aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2016-11-15Horizon service cleanups for hiera json hookDan Prince1-35/+34
This patch resolves a few issues I noticed when porting our Horizon service to support the new heat hiera agent hook (which uses Json instead of Yaml). -we only need to set django_debug if the string is non-empty. This should match previous behavior. -remove the duplicated NeutronMechanismDrivers setting. This is already managed in the neutron services and shouldn't be set here. Change-Id: I473e110bb9b14cb8f57d41c4fc398871548726b0 Partial-bug: #1596373
2016-11-16Merge "Revert "Adjust MTU to compensate for VLAN tag issue""Jenkins1-5/+2
2016-11-15Merge "Enable internal TLS for Barbican API"Jenkins1-1/+4
2016-11-15Merge "Define keystone token provider"Jenkins1-1/+12
2016-11-15Merge "Disable password reveal in horizon"Jenkins1-0/+1
2016-11-14Define keystone token providerAlex Schultz1-1/+12
In order to eventually enable fernet tokens for keystone, we need to be specify the token provider. This change codifies the current default used by TripleO of uuid tokens and fernet token setup disabled. Change-Id: I7c03ed7b6495d0b9a57986458d020b3e3bf7224a Closes-Bug: #1641763
2016-11-14Merge "Fix typo in Keystone Sensu subscription"Jenkins1-1/+1
2016-11-14Merge "Use default Sensu redact"Jenkins1-3/+14
2016-11-14Merge "Fixes missing OVS Firewall config with OpenDaylight"Jenkins1-0/+6
2016-11-14Enable internal TLS for Barbican APIJuan Antonio Osorio Robles1-1/+4
This adds the necessary hieradata for enabling TLS in the internal network for Barbican API. bp tls-via-certmonger Depends-On: I1c1d3dab9bba7bec6296a55747e9ade242c47bd9 Change-Id: Ib100faa9dc222f836695a0e8f6e101dc7637d1d6
2016-11-12Merge "Configure civetweb bind socket via puppet-tripleo"Jenkins1-9/+3
2016-11-11Merge "Neutron L3 service cleanups for hiera json hook"Jenkins1-7/+15
2016-11-11Merge "Enable internal TLS for Cinder API"Jenkins1-4/+13
2016-11-11Merge "Handle null role_data in services"Jenkins1-10/+11
2016-11-11Fixes missing OVS Firewall config with OpenDaylightTim Rozet1-0/+6
Currently OVS tunnel firewall rules are held within the neutron ovs agent service heat template. That service is not used with ODL, so consequently ODL was missing the VXLAN and GRE firewall rules and traffic would not pass between nodes. This adds the missing rules to the OpenDaylight OVS service. Closes-Bug: 1641191 Change-Id: Icfd7db6a3e8fcdd02646fb7e413f40f26b03b994 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-11-11Configure civetweb bind socket via puppet-tripleoGiulio Fidente1-9/+3
When the civetweb binding IP is version 6 it needs to be enclosed in brackets or the bind socket parsing fails. The mangling happens in puppet-tripleo, this change updates the templates to push the appropriate hiera keys. Change-Id: Ic7004d768ed5e0f2382ffaa57961ea0ef9162527 Closes-Bug: #1636515 Depends-On: Ib84fa3479c2598bff7e89ad60a1c7d5f2c22c18c
2016-11-11Use default Sensu redactMartin Mágr1-3/+14
By default sensu-puppet is overring default list of varibles which should be redacted. This patch enables to configure redact list and uses default value given by [1]. This patch also serves as a workaround until [2] is merged in the module itself (or in case it won't get merged). [1] https://sensuapp.org/docs/0.24/reference/clients.html [2] https://github.com/sensu/sensu-puppet/pull/580 Closes-Bug: #1641080 Closes-Bug: rhbz#1392473 Change-Id: I21201f734d2fbf5f571091603126cf11cfdd8c40
2016-11-10Merge "Fixes incorrect reference to OpendaylightApiNetwork"Jenkins1-1/+1
2016-11-10Merge "Ensure heat-domain hiera is in nodes that contain keystone"Jenkins3-12/+21
2016-11-10Fix typo in Keystone Sensu subscriptionMartin Mágr1-1/+1
Closes-Bug: rhbz#1392428 Closes-Bug: #1640834 Change-Id: I2a1a869493ccb4c8d5b9aea26b8ef947750d2cfe
2016-11-10Use j2 loops in post.j2.yamlSteven Hardy1-56/+13
Simplify this file by removing the hard-coded resources and instead generate the resources for each step via a loop. Change-Id: Id89863b9e75769e1a85ebe8bfa4a554f7b38e357
2016-11-10Neutron L3 service cleanups for hiera json hookDan Prince1-7/+15
This patch resolves a few issues I noticed when porting our Neutron L3 service to support the new heat hiera agent hook (which uses Json instead of Yaml). - If NeutronExternalNetworkBridge is an emptry string '' Json was dropping the single quotes thus causing the bridge to get set incorrectly in the config file. To correct this we use a heat conditional to avoid setting the external bridge (the '' default is what we want in this case) if the bridge is an empty string. Change-Id: I5037cbde6b76a37a4c22c4616278420e9d759109 Partial-bug: #1596373
2016-11-10Handle null role_data in servicesDan Prince1-10/+11
This patch updates the Yaql expressions that work on role_data so that they evaluate properly when the get_attr for role_data is null. I hit issues using this for the heat undercloud installer and this seems to resolve them. Change-Id: I0493d0525cd3ad280339f26ef9d3aa311af9962e
2016-11-10Merge "Add firewall rules for manila api service"Jenkins1-0/+5
2016-11-09adding swift middleware that is typically enabled by defaultThiago da Silva1-0/+5
Adding these features are typically enabled by default in any swift cluster. See upstream sample: https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample Change-Id: I29915d1b86da5c47ec34acfb89ab8234e153bf31 Signed-off-by: Thiago da Silva <thiago@redhat.com> Depends-On: Ie323f68255a73d46e774cbf49d9353c3bf90c35e
2016-11-09Add firewall rules for manila api serviceTom Barron1-0/+5
When the manila api service is deployed on a different role than the controller the iptables rules on that role fail to ACCEPT tcp at the manila API ports. Add tripleo.manila_api.firewall_rules to the relevant puppet services module. Change-Id: I1c5459f5ba989657fd99fd72c7ac9f8781cc7206 Closes-Bug: #1640568
2016-11-09Merge "Reload haproxy configuration as a post-deployment step"Jenkins1-0/+21
2016-11-09Merge "set url_base option in static web middleware"Jenkins1-0/+1
2016-11-09Disable password reveal in horizonAlex Schultz1-0/+1
To improve security, we should disable the password reveal option in horizon by default. An end user can override this options via their own custom hiera if they would ultimately like to have this functionality. Change-Id: Ie88dac5610840eb4b327252b32dc469099ba5f5f Depends-On: Iacf899d595a2a3c522df1b96ca527731937ec698 Closes-Bug: 1640492
2016-11-09Merge "Defaults kernel.pid_max to 1048576"Jenkins1-0/+6
2016-11-09Merge "Enable internal TLS for Nova API"Jenkins1-4/+13
2016-11-09Merge "Add Sahara plugins list as a configurable parameter"Jenkins1-7/+5
2016-11-08set url_base option in static web middlewareThiago da Silva1-0/+1
Depends-On: Icf45cf2aece398b836c87ddffde5d3056e96dc4d Change-Id: I3577dc38a0b52092ee5e98a381eb52c3d2768c10 Signed-off-by: Thiago da Silva <thiago@redhat.com>
2016-11-08Merge "Enable internal TLS for gnocchi"Jenkins1-2/+11
2016-11-08Merge "Do not reference CephBase from CephExternal service"Jenkins1-2/+24
2016-11-08Reload haproxy configuration as a post-deployment stepCarlos Camacho1-0/+21
After deploying a fresh installed Overcloud or updating the stack the haproxy configuration is updated correctly but no change in the HA proxy stats happens. This submission will add the missing resources to run pre and post puppet tasks. Closes-bug: 1640175 Change-Id: I2f08704daeee502c618256695a30ce244a1d7ba5
2016-11-08Use --globoff when downloading artifactsGiulio Fidente1-1/+1
We do not encode the chars like [] possibly found in the artifacts URL, so curl tries to glob against IPv6 addresses in brackets. This change adds --globoff to the curl options so that IPv6 addresses in brackets are not misinterpreted. Closes-Bug: 1640148 Change-Id: Ic86ba1e5fb674bc15b4bcc6bd3ea9e943c4fbf8e
2016-11-08Enable internal TLS for Cinder APIJuan Antonio Osorio Robles1-4/+13
This adds the necessary hieradata for enabling TLS in the internal network for Cinder API. bp tls-via-certmonger Depends-On: Ib4a9c8d3ca57f1b02e1bb0d150f333db501e9863 Change-Id: I126e890076bc96b1cd166a919eff6aa1bb80510b
2016-11-07Fixes incorrect reference to OpendaylightApiNetworkTim Rozet1-1/+1
The renaming of the network to conform to correct case parsing was done and converted OpenDaylightApiNetwork -> OpendaylightApiNetwork. There was still a reference to the old network name which would result in an empty value being pass to odl_bind_ip. Closes-Bug: 1639944 Change-Id: I17fe348c4651420112b9b37711654a454e30b291 Signed-off-by: Tim Rozet <trozet@redhat.com>
2016-11-07Ensure heat-domain hiera is in nodes that contain keystoneJuan Antonio Osorio Robles3-12/+21
The commit that this depends on only works if heat is deployed in the same node as keystone. Once we deploy them in different nodes, keystone won't be able to retrieve the appropriate hieradata. This fixes that by setting the appropriate hieradata to be deployed on the keystone service by the heat profiles. Change-Id: I1f08db68a14486526879d1a5a1ff78cb17686924 Depends-On: I7d42d04ef0c53dc1e62d684d8edacfed9fd28fbe
2016-11-07Merge "Change nova ram_allocation_ratio to match puppet-nova"Jenkins1-1/+1
2016-11-07Merge "Move db settings from manila-api to manila-base"Jenkins4-27/+36
2016-11-07Merge "Include keystone authtoken config in manila-share service"Jenkins1-0/+8
2016-11-07Merge "Ensure we update ceph and composable nodes"Jenkins2-0/+2
2016-11-05Merge "swift/proxy: remove swift::proxy::ceilometer::rabbit_host"Jenkins1-1/+0
2016-11-05Merge "nova: add missing vnc console port in firewall"Jenkins3-2/+6
2016-11-05Merge "nova/libvirt: add missing ports for live-migration"Jenkins1-0/+2
2016-11-04Move db settings from manila-api to manila-baseBen Nemec4-27/+36
manila-share also needs the db configuration so the db-sync works correctly when manila-api is running on a non-controller node. Change-Id: Ib8a6f10ef6a650275fc011e51acfc4b5c7c99164 Closes-Bug: 1633077
2016-11-04Include keystone authtoken config in manila-share serviceBen Nemec1-0/+8
Because manila-share is a pacemaker-managed service, it has to be on the controller node. If you deploy the api services to a different node, then manila-share loses access to the authtoken hieradata generated by manila-api. Adding it explicitly to the manila-share config allows this setup to deploy sanely. Note that I'm having a different problem with manila db-syncs in this setup, so there's likely another patch required to get it fully working. Change-Id: Iac782fa67ea912d24b9905dd8bbafb8ff28dd669 Partial-Bug: 1633077
2016-11-04swift/proxy: remove swift::proxy::ceilometer::rabbit_hostEmilien Macchi1-1/+0
The param is now managed in puppet-tripleo like other services. Change-Id: I306aa6ac6e2cfc0d4602e15e11564a6be096a121 Depends-On: Ibc0ed642931dd3ada7ee594bb8c70a1c3462206d