aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/swift-proxy.yaml
AgeCommit message (Collapse)AuthorFilesLines
2017-05-25Add ignore_projects to filter gnocchi eventsPradeep Kilambi1-0/+8
Without this, ceilometer db gets hammered with gnocchi swift events. Keystone creds are required so middleware can query for id. Related change: I5c0f4f1a2c7fe7eb39ea6441970e9ac0946a4ec1 Change-Id: I9a7a80252703e470a69dc10352e7ece45ab23150
2017-05-19Update the template_version alias for all the templates to pike.Carlos Camacho1-1/+1
Master is now the development branch for pike changing the release alias name. Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
2017-05-15Add role specific information to the service templateSaravanan KR1-0/+10
When a service is enabled on multiple roles, the parameters for the service will be global. This change enables an option to provide role specific parameter to services and other templates. Two new parameters - RoleName and RoleParameters, are added to the service template. RoleName provides the role name of on which the current instance of the service is being applied on. RoleParameters provides the list of parameters which are configured specific to the role in the environment file, like below: parameters_default: # Default value for applied to all roles NovaReservedHostMemory: 2048 ComputeDpdkParameters: # Applied only to ComputeDpdk role NovaReservedHostMemory: 4096 In above sample, the cluster contains 2 roles - Compute, ComputeDpdk. The values of ComputeDpdkParameters will be passed on to the templates as RoleParameters while creating the stack for ComputeDpdk role. The parameter which supports role specific configuration, should find the parameter first in in the RoleParameters list, if not found, then the default (for all roles) should be used. Implements: blueprint tripleo-derive-parameters Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
2017-04-05Add parameters for internal TLS for swift proxyJuan Antonio Osorio Robles1-2/+31
This adds the necessary parameter for swift proxy to be terminiated internally by a TLS proxy. bp tls-via-certmonger Change-Id: I3cb9d53d75f982068f1025729c1793efaee87380 Depends-On: I6e7193cc5b4bb7e56cc89e0a293c91b0d391c68e
2017-03-09Merge "Set number of Swift proxy server workers to auto"Jenkins1-2/+2
2017-02-28Put service stop at step1 and quiesce at step2.Sofer Athlan-Guyot1-1/+1
In the previous release[1], the services were stopped before the pacemaker services, so that they get a chance to send last message to the database/rabbitmq queue: Let's do the upgrade in the same order. [1] https://github.com/openstack/tripleo-heat-templates/blob/stable/newton/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh#L13-L71 Change-Id: I1c4045e8b9167396c9dfa4da99973102f1af1218
2017-02-23Enable TLS for swift-proxy's ceilometer notificationsJuan Antonio Osorio Robles1-0/+1
If the message broker is using TLS, we enable it for these notifications. Change-Id: I4f37e77ae12e9582fab7d326ebd4c70127c5445f Depends-On: If23d1f0d20264faaddc2e5ad54863483fa43ed41
2017-02-14Use Keystone internal endpoint instead of admin for servicesJuan Antonio Osorio Robles1-1/+1
The admin endpoint is listening on the ctlplane network by default; services should ideally be using the internal api network for this kind of traffic, as the ctlplane network is mostly for provisioning. On the other hand, the admin endpoint shouldn't be as relevant with services switching to keystone v3. Change-Id: I1213a83ef8693c1cca1d20de974f7949a801d9f1
2017-01-31Add ability to toggle swift's ceilometer transport_url SSLJuan Antonio Osorio Robles1-0/+7
So, if RabbitClientUseSSL is set, this will enable TLS for the swift's ceilometer message broker connection. Change-Id: Ide70a509aefc9e7eb9d7cc5b3a60520fa42b4010 Depends-On: I8b7457b6233c4f88af2d7bc1b9304fcccb6edf61
2017-01-19Add swift service support for composable upgradesSteven Hardy1-0/+4
Co-Authored-By: Sofer Athlan-Guyot <sathlang@redhat.com> Partially-Implements: blueprint overcloud-upgrades-per-service Closes-Bug: #1655651 Change-Id: I83134f51d152f3b97f9a570bbd9a67c753982810
2017-01-19Swift proxy align *-quotas with puppet-swift syntaxSteven Hardy1-2/+2
puppet-swift has hard-coded sections which expect these to be *_quotas, without matching the pipeline to the sections swift proxy fails to start. Change-Id: I3ee94a9bc4b046051e5d814e82a69f759bea1296 Closes-Bug: #1657167
2017-01-09Set number of Swift proxy server workers to autoChristian Schwede1-2/+2
Setting the default Swift proxy workers to 0 actually results in a single Swift proxy worker, no matter how many CPU cores are available. This is not the default Swift setting and is most likely not sufficient. Setting this to auto uses the default in Swift, which equals to the number of CPU cores. Closes-Bug: 1655070 Change-Id: Ic321b6111f8697ba3cc1554611fee44c2e540759
2016-12-23Bump template version for all templates to "ocata"Steven Hardy1-1/+1
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-11Decouple swift-proxy from ceilometerDan Prince1-21/+43
This patch updates the swift-proxy base profile so that we now explicitly set the rabbit_port. This allows us to remove the use of puppet-ceilometer default settings in the puppet-tripleo modules change ID here: I8d9f69f5e9160543b372bd9886800f16f625fdc6 It also adds a new boolean parameter that allows the end user to disable the swift ceilometer pipeline by setting SwiftCeilometerPipelineEnabled to false. This two settings allow Swift to once again be installed on a machine without configuring Ceilometer. Depends-On: Id1584df5e5bb90f8087ae25eecc4834179b6fc21 Change-Id: Ief5399d7ea4d26e96ce54903a69d660fa4fe3ce9 Related-bug: #1648736
2016-11-28Merge "adding swift middleware that is typically enabled by default"Jenkins1-0/+5
2016-11-18Make Ceilometer notifications non-blockingChristian Schwede1-0/+1
Ceilometer notifications can be sent in a background thread, unblocking the Swift proxy in case the RabbitMQ is not processing notifications quick enough or even unavailable. There is a default queue size of 1000 notifications. If more messages are added to the queue these will be discarded, and a warning log entry will be emitted. Change-Id: I98022dcbf661a5bb7425f49ba8525225d61212dc
2016-11-09adding swift middleware that is typically enabled by defaultThiago da Silva1-0/+5
Adding these features are typically enabled by default in any swift cluster. See upstream sample: https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample Change-Id: I29915d1b86da5c47ec34acfb89ab8234e153bf31 Signed-off-by: Thiago da Silva <thiago@redhat.com> Depends-On: Ie323f68255a73d46e774cbf49d9353c3bf90c35e
2016-11-09Merge "set url_base option in static web middleware"Jenkins1-0/+1
2016-11-08set url_base option in static web middlewareThiago da Silva1-0/+1
Depends-On: Icf45cf2aece398b836c87ddffde5d3056e96dc4d Change-Id: I3577dc38a0b52092ee5e98a381eb52c3d2768c10 Signed-off-by: Thiago da Silva <thiago@redhat.com>
2016-11-04swift/proxy: remove swift::proxy::ceilometer::rabbit_hostEmilien Macchi1-1/+0
The param is now managed in puppet-tripleo like other services. Change-Id: I306aa6ac6e2cfc0d4602e15e11564a6be096a121 Depends-On: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d
2016-10-28Fix Swift proxy pipeline orderingChristian Schwede1-1/+1
The Ceilometer middleware is in the wrong place; actually any middleware should be deployed after catch_errors to catch any errors that would otherwise crash the proxy service. Additionally the ceilometer middleware should be deployed after any authentication middleware. Closes-Bug: 1637471 Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: I710ff2f51271a78582fa502e7eecfa687800c664
2016-10-20Include ceilometer in swift proxy pipelinePradeep Kilambi1-0/+12
new ceilometermiddleware is available and integrated into puppet-swift. Lets leverage it and include it in the swift proxy pipeline. The correcponding puppet triple change for this is Ie49f4a750368ff174b23b8d6baa743d0956d727e Closes-Bug: #1631108 Change-Id: I82da0240d60d1eed54f1c0927e6157bb63025a19
2016-10-11Enable object versioning in Swift proxyChristian Schwede1-0/+2
Tempest expects object versioning to be enabled by default in Swift; if not it has to be disabled explicitly in the Tempest config. This is a commonly used middleware, therefore it should be enabled in the overcloud proxy nodes as well. Closes-Bug: 1632215 Depends-On: I07a206473ff7939749e3eba1dfe3ea8c4526eb5c Change-Id: I4eae08ff3f9a3a2f829c3497c1c2aaee8e7f8554
2016-09-23Move keystone::auth into service_config_settingsDan Prince1-14/+16
This patch moves the keystone::auth settings for all services into the new service_config_settings section. This is important because we execute the keystone commands via puppet only on the role containing the keystone service and without these settings it will fail. Note that yaql merging/filtering is used here to ensure that service_config_settings is optional in service templates, and also that we'll only deploy hieradata for a given service on a node running the service (the key in the service_config_settings map must match the service_name in the service template for this to work). e.g the following will result in only deploying keystone: 123 in hiera on the role running the "keystone" service, regardless of which service template defines it. service_config_settings: keystone: keystone: 123 Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265 Closes-bug: 1620829
2016-09-02Merge "Availability monitoring agents support"Jenkins1-0/+4
2016-08-31Last round of modern authtoken updateEmilien Macchi1-3/+3
It updates Glance, Neutron and Swift to deploy authtoken with modern pattern. Change-Id: Icfaf011ea4a23bc47d2fb45e8768f8238532dab3
2016-08-31Availability monitoring agents supportMartin Mágr1-0/+4
- adds possibility to install sensu-client on all nodes - each composable service has it's own subscription Co-Authored-By: Emilien Macchi <emilien@redhat.com> Co-Authored-By: Michele Baldessari <michele@redhat.com> Implements: blueprint tripleo-opstools-availability-monitoring Change-Id: I6a215763fd0f0015285b3573305d18d0f56c7770
2016-08-25Move Swift hiera settings into composable servicesDan Prince1-45/+61
This moves the swift local bind and hash prefix settings into the relevant swift-* composable services. Change-Id: I807ff14c4cc9afa39efee13849e0f8c22718f1c0
2016-08-18Add DefaultPasswords to composable servicesDan Prince1-0/+3
This patch adds a new DefaultPasswords parameter to composable services. This is needed to help provide access to top level password resources that overcloud.yaml currently manages (passwords for Rabbit, Mysql, etc.). Moving the RandomString resources into composable services would cause them to regenerate within the stack. With this approach we can leave them where they are while we deprecate the top level mechanism and move the code that uses the passwords into the composable services. Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18Pass ServiceNetMap to servicesGiulio Fidente1-0/+6
This will be needed to pick the network where the service has to bind to from within the service template. Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-07-29Merge "Convert service_name to underscore syntax"Jenkins1-1/+1
2016-07-28Convert service_name to underscore syntaxSteven Hardy1-1/+1
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml we have a lot of references to services (e.g for AllNodesConfig) by underscore, e.g cinder_api. To enable dynamic generation of this data, we need the service name in underscore format. Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-27Migrate Puppet Hieradata to composable servicesEmilien Macchi1-0/+26
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml except for some services that are not composable yet. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-25Composable firewall rulesDan Prince1-0/+5
Split out the firewall rules in puppet/hieradata/controller.yaml into the composable services Depends-On: Id370362ab57347b75b1ab25afda877885b047263 Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
2016-07-22Add 'service_name' to composable servicesDan Prince1-0/+1
This patch adds a new service_name section to each composable service. We now have an explicit unit test check to ensure that service_name exists in tools/yaml-validate.py. This patch also wires service_names into hieradata on each of the roles so that tools can access the deployed services locally during deployment and upgrades. Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-06-21Parametrize and increase default of swift-proxy node_timeoutJiri Stransky1-0/+5
We've had problems uploading images on slow virtualized environments, where the requests to swift would time out. The issue has been seen both on undercloud and overcloud. The default timeout is 10 seconds, the issue has been reportedly reproduced on undercloud with node_timeout as high as 30 seconds, but not with 60 seconds yet. Set the default timeout to 60 seconds on overcloud too. Change-Id: I7d486cf4dc9768ddbf71ab71e92db8d2ef29978e Closes-Bug: #1594725
2016-05-31Convert Swift proxy to composable services formatSteven Hardy1-0/+49
Switch the swift proxy service to use the new composable services format. Change-Id: Idc9ac64818882e73836ac99bbad56eec184c9a5d Partially-Implements: blueprint composable-services-within-roles Depends-On: I6bd72284911f3f449157a6fc00b76682dd53bd8c