aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services
AgeCommit message (Collapse)AuthorFilesLines
2017-01-10Removes deprecated OpenDaylight L2 only deploymentsTim Rozet1-5/+0
Deploying ODL without L3 DVR is no longer supported. This patch moves the opendaylight-l3 env settings to be the new default for opendaylight env file, while also removing any option to disable L3. Closes-Bug: 1654586 Change-Id: Ia2488cb0b752fb4b33f03caa7a1d2469d20395f0 Signed-off-by: Tim Rozet <trozet@redhat.com>
2017-01-06Template and role support for the undercloudDan Prince1-0/+3
Add a new roles data YAML file and environment to help create the undercloud via t-h-t. Partially-implements: blueprint heat-undercloud Change-Id: I36df7fa86c2ff40026d59f02248af529a4a81861
2017-01-06Heat engine settings required for UndercloudDan Prince1-0/+12
This patch adds several new heat engine setting that are required in order to configure a fully working Heat engine in the undercloud. New parameters have been added for the max resources and convergence settings. I've hard coded the max stack depth at 6 which matches our undercloud and should be fine as a default setting I think (would rarely need overridden). Change-Id: I335476f46b4bea4b9f3ac70a6312a7e906f43ba6
2017-01-06Merge "Set rabbitmq package_provider to yum"Jenkins1-0/+1
2017-01-05Merge "Merge mysql service_config_settings for nova"Jenkins1-15/+17
2017-01-05Merge mysql service_config_settings for novaJames Slagle1-15/+17
The hieradata from the nova-base.yaml service template needs to be available to the role running mysql, which isn't necessarily the same role as nova. nova-base.yaml isn't an actual service template though that is included in any ServiceChain resources, it's outputs need to be merged with an actual nova service template, such as nova-api.yaml. As nova-api.yaml already provides some hieradata for the mysql service in service_config_settings, this patch uses map_merge to combine the 2 values. Change-Id: I4dc684b3611b13f177f9499e69468d3f6ef6fa76 Closes-Bug: #1654058
2017-01-05Merge "nova-api: legacy cleanup with old wsgi params"Jenkins1-11/+0
2017-01-05Merge "nova-api: also include hiera for new apache_api class"Jenkins1-3/+14
2017-01-05Merge "Configure Heat engine metadata URL's"Jenkins1-0/+17
2017-01-04nova-api: legacy cleanup with old wsgi paramsEmilien Macchi1-11/+0
Cleanup old legacy params for wsgi config. Change-Id: Ic775de171c95d43d9273e1a29db2ab685fdf7706 Depends-On: I59b3b36be33268fa6e261a7db3c4aa8e8e712ffb
2017-01-04nova-api: also include hiera for new apache_api classEmilien Macchi1-3/+14
puppet-nova renamed nova::wsgi::apache to nova::wsgi::apache_api to welcome nova::wsgi::apache_placement (for nova placement API). This patch adds the required parameters before we make the switch in puppet-tripleo. Legacy parameters will be removed when the switch will be done in puppet-tripleo. Change-Id: I5fc99062d349597393e2248c66f2d863029c7730
2017-01-04Set rabbitmq package_provider to yumJames Slagle1-0/+1
When deploying with EnablePackageInstall:True, the rabbitmq puppet module defaults to the rpm package provider, which then tries to "rpm -i undef" since we are setting rabbitmq::package_source to undef. Instead of using the rpm provider at all, we should just use the yum provider to install whatever rabbitmq rpm's are found in enabled repos. Change-Id: I29365e675bfde676fde7a54dfc6c660c3970f50a Partially-implements: blueprint split-stack-software-configuration
2017-01-04Merge "Adds missing firewall rules for OpenDaylight API service"Jenkins1-0/+6
2017-01-04Merge "DB connection: prevent src address from binding to a VIP"Jenkins18-0/+38
2017-01-04Merge "Specify cell0 db creation"Jenkins1-0/+4
2017-01-04Configure Heat engine metadata URL'sDan Prince1-0/+17
Tried to use the heat-engine composable service in the Undercloud and I discovered that my software deployments (when spinning up an overcloud) weren't getting signals from my t-h-t configured undercloud heat. This patch resolves the issues by configuring the metadata URLs for Heat. Change-Id: I57c9e7010bfe4afc6e62fb4c3406716d11cdfa28 Closes-bug: #1653985
2017-01-03Expose enabled_perf_events libvirt optionsPradeep Kilambi1-0/+9
For cache monitoring technology feature to work, nova config libvirt settings should have the perf events enabled for nova to emit these so telemetry can capture them. Depends-On: Ia27e6831f3f6e9cdeaacb650039be5c81b90cb40 Change-Id: I92c318008b965a6527acbce85b41a545eda7ee18
2017-01-03Specify cell0 db creationAlex Schultz1-0/+4
This change pulls the hard coded value out of puppet-tripleo to later allow people to skip the cell0 creation if they want a more complex cell v2 setup for nova. Change-Id: I08119d781ef60750cc19753bc03190e413159925 Related-Bug: #1649341
2017-01-03Merge "Increase libvirt/qemu.conf max_files and max_processes"Jenkins1-0/+3
2017-01-03Merge "Set gnocchi wsgi display name"Jenkins1-0/+1
2017-01-03Merge "Bump template version for all templates to "ocata""Jenkins172-172/+172
2017-01-03Merge "Set aodh wsgi display name"Jenkins1-0/+1
2017-01-03DB connection: prevent src address from binding to a VIPDamien Ciabrini18-0/+38
When a service connects to the database VIP from the node hosting this VIP, the resulting TCP socket has a src address which is by default bound to the VIP as well. If the VIP is failed over to another node while the socket's Send-Q is not empty, TCP keepalive won't engage and the service will become unavailable for a very long time (by default more than 10m). To prevent failover issues, DB connections should have the src address of their TCP socket bound to the IP of the network interface used for MySQL traffic. This is achieved by passing a new option to the database connection URIs. This option is available starting from PyMySQL 0.7.9-2. We use a new intermediate variable in hiera to hold the IP to be used as a source address for all DB connections. All services adapt their database URI accordingly. Moreover, a new YAML validation check is added to guarantee that new services will construct their database URI appropriately. Change-Id: Ic69de63acbfb992314ea30a3a9b17c0b5341c035 Closes-Bug: #1643487
2016-12-23Merge "Pass nova rabbit information to mysql"Jenkins1-0/+6
2016-12-23Merge "Split OVN northd and ml2 plugin"Jenkins2-10/+41
2016-12-23Bump template version for all templates to "ocata"Steven Hardy172-172/+172
Heat now supports release name aliases, so we can replace the inconsistent mix of date related versions with one consistent version that aligns with the supported version of heat for this t-h-t branch. This should also help new users who sometimes copy/paste old templates and discover intrinsic functions in the t-h-t docs don't work because their template version is too old. Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-23Merge "Manage disallow_iframe_embed"Jenkins1-0/+1
2016-12-22Merge "Adds missing OpenDaylight username/password from ODL OVS service"Jenkins1-0/+11
2016-12-22Pass nova rabbit information to mysqlAlex Schultz1-0/+6
The cell v2 setup requires the transport url for nova. We need to provide mysql with the rabbit connection information so that it can it when setting up the cell information. Change-Id: I43ba77cd4c8da7c6dc117ab0bd53e5cd330dc3de Related-Bug: #1649341
2016-12-22Merge "Decouple swift-proxy from ceilometer"Jenkins1-21/+43
2016-12-22Add hook to generate metadata from service profilesJuan Antonio Osorio Robles2-0/+20
This enables the deployer to dynamically add nova metadata to the servers based on the output of service profiles that implement the metadata_settings key in the role_data output for the profiles. One can set an implementation via the OS::TripleO::ServerMetadataHook resource, which currently is set as OS::Heat::None. So, because of the default implementation, if left untouched it actually does nothing. Currently, besides the list, which is metadata_settings, this hook also takes the name of the node that it's setting the metadata for. This is useful for nova vendordata plugins that can parse said metadata. Change-Id: I8a937f711f0b90156fbb6c4632760435ef846474
2016-12-20Adds missing firewall rules for OpenDaylight API serviceTim Rozet1-0/+6
Custom role deployments were not working when ODL API was on a different node due to firewall rules blocking traffic. This patch adds the missing rules for the REST communication to ODL (8081 by default), OVSDB connection (6640), and OpenFlow protocol (6653). Closes-Bug: 1651476 Depends-On: I1f2af2793d040fda17bf73252afe59434d99f31f Change-Id: Ic0119c783d01e864c49fa06a66fdd68c059a726b Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-12-20Adds missing OpenDaylight username/password from ODL OVS serviceTim Rozet1-0/+11
ODL username and password are already present in the OpenDaylightApi service. However, when moving the OpenDaylightApi service to its own custom role, the Controller/Compute nodes no longer have access to these hiera values. This patch adds them also to the OpenDaylightOvs service. Closes-Bug: 1651499 Depends-On: I418643810ee6b8a2c17a4754c83453140ebe39c7 Change-Id: I169fdad4c94bd6dfc1fe7cde3d6b19b36d916af7 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-12-20Set gnocchi wsgi display namePradeep Kilambi1-0/+1
Depends-On: Ice921f0fdd4bec6de50e62c39c447ee40dc0e8f5 Change-Id: I4109ac83c32ee2365695611009579a8b117134ff
2016-12-20Set aodh wsgi display namePradeep Kilambi1-0/+1
Depends-On: I53b156505e08625d56ed6a302cf5b5c30e8e288c Change-Id: Id9791d8a19a74c1f0855e794170f66542f88a548
2016-12-20Set the default event pipeline publisherPradeep Kilambi1-0/+5
Since we have aodh enabled for alarms, we should set the notifier to the default queue alarm.all. Closes-bug: #1590473 Change-Id: Ibcb5076424ac2ddcd18ff717d82da1aec4c035cb
2016-12-20Merge "Expose param to enable legacy ceilometer api"Jenkins1-0/+5
2016-12-19Merge "Remove unused attr from templates"Jenkins1-1/+0
2016-12-19Merge "Revert "Switch mistral to use authtoken configuration""Jenkins1-4/+2
2016-12-19Revert "Switch mistral to use authtoken configuration"Ben Nemec1-4/+2
It turns out the puppet-mistral change this depends on broke introspection, so we need to back it out for now. This reverts commit ed029e5bf279945e82bff8766af4093856a7ac6a. Change-Id: I828478267935cdc68aa24de8c9dc2d12fcadb631
2016-12-19Merge "Switch mistral to use authtoken configuration"Jenkins1-2/+4
2016-12-19Merge "Correction to SRIOV THT Examples"Jenkins1-2/+3
2016-12-19Merge "Set rabbitmq's port and IP via the config file and not the env file"Jenkins1-1/+3
2016-12-19Split OVN northd and ml2 pluginSteven Hardy2-10/+41
This allows us to take advantage of the composable roles hiera settings to connect the plugin to the northd/ovndb API without needing to hard-code the IP of the node running the service. Change-Id: I2508d48f81c1819ae3521fff271c0bdc50724604 Depends-On: I9af7bd837c340c3df016fc7ad4238b2941ba7a95 Closes-Bug: #1634171
2016-12-16Increase libvirt/qemu.conf max_files and max_processesGiulio Fidente1-0/+3
When Nova and/or Cinder are using Ceph as backend, qemu will need to open a connection and two threads for each and every Ceph OSD. This change raises the max_files (set to 1024 by default) to 32768 and the max_processes (set to 4096 by default) to 131072. The max number of FDs is per-process, while the max number of processes is per-user. The values can be overridden via ExtraConfig, no params are added to the templates. A more detailed description of the values were chosen can be found at: https://access.redhat.com/solutions/1602683 Change-Id: I1e79675f6aac1b0fe6cc7269550fa6bc8586e1fb Depends-On: I258afd3ee6633e4b2ebc45aa8611be652476be0c
2016-12-14Set rabbitmq's port and IP via the config file and not the env fileJuan Antonio Osorio Robles1-1/+3
The RabbitMQ's puppet manifest configures the node's IP and port through environment variables. While this would usually be fine, it doesn't allow us to use TLS-only, since it will always try to start a TCP listener. So, by setting these values through the config file, when setting ssl_only for rabbitmq, they will effectively be discarded and thus allow us to use an SSL listener on the same port. Change-Id: I33d051a8c740baf69b99517378e1f9b0f3cc1681
2016-12-14Enable SECURE_PROXY_SSL_HEADER option for horizonJuan Antonio Osorio Robles1-0/+1
This reads makes Django take the X-Forwarded-Proto header into account when forming URLs. Change-Id: Ice64de9a11d7819ae7f380279ff356342d9b6673 Depends-On: Ifed7d4c3409419c01c5b20c707221c1fc76ea09e
2016-12-13Manage disallow_iframe_embedLuke Hinds1-0/+1
disallow_iframe_embed can be used to prevent Horizon from being embedded within an iframe. Legacy browsers are still vulnerable to a Cross-Frame Scripting (XFS) vulnerability, so this option allows extra security hardening where iframes are not used in deployment Change-Id: I2fe6b243250608b340ee555062060dbdad1a49c4 Depends-On: I5c540e552efe738bdec8598f9257fa22ae651a76 Closes-Bug: #1641882
2016-12-11Decouple swift-proxy from ceilometerDan Prince1-21/+43
This patch updates the swift-proxy base profile so that we now explicitly set the rabbit_port. This allows us to remove the use of puppet-ceilometer default settings in the puppet-tripleo modules change ID here: I8d9f69f5e9160543b372bd9886800f16f625fdc6 It also adds a new boolean parameter that allows the end user to disable the swift ceilometer pipeline by setting SwiftCeilometerPipelineEnabled to false. This two settings allow Swift to once again be installed on a machine without configuring Ceilometer. Depends-On: Id1584df5e5bb90f8087ae25eecc4834179b6fc21 Change-Id: Ief5399d7ea4d26e96ce54903a69d660fa4fe3ce9 Related-bug: #1648736
2016-12-10Switch mistral to use authtoken configurationAlex Schultz1-2/+4
The upstream puppet module is adding the proper keystone authtoken middleware support. This change updates THT to use the keystone authtoken class rather than the deprecated settings. This also allows for proper keystone v3 integration. Change-Id: Iaf82716122a25e3e0785de1250d24edaaa5e4d04 Depends-On: I71969ef09018f9daa5f81c4f3bcbdb0b0974446c