58 Commits

Author SHA1 Message Date
Lokesh Jain
56cbd7c89b Make heat parameter plugin_dirs configurable
Heat has an additional configuration for plugin_dirs
parameter. This parameter provides a list of directories
to search for plug-ins. This change allows configuration
of plugin_dirs parameter in heat.conf file. This change
will allow a user to set this value, if required. Else
$::os_service_default will be used and the parameter will
not be added to the config file, as it is done today.

Change-Id: I636d52f867ee447eaf0e1e80bf9fdc30c91f4ec1
2018-01-22 18:49:20 -05:00
Jose Luis Franco Arza
ece5e90fdd Add support for default_user_data_format
Allows specify the value of default_user_data_format
parameter in configuration

Change-Id: I0536b5efd0e1389b05ffdd29acf75f1fa748babb
2017-09-13 10:24:31 +02:00
rabi
1b5eab2809 Add support for reauthentication_auth_method
This adds support for setting reauthentication_auth_method
flag in heat.conf.

Change-Id: I247b02a50bb46ce16ca120961dd9c3df3e6026fd
Partial-Bug: #1683983
2017-04-19 12:54:47 +05:30
zhangdetong
739a15ffb2 Set trusts_delegated_roles to os_service_default in engine.pp
change trusts_delegated_roles to $::os_service_default,
modified heat_engine_spec.rb and added releasenote.

Change-Id: Ib07a546da74218056bb55f15df1b6114e9f67c45
Closes-Bug: #1634361
2016-11-23 10:56:49 +00:00
Steve Baker
edf6623d8c Expose heat::engine::max_nested_stack_depth
This is required for TripleO to use a value other than the default 5.

Change-Id: I998f3a1a89ce4bc4c3926a83adec1929addeab24
2016-11-21 15:41:32 +13:00
Steven Hardy
6e8ef40483 Don't default metadata server URLs to localhost
These settings are all legacy, as for some time heat has instead supported
deriving the URLs internally using the endpoints from the keystone catalog.

Defaulting these to localhost seems like a bad default, as in
most cases heat will caclulate a more reasonable default (e.g something
derived from the actual heat public endpoint in keystone), and it's somewhat
surprising when you don't pass a value and get localhost instead of the heat
defaults.

They can still be used to override the keystone endpoint, which is sometimes
useful, but in most cases these should no longer be set IMO.

Note the relevant heat commits which make these settings optional are
Id402664e38e3da071ad634233b3a1f8e13af152d and
If8a2d3f37d87c26228e709c20f61969b397f2da0 (present in all Heat releases
since Mitaka)

Closes-Bug: #1641873
Change-Id: I90ccdd881a41d803e28064f44b821ab48a6fa8ea
2016-11-15 22:23:37 +00:00
ZhongShengping
519f974593 Add environment_dir and template_dir options
Add environment_dir and template_dir options to config.

Change-Id: Ia1aba0d65906fef378472967cf28a79254e05f6b
2016-08-05 08:29:25 +08:00
Steven Hardy
5b9adc6937 Add support for convergence_engine option
This is a boolean which enables the "new" heat convergence architecture.

Heat plans to make this enabled by default soon (currently disabled), so
adding this will provide an easy way for deployers to maintain the old
architecture if they wish.

Change-Id: I4e879751a30c961e851ab9da80612d3f2fb2395a
2016-05-25 12:04:49 -04:00
Marcus Furlong
2ee44729da add missing num_engine_workers parameter
This option exists for heat::api but is missing for heat::engine.
This commit adds the missing num_engine_workers parameter.

Change-Id: I69565c13b732ef74531a516aac8a368597411856
2016-04-14 05:37:02 +00:00
Mykyta Karpin
811f7ce4b0 Switch Heat to $::os_service_default - part 2
Switching to os_service_default fact below classes:
heat
heat::api
heat::api_cfn
heat::api_cloudwatch
heat::engine

Change-Id: Iff0275b701f2096f6f927ff962ef06c673827b4e
2016-01-25 18:53:16 +02:00
Mykyta Karpin
6aa38dc8ae add more heat.conf settings to heat, engine classes
heat.conf settings added:

 max_template_size
 max_json_body_size
 max_resources_per_stack
 notification_driver
 instance_connection_https_validate_certificates
 instance_connection_is_secure

Change-Id: I00db48bb7e5fde7ba1048fc1cb24fcdcf4e85c04
2015-12-02 10:37:19 +02:00
Clayton O'Neill
dca9fe942b Move deps & external hooks into a standalone class
Previously the anchors and dependencies that allow external hooks were
all in the main ::heat class.  However, if you wanted to include just
::heat::db::mysql, then it would fail, since it assumed the main heat
class was included.  This moves all of those resources and relationships
into a new class, ::heat::deps.  All of the classes will now include
this class so that the anchors and deps are always evaluated even if
only a portion of the classes are used, and even if ::heat isn't pulled
in.

Change-Id: I4297df160a7afae2b66c1ac76e37de313fa4fb09
Closes-Bug: #1507934
2015-10-20 09:57:36 -04:00
Jenkins
905185c66b Merge "Add hooks for external install & svc management" 2015-10-19 23:44:02 +00:00
Matt Fischer
bc4e8c0d65 Make the role for heat_stack_user configurable
Before you could configure the role in the config file but not the
keystone role that was created. Now you can do both.

Change-Id: Iea6df1679d3ceef1f0876e65dac06628147c700b
2015-09-29 19:44:53 -06:00
Emilien Macchi
1b209d35be Cleanup configure_delegated_roles deprecated parameter
In Kilo, we decided to use ::heat::keystone::auth to manage the
Keystone_role resource to help with Trusts configuration.
Though the configuration was and still remains part of ::heat::engine
class because we assume ::heat::keystone::auth can be run outside the
heat-engine node.

So this patch aims to drop the deprecated parameter, update the
documentation and unit tests.

Change-Id: I045a3a82095e23778c4e878b13f2fc7f561d680e
2015-09-24 07:54:27 -04:00
Clayton O'Neill
b2f791400d Add hooks for external install & svc management
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain.  This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.

Change-Id: I032ee01505e0cbc125b0e219c436b77c93f57720
2015-08-29 03:19:02 +00:00
Jenkins
68f99e2f1c Merge "Creation of heat::db::sync" 2015-08-13 13:01:47 +00:00
Yanis Guenane
0cf89d487e Rely on autorequire for config resource ordering
Currently we specify the ordering of config resources wherever it is
necessary based on the presence of the file it will write to, or the
presence of the package in charge of providing the file it will write
to.

Those kind of ordering can be specified directly at the resource level
using the autorequire mechanism. With this patch, any config resource
will make sure the package in charge of providing the file will be
installed first.

Change-Id: I6476060c97d350640b5a254738a60e319ad522e9
2015-08-12 19:03:34 +02:00
Yanis Guenane
b0bc5d9a48 Creation of heat::db::sync
In order to standardize the way dbsync are run across our modules,
we create a new class heat::db::sync.
This class will be included if sync_db is enabled.

By making this transition the heat::db::sync class
can be returned by the ENC.

A use case would be in an highly available environment, with 3 galera
nodes, include heat on every node with sync_db set to false
and have the ENC return heat::db::sync just for one node.

Change-Id: I2165dcce6ae9a47b8c9315411933de42516a18c9
2015-08-04 15:33:19 +02:00
Yanis Guenane
0e850373a8 Add tag to package and service resources
In order to be able to take an action after all the packages of the
module have been installed/updated or all the services have been
started/restarted, we set a 'heat-package' and 'heat-service' tag
for each package and service of this module.

At the moment, there is a generic openstack tag that is not specific
enough if one wants to take action upon a single module change.

Use case :

If an action needs to be taken after all the packages have been
installed or updated : Package <| tag == 'heat-package' |> -> X

Change-Id: I38a6b422054dbf0fceacf6b7e329dbb3cb0fa9cb
2015-07-22 20:22:24 +02:00
Steve Baker
8e97bd8438 Allow setting default config/signal transport
This change allows the Kilo heat.conf options
default_software_config_transport and default_deployment_signal_transport to
be set. This is required for operators who would prefer a different default
transort, such as Swift TempURLs.

Change-Id: I66a20f2fd6370909165093b77ef04992fb735380
2015-05-28 12:56:12 +12:00
Emilien Macchi
23d58ec2b6 Engine: validate auth_encryption_key
When using a string with a length != 16, 24, or 32 as value for the
auth_encryption_key parameter in the /etc/heat/heat.conf file it is not
possible to create new stacks. Creating a new stack (and probably
anything else) will fail with the following exception:

ValueError: AES key must be either 16, 24, or 32 bytes long.

Change-Id: I4e35cf0f782f22861319d05a3f028e5784ad26d5
Closes-bug: #1415887
2015-04-29 18:59:02 -04:00
Clayton O'Neill
8b6cf3bbb7 Make package_ensure consistent across classes
This adds a package_ensure parameter to all classes that did not have it
and updated all package resources to use the package_ensure parameter.

Change-Id: I49c3e50153bc5eba323c5a766ed1f30c23653985
2015-04-23 13:42:56 -04:00
Yanis Guenane
744f4bbcf5 Create a sync_db boolean for Heat.
Other components offer the option to decide whether or not to run the
db sync command. Heat was missing this feature. This commit add this
feature for Heat.

Change-Id: I06b669123fe08e02c66ee34dab78a943ff5de90c
2015-04-07 11:51:28 +02:00
Jenkins
9a851c5f6c Merge "Tag all Heat packages" 2015-03-30 13:26:42 +00:00
Gael Chamoulaud
73df608936 Tag all Heat packages
Some users wish to override the default package provider by their own.

Tag all packages with the 'openstack' to allow mass resource attributes
override using resource collectors.

Closes-bug: #1391209

Change-Id: I09e54700438894e22d29605fec51bb056baf4050
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-03-28 19:07:21 +01:00
Matt Fischer
dc047a0f01 Add support for stack_adopt and move stack_abandon
This adds support for enable_stack_adopt and moves
enable_stack_abandon out of the engine manifest and into the main one.

Change-Id: I93629f2b2173a767669fec0b17107a69dbf759de
2015-03-27 10:23:39 -06:00
Johannes Grassler
c67c563416 Added missing enable_stack_abandon configuration option.
Change-Id: I71f8aa8abb211ec25075d5dea2f8a9014fe22c28
Closes-Bug: #1415986
2015-03-11 22:12:54 +01:00
Sebastien Badia
44e1bbf039 Add Puppet 4.x lint checks
This changes the puppet-lint requirement to 1.1.x, so that we can use
puppet-lint plugins. Most of these plugins are for 4.x compat, but some
just catch common errors.

Change-Id: If5f03538be85cee4a1d3b4c9a87eae1230432114
2015-03-02 13:54:32 +01:00
Matt Fischer
a4af24cb2f Rework delegated roles
In deployments that have keystone only nodes, the keystone nodes will
need to configure the keystone roles, but they will not have a heat.conf
file. This means that the functionality between writing the config file
and configuring the role is split. The old role configuration is left in
engine as a deprecated parameter.

Fixes-bug: #1409977

Change-Id: I84a53c4992bcdfc4440560b78c602d517a18ec39
2015-02-03 17:46:49 +00:00
Clayton O'Neill
ef541ea4f1 Run dbsync when engine is upgraded
The dbsync needs to be run when upgrading the engine package so that we
will apply any new database migrations needed by the new code.

Change-Id: Iac432741adf07122e27367c1011a9291273f514b
2015-01-20 19:48:15 +00:00
Matt Fischer
74e8743659 Move keystone role creation to keystone area
When the engine code does things with Keystone roles/etc it breaks when
run on nodes that are not running Keystone. Some environments have
Keystone in a separate node thereby causing issues. This moves it into
the Keystone auth class to match the functaionality of other puppet
modules and avoid this issue. The older parameters are deprecated but
will still work.

Based on the original patch by Vladislav Belogrudov.

Change-Id: I3d6545cf1e5338b1098ee52daedcc17dc9ad990b
Closes-Bug: #1393293
2015-01-12 14:25:56 -07:00
Gael Chamoulaud
45a35dc2ec Add puppet-lint-param-docs plugins to puppet-lint
- This puppet-lint plugin checks if all parameters are documented
- Fix some unaligned arrows
- https://github.com/domcleal/puppet-lint-param-docs

Change-Id: I5e73747b726191bc4fc55e6e227892507e185871
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2014-11-13 12:42:40 +01:00
Emilien Macchi
0e6d7eacec engine: configure deferred authentication method
The default deferred_auth_method of password is deprecated as of
Icehouse, so although it is still the default, deployers are strongly
encouraged to move to using deferred_auth_method=trusts, which is
planned to become the default for Juno.

* It avoids storing user credentials in the heat database
* It removes the need to provide a password as well as a token on stack create
* It limits the actions the heat service user can perform on a users behalf.

This patch aims to:
* Set deferred_auth_method = trusts in /etc/heat/heat.conf for engine
* Specify the roles to be delegated to the heat service user
   (trusts_delegated_roles in heat.conf, defaults to heat_stack_owner
   which will be referred to in the following instructions. You may wish
   to modify this list of roles to suit your local RBAC policies)
* Create the role(s) in Keystone (optional and enabled by default).

Change-Id: I99eaf29473bc4e70017580b3b340c24093aa0619
2014-10-08 12:20:52 -04:00
Martin Magr
2ee54962a8 Add manage_service feature
puppet-heat lacks of disabling service managing. This patch adds
$manage_service parameter to all relevant classes.

Closes-bug: #1359823
Change-Id: I54245b39f3484ccdb9910aa0fa4c8dc2bae3f0ce
2014-09-19 15:13:21 +02:00
Emilien Macchi
d8978464dd engine_life_check_timeout support
Since d7ae961fca
got merged, heat engine has now a distributed stack lock using the
database to avoid race conditions when multiple engines are deployed.

This patch aims to add a new flag to configure the RPC timeout for the
engine liveness check that is used for stack locking.

Change-Id: Iad7958225651e2b52844b5d942f6630bbe9e86fa
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
2013-12-30 22:51:20 +01:00
François Charlier
9a885b068b make auth_encryption_key a parameter
Also add tests for heat::engine

Change-Id: Ic84344060eaad006026fb6b66d569efa3d2592e3
Closes-Bug: #1249280
2013-12-30 13:53:06 +01:00
Francesco Vollero
67f0661443 Enable execution of heat-manage db_sync
This patch is aiming to correct a fault in puppet-heat that was not
executing the heat-manage db_sync that was making this module in the
end not fully working.

At this stage there are no tests to support this change but I am
willing to add those in a later commit.

This patch it's been rebased according to this change: https://review.openstack.org/46227

This new patchset include a patch from Sebastien Badia and should
make all the tests green with Change id: I2aa8fc070e5f5ee18040200e4a5b4f6161550280

Change-Id: Ib7731ab429ea92947f52bcf015facc8864466586
2013-09-26 17:08:37 +02:00
Francesco Vollero
7d4a5ecfa6 Remove heat::db from all the components of the module.
This patch is needed to completely remove any require heat::db that
point to heat::db that was removed in change:
I4584cdb12d1f9e624228e6ee34b4bcfbf649a12e

The patch is connected to the fact that in the cited change we
missed those references.

Change-Id: Idd9dcefd52c63e9c8cd74fc39bc4b7ba04f981bc
2013-09-12 11:23:51 +02:00
Ian Wienand
84dbad08b7 Consolidate config into single file
Upstream commits [1,2] modified heat to use a single config file.
This modifies the puppet config of each component to use different
sections of the same file.

Some notes about the change:

 - each of heat-api, heat-api-cfn, heat-api-cloudwatch has indvidual
   options for bind_port, bind_host
 - heat-engine options live under DEFAULT (it does not bind to any
   ports)
 - new log_dir global
 - slight fixes to ENCRYPTION_KEY generation for new heat.conf name
 - include rspec tests for api-cfn & api-cloudwatch

Fixes bug 1214824

[1] https://review.openstack.org/#/c/39980/
[2] https://review.openstack.org/#/c/43697/

Change-Id: I7d8865a809da71696b944ab0654a1f728cd827df
2013-08-30 07:23:56 +10:00
Mathieu Gagné
08a1141f16 Deprecate classes with hyphens
Puppet does not recommend the use of hyphens in class names.

This change deprecates classes with hypens and inform the users
to use the new ones. Backward compatibility is preserved.

Change-Id: Ib4ce5ec3f9354d77397d97500811ccac2a0ff395
2013-08-29 10:08:21 -04:00
Francesco Vollero
4a972180be engine.pp: removed undefined Heat_engine_config
Change-Id: Ie9e6389aa65aebfa8f6561cea24dfae84736665b
2013-08-27 13:48:49 +02:00
Mathieu Gagné
1b21b36636 Use Puppet boolean for better consistency
This fixes puppet-lint warning "quoted boolean value".

Change-Id: I2ab34d535accaf621b1058658f5f371ae4aca921
2013-08-09 15:39:30 -04:00
Emilien Macchi
03ef6a7b7f Update the module for new config file method
Since we have now an only config file (heat.conf) with this patch:
https://review.openstack.org/#/c/36476/

This patch updates the module and delete old configuration files
support and add a test.

Also, I fixed some tab issues in manifests.
Fix bug #1207858

Change-Id: If3d044e2581156fa5ce4de19f5c740328efa0aa8
2013-08-06 23:28:31 +02:00
Francesco Vollero
1ba69d0efb Added the initialization of the ENCRYPTION_KEY in heat-engine.conf 2013-07-24 10:37:38 +02:00
Francesco Vollero
ac80ddbf6f Changes to make it work with Fedora 2013-07-22 18:13:55 +02:00
Émilien Macchi
4cff6cd930 Drop keystone stuffs in Engine.pp 2013-06-09 23:49:45 +02:00
Émilien Macchi
a7e8f56feb Drop db-sync stuff 2013-06-09 23:06:40 +02:00
Émilien Macchi
170180fabf Fix typo in manifests 2013-06-04 22:56:29 +02:00
Émilien Macchi
8c588638a1 Fix keystone password in engine manifest 2013-06-03 21:49:59 +02:00