aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2016-02-29controller/ha: disable keystone-manage bootstrap.Emilien Macchi1-3/+6
Because Overcloud Keystone resources are not managed by puppet-keystone but by os-cloud-config, we need to let os-cloud-config managing keystone bootstrap otherwise the Exec will fail since some data is already in place. Later, when Keystone resources will be managed by Puppet, drop this parameter, because puppet-keystone is able to manage the boostrap itself. Change-Id: I027deaae5cf90c27a6b5e9d236ae61145cab3c3f Closes-Bug: #1551501
2016-02-29Merge "OpenContrail heat templates"Jenkins7-2/+127
2016-02-29Merge "Enable notifications on the overcloud"Jenkins4-3/+23
2016-02-27Merge "Add support for DeployArtifactURLs"Jenkins7-3/+117
2016-02-26Merge "Emits a different hostname for each network the node is on"Jenkins5-15/+230
2016-02-26Add support for DeployArtifactURLsDan Prince7-3/+117
Adds a new nested stack deployment which allows operators to opt-in to deploy tarball's and RPM packages by setting DeployArtifactURLs as a parameter_default in a Heat environment. The intent is to use this setting to allow t-h-t to transparently deploy things like tarballs of puppet modules via a Swift Temp URL. Change-Id: I1bad4a4a79cf297f5b6e439e0657269738b5f326 Implements: blueprint puppet-modules-deployment-via-swift
2016-02-26Merge "Nova RPC unpinning"Jenkins2-0/+12
2016-02-26Merge "Add meta notify=true to rabbitmq resource"Jenkins1-0/+1
2016-02-25Enable notifications on the overcloudBen Nemec4-3/+23
Configures all services to send notifications to rabbit. The puppet modules are not consistent regarding how this is done - some expose notification config as a top-level param, others you need to set it through a *_config structure, and cinder provides a separate class dedicated to enabling ceilometer notifications. Change-Id: I23e2ddad3c59a06cfbfe5d896a16e6bad2abd943
2016-02-24Emits a different hostname for each network the node is onGiulio Fidente5-15/+230
Populates /etc/hosts with an entry for each IP address the node is on, which will be useful to migrate services configuration from using IPs into using hostnames. This is how the lines look like on a host which doesn't have all ports: 172.16.2.6 overcloud-novacompute-0.localdomain overcloud-novacompute-0 192.0.2.9 overcloud-novacompute-0-external 172.16.2.6 overcloud-novacompute-0-internalapi 172.16.1.6 overcloud-novacompute-0-storage 192.0.2.9 overcloud-novacompute-0-storagemgmt 172.16.0.4 overcloud-novacompute-0-tenant 192.0.2.9 overcloud-novacompute-0-management the network against which the default (or primary) name is resolved can be configured (for computes) via ComputeHostnameResolveNetwork Change-Id: Id480207c68e5d68967d67e2091cd081c17ab5dd7
2016-02-24Nova RPC unpinningJiri Stransky2-0/+12
During upgrades, we only run Puppet on the whole deployment to converge the state, after the upgrade workflow itself has been fully completed. That is an opportunity to utilize Puppet to make sure Nova Compute RPC doesn't remain pinned to the older version. Change-Id: I6ebc813a80dfd9dfbbb213c38724487e044507b8
2016-02-24Merge "Nova Neutron configuration now uses keystone v3 endpoint"Jenkins2-2/+2
2016-02-24Merge "Update nova::network::neutron variables to drop deprecated parameters"Jenkins3-9/+9
2016-02-24Merge "Allow vncproxy to work with ssl enabled"Jenkins1-0/+6
2016-02-23Nova Neutron configuration now uses keystone v3 endpointDavid Moreau Simard2-2/+2
Our current nova-neutron configuration does not work with the latest puppet-nova. In particular, this patch[1]. This commit adds keystone v3 endpoints to the map and gets the nova::network::neutron configuration to use them. [1] https://github.com/openstack/puppet-nova/commit/d09868a59c451932d67c66101b725182d7066a14 Change-Id: Ifb8c23c81c665c2732fa5cd757760668b06a449a
2016-02-23Add meta notify=true to rabbitmq resourceMichele Baldessari1-0/+1
See RHBZ 1311005 and 1247303. In short: sometimes when a controller node gets fenced, rabbitmq is unable to rejoin the cluster. To fix this we need two steps: 1) The fix for the RA in BZ 1247303 2) Add notify=true to the meta parameters of the rabbitmq resource on fresh installs and updates Note that if this change is applied on systems that do not have the fix for the rabbitmq resource agent, no action is taken. So when the resource agent will be updated, the notify operation will start to work as soon as the first monitor action will take place. Fixes RH Bug #1311005 Change-Id: I513daf6d45e1a13d43d3c404cfd6e49d64e51d5a
2016-02-22Add extra config yaml files for big switch agents.xinwu6-3/+54
This change adds extra config yaml files for big switch agent and big switch lldp. This change is mainly for compute nodes. The changes related to controller nodes are landed at e78e1c8d9b5a7ebf327987b22091bff3ed42d1c1 This change also removes the neutron_enable_bigswitch_ml2 flag. Instead, User needs to specify NeutronMechanismDrivers: bsn_ml2 in environment file. Previous discussion about this change can be found at an abandoned review request https://review.openstack.org/#/c/271940/ Depends-On: Iefcfe698691234490504b6747ced7bb9147118de Change-Id: I81341a4b123dc4a8312a9a00f4b663c7cca63d7c
2016-02-22Update nova::network::neutron variables to drop deprecated parametersDavid Moreau Simard3-9/+9
This commit ensures we are not using any deprecated parameters for nova::network::neutron and are using the right variable names. Change-Id: Ic1b41e2cdbb6b180496822cc363c433e9388aa02
2016-02-19Merge "Use the class param to configure Cinder 'host' setting"Jenkins1-3/+1
2016-02-19Merge "Add TripleO Heat Template Parameters for Neutron Tenant MTU"Jenkins2-0/+24
2016-02-19Use the class param to configure Cinder 'host' settingGiulio Fidente1-3/+1
By configuring the Cinder 'host' setting via the appropriate class param instead of cinder_config we don't risk to override it if the user is to pass additional config settings using cinder_config in ExtraConfig. Change-Id: Idf33d87e08355b5b4369ccb0001db8d4c3b4c20f
2016-02-18Merge "Configure keystone public_endpoint"Jenkins1-1/+1
2016-02-18Merge "Enable the ML2 port security extension driver by default"Jenkins1-1/+1
2016-02-18Merge "Add missing : in hieradata key name"Jenkins1-1/+1
2016-02-18Add sysctl settings to disable IPv6 autoconfig and accept_raDan Sneddon1-0/+5
This change adds puppet hieradata settings which disable IPv6 autoconfiguration and accept_ra by default on all interfaces. When IPv6 is used, the interfaces are individually enabled and configured with static IP addresses. The networking on the compute host needs to be completely separate from the tenant networking, in order to safeguard the compute host and isolate tenant traffic. This change disables IPv6 autoconfiguration and acceptance of RAs by default on interfaces unless specifically enabled. Without these settings, IPv6 is enabled on all interfaces, as well as autoconfiguration and accept_ra, so when the compute host creates a bridge interface for the router (qbr-<ID>), the compute node will automatically assign an IPv6 address and will install a default IPv6 route on the bridge interface when it receives the RAs from the Neutron router. The change to turn off autoconfiguration means that interfaces will not self-assign an IPv6 address, and the change to not accept RAs is a security hardening feature. This requires that a static gateway address be declared in the network environment in the parameter ExternalNetworkDefaultRoute. Alternately, sysctl can be modified to change the accept_ra behavior for specific interfaces. Change-Id: I8a8d311a14b41baf6e7e1b8ce26a63abc2eaabef Closes-bug: 1544296
2016-02-18Merge "Make injected CA file readable by others"Jenkins1-1/+1
2016-02-18Merge "Increase size of connection tracking table"Jenkins7-0/+19
2016-02-17Add TripleO Heat Template Parameters for Neutron Tenant MTUDan Sneddon2-0/+24
This change adds the TripleO Heat Parameters and Puppet hieradata to support setting the MTU for Neutron tenant networks. A new parameter, NeutronTenantMtu is introduced, and this gets used for the NeutronDnsmasqOptions and in Puppet hieradata. NeutronTenantMtu is also used in the Puppet hieradata for both the compute and control nodes. Two values are set: nova::compute::network_device_mtu which sets /etc/nova/nova.conf: network_device_mtu = <NeutronTenantMtu> neutron::network_device_mtu which sets in /etc/neutron/neutron.conf: network_device_mtu = <NeutronTenantMtu> finally, the NeutronDnsmasqOptions parameter becomes a str_format that maps the NeutronTenantMtu onto the DHCP options, so a default of 'dhcp-option-force=26,%MTU%' would be formatted to 'dhcp-option-force=26,1300' if NeutronTenantMtu were 1300. This will set dnsmasq to serve an MTU via DHCP that matches the NeutronTenantMtu: /etc/neutron/dnsmasq-neutron.conf:dhcp-option-force=26,1300 Typically, you would change all three of these settings to use small or jumbo frames in VMs. When using tunneling, NeutronTenantMtu should be set at least 50 bytes smaller than the physical network MTU in order to make room for tunneling overhead. Note that this change does not support setting the MTU on veth interfaces if veth patches are used to br-int instead of OVS patches. Change-Id: I38840e082ee01dc3b6fc78e1dd97f53fa4e63039
2016-02-17Merge "Wire the Glance rbd user correctly into the external Ceph template"Jenkins1-1/+1
2016-02-17Make injected CA file readable by othersJuan Antonio Osorio Robles1-1/+1
Currently the permissions for the CA file that is injected (if the environment is set), doesn't permit users that don't belong to the group that owns the file to read it. This is too restrictive and isn't necessary, as the certificate should be public. This is useful in the case where we want a service that can't read the certificate chain (or bundle) to be able to read that CA certificate. This is the case for the MariaDB version that is being used in CentOS 7.1 for example. Change-Id: I6ff59326a5570670c031b448fb0ffd8dfbd8b025
2016-02-17Merge "Bind Galera on a hostname for compat with IPv6 addresses"Jenkins2-2/+12
2016-02-17Merge "Remove start-delay=10s for the Nova resources monitor"Jenkins1-5/+0
2016-02-16Wire the Glance rbd user correctly into the external Ceph templateGiulio Fidente1-1/+1
We were incorrectly wiring the rbd user to the relevant glance module parameter, making it was impossible to customize the rbd user when using an external Ceph. Change-Id: Ibe4eaedf986a9077f869c6530381e69ee0281f5b
2016-02-15Merge "Update Dell Storage Center api port setting"Jenkins2-2/+2
2016-02-15Merge "Enable SSL middleware for cinder"Jenkins2-0/+2
2016-02-12Add missing : in hieradata key nameJames Slagle1-1/+1
This hieradata key, neutron::agents::ml2::ovs:bridge_mappings was missing a : before bridge_mappings causing the value to be blank in /etc/neutron/plugins/ml2/openvswitch_agent.ini even if a value had been specified. Change-Id: I377565d3fb821be1bb2dc7d92ec1ad25a4a3b1f1
2016-02-12Merge "Nova now requires an api database to be created"Jenkins5-0/+23
2016-02-12Remove start-delay=10s for the Nova resources monitorGiulio Fidente1-5/+0
As per conversation in [1], these settings should have probably never been there. 1. https://bugzilla.redhat.com/show_bug.cgi?id=1262409 Change-Id: I116f825ba0fe3e4faac8dd347bb087e1b4c70e57
2016-02-11Merge "Increase default Cinder LVM backing file to 10G"Jenkins2-2/+2
2016-02-11Merge "puppet: run keystone in wsgi"Jenkins4-63/+63
2016-02-11Merge "Fixed typo in Dell Equallogic Cinder settings"Jenkins2-2/+2
2016-02-10Merge "Set 'host' globally in Cinder instead of per-backend basis"Jenkins3-24/+3
2016-02-10Merge "Remove not needed completion-signal"Jenkins1-1/+1
2016-02-10Nova now requires an api database to be createdDavid Moreau Simard5-0/+23
This enables the creation of the nova_api database that is now mandatory since https://review.openstack.org/#/c/245828/ Change-Id: Ia8242f23864ebb14ccf858a77ba754059e9c2d4a Related-Bug: #1539793
2016-02-10Merge "Makes the iSCSI initiator name unique for compute nodes"Jenkins1-0/+10
2016-02-09puppet: run keystone in wsgiEmilien Macchi4-63/+63
For both HA & non-HA scenarios, switch puppet-keystone configuration to be run in a WSGI process instead of eventlet. WSGI is the way to go for scaling Keystone, moreover, eventlet won't be support in next OpenStack releases. Co-Authored-By: Dan Prince <dprince@redhat.com> Depends-On: I22a348c298ff44f616b2e898f4872eddea040239 Change-Id: I862b4a68f43347564ec3c0ddc4ec9e1d1c755cf2 Signed-off-by: Jason Guiditta <jguiditt@redhat.com>
2016-02-09Increase size of connection tracking tableJames Slagle7-0/+19
During high load, the default limit of the kernel connection tracking table (65536) is often too low, resuling in error messages such as: kernel: nf_conntrack: table full, dropping packet This patch increases the limit to 500,000. Since the nf_conntrack kernel module is not always loaded by default, it also adds a mechanism to load kernel modules via hieradata using the kmod puppet module. In order to express the needed dependency in puppet that kernel modules are loaded before sysctl settings are applied, the Exec resources tagged with 'kmod::load' are specified in a resource collector to express that that Exec resources with the tag should run before Sysctl resources. Depends-On: I59cc2280ebae315af38fb5008e6ee0073195ae51 Change-Id: Iffa0a77852729786b69945c1e72bc90ad57ce3bb
2016-02-09Update Dell Storage Center api port settingrajinir2-2/+2
Updated the setting for the dell storage center api port to the right variable name ::dell_sc_api_port Change-Id: I67a7533469947355629b6cb54b79759e21e0ec55
2016-02-09Merge "Fix MidoNet errors"Jenkins4-14/+31
2016-02-08Set 'host' globally in Cinder instead of per-backend basisGiulio Fidente3-24/+3
This change will set a common value for 'host' across all controllers. We missed to do so for the NFS backend previously. It will still be possible to set a different per-backend 'host' value by providing it via ExtraData. Change-Id: I00fd05660a15be3611e1a394650be6ab713670f9