Commit Graph

192 Commits

Author SHA1 Message Date
Ghanshyam Mann a048e1094b Retire openstack-chef: remove repo content
OpenStack-chef project is retiring
- https://review.opendev.org/c/openstack/governance/+/905279

this commit remove the content of this project repo

Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134
Change-Id: Id5659595c1a67540fff5434197a06d33cdb9d85e
2024-02-17 20:53:54 -08:00
Lance Albertson 08f84ac085 CentOS 8 support
- Update package names
- Migrate to using apache2_mod_wsgi resource and require apache2 ~> 8.6
- Update ChefSpec

Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-image/+/815148
Change-Id: I7223112092393e3c2ef8a871bb2b2e20326dafdd
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-10-22 12:28:55 -07:00
Lance Albertson 427adf523c Chef 17 support
- Remove bind from Berksfile
- Update copyright years
- Require Chef >= 16.0

Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-image/+/814052
Change-Id: I3712128980179e316a88a50d1c103dd8a92bd837
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-10-14 12:31:32 -07:00
Jens Harbott f6c6e8b180 Add a nova section to cinder configuration
Cinder needs to send notifications to nova when attached volumes
are being extended. By default, cinder uses the client context
for this, but nova requires admin privileges for this. So we
configure cinder to use the nova service user instead. See
also [0].

[0] https://bugs.launchpad.net/openstack-ansible/+bug/1902914

Change-Id: Ib4c6820dd15ecfa3e3763c188e0a2cc322ecea55
2021-03-04 16:06:01 +01:00
Lance Albertson 2e5dd8c317 Cookstyle 6.19.5 fixes
Update ChefSpec due to changes made in apache2 cookbook.

Depends-On: https://review.opendev.org/756168
Change-Id: Ie849f5bae082e94581146793f964d0e001a7c8c8
Signed-off-by: Lance Albertson <lance@osuosl.org>
2020-10-05 20:26:07 -07:00
Lance Albertson ad8219b6d1 Chef 16 updates
Depends-On: https://review.opendev.org/747557
Change-Id: I0421c776e8de8ebb1ce13fbace97856436ee2489
Signed-off-by: Lance Albertson <lance@osuosl.org>
2020-08-27 17:39:23 -07:00
Lance Albertson 1b39032b8d Stein fixes
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
  cookbooks
- Update documentation
- Enable sensitive resources for the template[/etc/cinder/cinder.conf]
  and to resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Switch package installations to send packages as arrays instead of individual
  package resources. This generally speeds up chef runs.

Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/706157
Change-Id: I73948a67e798477cfe7d3cf62474d0ea96f90db2
2020-03-19 11:26:06 -07:00
Lance Albertson 873b58d13b Update to apache2 ~> 8.0 cookbook
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.

Other changes:
- Remove selinux for depends as it's not being referenced anywhere in
  the cookbook
- Included more ChefSpec tests for api recipe
- Update WSGI template
- Include additional cookbooks in Berksfile required for CI

Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: I289091f54750dd5068e98fd4f4853880f4b72c6c
2020-01-30 09:29:10 -08:00
Zuul 11ee82bb4d Merge "Properly notify apache restarts on cinder configuration updates" 2019-08-20 13:27:30 +00:00
Roger Luethi 8c0d728d13 api: prevent installation of invalid apache2 conf file
If apache is (re)starting while the chef-client installs the cinder-api
package, it may pick up the package-supplied cinder-wsgi apache2 conf
file before chef-client gets around to disabling it which may result in
apache2 failing due to a non-working configuration.

This changeset eliminates the race by creating an empty configuration
file before installing the software. The solution is based on the
assumption that no reasonably configured package manager will overwrite
an existing, user-created configuration file. The empty configuration
file is left in place to avoid its creation and removal during every
recipe run.

backport: queens

Change-Id: I225a30379820e6e033bcea987fbf1a4db33dbd3a
2019-08-06 13:14:21 +02:00
Lance Albertson 0566bf9578 Properly notify apache restarts on cinder configuration updates
This uses edit_resource to add a notification in the block storage
apache configuration when it gets updated. This is a workaround due to
the fact we are using a version of the apache2 cookbook that is still
using definitions and cannot add notifications with definitions.

This will be removed in the Stein release when we migrate to the newer
apache2 cookbook which uses proper resources.

Change-Id: I7efddef83333ca0794ee3c298ca1a2488defe941
Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-07-09 12:56:37 -07:00
Lance Albertson f2a4e0c7ee Fixes to support fog-openstack-1.x
fog-openstack-1.x already appends "auth/tokens" so we no longer need to
do that.

Depends-On: https://review.opendev.org/666176
Change-Id: Id090b2f70bf2844ce73fc75a1fe4871d3465485d
Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-06-19 11:00:35 -07:00
Manuel Torrinha 9c2757e528 Removes admin endpoint references
Also fixes wrong service type reference in for wsgi banner

Change-Id: I82c60b7c4efaa19459a3a0ab835eb4e48f8ee991
Signed-off-by: Manuel Torrinha <manuel.torrinha@tecnico.ulisboa.pt>
2019-06-05 08:12:06 +00:00
Christoph Albers 8efd295421 remove targets.conf
- since the target package ships the default conf we won't need this
  anymore
- the cinder target.conf is shipped by the cinder package to the right
  directory
- removed targets.conf.erb since this isn't used anymore
- removed obsolete specs

Change-Id: I9485cc65231b1da8b24efdb7e25551e4d4688d6a
2019-03-27 14:31:58 +00:00
Samuel Cassiba fd7ca4eddf Convert hyphens to underscores for service names
The Chef Style Guide[1] does not recommend using hyphens for
cookbook or resource names. To maintain consistency, we should follow
best practices.

[1]: https://docs.chef.io/ruby.html#use-of-hyphens

Depends-On: Ic2b6d8f1cdf719791faaebdbd7e29e789eb3f31c
Change-Id: Ib8c788f69e9545b2d7121199590e3795f2212c7f
2018-12-14 23:55:16 -08:00
Samuel Cassiba b27c620954 Use internal identity endpoint for services
Depends-On: Id74966d9f1279f725bc41c08e434230a7845bbc1
Change-Id: I4d2cbcc860060ed6dfdc9f134c43c6c77bf9e9f7
2018-07-16 12:35:38 -07:00
Samuel Cassiba 93882de603 Simplify identity endpoint
Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. As a result, the admin endpoint is no
longer deployed by default.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Change-Id: I188edfcfbd6f8261a648c03b6e46532b960d3ac6
Implements: blueprint simplify-identity-endpoint
2018-06-14 21:28:42 -07:00
Samuel Cassiba 2e17c9a922 Use updated volume packages for Cinder
- scsi-target-utils comes from EPEL. Now that EPEL is disabled, this is removed
  in favor of targetcli from the base repo. This is also available for Ubuntu to
  provide a consistent outcome.

Change-Id: Ibc146350ef2ddd1d19e35402cbf69e036a759f1d
Implements: blueprint modern-chef
2018-02-08 22:14:55 -08:00
Samuel Cassiba c18919e533 block-storage refactor for Pike and Chef 13
- deprecated postgresql support
- dropped apt cookbook dependency
- deprecated node.foo.bar method access for node['foo']['bar'] bracket syntax
- implemented foodcritic and cookstyle corrections
- migrated cinder api to a Chef-managed config
- deprecated cinder-group-active service, as it is no longer needed and gets in
  the way of functionality
- added lvm cookbook dependency for better pv/vg handling

Implements blueprint modern-chef

Change-Id: Id248c9267af6750c871487bc8b577aa2011a782a
2017-12-12 17:34:08 -08:00
Roger Luethi 54f8d6d917 Remove domain role from cinder service user
This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the user the
role intended for their project for the domain (i.e., for the Default
domain instead of for the service project).

We add the domain_name attribute that creates the cinder user in the
desired domain. Note that this change needs a sufficiently recent
openstackclient cookbook -- otherwise the domain_name attribute is
ignored (which does not matter as long as the cinder user is to be
created in the Default domain).

Change-Id: I3d3cad8f870f80b577ded04588c401c27c62fbc8
2017-11-13 15:09:07 +00:00
Roger Luethi e5e8bb9326 Remove superfluous role_name arguments
This patch removes the role_name when using openstack_user's :create
action (it gets ignored by the target method).

Note that the spec test would still pass if only the line in
identity_registration.rb (but not the test) were changed, because the
code that actually does grant the role to the resource is executed right
after user creation and before any tests check the resource for the
existence of the role_name attribute. In other words: if the argument
were required in a call but only supplied in another call, the spec
tests would not catch it. Something to watch out for.

Change-Id: I320d0e85287aa5d6368d5be323999f8d9e1c462f
2017-11-10 10:31:06 +01:00
Samuel Cassiba 60a38b538d Initial block-storage Pike updates
- Changed the default linter to cookstyle
- cinder-group-active was missing a Provides header for the SysV init script
- Switched the qemu package to SCL for CentOS to get a newer release
- Normalized template banner comment

Change-Id: Iec59e0c8e3cb0b83db92a0a9f8db34a40953351f
2017-08-25 09:15:49 -04:00
Samuel Cassiba d2ff4496bb Added systemd unit, style and lint fixes for chefdk
- cinder-group-active is still SysV, but can and will start via systemd if
  coaxed to do so.
- Style and lint fixes for newer chefdk
- Removed ancient Gemfile
- Rewrote metadata.rb for readability

Change-Id: I4c26aea78220eb20fc4e5e964af93414855df5f6
2017-08-02 02:15:54 -04:00
Samuel Cassiba e5c43eb60b Differentiate between Debian and RHEL for Apache
- Apache HTTPD Server is called httpd on RHEL, and apache2 on Debian.
  This adds that distinction for the cinder-api web service.

Change-Id: I457c239f0ff80eb78c49f7a1aae989a8368df80f
2017-04-07 15:10:50 -07:00
Jens Rosenboom a3ba8685a7 Make cinder work for Ocata
- cinder-api now runs under apache2 and no longer as systemd service
- cinder-volume needs explicit backend configuration
- don't install deprecated cinder v1 API endpoints
- clean up some config options

To be added in a follow-up:
- Make backend configuration more flexible
- Replace distro provided wsgi setup with our custom one

Change-Id: I77ac294fd8e1cd4e6bc39667ddfdea21c4daed8a
2017-03-30 14:34:15 +00:00
Christoph Albers 68da464eae RPC_backend / transport_url workover
- removed deprecated rabbitmq attributes
- added rabbit_transport_url

Change-Id: I19ff8e4df8f559bf03ff746fcc49be9425edd84e
Depends-On: I0a6da37e3f2b839590b6349fd906d47c5206fbb3
2016-12-20 11:45:14 +00:00
Samuel Cassiba 13ae9c1784 Deprecated python-cinderclient
- deleted client.rb
- deprecated python-cinderclient references
- incremented apt to 5.0

Implements blueprint newton-xenial
Depends-On: I57c8729e8732161ac34caa85259de8264e99c56d

Change-Id: I1b8c34eea50ed10d6c040caa89802dd64124ec74
2016-12-14 19:15:39 -08:00
Christoph Albers 49d23da167 use_cookbook-openstackclient/identity_v3
- Now use cookbook-openstackclient to create endpoints role service and
  user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- added needed keystone_authtoken attributes
- updated README

Change-Id: I2f339055883354c6a8a77daa7967ff279c4d18d9
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
Depends-On: If7b4d6e563081a0be9957353d73ef61a9688df56
2016-09-30 10:58:23 +02:00
Samuel Cassiba 67149f00ff Style and lint fixes to support newer ChefDK
Change-Id: I39f35c718e706b8f29c2b4d6d6cbd270b510183e
Depends-On: I6ce4587caa3ae68ddbd3ef1a521aaf46f4840b2c
Depends-On: I0a3872cd3a21c31b5e3a7b6190f911280e9ed909
Depends-On: I34e4c7b29ff7c36c91245d90fb0b6897847cd22f
2016-07-06 09:20:23 -07:00
Christoph Albers 502d7a0824 Use new bind_address method from Common to get address
* fixed my_ip attribute. now using the cinder_api_bind_address

Change-Id: Id85a23ae284157b6277a43b3ee3b10bc0e43655c
2016-02-18 14:18:25 +01:00
Christoph Albers 0d6cffad4e invert the order of endpoint and bind_service attributes
* endpoint type (admin, internal, public) and service (identitiy, network etc.)
  was switched during refactoring, this patch reverts this unintended switching
* edited bind_service service type from public,internal,admin to 'all'
  for default binding to just one service

Change-Id: I4d28b1b2489419c1f033dfcda0effa5a53c537c3
Depends-On: Iec485deaf415e4187a323435cce2b6bbadfc5d42
Depends-On: Ia5bddfc5e2fd77cd6e9e855c680b079f78fc1c3f
Depends-On: I4f97b659361dabd7fac216305d2aad2f1bb98f51
2016-02-15 19:05:20 +01:00
Christoph Albers 4a7dc692b9 refactoring final step
* added endpoint attributes (moved from common)
* removed qpid as a messaging option (can be incuded in a wrapper)
* deleted default attributes from nova.conf.rb originated in
  openstack-common
* adapted optimized endpoint logic
* removed rubocop exceptions in recipes and regenerated the
  .rubocop_todo.yaml containing all remaining exceptions
* added versionbumb for refactored os-identity and common
* moved version up to 13.0.0 for mitaka release
* removed fedora, suse as supported platform
* adapted the specs (unit tests) to work again
* added new logic into templates/default/cinder.conf.erb
* refactored attributes throughout all recipes that were connected to
  the attributes used for the cinder.conf.erb template to adapt the new
  template attribute syntax
* moved all attributes from attributes/default.rb that were used in
  cinder_conf.erb to attributes/cinder_conf.rb
* refactored attributes to fit upcomming template logic
* refactored recipes to fit upcomming template logic
* removed all attributes from default.rb and cinder.conf.erb which are set
  as default in attributes, openstack doc and used to render the template

Depends-On: Ifa5a7f4e1df47a3961976e64f654224864c3dcb4
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Implements: blueprint cookbook-refactoring
Change-Id: Idadc97bd7380d6c4f9f6f33d9c6b1215a5f24772
2016-02-08 14:39:27 +01:00
Min Min Ren 528cb177f6 Add database slave connection configure
- According to the bool attribute
      node['openstack']['endpoints']['db']['enabled_slave'], enable/disable
      nova database slave_connection
    - Add the slave_connection generated from db_uri function

Implements: blueprint sql-slave-connection-support

Change-Id: I9520441952993e8c6b4205e6886778815b5a2e4b
2015-08-28 13:36:33 +08:00
Lan Qi song 7f980745eb Create mount point directory when use multi backend configuration
Currently, when we use GPFSDriver as multi backend volume driver,
cookbook won't create gpfs mount point base directory automatically.

This patch fix this problem.

Closes-Bug: #1476960

Change-Id: I1faf33470747fac6df66854470cf45d35a38f3c1
2015-07-25 09:19:44 +08:00
Mark Vanderwiel 7386afb7c0 Replace deprecated get_secret
Use get_password 'token' instead.

Change-Id: If7b01ecaed9b51798acc53c9ea4833cb74250f62
Partial-Bug: #1467662
2015-06-22 15:50:38 -05:00
Mark Vanderwiel 0b94103098 Cleanup minor rubocop offenses
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.

Change-Id: I5ac6d513c3b1397ba7205dc6f661134a93d17741
2015-05-28 14:43:16 -05:00
Masaki Matsushita 12d1c1ab83 Make service name and type configurable
Change-Id: I3176bd266a89506db52ed9469c3aa68ce6839da2
Closes-Bug: #1452555
2015-05-08 13:21:49 +09:00
Jenkins b4ae9f3dec Merge "use LVMVolumeDriver as default. LVMISCSIDriver is deprecated. See also: cinder/volume/drivers/lvm.py" 2015-05-06 15:26:08 +00:00
Masaki Matsushita 0fd962dae2 use LVMVolumeDriver as default.
LVMISCSIDriver is deprecated.
See also: cinder/volume/drivers/lvm.py

Change-Id: I08b157ee7fbb0d61c8c9ec406edf2240a9a40c1d
Closes-Bug: #1451363
2015-05-06 19:39:53 +09:00
Lan Qi song cba98483b2 Add support for cinder-backup service
Partially-implements: blueprint chef-cinder-backup
Change-Id: I961d8875e35c26efa2ff9e7be0bb576cb8e345fa
2015-05-06 13:55:56 +08:00
Mark Vanderwiel 6f44d71631 Fix lock_path to be based upon state path
On some recent platforms, systemd based, the /var/lock/ path gets
cleaned up at reboot and causes issues for projects like cinder.
Nova and neutron changed long ago to base the lock path off the
state path, this change does the same thing now for cinder.

Change-Id: Ibe693c21cfc63dd5b6e1753c85081a952005b293
Closes-Bug: #1449711
2015-04-28 14:18:52 -05:00
Jenkins 6b59429a66 Merge "Use identity_uri_transform" 2015-04-18 03:51:55 +00:00
Mark Vanderwiel 98688befe1 Make sure lvm2 package is installed
lvm volume recipe makes use of lvm commands like vgcreate. These
commands are part of the lvm2 package which may not be a
dependency for the base openstack cinder packages anymore. So,
make sure this get installed before using those commands.

Change-Id: I75f47260677b409ff32c4b2c6fc5598a31214ecf
Closes-Bug: #1435968
2015-04-09 15:00:27 +00:00
Mark Vanderwiel ab8aa01421 Use identity_uri_transform
Remove deprecated keys and use identity_uri via the new transform
helper method.

Also, cleanup specs for endpoint testing to make sure Common is
fully tested.

Change-Id: I5a26d8cb83193e4bf66bb952f7973838d6acba40
Implements: blueprint identity-uri
2015-04-07 06:14:57 +00:00
Jenkins da35cf1404 Merge "Remove api-paste.ini as it provided by package" 2015-04-02 21:13:03 +00:00
lqslan 1a7152c2d9 Raise an error when san private key is missing
Currently, if san private key is missing, cookbook will create an
empty one which cause cinder can't work properly.

This patch will check whether san private key is exist or not, if
not, raise an error to remind user to provide one.

Change-Id: Ia1e0a60dec9ef463a908756fffa5f5274ebc0fb7
2015-03-30 15:43:19 +08:00
Mark Vanderwiel 33fd5eee2c Remove api-paste.ini as it provided by package
Since we have no attribute overrides for api-paste.ini, no
need to have a template resource for it.  Until we need to
have some attribute, removing this will take away burden of
keeping in sync with base openstack code.

Change-Id: Ic72c638ba61929bc06061b04d13ce986514b0460
Related-Bug: #1433152
2015-03-17 11:13:10 -05:00
Edwin Wang ab7c43d8ef Add config for IBM FlashSystem
Modify config in attributes/default.rb, recipes/cinder-common.rb,
spec/volume_spec.rb, spec/cinder_common_spec.rb and
templates/default/cinder.conf.erb with SAN login and password.
It has been merged in Kilo. iSCSI code is on the way.

Change-Id: I784f69424a5f1b20f99ba5faccc85b3066e23de3
2014-12-31 13:47:13 +08:00
Jin Hui 996254f21c Configure iscsi target service for RHEL7
In RHEL7, tgtd is replaced by LIO, and target deamon service and
targetcli package is used to manage iscsi target.

This fix also set iscsi_helper to lioadm for RHEL7

Change-Id: I5a5b1faec6a6aed9b9f3d5632e704a59e2d5c7b7
closes-bug: #1409619
2015-02-11 10:32:33 +08:00
Ken Thomas b25e15d32d Use new common specific_endpoint routines
Now that admin_endpoint, public_endpoint, and internal_endpoint
in the common library are working, these are the changes to use
them in the openstack-block-storge recipes.

Change-Id: Ief4b9d011f55236270a4dc18f2b1f3f769d0a493
Partial-Bug: 1412919
2015-02-06 14:37:15 +00:00