aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/nova-api.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-04-20N->O Manual puppet commands have the right modulepath.Sofer Athlan-Guyot1-1/+1
In two places during upgrade we manually trigger puppet. There can be a problem when new puppet modules are added, and their corresponding symlinks in /etc/puppet/modules are not created during the installation as their are installed in /usr/share/openstack-puppet/modules. To prevent the issue tripleo set modulepath in the templates. We must use the same modulepath to make sure that we don't fail because of missing module in the manual puppet run. This particulary happens when you upgrade from M->N->O, as the base image in Mitaka doesn't have the proper symlinks and they are not created during the installation of the package. Closes-Bug: #1684587 Change-Id: I79df6ea33f1c58e13309176a6de41b7572541fd6
2017-03-30Merge "[N->O] Fix wrong database connection for cell0 during upgrade."Jenkins1-1/+1
2017-03-30Merge "[N->O] is creating 2 default cell_v2 cells"Jenkins1-4/+4
2017-03-28Allow to configure policy.json for OpenStack projectsEmilien Macchi1-0/+7
For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
2017-03-23[N->O] Fix wrong database connection for cell0 during upgrade.Sofer Athlan-Guyot1-1/+1
During upgrade the cell0 database has the connection pointing to mysql+pymysql://nova:c2cdagE8PyAbnpers3AD88Hge@10.0.0.19/nova_cell0?bind_address=10.0.0.20 where 10.0.0.20 was the ip of the bootstrap node. This makes the nova-api fails on 2/3 node at the end of the major-upgrade-composable-steps.yaml step. We do have the right value in the hiera database so make sure we use it for cell0 creation and not the nova.conf file which hasn't been updated yet. Change-Id: I09775206cb8fc5e15934f7e4475506a7fe17271e Closes-Bug: #1675359
2017-03-23[N->O] is creating 2 default cell_v2 cellsOliver Walsh1-4/+4
A side-effect of running map_cell_and_hosts is that a default cell is created (unless host mappings already exists). As we are explicitly creating the default cell we need to run discover_hosts to create the host mappings. Change-Id: I1a28e9b85a7c43561700faf692248c5fc06b8ad8 Closes-Bug: #1675418
2017-03-13nova: switch auth_uri to keystone versionless endpointEmilien Macchi1-1/+3
Switch nova authtoken auth_uri to use keystone endpoint without version. Also switch ironic config in nova.conf to use it. Change-Id: I8046f2eed0b9a7da76d6d7c3507a92bf5054b000 Partial-Implement: blueprint keystone-v3
2017-02-24Upgrade nova-api/scheduler/conductor packages at step3 not step2.Sofer Athlan-Guyot1-3/+0
The nova-api, nova-scheduler nova-conductor packages are updated during step2. The package upgrade trigger a restart of the service which fails and is constantly retried by systemd: Feb 24 12:34:24 centos-7-2-node-rax-iad-7463943-440549 systemd[1]: Failed to start OpenStack Nova Scheduler Server. Feb 24 12:34:24 centos-7-2-node-rax-iad-7463943-440549 systemd[1]: Unit openstack-nova-scheduler.service entered failed state. Feb 24 12:34:24 centos-7-2-node-rax-iad-7463943-440549 systemd[1]: openstack-nova-scheduler.service failed. Feb 24 12:34:24 centos-7-2-node-rax-iad-7463943-440549 systemd[1]: openstack-nova-scheduler.service holdoff time over, scheduling restart. We eventually reach timeout. We use https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/tripleo-packages.yaml#L44-L46 to upgrade existing packages. Add a note to the README.rst to make people aware of the general upgrade done at step3 and limit its usage to new package for individual service. Change-Id: I13b51bcfe0c98034944613f7e1c3f0168cd4de76 Closes-Bug: #1667728
2017-02-20Stop nova-api before upgrading packageOliver Walsh1-3/+3
If the service is running then the rpm upgrade will attempt to restart. Ensuring the service is stopped before upgrade should resolve this. Change-Id: I4179cb773616721640490d26082eacac45f92dff Closes-Bug: 1665717
2017-02-15Merge "Add nova service support for composable upgrades"Jenkins1-0/+87
2017-02-14Add nova service support for composable upgradesSteven Hardy1-0/+87
Co-Authored-By: Mathieu Bultel <mbultel@redhat.com> Co-Authored-By: Oliver Walsh <owalsh@redhat.com> Change-Id: Iafad800a6819d7e75fdaab60d328999d3d3c037f Partially-Implements: blueprint overcloud-upgrades-per-service Related-Bug: #1662344
2017-02-14Use Keystone internal endpoint instead of admin for servicesJuan Antonio Osorio Robles1-1/+1
The admin endpoint is listening on the ctlplane network by default; services should ideally be using the internal api network for this kind of traffic, as the ctlplane network is mostly for provisioning. On the other hand, the admin endpoint shouldn't be as relevant with services switching to keystone v3. Change-Id: I1213a83ef8693c1cca1d20de974f7949a801d9f1
2017-02-07Stop deploying Nova API in WSGI with ApacheEmilien Macchi1-20/+31
It was suggested by Nova team to not deploying Nova API in WSGI with Apache in production. It's causing some issues that we didn't catch until now (see in the bug report). Until we figure out what was wrong, let's disable it so we can move forward in the upgrade process. Change-Id: I09b73476762593642a0e011f83f0233de68f2c33 Related-Bug: 1661360
2017-01-25Add metadata settings for needed kerberos principalsJuan Antonio Osorio Robles1-0/+2
These are only used for TLS-everywhere, and fills up the kerberos principals that will need to be created for the certs used by the overcloud. With this, the metadata hook will format these principals correctly and will further pass them on to the nova metadata service. Where they can be used if there's a plugin enabled. bp tls-via-certmonger bp novajoin Change-Id: I873094bb69200052febda629fda698a7a782c031
2017-01-12Parameterizes Nova API default floating IP poolTim Rozet1-1/+5
This allows a user to modify the parameter based on what name he/she wants to use for the default neutron external network. Closes-Bug: 1656079 Change-Id: Iaa245c234aa7e80818d901bc9947ac57cf5e903a Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-01-05Merge "Merge mysql service_config_settings for nova"Jenkins1-15/+17
2017-01-05Merge mysql service_config_settings for novaJames Slagle1-15/+17
The hieradata from the nova-base.yaml service template needs to be available to the role running mysql, which isn't necessarily the same role as nova. nova-base.yaml isn't an actual service template though that is included in any ServiceChain resources, it's outputs need to be merged with an actual nova service template, such as nova-api.yaml. As nova-api.yaml already provides some hieradata for the mysql service in service_config_settings, this patch uses map_merge to combine the 2 values. Change-Id: I4dc684b3611b13f177f9499e69468d3f6ef6fa76 Closes-Bug: #1654058
2017-01-04nova-api: legacy cleanup with old wsgi paramsEmilien Macchi1-11/+0
Cleanup old legacy params for wsgi config. Change-Id: Ic775de171c95d43d9273e1a29db2ab685fdf7706 Depends-On: I59b3b36be33268fa6e261a7db3c4aa8e8e712ffb
2017-01-04nova-api: also include hiera for new apache_api classEmilien Macchi1-3/+14
puppet-nova renamed nova::wsgi::apache to nova::wsgi::apache_api to welcome nova::wsgi::apache_placement (for nova placement API). This patch adds the required parameters before we make the switch in puppet-tripleo. Legacy parameters will be removed when the switch will be done in puppet-tripleo. Change-Id: I5fc99062d349597393e2248c66f2d863029c7730
2016-12-23Bump template version for all templates to "ocata"Steven Hardy1-1/+1
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-01Use network-based fqdn entry from hiera instead of the custom factJuan Antonio Osorio Robles1-2/+2
This changes how we get the network-based FQDNs for the specific services, from using the custom fact, to the new hiera entries. Change-Id: Iae668a5d89fb7bee091db4a761aa6c91d369b276
2016-11-30Hiera optimization: use a new hiera hookDan Prince1-4/+4
This patch optimizes how we deploy hiera by using a new heat hook specifically designed to help compose hiera within heat templates. As part of this change: - we update all the 'hiera' software configurations to set the group to hiera instead of os-apply-config. - The new format uses JSON instead of YAML. The hook actually writes out the hiera JSON directly so no conversion takes place. Arrays, Strings, Booleans all stay in their native formats. As such we can avoid having to do many of the awkward string and list conversions in t-h-t to support the previous YAML formatting. - The new hook prefers JSON over YAML so upgrading users will have the new files prefered. (we will post a cleanup routine for the old files soon but this isn't a new behavior, JSON is now simply prefered.) - A lot of services required edits to account for default settings that worked in YAML that no longer work correctly in the native JSON format. In almost all these cases I think the resulting codes looks cleaner and is more explicit with regards to what is getting configured in hiera on the actual nodes. Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b Closes-bug: #1596373 Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
2016-11-09Merge "Enable internal TLS for Nova API"Jenkins1-4/+13
2016-11-03nova: add missing vnc console port in firewallEmilien Macchi1-2/+0
- Remove vncproxy firewall rules from nova-api service - Add vncproxy firewall rules to nova-vncproxy service - Add console port range firewall rules to nova-libvirt service Change-Id: I421ae21c130cac6f25e7c0869b941ba77441172c
2016-11-01Enable internal TLS for Nova APIJuan Antonio Osorio Robles1-4/+13
This adds the necessary hieradata for enabling TLS in the internal network for Nova API. bp tls-via-certmonger Depends-On: I88380a1ed8fd597a1a80488cbc6ce357f133bd70 Change-Id: I45197f98e5b65d6b2ec364676870db4ce582ffe9
2016-10-20Remove duplicate bind_host from nova-api profileJuan Antonio Osorio Robles1-1/+0
Change-Id: I3c5c7753237ebaf16fb40806df0d195cb2b9aaa0
2016-10-18Merge "Set nova service_name via t-h-t"Jenkins1-0/+1
2016-10-17Add apache workers to nova-api conditionalSteven Hardy1-1/+1
Without this httpd fails to start on deployments where the worker count isn't explicitly overridden via a parameter. Change-Id: Ie7b31bc6e022a0166af126c866994bdd019718df Closes-Bug: #1634213
2016-10-17Set nova service_name via t-h-tJuan Antonio Osorio Robles1-0/+1
with the move to use httpd instead of eventlet, We now add this parameter in t-h-t to be able to clean it up from the puppet-tripleo manifest. Change-Id: Ic229182cc5c887b57f6182c3db1bac8bed330f7c Depends-On: I4603b81d30a704b07eef461b3cdbfe164614b04f
2016-10-12Only set NovaWorkers in the non-default caseDan Prince1-43/+49
This patch updates the t-h-t templates for nova services so that we only set the value of workers in the non-default case. TripleO has always defaulted the workers count to 0 and there was recently a regression in nova where they treat the default of 0 as invalid (a bug that may get fixed in nova but we don't want to wait on it) This patch avoids the issue by allowing the default value to be unset if the TripleO default of 0 is configured. Change-Id: I175977b88129d87caeb32332d47eb14816a6d5d4 Closes-bug: #1631133
2016-10-12Remove duplicate metadata keys from nova-api.yamlDan Prince1-2/+0
These keys are already specified in nova-metadata.yaml where they get set correctly per the network management local IP (based on 'service_name' list). Depends-On: I94f985e719a3bf7408655fbbb5ab1aeaf15e994e Change-Id: I5d57561b732783118efd2a637aa137f5f7bcddbc Partial-bug: #1631133
2016-09-29Add parameters to run nova over httpdJuan Antonio Osorio Robles1-0/+18
This adds the necessary hieradata to run nova over httpd instead of eventlet. Change-Id: I57fb20cf0d58b3376243ba4aeb04e995e7152ce3
2016-09-28Move db::mysql into service_config_settingsDan Prince1-0/+15
This patch movs the various db::mysql hiera settings into a 'mysql' specific service_config_settings section for each service so that these will only get applied on the MySQL service node. This follows a similar puppet-tripleo change where we create the actual databases for all services locally on the MySQL service node to avoid permission issues. Change-Id: Ic0692b1f7aa8409699630ef3924c4be98ca6ffb2 Closes-bug: #1620595 Depends-On: I05cc0afa9373429a3197c194c3e8f784ae96de5f Depends-On: I5e1ef2dc6de6f67d7c509e299855baec371f614d
2016-09-23Move keystone::auth into service_config_settingsDan Prince1-6/+8
This patch moves the keystone::auth settings for all services into the new service_config_settings section. This is important because we execute the keystone commands via puppet only on the role containing the keystone service and without these settings it will fail. Note that yaql merging/filtering is used here to ensure that service_config_settings is optional in service templates, and also that we'll only deploy hieradata for a given service on a node running the service (the key in the service_config_settings map must match the service_name in the service template for this to work). e.g the following will result in only deploying keystone: 123 in hiera on the role running the "keystone" service, regardless of which service template defines it. service_config_settings: keystone: keystone: 123 Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265 Closes-bug: 1620829
2016-09-17Add fluentd client serviceLars Kellogg-Stedman1-0/+8
This implements support for installing fluentd agents as a composable service on the overcloud. Depends-On: I2e1abe4d8c8359e56ff626255ee50c9cacca1940 Implements: tripleo-opstools-centralized-logging Change-Id: I23b0e23881b742158fcfb6b8c145a3211d45086e
2016-08-31Availability monitoring agents supportMartin Mágr1-0/+4
- adds possibility to install sensu-client on all nodes - each composable service has it's own subscription Co-Authored-By: Emilien Macchi <emilien@redhat.com> Co-Authored-By: Michele Baldessari <michele@redhat.com> Implements: blueprint tripleo-opstools-availability-monitoring Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-30Mv Nova, Neutron, Horizon out of controller.yamlDan Prince1-0/+24
This patch moves the settings for Nova, Neutron, and Horizon out of controller.yaml. Also fixes the NovaPassword settings in nova-base.yaml so they don't use get_input. Also, creates a new apache.yaml base service to contain shared apache settings for several services which use Apache for WSGI. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: I35d909bd5abc23976b5732a2b9af31cf1448838e Related-bug: #1604414
2016-08-24Update authtoken parameters to match recent changesEmilien Macchi1-1/+4
Update authtoken parameters for: - Aodh - Ironic - Manila - Nova - Ceilometer Change-Id: Ie123b8da1a7af2e406aadca4775de9e8c4e6e1f5
2016-08-18Add DefaultPasswords to composable servicesDan Prince1-0/+4
This patch adds a new DefaultPasswords parameter to composable services. This is needed to help provide access to top level password resources that overcloud.yaml currently manages (passwords for Rabbit, Mysql, etc.). Moving the RandomString resources into composable services would cause them to regenerate within the stack. With this approach we can leave them where they are while we deprecate the top level mechanism and move the code that uses the passwords into the composable services. Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18Pass ServiceNetMap to servicesGiulio Fidente1-0/+7
This will be needed to pick the network where the service has to bind to from within the service template. Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-08-09Move nova's kestone::auth parameters to API profileJuan Antonio Osorio Robles1-0/+14
In the move to composable services, these parameters are not necessary in the controller, but in the profile itself. They are not yet in use but will be used to populate the keystone endpoint. Change-Id: I42e30243b631c10d9454da444afdb50e551bbb2c
2016-07-29Merge "Convert service_name to underscore syntax"Jenkins1-1/+1
2016-07-28Convert service_name to underscore syntaxSteven Hardy1-1/+1
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml we have a lot of references to services (e.g for AllNodesConfig) by underscore, e.g cinder_api. To enable dynamic generation of this data, we need the service name in underscore format. Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-27Migrate Puppet Hieradata to composable servicesEmilien Macchi1-0/+5
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml except for some services that are not composable yet. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-25Composable firewall rulesDan Prince1-0/+10
Split out the firewall rules in puppet/hieradata/controller.yaml into the composable services Depends-On: Id370362ab57347b75b1ab25afda877885b047263 Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
2016-07-25Merge "Move nova::db data within service template"Jenkins1-0/+2
2016-07-22Move nova::db data within service templateGiulio Fidente1-0/+2
Change-Id: I86752248e59a2e98f8ff9b2c5998839f9ade4779
2016-07-22Add 'service_name' to composable servicesDan Prince1-0/+1
This patch adds a new service_name section to each composable service. We now have an explicit unit test check to ensure that service_name exists in tools/yaml-validate.py. This patch also wires service_names into hieradata on each of the roles so that tools can access the deployed services locally during deployment and upgrades. Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-07-19Remove ::nova::cron::archive_deleted_rowsEmilien Macchi1-1/+3
::nova::cron::archive_deleted_rows is not called in puppet-tripleo Nova API profile. Change-Id: Idc343e481ca04b404be5311b2908f016e4517aad Depends-On: I7035f7998c11dc5508dae8c1a750b93c2944b2d4
2016-06-14Enable nova-api as a composable serviceEmilien Macchi1-0/+31
Implement NovaApi service using nova-base for common parameters. Change-Id: Ibcb89b332ab73f18d05e5b2e454964e322b982e6 Implements: blueprint composable-services-within-roles Depends-On: I1dde63a5a7d1624494a7157a9679f88f4cb780e0