aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services
AgeCommit message (Collapse)AuthorFilesLines
2016-10-18Fix api_extensions_path in neutron-opencontrail environmentCyril Lopez1-1/+1
There is a missing repositiry for LBaaS in api_extensions_path in neutron-opencontrail. This patch is working in my lab : tripleo liberty and opencontrail 3.0.2 Closes-Bug: #1634120 Change-Id: Ie06612faf226d0e5e75f3f8a9b560118cba5ff4c Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2016-10-17glance_multiple_locations when NovaEnableRbdBackend=trueAttila Fazekas1-1/+1
glance_multiple_locations does not needed when the NovaEnableRbdBackend=false, but it is neede when both the image and the instance storage is rbd and the show_image_direct_url is enabled. The condition introduced in Ia7e0558e4f318640981abb44d188e3479b5eae69 Change-Id: Ia8a8cd9aeda69e9a7db6f95dcf418f56e29cae00 Closes-Bug: 1632285
2016-10-14Merge "Modify the constraint to allow single quote for DPDK core list param"Jenkins1-1/+1
2016-10-14Merge "Move trunk service plugin to the proper list"Jenkins2-2/+2
2016-10-14Merge "Pass heat domain admin password to keystone"Jenkins1-0/+3
2016-10-14Merge "Fixes missing provider mappings for OpenDaylight"Jenkins1-0/+10
2016-10-14heat-api-cfn endpoint is created to RegionOne instead of regionOneLuca Lorenzetto1-1/+1
When deploying, heat-api-cfn is assigned to RegionOne. This leads to a bad user experience when logging into horizon, because if RegionOne is selected by default, the users finds all menus empty (no computing, or anything else). Thanks to trown for finding out the issue. Closes-Bug: 1633524 Change-Id: Ic108280f6b0875ffec10be6f696669962fb82e6b
2016-10-14Fixes missing provider mappings for OpenDaylightTim Rozet1-0/+10
Provider mappings were not parameterized, and this is traditionally required for VLAN provider networks. In ODL Boron with new netvirt, this value is required to be set in order to use external networks. Closes-Bug: #1627898 Change-Id: I8001a4077fc7c4af458033043ea438c32c9772b0 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-14Pass heat domain admin password to keystoneSteven Hardy1-0/+3
This is needed to create the user/domain/project in the keystone profile on whatever role is running the keystone service. Change-Id: I115ead005974080e0a35e3675d9b37828c8934b1 Closes-Bug: #1631130 Depends-On: Ib088a572b384b479f51d56555734d78ab840a1f3
2016-10-14Modify the constraint to allow single quote for DPDK core list paramSaravanan KR1-1/+1
DPDK core list has to be give a string. For multiple cores, it be given as "'1,2'". But the constraint does not allow ' (single quote) to be set in the string. Modifying the constraint pattern. Closes-Bug: #1633433 Change-Id: Ide2194d9ef5c10e276fa1a634919dfb286e483d6
2016-10-14Merge "Fix default Swift ring partition power"Jenkins1-2/+2
2016-10-14Merge "Enable Glance multiple locations when using Ceph"Jenkins3-1/+29
2016-10-13Enable Glance multiple locations when using CephGiulio Fidente3-1/+29
Currently Glance v2 doesn't allow to specify custom locations for images by default, it returns 403. To enable this, the 'show_multiple_locations' param must be set to True. Also see similar change introduced in devstack [1]. 1. Id0f1c398b8b48f2ffc2488b29bc7cbd279069337 Change-Id: Ia7e0558e4f318640981abb44d188e3479b5eae69 Closes-Bug: 1632285
2016-10-13Merge "Enable object versioning in Swift proxy"Jenkins1-0/+2
2016-10-13Merge "Enable proxy headers parsing for Aodh"Jenkins1-0/+1
2016-10-13Merge "Enable proxy headers parsing for Gnocchi"Jenkins1-0/+1
2016-10-13Merge "Enable proxy headers parsing for Ceilometer"Jenkins1-0/+1
2016-10-13Merge "Only set NovaWorkers in the non-default case"Jenkins3-48/+69
2016-10-13Move trunk service plugin to the proper listBrent Eagles2-2/+2
The trunk plugin required for trunk port support in neutron was added to the incorrect plugin list. Change-Id: I8d424d6a6045e07d9fbab1a864470ceefdb1ad8e Closes-Bug: #1633079
2016-10-13Merge "Add HAProxy TLS handled by certmonger as composable service"Jenkins3-10/+121
2016-10-13Enable proxy headers parsing for CeilometerJuan Antonio Osorio Robles1-0/+1
http_proxy_to_wsgi middleware was recently added to Ceilometer [1] and in order to take it into use, we need to enable it via hiera. [1] I24f16dda49bd9e7930ca9f0d32bf0793463aff03 Depends-On: I1812a27202ba3714b354aeb27611d38def87a7fc Related-Bug: #1590608 Change-Id: If8de25afa13de6797895f36c98ffdde8cf3e8656
2016-10-13Merge "Disable IPv6 RAs & Autoconf For All (Not Just Default)"Jenkins1-0/+4
2016-10-13Enable proxy headers parsing for AodhJuan Antonio Osorio Robles1-0/+1
http_proxy_to_wsgi middleware was recently added to Aodh [1] and in order to take it into use, we need to enable it via hiera. [1] If2ada8a94c8e1ceacd4509605b4cd766a78f71d5 Depends-On: I0981e152700ed4511b797011ebe18e857c1fed71 Related-Bug: #1590608 Change-Id: Ie9605ae1e5437f488802b03ca23a325866f0ceb5
2016-10-13Enable proxy headers parsing for GnocchiJuan Antonio Osorio Robles1-0/+1
http_proxy_to_wsgi middleware was recently added to Gnocchi [1] and in order to take it into use, we need to enable it via hiera. [1] Ic5526cf37e70335fa2cc70946a271253f227f129 Related-Bug: #1590608 Change-Id: I145dcfa3455ca1541cbf6b5fc4b601f0813619c0
2016-10-13Merge "Remove duplicate metadata keys from nova-api.yaml"Jenkins1-2/+0
2016-10-12Disable IPv6 RAs & Autoconf For All (Not Just Default)Dan Sneddon1-0/+4
The current kernel sysctl settings modify the net.ipv6.conf.default.accept_ra and net.ipv6.conf.default.autoconf to both be '0'. However, this is overridden by the settings in net.ipv6.conf.all, so no matter what setting is in the ifcfg file for the IPv6 interface, autoconfiguration and accept_ra will be enabled. This causes a security vulnerability where rogue RAs could be used to intercept traffic from the controllers. This change sets both default and all settings to '0' for IPv6 accept_ra and autoconf. Closes-Bug: 1632830 Change-Id: I95b86c5c6feed30dfa5103ffbddb9e85ac567bbb
2016-10-12Merge "Allow Glance API and Registry to be split"Jenkins3-140/+197
2016-10-12Only set NovaWorkers in the non-default caseDan Prince3-48/+69
This patch updates the t-h-t templates for nova services so that we only set the value of workers in the non-default case. TripleO has always defaulted the workers count to 0 and there was recently a regression in nova where they treat the default of 0 as invalid (a bug that may get fixed in nova but we don't want to wait on it) This patch avoids the issue by allowing the default value to be unset if the TripleO default of 0 is configured. Change-Id: I175977b88129d87caeb32332d47eb14816a6d5d4 Closes-bug: #1631133
2016-10-12Remove duplicate metadata keys from nova-api.yamlDan Prince1-2/+0
These keys are already specified in nova-metadata.yaml where they get set correctly per the network management local IP (based on 'service_name' list). Depends-On: I94f985e719a3bf7408655fbbb5ab1aeaf15e994e Change-Id: I5d57561b732783118efd2a637aa137f5f7bcddbc Partial-bug: #1631133
2016-10-12Merge "Add parameters to run nova over httpd"Jenkins1-0/+18
2016-10-12Allow Glance API and Registry to be splitDan Prince3-140/+197
The glance-api and glance-registry services are currently coupled in that some of the hiera settings in the API are required for the registry to run correctly (the backend settings). This patch moves some of the common settings into glance-base and then updates the glance-api and glance-registry services to supply that service. Change-Id: Ie3d7e24c7fd475e3f6ad542c1654eb7dbd9d9b35 Closes-bug: #1628582
2016-10-12Merge "Set the notification driver for glance"Jenkins1-0/+1
2016-10-11Enable object versioning in Swift proxyChristian Schwede1-0/+2
Tempest expects object versioning to be enabled by default in Swift; if not it has to be disabled explicitly in the Tempest config. This is a commonly used middleware, therefore it should be enabled in the overcloud proxy nodes as well. Closes-Bug: 1632215 Depends-On: I07a206473ff7939749e3eba1dfe3ea8c4526eb5c Change-Id: I4eae08ff3f9a3a2f829c3497c1c2aaee8e7f8554
2016-10-10Merge "Remove unneeded *_enable_backend hiera from Manila backends"Jenkins3-12/+0
2016-10-10Fix default Swift ring partition powerChristian Schwede1-2/+2
Looks like swift::ringbuilder::part_power is not used at all; actually the partition power on the overcloud is 18, which is the default in puppet-swift if nothing else is defined. Closes-Bug: 1631926 Depends-On: I78049105adf52226d47cc6764b1ba6c2c06e91e5 Change-Id: I65335c8d31ed1130e71f1e193eb519b9f7f2438e
2016-10-10Set the notification driver for glancePradeep Kilambi1-0/+1
Need to set the right default notification driver for glance so telemetry receives them accordingly. Without this tempest tests fail. Closes-bug: #1631939 Change-Id: I1cee5467d077eea6142076925646f7d0cdae96c7
2016-10-07Merge "Renames OpenDaylight to OpenDaylightApi and splits out OVS configuration"Jenkins1-11/+0
2016-10-07Remove unneeded *_enable_backend hiera from Manila backendsGiulio Fidente3-12/+0
Depends-On: I04e28a95e8d69a24cd3df109bf1802bfcbd941db Change-Id: I4ada033155e5fde0add08ec9aa8f6af7c31d53f3
2016-10-07Merge "Specify the Ceph packages to be installed"Jenkins1-0/+6
2016-10-06Specify the Ceph packages to be installedJohn Fulton1-0/+6
The puppet-ceph module defaults to 'ceph' but that is a metapacakge which isn't provided in all repos. Depends-On: I13462219522386f8740b0d70916a44f3474115e4 Change-Id: Ie55d22301dd22102d471e6002dfcaad4bfadd5f6 Related-Bug: 1629933
2016-10-06Enable firewalling by default on compute nodesEmilien Macchi4-5/+12
- Move VXLAN and VRRP rules from Neutron Server to the right services. - Enable Firewall by default on Compute nodes. Change-Id: I99d172dcedaf6be297aad184cc51fe9f292a57e1
2016-10-06Re-enable ManageFirewall by default.Dan Prince2-3/+3
This default setting got lots in the composable roles/services patches. Re-enable the ManageFirewall setting by default per what we did in git commit 73c76b867ddc8a23a30b9a3cac4031189d4178c6. We also fix a typo in neutron-api.yaml so that the firewall rules matches to service_name. (otherwise it won't get loaded). Also, drops the environments/manage-firewall.yaml which is no longer needed if we enable firewall management by default. Change-Id: Ie198e4efd190131d0722085b10ef77da9005bc1b Closes-bug: 1629934
2016-10-06Merge "restore missing fluentd client functionality"Jenkins2-2/+2
2016-10-05Set proper ceph config path for manilaTom Barron1-1/+1
When deploying manila with cephfs backend, /etc/manila/manila.conf should define cephfs_conf_path = /etc/ceph/ceph.conf in the cephfs native backend since this is the conventional path that ceph operators expect and since we document that path upstream. Change-Id: I4abf5c33b675b1102413a84d64f4ce23b07b4485 Closes-Bug: 1630777
2016-10-05restore missing fluentd client functionalityLars Kellogg-Stedman2-2/+2
in the great rebase following the JINJA ALL THE THINGS changes we lost critical functionality in the fluentd client service. This review restores the missing features. Change-Id: I7c23f16f81e75f3da6a24587b2eb8385b3e920a4 Closes-bug: 1630692
2016-10-05Renames OpenDaylight to OpenDaylightApi and splits out OVS configurationTim Rozet1-11/+0
This patch modifies the service name to be more appropriately called "OpenDaylightApi" along side the "OpenDaylightOvs" service used to configure OpenVSwitch. It also splits out the OVS configuration for controller nodes into the composable OpenDaylightOvs service. Related-Bug: #1629408 Change-Id: I15221401acdfb2a9ef81107b54a8005348f8372f Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-04Include redis/mongo hiera when using pacemakerDan Prince2-2/+2
This patch updates the pacemaker composable service templates for mongo and redis to extend the proper base (redis.yaml and mongo.yaml) templates instead of the -base.yaml versions. This was causing some missing hiera settings for these services which caused symptoms like missing firewall rules for these services. Change-Id: I3f94acbf4d1baadbb151b1c4d34b4a0ab28ad5e5 Partial-bug: #1629934
2016-10-03Merge "Cinder volume service is not managed by Pacemaker on BlockStorage"Jenkins2-1/+1
2016-10-03Merge "Balance Rabbitmq Queue Master Location on queue declaration with ↵Jenkins1-0/+1
min-masters strategy"
2016-10-01Change rabbitmq queues HA mode from ha-all to ha-exactlyMichele Baldessari1-0/+9
It turns out that reducing number of rabbitmq queues in cluster significantly improves performance of cluster especially in the case of failover recovery time. Right now the cluster uses ha-all mode for rabbitmq queues. It is best to change this to "ha-exactly" mode and reduce the number of queue copies to ceil(N/2) where N is number of controllers in the cluster - so in typical scenario of 3 controller It would be 2 by default. It does not make much sense to keep the copies of queues over whole cluster since if the quorum of nodes is lost then the rest of cluster nodes will be stopped anyway. We let the user override this with a parameter. I.e. for a 3 node controlplane cluster we will go from this: pcs resource show rabbitmq Resource: rabbitmq (class=ocf provider=heartbeat type=rabbitmq-cluster) Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}" To this: pcs resource show rabbitmq Resource: rabbitmq (class=ocf provider=heartbeat type=rabbitmq-cluster) Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}" According to Marin Krcmarik's testing recovery time from failure was reduced significantly. Partial-Bug: #1628998 Change-Id: Iace6daf27a76cb8ef1050ada0de7ff1f530916c6