aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2016-02-10Nova now requires an api database to be createdDavid Moreau Simard5-0/+23
This enables the creation of the nova_api database that is now mandatory since https://review.openstack.org/#/c/245828/ Change-Id: Ia8242f23864ebb14ccf858a77ba754059e9c2d4a Related-Bug: #1539793
2016-02-10Merge "Makes the iSCSI initiator name unique for compute nodes"Jenkins1-0/+10
2016-02-09puppet: run keystone in wsgiEmilien Macchi4-63/+63
For both HA & non-HA scenarios, switch puppet-keystone configuration to be run in a WSGI process instead of eventlet. WSGI is the way to go for scaling Keystone, moreover, eventlet won't be support in next OpenStack releases. Co-Authored-By: Dan Prince <dprince@redhat.com> Depends-On: I22a348c298ff44f616b2e898f4872eddea040239 Change-Id: I862b4a68f43347564ec3c0ddc4ec9e1d1c755cf2 Signed-off-by: Jason Guiditta <jguiditt@redhat.com>
2016-02-09Increase size of connection tracking tableJames Slagle7-0/+19
During high load, the default limit of the kernel connection tracking table (65536) is often too low, resuling in error messages such as: kernel: nf_conntrack: table full, dropping packet This patch increases the limit to 500,000. Since the nf_conntrack kernel module is not always loaded by default, it also adds a mechanism to load kernel modules via hieradata using the kmod puppet module. In order to express the needed dependency in puppet that kernel modules are loaded before sysctl settings are applied, the Exec resources tagged with 'kmod::load' are specified in a resource collector to express that that Exec resources with the tag should run before Sysctl resources. Depends-On: I59cc2280ebae315af38fb5008e6ee0073195ae51 Change-Id: Iffa0a77852729786b69945c1e72bc90ad57ce3bb
2016-02-09Update Dell Storage Center api port settingrajinir2-2/+2
Updated the setting for the dell storage center api port to the right variable name ::dell_sc_api_port Change-Id: I67a7533469947355629b6cb54b79759e21e0ec55
2016-02-09Merge "Fix MidoNet errors"Jenkins4-14/+31
2016-02-08Set 'host' globally in Cinder instead of per-backend basisGiulio Fidente3-24/+3
This change will set a common value for 'host' across all controllers. We missed to do so for the NFS backend previously. It will still be possible to set a different per-backend 'host' value by providing it via ExtraData. Change-Id: I00fd05660a15be3611e1a394650be6ab713670f9
2016-02-08Fixed typo in Dell Equallogic Cinder settingsrajinir2-2/+2
The name of the variable ::eqlx_pool had a typo. Fixed it Change-Id: I83a94d4bccf9c9a60c7b37473ae8a64ac050671c
2016-02-04Merge "neutron: delete by default router/dhcp namespaces"Jenkins1-0/+2
2016-02-03Makes the iSCSI initiator name unique for compute nodesRhys Oxenham1-0/+10
When we utilise images for deployment, the iSCSI initiator name is not unique, leading to problems with live migration. This patch simply updates the iSCSI initiator name to a unique ID randomly generated by iscsi-iname. https://bugzilla.redhat.com/show_bug.cgi?id=1244328 Change-Id: I170e7f45f67fa8ce70436f24807d1ed7808f2c32
2016-02-03Increase default Cinder LVM backing file to 10GGiulio Fidente2-2/+2
We get false negatives from Tempest when the Cinder LVM backing file runs out space. This change increases its default size to 10G, matching devstack [1] 1. https://github.com/openstack-dev/devstack/blob/master/stackrc#L649 Change-Id: Ia334ea481e17c1d35aa67c33729cac6570f48199
2016-02-03Add HostnameMap to allow granular control of hostnamesSteven Hardy5-5/+40
Some operators desire more granular control of hostnames than is currently possible via the *HostnameFormat parameters, in particular mapping nodes to explicit IDs (such as inventory references) is not easily possible. So, add a HostnameMap parameter, which is optional and allows explicit overriding of the default hostnames. E.g pass an environment like this: parameter_defaults: HostnameMap: overcloud-controller-0: overcloud-controller-prod-123-0 overcloud-controller-1: overcloud-controller-prod-456-0 overcloud-controller-2: overcloud-controller-prod-789-0 Note this is mapping is global (for all roles), because we expect the keys to be unique given that they include the role name and index by default. Note that this depends on a fix for heat bug #1539737 Change-Id: Ib4d3d40e9523903ebccc06c3e14b2d71d924afa3 Depends-On: Ib934f443a8b8e4f75335a9d8b992e7f86791aa45
2016-01-25Remove empty value for wsrep_notify_cmdJohn Trowbridge1-1/+0
This was being silently ignored by the mysql puppet module prior to this commit.[1] However, now that empty values are allowed, the overcloud deploy fails because the option --wsrep_notify_cmd requires an argument. This is not currently failing on master because we are pinned to an old puppet-mysql. We will need to remove that pin in order to get on a newer delorean repo though. Also, this is breaking stable/liberty HA job because we use the packaged OPM there. [1] https://github.com/puppetlabs/puppetlabs-mysql/commit/e30e0bc958761890ea4f06cdd3f1fc7242a00fe2 Change-Id: I9e07efe1650831e81e9a783428554578874aa765 Closes-Bug: 1537720
2016-01-25Enable SSL middleware for cinderJuan Antonio Osorio Robles2-0/+2
Change-Id: Ifd750e634812dae2b7945cbe2f35f98d8a82695e Depends-On: If88dcdf9f4905e2a792b2fdc656eab51c85f637e
2016-01-23Merge "puppet: allow config of ad-hoc Neutron settings"Jenkins3-0/+3
2016-01-23Merge "puppet: allow config of ad-hoc Cinder settings"Jenkins2-0/+2
2016-01-22neutron: delete by default router/dhcp namespacesEmilien Macchi1-0/+2
The 'router_delete_namespaces' (L3 agent) and 'dhcp_delete_namespaces' (DHCP agent) configuration settings default to false OpenStack Neutron resulting in network namespaces not being deleted when no longer needed. Disabling automatic namespace cleanup was appropriate for older Linux distributions but is no longer required. TripleO should set the values to true. Change-Id: I39e1a347d24ecc99b6f878807c47103c4b3f85e1
2016-01-22Merge "puppet: allow config of ad-hoc Heat settings"Jenkins2-0/+2
2016-01-22Merge "puppet: allow config of ad-hoc Glance settings"Jenkins2-0/+2
2016-01-22Merge "puppet: allow config of ad-hoc Ceph settings"Jenkins4-0/+8
2016-01-22puppet: allow config of ad-hoc Neutron settingsDan Prince3-0/+3
Including ::neutron::config on the controller and compute roles will allow ad-hoc (non-puppet managed) settings to be made in all the various neutron config files using Hiera. Change-Id: Ifadc77cdcb60b7075d091d778cb92b0dd75bd949
2016-01-22puppet: allow config of ad-hoc Cinder settingsDan Prince2-0/+2
Including ::cinder::config on controller, and volume roles will allow ad-hoc (non-puppet managed) settings to be made in the cinder.conf using Hiera. Change-Id: I519aff02e3cfb7fbf57e89c7a139564df42f8967
2016-01-22puppet: allow config of ad-hoc Heat settingsDan Prince2-0/+2
Including ::heat::config on the controller roles will allow ad-hoc (non-puppet managed) settings to be made in the heat config file using Hiera. Change-Id: I80a39b798869ac330ea8a4d01699f5db47c93d47
2016-01-22puppet: allow config of ad-hoc Glance settingsDan Prince2-0/+2
Including ::glance::config on glance roles will allow ad-hoc (non-puppet managed) settings to be made in the glance config files using Hiera. Change-Id: I7c86ae0e8f1a0a2b46d526598964454cb80319a6
2016-01-22puppet: allow config of ad-hoc Ceph settingsDan Prince4-0/+8
Including ::ceph::conf on ceph roles will allow ad-hoc (non-puppet managed) settings to be made in the ceph.conf using Hiera. Change-Id: I656a0ecde465023d7afad9371aa3c5c270078a67
2016-01-22Merge "Update VNI and TunnelID ranges."Jenkins2-4/+4
2016-01-21OpenContrail heat templatesNicolas Hicher7-2/+127
Deploy a TripleO overcloud with OpenContrail Vrouter plugin configured to interact with an existing OpenContrail Server Manager. OpenContrail is an Apache 2.0-licensed project that is built using standards-based protocols and provides all the necessary components for network virtualization–SDN controller, virtual router, analytics engine, and published northbound APIs. It has an extensive REST API to configure and gather operational and analytics data from the system. Co-Authored-By: Jiri Stransky <jistr@redhat.com> Change-Id: I699a7c4ea09d024fe4d70c6a507c524f0a7aafd5
2016-01-21Merge "Don't write CLOUDNAME to the hosts file."Jenkins1-6/+1
2016-01-20Don't write CLOUDNAME to the hosts file.Ben Nemec1-6/+1
Currently the value of the CloudName param gets written into the /etc/hosts file on each controller, but it turns out this is an invalid configuration. CloudName is supposed to be the DNS name of the overcloud, and the IP being written is (at least in my case) the internal API VIP. This breaks in cases such as SSL because the services are not listening on an SSL port on the internal API network, so if a service tries to talk to another service using a CloudName-defined public endpoint it ends up pointed at a non-existent internal address:port. Since by definition CloudName is supposed to be resolvable by the configured DNS server, we should not need an explicit hosts entry as well. Thus, this patch removes that from the file. Change-Id: I919b42a219d95296f46852dd3266a54d968cf66b
2016-01-20Fix MidoNet errorsJaume Devesa4-14/+31
Some assignments must be fixed in order to make run midonet with HA pacemaker properly and when the network isolation is enabled. Change-Id: I69fb3a1911cfe3baea3349da8f3e185dddf60a95
2016-01-19Merge "Fix tunnel_types hieradata on compute nodes"Jenkins1-1/+1
2016-01-19Merge "Fix neutron-nova notifications"Jenkins1-1/+2
2016-01-18Fix tunnel_types hieradata on compute nodesBen Nemec1-1/+1
There was a missing : in the hieradata for the compute nodes that caused tunnel_types to not be configured. This also made it impossible to boot instances on tunneled networks because the port binding always failed. Change-Id: Icc2a45aa9514ce62497f91e6abe9261d1c1374ed Partial-Bug: 1534349
2016-01-18Fix neutron-nova notificationsBen Nemec1-1/+2
In our neutron.conf we configure both keystone v2 and v3 options, which confuses the keystoneclient code responsible for deciding which to use. For whatever reason, having it talk to the unversioned keystone endpoint and letting the client decide which version that way makes it happy. Except that we write a wrong value for project_name, which makes it unhappy again. This change fixes both of those issues, which allows notifications to work again. Change-Id: Ic3a329354d0ed071363183b5e06c0a42d2dd84ad Closes-Bug: 1519525
2016-01-18Merge "Set the name property for all deployment resources"Jenkins19-0/+40
2016-01-15Allow vncproxy to work with ssl enabledBen Nemec1-0/+6
Right now our vncproxy settings are hard-coded to http and the non-ssl port. This change adds a vncproxy entry to the endpoint map and uses those values to configure the proxy correctly on compute nodes. This is sufficient to get it working in my environment with ssl enabled. Change-Id: I9d69b088eef4700959b33c7e0eb44932949d7b71
2016-01-15Bind Galera on a hostname for compat with IPv6 addressesGiulio Fidente2-2/+12
Due to a bug [1] in Galera we can't pass an IPv6 as bind-address, we pass an hostname instead. 1. https://bugzilla.redhat.com/show_bug.cgi?id=1298671 Change-Id: Ia5a5b66dd3e94d3dfb6588550fcfe34382897c27
2016-01-14Enable keystone handling of X-Forwarded-Proto headerJuan Antonio Osorio Robles3-6/+9
If the X-Forwarded-Proto header is received by keystone, this option will make the service properly handle it. This is useful, for instance, if TLS is enabled for the admin endpoint. Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
2016-01-13Merge "Use pymysql database driver for OpenStack DBs"Jenkins2-8/+8
2016-01-12Configure keystone public_endpointBen Nemec1-1/+1
We need this set for SSL or keystone returns a non-https address. It shouldn't hurt anything to set this in the non-SSL case since the value will still be correct and the behavior will be the same as if it were unset. Change-Id: Iea3ea1d25dfc462fa844d3c12e6070f2c9b42036
2016-01-12Merge "Sahara Integration"Jenkins7-0/+103
2016-01-11Use pymysql database driver for OpenStack DBsEmilien Macchi2-8/+8
PyMySQL is a new driver introduced in Liberty. This patch change the MySQL url to use mysql+pymysql like recommanded. Change-Id: I28e14acacba865241a0cc388a879a003181a85f3 Depends-On: I7604cca9e2d7bf0b93c820adec5f937f72b64fa8 Closes-Bug: #1499298
2016-01-08Use service tenant for ceilometerJames Slagle1-3/+1
Configure ceilometer to use the service tenant instead of the admin tenant. Using the admin tenant is not required and a security risk. This brings the ceilometer configuration in line with the recommendations from the official installation guide: http://docs.openstack.org/kilo/install-guide/install/yum/content/ceilometer-controller-install.html Change-Id: Ia14695eb23a1ff551fd27f74b4cb864e80b100e3 Partial-Bug: #1358237
2016-01-08Sahara IntegrationEthan Gafford7-0/+103
Integration of OpenStack data processing service (sahara) with TripleO. - Deploys sahara in distributed mode (separate api and engine processes on each controller node) - Load balancing w/haproxy - RabbitMQ/MySQL supported per current TripleO standard - Minimal configurability at this time Change-Id: I77a6a69ed5691e3b1ba34e9ebb4d88c80019642c Partially-implements: blueprint sahara-integration Depends-On: I0f0a1dc2eaa57d8226bad8cfb250110296ab9614 Depends-On: Ib84cc59667616ec94e7edce2715cbd7dd944f4ae Depends-On: I9fe321fd4284f7bfd55bd2e69dcfe623ed6f8a2a
2016-01-08Remove not needed completion-signalSteven Hardy1-1/+1
The completion-signal input is no longer needed, because for some time 99-refresh-completed has supported using per-deployment signal URLs instead provided the config group is set correctly to os-apply-config. Change-Id: I76cb5331917ff54e978bd22b9dea0c1a2c65a928
2016-01-08Switch for Keystone DB cron jobMartin Mágr4-2/+16
- Adds parameter to enable switching off token flush cron job. - Sets destination for deleted rows to /dev/null Change-Id: I9e8aed969e81595d8a1d0a5300da17da6ba15c03 Partial-bug: rhbz#1249106 Depends-On: I5e51562338f68b4ba1b2e942907e6f6a0ab7a61e
2016-01-08Merge "Add ExtraConfig to cinder storage role"Jenkins1-0/+8
2016-01-07Merge "updating enable_ceph conditions for controller"Jenkins2-2/+2
2016-01-07Enable the ML2 port security extension driver by defaultBrent Eagles1-1/+1
This patch enables the port security ML2 extension driver by default. It should have no impact on users that do not explicitly modify the port security property on a port. Change-Id: I1413428a1c0329acf0276bf6032684e5e7f8e177 Closes-Bug: #1531970
2016-01-07Merge "Remove deleted Cinder rows"Jenkins4-5/+21