aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/cinder-api.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-04-26upgrades: deploy mod_ssl when upgrading apacheEmilien Macchi1-22/+28
1) When Apache is upgraded, install mod_ssl rpm. See https://bugs.launchpad.net/tripleo/+bug/1682448 to understand why we need mod_ssl. 2) All services that run Apache for API will use the snippet from Apache service to deploy mod_ssl, so we don't duplicate the code in all services. It's using the same mechanism as ovs upgrade to compile upgrade_tasks between both services. Change-Id: Ia2f6fea45c2c09790c49baab19b1efcab25e9a84 Closes-Bug: #1686503
2017-03-28Allow to configure policy.json for OpenStack projectsEmilien Macchi1-0/+7
For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
2017-03-13Merge "cinder: switch auth_uri to uri_no_suffix"Jenkins1-1/+3
2017-03-13cinder: switch auth_uri to uri_no_suffixEmilien Macchi1-1/+3
Switch Cinder to use auth_uri with keystone versionless endpoint. Change-Id: Iccc6e3df6a8bb1aca3667b1783bc7f6eebf262e5 Partial-implement: blueprint keystone-v3
2017-03-11Remove double quotes in the "when" Ansible conditional.Carlos Camacho1-1/+1
Change-Id: I677075012a948c7c32959680608255eff919b8d4
2017-03-06Cinder-api upgrade: use httpd instead of apachectlJuan Antonio Osorio Robles1-1/+1
It doesn't work downstream, so the httpd command was recommended. Change-Id: I4807333b80dad10f16e5deb56cbfdda656cd1e50
2017-03-01upgrades/validation: only run validation when services existEmilien Macchi1-0/+7
During upgrades, validation test if a service is running before the upgrade process starts. In some cases, servies doesn't exist yet so we don't want to run the validation. This patch makes sure we check if the service is actually present on the system before validating it's running correctly. Also it makes sure that services are enabled before trying to stop them. It allows use-cases where we want to add new services during an upgrade. Also install new packages of services added in Ocata, so we can validate upgrades on scenarios jobs. Change-Id: Ib48fb6b1557be43956557cbde4cbe26b53a50bd8
2017-02-28Put service stop at step1 and quiesce at step2.Sofer Athlan-Guyot1-3/+3
In the previous release[1], the services were stopped before the pacemaker services, so that they get a chance to send last message to the database/rabbitmq queue: Let's do the upgrade in the same order. [1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71 Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218
2017-02-22Update the Nova Endpoint information for CinderRhys Oxenham1-1/+2
This patch updates the Cinder service to reference the correct catalogue entries for Nova as configured by TripleO. The default settings as set by TripleO do not match our catalogue entries, and when Cinder attempts to callback to Nova in certain events (such as a Cinder volume retype) it can raise an EndpointNotFound error. Out of the box we have settings in /etc/cinder/cinder.conf like: nova_catalog_info = compute:Compute Service:internalURL With the format as "<service_type>:<service_name>:<endpoint_type>" Yet our catalogue has no mention of 'Compute Service'. This patch also fixes the reference for the adminURL also. Change-Id: I888ee07ef02d82578867e33608901c06e6478472 Co-Authored-By: Greg Charot <gcharot@redhat.com>
2017-02-14Use Keystone internal endpoint instead of admin for servicesJuan Antonio Osorio Robles1-1/+1
The admin endpoint is listening on the ctlplane network by default; services should ideally be using the internal api network for this kind of traffic, as the ctlplane network is mostly for provisioning. On the other hand, the admin endpoint shouldn't be as relevant with services switching to keystone v3. Change-Id: I1213a83ef8693c1cca1d20de974f7949a801d9f1
2017-01-27Adds a pre-upgrade check that service is running (step0)marios1-1/+1
Adds a step0 for most services to check that the state is running before continuing with any of the other upgrades steps (these are tagged step0). You can skip this service check by overriding the SkipUpgradeConfigTags parameter as follows: parameter_defaults: SkipUpgradeConfigTags: validation Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: Ie276f153015f671b720b6ed5beaac1b921661909
2017-01-26Add SkipUpgradeConfigTags for upgrade configSteven Hardy1-0/+3
It may be that we want ways to selectively disable certain tasks, such as pre-flight validations that might fail when restarting an upgrade from a failed state. This shows a way we might do that. Depends-On: I18214f80be9f3ad6c2d385fc00f3b786d3e7dda3 Change-Id: Ibffaaf1de0baf47a0450daa5b7cbb57d38746556
2017-01-25Add metadata settings for needed kerberos principalsJuan Antonio Osorio Robles1-0/+2
These are only used for TLS-everywhere, and fills up the kerberos principals that will need to be created for the certs used by the overcloud. With this, the metadata hook will format these principals correctly and will further pass them on to the nova metadata service. Where they can be used if there's a plugin enabled. bp tls-via-certmonger bp novajoin Change-Id: I873094bb69200052febda629fda698a7a782c031
2017-01-24cinder-api: cleanup TODOEmilien Macchi1-3/+0
Cleanup some TODO. Change-Id: I84e369a9797359fea124e00e2007ae745a96847a
2017-01-19cinder: move glance params into baseEmilien Macchi1-0/+2
glance params are also used by cinder-volume. This patch aims to cinder::glance in common roles for cinder, so we can split cinder and cinder volume. Change-Id: Id81c029318016068481dd614ed62cc4bfaf0f3e8
2017-01-19Don't start all services during upgrade stepsSteven Hardy1-3/+0
Currently we start all OpenStack services in step6, but puppet already does this, and sometimes services require configuration to account for the new version after the yum update before they will start. So instead of reimplementing that configuration management in ansible, just defer starting the services until puppet has run which will happen right after the ansible upgrade steps complete. Note there are some DB sync operations etc that we may also be able to remove and let puppet do those steps, but I've left those in for now, as we know there are some actions during that phase e.g nova cells setup, which aren't yet handled by puppet. Change-Id: Idc8e253167a4bc74b086830cfabf28d4aab97d28
2017-01-13Add cinder service support for composable upgradesSteven Hardy1-0/+16
Change-Id: I5447afb18b43bc3442e411a6b0ac7c32e8075116 Partially-Implements: blueprint overcloud-upgrades-per-service
2016-12-23Bump template version for all templates to "ocata"Steven Hardy1-1/+1
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-01Use network-based fqdn entry from hiera instead of the custom factJuan Antonio Osorio Robles1-2/+2
This changes how we get the network-based FQDNs for the specific services, from using the custom fact, to the new hiera entries. Change-Id: Iae668a5d89fb7bee091db4a761aa6c91d369b276
2016-11-30Hiera optimization: use a new hiera hookDan Prince1-3/+3
This patch optimizes how we deploy hiera by using a new heat hook specifically designed to help compose hiera within heat templates. As part of this change: - we update all the 'hiera' software configurations to set the group to hiera instead of os-apply-config. - The new format uses JSON instead of YAML. The hook actually writes out the hiera JSON directly so no conversion takes place. Arrays, Strings, Booleans all stay in their native formats. As such we can avoid having to do many of the awkward string and list conversions in t-h-t to support the previous YAML formatting. - The new hook prefers JSON over YAML so upgrading users will have the new files prefered. (we will post a cleanup routine for the old files soon but this isn't a new behavior, JSON is now simply prefered.) - A lot of services required edits to account for default settings that worked in YAML that no longer work correctly in the native JSON format. In almost all these cases I think the resulting codes looks cleaner and is more explicit with regards to what is getting configured in hiera on the actual nodes. Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b Closes-bug: #1596373 Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
2016-11-08Enable internal TLS for Cinder APIJuan Antonio Osorio Robles1-4/+13
This adds the necessary hieradata for enabling TLS in the internal network for Cinder API. bp tls-via-certmonger Depends-On: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863 Change-Id: I126e890076bc96b1cd166a919eff6aa1bb80510b
2016-10-27Set cinder's service name to httpd via t-h-tJuan Antonio Osorio Robles1-0/+1
With this, we can clean it from puppet-tripleo. Change-Id: I13638cd1af52537bef8540f0d5fa5f5f7decd392 Depends-On: Ic1967a6f4f60a273965811516f33121115d518b4
2016-10-21Use ::os_workers fact instead of ::processorcountJuan Antonio Osorio Robles1-1/+1
Change-Id: Ib25849565c617f32357ef545957f58454b2a53f8
2016-10-18Add parameters to run cinder over httpdJuan Antonio Osorio Robles1-1/+29
This adds the necessary hieradata to run cinder over httpd instead of eventlet. Change-Id: Ic1967a6f4f60a273965811516f33121115d518b4
2016-09-28Move db::mysql into service_config_settingsDan Prince1-0/+8
This patch movs the various db::mysql hiera settings into a 'mysql' specific service_config_settings section for each service so that these will only get applied on the MySQL service node. This follows a similar puppet-tripleo change where we create the actual databases for all services locally on the MySQL service node to avoid permission issues. Change-Id: Ic0692b1f7aa8409699630ef3924c4be98ca6ffb2 Closes-bug: #1620595 Depends-On: I05cc0afa9373429a3197c194c3e8f784ae96de5f Depends-On: I5e1ef2dc6de6f67d7c509e299855baec371f614d
2016-09-23Move keystone::auth into service_config_settingsDan Prince1-12/+15
This patch moves the keystone::auth settings for all services into the new service_config_settings section. This is important because we execute the keystone commands via puppet only on the role containing the keystone service and without these settings it will fail. Note that yaql merging/filtering is used here to ensure that service_config_settings is optional in service templates, and also that we'll only deploy hieradata for a given service on a node running the service (the key in the service_config_settings map must match the service_name in the service template for this to work). e.g the following will result in only deploying keystone: 123 in hiera on the role running the "keystone" service, regardless of which service template defines it. service_config_settings: keystone: keystone: 123 Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265 Closes-bug: 1620829
2016-09-17Add fluentd client serviceLars Kellogg-Stedman1-0/+8
This implements support for installing fluentd agents as a composable service on the overcloud. Depends-On: I2e1abe4d8c8359e56ff626255ee50c9cacca1940 Implements: tripleo-opstools-centralized-logging Change-Id: I23b0e23881b742158fcfb6b8c145a3211d45086e
2016-08-31Availability monitoring agents supportMartin Mágr1-0/+4
- adds possibility to install sensu-client on all nodes - each composable service has it's own subscription Co-Authored-By: Emilien Macchi <emilien@redhat.com> Co-Authored-By: Michele Baldessari <michele@redhat.com> Implements: blueprint tripleo-opstools-availability-monitoring Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-22Set cinder::api::bind_host within service templateGiulio Fidente1-0/+6
The map_replace at [1] will replace the network name with the local node IP address on the given network. 1. I7850d4dc8bf4db5f7ac6a6b53c1d900b561b4580 Change-Id: Ica064b5ffac61cebe2aae06d4f1d1d9e84258c10
2016-08-18Add DefaultPasswords to composable servicesDan Prince1-0/+4
This patch adds a new DefaultPasswords parameter to composable services. This is needed to help provide access to top level password resources that overcloud.yaml currently manages (passwords for Rabbit, Mysql, etc.). Moving the RandomString resources into composable services would cause them to regenerate within the stack. With this approach we can leave them where they are while we deprecate the top level mechanism and move the code that uses the passwords into the composable services. Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18Pass ServiceNetMap to servicesGiulio Fidente1-0/+7
This will be needed to pick the network where the service has to bind to from within the service template. Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-08-10Add support for cinder v3 endpointJuan Antonio Osorio Robles1-0/+3
This adds the needed parts for the keystone endpoint of cinder v3 API. Change-Id: Ic56446095e72b9e469a7b0e9ea5159fa31847381
2016-08-08Move cinder's kestone::auth parameters to API profileJuan Antonio Osorio Robles1-0/+13
In the move to composable services, these parameters are not necessary in the controller, but in the profile itself. They are not yet in use but will be used to populate the keystone endpoint. Change-Id: Ib9b0e474f875a4b2ffbda11c01cb882149997b0c
2016-08-05Update cinder-api with new authtoken parametersEmilien Macchi1-4/+4
Puppet OpenStack modules are moving to a new class to configure Keystone authtoken parameters, so we can more easily enable Keystone v3 from a single interface. It's consistent across all modules and does support both Keystone v2 and v3 parameters. This patch updates Cinder now, but more will follow when we'll add support to all modules. Change-Id: I5aa3f2b03672c14c0dbeac222f421ab94221ecf7
2016-07-29Merge "Convert service_name to underscore syntax"Jenkins1-1/+1
2016-07-28Convert service_name to underscore syntaxSteven Hardy1-1/+1
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml we have a lot of references to services (e.g for AllNodesConfig) by underscore, e.g cinder_api. To enable dynamic generation of this data, we need the service name in underscore format. Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-27Migrate Puppet Hieradata to composable servicesEmilien Macchi1-0/+7
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml except for some services that are not composable yet. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-25Composable firewall rulesDan Prince1-0/+5
Split out the firewall rules in puppet/hieradata/controller.yaml into the composable services Depends-On: Id370362ab57347b75b1ab25afda877885b047263 Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
2016-07-22Add 'service_name' to composable servicesDan Prince1-0/+1
This patch adds a new service_name section to each composable service. We now have an explicit unit test check to ensure that service_name exists in tools/yaml-validate.py. This patch also wires service_names into hieradata on each of the roles so that tools can access the deployed services locally during deployment and upgrades. Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-06-02Switch Cinder Api/Scheduler/Volume to composable rolesGiulio Fidente1-0/+42
Uses a shared cinder-base resource to do the database and messaging configuration for all three services. Depends-On: I3c6d5226eed5f0f852b0ad9476c7cd9a959fda69 Change-Id: I47c5fd190efca5f02e73fd22aba6cda573daf5cc