aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2016-10-21Remove double tcp_listen_options entries for rabbitMichele Baldessari1-1/+1
After a brand new deployment we have the following in rabbitmq.config: ... {rabbit, [ {tcp_listen_options, [binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}] }, {tcp_listen_options, [binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]}, ... Let's remove these duplicate entries and make sure that we use the parameters for the puppet module to set the following values explicitely (it's the only parameter where we do not use the default setting from the puppet module): keepalive = true -> rabbitmq::tcp_keepalive: true All the other options that we set are the default in the puppet module: {packet, raw} {reuseaddr, true} {backlog, 128}{nodelay, true} {exit_on_close, false} Depends-On: I608477d5714a5081b3b4ab3b9fc2932bdd598301 Change-Id: I35921652bd84d1d6be0727051294983d4a0dde10
2016-10-20Open port 16509 for libvirt for live migrationJames Slagle1-0/+4
Port 16509 should be opened for tcp traffic to enable live migration. See Also: http://docs.openstack.org/admin-guide/compute-configuring-migrations.html Previously, we were not enabling any iptables rules on the Compute Roles, so this is a regression. Change-Id: Ie4abf53dc2a8171af48d02e34a1a3ad43f27cfb3 Closes-Bug: #1635427
2016-10-20Include ceilometer in swift proxy pipelinePradeep Kilambi1-0/+12
new ceilometermiddleware is available and integrated into puppet-swift. Lets leverage it and include it in the swift proxy pipeline. The correcponding puppet triple change for this is Ie49f4a750368ff174b23b8d6baa743d0956d727e Closes-Bug: #1631108 Change-Id: I82da0240d60d1eed54f1c0927e6157bb63025a19
2016-10-20Enable internal TLS for gnocchiJuan Antonio Osorio Robles1-2/+11
This adds the necessary hieradata for enabling TLS in the internal network for gnocchi. bp tls-via-certmonger Depends-On: Ie983933e062ac6a7f0af4d88b32634e6ce17838b Change-Id: Iad8d4949ada8b8fd52e0d0bd345b6fb1ca65827b
2016-10-20Enable internal TLS for aodhJuan Antonio Osorio Robles1-2/+11
This adds the necessary hieradata for enabling TLS in the internal network for aodh. bp tls-via-certmonger Change-Id: I2ea160e3ac0775404d6ed302f475268d3a3031ef Depends-On: I50ef0c8fbecb19d6597a28290daa61a91f3b13fc
2016-10-20Enable internal TLS for ceilometerJuan Antonio Osorio Robles1-3/+11
This adds the necessary hieradata for enabling TLS in the internal network for ceilometer. bp tls-via-certmonger Depends-On: Ib5609f77a31b17ed12baea419ecfab5d5f676496 Change-Id: I3eb34efbc8489b23269f97f762d4a3d0fa69f666
2016-10-20Generate internal TLS hieradata for apache servicesJuan Antonio Osorio Robles3-20/+99
This adds an environment file that can be used to enable TLS in the internal endpoints via certmonger if used. This will include a nested stack that will create the hash that will be used to create the certmonger certificates. When setting up a service over apache via puppet, we used to disable explicitly ssl (which sets modd_ssl-related fields for that vhost). We now make this depend on the EnableInternalTLS flag. This has only been done for keystone, but more services will be added as the puppet code lands bp tls-via-certmonger Depends-On: I303f6cf47859284785c0cdc65284a7eb89a4e039 Change-Id: I12e794f2d4076be9505dabfe456c1ca6cfbd359c
2016-10-20Remove duplicate bind_host from nova-api profileJuan Antonio Osorio Robles1-1/+0
Change-Id: I3c5c7753237ebaf16fb40806df0d195cb2b9aaa0
2016-10-19Add Barbican to the overcloudAde Lee1-0/+127
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Depends-On: If2804b469eb3ee08f3f194c7dd3290d23a245a7a Depends-On: I091ecfbcb2e38fe77203244ac7a597aedcb558fb Change-Id: Iacc504fc4fa2d06893917024ce2340d3fb80b626
2016-10-18Merge "Set nova service_name via t-h-t"Jenkins1-0/+1
2016-10-18Merge "Fix api_extensions_path in neutron-opencontrail environment"Jenkins1-1/+1
2016-10-18Merge "Enable proxy headers parsing for Neutron"Jenkins1-0/+1
2016-10-18Merge "Add apache workers to nova-api conditional"Jenkins1-1/+1
2016-10-18Add parameters to run cinder over httpdJuan Antonio Osorio Robles1-1/+29
This adds the necessary hieradata to run cinder over httpd instead of eventlet. Change-Id: Ic1967a6f4f60a273965811516f33121115d518b4
2016-10-18Fix api_extensions_path in neutron-opencontrail environmentCyril Lopez1-1/+1
There is a missing repositiry for LBaaS in api_extensions_path in neutron-opencontrail. This patch is working in my lab : tripleo liberty and opencontrail 3.0.2 Closes-Bug: #1634120 Change-Id: Ie06612faf226d0e5e75f3f8a9b560118cba5ff4c Signed-off-by: Cyril Lopez <cylopez@redhat.com>
2016-10-17Add apache workers to nova-api conditionalSteven Hardy1-1/+1
Without this httpd fails to start on deployments where the worker count isn't explicitly overridden via a parameter. Change-Id: Ie7b31bc6e022a0166af126c866994bdd019718df Closes-Bug: #1634213
2016-10-17Removes EnableODL heat parameter and fixes missing local_ip paramTim Rozet2-5/+1
EnableOpenDaylightOnController was not very composable. Removing this parameter to make the service truly composable. Also fixes missing local_ip setting for OVS, required for VXLAN or GRE tenant networks. Closes-Bug: 1633625 Depends-On: Ia55c05e12d5d434111a13e1ed795da530e3ff4a5 Change-Id: I0e07e1631793311334d1436ee8fdf9af2802ba70 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-17Set nova service_name via t-h-tJuan Antonio Osorio Robles1-0/+1
with the move to use httpd instead of eventlet, We now add this parameter in t-h-t to be able to clean it up from the puppet-tripleo manifest. Change-Id: Ic229182cc5c887b57f6182c3db1bac8bed330f7c Depends-On: I4603b81d30a704b07eef461b3cdbfe164614b04f
2016-10-17Enable proxy headers parsing for NeutronJuan Antonio Osorio Robles1-0/+1
http_proxy_to_wsgi middleware was recently added to Neutron [1] and in order to take it into use, we need to enable it via hiera. [1] Ice9ee8f4e04050271d59858f92034c230325718b Depends-On: I99bc9486fdd85857ce73c413e17400320bd6ec5b Related-Bug: #1590608 Change-Id: I10c065e726f2708e09acfc04dac3cae34a534d23
2016-10-17glance_multiple_locations when NovaEnableRbdBackend=trueAttila Fazekas1-1/+1
glance_multiple_locations does not needed when the NovaEnableRbdBackend=false, but it is neede when both the image and the instance storage is rbd and the show_image_direct_url is enabled. The condition introduced in Ia7e0558e4f318640981abb44d188e3479b5eae69 Change-Id: Ia8a8cd9aeda69e9a7db6f95dcf418f56e29cae00 Closes-Bug: 1632285
2016-10-14Merge "Modify the constraint to allow single quote for DPDK core list param"Jenkins1-1/+1
2016-10-14Merge "Move trunk service plugin to the proper list"Jenkins2-2/+2
2016-10-14Merge "Pass heat domain admin password to keystone"Jenkins1-0/+3
2016-10-14Merge "Fixes missing provider mappings for OpenDaylight"Jenkins1-0/+10
2016-10-14heat-api-cfn endpoint is created to RegionOne instead of regionOneLuca Lorenzetto1-1/+1
When deploying, heat-api-cfn is assigned to RegionOne. This leads to a bad user experience when logging into horizon, because if RegionOne is selected by default, the users finds all menus empty (no computing, or anything else). Thanks to trown for finding out the issue. Closes-Bug: 1633524 Change-Id: Ic108280f6b0875ffec10be6f696669962fb82e6b
2016-10-14Fixes missing provider mappings for OpenDaylightTim Rozet1-0/+10
Provider mappings were not parameterized, and this is traditionally required for VLAN provider networks. In ODL Boron with new netvirt, this value is required to be set in order to use external networks. Closes-Bug: #1627898 Change-Id: I8001a4077fc7c4af458033043ea438c32c9772b0 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-10-14Pass heat domain admin password to keystoneSteven Hardy1-0/+3
This is needed to create the user/domain/project in the keystone profile on whatever role is running the keystone service. Change-Id: I115ead005974080e0a35e3675d9b37828c8934b1 Closes-Bug: #1631130 Depends-On: Ib088a572b384b479f51d56555734d78ab840a1f3
2016-10-14Modify the constraint to allow single quote for DPDK core list paramSaravanan KR1-1/+1
DPDK core list has to be give a string. For multiple cores, it be given as "'1,2'". But the constraint does not allow ' (single quote) to be set in the string. Modifying the constraint pattern. Closes-Bug: #1633433 Change-Id: Ide2194d9ef5c10e276fa1a634919dfb286e483d6
2016-10-14Merge "Fix default Swift ring partition power"Jenkins1-2/+2
2016-10-14Merge "Enable Glance multiple locations when using Ceph"Jenkins3-1/+29
2016-10-14Merge "Split out hosts config deployment"Jenkins1-12/+0
2016-10-13Enable Glance multiple locations when using CephGiulio Fidente3-1/+29
Currently Glance v2 doesn't allow to specify custom locations for images by default, it returns 403. To enable this, the 'show_multiple_locations' param must be set to True. Also see similar change introduced in devstack [1]. 1. Id0f1c398b8b48f2ffc2488b29bc7cbd279069337 Change-Id: Ia7e0558e4f318640981abb44d188e3479b5eae69 Closes-Bug: 1632285
2016-10-13Merge "Enable object versioning in Swift proxy"Jenkins1-0/+2
2016-10-13Split out hosts config deploymentDan Prince1-12/+0
This patch moves the hosts configuration into its own deployment. It will continue to use os-apply-config as something that is required early on in the bootstrapping (it needs to be configured before puppet runs for example). The motivation here is so we can refactor all-nodes-config.yaml to use a new hiera hook that that avoids os-apply-config entirely. Change-Id: Ib3e4380f205358b27d22a1102b663cf300b1ed86 Partial-bug: #1596373
2016-10-13Merge "Enable proxy headers parsing for Aodh"Jenkins1-0/+1
2016-10-13Merge "Enable proxy headers parsing for Gnocchi"Jenkins1-0/+1
2016-10-13Merge "Enable proxy headers parsing for Ceilometer"Jenkins1-0/+1
2016-10-13Merge "Only set NovaWorkers in the non-default case"Jenkins3-48/+69
2016-10-13Move trunk service plugin to the proper listBrent Eagles2-2/+2
The trunk plugin required for trunk port support in neutron was added to the incorrect plugin list. Change-Id: I8d424d6a6045e07d9fbab1a864470ceefdb1ad8e Closes-Bug: #1633079
2016-10-13Merge "Add flag for internal TLS"Jenkins1-0/+4
2016-10-13Merge "Add HAProxy TLS handled by certmonger as composable service"Jenkins3-10/+121
2016-10-13Prefill Sensu client custom configMartin Mágr1-1/+16
- Custom config has to contain OpenStack auth information, so it has to be generated for user during deployment. This patch maintains the ability to provide a custom configuration for the Sensu client. Change-Id: If449642c4bbad683421e1f461b8721e655db0c45
2016-10-13Enable proxy headers parsing for CeilometerJuan Antonio Osorio Robles1-0/+1
http_proxy_to_wsgi middleware was recently added to Ceilometer [1] and in order to take it into use, we need to enable it via hiera. [1] I24f16dda49bd9e7930ca9f0d32bf0793463aff03 Depends-On: I1812a27202ba3714b354aeb27611d38def87a7fc Related-Bug: #1590608 Change-Id: If8de25afa13de6797895f36c98ffdde8cf3e8656
2016-10-13Merge "Disable IPv6 RAs & Autoconf For All (Not Just Default)"Jenkins1-0/+4
2016-10-13Enable proxy headers parsing for AodhJuan Antonio Osorio Robles1-0/+1
http_proxy_to_wsgi middleware was recently added to Aodh [1] and in order to take it into use, we need to enable it via hiera. [1] If2ada8a94c8e1ceacd4509605b4cd766a78f71d5 Depends-On: I0981e152700ed4511b797011ebe18e857c1fed71 Related-Bug: #1590608 Change-Id: Ie9605ae1e5437f488802b03ca23a325866f0ceb5
2016-10-13Enable proxy headers parsing for GnocchiJuan Antonio Osorio Robles1-0/+1
http_proxy_to_wsgi middleware was recently added to Gnocchi [1] and in order to take it into use, we need to enable it via hiera. [1] Ic5526cf37e70335fa2cc70946a271253f227f129 Related-Bug: #1590608 Change-Id: I145dcfa3455ca1541cbf6b5fc4b601f0813619c0
2016-10-13Merge "Remove duplicate metadata keys from nova-api.yaml"Jenkins1-2/+0
2016-10-12Disable IPv6 RAs & Autoconf For All (Not Just Default)Dan Sneddon1-0/+4
The current kernel sysctl settings modify the net.ipv6.conf.default.accept_ra and net.ipv6.conf.default.autoconf to both be '0'. However, this is overridden by the settings in net.ipv6.conf.all, so no matter what setting is in the ifcfg file for the IPv6 interface, autoconfiguration and accept_ra will be enabled. This causes a security vulnerability where rogue RAs could be used to intercept traffic from the controllers. This change sets both default and all settings to '0' for IPv6 accept_ra and autoconf. Closes-Bug: 1632830 Change-Id: I95b86c5c6feed30dfa5103ffbddb9e85ac567bbb
2016-10-12Merge "Allow Glance API and Registry to be split"Jenkins3-140/+197
2016-10-12Only set NovaWorkers in the non-default caseDan Prince3-48/+69
This patch updates the t-h-t templates for nova services so that we only set the value of workers in the non-default case. TripleO has always defaulted the workers count to 0 and there was recently a regression in nova where they treat the default of 0 as invalid (a bug that may get fixed in nova but we don't want to wait on it) This patch avoids the issue by allowing the default value to be unset if the TripleO default of 0 is configured. Change-Id: I175977b88129d87caeb32332d47eb14816a6d5d4 Closes-bug: #1631133