summaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2016-09-23Move keystone::auth into service_config_settingsDan Prince18-101/+137
This patch moves the keystone::auth settings for all services into the new service_config_settings section. This is important because we execute the keystone commands via puppet only on the role containing the keystone service and without these settings it will fail. Note that yaql merging/filtering is used here to ensure that service_config_settings is optional in service templates, and also that we'll only deploy hieradata for a given service on a node running the service (the key in the service_config_settings map must match the service_name in the service template for this to work). e.g the following will result in only deploying keystone: 123 in hiera on the role running the "keystone" service, regardless of which service template defines it. service_config_settings: keystone: keystone: 123 Co-Authored-By: Steven Hardy <shardy@redhat.com> Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265 Closes-bug: 1620829
2016-09-23Merge "Tolerate missing keys from role_data in service templates"Jenkins1-6/+10
2016-09-23Merge "explicitly set fluentd service_provider"Jenkins1-0/+1
2016-09-23Merge "Make apache-based services use network-dependent servername"Jenkins4-1/+30
2016-09-22explicitly set fluentd service_providerLars Kellogg-Stedman1-0/+1
the konstantin-fluentd package assumes sysv init scripts, while the fluentd package in rhel(/centos/fedora) uses systemd. this can cause errors starting the service. This review explicitly sets the service_provider to "systemd". This requires https://github.com/soylent/konstantin-fluentd/pull/15, which exposes the service_provider parameter in konstantin-fluentd. Change-Id: I24332203de33f56a0e49fcc15f7fb7bb576e8752
2016-09-22Tolerate missing keys from role_data in service templatesSteven Hardy1-6/+10
Currently we have a few keys which may be considered optional, such as monitoring_subscription, logging* and global_config_settings. Currently we dereference these directly via get_attr, but this will break when heat output validation is fixed, ref bug #1599114 is fixed (patches are up for this, so it may be soon). Change-Id: If4eed1ca39c10ace9b1cb5ce2dc4b9c70a3dd2f4 Partial-Bug: #1620829
2016-09-21Merge "Provide for RAM-constrained environments"Jenkins1-0/+10
2016-09-21Merge "Glance worker count fix"Jenkins2-6/+20
2016-09-21Merge "Define step input as a Number type"Jenkins5-0/+15
2016-09-21Merge "Set Neutron's metadata_ip to the nova metadata VIP"Jenkins1-6/+1
2016-09-21Define step input as a Number typeSteven Hardy5-0/+15
Currently we pass numbers in (hard-coded in post.j2.yaml) but the SoftwareConfig schema defaults to String. If puppet requires an integer number, setting this type may help preserve the type for the hook. Change-Id: Ie9227d7adb58ea3c791aa459a1ab5b17ad935919
2016-09-21Glance worker count fixJoe Talerico2-6/+20
This patch changes the default value and type of the Glance worker configuration to allow it to be unset and allow a system dependent default to be used (e.g. processorcount or some derivative value). The previous default of 0 would result in a single self contained process, which while suitable for debugging and testing is not appropriate for production deployments. Partial-Bug: #1626126 Change-Id: I58a6a72a581e7083e1dc4e5ca568fdd3fdd6cdf1
2016-09-21Provide for RAM-constrained environmentsJiri Stransky1-0/+10
We hit problems in environments which don't have a lot of RAM (e.g. dev envs, could be also CI) that Apache ate too much memory due to too many worker processes being spawned. This commit allows customizing the Apache MaxRequestWorkers and ServerLimit directives via Heat parameters. The default stays 256 as that's the default in the Puppet module, to be suited for production environments with powerful machines. Also low-memory-usage.yaml environment file is added, which can be used to make dev/test/CI overclouds less memory hungry, where the limits are now set to 32. Change-Id: Ibcf1d9c3326df8bb5b380066166c4ae3c4bf8d96 Co-Authored-By: Carlos Camacho <ccamacho@redhat.com> Closes-Bug: #1619205
2016-09-21Merge "Enable L3 HA when multiple controllers and no DVR"Jenkins1-3/+25
2016-09-21Make apache-based services use network-dependent servernameJuan Antonio Osorio Robles4-1/+30
Currently the servername is incorrectly set for the services running over apache. It currently takes the default value which is just the regular FQDN, when the services actually might be running on different IPs that require alternative FQDNs. This fixes that by filling that value from a fact in hiera that's dependant on the service's network. Closes-Bug: #1625677 Change-Id: Ib7ea5fd2d18a376eaa2f5a3fa5687cb9b719a8e2
2016-09-20Merge "RabbitMQ threads should be configured dynamically"Jenkins1-1/+1
2016-09-20Set Neutron's metadata_ip to the nova metadata VIPBrent Eagles1-6/+1
The neutron metadata agent's metadata_ip field is meant to refer to the nova metadata service, not the local address on the NeutronApiNetwork. Change-Id: Ibb25a80ea3e66ab3f5cf63c197460d495939778d Closes-Bug: #1625504
2016-09-20Add nova-metadata templateJuan Antonio Osorio Robles1-0/+34
This is needed because currently we're not generating nova_metadata_vip or nova_metadata_nodes_ip, and a service profile is required for that. Unfortunately, currently puppet-nova only deploys osapi and metadata through the same manifest, so this profile doesn't really inject any puppet code. We can make this more elegant later. Change-Id: Id7112111f16d0c749a6203b90e29e6d9f1e4d57e Closes-Bug: #1625543
2016-09-20RabbitMQ threads should be configured dynamicallyMichele Baldessari1-1/+1
Currently in puppet/services/rabbitmq.yaml we hardcode the thread pool size to 30 (via the +A30 snippet): rabbitmq_environment: RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' Upstream rabbit has gained the ability to dynamically configure the number of threads since 3.6.2 via the following commit: https://github.com/rabbitmq/rabbitmq-server/commit/41ce5ad808863944cd6d62ce7f7e2271f1010582 Given that the default was hardcoded in rabbit from at least 3.4.0 up until 3.6.2 (see LP bug associated to this commit), we can actually remove this hardcoded value as it overrides a sane default. Before the change: /usr/lib64/erlang/erts-7.3.1/bin/beam.smp -W w -A 64 -K true -A30 -P 1048576 ... After the change: /usr/lib64/erlang/erts-7.3.1/bin/beam.smp -W w -A 64 -K true -P 1048576 ... So effectively with this change we will have the following: - With older rabbitmq versions we keep the +A30 default - With rabbitmq versions >= 3.6.2 the thread number is dynamically computed to nr_cpus * 16 Change-Id: I8d30c7d141c29fcc439d40fc767498520be7966e Closes-Bug: #1625486
2016-09-19Enable L3 HA when multiple controllers and no DVRBrent Eagles1-3/+25
This patch conditionally enables Neutron L3 HA if there are multiple controllers but DVR has not been enabled. If the conditions are false, the value of NeutronL3HA is used. Change-Id: If1ebeaf417c0da99d833450e394b71cabff2c800 Closes-Bug: #1623155
2016-09-19Merge "Set VNC URL parameters for nova-compute"Jenkins1-0/+3
2016-09-19Use osd_pool_default_* puppet parameters when creating the poolsGiulio Fidente1-3/+6
While it is possible to override the pg_num, pgp_num and size for each pool, the defaults are hardcoded. This patch uses as default the values given via ceph::profile::params::osd_pool_default_* parameters, if any. Closes-Bug: 1623590 Change-Id: Iecde772e7f72fd9abedb54cff4b8f2605df8fedd
2016-09-17Merge "Add fluentd client service"Jenkins61-0/+632
2016-09-17Merge "Move rabbit's clustering port away from the ephemeral port range"Jenkins1-3/+3
2016-09-17Set VNC URL parameters for nova-computeJuan Antonio Osorio Robles1-0/+3
These are needed so the computes can advertize the VNC URL correctly. Change-Id: Ic3eba9fe929ce396b584249eb84415de09ab1b62 Closes-Bug: #1623607
2016-09-17Merge "Add mongo config settings in collector service templates"Jenkins1-1/+10
2016-09-17Merge "Add NetApp Manila driver integration and tidy up generic"Jenkins3-66/+205
2016-09-17Merge "Convert AllNodesExtraConfig to support composable roles"Jenkins2-28/+12
2016-09-17Add fluentd client serviceLars Kellogg-Stedman61-0/+632
This implements support for installing fluentd agents as a composable service on the overcloud. Depends-On: I2e1abe4d8c8359e56ff626255ee50c9cacca1940 Implements: tripleo-opstools-centralized-logging Change-Id: I23b0e23881b742158fcfb6b8c145a3211d45086e
2016-09-16Merge "Expose parameter to enable combination alarms"Jenkins1-0/+6
2016-09-16Move rabbit's clustering port away from the ephemeral port rangeMichele Baldessari1-3/+3
Currently RabbitMQ cluster uses a predefined port 35672 for clustering. This port belongs to so-called ephemeral ports range. Ephemeral ports are the ports kernel assings to application if it doesn't specify which port to open. So there is a small chance that this application being started before RabbitMQ itself could grab this port. While rather unlikely we did see this happen. Selinux change should already be in place. On my Centos 7 we have: rabbitmq_port_t tcp 25672 corenet_tcp_bind_rabbitmq_port(rabbitmq_t) corenet_tcp_connect_rabbitmq_port(rabbitmq_t) First noted via: https://bugzilla.redhat.com/show_bug.cgi?id=1357522 Closes-Bug: #1623818 Depends-On: I0bcd0d063a7a766483426fdd5ea81cbe1dfaa348 Change-Id: I995bd96c2a17614e954ea5bbae4d58998ef420dc
2016-09-16Add mongo config settings in collector service templatesPradeep Kilambi1-1/+10
In scenario where mongo and collector are on separate nodes like as indicated in the bug, collector should be able to access mongo replset and other hiera data. Closes-bug: #1620468 Depends-On: I0bcd0d063a7a766483426fdd5ea81cbe1dfaa348 Change-Id: Iadf4c78fb03da183d19e93c30f78817a3cfed425
2016-09-16Merge "Convert deploy steps to jinja2 loop"Jenkins2-644/+139
2016-09-16Merge "Set client protocol for glance registry client"Jenkins1-0/+1
2016-09-16Merge "Unset Keystone public_endpoint"Jenkins1-1/+0
2016-09-16Merge "Populate vnc_api_lib.ini on compute nodes with OpenContrail"Jenkins1-0/+12
2016-09-16Convert AllNodesExtraConfig to support composable rolesSteven Hardy2-28/+12
This adjusts the interface to OS::TripleO::AllNodesExtraConfig so it supports custom/composable/optional roles. Note this does break backwards compatibility, and I can't see any way to avoid that. I've converted the in-tree templates, and we'll have to document carefully and or provide a script (or automated conversion via mistral perhaps?) to allow folks to easily adjust any out of tree templates to the new format. Basically you just have to: 1. Remove all the *_servers parameters, replace with one "servers" json parameter 2. Replace references to e.g "controller_servers" with "servers, Controller" which does a path-based lookup into the json map provided by overcloud.yaml Change-Id: I5eebf853646b2f6300d6b542fcd4f43e82d3b413 Partially-Implements: blueprint custom-roles
2016-09-16Convert deploy steps to jinja2 loopSteven Hardy2-644/+139
Refactor so the post-deploy steps recently moved into puppet/post.yaml are generated by jinja2 instead of hard-coded Change-Id: I488e46aaa449c95571bd3d1de9513c3d0730baf3 Partially-Implements: blueprint custom-roles
2016-09-14Set client protocol for glance registry clientJuan Antonio Osorio Robles1-0/+1
To communicate to glance registry, glance API has several parameters that it uses to form the URI. Right now we are defaulting to http, when we enable TLS everywhere, this will break. So setting the value from the endpoint map should fix it. Closes-Bug: #1623477 Change-Id: Id86787cbaa6f87fdcf9c26111c228fd59fbba012
2016-09-14Expose parameter to enable combination alarmsPradeep Kilambi1-0/+6
The puppet-tripleo change for the same is merged I9220b7d020dc8ed45dd6ca83ea9647efd67ea648 Change-Id: Ic5309ada98c78a15aa3a47dd94acb9e68eb25295
2016-09-14Merge "Add support for deploying Ceph RGW role"Jenkins1-0/+77
2016-09-13Move role ResourceGroups inside the jinja2 loopSteven Hardy3-0/+15
This moves the now nearly identical group resources inside the loop there's a FIXME related to some deprecated compute parameters we'll need to work around. Change-Id: Iddd63c42754867125e65e7721ab9d9f46f4d6afb Partially-Implements: blueprint custom-roles
2016-09-13Merge "Enable proxy header parsing for Manila"Jenkins1-0/+1
2016-09-13Add NetApp Manila driver integration and tidy up genericmarios3-66/+205
Enables configuring a NetApp backend for the Manila service This was created based on the review at https://review.openstack.org/#/c/188138/ This makes the netapp and generic backends disabled by default in the services/manila-backend-*.yaml. A backend is then enabled via backend-specific environment files, which will set any config parameters and enable that backend. It is expected that multiple manila backend specific environment files might be specified simultaneously. Finally generic and manila config is split into separate service files rather than using manila-base for all the things. Co-Authored-By: Ryan Hefner <rhefner@redhat.com> Co-Authored-By: Ben Swartzlander <ben@swartzlander.org> Closes-Bug: 1618479 Depends-On: Ic6f8e8d27ca20b9badddea5d16550aa18bff8418 Change-Id: I35fce32d0f6a5cc1c3382c2d0e0d6028928fd943
2016-09-12Merge "De-bracket vncproxy_host in compute profile"Jenkins2-9/+2
2016-09-12Merge "Configure Keystone credentials"Jenkins1-0/+12
2016-09-12Merge "Add trunking plugin to list of default ML2 service plugins"Jenkins1-1/+1
2016-09-12Unset Keystone public_endpointAdam Young1-1/+0
The keystone public_endpoint value should be deduced from the calling request and not hardcoded, or it makes network isolation impossible. Change-Id: Ide6a65aa9393cb84591b0015ec5966cc01ffbcf8 Closes-Bug: 1381961
2016-09-12De-bracket vncproxy_host in compute profileBen Nemec2-9/+2
This is done in the vncproxy profile, but for some reason is not in the compute one. It causes hiera to explode when the brackets are left, so we need to do the bracket stripping here too. Also switches both places to just use the host_nobrackets version of the endpoint instead of stripping them with str_replace. Change-Id: I7ccd84b575fd652f6412fdb1869c31c79a7bf53b Closes-Bug: 1618623
2016-09-12Configure Keystone credentialsEmilien Macchi1-0/+12
Configure Keystone credentials by installing 2 keys with dynamic content generated by python-tripleoclient. Note: this is a first iteration of managing Keystone credentials. It has a few limitations: - keys are not exported to external storage. - keys are not rotated automatically. Change-Id: I45cf8821eadf528dfcdc8d74e6e0484597b0d2c0