aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2016-05-27Enable proxy header handling for cinderJuan Antonio Osorio Robles1-0/+4
Cinder is using http_proxy_to_wsgi middleware. This parses the headers provided by the proxy, and helps us properly use TLS for keystone discovery. There was an option introduced in this middleware to have it disabled by default, and this change enables it. Change-Id: Ia33b3fa04d71eab10effd0b33eb2c194282cd15b
2016-05-27Merge "Enable proxy header parsing for heat"Jenkins1-0/+1
2016-05-27Merge "Configure CephStorage services via resource chains"Jenkins3-36/+69
2016-05-27Enable proxy header parsing for heatJuan Antonio Osorio Robles1-0/+1
For handling the X-Forwarded-Proto, heat uses the http_proxy_to_wsgi middleware from oslo.middleware. It used to work by default, but now configuration is required to enable that. We require it since we are effectively behind a proxy (HAProxy). Change-Id: I256f27ec6a3f66316ff6aa3f78b2f1ec1472f097
2016-05-26Remove the delay resource and its constraintsMichele Baldessari1-37/+0
With change 648099e1925e7d0d3f6906e5e8d15f3871e88460 and the replacement of ceilometer-alarm with aodh, the delay resource became a leaf in the ordering graph and serves no real purpose any longer. It can now be removed without affecting anything else. Change-Id: Ib86e609821b9f0b7b0d99c49aead20f9a177f63d
2016-05-26Configure CephStorage services via resource chainsGiulio Fidente3-36/+69
Also wires in the steps into the CephStorage role. Change-Id: Ib472f1279478ad7792349cc32bb3c5f510ba69fe
2016-05-26Merge "composable heat services"Jenkins12-210/+366
2016-05-25Merge "Optimize Nova disk_cachemodes and hw_disk_discard options for RBD"Jenkins1-2/+11
2016-05-24Merge "Dump IPs configuration as hieradata"Jenkins5-27/+65
2016-05-20Merge "Adds memcached as a composable service"Jenkins4-20/+54
2016-05-20Merge "Tighten the access rules for galera"Jenkins3-11/+68
2016-05-20Adds memcached as a composable servicemarios4-20/+54
Implements: blueprint composable-services-within-roles Depends-On: Icd504aef7dda144582c286c56c925a78566af72c Change-Id: I8802c2a0cf1e5fa1a6d1fab5e87f6014bea2f517
2016-05-19composable heat servicesBrad P. Crochet12-210/+366
Adds new puppet and puppet pacemaker specific services for Heat API, Heat API CFN, Heat API Cloudwatch, and Heat Engine. The Pacemaker templates extend the default heat services and swap in the pacemaker specific puppet-tripleo profile instead. Change-Id: I387b6bfd763d2d86cad68a3119b0edd0caa237b0 Partially-implements: blueprint composable-services-within-roles Depends-On: I194cbb6aa307c2331597147545cf10299cab132f Depends-On: I14dc923ac8ee8d5d538e7f4cf8138ccee8805b53
2016-05-19Deploy Loadbalancer as a composable roleEmilien Macchi4-78/+60
Deploy loadbalancer service using puppet-tripleo, and drop puppet code. Implements: blueprint refactor-puppet-manifests Depends-On: I9b106dcc1a4d446ab5dea8430ed295e6ec209cbd Change-Id: I9ca50a4bc822ec17d89988894af9bdf07e4bd1a9
2016-05-19Merge "Remove ControllerClusterConfig from overcloud.yaml"Jenkins1-7/+0
2016-05-19Tighten the access rules for galeraMichele Baldessari3-11/+68
Set a password for the 'root' db user and add an additional 'clustercheck' user to be used only by the resource agent. The password for this 'clustercheck' user is randomly generated via a heat parameter. Before this change the workflow to set up the database in the manifest is the following: - Step 1 -> Install all the basic galera packages and basic configuration - Step 2.a -> Create /etc/sysconfig/clustercheck with root and empty password - Step 2.b -> Start up galera-monitor xinetd service - Step 2.c -> Start pacemaker ocf resource (no root user has been created so there will be an empty password per default) - Step 2.d -> Wait for /bin/clustercheck to return success and then proceed with the other steps After this change the workflow is slightly more complex because there is a bit of a chicken and egg problem: - Step 1 -> Install all the basic galera packages and basic configuration - Step 2.a -> Create /etc/sysconfig/clustercheck with root and empty password unless the file does exists already and has a clustercheck user configured - Step 2.b -> Start up galera-monitor xinetd service - Step 2.c -> Start pacemaker ocf resource (no root user has been created yet, so there will be an empty password per default) - Step 2.d -> Wait for /bin/clustercheck to return success and then proceed with the other steps - Step 2.e -> Create clustercheck db user - Step 3/4 -> Create /etc/sysconfig/clustercheck with clustercheck user credentials - Step 5.a -> Update the sql root password on the each node (at this stage - Step 5.b -> Create /root/.my.cnf with proper credentials on all nodes Note that we cannot really create the root/clustercheck users right at step 1 because the db is not running yet (an approach that spawned mysqld on each node, created the users and shut it down, was tried but was much more complex and cannot work on updating existing setups) Given the new way of solving the root password issue, we also need to make sure that Step1 and Step2 are running on updates. Closes-bug: #1581677 Depends-On: I83eed8885503043e881db34411616f9726e00352 Change-Id: If3d6e7253af6195b96129be7ea3348d697e4bae1
2016-05-18Deploy RabbitMQ as a composable roleEmilien Macchi5-83/+75
Change the way to implement RabbitMQ, as a composable role. Implements: blueprint refactor-puppet-manifests Change-Id: I5fed5c437ad492af75791a9163f99ae292f58895
2016-05-18Merge "Add step to ObjectStorage RingBuilder deployment"Jenkins1-0/+5
2016-05-18Dump IPs configuration as hieradataGiulio Fidente5-27/+65
This might be useful if we switch to %{hiera()} calls to lookup the bind address from within a service. Also gets rid of NetIpSubnetMap and provides same output from NetIpMap instead. Change-Id: I328a417d1f1fff9c31e9ad7b2b5083ac19bc7329
2016-05-18Add step to ObjectStorage RingBuilder deploymentSteven Hardy1-0/+5
https://review.openstack.org/#/c/236243 added a new conditional for the controller steps, but we don't pass any step for the ObjectStorage nodes, so the deployment fails. This passes a step that enables the ringbuilder again, although it does end up inconsistent with the deployment Step name. Change-Id: I506961f4a22dba9960d819d7376a39e7ccbcdece Closes-Bug: #1583225
2016-05-18composable neutron metadata serviceDan Prince5-22/+78
Adds new puppet and puppet pacemaker specific services for the Neutron Metadata agent. Partially-implements: blueprint composable-services-within-roles Change-Id: I25f026507e78f18594599b3621613a54f246545d
2016-05-18composable neutron l3 serviceDan Prince5-32/+70
Adds new puppet and puppet pacemaker specific services for the Neutron L3 agent. Partially-implements: blueprint composable-services-within-roles Change-Id: I0316043efe357a41ef3b4088a55d98dbb6d25963
2016-05-18Merge "Ensure manage_service and enabled are false for Pacemaker"Jenkins4-3/+10
2016-05-17Remove ControllerClusterConfig from overcloud.yamlSteven Hardy1-7/+0
AFAICS this isn't actually used anywhere, I assume it's left over from the older element based implementation. Change-Id: Ie95628bd7af1bcd50a6e331531b2987e434c7136
2016-05-16Remove Nova EC2 deploymentEmilien Macchi2-9/+0
Nova EC2 does not exist anymore since Mitaka, parameters are already deprecated in Mitaka and send warnings to the Puppet catalog. The service has been replaced by ec2api project, where Puppet OpenStack team is currently writting a module. In the meantime we add support in TripleO, this patch removes all occurences of Nova EC2 configuration, which are useless and send warnings for nothing. Change-Id: Ief2d0e5c77b5ac58560606fee930fbd66c40ffc3
2016-05-13Ensure manage_service and enabled are false for PacemakerGiulio Fidente4-3/+10
We can control the two manage_service and enabled boolean from the Pacemaker specific template now. Change-Id: I91a4267f0fc230f63df3333747d28463c7ae55fe
2016-05-11Merge "composable neutron dhcp service"Jenkins7-170/+134
2016-05-10composable neutron dhcp serviceDan Prince7-170/+134
Adds new puppet and puppet pacemaker specific services for the Neutron DHCP agent. Depends-On: Ibbfd79421f871e41f870745a593cca65e8c0e58a Partially-implements: blueprint composable-services-within-roles Change-Id: Ia61295943e67efe354a51a26fe4540f288ff6ede
2016-05-10deployment: drop step6Emilien Macchi2-13/+6
Step6 was just about confuring fencing after creating all Pacemaker resources. It was created by this patch: https://review.openstack.org/#q,1787fbc7ca58f9965cd5d64b685c1f9beed4cb9b,n,z A bit of Puppet orchestration can help us to not require an extra step. This patch: * configure & enable fencing at step5 * make sure we don't configure fencing because creating Pacemaker resources and constraints. * remove step6 from deployment workflow. * depends on a patch in puppet-tripleo that moves keystone resources (endpoints, roles) to step 5. Change-Id: Iae33149e4a03cd64c5831e689be8189ad0cf034b Depends-On: Icea7537cea330da59fe108c9b874c04f2b94d062 Depends-On: I079e65f535af069312b602e8ff58be80ab2f2226
2016-05-10deployment: remove Step7Emilien Macchi1-12/+1
Step7 was created when we incremented the step of ringbuilder, by https://review.openstack.org/#q,9988bd25aa4bac1375ef4783d636c7adecedee92,n,z But step7 is not used anywhere and consumes some times for nothing. This patch removes the step, so deployments and upgrades will be faster. Change-Id: I77af9126abc61ace227cf1a69c2d3b5ceb735276
2016-05-10Set nova neutron auth back to 'v3password'.Derek Higgins1-0/+2
Puppet-nova recently changed the default neutron auth setting in I3416ae594e972e40ff0336779258a887987e46b1 to 'password'. This single setting seems to break the tripleo upgrades job. Setting it here manually for now and following up in puppet-nova. Closes-bug: #1580076 Change-Id: I3f38a3e1ef3378a272a51ecbc1e8a801c8d3608a
2016-05-09Merge "Pass parameters to manage endpoints via puppet"Jenkins3-0/+103
2016-05-05Merge "Remove calls to ::mysql from the manifests"Jenkins2-8/+0
2016-05-04Pass parameters to manage endpoints via puppetJuan Antonio Osorio Robles3-0/+103
This commit passes the necessary hieradata in order to create the endpoints, users and roles of the services in keystone via puppet. Change-Id: I2470dfa4661be7ba8218f6035fffa05f547214f0
2016-05-04Leave start/stop/restart for Keystone and Glance in charge to the roleGiulio Fidente1-2/+0
Change-Id: I511052dc765788336ffd32dee2118d787fce725d
2016-05-04Remove calls to ::mysql from the manifestsGiulio Fidente2-8/+0
The database will be created by the roles so we don't need to call ::mysql from the manifest. Change-Id: I2b137cbd6597222a72cf46830f34a93f002c70ef Depends-On: Id065a9180f1f1a41ab225ec5f755498ec7d9a827
2016-05-04Merge "Fix distinguishing between stack-create and stack-update"Jenkins1-0/+7
2016-05-03Optimize Nova disk_cachemodes and hw_disk_discard options for RBDGiulio Fidente1-2/+11
When using the Nova RBD driver for the ephemeral storage it is suggested by the Ceph RBD OpenStack guide [1] to optimize certain settings; this change will set disk_cachemodes and hw_disk_discard accordingly to the guide. 1. http://docs.ceph.com/docs/master/rbd/rbd-openstack/ Change-Id: I8d2ee89ca4ff5458d1888cc037e2e91d19025ad4
2016-05-03Merge "Wire missing RabbitClientPort into Glance API role"Jenkins1-0/+5
2016-04-29Merge "Fix ControllerExtraConfig parameter name"Jenkins1-2/+16
2016-04-29Wire missing RabbitClientPort into Glance API roleGiulio Fidente1-0/+5
Change-Id: I0ebb5a1e504dd3ffef8ec15c721cf9a9bce6f05b
2016-04-26Merge "Run sync in step 3 when $sync_db"Jenkins1-1/+1
2016-04-25Merge "Use 'deeper' hiera_hash merge behavior for all roles"Jenkins5-0/+5
2016-04-22Run sync in step 3 when $sync_dbGiulio Fidente1-1/+1
This will configure the openstack services and run the initial db sync in step 3 (instead of step 4) for the node for which $sync_db is true. Closes-Bug: #1572952 Change-Id: I29012ee0a8b281e4472353ee7d9d44912e8a9b6c
2016-04-22Merge "Enable client address in Horizon's logs."Jenkins4-0/+9
2016-04-21Use 'deeper' hiera_hash merge behavior for all rolesGiulio Fidente5-0/+5
This change configures the hiera merge behavior to 'deeper' [1], which is useful to merge values when the same hiera key is found in multiple datafiles. The hiera default 'native' only picks the value from the key with the highest priority in the hierarchy. 1. https://docs.puppetlabs.com/hiera/1/lookup_types.html#deep-merging-in-hiera--120 Change-Id: I88c764d9af510ffbbad9fcaa4b747655e38255c2
2016-04-21composable glance servicesDan Prince7-195/+234
Adds new puppet and puppet pacemaker specific services for Glance API and Glance Registry. The Pacemaker templates extend the default glance services and swap in the pacemaker specific puppet-tripleo profile instead. In the case of pacemaker glance-registry there is no separate puppet manifest so only the configuration parameters are maintained there. (Due to the way the pacemaker glance constraints are written the pacemaker varients of this service can't be split out...) Depends-On: Ifc388f7058ccfff2818f531bcbc00c7179874bbc Change-Id: I00a8c916129af43cda225754eb10370289bb4b41
2016-04-19Merge "Make HeatWorkers param affect the engine workers"Jenkins1-0/+1
2016-04-18Merge "Reload haproxy after injecting certs w/o pcmk too"Jenkins1-0/+8
2016-04-18Fix ControllerExtraConfig parameter nameJiri Stransky1-2/+16
We've had a typo for a while that a parameter is named "controllerExtraConfig" with lowercase c, which can be quite confusing for users because the other similar parameters (e.g. NovaComputeExtraConfig) consistently start with an upper case letter. We'll support both variants from now on, marking the typoed variant as deprecated. Change-Id: Ic67a4297e7fa08308889b95ba35389a01f70f5a4