aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
AgeCommit message (Collapse)AuthorFilesLines
2015-04-14Merge "Make memcached bind on ctlplane instead of 0.0.0.0"Jenkins1-0/+1
2015-04-14Do not downcase IP addressesGiulio Fidente1-2/+2
Change-Id: I0655b7cae2c436944833894bf9837877b3a69878
2015-04-14Merge "puppet: implement MongoDB on controller nodes"Jenkins3-1/+19
2015-04-14Merge "Make rabbitmq bind on ctlplane instead of 0.0.0.0"Jenkins1-0/+2
2015-04-14puppet: implement MongoDB on controller nodesEmilien Macchi3-1/+19
This patch aims to configure MongoDB server on controller nodes with Puppet. It also create a default replicaset for Ceilometer, so MongoDB can be highly available when multiple controllers are run. Change-Id: I3c1ff06ebc3c9dac44fc790caaea711d0eba4bb7
2015-04-14Perform basic setup of pacemaker cluster on controllersGiulio Fidente3-0/+29
Change-Id: Ia2e4eae619ca95c0f417f713676732eb4f01304b Depends-On: I9563eec0a2266deb2ebef2e3d76ae89d39b2be29
2015-04-10MariaDB bind on correct addressJiri Stransky2-0/+13
Despite passing bind-address for MariaDB in overcloud_controller.pp correctly, it was always trying to bind on 0.0.0.0. The problem is caused by Galera's config file (we install Galera into the image even though we don't use it yet). Galera's default config file contains override of the bind-address value to 0.0.0.0, and the setting from galera.cnf took precendence over what was in server.cnf. The mariadb-galera-server package assumes that the main config happens in galera.cnf and it ships an almost empty server.cnf. We now have an EnableGalera param, when it's set to true the mysql module will manage galera.cnf instead of server.cnf, overriding the default values from galera.cnf and fixing the issue. Change-Id: I7c2fd41d41dcf5eb4ee8b1dbd74d60cc2cabeed9 Closes-Bug: #1442256
2015-04-09Merge "Wire in list of controller nodes as memcache_servers for Swift proxy"Jenkins1-1/+8
2015-04-09Make all default values match overcloud defaultsJeff Peeler3-7/+7
It's very confusing for them to be different, especially in the case of comparing Tuskar vs non-Tuskar deployments where the parameters are read from different files. Note: NeutronPhysicalBridge is named differently in the overcloud template (HypervisorNeutronPhysicalBridge). This is the only parameter checked that isn't named exactly the same, hopefully there aren't any others. (Checked controller, compute, ceph, cinder, and swift for both puppet and non-puppet templates) Change-Id: I48ce1eb40d2d080c589ce619c50eddff17efe882
2015-04-09Pass in libvirt_rbd_secret_key for nova computeJiri Stransky1-1/+5
Passing the key explicitly into nova::compute::rbd means that Puppet will not attempt to fetch the key using `ceph auth get-key <keyring>`, having these effects: * One reason for compute node to have access to the client.admin key is gone (in current implementation it does have access to the key, but this change is a step towards removing it). * Ceph cluster doesn't have to be running at the time when Puppet runs on compute node, meaning we don't have to serialize things more than we do now. Also adding the ComputeCephDeployment as a dependency of ComputePostDeployment, otherwise the hiera file it creates might be created *after* Puppet configuration happens on compute nodes, and the values it provides would be missing during the Puppet run on the compute nodes. Change-Id: Id3166e6d5f01d18ec8a5033398bb511f4321a5e8 Depends-On: I70da06159c0d3c6fa204b5f7a468909ffab4d633 Partial-Bug: #1439949
2015-04-09Make rabbitmq bind on ctlplane instead of 0.0.0.0Giulio Fidente1-0/+2
Change-Id: I353cffc13f56b54ce2d2aeb1468b9a7c51765d7c
2015-04-09Make memcached bind on ctlplane instead of 0.0.0.0Giulio Fidente1-0/+2
Change-Id: I06f7066bf9eacf3ef0f5d73c0cfa65eaf4f74cff
2015-04-07Wire in list of controller nodes as memcache_servers for Swift proxyGiulio Fidente1-1/+8
Change-Id: Id193f8c13e3ad3e05bd884be5ba65621b9369d0e
2015-04-03Remove enforced deps on RabbitMQ resources before configGiulio Fidente1-4/+0
This should have been removed with change I1bb8ee15d361638d77c5df7f8c03561c34f4c88f Change-Id: I20d4099aabe5ae9f89db45fd3db585067cab01f5
2015-04-02Provide a way to know the boostrap_nodeid IPYanis Guenane1-0/+3
Currently it is possible to know what is the hostname of the boostrap nodeid but not its IP. Since depending on the use case the use of the IP might be needed, a way to have access to this information should be provided. Change-Id: I9d0a7ee7de2088ddb87e0d8a8ae2b3ac75b0e78d
2015-04-02Merge "Restructure Ceph/Puppet params to reflect changes in puppet-ceph"Jenkins5-25/+26
2015-04-01Merge "puppet: wire in osfamily hieradata support"Jenkins7-7/+7
2015-04-01puppet: wire in osfamily hieradata supportDan Prince7-7/+7
This updates all of the puppet roles to use an optional osfamily hieradata file which can be used to provide distro specific settings. Also, updates the controller role to make use of this new file for setting the rabbitmq package_provider parameter. Change-Id: I46417db51b87b82bf276dfcef5647a90c37fb07d
2015-04-01puppet: add debug mode for OpenStack servicesJiri Stransky3-7/+26
Propagate the top-level Debug parameter wherever it makes sense. Swift doesn't have this kind of debug setting, it only allows to configure log levels, so we'll need a different approach there. Change-Id: I15332315a2fbaeaf924cde4e748fb0e064a778b7
2015-04-01Merge "Set all RabbitMQ queues as mirrored when clustered"Jenkins1-0/+9
2015-04-01Merge "Ensure all Rabbit params are propagated to interested nodes."Jenkins4-46/+68
2015-03-31Merge "lb: Allow multiple backend"Jenkins3-2/+8
2015-03-31Merge "Implement mongo_node_ips hiera key"Jenkins1-0/+6
2015-03-31Merge "Refactor allNodesConfig"Jenkins3-4/+4
2015-03-31Merge "puppet+devtest: make compute nodes reachable"Jenkins1-0/+7
2015-03-31lb: Allow multiple backendYanis Guenane3-2/+8
Currently tripleo::loadbalancer allow a controller to have only itself as a backend for a service, no matter the number of controller nodes. This patch fixes that using all controller nodes available. Change-Id: Ic8fc022b84850c669b19d37da7f275d9c811e694 Depends-On: I2a46c250bc3325eef9c3128cac2ab45c88b1ae75
2015-03-28puppet: correct cinder enabled_backends formatDan Prince1-1/+1
This resolves a formatting issue with the Cinder enabled_backends config file setting. Previously we would potentially construct an array with an undef value at the end if iscsi was enabled but ceph was not (this is the case for our current CI job). When an array formatted like ['tripleo_iscsi', undef] is then passed to join() in puppet-cinder to construct a string it leaves us with an extra ',' on the end of the string. This causes problems in that cinder-volume loads an extra (system default) cinder volume process which is not expected. Because Fedora uses LIO as a default it was causing about half of our CI runs to fail if the tgtadm cinder-volume process wasn't being chosen by the scheduler. Closes-bug: #1437708 Change-Id: I3383012cb43792f334fdf789dc13147a3cb5ad63
2015-03-27Restructure Ceph/Puppet params to reflect changes in puppet-cephGiulio Fidente5-25/+26
A change [1] in puppet-ceph offers more flexibility but breaks backwards so we had to update our composition layer as well; we gain control of the cephx keyring in the template though. 1. Ie6adbd601388ab52c37037004bd0ceef9fc41942 Change-Id: Ia8196849afce2969daa608828cec81ebe3ac96e1
2015-03-26puppet+devtest: make compute nodes reachableJiri Stransky1-0/+7
Compute nodes run libvirt, which automatically creates a default network which has the same address space (192.168.122.*) as the libvirt default network on the host machine where devtest is running. This overlap causes that when a compute node wants to send a packet to the host machine (192.168.122.1) it gets incorrectly routed through the compute node's own virbr0 instead of br-ex. The current solution does not seem to be enough because libvirt gets started and creates the default network before Puppet is triggered on compute nodes. Making sure the libvirt default network is destroyed on the compute node fixes the issue. We don't have any puppet modules in OPM that would deal with libvirt networks and it's probably not worth exploring and adding one because of this small issue (i don't expect another use case of managing libvirt networks directly), so i'm using an exec with proper idempotency check. Change-Id: Icde12aa204ed1f7fa35b0525875ce07db34dc42c Closes-Bug: #1436822
2015-03-25Implement mongo_node_ips hiera keyJiri Stransky1-0/+6
We need a list of hosts where MongoDB is supposed to run (as a list of IP addresses, not names) to implement MongoDB support in overcloud. Change-Id: I4b80f13be7e50630314d0642fa32b7763b6a2921
2015-03-25Refactor allNodesConfigJiri Stransky3-4/+4
* Create hiera file 'all_nodes' instead of 'rabbit' -- we'll want allNodesConfig to create keys for more services (e.g. mongo_node_ips) and it's not necessary to create a separate hiera file for each. * Rename rabbit_nodes to mongo_node_names -- we'll have more node lists, some services will need hostnames, some services will need IPs, some might need both, so we shouldn't have ambiguity in the hiera key names. Change-Id: If80f9c9b2849ae893e1ab78f1c4d246a2468665c
2015-03-20Set all RabbitMQ queues as mirrored when clusteredGiulio Fidente1-0/+9
Purpose of this change is to enable on the server side the ha-mode policy for all queues when nodes are clustered. Change-Id: I16e3d375aabac9dbcdc198c71069086951e40fc0
2015-03-19Add support for Neutron l3_ha option in puppet templatesGiulio Fidente2-4/+9
With this change we wire the NeutronL3HA parameter to the puppet class, where needed. Change-Id: I37b3850f71885a93859b5e51925df379616fc6ab
2015-03-19Ensure all Rabbit params are propagated to interested nodes.Giulio Fidente4-46/+68
Change-Id: I1bb8ee15d361638d77c5df7f8c03561c34f4c88f
2015-03-19Merge "controller-puppet: Honor MysqlRootPassword"Jenkins1-1/+1
2015-03-19Merge "puppet: tidy up the Nova ceilo auth configs"Jenkins2-6/+8
2015-03-19Merge "puppet: tidy up the Nova glance API server config"Jenkins2-10/+10
2015-03-19Merge "puppet: tidy up the compute nova neutron config"Jenkins2-6/+15
2015-03-19Merge "puppet: use identity_uri and auth_uri"Jenkins1-8/+28
2015-03-19Merge "Add support for Ceph as a Cinder and Nova backend"Jenkins6-3/+81
2015-03-18puppet: use identity_uri and auth_uriDan Prince1-8/+28
This patch updates the puppet modules to use new identity_uri and auth_uri settings instead of the old 'auth_host' parameters for keystone auth_token middleware. This avoids some deprecation warnings in our puppet logs. Change-Id: I805b28d4135b13eef7082fda78956816c985c323
2015-03-18Update puppet post config to enable stepped deploymentsGiulio Fidente4-15/+12
The upcoming heat hook/breakpoint features will enable stepped deployments via setting stop points via the resource_registry. For this to work, we need hard dependencies between each step of the puppet deployments, because the current "soft" dependencies caused by the name property only influences the hook script application ordering, not the graph traversed by heat during deployment. Since removing the name: puppet_n completely removes some useful self- documenting context, move this to a resource naming convention, which should also be useful for heat hooks/breakpoints, as they are expected to support globbed specification of each step. Related heat patch (not yet landed, but this is not dependent on it): https://review.openstack.org/#/c/146123/ Change-Id: I05b02a46d4e80c08a308d033c33d4901c8f6c94e
2015-03-18Add support for Ceph as a Cinder and Nova backendYanis Guenane6-3/+81
This commit aims to add support for Ceph as a cinder and a nova backend. * Allows creation of Ceph pools from heat (Default: volumes, vms) * Creates the proper ceph user and inject the keys * Applies the proper configuration in cinder.conf and nova.conf * Enable the backend out of the box Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Ic17d7a665de81a8bab5e34035abe90eda4bc889f
2015-03-18Merge "puppet/loadbalancer: use puppet-tripleo"Jenkins5-451/+44
2015-03-18controller-puppet: Honor MysqlRootPasswordYanis Guenane1-1/+1
Currently the MysqlRootPassword parameter is retrieved from the templates but not honored, preventing a user to specify it. This commit fixes that. Change-Id: Ib6842736a37aea3cc16f1a7c75fc877408682bf7
2015-03-16Merge "Make heat auth_encryption_key random"Jenkins1-1/+5
2015-03-13puppet/loadbalancer: use puppet-tripleoEmilien Macchi5-451/+44
The loadbalancer Puppet code moved to puppet-tripleo (lightweight) composition layer. This patch aims to use it and refactor the loadbalancer.pp file. Co-Authored-By: Dan Prince <dprince@redhat.com> Change-Id: I1765ac9b6cb01cb64d5d28dad646674ddca859e9
2015-03-13Make heat auth_encryption_key randomSteven Hardy1-1/+5
Currently we have a hard-coded default for auth_encryption_key, which isn't ideal as it's used as a salt for the DB encryption. Instead, reference an OS::Heat::RandomString resource so we create a random key for each deployment. Change-Id: Ic76b89db17603c114d98d28c01f75cc287fb2e90
2015-03-12puppet: tidy up the Nova ceilo auth configsDan Prince2-6/+8
Updates the puppet configuration for the Ceilometer auth agent so that we do the join conversions in the Heat templates and use only hiera for configuration of the ::ceilometer::agent::auth class. Change-Id: I932afafe21b2485a0581ac3910ac9d46161eee0d
2015-03-12puppet: tidy up the Nova glance API server configDan Prince2-10/+10
Updates the puppet configuration for the Nova glance configs so that we do the join conversions in the Heat templates and use only hiera for configuration of the ::nova class. Change-Id: Id12fb05470470558f1dccd45150bfce00a554466