summaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2016-03-30Merge "compute: restart OVS agent on neutron.conf changes"Jenkins1-0/+10
2016-03-29compute: restart OVS agent on neutron.conf changesEmilien Macchi1-0/+10
Some options in neutron.conf are used bu OVS agent, like logging & messaging. During the upgrade process, you need to restart the agent if these options change. We could patch puppet-neutron to add a notify, but the community won't like it because Neutron OVS agent is not able to restart gracefully until [1] got merged. Until that, we can fix it in TripleO, where we suppose Puppet runs happenning during bootstraps and upgrades. Later, we'll drop this code from here and move it in puppet-neutron. [1] https://review.openstack.org/#/c/297211 Change-Id: I02b17b66e93331ddfb1a7abd8adff672bc7a32d6 Closes-Bug: #1563437
2016-03-29Merge "PLUMgrid Neutron integration"Jenkins5-3/+147
2016-03-29Merge "Increment step count to include ringbuilder"Jenkins6-42/+44
2016-03-29Merge "Don't restart Pacemaker-managed services from Puppet"Jenkins1-0/+18
2016-03-29Merge "Add quotes around the cinder_iscsi_ip_address value"Jenkins2-2/+10
2016-03-29Don't restart Pacemaker-managed services from PuppetJiri Stransky1-0/+18
We need to reload/restart services on updates/upgrades to apply any config changes, but restarting services managed from Pacemaker from Puppet causes problems. For now we no-op the restart and rely on the catch-all restart after Puppet phase. In the future we should have a service provider for pacemaker resources that will be using pcs. We still might have to restart services outside Puppet due to cluster-wide orchestration issues, but we might be able to do the restarts selectively rather than restart everything. We also no-op the start/stop commands to be safe, as it also doesn't make sense for Puppet to try start and stop those services when it doesn't have knowledge about Pacemaker. Change-Id: I95e21e10471cd7575f28c095c48150325f1414b3 Closes-Bug: #1562922
2016-03-25Increment step count to include ringbuilderDan Prince6-42/+44
This patch wires in ringbuilder.pp so that it is always asserted like the other manifests and it fixes the misaligned step sequencing in calling our overcloud controller manifests. Previously it was called as a separate software deployment outside of the hiera step sequence. This made things confusing in controller-post.yaml since the deployment names didn't align with the step hiera variables after step 3. Now that we call it just like the other modules it should make gradually moving this code to puppet-tripleo more straightforward as well. Change-Id: Ibd4f51f65da475bb20a6b08d7bda673f330a5464
2016-03-24Remove password default for AodhPasswordPradeep Kilambi1-1/+0
Change-Id: Ibf37bfd6150d212fadcc4d2e2e2d0a89cdd76c91
2016-03-24Merge "Deploy Aodh services, replacing Ceilometer Alarm"Jenkins7-1/+153
2016-03-24Add quotes around the cinder_iscsi_ip_address valueGiulio Fidente2-2/+10
In I783e939ae304385674909bfd9f1cac95e04cef22 we add brackets around the cinder_iscsi_ip_address if IPv6 but that causes hiera to try mapping the value into an array, while it isn't. This change adds quotes around the brackets. Change-Id: Id9bb4b12542f1943e9df702486d68424539c7a59 Closes-Bug: 1560934
2016-03-24Merge "Remove unused user resource."Jenkins1-3/+0
2016-03-24Wire redis_password to the tripleo moduleGiulio Fidente1-0/+1
Without this the HAProxy monitoring for Redis would fail to poll the backends. Change-Id: Id0826c6b04e471844c7bef69480af263cf2b3bd4
2016-03-24Merge "Pass iSCSI bind address in brackets to Cinder when IPv6"Jenkins1-1/+1
2016-03-24Merge "Remove the glance/rbd user name from static hieradata"Jenkins1-1/+0
2016-03-23Merge "configure horizon with memcached ipv6 when needed"Jenkins3-2/+23
2016-03-23configure horizon with memcached ipv6 when neededEmilien Macchi3-2/+23
* Add MemcachedIPv6 parameter * If MemcachedIPv6 is set at True, configure Horizon with Memcached IPv6 addresses. This patch is required to make Horizon working when running IPv6 networks. Change-Id: I752e727bfb9040b29f5d755f565fa6b54b9511c8
2016-03-23Pass iSCSI bind address in brackets to Cinder when IPv6Giulio Fidente1-1/+1
Configure the Cinder iscsi_ip_address key using brackets when the IP address is of v6 class. Closes-Bug: 1560934 Change-Id: I783e939ae304385674909bfd9f1cac95e04cef22
2016-03-23nonha: fix memcached servers string in nova.conf for ipv6Emilien Macchi1-1/+8
Full context is described here: https://review.openstack.org/#/c/270110/ The patch that was supposed to fix [1] was not fixing non-ha scenario. [1] https://launchpad.net/bugs/1536103 This patch aims to fix it. Change-Id: Iaf4608de1894ce03f35925939e83230abb9f5207 Closes-Bug: #1560063
2016-03-23Remove the glance/rbd user name from static hieradataGiulio Fidente1-1/+0
The static setting for the glance/rbd user name was overriding any customization provided via template param because it was up in the hierarchy for the controller nodes. More at: https://bugzilla.redhat.com/show_bug.cgi?id=1308889 Change-Id: I3d112de7eeffd524fb1308d5976a28f04aa5ff23
2016-03-22Fix redis coordination urlPradeep Kilambi1-3/+4
The coordination url connection string to redis is incorrectly formatted with password. More details: https://bugzilla.redhat.com/show_bug.cgi?id=1320036 Change-Id: I93f5e93dfce4ba2629aa57534e8d33d5d1e6d77b
2016-03-21Merge "Allow option to disable Swift ring management"Jenkins2-8/+12
2016-03-21Merge "Wire in HAProxy stats user and password"Jenkins1-0/+11
2016-03-21Allow option to disable Swift ring managementChristian Schwede2-8/+12
There are quite a few cases where it is useful to disable ring building on the nodes. For example: - using different weights, regions, and zones - replacing a node in an existing Swift cluster - adding a new node to an existing cluster - using storage policies and therefore multiple rings - using different nodes and disks for account, container and object servers This patch allows it to disable ring building. Rings need to be maintained manually then, and copied to all storage and proxy nodes within a cluster. This patch is similar to I01311ec3ca265b151f8740bf7dc57cdf0cf0df6f, except that it uses the current templates. Change-Id: I56978b15823dd6eaf4b6fd3440df2f895e89611a
2016-03-21Remove unused user resource.Sofer Athlan-Guyot1-3/+0
The user is created by installation of of the pacemaker package, so it's not required to add it to the resource catalog. This paves the way to merge the refeactoring of the puppet-pacemaker module[1]. It brings a lot of changes, one of them is an idempotent handling of the hacluster user's password. Removing it here prevents duplicate resource error durring puppet run. [1] https://review.openstack.org/#/c/294182/ Change-Id: I56849d9fc00bd3ce342d5c440cfe7c5b6d26b5bf
2016-03-20Deploy Aodh services, replacing Ceilometer AlarmPradeep Kilambi7-1/+153
Ceilometer Alarm is deprecated in Liberty by Aodh. This patch: * manage Aodh Keystone resources * deploy Aodh API under WSGI, Notifier, Listener and Evaluator * manage new parameters to customize Aodh deployment * uses ceilometer DB for the upgrade path * pacemaker config * Add migration logic to remove pcs resources Depends-On: I5333faa72e52d2aa2a622ac2d4b60825aadc52b5 Depends-On: Ib6c9c4c35da3fb55e0ca8e2d5a58ebaf4204d792 Co-Authored-By: Emilien Macchi <emilien@redhat.com> Change-Id: Ib47a22884afb032ebc1655e1a4a06bfe70249134
2016-03-18PLUMgrid Neutron integrationQasim Sarfraz5-3/+147
Enable PLUMgrid neutron liberty plugin in a TripleO overcloud environment. Change-Id: I07025f67ec3f3399aac4dcd10cc37e857772548b Signed-off-by: Qasim Sarfraz <qasims@plumgrid.com>
2016-03-18Merge "Remove default for the RabbitMQ password"Jenkins3-3/+0
2016-03-18Remove default for the RabbitMQ passwordJuan Antonio Osorio Robles3-3/+0
Since the password is now autogenerated from the tripleoclient, there is no need to keep the default value here. Change-Id: If41cb56134966456f8590da04f392faffe5c62a1 Closes-Bug: #1557688
2016-03-17Merge "Remove forced rabbitmq::file_limit conversion to string"Jenkins1-8/+1
2016-03-16Merge "compute: use live_migration_tunnelled"Jenkins1-19/+4
2016-03-15Merge "Install mongodb client package"Jenkins2-1/+2
2016-03-15Merge "Fix typos"Jenkins3-4/+4
2016-03-15Merge "Ensure access to Redis is password protected"Jenkins1-1/+10
2016-03-14compute: use live_migration_tunnelledEmilien Macchi1-19/+4
In a previous patch [1], we added support for VIR_MIGRATE_TUNNELLED when doing VM shared storage. In Nova Mitaka [2] [3], we have now a parameter called 'live_migration_tunnelled' to whether or not use tunnelled migration. It replaces 'block_migration_flag' and 'live_migration_flag' that are both deprecated. [1] https://review.openstack.org/#/c/286584/ [2] https://review.openstack.org/#/c/263436/ [3] https://review.openstack.org/#/c/263434/ Change-Id: I8b199b6e72c80b2df7b679e0a20e39f8400d0478
2016-03-14Merge "compute: include VIR_MIGRATE_TUNNELLED when doing VM shared storage"Jenkins1-6/+28
2016-03-14Merge "Keystone domain for Heat"Jenkins4-1/+37
2016-03-11Merge "Pass public_addr to ceph::profile::params instead of ceph::mon"Jenkins1-1/+1
2016-03-10compute: include VIR_MIGRATE_TUNNELLED when doing VM shared storageEmilien Macchi1-6/+28
This patch makes sure: * When doing shared storage Nova is configured with block_migration_flag and live_migration_flag = '(...),VIR_MIGRATE_TUNNELLED' flag for security improvements. * When not doing shared storage Nova is not configured with VIR_MIGRATE_TUNNELLED flag because it's not supported by Qemu yet. We need to make sure the value is unset otherwise live migration will fail when not running shared storage for VMs. Note: this patch will be backport to stable branches. In a further iteration, we'll probably use live_migration_tunnelled new Nova parameter which is a simplier way to manage this feature. Co-Authored-By: Kashyap Chamarthy <kchamart@redhat.com> Change-Id: I557c1624ee944a32b1831d504f7b189308cd1961
2016-03-10Merge "Enable predictable IPs on non-controllers"Jenkins4-0/+72
2016-03-10Support the deployment of Ceph over IPv6Giulio Fidente6-4/+69
To deploy Ceph on IPv6, we need to enable ms_bind_ipv6 in addition to passing the list of MON IPs in brackets. Change-Id: I3644b8fc06458e68574afa5573f07442f0a09190
2016-03-10Fix vncproxy_host for IPv6Javier Pena1-1/+8
https://review.openstack.org/268356 can cause issues in IPv6 environments. It generates the following Hiera data: nova::vncproxy::common::vncproxy_host: [2001:db8:fd00:1000::10] which fails due to the brackets. Making sure there are no brackets in nova_vncproxy_host makes it work for both the IP case and when using DNS names. Change-Id: Iafe18f042725eb9419d97cd674c4b9a1a895b187
2016-03-10Allow the vnc server to bind on IPv6 address on computesMarius Cornea3-2/+14
Currently the vnc server on the compute nodes binds on 0.0.0.0. which only works with IPv4 addresses, it breaks connectivity with IPv6 addressing. This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1300678. Change-Id: Id642d224fb3c62f786453dc684634adca1c2c09d Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
2016-03-10Surround MongoDB IPs with braces in the connection string if IPv6Giulio Fidente2-5/+26
Change-Id: I9ed917f32b3de95beb234ade4819a8b96affe3e9
2016-03-10Keystone domain for HeatMartin Mágr4-1/+37
This patch adds support for configuring Keystone domain for Heat via heat-keystone-setup-domain script. It should be reverted as soon as Keystone v3 is fully functional. This patch won't be fully functional without either python-keystoneclient fix [1] or workaround [2]. [1] https://bugs.launchpad.net/python-keystoneclient/+bug/1452298 [2] https://review.openstack.org/180563 Change-Id: Ie9cdd518b299c141f0fdbb3441a7761c27321a88 Co-Authored-By: Jiri Stransky <jistr@redhat.com> Depends-On: Ic541f11978908f9344e5590f3961f0d31c04bb0c
2016-03-10Merge "Updated the heat_template_version"Jenkins2-2/+2
2016-03-09Wire in HAProxy stats user and passwordBen Nemec1-0/+11
Change-Id: I26b7a1cd1b7b6520db1df49c60a86c2bb5bce1b0 Depends-On: I12e835964a0370de73e45ef0a8603656ecb02d0c Depends-On: I8a5844e89bd81a99d5101ab6bce7a8d79e069565
2016-03-09Enable predictable IPs on non-controllersBen Nemec4-0/+72
For the external loadbalancer work, we added the ability to specify fixed ips for controller nodes on all network isolation networks. In order to allow users full control over the placement and ip addresses of deployed nodes, we need to be able to do the same thing for the other node types. Change-Id: I3ea91768b2ea3a40287f2f3cdb823c23533cf290
2016-03-09Ensure access to Redis is password protectedGiulio Fidente1-1/+10
Depends-On: I1a8741b9e00775763911222cbe0af677b59e03a1 Change-Id: I373f97ada4e4101700a12b42dfb8ee4b2ff701f2
2016-03-09Remove forced rabbitmq::file_limit conversion to stringJiri Stransky1-8/+1
Combined with a fix in puppetlabs-rabbitmq, we can lift the forced conversion of rabbitmq::file_limit into a string in Hiera. See the referenced puppetlabs-rabbitmq pull request for explanation of the issue. Change-Id: I0ec720b5e06763e86ea93f59cfe05842b3d13269 Depends-On: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401