aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/manifests/overcloud_compute.pp
AgeCommit message (Collapse)AuthorFilesLines
2016-03-14compute: use live_migration_tunnelledEmilien Macchi1-19/+4
In a previous patch [1], we added support for VIR_MIGRATE_TUNNELLED when doing VM shared storage. In Nova Mitaka [2] [3], we have now a parameter called 'live_migration_tunnelled' to whether or not use tunnelled migration. It replaces 'block_migration_flag' and 'live_migration_flag' that are both deprecated. [1] https://review.openstack.org/#/c/286584/ [2] https://review.openstack.org/#/c/263436/ [3] https://review.openstack.org/#/c/263434/ Change-Id: I8b199b6e72c80b2df7b679e0a20e39f8400d0478
2016-03-10compute: include VIR_MIGRATE_TUNNELLED when doing VM shared storageEmilien Macchi1-6/+28
This patch makes sure: * When doing shared storage Nova is configured with block_migration_flag and live_migration_flag = '(...),VIR_MIGRATE_TUNNELLED' flag for security improvements. * When not doing shared storage Nova is not configured with VIR_MIGRATE_TUNNELLED flag because it's not supported by Qemu yet. We need to make sure the value is unset otherwise live migration will fail when not running shared storage for VMs. Note: this patch will be backport to stable branches. In a further iteration, we'll probably use live_migration_tunnelled new Nova parameter which is a simplier way to manage this feature. Co-Authored-By: Kashyap Chamarthy <kchamart@redhat.com> Change-Id: I557c1624ee944a32b1831d504f7b189308cd1961
2016-03-10Support the deployment of Ceph over IPv6Giulio Fidente1-0/+8
To deploy Ceph on IPv6, we need to enable ms_bind_ipv6 in addition to passing the list of MON IPs in brackets. Change-Id: I3644b8fc06458e68574afa5573f07442f0a09190
2016-03-10Allow the vnc server to bind on IPv6 address on computesMarius Cornea1-1/+8
Currently the vnc server on the compute nodes binds on 0.0.0.0. which only works with IPv4 addresses, it breaks connectivity with IPv6 addressing. This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1300678. Change-Id: Id642d224fb3c62f786453dc684634adca1c2c09d Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
2016-03-09Merge "Add missing createUser line to /etc/snmp/snmpd.conf"Jenkins1-1/+1
2016-03-07Set host in nova.conf for compute nodesJames Slagle1-0/+4
In order for instance HA to function safely, nova-compute needs access to the name by which nova knows the current compute node. Since the names of the nova-compute and neutron ml2 agents must be the same for vif binding to work, it also sets the host value in neutron.conf. Change-Id: I7d07c57b7276815c72d08acaa86f673e43eb0498
2016-02-29Add missing createUser line to /etc/snmp/snmpd.confRichard Su1-1/+1
Adds missing configuration which allows overcloud nodes to be polled by undercloud node. One would have expected the snmp::snmpv3_user call to create the missing configuration line. But as noted in this bug, it does not: https://github.com/razorsedge/puppet-snmp/issues/9 Fixes BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1223278 Change-Id: Ieb2d612a27a938b45056bd37176f44cb55543d75 Closes-Bug: 1532700
2016-02-29Merge "OpenContrail heat templates"Jenkins1-0/+9
2016-02-22Add extra config yaml files for big switch agents.xinwu1-0/+4
This change adds extra config yaml files for big switch agent and big switch lldp. This change is mainly for compute nodes. The changes related to controller nodes are landed at e78e1c8d9b5a7ebf327987b22091bff3ed42d1c1 This change also removes the neutron_enable_bigswitch_ml2 flag. Instead, User needs to specify NeutronMechanismDrivers: bsn_ml2 in environment file. Previous discussion about this change can be found at an abandoned review request https://review.openstack.org/#/c/271940/ Depends-On: Iefcfe698691234490504b6747ced7bb9147118de Change-Id: I81341a4b123dc4a8312a9a00f4b663c7cca63d7c
2016-02-18Merge "Increase size of connection tracking table"Jenkins1-0/+2
2016-02-09Increase size of connection tracking tableJames Slagle1-0/+2
During high load, the default limit of the kernel connection tracking table (65536) is often too low, resuling in error messages such as: kernel: nf_conntrack: table full, dropping packet This patch increases the limit to 500,000. Since the nf_conntrack kernel module is not always loaded by default, it also adds a mechanism to load kernel modules via hieradata using the kmod puppet module. In order to express the needed dependency in puppet that kernel modules are loaded before sysctl settings are applied, the Exec resources tagged with 'kmod::load' are specified in a resource collector to express that that Exec resources with the tag should run before Sysctl resources. Depends-On: I59cc2280ebae315af38fb5008e6ee0073195ae51 Change-Id: Iffa0a77852729786b69945c1e72bc90ad57ce3bb
2016-02-03Makes the iSCSI initiator name unique for compute nodesRhys Oxenham1-0/+10
When we utilise images for deployment, the iSCSI initiator name is not unique, leading to problems with live migration. This patch simply updates the iSCSI initiator name to a unique ID randomly generated by iscsi-iname. https://bugzilla.redhat.com/show_bug.cgi?id=1244328 Change-Id: I170e7f45f67fa8ce70436f24807d1ed7808f2c32
2016-01-22puppet: allow config of ad-hoc Neutron settingsDan Prince1-0/+1
Including ::neutron::config on the controller and compute roles will allow ad-hoc (non-puppet managed) settings to be made in all the various neutron config files using Hiera. Change-Id: Ifadc77cdcb60b7075d091d778cb92b0dd75bd949
2016-01-22puppet: allow config of ad-hoc Ceph settingsDan Prince1-0/+1
Including ::ceph::conf on ceph roles will allow ad-hoc (non-puppet managed) settings to be made in the ceph.conf using Hiera. Change-Id: I656a0ecde465023d7afad9371aa3c5c270078a67
2016-01-21OpenContrail heat templatesNicolas Hicher1-0/+9
Deploy a TripleO overcloud with OpenContrail Vrouter plugin configured to interact with an existing OpenContrail Server Manager. OpenContrail is an Apache 2.0-licensed project that is built using standards-based protocols and provides all the necessary components for network virtualization–SDN controller, virtual router, analytics engine, and published northbound APIs. It has an extensive REST API to configure and gather operational and analytics data from the system. Co-Authored-By: Jiri Stransky <jistr@redhat.com> Change-Id: I699a7c4ea09d024fe4d70c6a507c524f0a7aafd5
2016-01-05Add TimeZone parameter for all node typesNico Auv1-0/+2
Adds a TimeZone parameter for node types and the top level stack. Defaults to UTC. Change-Id: I98123d894ce429c34744233fe3e631cbdd7c12b5 Depends-On: Icf7c681f359e3e48b653ea4648db6a73b532d45e
2015-12-21MidoNet heat templatesJaume Devesa1-1/+22
Deploy a TripleO overcloud with networking midonet. MidoNet is a monolithic plugin and quite changes on the puppet manifest must be done. Depends-On: I72f21036fda795b54312a7d39f04c30bbf16c41b Depends-On: I6f1ac659297b8cf6671e11ad23284f8f543568b0 Depends-On: Icea9bd96e4c80a26b9e813d383f84099c736d7bf Change-Id: I9692e2ef566ea37e0235a6059b1ae1ceeb9725ba
2015-12-15Wire Neutron ML2 plugin and OVS agent settings as arraysGiulio Fidente1-10/+3
Wires the following as arrays to the neutron module: - mechanism_drivers - flat_networks - tenant_network_types - tunnel_types - bridge_mappings Also updates the template version to use a Liberty feature which allows serialization of comma_delimited_list into JSON. Tidies up the manifests by removing the class declarations since config is passed by the puppet/controller+compute hiera mapped_data. Change-Id: Ie9f85fb827099f897ef750e267bc3ed3a864fe59 Co-Authored-By: Steven Hardy <shardy@redhat.com>
2015-11-30Changes for configuring NuageRohit Pagedar1-0/+7
Added ExtraConfig templates and environment files for Nuage Networks specific parameters. Modified overcloud_compute.pp to conditionally include nuage-metadata-agent. Change-Id: I28106d8e26ad4d0158fe5e3a13f2f7b21e5c0b28
2015-11-30Changes for configuring NuageLokesh Jain1-12/+20
Added ExtraConfig templates and environment files for Nuage specific parameters. Modified overcloud_compute.pp and overcloud_controller.pp to conditionally include Nuage plugin and agents. Change-Id: I95510c753b0a262c73566481f9e94279970f4a4f
2015-11-19Implement Advanced Firewalling supportEmilien Macchi1-0/+1
Consume puppet-tripleo to create/manage IPtables from Heat templates. This review put in place the logic to enable and setup firewall rules. A known set of rules are applied. More to come. Change-Id: Ib79c23fb27fe3fc03bf223e6922d896cb33dad22 Co-Authored-By: Yanis Guenane <yguenane@redhat.com> Depends-On: I144c60db2a568a94dce5b51257f1d10980173325
2015-11-11Merge "Allow customization of Ceph client user"Jenkins1-1/+2
2015-11-05Allow customization of Ceph client userGiulio Fidente1-1/+2
Previously we enforced the Ceph user used by the OpenStack clients to be named 'openstack', this change allows for customization of such a name. Change-Id: Idef3e1ed4e8e21b645081869b8d6fad2329bdc60
2015-11-05Make puppet manifests compliant with Puppet 4.xGael Chamoulaud1-13/+13
- https://docs.puppetlabs.com/puppet/3.8/reference/deprecated_language.html - Temporary disablement of the pupppet-lint autoload layout check failing for ringbuilder.pp. A fix for that will be part of an other patch. Change-Id: I495825641ab12e7c5789c1405649c356c5bb8051 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-10-12Puppet / Compute: allow to run Ephemeral only storage with RBDEmilien Macchi1-2/+3
This patch allows the case where we're not running Ceph to host Persistent storage (volumes) but just to host Ephemeral storage (VMs). Before we were only allowing Ephemeral storage on Ceph when also Persistent storage was using Ceph. Change-Id: I03b775326e4424de413452f4453d4d88de0083bc
2015-10-08Merge "puppet: allow to configure any ceilometer param with Hiera"Jenkins1-0/+1
2015-10-07Merge "Enable Cisco N1KV driver"Jenkins1-0/+8
2015-10-02puppet: allow to configure any ceilometer param with HieraEmilien Macchi1-0/+1
By including ::ceilometer::config on controller & compute, we allow anyone to trick ceilometer.conf with any parameter, using Hiera. Change-Id: Ie6698d5e6900ecaaf7f19ed79e9c44b39ced0559
2015-10-01Write package names out to flat filesDan Prince1-0/+1
This patch updates all of the overcloud manifests so that we write out flat files containing lists of the Puppet packages which were managed by each manifest. The flat files all get written to /var/lib/puppet-tripleo/installed-packages/ where they can be easily parsed by external tools. Example format from the flat files looks like (for the controller step 1): cat /var/lib/puppet-tripleo/installed-packages/overcloud_controller1 keepalived haproxy Depends-On: If3e03b1983fed47082fac8ce63f975557dbc503c Change-Id: Ia324a08711796aa664f9c0273a051f4f2e3e92c9
2015-09-30Enable Cisco N1KV driverShiva Prasad Rao1-0/+8
This enables support for the Cisco N1kv driver for the ML2 plugin. It also configures the Nexus 1000v switch. Co-Authored-By: Steven Hillman <sthillma@cisco.com> Depends-On: I02dda0685c7df9013693db5eeacb2f47745d05b5 Depends-On: I3f14cdce9b9bf278aa9b107b2d313e1e82a20709 Change-Id: Idf23ed11a53509c00aa5fea4c87a515f42ad744f
2015-07-24Merge "NFS backend for Cinder"Jenkins1-0/+11
2015-07-20Puppet: wire in tripleo::packagesDan Prince1-10/+1
This wires in use of a new puppet-tripleo class which encapsulates the logic to enable/disable package installation and upgrades. By using the new class we can remove the global Package provider declaration at the top of each module. Change-Id: I5c6e5fd8600031bd8fb6195649721607c560f9d5 Depends-on: Ie8fbc344149bc8c9977e127de77636903607617a
2015-07-17Ensure compute nodes use internalURL as catalog_infoGiulio Fidente1-0/+1
By default Nova will get the publicURL instead, which is not reachable by the compute nodes. Change-Id: I57b6a7a7eddb0ffaf6d2d152d932f390c48f908e
2015-07-07NFS backend for CinderJiri Stransky1-0/+11
Adds support for NFS backend for Cinder, but remains disabled by default. Change-Id: I9ebef072ed115efe980fa4904ea80f02384522af
2015-07-07Merge "Allow customization of included classes via hieradata"Jenkins1-0/+2
2015-07-06Allow customization of included classes via hieradataGiulio Fidente1-0/+2
Allows inclusion of additional arbitrary puppet classes by the manifests if defined in the *_classes hieradata. Example: to specify the Nova RAM allocation ratio there is a param in nova::scheduler::filter but we do not include it by default; if needed one can use: nova::scheduler::filter::ram_allocation_ratio: 1.8 controller_classes: - nova::scheduler::filter Change-Id: I61d64d2498bed5c49376dee917d106598392db51
2015-07-02Map NovaEnableRbdBackend to ephemeral_storage from nova::compute::rbdGiulio Fidente1-1/+1
This maps the template param to the actual class param which optionally configures Ceph as a backend for the ephemeral storage or for the persistent storage only. See I4ae0fd605c5a57aa23bea83b06530a50844d24a0 Change-Id: Ic7007da8317e98d450b1362864e65093a184cb25
2015-06-05Fix list of type_drivers for ML2 pluginGiulio Fidente1-1/+0
The list of drivers loaded by the ML2 plugin does not have to match the list of tenant_network_types, this will make ML2 load the flat, gre, vxlan and vlan drivers so that the provider networks can be of flat (default) and vlan type as well. Change-Id: I0b74f86acf5c1ff644deb46c0a1d14129c1882d4
2015-05-20Move sysctl settings into hieradataGiulio Fidente1-0/+2
This will configure the sysctl settings via puppet instead of sysctl image element. Change-Id: Ieb129d4cbe4b6d4184172631499ecd638073564f
2015-04-09Pass in libvirt_rbd_secret_key for nova computeJiri Stransky1-1/+5
Passing the key explicitly into nova::compute::rbd means that Puppet will not attempt to fetch the key using `ceph auth get-key <keyring>`, having these effects: * One reason for compute node to have access to the client.admin key is gone (in current implementation it does have access to the key, but this change is a step towards removing it). * Ceph cluster doesn't have to be running at the time when Puppet runs on compute node, meaning we don't have to serialize things more than we do now. Also adding the ComputeCephDeployment as a dependency of ComputePostDeployment, otherwise the hiera file it creates might be created *after* Puppet configuration happens on compute nodes, and the values it provides would be missing during the Puppet run on the compute nodes. Change-Id: Id3166e6d5f01d18ec8a5033398bb511f4321a5e8 Depends-On: I70da06159c0d3c6fa204b5f7a468909ffab4d633 Partial-Bug: #1439949
2015-04-02Merge "Restructure Ceph/Puppet params to reflect changes in puppet-ceph"Jenkins1-6/+0
2015-03-27Restructure Ceph/Puppet params to reflect changes in puppet-cephGiulio Fidente1-6/+0
A change [1] in puppet-ceph offers more flexibility but breaks backwards so we had to update our composition layer as well; we gain control of the cephx keyring in the template though. 1. Ie6adbd601388ab52c37037004bd0ceef9fc41942 Change-Id: Ia8196849afce2969daa608828cec81ebe3ac96e1
2015-03-26puppet+devtest: make compute nodes reachableJiri Stransky1-0/+7
Compute nodes run libvirt, which automatically creates a default network which has the same address space (192.168.122.*) as the libvirt default network on the host machine where devtest is running. This overlap causes that when a compute node wants to send a packet to the host machine (192.168.122.1) it gets incorrectly routed through the compute node's own virbr0 instead of br-ex. The current solution does not seem to be enough because libvirt gets started and creates the default network before Puppet is triggered on compute nodes. Making sure the libvirt default network is destroyed on the compute node fixes the issue. We don't have any puppet modules in OPM that would deal with libvirt networks and it's probably not worth exploring and adding one because of this small issue (i don't expect another use case of managing libvirt networks directly), so i'm using an exec with proper idempotency check. Change-Id: Icde12aa204ed1f7fa35b0525875ce07db34dc42c Closes-Bug: #1436822
2015-03-19Merge "puppet: tidy up the Nova ceilo auth configs"Jenkins1-4/+1
2015-03-19Merge "puppet: tidy up the Nova glance API server config"Jenkins1-4/+1
2015-03-19Merge "puppet: tidy up the compute nova neutron config"Jenkins1-6/+1
2015-03-18Add support for Ceph as a Cinder and Nova backendYanis Guenane1-0/+12
This commit aims to add support for Ceph as a cinder and a nova backend. * Allows creation of Ceph pools from heat (Default: volumes, vms) * Creates the proper ceph user and inject the keys * Applies the proper configuration in cinder.conf and nova.conf * Enable the backend out of the box Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Ic17d7a665de81a8bab5e34035abe90eda4bc889f
2015-03-12puppet: tidy up the Nova ceilo auth configsDan Prince1-4/+1
Updates the puppet configuration for the Ceilometer auth agent so that we do the join conversions in the Heat templates and use only hiera for configuration of the ::ceilometer::agent::auth class. Change-Id: I932afafe21b2485a0581ac3910ac9d46161eee0d
2015-03-12puppet: tidy up the Nova glance API server configDan Prince1-4/+1
Updates the puppet configuration for the Nova glance configs so that we do the join conversions in the Heat templates and use only hiera for configuration of the ::nova class. Change-Id: Id12fb05470470558f1dccd45150bfce00a554466
2015-03-12puppet: tidy up the compute nova neutron configDan Prince1-6/+1
Updates the puppet configuration for the Nova neutron configs so that we do the join conversions in the Heat templates and use only hiera for configuration of the ::nova::network::neutron class. This updates the compute configuration to match what we now do on the controller as well. Change-Id: I2b352551777f64e0ceb119f48cc3b3ab1779f4d5