summaryrefslogtreecommitdiffstats
path: root/puppet/services
AgeCommit message (Collapse)AuthorFilesLines
2016-08-08Configure project name for keystone::auth resource in heatJuan Antonio Osorio Robles3-1/+2
Heat API and CFN API both need to have teh keystone::auth*::tenant parameters configured. Change-Id: Ibdc3d693f5a63362add3fc71064fc01bb4593403
2016-08-08Move cinder's kestone::auth parameters to API profileJuan Antonio Osorio Robles2-1/+13
In the move to composable services, these parameters are not necessary in the controller, but in the profile itself. They are not yet in use but will be used to populate the keystone endpoint. Change-Id: Ib9b0e474f875a4b2ffbda11c01cb882149997b0c
2016-08-08Move neutron's kestone::auth parameters to server profileJuan Antonio Osorio Robles2-1/+10
In the move to composable services, these parameters are not necessary in the controller, but in the profile itself. They are not yet in use but will be used to populate the keystone endpoint. Change-Id: Ia0866d893c2f3258b0e00efcb8894c7643980173
2016-08-08Merge "Update cinder-api with new authtoken parameters"Jenkins1-4/+4
2016-08-06Add Sahara services to ControllerServices listSteven Hardy5-37/+37
https://review.openstack.org/#/c/318840/ decomposed the Sahara services but they weren't added to the ControllerServices list, thus are now disabled. Since we shipped mitaka with sahara enabled by default, we should probably add them so the behavior is consistent when folks upgrade. This also fixes a couple of issues we missed when landing the initial service templates (partly because CI didn't test them). In order for each service to operate independently when used with Pacemaker, the roles needed to be separated. This commit also does this. Depends-On: Id61eb15b1e2366f5b73c6e7d47941651e40651b1 Change-Id: I0846b328e9d938275e373d58f0b99219b19b326c Closes-Bug: #1592284 Co-Authored-By: Brad P. Crochet <brad@redhat.com>
2016-08-05Merge "Remove keystone PKI related parameters"Jenkins1-16/+0
2016-08-05Update cinder-api with new authtoken parametersEmilien Macchi1-4/+4
Puppet OpenStack modules are moving to a new class to configure Keystone authtoken parameters, so we can more easily enable Keystone v3 from a single interface. It's consistent across all modules and does support both Keystone v2 and v3 parameters. This patch updates Cinder now, but more will follow when we'll add support to all modules. Change-Id: I5aa3f2b03672c14c0dbeac222f421ab94221ecf7
2016-08-05Add Aodh composable rolesPradeep Kilambi5-0/+212
Implements: blueprint composable-services-within-roles Depends-On: Ie48a123cc5bc402aee635a5daf118b158c6f3b6a Closes-Bug: #1601850 Change-Id: Ifcfe0e3937fa8577635d803d46c3dfc2e873e553
2016-08-05Merge "Add environment file to enable DVR"Jenkins4-0/+58
2016-08-05Remove keystone PKI related parametersSteven Hardy1-16/+0
These interfaces have all been deprecated by keystone, and we don't offer any parameter interface to select PKI token format anyway, so remove these to align with keystone reccomendations. The keystone.conf.sample says these values may be silently ignored or removed, so it seems reasonable to do the same here (parameter_defaults should be ignored from old stacks). Change-Id: Ic88d584863a98ed49fc335825fbfba7a52b0f14e Depends-On: I8232262b928c91dcde7bea2f23fa2a7c2660719e
2016-08-04Add environment file to enable DVRBrent Eagles4-0/+58
This patch adds support for conditionally enabling DVR by deploying the L3 and metadata agents on the compute node and setting the proper configuration values throughout. Implements: blueprint neutron-dvr-support Change-Id: I24099795e76ecd520c990ba49d3511288dec7a12
2016-08-04Next generation HA architecture workMichele Baldessari10-0/+19
This is the THT part that brings us the next generation architecture as described in the following spec: https://review.openstack.org/#/c/299628/ Blueprint: https://blueprints.launchpad.net/tripleo/+spec/ha-lightweight-architecture So far we tested deployment + tripleo.sh --overcloud-pingtest and failover + tripleo.sh --overcloud-pingtest Note that many of the Pacemaker template files become redundant with this change, but to simplify the process of getting this change landed, those templates will not be removed until a future commit. Depends-On: I5e7585c08675d8a4bd071523b94210d325d79b59 Change-Id: I00bccb2563c006f80baed623b64f1e17af20dd4e Implements: blueprint ha-lightweight-architecture Co-Author: cmsj@tenshu.net
2016-08-04Merge "Replace hard-coded regionOne with parameter references"Jenkins2-3/+7
2016-08-03Merge "Enable Manila integration - as a composable controller service"Jenkins5-0/+278
2016-08-03Replace hard-coded regionOne with parameter referencesSteven Hardy2-3/+7
In a few places we hard-code the config values to regionOne, but there is a parameter available to set this. Change-Id: I9f5138103deb45f7432ee44e03a08dcf54c2990d
2016-08-02Enable Manila integration - as a composable controller serviceRyan Hefner5-0/+278
Allows the installation and configuration of Manila. Supports the generic driver only. This has a dependency on the puppet-tripleo classes for manila where the puppet specific config now lives. The review at https://review.openstack.org/#/c/315658/ has been merge into this one, as of v68, so manila lands as a composable service. This was brought up on the mailing list at [1] [1] http://lists.openstack.org/pipermail/openstack-dev/2016-May/096126.html Co-Authored-By: Marios Andreou <marios@redhat.com> Implements: blueprint composable-services-within-roles Depends-On: I444916d60a67bf730bf4089323dba1c1429e2e71 Depends-On: I9eda4b3364e5c59342761a1ec71b0eb567c69cf1 Depends-On: I571b65a5402c1028418476a573ebeb9450ed00c9 Change-Id: I7acebac4354fca1f8d7ff6c343c1346bf29b81c6
2016-08-01Merge "Enable glance to use the SSL middleware"Jenkins1-0/+1
2016-08-01Merge "Enable keystone to use the SSL middleware"Jenkins1-2/+1
2016-07-29Enable glance to use the SSL middlewareJuan Antonio Osorio Robles1-0/+1
The http_proxy_to_wsgi middleware was recently added to glance as default in the pipeline [1]. We already enable this middleware for nova, cinder and heat. [1] I481d88020b6e8420ce4b9072dd30ec82fe3fb4f7 Change-Id: I4a8f7fc079ca93c50aa0ef7b0548dc64f6c5cfa0 Depends-On: I51fbc6050dfbdc72f7ee56a2d17dd5223a208a17
2016-07-29Enable keystone to use the SSL middlewareJuan Antonio Osorio Robles1-2/+1
The http_proxy_to_wsgi middleware was recently added to keystone as default in the pipeline [1]. So this takes it into use instead of the non-standard option we were using before, which will be deprecated. We already enable this middleware for nova, cinder and heat. [1] Iad628a863e55cbf20c89ef23ebc7527ba8e1a835 Depends-On: I0fec98a6e1d9c8be4d8b8df382b78ba2815790f9 Change-Id: I8c1b84adc828a2b8c9ea11c4e2b8349427b1b206
2016-07-29move hieradata/ceph into ceph-base serviceEmilien Macchi1-0/+7
Part of composable roles work, move hieradata/ceph into the ceph-base profile directly. Also add a comment in all hieradata files to stop adding more data and use composable services. Change-Id: I97cc22a253b547be6b99312b6072f53b428aae2c
2016-07-29Merge "Stop passing charset=utf8 for neutron database connection option"Jenkins2-2/+2
2016-07-29Merge "Filter null/None service names"Jenkins1-2/+7
2016-07-29Merge "We don't need to set a default for the CephX keys and cluster FSID"Jenkins3-6/+0
2016-07-29Merge "Convert service_name to underscore syntax"Jenkins94-94/+94
2016-07-28We don't need to set a default for the CephX keys and cluster FSIDGiulio Fidente3-6/+0
Change-Id: I28021f27a5adc8433df8abdadf0b571b20674fa6 Partial-Bug: 1607407
2016-07-28Convert service_name to underscore syntaxSteven Hardy94-94/+94
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml we have a lot of references to services (e.g for AllNodesConfig) by underscore, e.g cinder_api. To enable dynamic generation of this data, we need the service name in underscore format. Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-28Merge "Create role for the fake openstack-core resource"Jenkins1-0/+20
2016-07-27Create role for the fake openstack-core resourceGiulio Fidente1-0/+20
Change-Id: Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8 Depends-On: I16a786ce167c57848551c7245f4344c382c55b3d
2016-07-27Migrate Puppet Hieradata to composable servicesEmilien Macchi33-13/+232
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml except for some services that are not composable yet. Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-27Filter null/None service namesSteven Hardy1-2/+7
To enable use of the service_names lists in overcloud.yaml we need to strip any null/None values or list processing becomes cumbersome. These happen because we're currently disabling some services via OS::Heat::None in the resource_registry, it may be possible to remove when we've got a fully composable approach to generating the *Services lists. Change-Id: I8ef53b4279d93850c207c73aab0d75095a2497a2 Partially-Implements: blueprint custom-roles
2016-07-26Merge "Set MDS/OSD firewall ports from ceph-osd template"Jenkins2-3/+7
2016-07-26Merge "Cleanup templates from the shared CephCluster config"Jenkins1-0/+13
2016-07-25Merge "Composable firewall rules"Jenkins27-2/+159
2016-07-25Merge "Convert Swift ringbuilder to composable services format"Jenkins1-0/+40
2016-07-25Merge "Explicitly set nova and neutron host on controllers"Jenkins2-1/+3
2016-07-25Set MDS/OSD firewall ports from ceph-osd templateGiulio Fidente2-3/+7
Change-Id: Ie8d1678e6e32271ff31ea9dd7fcf7ef9e8956b86
2016-07-25Composable firewall rulesDan Prince27-2/+159
Split out the firewall rules in puppet/hieradata/controller.yaml into the composable services Depends-On: Id370362ab57347b75b1ab25afda877885b047263 Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
2016-07-25Cleanup templates from the shared CephCluster configGiulio Fidente1-0/+13
Removes from the templates the old CephCluster configuration and deployment which before roles was distributing the shared settings for the Ceph cluster configuration. Change-Id: Ia704f5d7add85e52dd477f4bc758aa0a02e4b39b
2016-07-25Convert Swift ringbuilder to composable services formatSteven Hardy1-0/+40
This moves the ringbuilder puppet code to puppet-tripleo and migrates to the composable services format. Closes-Bug: #1601857 Change-Id: I0ea2230072d3ff61a4047ffff1f4187951370f67 Depends-On: I427f0b5ee93a0870d43419009178e0690ac66bd6
2016-07-25Merge "Move nova::db data within service template"Jenkins8-0/+55
2016-07-23Merge "Fixes type and description for NeutronL3HA"Jenkins2-3/+8
2016-07-22Merge "Remove unused redis_vip parameter"Jenkins1-2/+1
2016-07-22Merge "Move mysql::host param from MysqlInternal to MysqlNoBracketsInternal"Jenkins7-7/+7
2016-07-22Move nova::db data within service templateGiulio Fidente8-0/+55
Change-Id: I86752248e59a2e98f8ff9b2c5998839f9ade4779
2016-07-22Add 'service_name' to composable servicesDan Prince116-0/+116
This patch adds a new service_name section to each composable service. We now have an explicit unit test check to ensure that service_name exists in tools/yaml-validate.py. This patch also wires service_names into hieradata on each of the roles so that tools can access the deployed services locally during deployment and upgrades. Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-07-21Merge "Deploy Horizon with composable apache service"Jenkins1-0/+28
2016-07-21Fixes type and description for NeutronL3HATim Rozet2-3/+8
puppet-neutron takes this variable as boolean. Although it doesn't change the behavior in master (because the variable is used directly as config), in mitaka it is used as a conditional and should be properly fixed. Also a fix is needed in python-tripleoclient because it is hard coded to be True there based on number of controllers being greater than 1. Therefore we shoudl remove that logic from tripleoclient and implement it in THT. In order to do that the pacemaker version of the variable is defaulted to true. Partial-Bug: 1605379 Change-Id: I0b797dbe188382e2dc32506913aaa60a0a21bd68 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-07-21Explicitly set nova and neutron host on controllersBen Nemec2-1/+3
In I7d07c57b7276815c72d08acaa86f673e43eb0498 we set this for compute nodes, but we also need it for controllers. Otherwise when a controller reboots it may come back up with a different host value, which seems to break networking for anything that was created before the reboot. In my case, it changes from the short hostname (without domain name) to the fqdn. Since we set it to fqdn for the compute nodes, let's do the same for controllers. This moves all of the host setting to the base yaml of the nova and neutron profiles. Change-Id: Ieb793b9e9fd2dfc98584691412f9991aa99e0b47 Closes-Bug: 1604907
2016-07-21Move mysql::host param from MysqlInternal to MysqlNoBracketsInternalGiulio Fidente7-7/+7
The ::host parameter expects IPv6 addresses withouth brackets; this change aligns the remaining services to use MysqlNoBracketsInternal as it happens already for the others (eg. Keystone). Change-Id: Ia72d325447408b1cb5fea836034bbcd75d17ddf1