Heat has an additional configuration for plugin_dirs
parameter. This parameter provides a list of directories
to search for plug-ins. This change allows configuration
of plugin_dirs parameter in heat.conf file. This change
will allow a user to set this value, if required. Else
$::os_service_default will be used and the parameter will
not be added to the config file, as it is done today.
Change-Id: I636d52f867ee447eaf0e1e80bf9fdc30c91f4ec1
This adds support for setting reauthentication_auth_method
flag in heat.conf.
Change-Id: I247b02a50bb46ce16ca120961dd9c3df3e6026fd
Partial-Bug: #1683983
These settings are all legacy, as for some time heat has instead supported
deriving the URLs internally using the endpoints from the keystone catalog.
Defaulting these to localhost seems like a bad default, as in
most cases heat will caclulate a more reasonable default (e.g something
derived from the actual heat public endpoint in keystone), and it's somewhat
surprising when you don't pass a value and get localhost instead of the heat
defaults.
They can still be used to override the keystone endpoint, which is sometimes
useful, but in most cases these should no longer be set IMO.
Note the relevant heat commits which make these settings optional are
Id402664e38e3da071ad634233b3a1f8e13af152d and
If8a2d3f37d87c26228e709c20f61969b397f2da0 (present in all Heat releases
since Mitaka)
Closes-Bug: #1641873
Change-Id: I90ccdd881a41d803e28064f44b821ab48a6fa8ea
This is a boolean which enables the "new" heat convergence architecture.
Heat plans to make this enabled by default soon (currently disabled), so
adding this will provide an easy way for deployers to maintain the old
architecture if they wish.
Change-Id: I4e879751a30c961e851ab9da80612d3f2fb2395a
This option exists for heat::api but is missing for heat::engine.
This commit adds the missing num_engine_workers parameter.
Change-Id: I69565c13b732ef74531a516aac8a368597411856
Previously the anchors and dependencies that allow external hooks were
all in the main ::heat class. However, if you wanted to include just
::heat::db::mysql, then it would fail, since it assumed the main heat
class was included. This moves all of those resources and relationships
into a new class, ::heat::deps. All of the classes will now include
this class so that the anchors and deps are always evaluated even if
only a portion of the classes are used, and even if ::heat isn't pulled
in.
Change-Id: I4297df160a7afae2b66c1ac76e37de313fa4fb09
Closes-Bug: #1507934
Before you could configure the role in the config file but not the
keystone role that was created. Now you can do both.
Change-Id: Iea6df1679d3ceef1f0876e65dac06628147c700b
In Kilo, we decided to use ::heat::keystone::auth to manage the
Keystone_role resource to help with Trusts configuration.
Though the configuration was and still remains part of ::heat::engine
class because we assume ::heat::keystone::auth can be run outside the
heat-engine node.
So this patch aims to drop the deprecated parameter, update the
documentation and unit tests.
Change-Id: I045a3a82095e23778c4e878b13f2fc7f561d680e
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain. This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.
Change-Id: I032ee01505e0cbc125b0e219c436b77c93f57720
Currently we specify the ordering of config resources wherever it is
necessary based on the presence of the file it will write to, or the
presence of the package in charge of providing the file it will write
to.
Those kind of ordering can be specified directly at the resource level
using the autorequire mechanism. With this patch, any config resource
will make sure the package in charge of providing the file will be
installed first.
Change-Id: I6476060c97d350640b5a254738a60e319ad522e9
In order to standardize the way dbsync are run across our modules,
we create a new class heat::db::sync.
This class will be included if sync_db is enabled.
By making this transition the heat::db::sync class
can be returned by the ENC.
A use case would be in an highly available environment, with 3 galera
nodes, include heat on every node with sync_db set to false
and have the ENC return heat::db::sync just for one node.
Change-Id: I2165dcce6ae9a47b8c9315411933de42516a18c9
In order to be able to take an action after all the packages of the
module have been installed/updated or all the services have been
started/restarted, we set a 'heat-package' and 'heat-service' tag
for each package and service of this module.
At the moment, there is a generic openstack tag that is not specific
enough if one wants to take action upon a single module change.
Use case :
If an action needs to be taken after all the packages have been
installed or updated : Package <| tag == 'heat-package' |> -> X
Change-Id: I38a6b422054dbf0fceacf6b7e329dbb3cb0fa9cb
This change allows the Kilo heat.conf options
default_software_config_transport and default_deployment_signal_transport to
be set. This is required for operators who would prefer a different default
transort, such as Swift TempURLs.
Change-Id: I66a20f2fd6370909165093b77ef04992fb735380
When using a string with a length != 16, 24, or 32 as value for the
auth_encryption_key parameter in the /etc/heat/heat.conf file it is not
possible to create new stacks. Creating a new stack (and probably
anything else) will fail with the following exception:
ValueError: AES key must be either 16, 24, or 32 bytes long.
Change-Id: I4e35cf0f782f22861319d05a3f028e5784ad26d5
Closes-bug: #1415887
This adds a package_ensure parameter to all classes that did not have it
and updated all package resources to use the package_ensure parameter.
Change-Id: I49c3e50153bc5eba323c5a766ed1f30c23653985
Other components offer the option to decide whether or not to run the
db sync command. Heat was missing this feature. This commit add this
feature for Heat.
Change-Id: I06b669123fe08e02c66ee34dab78a943ff5de90c
Some users wish to override the default package provider by their own.
Tag all packages with the 'openstack' to allow mass resource attributes
override using resource collectors.
Closes-bug: #1391209
Change-Id: I09e54700438894e22d29605fec51bb056baf4050
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
This adds support for enable_stack_adopt and moves
enable_stack_abandon out of the engine manifest and into the main one.
Change-Id: I93629f2b2173a767669fec0b17107a69dbf759de
This changes the puppet-lint requirement to 1.1.x, so that we can use
puppet-lint plugins. Most of these plugins are for 4.x compat, but some
just catch common errors.
Change-Id: If5f03538be85cee4a1d3b4c9a87eae1230432114
In deployments that have keystone only nodes, the keystone nodes will
need to configure the keystone roles, but they will not have a heat.conf
file. This means that the functionality between writing the config file
and configuring the role is split. The old role configuration is left in
engine as a deprecated parameter.
Fixes-bug: #1409977
Change-Id: I84a53c4992bcdfc4440560b78c602d517a18ec39
The dbsync needs to be run when upgrading the engine package so that we
will apply any new database migrations needed by the new code.
Change-Id: Iac432741adf07122e27367c1011a9291273f514b
When the engine code does things with Keystone roles/etc it breaks when
run on nodes that are not running Keystone. Some environments have
Keystone in a separate node thereby causing issues. This moves it into
the Keystone auth class to match the functaionality of other puppet
modules and avoid this issue. The older parameters are deprecated but
will still work.
Based on the original patch by Vladislav Belogrudov.
Change-Id: I3d6545cf1e5338b1098ee52daedcc17dc9ad990b
Closes-Bug: #1393293
- This puppet-lint plugin checks if all parameters are documented
- Fix some unaligned arrows
- https://github.com/domcleal/puppet-lint-param-docs
Change-Id: I5e73747b726191bc4fc55e6e227892507e185871
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
The default deferred_auth_method of password is deprecated as of
Icehouse, so although it is still the default, deployers are strongly
encouraged to move to using deferred_auth_method=trusts, which is
planned to become the default for Juno.
* It avoids storing user credentials in the heat database
* It removes the need to provide a password as well as a token on stack create
* It limits the actions the heat service user can perform on a users behalf.
This patch aims to:
* Set deferred_auth_method = trusts in /etc/heat/heat.conf for engine
* Specify the roles to be delegated to the heat service user
(trusts_delegated_roles in heat.conf, defaults to heat_stack_owner
which will be referred to in the following instructions. You may wish
to modify this list of roles to suit your local RBAC policies)
* Create the role(s) in Keystone (optional and enabled by default).
Change-Id: I99eaf29473bc4e70017580b3b340c24093aa0619
puppet-heat lacks of disabling service managing. This patch adds
$manage_service parameter to all relevant classes.
Closes-bug: #1359823
Change-Id: I54245b39f3484ccdb9910aa0fa4c8dc2bae3f0ce
Since d7ae961fca
got merged, heat engine has now a distributed stack lock using the
database to avoid race conditions when multiple engines are deployed.
This patch aims to add a new flag to configure the RPC timeout for the
engine liveness check that is used for stack locking.
Change-Id: Iad7958225651e2b52844b5d942f6630bbe9e86fa
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
This patch is aiming to correct a fault in puppet-heat that was not
executing the heat-manage db_sync that was making this module in the
end not fully working.
At this stage there are no tests to support this change but I am
willing to add those in a later commit.
This patch it's been rebased according to this change: https://review.openstack.org/46227
This new patchset include a patch from Sebastien Badia and should
make all the tests green with Change id: I2aa8fc070e5f5ee18040200e4a5b4f6161550280
Change-Id: Ib7731ab429ea92947f52bcf015facc8864466586
This patch is needed to completely remove any require heat::db that
point to heat::db that was removed in change:
I4584cdb12d1f9e624228e6ee34b4bcfbf649a12e
The patch is connected to the fact that in the cited change we
missed those references.
Change-Id: Idd9dcefd52c63e9c8cd74fc39bc4b7ba04f981bc
Upstream commits [1,2] modified heat to use a single config file.
This modifies the puppet config of each component to use different
sections of the same file.
Some notes about the change:
- each of heat-api, heat-api-cfn, heat-api-cloudwatch has indvidual
options for bind_port, bind_host
- heat-engine options live under DEFAULT (it does not bind to any
ports)
- new log_dir global
- slight fixes to ENCRYPTION_KEY generation for new heat.conf name
- include rspec tests for api-cfn & api-cloudwatch
Fixes bug 1214824
[1] https://review.openstack.org/#/c/39980/
[2] https://review.openstack.org/#/c/43697/
Change-Id: I7d8865a809da71696b944ab0654a1f728cd827df
Puppet does not recommend the use of hyphens in class names.
This change deprecates classes with hypens and inform the users
to use the new ones. Backward compatibility is preserved.
Change-Id: Ib4ce5ec3f9354d77397d97500811ccac2a0ff395
Since we have now an only config file (heat.conf) with this patch:
https://review.openstack.org/#/c/36476/
This patch updates the module and delete old configuration files
support and add a test.
Also, I fixed some tab issues in manifests.
Fix bug #1207858
Change-Id: If3d044e2581156fa5ce4de19f5c740328efa0aa8