121 Commits

Author SHA1 Message Date
David J Peacock
47ec1089a5 flatten database service Redis
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of database service Redis
has been removed.

Change-Id: I530ee8196e1d4b81ae4886b234e1a530cf34becf
Related-Blueprint: services-yaml-flattening
2019-03-01 10:58:31 -05:00
David J Peacock
6dbfde9c85 flatten database service MySQL Server
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of database service MySQL Server
has been removed.

Change-Id: I407bd8d8fe9bde53609e4316b12eb0b7151552ca
Related-Blueprint: services-yaml-flattening
2019-02-28 08:36:31 -05:00
Cédric Jeanneret
fb7ea6734e Flatten rabbitmq service - step 1
This flattens rabbitmq and removes puppet parts. The next step will
move the flattened templates to their final location.

It's split in two steps in order to make reviews easier on that big change.

Change-Id: I30f0802770d86d64e2ec6fa93dc9a608d4b15d69
2019-02-05 15:44:40 +01:00
Dan Prince
27e8bbd2ac flatten the manila service configurations
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for all manila services.

With this patch the baremetal version of each manila service has been removed.

Related-Blueprint: services-yaml-flattening

Change-Id: I02addc0ecbbbcb60d2c6a0d30d7c9cfa42346f7c
2019-02-01 09:58:20 -05:00
David J Peacock
05d77c9ed5 flatten haproxy service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of haproxy services has been removed.

Change-Id: Id55ae44a7b1b5f08b40170f7406e14973fa93639
Related-Blueprint: services-yaml-flattening
2019-01-29 12:33:16 -05:00
David J Peacock
123f40a565 flatten cinder service configuration
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration.

With this patch the baremetal version of cinder services has been removed.

Change-Id: I88f047a8ee9c3eed80e4c48ed9cabdb3035d518b
Related-Blueprint: services-yaml-flattening
2019-01-18 08:55:26 -05:00
Cédric Jeanneret
0576e26234 Ensure we get dedicated logging file for HAProxy
With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.

This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.

Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
2018-12-12 10:16:42 +01:00
Juan Badia Payno
fd17213715 Pacemaker-cinder-volume & pacemaker-cinder-backup log path fix
As can be seen in the gate [1][2], the path for the
services are not set correctly.

Added the inheritance service_config_settings for
puppet/services/pacemaker/cinder-volume.yaml &
puppet/services/pacemaker/cinder-backup.yaml

Overwrite the log path on the
docker/services/pacemaker/cinder-volume.yaml &
docker/services/pacemaker/cinder-backup.yaml

[1]http://logs.openstack.org/36/594836/1/check/tripleo-ci-centos-7-scenario002-multinode-oooq-container/427de6c/logs/subnode-2/var/log/config-data/fluentd/etc/fluentd/config.d/100-openstack-cinder_backup.conf.txt.gz
[2]http://logs.openstack.org/36/594836/1/check/tripleo-ci-centos-7-scenario002-multinode-oooq-container/427de6c/logs/subnode-2/var/log/config-data/fluentd/etc/fluentd/config.d/100-openstack-cinder_volume.conf.txt.gz

Depends-On: If253da4f0f89221dc6ddacc280c984079c6a3c7f
Change-Id: Iaf2ab01a501e8f5ef15ac3618eac5df67fabcf5c
2018-09-19 10:52:04 +02:00
Cédric Jeanneret
59b762658d Manage public certificate with ansible
This is basically a rewrite of the bash script pushed by
puppet/extraconfig/tls/tls-cert-inject.yaml

UpgradeImpact: NodeTLSData is not used anymore

Change-Id: Iaf7386207e5bd8b336759f51e4405fe15114123a
2018-05-31 14:50:00 +02:00
Giulio Fidente
753a350418 Remove support for puppet-ceph
Deployment of a managed Ceph cluster using puppet-ceph
is not supported from the Pike release. From Queens it
is not supported use of puppet-ceph when using an
external Ceph cluster either.

This change removes the old templates necessary to
support deployment of Ceph via puppet-ceph.

Implements: blueprint remove-puppet-ceph
Change-Id: I17b94e8023873f3129a55e69efd751be0674dfcb
2018-05-18 14:00:30 +02:00
Carlos Camacho
44ef2a3ec1 Change template names to rocky
The new master branch should point now to rocky.

So, HOT templates should specify that they might contain features
for rocky release [1]

Also, this submission updates the yaml validation to use only latest
heat_version alias. There are cases in which we will need to set
the version for specific templates i.e. mixed versions, so there
is added a variable to assign specific templates to specific heat_version
aliases, avoiding the introductions of error by bulk replacing the
the old version in new releases.

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky
Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
2018-05-09 08:28:42 +02:00
Zuul
5e59b0252c Merge "Add nfs as a cinder backup driver option to CinderBackupBackend" 2018-04-10 20:36:17 +00:00
Marc Methot
e456e103fb Add nfs as a cinder backup driver option to CinderBackupBackend
Added nfs as an option to where CinderBackupBackend was hardcoded
as either ceph or swift. Also added some parameters for this
driver - CinderBackupNfsShare and CinderBackupNfsMountOptions

Depends-On: Ic0adb294aa2e60243f8adaf167bdd75e42c8e20e
Change-Id: I29a488374726676a28fb82f2f950db891fcf9627
Closes-Bug: #1744174
2018-04-06 15:36:08 -04:00
Zuul
ee99f3977b Merge "Assign Cinder's backend_host when deploying for HA" 2018-03-26 20:11:54 +00:00
Steven Hardy
3a7baa8fa6 Convert ServiceNetMap evals to hiera interpolation
Since https://review.openstack.org/#/c/514707/ added the net_ip_map
to hieradata, we can look up the per-network bind IPs via hiera
interpolation instead of heat map_replace.

In some cases the ServiceNetMap lookup is used for other things,
but anywhere we make use of the "magic" translation via NetIpMap
is changed the same way.

This will enable more of the configuration data to be exposed per
role vs per node in a future patch (to simplify our ansible
workflow).

Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: Ie3da9fedbfce87e85f74d8780e7ad1ceadda79c8
2018-03-10 08:18:30 +00:00
Alan Bishop
99ea8b681f Assign Cinder's backend_host when deploying for HA
When deploying for HA, set cinder's backend_host option (not the host
option) to "hostgroup". That way, only the cinder-volume backend drivers
use a common value.

Closes-Bug: #1753596
Depends-On: I78a88725d297794efd854fbfb14df0611e0e0738
Change-Id: Ifa4cd1f43fd5d73fc21630cee45b9f38fa882349
2018-03-06 10:22:30 -05:00
Zuul
9604728016 Merge "Fix Redis TLS setup and its HA deployment" 2018-02-13 23:34:49 +00:00
Lars Kellogg-Stedman
b20bce1bf0 logging: use service_config_settings for fluentd
The initial fluentd client implementation predates the introduction of
service_config_settings, and necessitated some invasive changes to
what is now common/serivces.yaml. This commit modifies existing
services to use the service_config_settings based configuration
mechanism supported by more recent versions of the fluentd support in
puppet-tripleo.

Partial-bug: #1715187
Depends-On: I3149902401d68d6fd236073a73a20f982d4b952a
Depends-On: I2b057190ec0e4e75ee4ee47ebe0164c2644e5ab7
Depends-On: Ie7df4b8b94cb0ae38096ab95800f211ef1cd8455
Change-Id: I28028ffa00df2da8e0478a551d3de89c3ee46e1f
2018-02-07 16:37:00 +01:00
Damien Ciabrini
91db2020df Fix Redis TLS setup and its HA deployment
This patch reverts the revert of Redis TLS [1,2], and update the
pacemaker redis template to configure Redis to encrypt the
replication traffic between Redis nodes.

[1] a3769c03175cb36f0066c173477749a26f767566
[2] ebc8414cd0c18426ff80d9d65c964e91a7fe447f

Depends-On: I6cc818973fab25b4cd6f7a0d040aaa05a35c5bb1
Change-Id: I7f7be4bba6d41c04385f074857c82507cc8c2617
Closes-Bug: #1737707
2018-02-05 14:05:12 +00:00
marios
dec003def8 Convert tags to when statements for Q major upgrade workflow
This converts "tags: stepN" to "when: step|int == N" for the direct
execution as an ansible playbook, with a loop variable 'step'.
The tasks all include the explicit cast |int.

This also adds a set_fact task for handling of the package removal
with the UpgradeRemovePackages parameter (no change to the interface)

The yaml-validate also now checks for duplicate 'when:' statements

Q upgrade spec @ Ibde21e6efae3a7d311bee526d63c5692c4e27b28
Related Blueprint: major-upgrade-workflow
[0]: 394a92f761/tripleo_common/utils/config.py (L141)
Change-Id: I6adc5619a28099f4e241351b63377f1e96933810
2018-01-08 13:57:47 +02:00
Michele Baldessari
c56cdc8dda Add Instance HA support
This adds support for an Instance HA deployment option which evacuates
VMs after a compute node failure. To enable this feature just add
-e environments/compute-instanceha.yaml and make sure the compute nodes
have the OS::TripleO::Services::ComputeInstanceHA and the
OS::TripleO::Services::PacemakerRemote services added to it.

Testing has been done as follows:
1) Deploy an overcloud with Instance HA
2) Create a VM on the overcloud
3) Crash a compute node
4) Observe that the nova evacuate resource agent initiates the nova
   evacuation:
Nov 29 10:39:49 localhost NovaEvacuate(nova-evacuate)[32253]: NOTICE: Initiating evacuation of overcloud-novacompute-0.localdomain with fence_evacuate
Nov 29 10:39:57 localhost NovaEvacuate(nova-evacuate)[32253]: NOTICE: Completed evacuation of overcloud-novacompute-0.localdomain
5) Observe the VM having been started on the functional compute node

A documentation patch will follow explaining the whole mechanism more
in detail.

blueprint instance-ha

Depends-On: I4d1908242e9513a225d2b1da06ed4ee769ee10f7
Change-Id: If6c7d6c56eca96bd64ac5936036d119bd9ec6226
2017-12-10 09:08:01 +01:00
Pradeep Kilambi
a3769c0317 Redis replication does not work with TLS
Lets revert the tls support until we know it works.

Revert "TLS proxy for redis"

This reverts commit c2a93cf4c5d9d6b5ee0536380751a7a9540927cc.

Closes-bug: #1735259

Change-Id: I8157ce04617c094978175f3e4b3071bdf76362fe
2017-11-29 17:46:59 -05:00
Carlos Camacho
927495fe3d Change template names to queens
The new master branch should point now to queens instead of pike.

So, HOT templates should specify that they might contain features
for queens release [1]

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#queens

Change-Id: I7654d1c59db0c4508a9d7045f452612d22493004
2017-11-23 10:15:32 +01:00
Carlos Camacho
4014ed4e00 Correct template names from ocata to pike.
There are still some HOT templates pointing to ocata and
they should be pointing to pike.

This patch needs to be backported to stable/pike.

Change-Id: I42cc7e6d97e1f9d043d3cf82fc164448558d47bd
2017-10-10 12:45:02 +02:00
marios
2e182bffee Adds post_upgrade_tasks for any service post-upgrade ansible tasks
This adds a new config/deployment per role that will come after any
post deploy steps. It drives the same ansible config as the
upgrade_tasks but instead collects the post_upgrade_tasks for any
service in the given role.

The workflow is upgrade_tasks, then post deploy steps (either
puppet/ or docker/ depending on the env) and then the
post_upgrade_tasks added here.

This is added to the pacemaker/cinder-volume.yaml service for now
see the bug below for more info

Change-Id: Iced34fecf02ebddc91df9302de54d2f4c2cab680
Closes-Bug: 1706951
2017-09-12 18:43:16 +03:00
Jose Luis Franco Arza
0be3317f45 Add yaml validation for upgrade_tasks section.
In every ansible task defined within upgrade_tasks it is
necessary to specify the tag 'tags' which are used during
the ansible execution for the upgrade_tasks serialization.

Adding the 'tags' check per upgrade_tasks step into
the YAML validation will allow us to catch if any
service upgrade task is missing this flag.

Change-Id: I8f56a87cc2e9ffc0d827bbb729f6bc3f6ca7550b
2017-09-06 15:21:01 +02:00
Martin André
c2a93cf4c5 TLS proxy for redis
Redis does not have TLS out of the box. Let's use a proxy container for
TLS termination.

bp tls-via-certmonger

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ie2ae0d048a71e1b1b4edb10c74bc0395a1a9d5c9
Depends-On: I078567c831ade540cf704f81564e2b7654c85c0b
Depends-On: Ia50933da9e59268b17f56db34d01dcc6b6c38147
2017-08-31 05:28:20 +00:00
Tom Barron
8fa6c6e58c manila: set "host" to "hostgroup"
when running manila-share under control of pacemaker, as
is done for cinder-volume service in the same circumstance.

Change-Id: Ic97f01913bae2a388c962a38fa175eb1d763cdcb
Depends-On: Ie31f2d5ccf458f5fcfe8bec5f2c37f45070cfde2
Closes-Bug: #1712842
2017-08-24 12:27:20 -04:00
Sofer Athlan-Guyot
42d8a1c944 Make cinder-manage db sync run on only one controller during upgrade
We got to ensure that the cinder-manage db sync is run on only one
controller.

Change-Id: I88a6aa4c49d893b95a26795fbfcf163a780fd0bc
Closes-Bug: #1709315
2017-08-08 15:18:42 +02:00
Giulio Fidente
baf6eee501 Adds network/cidr mapping into a new service property
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.

Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).

Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-07-14 13:44:04 +02:00
Juan Antonio Osorio Robles
53407bd8b7 Add node's FQDN to mysql certificate request and CA file
This will add the node's FQDN to the mysql certificate request
besides the VIP's FQDN which we already use. This is needed for
adding TLS to the replication traffic. The CA file was also added
as hieradata, since the path will be needed for the TLS
configuration.

bp tls-via-certmonger

Change-Id: I9252303b92a2805ba83f86a85770db2551a014d3
2017-06-19 12:45:37 +00:00
Numan Siddique
b327ea5d86 Pacemaker HA suport for OVN DB servers
This patch adds the templates required to enable the OVN DB servers
to be started in master/slave mode in the pacemaker cluster.

For the OVN DBs base profile, ::tripleo::haproxy expects the parameter
'ovn_dbs_manage_lb' set to true in order for it to configure OVN DBs
for load balancing (please see this commit [1]). So this patch sets
'ovn_dbs_manage_lb' to true.

[1] - I9dc366002ef5919339961e5deebbf8aa815c73db

Co-authored-by: Babu Shanmugam (babu.shanmugam@gmail.com)
Depends-on: I94d3960e6c5406e3af309cc8c787ac0a6c9b1756
Change-Id: I60c55abfc523973aa926d8a12ec77f198d885916
Closes-bug: #1670564
2017-06-12 15:05:40 +05:30
Alan Bishop
c4e3bbe039 Handle upgrading cinder-volume under pacemaker
Add upgrade tasks for cinder-volume when it's controlled by pacemaker:

o Stop the service before the entire pacemaker cluster is stopped.
  This ensures the service is stopped before infrastructure services
  (e.g. rabbitmq) go away.
o Migrate the cinder DB prior to restarting the service. This covers
  the situation when puppet-cinder (who otherwise would handle the db
  sync) isn't managing the service.
o Start the service after the rest of the pacemaker cluster has been
  started.

Closes-Bug: #1691851
Change-Id: I5874ab862964fadb68320d5c4de39b20f53dc25c
2017-05-26 08:26:49 -04:00
Carlos Camacho
0a0e2ee629 Update the template_version alias for all the templates to pike.
Master is now the development branch for pike
changing the release alias name.

Change-Id: I938e4a983e361aefcaa0bd9a4226c296c5823127
2017-05-19 09:58:07 +02:00
Saravanan KR
a096ddab34 Add role specific information to the service template
When a service is enabled on multiple roles, the parameters for the
service will be global. This change enables an option to provide
role specific parameter to services and other templates.

Two new parameters - RoleName and RoleParameters, are added to the
service template. RoleName provides the role name of on which the
current instance of the service is being applied on. RoleParameters
provides the list of parameters which are configured specific to the
role in the environment file, like below:

  parameters_default:
      # Default value for applied to all roles
      NovaReservedHostMemory: 2048
      ComputeDpdkParameters:
          # Applied only to ComputeDpdk role
          NovaReservedHostMemory: 4096

In above sample, the cluster contains 2 roles - Compute, ComputeDpdk.
The values of ComputeDpdkParameters will be passed on to the templates
as RoleParameters while creating the stack for ComputeDpdk role. The
parameter which supports role specific configuration, should find the
parameter first in in the RoleParameters list, if not found, then the
default (for all roles) should be used.
Implements: blueprint tripleo-derive-parameters

Change-Id: I72376a803ec6b2ed93903cc0c95a6ffce718b6dc
2017-05-15 10:06:46 +05:30
Michele Baldessari
dde4f6d1cf Set puppet-redis managed_by_cluster_manager to true
Via https://github.com/arioch/puppet-redis/pull/192 puppet-redis grew
ulimit support also for pacemaker managed redis instances. To be able to
use that we need to set redis::managed_by_cluster_manager to true.

We also allow redis::ulimit to be configurable and we set a default of
10420 which was the default value before the above change.

Change-Id: I06129870665d7d3bfa09057fd9f0a33a99f98397
Depends-On: I4ffccfe3e3ba862d445476c14c8f2cb267fa108d
Closes-Bug: #1688464
2017-05-06 19:09:08 +02:00
Michele Baldessari
90fc4b2e27 Change the default for rabbitmq back to ha-mode: all
In change Ib62001c03e1e08f58cf0c6e0ba07a8879a584084 we switched the
rabbitmq queues HA mode from ha-all to ha-exactly. While this gives us a
nice performance boost with rabbitmq, it makes rabbit less resilient to
network glitches as we painfully found out via
https://bugzilla.redhat.com/show_bug.cgi?id=1441635.

This is the THT part of the change that changes the default to
ha-mode: all.

Closes-Bug: #1686337
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
Co-Authored-By: John Eckersberg <jeckersb@redhat.com>

Change-Id: I7afcf2b3c8deb13fc2134e4cae9c06a44e775384
Depends-On: I9a90e71094b8d8d58b5be0a45a2979701b0ac21c
2017-04-26 15:16:36 +02:00
Juan Antonio Osorio Robles
1992282b88 Pass hieradata for internal TLS for RabbitMQ
As with other services, this passes the necessary hieradata to enable
TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo)
that there will only be TLS connections, as the ssl_only option is being
used.

bp tls-via-certmonger

Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5
Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
2017-03-09 11:08:41 +00:00
Michele Baldessari
41514d0cd6 Upgrades: fix up the rabbitmq HA mode like in new ocata deployments
In ocata we changed the rabbitmq ha policy to "ha-exactly" via the
following changes:
- tht: Iace6daf27a76cb8ef1050ada0de7ff1f530916c6
- puppet-tripleo: Ib62001c03e1e08f58cf0c6e0ba07a8879a584084

We took care of the upgrade path via I3a97505d2ae1ae27f3080ffe74c33fdabffd2420

With the move to the ansible-based composable upgrades we left this change out.
And now an upgraded environment has the following policy:
- Upgraded environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}"

- New environment
Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}"

We need to add this pcs resource change to the our upgrade scripts.

Change-Id: I3c4113c207e9d0c45be43df7c2379ac26cb60692
Closes-Bug: #1668600
2017-03-02 08:46:54 +01:00
Giulio Fidente
bdfc7c6f01 Add Ceph RBD mirror Pacemaker profile
This change adds a profile to deploy the Ceph RBD mirroring daemon
as a Pacemaker resource.

Change-Id: Ib07e5bca6a45f0c6c59a3acf07f4e3ae9d2f8948
Depends-On: Ic63dc5cffece38942d305f538f71dd58a5d50789
Closes-Bug: #1652177
2017-01-26 12:24:56 +00:00
Juan Antonio Osorio Robles
80086fd342 Add metadata settings for needed kerberos principals
These are only used for TLS-everywhere, and fills up the kerberos
principals that will need to be created for the certs used by the
overcloud. With this, the metadata hook will format these principals
correctly and will further pass them on to the nova metadata service.
Where they can be used if there's a plugin enabled.

bp tls-via-certmonger
bp novajoin

Change-Id: I873094bb69200052febda629fda698a7a782c031
2017-01-25 00:33:11 +02:00
marios
7ac5ef5f85 Adds a step0 for pre upgrade-init checks
Adds a step0 for any pre-upgrade checks. This migrates
some of the checks we have at the top of
extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh

Checks for other services (and for the cluster) will follow
in separate commits.

Partially-Implements: blueprint overcloud-upgrades-per-service
Change-Id: I607f1fed68d7f11773484c3d7cb3e5af67465d57
2017-01-13 12:34:57 +00:00
Michele Baldessari
d9986387f5 Remove unused pacemaker profiles
With change I80c8559bb2d915385bcc20ae71fe144ddd6591c1 we removed
all the unused puppet-tripleo pacemaker profiles. With this change
we remove the corresponding puppet profiles from tripleo-heat-templates.

We can also remove any trace of the fake ::Core service as it was
introduced via Iacd94294b8a66bc082bb2b3e8d3364ec1bf053b8
for the fake openstack-core pacemaker resource during the Mitaka cycle
and became unused in Newton.

Change-Id: I48cd2b6a4593d673d5883b45feae088392e7e713
2017-01-06 09:41:18 +01:00
Steven Hardy
3c6ec654b4 Bump template version for all templates to "ocata"
Heat now supports release name aliases, so we can replace
the inconsistent mix of date related versions with one consistent
version that aligns with the supported version of heat for this
t-h-t branch.

This should also help new users who sometimes copy/paste old templates
and discover intrinsic functions in the t-h-t docs don't work because
their template version is too old.

Change-Id: Ib415e7290fea27447460baa280291492df197e54
2016-12-23 11:43:39 +00:00
Juan Antonio Osorio Robles
b4cd2ed1ee Use network-based fqdn entry from hiera instead of the custom fact
This changes how we get the network-based FQDNs for the specific
services, from using the custom fact, to the new hiera entries.

Change-Id: Iae668a5d89fb7bee091db4a761aa6c91d369b276
2016-12-01 11:18:23 +02:00
Dan Prince
7876851011 Hiera optimization: use a new hiera hook
This patch optimizes how we deploy hiera by using a new
heat hook specifically designed to help compose hiera
within heat templates. As part of this change:

 - we update all the 'hiera' software configurations to set the group to hiera
   instead of os-apply-config.

 - The new format uses JSON instead of YAML. The hook actually writes
   out the hiera JSON directly so no conversion takes place. Arrays,
   Strings, Booleans all stay in their native formats. As such we can avoid
   having to do many of the awkward string and list conversions in t-h-t to
   support the previous YAML formatting.

 - The new hook prefers JSON over YAML so upgrading users will have the
   new files prefered. (we will post a cleanup routine for the old files
   soon but this isn't a new behavior, JSON is now simply prefered.)

 - A lot of services required edits to account for default settings that
   worked in YAML that no longer work correctly in the native JSON
   format. In almost all these cases I think the resulting codes looks
   cleaner and is more explicit with regards to what is getting
   configured in hiera on the actual nodes.

Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b
Closes-bug: #1596373

Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
2016-11-30 22:16:13 -05:00
Steven Hardy
0f742c7ec9 Disable keepalived for HA deployments via t-h-t
Currently this is disabled via a conditional in the keepalived
profile in puppet-tripleo, but this will be incompatible with
the planned composable upgrades implementation.  Instead we should
disable the service template by mapping to OS::Heat::None, and
ensure the haproxy manifest uses the t-h-t generated hiera value
keepalived_enabled instead of hard-coding a hiera override in the
haproxy template.

Change-Id: I85a8b1cca7268506de22adfb3a8ce7faa4f157ef
Partial-Bug: #1642936
Depends-On: I90faf51881bd05920067c1e1d82baf5d7586af23
2016-11-18 11:45:57 +00:00
Dan Prince
3fa2ab420c Include redis/mongo hiera when using pacemaker
This patch updates the pacemaker composable service templates for
mongo and redis to extend the proper base (redis.yaml and mongo.yaml)
templates instead of the -base.yaml versions. This was causing
some missing hiera settings for these services which caused symptoms
like missing firewall rules for these services.

Change-Id: I3f94acbf4d1baadbb151b1c4d34b4a0ab28ad5e5
Partial-bug: #1629934
2016-10-04 10:04:44 -04:00
Giulio Fidente
7822c9756a Cinder volume service is not managed by Pacemaker on BlockStorage
We do not want cinder-volume to be managed by Pacemaker on
BlockStorage nodes, where Pacemaker is not running at all.

This change adds a new BlockStorageCinderVolume service name
which can (and is, by default) mapped to the non Pacemaker
implementation of the service.

The error was:
Could not find dependency Exec[wait-for-settle] for
Pacemaker::Resource::Systemd[openstack-cinder-volume]

Also moves cinder::host setting into the Pacemaker specific service
definition because we only want to set a shared host= string when
the service is managed by Pacemaker.

Closes-Bug: #1628912
Change-Id: I2f7e82db4fdfd5f161e44d65d17893c3e19a89c9
2016-09-29 17:57:40 +02:00
Juan Antonio Osorio Robles
99449a38fb Use parameter name to configure gmcast_listen_addr
This used to used mysql_bind_ip, but this parameter is quite misleading
since what it actually configures is not the bind-ip itself, but the
gmcast.listen_addr parameter. This fixes that confusion.

Depends-On: Iea4bd67074824e5dc6732fd7e408743e693d80b3
Change-Id: I2b114600e622491ccff08a07946926734b50ac70
2016-09-26 16:53:22 +03:00