aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/ceilometer-api.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-05-19Update the template_version alias for all the templates to pike.Carlos Camacho1-1/+1
Master is now the development branch for pike changing the release alias name. Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
2017-05-15Add role specific information to the service templateSaravanan KR1-0/+12
When a service is enabled on multiple roles, the parameters for the service will be global. This change enables an option to provide role specific parameter to services and other templates. Two new parameters - RoleName and RoleParameters, are added to the service template. RoleName provides the role name of on which the current instance of the service is being applied on. RoleParameters provides the list of parameters which are configured specific to the role in the environment file, like below: parameters_default: # Default value for applied to all roles NovaReservedHostMemory: 2048 ComputeDpdkParameters: # Applied only to ComputeDpdk role NovaReservedHostMemory: 4096 In above sample, the cluster contains 2 roles - Compute, ComputeDpdk. The values of ComputeDpdkParameters will be passed on to the templates as RoleParameters while creating the stack for ComputeDpdk role. The parameter which supports role specific configuration, should find the parameter first in in the RoleParameters list, if not found, then the default (for all roles) should be used. Implements: blueprint tripleo-derive-parameters Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
2017-04-26upgrades: deploy mod_ssl when upgrading apacheEmilien Macchi1-3/+9
1) When Apache is upgraded, install mod_ssl rpm. See https://bugs.launchpad.net/tripleo/+bug/1682448 to understand why we need mod_ssl. 2) All services that run Apache for API will use the snippet from Apache service to deploy mod_ssl, so we don't duplicate the code in all services. It's using the same mechanism as ovs upgrade to compile upgrade_tasks between both services. Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84 Closes-Bug: #1686503
2017-03-28Allow to configure policy.json for OpenStack projectsEmilien Macchi1-0/+7
For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
2017-02-28Put service stop at step1 and quiesce at step2.Sofer Athlan-Guyot1-1/+1
In the previous release[1], the services were stopped before the pacemaker services, so that they get a chance to send last message to the database/rabbitmq queue: Let's do the upgrade in the same order. [1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71 Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218
2017-02-06Remove openstack-ceilometer-api pre upgrade checkMarius Cornea1-3/+0
This change removes the pre upgrade check for a running openstack-ceilometer-api service as this service doesn't exists in Newton. Ceilometer API runs under httpd: [root@overcloud-controller-0 ~]# httpd -t -D DUMP_VHOSTS | grep ceilo 10.0.0.23:8777 overcloud-controller-0.internalapi.localdomain (/etc/httpd/conf.d/10-ceilometer_wsgi.conf:6) Change-Id: I5cbf8ccf72f9071e328f52d373cf9e8edf5793f4 Closes-Bug: 1661251
2017-02-01Don't run ceilometer-upgrade via upgrade_tasksSteven Hardy1-3/+0
This needs to be run by puppet or ansible runs it as root and the later run by puppet fails due to permissions on the logfile. Probably we need to remove the *sync calls for most services to avoid similar issues, now that we're running puppet as part of the pre-converge upgrade process but that will be done in another patch. Change-Id: I808db2c175325a25058226842684558ea06fb5c5 Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-27Adds a pre-upgrade check that service is running (step0)marios1-0/+3
Adds a step0 for most services to check that the state is running before continuing with any of the other upgrades steps (these are tagged step0). You can skip this service check by overriding the SkipUpgradeConfigTags parameter as follows: parameter_defaults: SkipUpgradeConfigTags: validation Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
2017-01-25Add telemetry service support for composable upgradesSteven Hardy1-0/+7
Change-Id: I62735676b45a881a7dac24171b26d88d6eb60d4a Partially-Implements: blueprint overcloud-upgrades-per-service
2017-01-25Add metadata settings for needed kerberos principalsJuan Antonio Osorio Robles1-0/+2
These are only used for TLS-everywhere, and fills up the kerberos principals that will need to be created for the certs used by the overcloud. With this, the metadata hook will format these principals correctly and will further pass them on to the nova metadata service. Where they can be used if there's a plugin enabled. bp tls-via-certmonger bp novajoin Change-Id: I873094bb69200052febda629fda698a7a782c031
2016-12-23Bump template version for all templates to "ocata"Steven Hardy1-1/+1
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-01Use network-based fqdn entry from hiera instead of the custom factJuan Antonio Osorio Robles1-2/+2
This changes how we get the network-based FQDNs for the specific services, from using the custom fact, to the new hiera entries. Change-Id: Iae668a5d89fb7bee091db4a761aa6c91d369b276
2016-11-30Hiera optimization: use a new hiera hookDan Prince1-2/+2
This patch optimizes how we deploy hiera by using a new heat hook specifically designed to help compose hiera within heat templates. As part of this change: - we update all the 'hiera' software configurations to set the group to hiera instead of os-apply-config. - The new format uses JSON instead of YAML. The hook actually writes out the hiera JSON directly so no conversion takes place. Arrays, Strings, Booleans all stay in their native formats. As such we can avoid having to do many of the awkward string and list conversions in t-h-t to support the previous YAML formatting. - The new hook prefers JSON over YAML so upgrading users will have the new files prefered. (we will post a cleanup routine for the old files soon but this isn't a new behavior, JSON is now simply prefered.) - A lot of services required edits to account for default settings that worked in YAML that no longer work correctly in the native JSON format. In almost all these cases I think the resulting codes looks cleaner and is more explicit with regards to what is getting configured in hiera on the actual nodes. Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b Closes-bug: #1596373 Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
2016-10-20Enable internal TLS for ceilometerJuan Antonio Osorio Robles1-3/+11
This adds the necessary hieradata for enabling TLS in the internal network for ceilometer. bp tls-via-certmonger Depends-On: Ib5609f77a31b17ed12baea419ecfab5d5f676496 Change-Id: I3eb34efbc8489b23269f97f762d4a3d0fa69f666
2016-10-13Enable proxy headers parsing for CeilometerJuan Antonio Osorio Robles1-0/+1
http_proxy_to_wsgi middleware was recently added to Ceilometer [1] and in order to take it into use, we need to enable it via hiera. [1] I24f16dda49bd9e7930ca9f0d32bf0793463aff03 Depends-On: I1812a27202ba3714b354aeb27611d38def87a7fc Related-Bug: #1590608 Change-Id: If8de25afa13de6797895f36c98ffdde8cf3e8656
2016-09-28Move db::mysql into service_config_settingsDan Prince1-1/+1
This patch movs the various db::mysql hiera settings into a 'mysql' specific service_config_settings section for each service so that these will only get applied on the MySQL service node. This follows a similar puppet-tripleo change where we create the actual databases for all services locally on the MySQL service node to avoid permission issues. Change-Id: Ic0692b1f7aa8409699630ef3924c4be98ca6ffb2 Closes-bug: #1620595 Depends-On: I05cc0afa9373429a3197c194c3e8f784ae96de5f Depends-On: I5e1ef2dc6de6f67d7c509e299855baec371f614d
2016-09-23Move keystone::auth into service_config_settingsDan Prince1-0/+2
This patch moves the keystone::auth settings for all services into the new service_config_settings section. This is important because we execute the keystone commands via puppet only on the role containing the keystone service and without these settings it will fail. Note that yaql merging/filtering is used here to ensure that service_config_settings is optional in service templates, and also that we'll only deploy hieradata for a given service on a node running the service (the key in the service_config_settings map must match the service_name in the service template for this to work). e.g the following will result in only deploying keystone: 123 in hiera on the role running the "keystone" service, regardless of which service template defines it. service_config_settings: keystone: keystone: 123 Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265 Closes-bug: 1620829
2016-09-21Make apache-based services use network-dependent servernameJuan Antonio Osorio Robles1-0/+6
Currently the servername is incorrectly set for the services running over apache. It currently takes the default value which is just the regular FQDN, when the services actually might be running on different IPs that require alternative FQDNs. This fixes that by filling that value from a fact in hiera that's dependant on the service's network. Closes-Bug: #1625677 Change-Id: Ib7ea5fd2d18a376eaa2f5a3fa5687cb9b719a8e2
2016-09-17Add fluentd client serviceLars Kellogg-Stedman1-0/+8
This implements support for installing fluentd agents as a composable service on the overcloud. Depends-On: I2e1abe4d8c8359e56ff626255ee50c9cacca1940 Implements: tripleo-opstools-centralized-logging Change-Id: I23b0e23881b742158fcfb6b8c145a3211d45086e
2016-08-31Availability monitoring agents supportMartin Mágr1-0/+4
- adds possibility to install sensu-client on all nodes - each composable service has it's own subscription Co-Authored-By: Emilien Macchi <emilien@redhat.com> Co-Authored-By: Michele Baldessari <michele@redhat.com> Implements: blueprint tripleo-opstools-availability-monitoring Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-30Mv Nova, Neutron, Horizon out of controller.yamlDan Prince1-0/+8
This patch moves the settings for Nova, Neutron, and Horizon out of controller.yaml. Also fixes the NovaPassword settings in nova-base.yaml so they don't use get_input. Also, creates a new apache.yaml base service to contain shared apache settings for several services which use Apache for WSGI. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: I35d909bd5abc23976b5732a2b9af31cf1448838e Related-bug: #1604414
2016-08-26Move ceilometer api to run under apache wsgiPradeep Kilambi1-0/+3
Depends-On: If3feb859b527d08e10c124b5ad2f7f4b1f19156a Change-Id: I728d0980f7742aa390f11a0f0b8598d1299e2886
2016-08-25Mv ceilo, aodh, and gnocchi out of controller.yamlDan Prince1-0/+7
This patch moves the remaining hiera settings for Ceilometer, Aodh, and Gnocchi out of controller.yaml and into the respective composable services. Change-Id: I01377aa5c121ecbb4a96b4f0525924c7bbf12198 Related-bug: #1604414
2016-08-24Update authtoken parameters to match recent changesEmilien Macchi1-1/+0
Update authtoken parameters for: - Aodh - Ironic - Manila - Nova - Ceilometer Change-Id: Ie123b8da1a7af2e406aadca4775de9e8c4e6e1f5
2016-08-18Add DefaultPasswords to composable servicesDan Prince1-0/+4
This patch adds a new DefaultPasswords parameter to composable services. This is needed to help provide access to top level password resources that overcloud.yaml currently manages (passwords for Rabbit, Mysql, etc.). Moving the RandomString resources into composable services would cause them to regenerate within the stack. With this approach we can leave them where they are while we deprecate the top level mechanism and move the code that uses the passwords into the composable services. Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18Pass ServiceNetMap to servicesGiulio Fidente1-0/+7
This will be needed to pick the network where the service has to bind to from within the service template. Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-07-29Merge "Convert service_name to underscore syntax"Jenkins1-1/+1
2016-07-28Convert service_name to underscore syntaxSteven Hardy1-1/+1
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml we have a lot of references to services (e.g for AllNodesConfig) by underscore, e.g cinder_api. To enable dynamic generation of this data, we need the service name in underscore format. Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-27Migrate Puppet Hieradata to composable servicesEmilien Macchi1-0/+1
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml except for some services that are not composable yet. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-25Composable firewall rulesDan Prince1-1/+7
Split out the firewall rules in puppet/hieradata/controller.yaml into the composable services Depends-On: Id370362ab57347b75b1ab25afda877885b047263 Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
2016-07-22Add 'service_name' to composable servicesDan Prince1-0/+1
This patch adds a new service_name section to each composable service. We now have an explicit unit test check to ensure that service_name exists in tools/yaml-validate.py. This patch also wires service_names into hieradata on each of the roles so that tools can access the deployed services locally during deployment and upgrades. Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-07-11Re-enable Ceilometer composable roles for controllerEmilien Macchi1-0/+27
This patch brings back Ceilometer composable roles for controller, module some adjustments to make it work. Fixes 3 issues in Ceilometer composable services 1) This patch fixes the hiera maps in the pacemaker ceilometer* templates. These were lists and should be a map. 2) fixes a critical issue in ceilometer-base.yaml where the password was incorrectly coded in the YAML using get_param on a string which wasn't actually a parameter. 3) Fixes the ceilometer_coordination_url so that it uses a YAML anchor as was implied instead of get_param on a string which wasn't a parameter. 4) Fixes the default database connection to use mongodb and configured in puppet-tripleo profile appropriately. Co-Authored-By: Dan Prince <dprince@redhat.com> Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com> Closes-Bug: #1601844 Change-Id: Ia0a59121b9ffd5e07647f66137ce53870bc6b5d6
2016-06-23Revert "Ceilometer composable roles for controller"Dan Prince1-27/+0
This reverts commit c48410a05ec0ffd11c717bcf350badc9e5f0e910. We've discovered this patch never had passing CI due to a DLRN build failure. Change-Id: I546cb3e340d20701662affda7e28b586c58ba6de
2016-06-23Ceilometer composable roles for controllerPradeep Kilambi1-0/+27
Depends-On: I4b5e93a108e80e91af26ffee454130ee18c0042e Change-Id: I59c948ead475f449cb8d1b752f39b7eaaf056130