aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2015-07-01Allow to enable fencing, pass through fencing configJiri Stransky3-1/+59
Add two new parameters: EnableFencing and FencingConfig. FencingConfig is a json with an expected structure documented in the templates. It gets passed further to puppet-tripleo, which configures the fencing devices. Fencing is configured and enabled in the last step after all pacemaker resources and constraints have been created, which should be a more stable approach than the other way round. Change-Id: Ifd432bfd2443b6d13e7efa006d4120bb0eaa2554 Depends-On: I819fc8c126ec47cd207c59b3dcf92ff699649c5a Depends-On: I8b7adff6f05f864115071c51810b41efad887584
2015-07-01Remove unwanted constraints between the Redis vip and CeilometerGiulio Fidente1-25/+0
We do not want to delay Redis vip start to promotion of Redis master, HAProxy will take care of the validating the backends. We do not need to force colocation of Redis vip with Redis master. We do not want to restart the Ceilometer central agent when the vip moves this can instead cause unwanted cascading restarts due to other constraints in between services. More details can be read on the BZ at: https://bugzilla.redhat.com/show_bug.cgi?id=1236374 Change-Id: I594984cd23db7de57746c3e1018181d61b020f46
2015-06-29Merge "Drop swift ceilometer middleware."Jenkins2-2/+0
2015-06-26Merge "Add missing Pacemaker constraint against Keystone"Jenkins1-9/+18
2015-06-26Merge "Set MariaDB package name in RedHat.yaml"Jenkins3-1/+9
2015-06-26Merge "Enable mysql_clustercheck for Pacemaker scenario"Jenkins1-0/+1
2015-06-26Merge "Increase mongodb_conn_validator timeout to 600"Jenkins1-0/+1
2015-06-25Add missing Pacemaker constraint against KeystoneGiulio Fidente1-9/+18
The Heat contraints group was missing the initial dependency on Keystone, causing Pacemaker to Heat before or in parallel to Keystone. Given Systemd can define dependencies in the unit files, this was additionally causing an unmanaged start of Keystone making cluster initialization to fail (with Keystone start timeout blocking all the depending resources). Also moves Keystone -> Ceilomter constraint on top of Ceilometer constraints group for clarity. Logs and more infos at [1] 1. https://bugzilla.redhat.com/show_bug.cgi?id=1235703 Change-Id: I9505fd46c5bf278afc8ff919c7e768e2de194cb8
2015-06-25Merge "Ensure mysql/mariadb service is not enabled on boot"Jenkins1-0/+1
2015-06-25Merge "Do not set explicitly galera_master to any of the nodes"Jenkins1-4/+1
2015-06-25Enable mysql_clustercheck for Pacemaker scenarioGiulio Fidente1-0/+1
Change-Id: I154c90e6d019807758332e3aefe5dde9d79db6ac Related-Bug: 1456701 Depends-On: I7199c7e5d759a76f58c0f48b40e9d460a3163886
2015-06-25Ensure mysql/mariadb service is not enabled on bootGiulio Fidente1-0/+1
Change-Id: I42462a6de2bf70ef71899833c3f27633f0f59493 Closes-Bug: 1468549 Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1235454
2015-06-24Set MariaDB package name in RedHat.yamlDan Prince3-1/+9
This moves the hard coded package name for mariadb into the RedHat specific hieradata file. This was recently added to controller.yaml in a1b3fa3e84185b6969a8acfda475fe7fc48bd5a1. Also, resolves an issue where RedHat.yaml wasn't actually getting deployed. This is something that should have happened in 5009cc64322e9fb5723799eb9fbd79076a2dc5da. Change-Id: Iaa30be3c53a7c54d31d47b997966b0106a202ea4
2015-06-24Merge "Make puppet-applying *Post resources depend on hieradata"Jenkins10-0/+51
2015-06-24Increase mongodb_conn_validator timeout to 600Giulio Fidente1-0/+1
This will increase the mongodb_conn_validator timeout from 60 secs (the default) to 600 secs; it should take much less in normal circumstances to start mongod but nodes might not be starting it all at the same time so we use a larger timeframe for the availablity checks. Change-Id: I0ee210be94b33d1c08d67f287aa745743a6649d3
2015-06-24Do not set explicitly galera_master to any of the nodesGiulio Fidente1-4/+1
We will manage nodes membership using the clustercheck script and marking all backends as backup, see change: I7199c7e5d759a76f58c0f48b40e9d460a3163886 Related-Bug: 1467918 Change-Id: I56ebd2d8405ac35c707666d993b396f04aeb683e
2015-06-23Add special handling of neutron-server service startup to fix raceGiulio Fidente1-0/+10
Neutron will populate the database with some data as soon as the neutron-server service is started; we want this to happen from a single node before normal Pacemaker initialization. Change-Id: I422972502fbb10ddae3201464bbd6885749de31e Closes-Bug: 1467904 Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1233061
2015-06-23Merge "Specify mariadb package name to meet puppetlabs-mysql requirement"Jenkins1-0/+1
2015-06-23Merge "Leave control of Redis balancing in static hieradata"Jenkins1-1/+0
2015-06-23Merge "Add support for isolating block storage nets"Jenkins2-4/+36
2015-06-22Merge "Fix MongoDB connection url configuration in Ceilometer"Jenkins1-6/+7
2015-06-22Fix MongoDB connection url configuration in CeilometerGiulio Fidente1-6/+7
Change-Id: I8a56e7b067044bace5def63ea6170ed817f48acd Closes-Bug: 1467437 Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1233283
2015-06-22Merge "Enable httpd balancing for Horizon"Jenkins3-3/+8
2015-06-21Add support for isolating block storage netsDan Prince2-4/+36
This patch updates the cinder block storage role for Puppet so that it supports network isolation. This includes using the (optional) isolated networks for MySQL, Glance API, and iscsi network traffic. Change-Id: Icdfbf5fce7380e6049babca0cd50ca2e4008c1b0
2015-06-21Drop swift ceilometer middleware.Dan Prince2-2/+0
Per Ceilometer commit 191f7bf9ccee33d8444f7dac5c09ceccce72ca29 (change ID: Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97) the Swift Ceilometer middleware no longer exists so we need to drop it in order to work with the latest upstream package. Change-Id: Iebaad0ba477001d663c6875b32d691bbfcda3d8d
2015-06-19Leave control of Redis balancing in static hieradataGiulio Fidente1-1/+0
Redis balancing is controlled by static hieradata [1] we don't need to override it into manifest. 1. https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/hieradata/controller.yaml#L111 Change-Id: Ie2a5a4cbee0a55f2572f182b18c036efc299dbef
2015-06-18Merge "Enable loadbalancing of the Redis VIP, defaults to False"Jenkins3-3/+8
2015-06-18Merge "Rename ServiceNetMap: NeutronLocalIp"Jenkins2-2/+2
2015-06-18Enable httpd balancing for HorizonGiulio Fidente3-3/+8
We need to customize the default apache::ip param or the default vhost configured will listen on ::80 Change-Id: I195a083f727da940841beb3a0c37dade02c6d1ca
2015-06-18Enable loadbalancing of the Redis VIP, defaults to Falsemarios3-3/+8
We have to set it to true as the default is false which means the redis vip can't be reached. This was manifested as a problem with ceilometer agent reaching the coordination url like [1]. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> [1] https://bugzilla.redhat.com/attachment.cgi?id=1040023 Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1232797 Change-Id: I1cd63308d0ac1d17542e1a2a909ee1a9680ed4b3
2015-06-18Bind novncproxy to its own networkBen Nemec1-0/+1
By default the nova vncproxy binds to 0.0.0.0, which will fail in a loadbalanced environment. This makes it bind to its network. Change-Id: I08776a8f6c72b63d73433b147c130fbc9a7110b0
2015-06-18Merge "Remove NO_SIGNAL from ControllerBootstrapNodeDeployment"Jenkins1-0/+1
2015-06-17Merge "Remove Redis VirtualIP from params and build it from Neutron::Port"Jenkins1-2/+4
2015-06-17Merge "Make CephStorageDeployment depend on NetworkDeployment"Jenkins1-0/+1
2015-06-17Merge "Remove NO_SIGNAL from puppet role templates"Jenkins4-6/+4
2015-06-17Merge "Adds horizon to pacemaker when puppet-pacemaker is enabled"Jenkins2-1/+13
2015-06-17Merge "Fix Redis bind setting to use redis_network"Jenkins1-1/+0
2015-06-17Merge "Allow control of hostname formatting"Jenkins5-0/+20
2015-06-17Merge "Add $hostname.localdomain alias to /etc/hosts"Jenkins5-5/+5
2015-06-17Merge "Remove unused EnablePacemaker param from templates"Jenkins1-5/+0
2015-06-17Allow control of hostname formattingSteven Hardy5-0/+20
Currently, we use the heat default server names, which results in some fairly unreadable hostnames due to the level of nesting in the templates. e.g ov-sszdbj5rdne-0-bhseh65edxv6-Controller-zoqc6tlypbdp Instead, we allow the user to specify a format string per role, defaulted to a string which formats the name e.g <stackname>-controller-<index> e.g overcloud-controller-0 Optionally additional hostname components (not replaced by heat) could be added, such that deployment time customization of hostnames via firstboot scripts (e.g cloud-init) may be possible. Should anyone wish to maintain the old heat-generated names, they can pass an empty string via these parameters, which heat will treat as if no "name" property was provided to OS::Nova::Server. Change-Id: I1730caa0c2256f970da22ab21fa3aa1549b3f90b
2015-06-16Make puppet-applying *Post resources depend on hieradataSteven Hardy10-0/+51
When you do a stack-update which affects, e.g ControllerDeployment such that some value in hieradata is updated (for example changing the "Debug" parameter to True), we only write the hieradata file and don't reapply the manifests. So we introduce a dependency on the deploy_stdout values from all hieradata applying configs, such that the manifests will be re-applied on update if the data is changed. This requires https://review.openstack.org/#/c/190282/ so that 99-refresh-completed will return the derived config ID as part of the deploy_stdout payload. Closes-Bug: #1463092 Change-Id: I1175248c3236d0c42e37d062afce550efce8aadc
2015-06-16Merge "Add support for isolating swift storage nets"Jenkins1-4/+19
2015-06-15Add $hostname.localdomain alias to /etc/hostsGiulio Fidente5-5/+5
We want to make sure to be able to resolve the default domain suffix (.localdomain) appended when no domain option is passed by the dhcp server. Change-Id: I33111e91b502f57da442e5745de2217bd6d2d882
2015-06-13Remove Redis VirtualIP from params and build it from Neutron::PortGiulio Fidente1-2/+4
The redis_vip should come from a Neutron Port as its cidr depends on the Neutron Network configuration. This change adds 2 new files and modifies 1 in the network/ports directory: - noop.yaml - Passes through the ctlplane Controller IP (modified) - ctlplane_vip.yaml - Creates a new VIP on the control plane - vip.yaml - Creates a VIP on the named network (for isolated nets) Also, changes to overcloud-without-mergepy.yaml create the Redis Virtual IP. The standard resource registry was modified to use noop.yaml for the new Redis VIP. The Puppet resource registry was modified to use ctlplane_vip.yaml by default, but can be made to use vip.yaml when network isolation is used by using an environment file. vip.yaml will place the VIP according to the ServiceNetMap, which can also be overridden. We use this new VIP port definition to assign a VIP to Redis, but follow-up patches will assign VIPs to the rest of the services in a similar fashion. Co-Authored-By: Dan Sneddon <dsneddon@redhat.com> Change-Id: I2cb44ea7a057c4064d0e1999702623618ee3390c
2015-06-12Fix Redis bind setting to use redis_networkGiulio Fidente1-1/+0
The Redis bind host should be set from [1] template. 1. https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/controller-puppet.yaml#L985 Change-Id: I8713db1a7ad739692817921248edcc6b0e819ade
2015-06-12Adds horizon to pacemaker when puppet-pacemaker is enabledmarios2-1/+13
Adds the horizon (httpd) service as pacemaker resource Also adds a default for the horizon::django_session_engine [1] which was previously unconfigured. Also adds a server-status.conf for httpd/pacemaker [2] [1] https://docs.djangoproject.com/en/dev/topics/http/sessions/#using-cached-sessions [2] https://github.com/beekhof/osp-ha-deploy/blob/master/pcmk/horizon.scenario#L72 Change-Id: I320837dfecf3241355e8a3345d0ff271592da491
2015-06-10Rename ServiceNetMap: NeutronLocalIpDan Prince2-2/+2
This patch renames the NeutronLocalIp option to be called NeutronTenantNetwork. This is more consistent with all of the other ServiceNetMap settings which end in 'Network' and initial end user feedback found the old name a bit cryptic as well. This is the network for neutron tenant traffic so lets just name it that. Change-Id: Id49afe75c372887453413c092190a5775aa3e1ee
2015-06-10Isolate network traffic for Nova VNC proxyDan Prince1-2/+2
This patch makes it possible to configure the isolated network for the Nova vnc proxy client. Change-Id: I462dfaea94e5fe9cb260ba91a42433a250f07984
2015-06-10Add support for isolating swift storage netsDan Prince1-4/+19
This patch updates the Puppet Swift storage role so that it supports network isolation. By default all traffic still flows on the ctlplane network but if network isolation is enabled then network traffic will flow over the configured storage_mgmt network interface. This patch also fixes a few critical issues with the swift storage role that prevented it from working: - oac_data for the swift devices was overriding the data provided in the swift_devices_and_proxy hieradata file. - the role was missing declarations to load hieradata files for swift_devices_and_proxy and all_nodes - The required snmpd settings were not getting set correctly in the 'object' hiera data file. With all of these changes the Swift storage role works correctly with and without network isolation. Change-Id: I541abb2604380f603bba91ad88e54783ee450a8f