-paste.ini for making sure an upgrade doesn't trample operators and users but if you look in tree, that's redirecting to the v2.1 codepath (just not asking for microversions). In summary, we only need one endpoint, ie. /v2.1. Additional information at https://bugzilla.redhat.com/show_bug.cgi?id=1291291 Related-Bug: #1564372 Change-Id: I1654665663bc5a19c201f7d25407910654ac1308 Depends-On: I6d64b8bcd0f79f1f298ddc809e6d92fbc2985c45
2016-03-24Merge "Deploy Aodh services, replacing Ceilometer Alarm"Jenkins2-0/+9
2016-03-23Remove the glance/rbd user name from static hieradataGiulio Fidente1-1/+0
The static setting for the glance/rbd user name was overriding any customization provided via template param because it was up in the hierarchy for the controller nodes. More at: https://bugzilla.redhat.com/show_bug.cgi?id=1308889 Change-Id: I3d112de7eeffd524fb1308d5976a28f04aa5ff23
2016-03-20Deploy Aodh services, replacing Ceilometer AlarmPradeep Kilambi2-0/+9
Ceilometer Alarm is deprecated in Liberty by Aodh. This patch: * manage Aodh Keystone resources * deploy Aodh API under WSGI, Notifier, Listener and Evaluator * manage new parameters to customize Aodh deployment * uses ceilometer DB for the upgrade path * pacemaker config * Add migration logic to remove pcs resources Depends-On: I5333faa72e52d2aa2a622ac2d4b60825aadc52b5 Depends-On: Ib6c9c4c35da3fb55e0ca8e2d5a58ebaf4204d792 Co-Authored-By: Emilien Macchi <emilien@redhat.com> Change-Id: Ib47a22884afb032ebc1655e1a4a06bfe70249134
2016-03-14Merge "Keystone domain for Heat"Jenkins1-0/+7
2016-03-10Allow the vnc server to bind on IPv6 address on computesMarius Cornea1-1/+0
Currently the vnc server on the compute nodes binds on 0.0.0.0. which only works with IPv4 addresses, it breaks connectivity with IPv6 addressing. This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1300678. Change-Id: Id642d224fb3c62f786453dc684634adca1c2c09d Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
2016-03-10Keystone domain for HeatMartin Mágr1-0/+7
This patch adds support for configuring Keystone domain for Heat via heat-keystone-setup-domain script. It should be reverted as soon as Keystone v3 is fully functional. This patch won't be fully functional without either python-keystoneclient fix [1] or workaround [2]. [1] https://bugs.launchpad.net/python-keystoneclient/+bug/1452298 [2] https://review.openstack.org/180563 Change-Id: Ie9cdd518b299c141f0fdbb3441a7761c27321a88 Co-Authored-By: Jiri Stransky <jistr@redhat.com> Depends-On: Ic541f11978908f9344e5590f3961f0d31c04bb0c
2016-03-08Merge "Permits configuration of Cinder enabled_backend via hieradata"Jenkins2-0/+3
2016-03-08Increase default netdev_max_backlog to 10xGiulio Fidente1-0/+2
It has been observed that on large clouds the netdev backlog buffer might overflow. This change increases the default by ten times. The /proc/net/softnet_stat file contains a counter in the 2nd column that is incremented when the netdev backlog queue overflows. If this value is incrementing over time, then netdev_max_backlog needs to be increased [1]. [1]. https://bugzilla.redhat.com/show_bug.cgi?id=1283676 Change-Id: Iec12324fd3a24e8b608b1e1849c270cc24cb0e60
2016-03-04Revert "Deploy Aodh services, replacing Ceilometer Alarm"James Slagle2-9/+0
This just a revert to see if reverting this gets back to a normal CI run time. This reverts commit f72aed85594f223b6f888e6d0af3c880ea581a66. Change-Id: I04a0893f6cf69f547a4db26261005e580e1fc90b
2016-03-04Merge "Set notification driver for nova to send"Jenkins1-1/+1
2016-03-03Deploy Aodh services, replacing Ceilometer AlarmEmilien Macchi2-0/+9
Ceilometer Alarm is deprecated in Liberty by Aodh. This patch: * manage Aodh Keystone resources * deploy Aodh API under WSGI, Notifier, Listener and Evaluator * manage new parameters to customize Aodh deployment * uses ceilometer DB for the upgrade path * pacemaker config Depends-On: I9e34485285829884d9c954b804e3bdd5d6e31635 Depends-On: I891985da9248a88c6ce2df1dd186881f582605ee Depends-On: Ied8ba5985f43a5c5b3be5b35a091aef6ed86572f Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Change-Id: I58d419173e80d2462accf7324c987c71420fd5f6
2016-03-02Merge "Use service tenant for ceilometer"Jenkins1-3/+1