32 Commits

Author SHA1 Message Date
Emilien Macchi
12ef0e5044 telemetry: switch auth_uri to uri_no_suffix
Switch Aodh, Ceilometer and Panko to use auth_uri parameter with
keystone versionless endpoint.

Change-Id: I5800f4161d0406d3717e1f539d23411b11378fbc
Partial-implement: blueprint keystone-v3
2017-03-13 08:14:31 -04:00
Michele Baldessari
90431683b5 Make the DB URIs host-independent for all services
When fixing LP#1643487 we added ?bind_address to all DB URIs.
Since this clashes with Cellsv2 due to the URIs becoming host
dependent, we need a new approach to pass bind_address to pymysql
that leaves the DB URIs host-independent.

In change Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18 we first create a
/etc/my.cnf.d/tripleo.cnf file with a [tripleo] section with the correct
bind-address option.

In this change we make sure that the DB URIs will point to the added
file and to the specific section containing the necessary bind-address
option. We do introduce a new MySQLClient profile which will hold all
this more client-specific configuration so that this change can fit
better in the composable roles work. Also, in the future it might
contain the necessary configuration for SSL for example.

Note that in case the /etc/my.cnf.d/tripleo.cnf file does not exist
(because it is created via the mysqlclient profile), things keep on
working as usual and the bind-address option simply won't be set, which
has no impact on hosts where there are no VIPs.

Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>

Change-Id: Ieac33efe38f32e949fd89545eb1cd8e0fe114a12
Related-Bug: #1643487
Closes-Bug: #1663181
Closes-Bug: #1664524
Depends-On: Iff8bd2d9ee85f7bb1445aa2e1b3cfbff1f397b18
2017-02-17 17:22:42 +01:00
Jenkins
1e5101ae88 Merge "Remove deprecated metering_secret" 2017-02-16 12:11:08 +00:00
Juan Antonio Osorio Robles
d1eb0bc0dc Use Keystone internal endpoint instead of admin for services
The admin endpoint is listening on the ctlplane network by default;
services should ideally be using the internal api network for this kind
of traffic, as the ctlplane network is mostly for provisioning. On the
other hand, the admin endpoint shouldn't be as relevant with services
switching to keystone v3.

Change-Id: I1213a83ef8693c1cca1d20de974f7949a801d9f1
2017-02-14 02:41:13 +00:00
Pradeep Kilambi
53619e2033 Remove deprecated metering_secret
use telemetry_secret instead which is already set.

Change-Id: I1815ba16519a529c6b7cbdf164e8853857692d73
2017-02-08 14:29:54 -05:00
Pradeep Kilambi
dcfc58102c Remove CeilometerStoreEvents parameter
This is removed upstream, so lets not set it anymore.

Closes-Bug: #1657555

Change-Id: I6ca9f51d27d7ca49980a4b3dea4128c7bdc20a0f
2017-01-18 14:23:48 -05:00
Pradeep Kilambi
8568de47d5 Add a environment file to disable ceilo api
Use the standard composable interface to disable
ceilo api instead of using a separate flag.

Closes-bug: #1656364

Change-Id: I67900f7e6816212831aea8ed18f323652857fbd3
2017-01-18 09:04:35 -05:00
Jenkins
0bfe7c9279 Merge "DB connection: prevent src address from binding to a VIP" 2017-01-04 16:43:34 +00:00
Damien Ciabrini
56ebc7e58d DB connection: prevent src address from binding to a VIP
When a service connects to the database VIP from the node hosting this
VIP, the resulting TCP socket has a src address which is by default
bound to the VIP as well. If the VIP is failed over to another node
while the socket's Send-Q is not empty, TCP keepalive won't engage and
the service will become unavailable for a very long time (by default
more than 10m).

To prevent failover issues, DB connections should have the src address
of their TCP socket bound to the IP of the network interface used for
MySQL traffic. This is achieved by passing a new option to the
database connection URIs. This option is available starting from
PyMySQL 0.7.9-2.

We use a new intermediate variable in hiera to hold the IP to be used
as a source address for all DB connections. All services adapt their
database URI accordingly.

Moreover, a new YAML validation check is added to guarantee that new
services will construct their database URI appropriately.

Change-Id: Ic69de63acbfb992314ea30a3a9b17c0b5341c035
Closes-Bug: #1643487
2017-01-03 10:56:02 +01:00
Steven Hardy
3c6ec654b4 Bump template version for all templates to "ocata"
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.

This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.

Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-23 11:43:39 +00:00
Pradeep Kilambi
696bb73165 Set the default event pipeline publisher
Since we have aodh enabled for alarms, we should set the
notifier to the default queue alarm.all.

Closes-bug: #1590473

Change-Id: Ibcb5076424ac2ddcd18ff717d82da1aec4c035cb
2016-12-20 10:37:14 -05:00
Pradeep Kilambi
c0cbbd5c4b Expose param to enable legacy ceilometer api
Change-Id: I75815a4bcbf421597abb86226238b74a9afffc0d
Depends-On: Iffb8c2cfed53d8b29e777c35cee44921194239e9
2016-12-09 17:34:39 -05:00
Pradeep Kilambi
413d292600 Support multiple meter dispatchers in ceilometer config
Currently we only support one dispatcher at a time. But ceilometer
config supports dispatching data to multiple destinations at the
same time. Update the param to support this.

Change-Id: Ie7d854928513239a5903862623df12af1d02b642
2016-11-30 12:54:50 -05:00
Pradeep Kilambi
a2e0aa4d1c Add panko api support to service templates
This integrates panko service api into tripleo heat templates.
By default, we will disable this service, an environment service
file is included to enable if needed.

Depends-On: I35f283bdf8dd0ed979c65633724f0464695130a4

Change-Id: I07da3030c6dc69cce7327b54091da15a0c58798e
2016-11-17 13:39:34 -05:00
Dan Prince
7ba5525207 Move db::mysql into service_config_settings
This patch movs the various db::mysql hiera settings into a
'mysql' specific service_config_settings section for each
service so that these will only get applied on the MySQL service
node. This follows a similar puppet-tripleo change where we
create the actual databases for all services locally on
the MySQL service node to avoid permission issues.

Change-Id: Ic0692b1f7aa8409699630ef3924c4be98ca6ffb2
Closes-bug: #1620595
Depends-On: I05cc0afa9373429a3197c194c3e8f784ae96de5f
Depends-On: I5e1ef2dc6de6f67d7c509e299855baec371f614d
2016-09-28 07:01:49 -04:00
Dan Prince
9d67d7b3b1 Move keystone::auth into service_config_settings
This patch moves the keystone::auth settings for all
services into the new service_config_settings section. This
is important because we execute the keystone commands via
puppet only on the role containing the keystone service
and without these settings it will fail.

Note that yaql merging/filtering is used here to ensure that
service_config_settings is optional in service templates,
and also that we'll only deploy hieradata for a given
service on a node running the service (the key in
the service_config_settings map must match the service_name
in the service template for this to work).

e.g the following will result in only deploying keystone: 123
in hiera on the role running the "keystone" service,
regardless of which service template defines it.

  service_config_settings:
    keystone:
      keystone: 123

Co-Authored-By: Steven Hardy <shardy@redhat.com>
Change-Id: I0c2fce037a1a38772f998d582a816b4b703f8265
Closes-bug: 1620829
2016-09-23 07:43:21 -04:00
Emilien Macchi
b5a54bf985 Update authtoken parameters to match recent changes
Update authtoken parameters for:
- Aodh
- Ironic
- Manila
- Nova
- Ceilometer

Change-Id: Ie123b8da1a7af2e406aadca4775de9e8c4e6e1f5
2016-08-24 22:29:45 -04:00
Dan Prince
3b62761d2f Add DefaultPasswords to composable services
This patch adds a new DefaultPasswords parameter to
composable services. This is needed to help provide
access to top level password resources that overcloud.yaml
currently manages (passwords for Rabbit, Mysql, etc.).

Moving the RandomString resources into composable services
would cause them to regenerate within the stack. With this
approach we can leave them where they are while we deprecate
the top level mechanism and move the code that uses the
passwords into the composable services.

Change-Id: I4f21603c58a169a093962594e860933306879e3f
2016-08-18 12:45:30 -04:00
Giulio Fidente
885b37c80e Pass ServiceNetMap to services
This will be needed to pick the network where the service has
to bind to from within the service template.

Change-Id: I52652e1ad8c7b360efd2c7af199e35932aaaea8c
2016-08-18 12:36:18 -04:00
Dan Prince
0ec58cf536 Mv Ceilometer settings out of puppet/compute.yaml
This finishes moving most of the config settings out of
compute.yaml for Ceilometer.

Change-Id: I96369ebba28f0af4eb2d6d520b478213d8021822
Related-Bug: #1604412
2016-08-15 13:08:00 -04:00
Steven Hardy
450be229c3 Convert EndpointMap to not require per-service VIP parameters
Currently we have a hard-coded set of per-service parameters, which
will cause problems for custom roles and full composability.

As a first step towards making this more configurable, remove the
hard-coded per-service parameters from overcloud.yaml, and adjust
the EndpointMap generation to instead accept two mappings, the
ServiceNetMap and a mapping of networks to IPs (effectively this
just moves the map lookup inside the endpoint map instead of
inside overcloud.yaml)

Change-Id: Ib522e89c36eed2115a6586dd5a6770907d9b33db
Partially-Implements: blueprint custom-roles
2016-08-11 14:35:48 +03:00
Michele Baldessari
81de065665 Next generation HA architecture work
This is the THT part that brings us the next generation architecture
as described in the following spec:
https://review.openstack.org/#/c/299628/

Blueprint:
https://blueprints.launchpad.net/tripleo/+spec/ha-lightweight-architecture

So far we tested deployment + tripleo.sh --overcloud-pingtest and
failover + tripleo.sh --overcloud-pingtest

Note that many of the Pacemaker template files become redundant with
this change, but to simplify the process of getting this change landed,
those templates will not be removed until a future commit.

Depends-On: I5e7585c08675d8a4bd071523b94210d325d79b59

Change-Id: I00bccb2563c006f80baed623b64f1e17af20dd4e
Implements: blueprint ha-lightweight-architecture
Co-Author: cmsj@tenshu.net
2016-08-04 15:07:39 +02:00
Steven Hardy
9b36f36a05 Replace hard-coded regionOne with parameter references
In a few places we hard-code the config values to regionOne, but
there is a parameter available to set this.

Change-Id: I9f5138103deb45f7432ee44e03a08dcf54c2990d
2016-08-03 15:01:57 +01:00
Jenkins
9aec3de5b8 Merge "Convert service_name to underscore syntax" 2016-07-29 08:52:05 +00:00
Steven Hardy
7df649f59e Convert service_name to underscore syntax
Currently we use hyphens, e.g cinder-api, but in overcloud.yaml
we have a lot of references to services (e.g for AllNodesConfig)
by underscore, e.g cinder_api.  To enable dynamic generation of
this data, we need the service name in underscore format.

Change-Id: Ief13dfe5d8d7691dfe2534ad5c39d7eacbcb6f70
2016-07-28 16:31:36 +01:00
Emilien Macchi
315fa31963 Migrate Puppet Hieradata to composable services
Migrate puppet/hieradata/*.yaml parameters to puppet/services/*.yaml
except for some services that are not composable yet.

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: I7e5f8b18ee9aa63a1dffc6facaf88315b07d5fd7
2016-07-27 12:23:38 -04:00
Jenkins
aa71f16a69 Merge "Move mysql::host param from MysqlInternal to MysqlNoBracketsInternal" 2016-07-22 14:03:33 +00:00
Dan Prince
6b30ff11d4 Add 'service_name' to composable services
This patch adds a new service_name section to each composable
service. We now have an explicit unit test check to ensure that
service_name exists in tools/yaml-validate.py.

This patch also wires service_names into hieradata on each
of the roles so that tools can access the deployed services locally
during deployment and upgrades.

Change-Id: I60861c5aa760534db3e314bba16a13b90ea72f0c
2016-07-22 07:29:39 -04:00
Giulio Fidente
248390bbe3 Move mysql::host param from MysqlInternal to MysqlNoBracketsInternal
The ::host parameter expects IPv6 addresses withouth brackets; this
change aligns the remaining services to use MysqlNoBracketsInternal
as it happens already for the others (eg. Keystone).

Change-Id: Ia72d325447408b1cb5fea836034bbcd75d17ddf1
2016-07-21 18:45:48 +02:00
Emilien Macchi
81863d1014 Re-enable Ceilometer composable roles for controller
This patch brings back Ceilometer composable roles for controller,
module some adjustments to make it work.

Fixes 3 issues in Ceilometer composable services

1) This patch fixes the hiera maps in the pacemaker ceilometer*
templates. These were lists and should be a map.

2) fixes a critical issue in ceilometer-base.yaml where the
password was incorrectly coded in the YAML using get_param on
a string which wasn't actually a parameter.

3) Fixes the ceilometer_coordination_url so that it uses a YAML anchor
as was implied instead of get_param on a string which wasn't a
parameter.

4) Fixes the default database connection to use mongodb and configured
in puppet-tripleo profile appropriately.

Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com>

Closes-Bug: #1601844
Change-Id: Ia0a59121b9ffd5e07647f66137ce53870bc6b5d6
2016-07-11 11:00:36 -04:00
Dan Prince
c93ba28a89 Revert "Ceilometer composable roles for controller"
This reverts commit c48410a05ec0ffd11c717bcf350badc9e5f0e910.

We've discovered this patch never had passing CI due to a DLRN
build failure.

Change-Id: I546cb3e340d20701662affda7e28b586c58ba6de
2016-06-23 14:38:56 -04:00
Pradeep Kilambi
c48410a05e Ceilometer composable roles for controller
Depends-On: I4b5e93a108e80e91af26ffee454130ee18c0042e

Change-Id: I59c948ead475f449cb8d1b752f39b7eaaf056130
2016-06-23 03:06:03 +00:00