summaryrefslogtreecommitdiffstats
path: root/puppet/services/cinder-api.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-01-25Add metadata settings for needed kerberos principalsJuan Antonio Osorio Robles1-0/+2
These are only used for TLS-everywhere, and fills up the kerberos principals that will need to be created for the certs used by the overcloud. With this, the metadata hook will format these principals correctly and will further pass them on to the nova metadata service. Where they can be used if there's a plugin enabled. bp tls-via-certmonger bp novajoin Change-Id: I873094bb69200052febda629fda698a7a782c031
2017-01-24cinder-api: cleanup TODOEmilien Macchi1-3/+0
Cleanup some TODO. Change-Id: I84e369a9797359fea124e00e2007ae745a96847a
2017-01-19cinder: move glance params into baseEmilien Macchi1-0/+2
glance params are also used by cinder-volume. This patch aims to cinder::glance in common roles for cinder, so we can split cinder and cinder volume. Change-Id: Id81c029318016068481dd614ed62cc4bfaf0f3e8
2017-01-19Don't start all services during upgrade stepsSteven Hardy1-3/+0
Currently we start all OpenStack services in step6, but puppet already does this, and sometimes services require configuration to account for the new version after the yum update before they will start. So instead of reimplementing that configuration management in ansible, just defer starting the services until puppet has run which will happen right after the ansible upgrade steps complete. Note there are some DB sync operations etc that we may also be able to remove and let puppet do those steps, but I've left those in for now, as we know there are some actions during that phase e.g nova cells setup, which aren't yet handled by puppet. Change-Id: Idc8e253167a4bc74b086830cfabf28d4aab97d28
2017-01-13Add cinder service support for composable upgradesSteven Hardy1-0/+16
Change-Id: I5447afb18b43bc3442e411a6b0ac7c32e8075116 Partially-Implements: blueprint overcloud-upgrades-per-service
2016-12-23Bump template version for all templates to "ocata"Steven Hardy1-1/+1
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-01Use network-based fqdn entry from hiera instead of the custom factJuan Antonio Osorio Robles1-2/+2
This changes how we get the network-based FQDNs for the specific services, from using the custom fact, to the new hiera entries. Change-Id: Iae668a5d89fb7bee091db4a761aa6c91d369b276
2016-11-30Hiera optimization: use a new hiera hookDan Prince1-3/+3
This patch optimizes how we deploy hiera by using a new heat hook specifically designed to help compose hiera within heat templates. As part of this change: - we update all the 'hiera' software configurations to set the group to hiera instead of os-apply-config. - The new format uses JSON instead of YAML. The hook actually writes out the hiera JSON directly so no conversion takes place. Arrays, Strings, Booleans all stay in their native formats. As such we can avoid having to do many of the awkward string and list conversions in t-h-t to support the previous YAML formatting. - The new hook prefers JSON over YAML so upgrading users will have the new files prefered. (we will post a cleanup routine for the old files soon but this isn't a new behavior, JSON is now simply prefered.) - A lot of services required edits to account for default settings that worked in YAML that no longer work correctly in the native JSON format. In almost all these cases I think the resulting codes looks cleaner and is more explicit with regards to what is getting configured in hiera on the actual nodes. Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b Closes-bug: #1596373 Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
2016-11-08Enable internal TLS for Cinder APIJuan Antonio Osorio Robles1-4/+13
This adds the necessary hieradata for enabling TLS in the internal network for Cinder API. bp tls-via-certmonger Depends-On: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863 Change-Id: I126e890076bc96b1cd166a919eff6aa1bb80510b
2016-10-27Set cinder's service name to httpd via t-h-tJuan Antonio Osorio Robles1-0/+1
With this, we can clean it from puppet-tripleo. Change-Id: I13638cd1af52537bef8540f0d5fa5f5f7decd392 Depends-On: Ic1967a6f4f60a273965811516f33121115d518b4
2016-10-21Use ::os_workers fact instead of ::processorcountJuan Antonio Osorio Robles1-1/+1
Change-Id: Ib25849565c617f32357ef545957f58454b2a53f8
2016-10-18Add parameters to run cinder over httpdJuan Antonio Osorio Robles1-1/+29
This adds the necessary hieradata to run cinder over httpd instead of eventlet. Change-Id: Ic1967a6f4f60a273965811516f33121115d518b4
2016-09-28Move db::mysql into service_config_settingsDan Prince1-0/+8
This patch movs the various db::mysql hiera settings into a 'mysql' specific service_config_settings section for each service so that these will only get applied on the MySQL service node. This follows a similar puppet-tripleo change where we create the actual databases for all services locally on the MySQL service node to avoid permission issues. Change-Id: Ic0692b1f7aa8409699630ef3924c4be98ca6ffb2 Closes-bug: #1620595 Depends-On: I05cc0afa9373429a3197c194c3e8f784ae96de5f Depends-On: I5e1ef2dc6de6f67d7c509e299855baec371f614d
2016-09-23Move keystone::auth into service_config_settingsDan Prince1-12/+15
This patch moves the keystone::auth settings for all services into the new service_config_settings section. This is important because we execute the keystone commands via puppet only on the role containing the keystone service and without these settings it will fail. Note that yaql merging/filtering is used here to ensure that service_config_settings is optional in service templates, and also that we'll only deploy hieradata for a given service on a node running the service (the key in the service_config_settings map must match the service_name in the service template for this to work). e.g the following will result in only deploying keystone: 123 in hiera on the role running the "keystone" service, regardless of which service template defines it. service_config_settings: keystone: keystone: 123 Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265 Closes-bug: 1620829
2016-09-17Add fluentd client serviceLars Kellogg-Stedman1-0/+8
This implements support for installing fluentd agents as a composable service on the overcloud. Depends-On: I2e1abe4d8c8359e56ff626255ee50c9cacca1940 Implements: tripleo-opstools-centralized-logging Change-Id: I23b0e23881b742158fcfb6b8c145a3211d45086e
2016-08-31Availability monitoring agents supportMartin Mágr1-0/+4
- adds possibility to install sensu-client on all nodes - each composable service has it's own subscription Co-Authored-By: Emilien Macchi <emilien@redhat.com> Co-Authored-By: Michele Baldessari <michele@redhat.com> Implements: blueprint tripleo-opstools-availability-monitoring Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-22Set cinder::api::bind_host within service templateGiulio Fidente1-0/+6
The map_replace at [1] will replace the network name with the local node IP address on the given network. 1. I7850d4dc8bf4db5f7ac6a6b53c1d900b561b4580 Change-Id: Ica064b5ffac61cebe2aae06d4f1d1d9e84258c10
2016-08-18Add DefaultPasswords to composable servicesDan Prince1-0/+4
This patch adds a new DefaultPasswords parameter to composable services. This is needed to help provide access to top level password resources that overcloud.yaml currently manages (passwords for Rabbit, Mysql, etc.). Moving the RandomString resources into composable services would cause them to regenerate within the stack. With this approach we can leave them where they are while we deprecate the top level mechanism and move the code that uses the passwords into the composable services. Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18Pass ServiceNetMap to servicesGiulio Fidente1-0/+7
This will be needed to pick the network where the service has to bind to from within the service template. Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-08-10Add support for cinder v3 endpointJuan Antonio Osorio Robles1-0/+3
This adds the needed parts for the keystone endpoint of cinder v3 API. Change-Id: Ic56446095e72b9e469a7b0e9ea5159fa31847381
2016-08-08Move cinder's kestone::auth parameters to API profileJuan Antonio Osorio Robles1-0/+13
In the move to composable services, these parameters are not necessary in the controller, but in the profile itself. They are not yet in use but will be used to populate the keystone endpoint. Change-Id: Ib9b0e474f875a4b2ffbda11c01cb882149997b0c
2016-08-05Update cinder-api with new authtoken parametersEmilien Macchi1-4/+4
Puppet OpenStack modules are moving to a new class to configure Keystone authtoken parameters, so we can more easily enable Keystone v3 from a single interface. It's consistent across all modules and does support both Keystone v2 and v3 parameters. This patch updates Cinder now, but more will follow when we'll add support to all modules. Change-Id: I5aa3f2b03672c14c0dbeac222f421ab94221ecf7
2016-07-29Merge "Convert service_name to underscore syntax"Jenkins1-1/+1
2016-07-28Convert service_name to underscore syntaxSteven Hardy1-1/+1
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml we have a lot of references to services (e.g for AllNodesConfig) by underscore, e.g cinder_api. To enable dynamic generation of this data, we need the service name in underscore format. Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-27Migrate Puppet Hieradata to composable servicesEmilien Macchi1-0/+7
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml except for some services that are not composable yet. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-25Composable firewall rulesDan Prince1-0/+5
Split out the firewall rules in puppet/hieradata/controller.yaml into the composable services Depends-On: Id370362ab57347b75b1ab25afda877885b047263 Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
2016-07-22Add 'service_name' to composable servicesDan Prince1-0/+1
This patch adds a new service_name section to each composable service. We now have an explicit unit test check to ensure that service_name exists in tools/yaml-validate.py. This patch also wires service_names into hieradata on each of the roles so that tools can access the deployed services locally during deployment and upgrades. Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-06-02Switch Cinder Api/Scheduler/Volume to composable rolesGiulio Fidente1-0/+42
Uses a shared cinder-base resource to do the database and messaging configuration for all three services. Depends-On: I3c6d5226eed5f0f852b0ad9476c7cd9a959fda69 Change-Id: I47c5fd190efca5f02e73fd22aba6cda573daf5cc