aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services
AgeCommit message (Collapse)AuthorFilesLines
2016-11-10Merge "Fixes incorrect reference to OpendaylightApiNetwork"Jenkins1-1/+1
2016-11-10Merge "Ensure heat-domain hiera is in nodes that contain keystone"Jenkins3-12/+21
2016-11-10Fix typo in Keystone Sensu subscriptionMartin Mágr1-1/+1
Closes-Bug: rhbz#1392428 Closes-Bug: #1640834 Change-Id: I2a1a869493ccb4c8d5b9aea26b8ef947750d2cfe
2016-11-10Neutron L3 service cleanups for hiera json hookDan Prince1-7/+15
This patch resolves a few issues I noticed when porting our Neutron L3 service to support the new heat hiera agent hook (which uses Json instead of Yaml). - If NeutronExternalNetworkBridge is an emptry string '' Json was dropping the single quotes thus causing the bridge to get set incorrectly in the config file. To correct this we use a heat conditional to avoid setting the external bridge (the '' default is what we want in this case) if the bridge is an empty string. Change-Id: I5037cbde6b76a37a4c22c4616278420e9d759109 Partial-bug: #1596373
2016-11-10Handle null role_data in servicesDan Prince1-10/+11
This patch updates the Yaql expressions that work on role_data so that they evaluate properly when the get_attr for role_data is null. I hit issues using this for the heat undercloud installer and this seems to resolve them. Change-Id: I0493d0525cd3ad280339f26ef9d3aa311af9962e
2016-11-09adding swift middleware that is typically enabled by defaultThiago da Silva1-0/+5
Adding these features are typically enabled by default in any swift cluster. See upstream sample: https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample Change-Id: I29915d1b86da5c47ec34acfb89ab8234e153bf31 Signed-off-by: Thiago da Silva <thiago@redhat.com> Depends-On: Ie323f68255a73d46e774cbf49d9353c3bf90c35e
2016-11-09Add firewall rules for manila api serviceTom Barron1-0/+5
When the manila api service is deployed on a different role than the controller the iptables rules on that role fail to ACCEPT tcp at the manila API ports. Add tripleo.manila_api.firewall_rules to the relevant puppet services module. Change-Id: I1c5459f5ba989657fd99fd72c7ac9f8781cc7206 Closes-Bug: #1640568
2016-11-09Merge "set url_base option in static web middleware"Jenkins1-0/+1
2016-11-09Disable password reveal in horizonAlex Schultz1-0/+1
To improve security, we should disable the password reveal option in horizon by default. An end user can override this options via their own custom hiera if they would ultimately like to have this functionality. Change-Id: Ie88dac5610840eb4b327252b32dc469099ba5f5f Depends-On: Iacf899d595a2a3c522df1b96ca527731937ec698 Closes-Bug: 1640492
2016-11-09Merge "Defaults kernel.pid_max to 1048576"Jenkins1-0/+6
2016-11-09Merge "Enable internal TLS for Nova API"Jenkins1-4/+13
2016-11-09Merge "Add Sahara plugins list as a configurable parameter"Jenkins1-7/+5
2016-11-08set url_base option in static web middlewareThiago da Silva1-0/+1
Depends-On: Icf45cf2aece398b836c87ddffde5d3056e96dc4d Change-Id: I3577dc38a0b52092ee5e98a381eb52c3d2768c10 Signed-off-by: Thiago da Silva <thiago@redhat.com>
2016-11-08Merge "Enable internal TLS for gnocchi"Jenkins1-2/+11
2016-11-08Merge "Do not reference CephBase from CephExternal service"Jenkins1-2/+24
2016-11-08Enable internal TLS for Cinder APIJuan Antonio Osorio Robles1-4/+13
This adds the necessary hieradata for enabling TLS in the internal network for Cinder API. bp tls-via-certmonger Depends-On: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863 Change-Id: I126e890076bc96b1cd166a919eff6aa1bb80510b
2016-11-07Fixes incorrect reference to OpendaylightApiNetworkTim Rozet1-1/+1
The renaming of the network to conform to correct case parsing was done and converted OpenDaylightApiNetwork -> OpendaylightApiNetwork. There was still a reference to the old network name which would result in an empty value being pass to odl_bind_ip. Closes-Bug: 1639944 Change-Id: I17fe348c4651420112b9b37711654a454e30b291 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-11-07Ensure heat-domain hiera is in nodes that contain keystoneJuan Antonio Osorio Robles3-12/+21
The commit that this depends on only works if heat is deployed in the same node as keystone. Once we deploy them in different nodes, keystone won't be able to retrieve the appropriate hieradata. This fixes that by setting the appropriate hieradata to be deployed on the keystone service by the heat profiles. Change-Id: I1f08db68a14486526879d1a5a1ff78cb17686924 Depends-On: I7d42d04ef0c53dc1e62d684d8edacfed9fd28fbe
2016-11-07Merge "Change nova ram_allocation_ratio to match puppet-nova"Jenkins1-1/+1
2016-11-07Merge "Move db settings from manila-api to manila-base"Jenkins4-27/+36
2016-11-07Merge "Include keystone authtoken config in manila-share service"Jenkins1-0/+8
2016-11-05Merge "swift/proxy: remove swift::proxy::ceilometer::rabbit_host"Jenkins1-1/+0
2016-11-05Merge "nova: add missing vnc console port in firewall"Jenkins3-2/+6
2016-11-05Merge "nova/libvirt: add missing ports for live-migration"Jenkins1-0/+2
2016-11-04Move db settings from manila-api to manila-baseBen Nemec4-27/+36
manila-share also needs the db configuration so the db-sync works correctly when manila-api is running on a non-controller node. Change-Id: Ib8a6f10ef6a650275fc011e51acfc4b5c7c99164 Closes-Bug: 1633077
2016-11-04Include keystone authtoken config in manila-share serviceBen Nemec1-0/+8
Because manila-share is a pacemaker-managed service, it has to be on the controller node. If you deploy the api services to a different node, then manila-share loses access to the authtoken hieradata generated by manila-api. Adding it explicitly to the manila-share config allows this setup to deploy sanely. Note that I'm having a different problem with manila db-syncs in this setup, so there's likely another patch required to get it fully working. Change-Id: Iac782fa67ea912d24b9905dd8bbafb8ff28dd669 Partial-Bug: 1633077
2016-11-04swift/proxy: remove swift::proxy::ceilometer::rabbit_hostEmilien Macchi1-1/+0
The param is now managed in puppet-tripleo like other services. Change-Id: I306aa6ac6e2cfc0d4602e15e11564a6be096a121 Depends-On: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d
2016-11-04Merge "Add option to disable "d1" Swift device"Jenkins1-2/+5
2016-11-04Defaults kernel.pid_max to 1048576Giulio Fidente1-0/+6
In some scenarios we reach the kernel.pid_max value, this change adds a parameter to the Kernel service for configuration of the sysctl key and defaults it to 1048576. Change-Id: Id8f3e6b7ed9846022898d7158fe9180418847085 Closes-Bug: #1639191
2016-11-03nova: add missing vnc console port in firewallEmilien Macchi3-2/+6
- Remove vncproxy firewall rules from nova-api service - Add vncproxy firewall rules to nova-vncproxy service - Add console port range firewall rules to nova-libvirt service Change-Id: I421ae21c130cac6f25e7c0869b941ba77441172c
2016-11-03nova/libvirt: add missing ports for live-migrationEmilien Macchi1-0/+2
Some ports are missing to support live-migration. This patch adds them. Documented here: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/paged/migrating-instances/chapter-1-how-to-migrate-a-live-instance Change-Id: I72634a9940c11602522322235e51bf27cb664e57
2016-11-03Merge "gnocchi statsd should be able to send data to port 8125"Jenkins1-0/+4
2016-11-02Add Sahara plugins list as a configurable parameterCarlos Camacho1-7/+5
The hardcoded list should be configurable, and defaulted to their current value. Change-Id: I517aa61f21c6f4d0975b10a7aa85177c543487e0 Closes-bug: 1560098
2016-11-02Do not reference CephBase from CephExternal serviceGiulio Fidente1-2/+24
We want CephExternal to work without referencing CephBase which instead defines common settings for hosted Ceph deployments. This change fixes a reference to CephBase which was mistakenly introduced with fix for bug #1632285. Change-Id: Id27e935f91ad76a6877b3aa7588f54d6140aa41f Closes-Bug: #1635014
2016-11-02Revert "Adjust MTU to compensate for VLAN tag issue"Ihar Hrachyshka1-5/+2
This reverts commit 4223b88b708e145c1dcdc38e4209ecc9029dd91f. The underlying neutron bug with native ofctl interface was fixed in Newton. We no longer need to dumb down deployment MTU to accommodate Neutron. Change-Id: I9082c2d198a02ac3321488df67a66d336556d64c
2016-11-01gnocchi statsd should be able to send data to port 8125Pradeep Kilambi1-0/+4
currently udp port 8125 is blocked by default. This can cause issues when sending statsd data. Change-Id: Icb5569c4e3dc981e9a8accf32eedd3370552cb34
2016-11-01Merge "Add Barbican to the overcloud"Jenkins1-0/+127
2016-11-01Merge "Re-add NFS backend for Glance"Jenkins1-0/+18
2016-11-01Change nova ram_allocation_ratio to match puppet-novaSteven Hardy1-1/+1
The interface for this moved to init.pp, the one we currently use now only outputs a warning, it doesn't actually set anything. Change-Id: Idc40cf0dc4ff0f598e0918e0de8b3233b524cdd5 Closes-Bug: 1638254
2016-11-01Enable internal TLS for Nova APIJuan Antonio Osorio Robles1-4/+13
This adds the necessary hieradata for enabling TLS in the internal network for Nova API. bp tls-via-certmonger Depends-On: I88380a1ed8fd597a1a80488cbc6ce357f133bd70 Change-Id: I45197f98e5b65d6b2ec364676870db4ce582ffe9
2016-10-31Merge "Enable internal TLS for aodh"Jenkins1-2/+11
2016-10-31Merge "Fix Swift proxy pipeline ordering"Jenkins1-1/+1
2016-10-31Merge "Enable internal TLS for ceilometer"Jenkins1-3/+11
2016-10-28Fix Swift proxy pipeline orderingChristian Schwede1-1/+1
The Ceilometer middleware is in the wrong place; actually any middleware should be deployed after catch_errors to catch any errors that would otherwise crash the proxy service. Additionally the ceilometer middleware should be deployed after any authentication middleware. Closes-Bug: 1637471 Co-Authored-By: Thiago da Silva <thiago@redhat.com> Change-Id: I710ff2f51271a78582fa502e7eecfa687800c664
2016-10-28Add option to disable "d1" Swift deviceChristian Schwede1-2/+5
A default TripleO installation uses a local directory named "d1" to be used by Swift. With SwiftRawDisks set it is highly unlikely that that an operator wants to use this any longer, because it affects system perforamce and might result in an overfilled the system disk. In this case d1 should be no longer when building rings. This patch makes it possible to disable the d1 device usage in the ring building process by using a new option "SwiftUseLocalDir". This is set by default to true, not changing the default behavior. If set to false, the d1 device won't be used when building rings. Closes-Bug: 1634051 Change-Id: Ia9ad38e3ffa533e170f4cedd0518d830e9b2fa69
2016-10-27Set cinder's service name to httpd via t-h-tJuan Antonio Osorio Robles1-0/+1
With this, we can clean it from puppet-tripleo. Change-Id: I13638cd1af52537bef8540f0d5fa5f5f7decd392 Depends-On: Ic1967a6f4f60a273965811516f33121115d518b4
2016-10-26Merge "Remove double tcp_listen_options entries for rabbit"Jenkins1-1/+1
2016-10-26Merge "Remove duplicate bind_host from nova-api profile"Jenkins1-1/+0
2016-10-26Fix usage of SwiftRawDisksChristian Schwede1-1/+1
Using the SwiftRawDisks parameter neither created the XFS filesystem nor mounted the device, requiring manual intervention by an operaror. Partial-Bug: 1634051 Change-Id: I2da0f12635a37c1f339a3be59a7d00f352adf283
2016-10-24Enables auto-detection for VIP interfacesTim Rozet2-17/+9
Previously the ctrl plane VIP would default to 'br-ex' which in non-vlan deployments ends up being the wrong interface. The public VIP interface was also defaulted to 'br-ex' which would be incorrect for vlan based deployments. Since a user has already given the nic template (and in most cases the subnet that corresponds to the nic) the installer should be able to figure out which interface the public/control vip should be on. These changes enable that type of auto-detection, unless a user explicitly overrides the heat parameters for ControlVirtualInterface and PublicVirtualInterface. Also, incorrect parameters from haproxy service are removed. Depends-On: I05105fce85be8ace986db351cdca2916f405ed04 Closes-Bug: 1606632 Change-Id: I3c1c39824ec32ced304a782edc6ef49c0769c108 Signed-off-by: Tim Rozet <trozet@redhat.com>